From 59f1e3badf89f08e3a95cdf7a506c837ca6f5963 Mon Sep 17 00:00:00 2001 From: rckrdmrd Date: Sun, 4 Jan 2026 06:12:07 -0600 Subject: [PATCH] Initial commit - erp-core --- .env.example | 22 + .gitignore | 32 + INVENTARIO.yml | 31 + PROJECT-STATUS.md | 27 + README.md | 114 + backend/.env.example | 22 + backend/.gitignore | 32 + backend/Dockerfile | 52 + backend/TYPEORM_DEPENDENCIES.md | 78 + backend/TYPEORM_INTEGRATION_SUMMARY.md | 302 + backend/TYPEORM_USAGE_EXAMPLES.md | 536 + backend/package-lock.json | 8585 +++++++++++++++++ backend/package.json | 59 + backend/service.descriptor.yml | 134 + backend/src/app.ts | 112 + backend/src/config/database.ts | 69 + backend/src/config/index.ts | 35 + backend/src/config/redis.ts | 178 + backend/src/config/swagger.config.ts | 200 + backend/src/config/typeorm.ts | 215 + backend/src/docs/openapi.yaml | 138 + backend/src/index.ts | 71 + .../src/modules/auth/apiKeys.controller.ts | 331 + backend/src/modules/auth/apiKeys.routes.ts | 56 + backend/src/modules/auth/apiKeys.service.ts | 491 + backend/src/modules/auth/auth.controller.ts | 192 + backend/src/modules/auth/auth.routes.ts | 18 + backend/src/modules/auth/auth.service.ts | 234 + .../modules/auth/entities/api-key.entity.ts | 87 + .../modules/auth/entities/company.entity.ts | 93 + .../src/modules/auth/entities/group.entity.ts | 89 + backend/src/modules/auth/entities/index.ts | 15 + .../auth/entities/mfa-audit-log.entity.ts | 87 + .../auth/entities/oauth-provider.entity.ts | 191 + .../auth/entities/oauth-state.entity.ts | 66 + .../auth/entities/oauth-user-link.entity.ts | 73 + .../auth/entities/password-reset.entity.ts | 45 + .../auth/entities/permission.entity.ts | 52 + .../src/modules/auth/entities/role.entity.ts | 84 + .../modules/auth/entities/session.entity.ts | 90 + .../modules/auth/entities/tenant.entity.ts | 93 + .../auth/entities/trusted-device.entity.ts | 115 + .../src/modules/auth/entities/user.entity.ts | 141 + .../auth/entities/verification-code.entity.ts | 90 + backend/src/modules/auth/index.ts | 8 + .../modules/auth/services/token.service.ts | 456 + .../modules/companies/companies.controller.ts | 241 + .../src/modules/companies/companies.routes.ts | 50 + .../modules/companies/companies.service.ts | 472 + backend/src/modules/companies/index.ts | 3 + backend/src/modules/core/core.controller.ts | 257 + backend/src/modules/core/core.routes.ts | 51 + backend/src/modules/core/countries.service.ts | 45 + .../src/modules/core/currencies.service.ts | 118 + .../modules/core/entities/country.entity.ts | 35 + .../modules/core/entities/currency.entity.ts | 43 + backend/src/modules/core/entities/index.ts | 6 + .../core/entities/product-category.entity.ts | 79 + .../modules/core/entities/sequence.entity.ts | 83 + .../core/entities/uom-category.entity.ts | 30 + .../src/modules/core/entities/uom.entity.ts | 76 + backend/src/modules/core/index.ts | 8 + .../core/product-categories.service.ts | 223 + backend/src/modules/core/sequences.service.ts | 466 + backend/src/modules/core/uom.service.ts | 162 + backend/src/modules/crm/crm.controller.ts | 682 ++ backend/src/modules/crm/crm.routes.ts | 126 + backend/src/modules/crm/index.ts | 5 + backend/src/modules/crm/leads.service.ts | 449 + .../src/modules/crm/opportunities.service.ts | 503 + backend/src/modules/crm/stages.service.ts | 435 + .../src/modules/financial/MIGRATION_GUIDE.md | 612 ++ .../modules/financial/accounts.service.old.ts | 330 + .../src/modules/financial/accounts.service.ts | 468 + .../financial/entities/account-type.entity.ts | 38 + .../financial/entities/account.entity.ts | 93 + .../entities/fiscal-period.entity.ts | 64 + .../financial/entities/fiscal-year.entity.ts | 67 + .../src/modules/financial/entities/index.ts | 22 + .../financial/entities/invoice-line.entity.ts | 79 + .../financial/entities/invoice.entity.ts | 152 + .../entities/journal-entry-line.entity.ts | 59 + .../entities/journal-entry.entity.ts | 104 + .../financial/entities/journal.entity.ts | 94 + .../financial/entities/payment.entity.ts | 135 + .../modules/financial/entities/tax.entity.ts | 78 + .../modules/financial/financial.controller.ts | 753 ++ .../src/modules/financial/financial.routes.ts | 150 + .../financial/fiscalPeriods.service.ts | 369 + backend/src/modules/financial/index.ts | 8 + .../src/modules/financial/invoices.service.ts | 547 ++ .../financial/journal-entries.service.ts | 343 + .../modules/financial/journals.service.old.ts | 216 + .../src/modules/financial/journals.service.ts | 216 + .../src/modules/financial/payments.service.ts | 456 + .../modules/financial/taxes.service.old.ts | 382 + .../src/modules/financial/taxes.service.ts | 382 + backend/src/modules/hr/contracts.service.ts | 346 + backend/src/modules/hr/departments.service.ts | 393 + backend/src/modules/hr/employees.service.ts | 402 + backend/src/modules/hr/hr.controller.ts | 721 ++ backend/src/modules/hr/hr.routes.ts | 152 + backend/src/modules/hr/index.ts | 6 + backend/src/modules/hr/leaves.service.ts | 517 + .../src/modules/inventory/MIGRATION_STATUS.md | 177 + .../modules/inventory/adjustments.service.ts | 512 + .../src/modules/inventory/entities/index.ts | 11 + .../inventory-adjustment-line.entity.ts | 80 + .../entities/inventory-adjustment.entity.ts | 86 + .../inventory/entities/location.entity.ts | 96 + .../modules/inventory/entities/lot.entity.ts | 64 + .../inventory/entities/picking.entity.ts | 125 + .../inventory/entities/product.entity.ts | 154 + .../inventory/entities/stock-move.entity.ts | 104 + .../inventory/entities/stock-quant.entity.ts | 66 + .../entities/stock-valuation-layer.entity.ts | 85 + .../inventory/entities/warehouse.entity.ts | 68 + backend/src/modules/inventory/index.ts | 16 + .../modules/inventory/inventory.controller.ts | 875 ++ .../src/modules/inventory/inventory.routes.ts | 174 + .../modules/inventory/locations.service.ts | 212 + backend/src/modules/inventory/lots.service.ts | 263 + .../src/modules/inventory/pickings.service.ts | 357 + .../src/modules/inventory/products.service.ts | 410 + .../modules/inventory/valuation.controller.ts | 230 + .../modules/inventory/valuation.service.ts | 522 + .../modules/inventory/warehouses.service.ts | 283 + .../src/modules/partners/entities/index.ts | 1 + .../partners/entities/partner.entity.ts | 132 + backend/src/modules/partners/index.ts | 6 + .../modules/partners/partners.controller.ts | 333 + .../src/modules/partners/partners.routes.ts | 90 + .../src/modules/partners/partners.service.ts | 395 + .../modules/partners/ranking.controller.ts | 368 + .../src/modules/partners/ranking.service.ts | 431 + backend/src/modules/projects/index.ts | 5 + .../modules/projects/projects.controller.ts | 569 ++ .../src/modules/projects/projects.routes.ts | 75 + .../src/modules/projects/projects.service.ts | 309 + backend/src/modules/projects/tasks.service.ts | 293 + .../modules/projects/timesheets.service.ts | 302 + backend/src/modules/purchases/index.ts | 4 + .../modules/purchases/purchases.controller.ts | 352 + .../src/modules/purchases/purchases.routes.ts | 90 + .../modules/purchases/purchases.service.ts | 386 + backend/src/modules/purchases/rfqs.service.ts | 485 + backend/src/modules/reports/index.ts | 3 + .../src/modules/reports/reports.controller.ts | 434 + backend/src/modules/reports/reports.routes.ts | 96 + .../src/modules/reports/reports.service.ts | 580 ++ backend/src/modules/roles/index.ts | 13 + .../modules/roles/permissions.controller.ts | 218 + .../src/modules/roles/permissions.routes.ts | 55 + .../src/modules/roles/permissions.service.ts | 342 + backend/src/modules/roles/roles.controller.ts | 292 + backend/src/modules/roles/roles.routes.ts | 57 + backend/src/modules/roles/roles.service.ts | 454 + .../modules/sales/customer-groups.service.ts | 209 + backend/src/modules/sales/index.ts | 7 + backend/src/modules/sales/orders.service.ts | 707 ++ .../src/modules/sales/pricelists.service.ts | 249 + .../src/modules/sales/quotations.service.ts | 588 ++ .../src/modules/sales/sales-teams.service.ts | 241 + backend/src/modules/sales/sales.controller.ts | 889 ++ backend/src/modules/sales/sales.routes.ts | 159 + .../src/modules/system/activities.service.ts | 350 + backend/src/modules/system/index.ts | 5 + .../src/modules/system/messages.service.ts | 234 + .../modules/system/notifications.service.ts | 227 + .../src/modules/system/system.controller.ts | 404 + backend/src/modules/system/system.routes.ts | 48 + backend/src/modules/tenants/index.ts | 7 + .../src/modules/tenants/tenants.controller.ts | 315 + backend/src/modules/tenants/tenants.routes.ts | 69 + .../src/modules/tenants/tenants.service.ts | 449 + backend/src/modules/users/index.ts | 3 + backend/src/modules/users/users.controller.ts | 260 + backend/src/modules/users/users.routes.ts | 60 + backend/src/modules/users/users.service.ts | 372 + backend/src/shared/errors/index.ts | 18 + .../middleware/apiKeyAuth.middleware.ts | 217 + .../src/shared/middleware/auth.middleware.ts | 119 + .../middleware/fieldPermissions.middleware.ts | 343 + backend/src/shared/services/base.service.ts | 429 + backend/src/shared/services/index.ts | 7 + backend/src/shared/types/index.ts | 144 + backend/src/shared/utils/logger.ts | 40 + backend/tsconfig.json | 30 + database/README.md | 171 + database/ddl/00-prerequisites.sql | 207 + database/ddl/01-auth-extensions.sql | 891 ++ database/ddl/01-auth.sql | 620 ++ database/ddl/02-core.sql | 755 ++ database/ddl/03-analytics.sql | 510 + database/ddl/04-financial.sql | 970 ++ database/ddl/05-inventory-extensions.sql | 966 ++ database/ddl/05-inventory.sql | 772 ++ database/ddl/06-purchase.sql | 583 ++ database/ddl/07-sales.sql | 705 ++ database/ddl/08-projects.sql | 537 ++ database/ddl/09-system.sql | 853 ++ database/ddl/10-billing.sql | 638 ++ database/ddl/11-crm.sql | 366 + database/ddl/12-hr.sql | 379 + .../ddl/schemas/core_shared/00-schema.sql | 159 + database/docker-compose.yml | 51 + .../20251212_001_fiscal_period_validation.sql | 207 + .../20251212_002_partner_rankings.sql | 391 + .../20251212_003_financial_reports.sql | 464 + database/scripts/create-database.sh | 142 + database/scripts/drop-database.sh | 75 + database/scripts/load-seeds.sh | 101 + database/scripts/reset-database.sh | 102 + database/seeds/dev/00-catalogs.sql | 81 + database/seeds/dev/01-tenants.sql | 49 + database/seeds/dev/02-companies.sql | 64 + database/seeds/dev/03-roles.sql | 246 + database/seeds/dev/04-users.sql | 148 + database/seeds/dev/05-sample-data.sql | 228 + docs/00-vision-general/VISION-ERP-CORE.md | 217 + .../MAPA-COMPONENTES-GENERICOS.md | 351 + .../01-analisis-referencias/RESUMEN-FASE-0.md | 817 ++ .../construccion/COMPONENTES-ESPECIFICOS.md | 375 + .../construccion/COMPONENTES-GENERICOS.md | 489 + .../construccion/GAP-ANALYSIS.md | 308 + .../construccion/MEJORAS-ARQUITECTONICAS.md | 684 ++ .../construccion/RETROALIMENTACION.md | 541 ++ .../gamilit/ADOPTAR-ADAPTAR-EVITAR.md | 613 ++ .../01-analisis-referencias/gamilit/README.md | 651 ++ .../gamilit/backend-patterns.md | 869 ++ .../gamilit/database-architecture.md | 1119 +++ .../gamilit/devops-automation.md | 669 ++ .../gamilit/frontend-patterns.md | 759 ++ .../gamilit/ssot-system.md | 868 ++ .../odoo/MAPEO-ODOO-TO-MGN.md | 478 + docs/01-analisis-referencias/odoo/README.md | 254 + .../odoo/VALIDACION-MGN-VS-ODOO.md | 391 + .../odoo/odoo-account-analysis.md | 64 + .../odoo/odoo-analytic-analysis.md | 104 + .../odoo/odoo-auth-analysis.md | 534 + .../odoo/odoo-base-analysis.md | 751 ++ .../odoo/odoo-crm-analysis.md | 67 + .../odoo/odoo-hr-analysis.md | 55 + .../odoo/odoo-mail-analysis.md | 273 + .../odoo/odoo-portal-analysis.md | 175 + .../odoo/odoo-project-analysis.md | 71 + .../odoo/odoo-purchase-analysis.md | 53 + .../odoo/odoo-sale-analysis.md | 56 + .../odoo/odoo-stock-analysis.md | 62 + .../01-fase-foundation/MGN-001-auth/README.md | 177 + docs/01-fase-foundation/MGN-001-auth/_MAP.md | 183 + .../especificaciones/ET-AUTH-database.md | 744 ++ .../especificaciones/ET-auth-backend.md | 1749 ++++ .../especificaciones/auth-domain.md | 267 + .../historias-usuario/BACKLOG-MGN001.md | 162 + .../historias-usuario/US-MGN001-001.md | 296 + .../historias-usuario/US-MGN001-002.md | 261 + .../historias-usuario/US-MGN001-003.md | 300 + .../historias-usuario/US-MGN001-004.md | 391 + .../implementacion/TRACEABILITY.yml | 695 ++ .../requerimientos/INDICE-RF-AUTH.md | 188 + .../requerimientos/RF-AUTH-001.md | 234 + .../requerimientos/RF-AUTH-002.md | 264 + .../requerimientos/RF-AUTH-003.md | 261 + .../requerimientos/RF-AUTH-004.md | 288 + .../requerimientos/RF-AUTH-005.md | 345 + .../MGN-002-users/README.md | 88 + docs/01-fase-foundation/MGN-002-users/_MAP.md | 110 + .../especificaciones/ET-USER-database.md | 847 ++ .../especificaciones/ET-users-backend.md | 1247 +++ .../historias-usuario/BACKLOG-MGN002.md | 138 + .../historias-usuario/US-MGN002-001.md | 219 + .../historias-usuario/US-MGN002-002.md | 225 + .../historias-usuario/US-MGN002-003.md | 203 + .../historias-usuario/US-MGN002-004.md | 222 + .../historias-usuario/US-MGN002-005.md | 286 + .../implementacion/TRACEABILITY.yml | 513 + .../requerimientos/INDICE-RF-USER.md | 260 + .../requerimientos/RF-USER-001.md | 333 + .../requerimientos/RF-USER-002.md | 314 + .../requerimientos/RF-USER-003.md | 332 + .../requerimientos/RF-USER-004.md | 362 + .../requerimientos/RF-USER-005.md | 370 + .../MGN-003-roles/README.md | 97 + docs/01-fase-foundation/MGN-003-roles/_MAP.md | 114 + .../especificaciones/ET-RBAC-database.md | 694 ++ .../especificaciones/ET-rbac-backend.md | 1274 +++ .../historias-usuario/BACKLOG-MGN003.md | 177 + .../historias-usuario/US-MGN003-001.md | 162 + .../historias-usuario/US-MGN003-002.md | 177 + .../historias-usuario/US-MGN003-003.md | 211 + .../historias-usuario/US-MGN003-004.md | 230 + .../implementacion/TRACEABILITY.yml | 488 + .../requerimientos/INDICE-RF-ROLE.md | 221 + .../requerimientos/RF-ROLE-001.md | 364 + .../requerimientos/RF-ROLE-002.md | 338 + .../requerimientos/RF-ROLE-003.md | 350 + .../requerimientos/RF-ROLE-004.md | 530 + .../MGN-004-tenants/README.md | 102 + .../MGN-004-tenants/_MAP.md | 126 + .../especificaciones/ET-TENANT-database.md | 1117 +++ .../especificaciones/ET-tenants-backend.md | 2365 +++++ .../historias-usuario/BACKLOG-MGN004.md | 210 + .../historias-usuario/US-MGN004-001.md | 184 + .../historias-usuario/US-MGN004-002.md | 178 + .../historias-usuario/US-MGN004-003.md | 205 + .../historias-usuario/US-MGN004-004.md | 211 + .../implementacion/TRACEABILITY.yml | 553 ++ .../requerimientos/INDICE-RF-TENANT.md | 271 + .../requerimientos/RF-TENANT-001.md | 396 + .../requerimientos/RF-TENANT-002.md | 370 + .../requerimientos/RF-TENANT-003.md | 424 + .../requerimientos/RF-TENANT-004.md | 460 + docs/01-fase-foundation/README.md | 119 + .../ALCANCE-POR-MODULO.md | 1547 +++ .../DEPENDENCIAS-MODULOS.md | 939 ++ docs/02-definicion-modulos/INDICE-MODULOS.md | 559 ++ .../LISTA-MODULOS-ERP-GENERICO.md | 900 ++ .../RETROALIMENTACION-ERP-CONSTRUCCION.md | 795 ++ .../gaps/GAP-ANALYSIS-MGN-001.md | 262 + .../gaps/GAP-ANALYSIS-MGN-002.md | 149 + .../gaps/GAP-ANALYSIS-MGN-003.md | 137 + .../gaps/GAP-ANALYSIS-MGN-004.md | 150 + .../gaps/GAP-ANALYSIS-MGN-005.md | 69 + .../gaps/GAP-ANALYSIS-MGN-006.md | 53 + .../gaps/GAP-ANALYSIS-MGN-007.md | 54 + .../gaps/GAP-ANALYSIS-MGN-008.md | 143 + .../gaps/GAP-ANALYSIS-MGN-009.md | 32 + .../gaps/GAP-ANALYSIS-MGN-010.md | 36 + .../gaps/GAP-ANALYSIS-MGN-011.md | 29 + .../gaps/GAP-ANALYSIS-MGN-012.md | 28 + .../gaps/GAP-ANALYSIS-MGN-013.md | 97 + .../gaps/GAP-ANALYSIS-MGN-014.md | 42 + .../gaps/GAP-ANALYSIS-MGN-015.md | 126 + .../MGN-005-catalogs/README.md | 62 + .../MGN-005-catalogs/_MAP.md | 92 + .../especificaciones/ET-CATALOG-backend.md | 1324 +++ .../especificaciones/ET-CATALOG-database.md | 887 ++ .../especificaciones/ET-CATALOG-frontend.md | 1372 +++ .../especificaciones/INDICE-ET-CATALOGS.md | 105 + .../historias-usuario/INDICE-US-CATALOGS.md | 51 + .../historias-usuario/US-MGN005-001.md | 249 + .../historias-usuario/US-MGN005-002.md | 193 + .../historias-usuario/US-MGN005-003.md | 247 + .../historias-usuario/US-MGN005-004.md | 222 + .../historias-usuario/US-MGN005-005.md | 243 + .../implementacion/TRACEABILITY.yml | 252 + .../requerimientos/INDICE-RF-CATALOG.md | 184 + .../requerimientos/RF-CATALOG-001.md | 294 + .../requerimientos/RF-CATALOG-002.md | 277 + .../requerimientos/RF-CATALOG-003.md | 320 + .../requerimientos/RF-CATALOG-004.md | 346 + .../requerimientos/RF-CATALOG-005.md | 348 + .../MGN-006-settings/README.md | 59 + .../MGN-006-settings/_MAP.md | 96 + .../especificaciones/ET-SETTINGS-backend.md | 557 ++ .../especificaciones/ET-SETTINGS-database.md | 406 + .../especificaciones/ET-SETTINGS-frontend.md | 1805 ++++ .../especificaciones/INDICE-ET-SETTINGS.md | 85 + .../historias-usuario/INDICE-US-SETTINGS.md | 68 + .../historias-usuario/US-MGN006-001.md | 234 + .../historias-usuario/US-MGN006-002.md | 223 + .../historias-usuario/US-MGN006-003.md | 228 + .../historias-usuario/US-MGN006-004.md | 276 + .../implementacion/TRACEABILITY.yml | 319 + .../requerimientos/INDICE-RF-SETTINGS.md | 77 + .../requerimientos/RF-SETTINGS-001.md | 236 + .../requerimientos/RF-SETTINGS-002.md | 208 + .../requerimientos/RF-SETTINGS-003.md | 204 + .../requerimientos/RF-SETTINGS-004.md | 259 + .../MGN-007-audit/README.md | 60 + .../MGN-007-audit/_MAP.md | 95 + .../especificaciones/ET-AUDIT-backend.md | 1151 +++ .../especificaciones/ET-AUDIT-database.md | 546 ++ .../especificaciones/ET-AUDIT-frontend.md | 1893 ++++ .../especificaciones/INDICE-ET-AUDIT.md | 132 + .../historias-usuario/INDICE-US-AUDIT.md | 108 + .../historias-usuario/US-MGN007-001.md | 253 + .../historias-usuario/US-MGN007-002.md | 260 + .../historias-usuario/US-MGN007-003.md | 261 + .../historias-usuario/US-MGN007-004.md | 303 + .../implementacion/TRACEABILITY.yml | 337 + .../requerimientos/INDICE-RF-AUDIT.md | 89 + .../requerimientos/RF-AUDIT-001.md | 217 + .../requerimientos/RF-AUDIT-002.md | 210 + .../requerimientos/RF-AUDIT-003.md | 240 + .../requerimientos/RF-AUDIT-004.md | 298 + .../MGN-008-notifications/README.md | 61 + .../MGN-008-notifications/_MAP.md | 98 + .../especificaciones/ET-NOTIF-backend.md | 1049 ++ .../especificaciones/ET-NOTIF-database.md | 690 ++ .../especificaciones/ET-NOTIF-frontend.md | 1628 ++++ .../especificaciones/INDICE-ET-NOTIF.md | 194 + .../historias-usuario/INDICE-US-NOTIF.md | 123 + .../historias-usuario/US-MGN008-001.md | 268 + .../historias-usuario/US-MGN008-002.md | 292 + .../historias-usuario/US-MGN008-003.md | 281 + .../historias-usuario/US-MGN008-004.md | 300 + .../implementacion/TRACEABILITY.yml | 388 + .../requerimientos/INDICE-RF-NOTIF.md | 92 + .../requerimientos/RF-NOTIF-001.md | 262 + .../requerimientos/RF-NOTIF-002.md | 286 + .../requerimientos/RF-NOTIF-003.md | 231 + .../requerimientos/RF-NOTIF-004.md | 278 + .../MGN-009-reports/README.md | 60 + .../MGN-009-reports/_MAP.md | 98 + .../especificaciones/ET-REPORT-backend.md | 1249 +++ .../especificaciones/ET-REPORT-database.md | 699 ++ .../especificaciones/ET-REPORT-frontend.md | 1689 ++++ .../especificaciones/INDICE-ET-REPORT.md | 207 + .../historias-usuario/INDICE-US-REPORT.md | 125 + .../historias-usuario/US-MGN009-001.md | 292 + .../historias-usuario/US-MGN009-002.md | 284 + .../historias-usuario/US-MGN009-003.md | 304 + .../historias-usuario/US-MGN009-004.md | 310 + .../implementacion/TRACEABILITY.yml | 413 + .../requerimientos/INDICE-RF-REPORT.md | 93 + .../requerimientos/RF-REPORT-001.md | 267 + .../requerimientos/RF-REPORT-002.md | 299 + .../requerimientos/RF-REPORT-003.md | 289 + .../requerimientos/RF-REPORT-004.md | 266 + .../MGN-010-financial/README.md | 60 + .../MGN-010-financial/_MAP.md | 102 + .../especificaciones/ET-FIN-backend.md | 1092 +++ .../especificaciones/ET-FIN-database.md | 872 ++ .../especificaciones/ET-FIN-frontend.md | 1929 ++++ .../especificaciones/INDICE-ET-FINANCIAL.md | 212 + .../historias-usuario/INDICE-US-FINANCIAL.md | 141 + .../historias-usuario/US-MGN010-001.md | 306 + .../historias-usuario/US-MGN010-002.md | 304 + .../historias-usuario/US-MGN010-003.md | 303 + .../historias-usuario/US-MGN010-004.md | 311 + .../implementacion/TRACEABILITY.yml | 538 ++ .../requerimientos/INDICE-RF-FINANCIAL.md | 113 + .../requerimientos/RF-FIN-001.md | 279 + .../requerimientos/RF-FIN-002.md | 272 + .../requerimientos/RF-FIN-003.md | 289 + .../requerimientos/RF-FIN-004.md | 314 + docs/02-fase-core-business/README.md | 278 + .../RF-auth/INDICE-RF-AUTH.md | 188 + docs/03-requerimientos/RF-auth/RF-AUTH-001.md | 234 + docs/03-requerimientos/RF-auth/RF-AUTH-002.md | 264 + docs/03-requerimientos/RF-auth/RF-AUTH-003.md | 261 + docs/03-requerimientos/RF-auth/RF-AUTH-004.md | 288 + docs/03-requerimientos/RF-auth/RF-AUTH-005.md | 345 + .../RF-catalogs/INDICE-RF-CATALOG.md | 184 + .../RF-catalogs/RF-CATALOG-001.md | 294 + .../RF-catalogs/RF-CATALOG-002.md | 277 + .../RF-catalogs/RF-CATALOG-003.md | 320 + .../RF-catalogs/RF-CATALOG-004.md | 346 + .../RF-catalogs/RF-CATALOG-005.md | 348 + .../RF-rbac/INDICE-RF-ROLE.md | 221 + docs/03-requerimientos/RF-rbac/RF-ROLE-001.md | 364 + docs/03-requerimientos/RF-rbac/RF-ROLE-002.md | 338 + docs/03-requerimientos/RF-rbac/RF-ROLE-003.md | 350 + docs/03-requerimientos/RF-rbac/RF-ROLE-004.md | 530 + .../RF-tenants/INDICE-RF-TENANT.md | 271 + .../RF-tenants/RF-TENANT-001.md | 396 + .../RF-tenants/RF-TENANT-002.md | 370 + .../RF-tenants/RF-TENANT-003.md | 424 + .../RF-tenants/RF-TENANT-004.md | 460 + .../RF-users/INDICE-RF-USER.md | 260 + .../03-requerimientos/RF-users/RF-USER-001.md | 333 + .../03-requerimientos/RF-users/RF-USER-002.md | 314 + .../03-requerimientos/RF-users/RF-USER-003.md | 332 + .../03-requerimientos/RF-users/RF-USER-004.md | 362 + .../03-requerimientos/RF-users/RF-USER-005.md | 370 + docs/04-modelado/FASE-2-INICIO-COMPLETADO.md | 260 + docs/04-modelado/MAPEO-SPECS-VERTICALES.md | 213 + .../VALIDACION-DEPENDENCIAS-MGN-015-018.md | 559 ++ .../AUTOMATIC-TRACKING-SYSTEM.md | 432 + .../database-design/DDL-SPEC-ai_agents.md | 1058 ++ .../database-design/DDL-SPEC-billing.md | 872 ++ .../database-design/DDL-SPEC-core_auth.md | 744 ++ .../database-design/DDL-SPEC-core_catalogs.md | 815 ++ .../database-design/DDL-SPEC-core_rbac.md | 694 ++ .../database-design/DDL-SPEC-core_tenants.md | 1117 +++ .../database-design/DDL-SPEC-core_users.md | 847 ++ .../database-design/DDL-SPEC-integrations.md | 679 ++ .../database-design/DDL-SPEC-messaging.md | 832 ++ docs/04-modelado/database-design/README.md | 219 + .../database-design/database-roadmap.md | 418 + .../schemas/SCHEMAS-STATISTICS.md | 504 + .../schemas/analytics-schema-ddl.sql | 510 + .../schemas/auth-schema-ddl.sql | 620 ++ .../schemas/core-schema-ddl.sql | 752 ++ .../schemas/financial-schema-ddl.sql | 948 ++ .../schemas/inventory-schema-ddl.sql | 750 ++ .../schemas/projects-schema-ddl.sql | 537 ++ .../schemas/purchase-schema-ddl.sql | 554 ++ .../schemas/sales-schema-ddl.sql | 672 ++ .../schemas/system-schema-ddl.sql | 853 ++ .../domain-models/analytics-domain.md | 337 + docs/04-modelado/domain-models/auth-domain.md | 267 + .../domain-models/billing-domain.md | 308 + docs/04-modelado/domain-models/crm-domain.md | 298 + .../domain-models/financial-domain.md | 348 + docs/04-modelado/domain-models/hr-domain.md | 425 + .../domain-models/inventory-domain.md | 360 + .../domain-models/messaging-domain.md | 464 + .../domain-models/projects-domain.md | 357 + .../04-modelado/domain-models/sales-domain.md | 324 + .../ET-auth-backend.md | 1749 ++++ .../ET-rbac-backend.md | 1274 +++ .../ET-tenants-backend.md | 2365 +++++ .../ET-users-backend.md | 1247 +++ .../especificaciones-tecnicas/README.md | 641 ++ ...D-MGN-001-001-autenticación-de-usuarios.md | 1025 ++ ...01-002-gestión-de-roles-y-permisos-rbac.md | 1025 ++ ...BACKEND-MGN-001-003-gestión-de-usuarios.md | 1025 ++ ...ulti-tenancy-con-schema-level-isolation.md | 1025 ++ ...BACKEND-MGN-001-005-reset-de-contraseña.md | 1025 ++ ...MGN-001-006-registro-de-usuarios-signup.md | 1025 ++ ...BACKEND-MGN-001-007-gestión-de-sesiones.md | 1025 ++ ...001-008-record-rules-row-level-security.md | 1025 ++ ...BACKEND-MGN-002-001-gestión-de-empresas.md | 1025 ++ ...ND-MGN-002-002-configuración-de-empresa.md | 1025 ++ ...ón-de-usuarios-a-empresas-multi-empresa.md | 1025 ++ ...002-004-jerarquías-de-empresas-holdings.md | 1025 ++ ...05-plantillas-de-configuración-por-país.md | 1025 ++ ...003-001-gestión-de-partners-universales.md | 1025 ++ ...GN-003-002-gestión-de-países-y-regiones.md | 1017 ++ ...03-gestión-de-monedas-y-tasas-de-cambio.md | 1017 ++ ...3-004-gestión-de-unidades-de-medida-uom.md | 1017 ++ ...-005-gestión-de-categorías-de-productos.md | 1017 ++ ...3-006-condiciones-de-pago-payment-terms.md | 1017 ++ ...-MGN-004-001-gestión-de-plan-de-cuentas.md | 1017 ++ ...N-004-002-gestión-de-journals-contables.md | 1017 ++ ...-004-003-registro-de-asientos-contables.md | 1017 ++ ...ACKEND-MGN-004-004-gestión-de-impuestos.md | 1017 ++ ...-004-005-gestión-de-facturas-de-cliente.md | 1017 ++ ...04-006-gestión-de-facturas-de-proveedor.md | 1017 ++ ...004-007-gestión-de-pagos-y-conciliación.md | 1017 ++ ...-008-reportes-financieros-balance-y-p&l.md | 1017 ++ ...ACKEND-MGN-005-001-gestión-de-productos.md | 1017 ++ ...-002-gestión-de-almacenes-y-ubicaciones.md | 1017 ++ ...ACKEND-MGN-005-003-movimientos-de-stock.md | 1017 ++ ...04-pickings-albaranes-de-entrada-salida.md | 1017 ++ ...5-trazabilidad-lotes-y-números-de-serie.md | 1017 ++ ...valoración-de-inventario-fifo,-promedio.md | 1017 ++ ...MGN-005-007-inventario-físico-y-ajustes.md | 1017 ++ ...N-006-001-solicitudes-de-cotización-rfq.md | 1017 ++ ...GN-006-002-gestión-de-órdenes-de-compra.md | 1017 ++ ...6-003-workflow-de-aprobación-de-compras.md | 1017 ++ ...KEND-MGN-006-004-recepciones-de-compras.md | 1017 ++ ...acturación-de-proveedores-desde-compras.md | 1017 ++ ...BACKEND-MGN-006-006-reportes-de-compras.md | 1017 ++ ...END-MGN-007-001-gestión-de-cotizaciones.md | 1017 ++ ...N-007-002-conversión-a-órdenes-de-venta.md | 1017 ++ ...MGN-007-003-gestión-de-órdenes-de-venta.md | 1017 ++ ...-BACKEND-MGN-007-004-entregas-de-ventas.md | 1017 ++ ...05-facturación-de-clientes-desde-ventas.md | 1017 ++ ...-BACKEND-MGN-007-006-reportes-de-ventas.md | 1017 ++ ...N-008-001-gestión-de-cuentas-analíticas.md | 1017 ++ ...N-008-002-registro-de-líneas-analíticas.md | 1017 ++ ...003-distribución-analítica-multi-cuenta.md | 1017 ++ .../ET-BACKEND-MGN-008-004-tags-analíticos.md | 1017 ++ ...05-reportes-analíticos-p&l-por-proyecto.md | 1017 ++ ...09-001-gestión-de-leads-y-oportunidades.md | 1017 ++ ...D-MGN-009-002-pipeline-de-ventas-kanban.md | 1017 ++ ...D-MGN-009-003-actividades-y-seguimiento.md | 1017 ++ ...MGN-009-004-lead-scoring-y-calificación.md | 1017 ++ ...END-MGN-009-005-conversión-a-cotización.md | 1017 ++ ...ACKEND-MGN-010-001-gestión-de-empleados.md | 1017 ++ ...END-MGN-010-002-departamentos-y-puestos.md | 1017 ++ ...BACKEND-MGN-010-003-contratos-laborales.md | 1017 ++ ...-010-004-asistencias-check-in-check-out.md | 1017 ++ ...ACKEND-MGN-010-005-ausencias-y-permisos.md | 1017 ++ ...ACKEND-MGN-011-001-gestión-de-proyectos.md | 1017 ++ ...ND-MGN-011-002-gestión-de-tareas-kanban.md | 1017 ++ ...ET-BACKEND-MGN-011-003-milestones-hitos.md | 1017 ++ ...KEND-MGN-011-004-timesheet-de-proyectos.md | 1017 ++ ...ND-MGN-011-005-vista-gantt-de-proyectos.md | 1017 ++ ...ND-MGN-012-001-dashboards-configurables.md | 1017 ++ ...query-builder-y-reportes-personalizados.md | 1017 ++ ...03-exportación-de-datos-pdf,-excel,-csv.md | 1017 ++ ...-MGN-012-004-gráficos-y-visualizaciones.md | 1017 ++ ...MGN-013-001-acceso-portal-para-clientes.md | 1017 ++ ...N-013-002-vista-de-documentos-en-portal.md | 1017 ++ ...-013-003-aprobación-y-firma-electrónica.md | 1017 ++ ...ACKEND-MGN-013-004-mensajería-en-portal.md | 1017 ++ ...MGN-014-001-sistema-de-mensajes-chatter.md | 1017 ++ ...N-014-002-notificaciones-in-app-y-email.md | 1017 ++ ...-014-003-tracking-automático-de-cambios.md | 1017 ++ ...END-MGN-014-004-actividades-programadas.md | 1017 ++ ...ACKEND-MGN-014-005-followers-seguidores.md | 1017 ++ ...-BACKEND-MGN-014-006-templates-de-email.md | 1017 ++ .../ET-MGN-015-001-api-planes-suscripcion.md | 442 + .../ET-MGN-015-002-api-suscripciones.md | 561 ++ .../ET-MGN-015-003-api-metodos-pago.md | 541 ++ .../mgn-015/ET-MGN-015-004-api-facturacion.md | 667 ++ .../ET-MGN-015-005-api-uso-metricas.md | 661 ++ .../backend/mgn-015/README.md | 186 + ...D-MGN-001-001-autenticación-de-usuarios.md | 1116 +++ ...01-002-gestión-de-roles-y-permisos-rbac.md | 1116 +++ ...RONTEND-MGN-001-003-gestión-de-usuarios.md | 1116 +++ ...ulti-tenancy-con-schema-level-isolation.md | 1116 +++ ...RONTEND-MGN-001-005-reset-de-contraseña.md | 1116 +++ ...MGN-001-006-registro-de-usuarios-signup.md | 1116 +++ ...RONTEND-MGN-001-007-gestión-de-sesiones.md | 1116 +++ ...001-008-record-rules-row-level-security.md | 1116 +++ ...RONTEND-MGN-002-001-gestión-de-empresas.md | 1116 +++ ...ND-MGN-002-002-configuración-de-empresa.md | 1116 +++ ...ón-de-usuarios-a-empresas-multi-empresa.md | 1116 +++ ...002-004-jerarquías-de-empresas-holdings.md | 1116 +++ ...05-plantillas-de-configuración-por-país.md | 1116 +++ ...003-001-gestión-de-partners-universales.md | 1116 +++ ...GN-003-002-gestión-de-países-y-regiones.md | 1116 +++ ...03-gestión-de-monedas-y-tasas-de-cambio.md | 1116 +++ ...3-004-gestión-de-unidades-de-medida-uom.md | 1116 +++ ...-005-gestión-de-categorías-de-productos.md | 1116 +++ ...3-006-condiciones-de-pago-payment-terms.md | 1116 +++ ...-MGN-004-001-gestión-de-plan-de-cuentas.md | 1116 +++ ...N-004-002-gestión-de-journals-contables.md | 1116 +++ ...-004-003-registro-de-asientos-contables.md | 1116 +++ ...ONTEND-MGN-004-004-gestión-de-impuestos.md | 1116 +++ ...-004-005-gestión-de-facturas-de-cliente.md | 1116 +++ ...04-006-gestión-de-facturas-de-proveedor.md | 1116 +++ ...004-007-gestión-de-pagos-y-conciliación.md | 1116 +++ ...-008-reportes-financieros-balance-y-p&l.md | 1116 +++ ...ONTEND-MGN-005-001-gestión-de-productos.md | 1116 +++ ...-002-gestión-de-almacenes-y-ubicaciones.md | 1116 +++ ...ONTEND-MGN-005-003-movimientos-de-stock.md | 1116 +++ ...04-pickings-albaranes-de-entrada-salida.md | 1116 +++ ...5-trazabilidad-lotes-y-números-de-serie.md | 1116 +++ ...valoración-de-inventario-fifo,-promedio.md | 1116 +++ ...MGN-005-007-inventario-físico-y-ajustes.md | 1116 +++ ...N-006-001-solicitudes-de-cotización-rfq.md | 1116 +++ ...GN-006-002-gestión-de-órdenes-de-compra.md | 1116 +++ ...6-003-workflow-de-aprobación-de-compras.md | 1116 +++ ...TEND-MGN-006-004-recepciones-de-compras.md | 1116 +++ ...acturación-de-proveedores-desde-compras.md | 1116 +++ ...RONTEND-MGN-006-006-reportes-de-compras.md | 1116 +++ ...END-MGN-007-001-gestión-de-cotizaciones.md | 1116 +++ ...N-007-002-conversión-a-órdenes-de-venta.md | 1116 +++ ...MGN-007-003-gestión-de-órdenes-de-venta.md | 1116 +++ ...FRONTEND-MGN-007-004-entregas-de-ventas.md | 1116 +++ ...05-facturación-de-clientes-desde-ventas.md | 1116 +++ ...FRONTEND-MGN-007-006-reportes-de-ventas.md | 1116 +++ ...N-008-001-gestión-de-cuentas-analíticas.md | 1116 +++ ...N-008-002-registro-de-líneas-analíticas.md | 1116 +++ ...003-distribución-analítica-multi-cuenta.md | 1116 +++ ...ET-FRONTEND-MGN-008-004-tags-analíticos.md | 1116 +++ ...05-reportes-analíticos-p&l-por-proyecto.md | 1116 +++ ...09-001-gestión-de-leads-y-oportunidades.md | 1116 +++ ...D-MGN-009-002-pipeline-de-ventas-kanban.md | 1116 +++ ...D-MGN-009-003-actividades-y-seguimiento.md | 1116 +++ ...MGN-009-004-lead-scoring-y-calificación.md | 1116 +++ ...END-MGN-009-005-conversión-a-cotización.md | 1116 +++ ...ONTEND-MGN-010-001-gestión-de-empleados.md | 1116 +++ ...END-MGN-010-002-departamentos-y-puestos.md | 1116 +++ ...RONTEND-MGN-010-003-contratos-laborales.md | 1116 +++ ...-010-004-asistencias-check-in-check-out.md | 1116 +++ ...ONTEND-MGN-010-005-ausencias-y-permisos.md | 1116 +++ ...ONTEND-MGN-011-001-gestión-de-proyectos.md | 1116 +++ ...ND-MGN-011-002-gestión-de-tareas-kanban.md | 1116 +++ ...T-FRONTEND-MGN-011-003-milestones-hitos.md | 1116 +++ ...TEND-MGN-011-004-timesheet-de-proyectos.md | 1116 +++ ...ND-MGN-011-005-vista-gantt-de-proyectos.md | 1116 +++ ...ND-MGN-012-001-dashboards-configurables.md | 1116 +++ ...query-builder-y-reportes-personalizados.md | 1116 +++ ...03-exportación-de-datos-pdf,-excel,-csv.md | 1116 +++ ...-MGN-012-004-gráficos-y-visualizaciones.md | 1116 +++ ...MGN-013-001-acceso-portal-para-clientes.md | 1116 +++ ...N-013-002-vista-de-documentos-en-portal.md | 1116 +++ ...-013-003-aprobación-y-firma-electrónica.md | 1116 +++ ...ONTEND-MGN-013-004-mensajería-en-portal.md | 1116 +++ ...MGN-014-001-sistema-de-mensajes-chatter.md | 1116 +++ ...N-014-002-notificaciones-in-app-y-email.md | 1116 +++ ...-014-003-tracking-automático-de-cambios.md | 1116 +++ ...END-MGN-014-004-actividades-programadas.md | 1116 +++ ...ONTEND-MGN-014-005-followers-seguidores.md | 1116 +++ ...FRONTEND-MGN-014-006-templates-de-email.md | 1116 +++ .../especificaciones-tecnicas/generate_et.py | 2418 +++++ .../transversal/SPEC-ALERTAS-PRESUPUESTO.md | 1643 ++++ .../transversal/SPEC-BLANKET-ORDERS.md | 2258 +++++ .../transversal/SPEC-CONCILIACION-BANCARIA.md | 2496 +++++ .../SPEC-CONSOLIDACION-FINANCIERA.md | 1295 +++ ...CONTABILIDAD-ANALITICA-MULTIDIMENSIONAL.md | 1210 +++ .../SPEC-FIRMA-ELECTRONICA-NOM151.md | 2593 +++++ .../transversal/SPEC-GASTOS-EMPLEADOS.md | 1911 ++++ .../transversal/SPEC-IMPUESTOS-AVANZADOS.md | 1754 ++++ .../transversal/SPEC-INTEGRACION-CALENDAR.md | 1677 ++++ .../transversal/SPEC-INVENTARIOS-CICLICOS.md | 1852 ++++ .../transversal/SPEC-LOCALIZACION-PAISES.md | 1826 ++++ .../transversal/SPEC-MAIL-THREAD-TRACKING.md | 1482 +++ .../transversal/SPEC-NOMINA-BASICA.md | 1809 ++++ .../transversal/SPEC-OAUTH2-SOCIAL-LOGIN.md | 2106 ++++ .../transversal/SPEC-PLANTILLAS-CUENTAS.md | 1658 ++++ .../transversal/SPEC-PORTAL-PROVEEDORES.md | 2024 ++++ .../SPEC-PRESUPUESTOS-REVISIONES.md | 1773 ++++ .../transversal/SPEC-PRICING-RULES.md | 1421 +++ .../SPEC-PROYECTOS-DEPENDENCIAS-BURNDOWN.md | 2056 ++++ .../transversal/SPEC-REPORTES-FINANCIEROS.md | 1314 +++ .../SPEC-RRHH-EVALUACIONES-SKILLS.md | 1384 +++ .../transversal/SPEC-SCHEDULER-REPORTES.md | 1452 +++ .../SPEC-SEGURIDAD-API-KEYS-PERMISOS.md | 1439 +++ .../transversal/SPEC-SISTEMA-SECUENCIAS.md | 683 ++ .../transversal/SPEC-TAREAS-RECURRENTES.md | 1018 ++ .../SPEC-TASAS-CAMBIO-AUTOMATICAS.md | 2440 +++++ .../SPEC-TRAZABILIDAD-LOTES-SERIES.md | 1875 ++++ .../SPEC-TWO-FACTOR-AUTHENTICATION.md | 1947 ++++ .../transversal/SPEC-VALORACION-INVENTARIO.md | 931 ++ .../SPEC-WIZARD-TRANSIENT-MODEL.md | 1387 +++ .../requerimientos-funcionales/README.md | 355 + .../generate_rfs.py | 810 ++ .../RF-MGN-001-001-autenticacion-usuarios.md | 105 + .../mgn-001/RF-MGN-001-002-gestion-roles.md | 108 + .../RF-MGN-001-003-gestion-usuarios.md | 123 + .../mgn-001/RF-MGN-001-004-multi-tenancy.md | 131 + .../mgn-001/RF-MGN-001-005-reset-password.md | 136 + .../RF-MGN-001-006-registro-usuarios.md | 143 + .../RF-MGN-001-007-session-management.md | 147 + .../RF-MGN-001-008-record-rules-rls.md | 158 + .../RF-MGN-002-001-gestion-empresas.md | 130 + .../RF-MGN-002-002-configuracion-empresa.md | 147 + ...GN-002-003-asignacion-usuarios-empresas.md | 127 + .../RF-MGN-002-004-jerarquias-empresas.md | 114 + ...RF-MGN-002-005-plantillas-configuracion.md | 135 + .../RF-MGN-003-001-gestion-partners.md | 87 + ...GN-003-002-gestión-de-países-y-regiones.md | 92 + ...03-gestión-de-monedas-y-tasas-de-cambio.md | 92 + ...3-004-gestión-de-unidades-de-medida-uom.md | 92 + ...-005-gestión-de-categorías-de-productos.md | 92 + ...3-006-condiciones-de-pago-payment-terms.md | 92 + ...-MGN-004-001-gestión-de-plan-de-cuentas.md | 92 + ...N-004-002-gestión-de-journals-contables.md | 92 + ...-004-003-registro-de-asientos-contables.md | 92 + .../RF-MGN-004-004-gestión-de-impuestos.md | 92 + ...-004-005-gestión-de-facturas-de-cliente.md | 92 + ...04-006-gestión-de-facturas-de-proveedor.md | 92 + ...004-007-gestión-de-pagos-y-conciliación.md | 92 + ...-008-reportes-financieros-balance-y-p&l.md | 92 + .../RF-MGN-005-001-gestión-de-productos.md | 92 + ...-002-gestión-de-almacenes-y-ubicaciones.md | 92 + .../RF-MGN-005-003-movimientos-de-stock.md | 92 + ...04-pickings-albaranes-de-entrada-salida.md | 92 + ...5-trazabilidad-lotes-y-números-de-serie.md | 92 + ...valoración-de-inventario-fifo,-promedio.md | 92 + ...MGN-005-007-inventario-físico-y-ajustes.md | 92 + ...N-006-001-solicitudes-de-cotización-rfq.md | 92 + ...GN-006-002-gestión-de-órdenes-de-compra.md | 92 + ...6-003-workflow-de-aprobación-de-compras.md | 92 + .../RF-MGN-006-004-recepciones-de-compras.md | 92 + ...acturación-de-proveedores-desde-compras.md | 92 + .../RF-MGN-006-006-reportes-de-compras.md | 92 + .../RF-MGN-007-001-gestión-de-cotizaciones.md | 92 + ...N-007-002-conversión-a-órdenes-de-venta.md | 92 + ...MGN-007-003-gestión-de-órdenes-de-venta.md | 92 + .../RF-MGN-007-004-entregas-de-ventas.md | 92 + ...05-facturación-de-clientes-desde-ventas.md | 92 + .../RF-MGN-007-006-reportes-de-ventas.md | 92 + ...N-008-001-gestión-de-cuentas-analíticas.md | 92 + ...N-008-002-registro-de-líneas-analíticas.md | 92 + ...003-distribución-analítica-multi-cuenta.md | 92 + .../mgn-008/RF-MGN-008-004-tags-analíticos.md | 92 + ...05-reportes-analíticos-p&l-por-proyecto.md | 92 + ...09-001-gestión-de-leads-y-oportunidades.md | 92 + ...F-MGN-009-002-pipeline-de-ventas-kanban.md | 92 + ...F-MGN-009-003-actividades-y-seguimiento.md | 92 + ...MGN-009-004-lead-scoring-y-calificación.md | 92 + .../RF-MGN-009-005-conversión-a-cotización.md | 92 + .../RF-MGN-010-001-gestión-de-empleados.md | 92 + .../RF-MGN-010-002-departamentos-y-puestos.md | 92 + .../RF-MGN-010-003-contratos-laborales.md | 92 + ...-010-004-asistencias-check-in-check-out.md | 92 + .../RF-MGN-010-005-ausencias-y-permisos.md | 92 + .../RF-MGN-011-001-gestión-de-proyectos.md | 92 + ...RF-MGN-011-002-gestión-de-tareas-kanban.md | 92 + .../RF-MGN-011-003-milestones-hitos.md | 92 + .../RF-MGN-011-004-timesheet-de-proyectos.md | 92 + ...RF-MGN-011-005-vista-gantt-de-proyectos.md | 92 + ...RF-MGN-012-001-dashboards-configurables.md | 92 + ...query-builder-y-reportes-personalizados.md | 92 + ...03-exportación-de-datos-pdf,-excel,-csv.md | 92 + ...-MGN-012-004-gráficos-y-visualizaciones.md | 92 + ...MGN-013-001-acceso-portal-para-clientes.md | 92 + ...N-013-002-vista-de-documentos-en-portal.md | 92 + ...-013-003-aprobación-y-firma-electrónica.md | 92 + .../RF-MGN-013-004-mensajería-en-portal.md | 92 + ...MGN-014-001-sistema-de-mensajes-chatter.md | 92 + ...N-014-002-notificaciones-in-app-y-email.md | 92 + ...-014-003-tracking-automático-de-cambios.md | 92 + .../RF-MGN-014-004-actividades-programadas.md | 92 + .../RF-MGN-014-005-followers-seguidores.md | 92 + .../RF-MGN-014-006-templates-de-email.md | 92 + .../mgn-015/README.md | 100 + ...-MGN-015-001-gestion-planes-suscripcion.md | 116 + ...GN-015-002-gestion-suscripciones-tenant.md | 147 + .../mgn-015/RF-MGN-015-003-metodos-pago.md | 136 + .../RF-MGN-015-004-facturacion-cobros.md | 178 + .../RF-MGN-015-005-registro-uso-metricas.md | 165 + .../RF-MGN-015-006-modo-single-tenant.md | 210 + .../RF-MGN-015-007-pricing-por-usuario.md | 257 + .../mgn-016/README.md | 142 + .../RF-MGN-016-001-integracion-mercadopago.md | 270 + .../RF-MGN-016-002-integracion-clip.md | 255 + .../mgn-017/README.md | 226 + ...-MGN-017-001-conexion-whatsapp-business.md | 356 + .../RF-MGN-017-005-chatbot-automatizado.md | 406 + .../mgn-018/README.md | 247 + .../RF-MGN-018-001-configuracion-agentes.md | 483 + .../RF-MGN-018-002-bases-conocimiento.md | 521 + .../RF-MGN-018-003-procesamiento-mensajes.md | 520 + .../RF-MGN-018-004-acciones-herramientas.md | 683 ++ .../RF-MGN-018-005-entrenamiento-feedback.md | 537 ++ .../RF-MGN-018-006-analytics-metricas.md | 578 ++ .../GRAFO-DEPENDENCIAS-SCHEMAS.md | 420 + .../trazabilidad/INVENTARIO-OBJETOS-BD.yml | 2169 +++++ .../MATRIZ-TRAZABILIDAD-RF-ET-BD.md | 315 + docs/04-modelado/trazabilidad/README.md | 484 + .../REPORTE-VALIDACION-DDL-DOC.md | 396 + .../REPORTE-VALIDACION-PREVIA-BD.md | 318 + .../trazabilidad/TRACEABILITY-MGN-001.yaml | 1407 +++ .../trazabilidad/TRACEABILITY-MGN-002.yaml | 859 ++ .../trazabilidad/TRACEABILITY-MGN-003.yaml | 998 ++ .../trazabilidad/TRACEABILITY-MGN-004.yaml | 1460 +++ .../trazabilidad/TRACEABILITY-MGN-005.yaml | 1010 ++ .../trazabilidad/TRACEABILITY-MGN-006.yaml | 447 + .../trazabilidad/TRACEABILITY-MGN-007.yaml | 1144 +++ .../trazabilidad/TRACEABILITY-MGN-008.yaml | 985 ++ .../trazabilidad/TRACEABILITY-MGN-009.yaml | 931 ++ .../trazabilidad/TRACEABILITY-MGN-010.yaml | 964 ++ .../trazabilidad/TRACEABILITY-MGN-011.yaml | 946 ++ .../trazabilidad/TRACEABILITY-MGN-012.yaml | 765 ++ .../trazabilidad/TRACEABILITY-MGN-013.yaml | 747 ++ .../trazabilidad/TRACEABILITY-MGN-014.yaml | 1092 +++ .../trazabilidad/TRACEABILITY-MGN-015.yaml | 536 + .../trazabilidad/VALIDACION-COBERTURA-ODOO.md | 563 ++ .../workflows/WORKFLOW-3-WAY-MATCH.md | 710 ++ .../WORKFLOW-CIERRE-PERIODO-CONTABLE.md | 596 ++ .../workflows/WORKFLOW-PAGOS-ANTICIPADOS.md | 615 ++ .../PLAN-EJECUCION-US-RESTANTES.md | 389 + docs/05-user-stories/README.md | 360 + .../REPORTE-COMPLETACION-70-US.md | 308 + .../REPORTE-PROGRESO-FASE-3.md | 310 + .../RESUMEN-EJECUTIVO-FASE-3.md | 254 + .../_legacy_backup/MGN-001/BACKLOG-MGN001.md | 162 + .../_legacy_backup/MGN-001/US-MGN001-001.md | 296 + .../_legacy_backup/MGN-001/US-MGN001-002.md | 261 + .../_legacy_backup/MGN-001/US-MGN001-003.md | 300 + .../_legacy_backup/MGN-001/US-MGN001-004.md | 391 + .../_legacy_backup/MGN-002/BACKLOG-MGN002.md | 138 + .../_legacy_backup/MGN-002/US-MGN002-001.md | 219 + .../_legacy_backup/MGN-002/US-MGN002-002.md | 225 + .../_legacy_backup/MGN-002/US-MGN002-003.md | 203 + .../_legacy_backup/MGN-002/US-MGN002-004.md | 222 + .../_legacy_backup/MGN-003/BACKLOG-MGN003.md | 177 + .../_legacy_backup/MGN-003/US-MGN003-001.md | 162 + .../_legacy_backup/MGN-003/US-MGN003-002.md | 177 + .../_legacy_backup/MGN-003/US-MGN003-003.md | 211 + .../_legacy_backup/MGN-003/US-MGN003-004.md | 230 + .../_legacy_backup/MGN-004/BACKLOG-MGN004.md | 210 + .../_legacy_backup/MGN-004/US-MGN004-001.md | 184 + .../_legacy_backup/MGN-004/US-MGN004-002.md | 178 + .../_legacy_backup/MGN-004/US-MGN004-003.md | 205 + .../_legacy_backup/MGN-004/US-MGN004-004.md | 211 + .../mgn-001/BACKLOG-MGN-001.md | 162 + ...GN-001-001-001-login-con-email-password.md | 242 + .../US-MGN-001-001-002-renovar-token-jwt.md | 230 + ...MGN-001-002-001-crear-y-gestionar-roles.md | 259 + ...GN-001-002-002-asignar-permisos-a-roles.md | 256 + ...001-002-003-validar-permisos-en-runtime.md | 262 + .../US-MGN-001-003-001-crud-usuarios.md | 114 + ...03-002-gestion-perfil-y-cambio-password.md | 104 + .../US-MGN-001-004-001-crear-tenant.md | 66 + .../US-MGN-001-004-002-schema-isolation.md | 58 + ...GN-001-004-003-tenant-context-switching.md | 51 + .../US-MGN-001-005-001-reset-password.md | 68 + .../US-MGN-001-006-001-signup-autoregistro.md | 62 + ...GN-001-007-001-gestion-sesiones-activas.md | 60 + .../mgn-001/US-MGN-001-007-002-logout.md | 55 + .../US-MGN-001-008-001-rls-policies.md | 61 + ...US-MGN-001-008-002-field-level-security.md | 56 + .../mgn-002/BACKLOG-MGN-002.md | 138 + .../US-MGN-002-001-001-crud-empresas.md | 74 + .../US-MGN-002-001-002-logo-y-branding.md | 56 + ...002-001-configuracion-fiscal-y-contable.md | 60 + ...002-003-001-asignar-usuarios-a-empresas.md | 62 + ...-MGN-002-003-002-cambiar-empresa-activa.md | 56 + .../US-MGN-002-004-001-jerarquias-holdings.md | 62 + ...5-001-plantillas-configuracion-por-pais.md | 56 + .../mgn-003/BACKLOG-MGN-003.md | 177 + .../US-MGN-003-001-001-crud-partners.md | 366 + ...S-MGN-003-001-002-direcciones-multiples.md | 55 + .../US-MGN-003-002-001-paises-y-estados.md | 56 + .../US-MGN-003-003-001-gestion-monedas.md | 56 + .../US-MGN-003-003-002-tasas-de-cambio.md | 56 + .../US-MGN-003-004-001-unidades-de-medida.md | 56 + ...MGN-003-005-001-categorias-de-productos.md | 55 + .../US-MGN-003-006-001-condiciones-de-pago.md | 61 + .../mgn-004/BACKLOG-MGN-004.md | 210 + ...-MGN-004-001-001-crud-cuentas-contables.md | 258 + ...004-001-002-jerarquia-cuentas-contables.md | 236 + ...MGN-004-002-001-crud-journals-contables.md | 195 + ...04-003-001-crear-asiento-contable-draft.md | 232 + ...N-004-003-002-validar-y-postear-asiento.md | 252 + ...03-003-cancelar-asiento-reversing-entry.md | 244 + .../US-MGN-004-004-001-crud-impuestos.md | 185 + ...04-004-002-calculo-impuestos-automatico.md | 184 + ...004-005-001-crear-factura-cliente-draft.md | 170 + ...MGN-004-005-002-validar-factura-cliente.md | 179 + ...GN-004-005-003-cancelar-factura-cliente.md | 91 + ...4-006-001-crear-factura-proveedor-draft.md | 83 + ...N-004-006-002-validar-factura-proveedor.md | 80 + ...-004-006-003-cancelar-factura-proveedor.md | 65 + ...MGN-004-007-001-registrar-pago-recibido.md | 180 + ...GN-004-007-002-registrar-pago-realizado.md | 81 + .../US-MGN-004-007-003-cancelar-pago.md | 68 + ...008-001-reportes-financieros-balance-pl.md | 252 + .../US-MGN-005-001-001-crear-producto.md | 216 + ...05-001-002-gestionar-variantes-producto.md | 180 + ...002-001-gestionar-almacenes-ubicaciones.md | 218 + ...-MGN-005-003-001-crear-movimiento-stock.md | 198 + ...GN-005-003-002-validar-movimiento-stock.md | 197 + ...N-005-003-003-cancelar-movimiento-stock.md | 186 + ...MGN-005-004-001-visualizar-stock-quants.md | 184 + .../US-MGN-005-004-002-reservar-stock.md | 187 + ...MGN-005-005-001-crear-ajuste-inventario.md | 108 + ...N-005-005-002-validar-ajuste-inventario.md | 110 + .../US-MGN-005-006-001-valoracion-fifo.md | 114 + .../US-MGN-005-006-002-valoracion-promedio.md | 108 + ...5-007-001-reporte-inventario-valorizado.md | 116 + ...N-005-007-002-reporte-movimientos-stock.md | 111 + .../mgn-006/US-MGN-006-001-001-crear-rfq.md | 109 + .../mgn-006/US-MGN-006-001-002-enviar-rfq.md | 107 + .../US-MGN-006-002-001-crear-orden-compra.md | 113 + ...-MGN-006-002-002-confirmar-orden-compra.md | 111 + ...S-MGN-006-002-003-cancelar-orden-compra.md | 106 + ...-MGN-006-003-001-crear-recepcion-compra.md | 109 + ...GN-006-003-002-validar-recepcion-compra.md | 110 + ...006-003-003-recepcion-parcial-backorder.md | 101 + ...-006-004-001-crear-devolucion-proveedor.md | 108 + ...06-004-002-validar-devolucion-proveedor.md | 100 + .../US-MGN-006-005-001-dashboard-compras.md | 109 + ...US-MGN-006-005-002-analisis-proveedores.md | 110 + .../US-MGN-007-001-001-crear-cotizacion.md | 67 + ...MGN-007-001-002-enviar-cotizacion-email.md | 219 + ...-001-crear-sales-order-desde-cotizacion.md | 231 + ...S-MGN-007-002-002-confirmar-sales-order.md | 222 + ...US-MGN-007-002-003-cancelar-sales-order.md | 214 + ...003-001-crear-entrega-desde-sales-order.md | 214 + ...03-002-validar-entrega-actualizar-stock.md | 224 + ...N-007-003-003-entrega-parcial-backorder.md | 208 + ...GN-007-005-001-crear-devolucion-cliente.md | 221 + ...05-002-validar-devolucion-ajustar-stock.md | 182 + .../US-MGN-007-006-001-dashboard-ventas.md | 226 + ...nalisis-ventas-producto-cliente-periodo.md | 227 + ...-MGN-008-001-001-crud-planes-analiticos.md | 145 + ...-002-configurar-dimensiones-multi-nivel.md | 111 + ...02-001-crud-cuentas-analiticas-por-plan.md | 81 + ...-gestionar-jerarquia-cuentas-analiticas.md | 84 + ...3-001-asignar-distribuciones-analiticas.md | 84 + ...002-calcular-distribuciones-automaticas.md | 75 + ...porte-p-and-l-por-proyecto-departamento.md | 95 + ...04-002-drill-down-analitico-multi-nivel.md | 72 + ...08-005-001-crud-presupuestos-analiticos.md | 81 + ...5-002-alertas-desviacion-presupuestaria.md | 88 + .../mgn-009/US-MGN-009-001-001-crud-leads.md | 114 + ...-MGN-009-001-002-calificar-lead-scoring.md | 101 + .../US-MGN-009-002-001-crud-oportunidades.md | 99 + ...09-002-002-calcular-probabilidad-cierre.md | 83 + ...S-MGN-009-003-001-vista-kanban-pipeline.md | 94 + ...MGN-009-003-002-drag-drop-oportunidades.md | 82 + ...US-MGN-009-004-001-crud-actividades-crm.md | 98 + ...-009-005-001-convertir-lead-oportunidad.md | 95 + .../US-MGN-010-001-001-crud-empleados.md | 94 + ...0-001-002-gestionar-documentos-empleado.md | 70 + ...GN-010-002-001-crud-contratos-laborales.md | 65 + ...002-002-renovacion-automatica-contratos.md | 51 + ...registro-check-in-check-out-asistencias.md | 72 + ...4-001-gestionar-jerarquia-departamentos.md | 62 + .../US-MGN-010-005-001-dashboard-rrhh.md | 72 + ...11-0-001-aprobar-timesheet-de-empleados.md | 59 + ...001-asignar-miembros-y-roles-a-proyecto.md | 59 + ...S-MGN-011-0-001-crud-tareas-de-proyecto.md | 59 + ...shboard-de-proyecto-avance-budget-horas.md | 59 + ...011-0-001-diagrama-de-gantt-de-proyecto.md | 59 + ...001-gestionar-dependencias-entre-tareas.md | 59 + ...011-0-001-registrar-timesheet-por-tarea.md | 59 + ...0-001-vista-kanban-de-tareas-por-estado.md | 59 + ...011-0-002-diagrama-de-gantt-de-proyecto.md | 59 + .../US-MGN-011-001-001-crud-proyectos.md | 90 + ...2-configurar-proyecto-fases-presupuesto.md | 61 + .../mgn-011/create_mgn011_us.sh | 162 + ...001-report-builder-visual-con-drag-drop.md | 81 + ...-001-002-gestionar-widgets-de-dashboard.md | 81 + ...inancieros-estndar-balance-pl-cash-flow.md | 81 + ...01-reportes-operacionales-configurables.md | 81 + ...12-004-001-exportar-reportes-a-excelpdf.md | 81 + ...02-enviar-reportes-por-email-programado.md | 81 + ...3-001-001-login-portal-clienteproveedor.md | 77 + ...001-002-registro-self-service-en-portal.md | 77 + ...3-002-001-vista-de-documentos-en-portal.md | 77 + ...2-002-descargar-documentos-desde-portal.md | 77 + ...013-003-001-mensajera-interna-en-portal.md | 77 + ...acin-de-perfil-y-preferencias-en-portal.md | 77 + ...1-comentar-en-registros-chatter-pattern.md | 91 + ...001-002-adjuntar-archivos-a-comentarios.md | 91 + ...001-003-seguirdejar-de-seguir-registros.md | 91 + ...icaciones-push-en-tiempo-real-websocket.md | 91 + ...-notificaciones-por-email-configurables.md | 91 + ...ferencias-de-notificaciones-por-usuario.md | 91 + ...MGN-014-003-001-subir-archivos-adjuntos.md | 91 + ...03-002-gestionar-biblioteca-de-adjuntos.md | 91 + ...014-004-001-aadir-followers-a-registros.md | 91 + ...02-notificar-automticamente-a-followers.md | 91 + ...areas-llamadas-reuniones-con-calendario.md | 91 + ...mensajes-internos-vs-pblicos-en-chatter.md | 91 + docs/06-test-plans/MASTER-TEST-PLAN.md | 794 ++ docs/06-test-plans/README.md | 342 + .../TEST-PLAN-MGN-001-fundamentos.md | 1012 ++ .../TEST-PLAN-MGN-002-empresas.md | 500 + .../TEST-PLAN-MGN-003-catalogos.md | 548 ++ .../TEST-PLAN-MGN-004-financiero.md | 367 + .../TEST-PLAN-MGN-005-inventario.md | 222 + .../TEST-PLAN-MGN-006-compras.md | 242 + .../06-test-plans/TEST-PLAN-MGN-007-ventas.md | 242 + .../TEST-PLAN-MGN-008-analitica.md | 242 + docs/06-test-plans/TEST-PLAN-MGN-009-crm.md | 242 + docs/06-test-plans/TEST-PLAN-MGN-010-rrhh.md | 242 + .../TEST-PLAN-MGN-011-proyectos.md | 242 + .../TEST-PLAN-MGN-012-reportes.md | 242 + .../06-test-plans/TEST-PLAN-MGN-013-portal.md | 242 + .../TEST-PLAN-MGN-014-mensajeria.md | 242 + docs/06-test-plans/TP-auth.md | 792 ++ docs/06-test-plans/TP-rbac.md | 715 ++ docs/06-test-plans/TP-tenants.md | 606 ++ docs/06-test-plans/TP-users.md | 1124 +++ docs/07-devops/BACKUP-RECOVERY.md | 907 ++ docs/07-devops/CI-CD-PIPELINE.md | 831 ++ docs/07-devops/DEPLOYMENT-GUIDE.md | 1827 ++++ docs/07-devops/MONITORING-OBSERVABILITY.md | 1660 ++++ docs/07-devops/README.md | 442 + docs/07-devops/SECURITY-HARDENING.md | 955 ++ docs/07-devops/scripts/backup-postgres.sh | 140 + docs/07-devops/scripts/health-check.sh | 264 + docs/07-devops/scripts/restore-postgres.sh | 140 + docs/08-epicas/EPIC-MGN-001-auth.md | 175 + docs/08-epicas/EPIC-MGN-002-users.md | 172 + docs/08-epicas/EPIC-MGN-003-roles.md | 204 + docs/08-epicas/EPIC-MGN-004-tenants.md | 209 + docs/08-epicas/EPIC-MGN-005-catalogs.md | 163 + docs/08-epicas/EPIC-MGN-006-settings.md | 97 + docs/08-epicas/EPIC-MGN-007-audit.md | 170 + docs/08-epicas/EPIC-MGN-008-notifications.md | 174 + docs/08-epicas/EPIC-MGN-009-reports.md | 178 + docs/08-epicas/EPIC-MGN-010-financial.md | 113 + docs/08-epicas/EPIC-MGN-011-inventory.md | 104 + docs/08-epicas/EPIC-MGN-012-purchasing.md | 98 + docs/08-epicas/EPIC-MGN-013-sales.md | 102 + docs/08-epicas/EPIC-MGN-014-crm.md | 180 + docs/08-epicas/EPIC-MGN-015-projects.md | 178 + docs/08-epicas/EPIC-MGN-016-billing.md | 120 + docs/08-epicas/EPIC-MGN-017-payments.md | 200 + .../EPIC-MGN-017-stripe-integration.md | 114 + docs/08-epicas/EPIC-MGN-018-whatsapp.md | 213 + docs/08-epicas/EPIC-MGN-019-ai-agents.md | 150 + docs/08-epicas/EPIC-MGN-019-mobile-apps.md | 159 + docs/08-epicas/EPIC-MGN-020-onboarding.md | 163 + docs/08-epicas/EPIC-MGN-021-ai-tokens.md | 196 + docs/08-epicas/README.md | 132 + .../REPORTE-AUDITORIA-DOCUMENTACION.md | 227 + docs/97-adr/ADR-001-stack-tecnologico.md | 86 + docs/97-adr/ADR-002-arquitectura-modular.md | 71 + docs/97-adr/ADR-003-multi-tenancy.md | 69 + .../97-adr/ADR-004-sistema-constantes-ssot.md | 20 + docs/97-adr/ADR-005-path-aliases.md | 20 + docs/97-adr/ADR-006-rbac-sistema-permisos.md | 29 + docs/97-adr/ADR-007-database-design.md | 26 + docs/97-adr/ADR-008-api-design.md | 27 + docs/97-adr/ADR-009-frontend-architecture.md | 30 + docs/97-adr/ADR-010-testing-strategy.md | 37 + .../ADR-011-database-clean-load-strategy.md | 177 + .../ADR-012-complete-traceability-policy.md | 291 + docs/CORRECCION-GAP-001-REPORTE.md | 510 + docs/CORRECCION-GAP-002-REPORTE.md | 493 + docs/FRONTEND-PRIORITY-MATRIX.md | 281 + docs/INSTRUCCIONES-AGENTE-ARQUITECTURA.md | 476 + docs/LANZAR-FASE-0.md | 484 + docs/PLAN-DESARROLLO-FRONTEND.md | 305 + docs/PLAN-DOCUMENTACION-ERP-GENERICO.md | 479 + docs/PLAN-EXPANSION-BACKEND.md | 468 + docs/PLAN-MAESTRO-MIGRACION-CONSOLIDACION.md | 1305 +++ docs/README.md | 360 + docs/REPORTE-ALINEACION-DDL-SPECS.md | 366 + docs/REPORTE-REVALIDACION-TECNICA-COMPLETA.md | 1950 ++++ docs/RESUMEN-EJECUTIVO-REVALIDACION.md | 210 + docs/SPRINT-PLAN-FASE-1.md | 242 + docs/_MAP.md | 40 + frontend/.eslintrc.cjs | 27 + frontend/Dockerfile | 35 + frontend/index.html | 17 + frontend/nginx.conf | 35 + frontend/package-lock.json | 7509 ++++++++++++++ frontend/package.json | 53 + frontend/postcss.config.js | 6 + frontend/public/vite.svg | 1 + frontend/src/app/layouts/AuthLayout.tsx | 75 + frontend/src/app/layouts/DashboardLayout.tsx | 195 + frontend/src/app/layouts/index.ts | 2 + frontend/src/app/providers/index.tsx | 15 + frontend/src/app/router/ProtectedRoute.tsx | 31 + frontend/src/app/router/index.tsx | 8 + frontend/src/app/router/routes.tsx | 272 + .../features/companies/api/companies.api.ts | 55 + frontend/src/features/companies/api/index.ts | 1 + .../components/CompanyFiltersPanel.tsx | 104 + .../companies/components/CompanyForm.tsx | 324 + .../features/companies/components/index.ts | 2 + .../src/features/companies/hooks/index.ts | 1 + .../features/companies/hooks/useCompanies.ts | 148 + .../features/companies/types/company.types.ts | 69 + .../src/features/companies/types/index.ts | 1 + frontend/src/features/partners/api/index.ts | 1 + .../src/features/partners/api/partners.api.ts | 74 + .../components/PartnerFiltersPanel.tsx | 165 + .../partners/components/PartnerForm.tsx | 322 + .../components/PartnerStatusBadge.tsx | 29 + .../partners/components/PartnerTypeBadge.tsx | 38 + .../src/features/partners/components/index.ts | 4 + frontend/src/features/partners/hooks/index.ts | 1 + .../features/partners/hooks/usePartners.ts | 141 + frontend/src/features/partners/types/index.ts | 1 + .../features/partners/types/partner.types.ts | 102 + frontend/src/features/users/api/index.ts | 1 + frontend/src/features/users/api/users.api.ts | 81 + .../users/components/UserFiltersPanel.tsx | 130 + .../features/users/components/UserForm.tsx | 165 + .../users/components/UserStatusBadge.tsx | 18 + .../src/features/users/components/index.ts | 3 + frontend/src/features/users/hooks/index.ts | 1 + frontend/src/features/users/hooks/useUsers.ts | 155 + frontend/src/features/users/types/index.ts | 1 + .../src/features/users/types/user.types.ts | 61 + frontend/src/index.css | 92 + frontend/src/main.tsx | 13 + frontend/src/pages/NotFoundPage.tsx | 26 + .../src/pages/auth/ForgotPasswordPage.tsx | 106 + frontend/src/pages/auth/LoginPage.tsx | 116 + frontend/src/pages/auth/RegisterPage.tsx | 150 + .../src/pages/companies/CompaniesListPage.tsx | 226 + .../src/pages/companies/CompanyCreatePage.tsx | 91 + .../src/pages/companies/CompanyDetailPage.tsx | 314 + .../src/pages/companies/CompanyEditPage.tsx | 119 + .../src/pages/dashboard/DashboardPage.tsx | 171 + .../src/pages/partners/PartnerCreatePage.tsx | 91 + .../src/pages/partners/PartnerDetailPage.tsx | 344 + .../src/pages/partners/PartnerEditPage.tsx | 119 + .../src/pages/partners/PartnersListPage.tsx | 287 + frontend/src/pages/users/UserCreatePage.tsx | 90 + frontend/src/pages/users/UserDetailPage.tsx | 346 + frontend/src/pages/users/UserEditPage.tsx | 118 + frontend/src/pages/users/UsersListPage.tsx | 287 + frontend/src/pages/users/index.ts | 4 + frontend/src/services/api/auth.api.ts | 76 + frontend/src/services/api/axios-instance.ts | 70 + frontend/src/services/api/index.ts | 3 + frontend/src/services/api/users.api.ts | 95 + frontend/src/services/index.ts | 1 + .../shared/components/atoms/Avatar/Avatar.tsx | 144 + .../shared/components/atoms/Avatar/index.ts | 1 + .../shared/components/atoms/Badge/Badge.tsx | 42 + .../shared/components/atoms/Badge/index.ts | 1 + .../shared/components/atoms/Button/Button.tsx | 79 + .../shared/components/atoms/Button/index.ts | 1 + .../shared/components/atoms/Input/Input.tsx | 50 + .../shared/components/atoms/Input/index.ts | 1 + .../shared/components/atoms/Label/Label.tsx | 23 + .../shared/components/atoms/Label/index.ts | 1 + .../components/atoms/Spinner/Spinner.tsx | 29 + .../shared/components/atoms/Spinner/index.ts | 1 + .../components/atoms/Tooltip/Tooltip.tsx | 132 + .../shared/components/atoms/Tooltip/index.ts | 1 + frontend/src/shared/components/atoms/index.ts | 7 + frontend/src/shared/components/index.ts | 3 + .../components/molecules/Alert/Alert.tsx | 67 + .../components/molecules/Alert/index.ts | 1 + .../shared/components/molecules/Card/Card.tsx | 74 + .../shared/components/molecules/Card/index.ts | 1 + .../molecules/FormField/FormField.tsx | 59 + .../components/molecules/FormField/index.ts | 1 + .../src/shared/components/molecules/index.ts | 3 + .../organisms/Breadcrumbs/Breadcrumbs.tsx | 106 + .../components/organisms/Breadcrumbs/index.ts | 1 + .../organisms/DataTable/DataTable.tsx | 299 + .../components/organisms/DataTable/index.ts | 1 + .../organisms/DatePicker/DatePicker.tsx | 305 + .../organisms/DatePicker/DateRangePicker.tsx | 303 + .../components/organisms/DatePicker/index.ts | 2 + .../organisms/Dropdown/Dropdown.tsx | 172 + .../components/organisms/Dropdown/index.ts | 1 + .../organisms/Modal/ConfirmModal.tsx | 93 + .../components/organisms/Modal/Modal.tsx | 134 + .../components/organisms/Modal/index.ts | 2 + .../organisms/Pagination/Pagination.tsx | 146 + .../components/organisms/Pagination/index.ts | 1 + .../components/organisms/Select/Select.tsx | 283 + .../components/organisms/Select/index.ts | 1 + .../components/organisms/Sidebar/Sidebar.tsx | 286 + .../components/organisms/Sidebar/index.ts | 1 + .../shared/components/organisms/Tabs/Tabs.tsx | 138 + .../shared/components/organisms/Tabs/index.ts | 1 + .../components/organisms/Toast/Toast.tsx | 106 + .../components/organisms/Toast/index.ts | 1 + .../src/shared/components/organisms/index.ts | 10 + .../templates/EmptyState/EmptyState.tsx | 265 + .../components/templates/EmptyState/index.ts | 1 + .../src/shared/components/templates/index.ts | 1 + .../src/shared/constants/api-endpoints.ts | 94 + frontend/src/shared/constants/index.ts | 3 + frontend/src/shared/constants/roles.ts | 52 + frontend/src/shared/constants/status.ts | 74 + frontend/src/shared/hooks/index.ts | 3 + frontend/src/shared/hooks/useDebounce.ts | 17 + frontend/src/shared/hooks/useLocalStorage.ts | 40 + frontend/src/shared/hooks/useMediaQuery.ts | 31 + frontend/src/shared/index.ts | 6 + frontend/src/shared/stores/index.ts | 4 + frontend/src/shared/stores/useAuthStore.ts | 121 + frontend/src/shared/stores/useCompanyStore.ts | 67 + .../src/shared/stores/useNotificationStore.ts | 86 + frontend/src/shared/stores/useUIStore.ts | 89 + frontend/src/shared/types/api.types.ts | 31 + frontend/src/shared/types/entities.types.ts | 82 + frontend/src/shared/types/index.ts | 2 + frontend/src/shared/utils/cn.ts | 6 + frontend/src/shared/utils/formatters.ts | 46 + frontend/src/shared/utils/index.ts | 2 + frontend/src/vite-env.d.ts | 9 + frontend/tailwind.config.js | 82 + frontend/tsconfig.json | 40 + frontend/tsconfig.node.json | 23 + frontend/vite.config.d.ts | 2 + frontend/vite.config.ts | 31 + .../00-guidelines/CONTEXTO-PROYECTO.md | 307 + .../00-guidelines/HERENCIA-DIRECTIVAS.md | 144 + orchestration/00-guidelines/HERENCIA-SIMCO.md | 342 + orchestration/00-guidelines/PROJECT-STATUS.md | 33 + .../01-analisis/ANALISIS-GAPS-CONSOLIDADO.md | 832 ++ .../ANALISIS-PROPAGACION-ALINEAMIENTO.md | 380 + orchestration/PROXIMA-ACCION.md | 170 + orchestration/README.md | 132 + .../PLAN-CORRECCIONES-ERP-CORE.md | 1311 +++ .../DIRECTIVA-DOCUMENTACION-PRE-DESARROLLO.md | 457 + .../DIRECTIVA-EXTENSION-VERTICALES.md | 290 + .../directivas/DIRECTIVA-HERENCIA-MODULOS.md | 492 + .../directivas/DIRECTIVA-MULTI-TENANT.md | 228 + .../directivas/DIRECTIVA-PATRONES-ODOO.md | 600 ++ .../ESTANDARES-API-REST-GENERICO.md | 686 ++ orchestration/estados/ESTADO-AGENTES.json | 32 + .../inventarios/BACKEND_INVENTORY.yml | 575 ++ .../inventarios/DATABASE_INVENTORY.yml | 724 ++ .../inventarios/DEPENDENCY_GRAPH.yml | 352 + .../inventarios/FRONTEND_INVENTORY.yml | 530 + .../inventarios/MASTER_INVENTORY.yml | 847 ++ orchestration/inventarios/README.md | 121 + .../inventarios/TRACEABILITY_MATRIX.yml | 345 + .../prompts/PROMPT-ERP-BACKEND-AGENT.md | 189 + .../prompts/PROMPT-ERP-DATABASE-AGENT.md | 517 + .../prompts/PROMPT-ERP-FRONTEND-AGENT.md | 509 + .../templates/TEMPLATE-DDL-SPECIFICATION.md | 297 + .../TEMPLATE-ESPECIFICACION-BACKEND.md | 856 ++ .../TEMPLATE-REQUERIMIENTO-FUNCIONAL.md | 193 + .../templates/TEMPLATE-USER-STORY.md | 279 + orchestration/trazas/TRAZA-TAREAS-BACKEND.md | 50 + orchestration/trazas/TRAZA-TAREAS-DATABASE.md | 197 + orchestration/trazas/TRAZA-TAREAS-FRONTEND.md | 34 + package-lock.json | 7429 ++++++++++++++ package.json | 51 + tsconfig.json | 27 + 1271 files changed, 535514 insertions(+) create mode 100644 .env.example create mode 100644 .gitignore create mode 100644 INVENTARIO.yml create mode 100644 PROJECT-STATUS.md create mode 100644 README.md create mode 100644 backend/.env.example create mode 100644 backend/.gitignore create mode 100644 backend/Dockerfile create mode 100644 backend/TYPEORM_DEPENDENCIES.md create mode 100644 backend/TYPEORM_INTEGRATION_SUMMARY.md create mode 100644 backend/TYPEORM_USAGE_EXAMPLES.md create mode 100644 backend/package-lock.json create mode 100644 backend/package.json create mode 100644 backend/service.descriptor.yml create mode 100644 backend/src/app.ts create mode 100644 backend/src/config/database.ts create mode 100644 backend/src/config/index.ts create mode 100644 backend/src/config/redis.ts create mode 100644 backend/src/config/swagger.config.ts create mode 100644 backend/src/config/typeorm.ts create mode 100644 backend/src/docs/openapi.yaml create mode 100644 backend/src/index.ts create mode 100644 backend/src/modules/auth/apiKeys.controller.ts create mode 100644 backend/src/modules/auth/apiKeys.routes.ts create mode 100644 backend/src/modules/auth/apiKeys.service.ts create mode 100644 backend/src/modules/auth/auth.controller.ts create mode 100644 backend/src/modules/auth/auth.routes.ts create mode 100644 backend/src/modules/auth/auth.service.ts create mode 100644 backend/src/modules/auth/entities/api-key.entity.ts create mode 100644 backend/src/modules/auth/entities/company.entity.ts create mode 100644 backend/src/modules/auth/entities/group.entity.ts create mode 100644 backend/src/modules/auth/entities/index.ts create mode 100644 backend/src/modules/auth/entities/mfa-audit-log.entity.ts create mode 100644 backend/src/modules/auth/entities/oauth-provider.entity.ts create mode 100644 backend/src/modules/auth/entities/oauth-state.entity.ts create mode 100644 backend/src/modules/auth/entities/oauth-user-link.entity.ts create mode 100644 backend/src/modules/auth/entities/password-reset.entity.ts create mode 100644 backend/src/modules/auth/entities/permission.entity.ts create mode 100644 backend/src/modules/auth/entities/role.entity.ts create mode 100644 backend/src/modules/auth/entities/session.entity.ts create mode 100644 backend/src/modules/auth/entities/tenant.entity.ts create mode 100644 backend/src/modules/auth/entities/trusted-device.entity.ts create mode 100644 backend/src/modules/auth/entities/user.entity.ts create mode 100644 backend/src/modules/auth/entities/verification-code.entity.ts create mode 100644 backend/src/modules/auth/index.ts create mode 100644 backend/src/modules/auth/services/token.service.ts create mode 100644 backend/src/modules/companies/companies.controller.ts create mode 100644 backend/src/modules/companies/companies.routes.ts create mode 100644 backend/src/modules/companies/companies.service.ts create mode 100644 backend/src/modules/companies/index.ts create mode 100644 backend/src/modules/core/core.controller.ts create mode 100644 backend/src/modules/core/core.routes.ts create mode 100644 backend/src/modules/core/countries.service.ts create mode 100644 backend/src/modules/core/currencies.service.ts create mode 100644 backend/src/modules/core/entities/country.entity.ts create mode 100644 backend/src/modules/core/entities/currency.entity.ts create mode 100644 backend/src/modules/core/entities/index.ts create mode 100644 backend/src/modules/core/entities/product-category.entity.ts create mode 100644 backend/src/modules/core/entities/sequence.entity.ts create mode 100644 backend/src/modules/core/entities/uom-category.entity.ts create mode 100644 backend/src/modules/core/entities/uom.entity.ts create mode 100644 backend/src/modules/core/index.ts create mode 100644 backend/src/modules/core/product-categories.service.ts create mode 100644 backend/src/modules/core/sequences.service.ts create mode 100644 backend/src/modules/core/uom.service.ts create mode 100644 backend/src/modules/crm/crm.controller.ts create mode 100644 backend/src/modules/crm/crm.routes.ts create mode 100644 backend/src/modules/crm/index.ts create mode 100644 backend/src/modules/crm/leads.service.ts create mode 100644 backend/src/modules/crm/opportunities.service.ts create mode 100644 backend/src/modules/crm/stages.service.ts create mode 100644 backend/src/modules/financial/MIGRATION_GUIDE.md create mode 100644 backend/src/modules/financial/accounts.service.old.ts create mode 100644 backend/src/modules/financial/accounts.service.ts create mode 100644 backend/src/modules/financial/entities/account-type.entity.ts create mode 100644 backend/src/modules/financial/entities/account.entity.ts create mode 100644 backend/src/modules/financial/entities/fiscal-period.entity.ts create mode 100644 backend/src/modules/financial/entities/fiscal-year.entity.ts create mode 100644 backend/src/modules/financial/entities/index.ts create mode 100644 backend/src/modules/financial/entities/invoice-line.entity.ts create mode 100644 backend/src/modules/financial/entities/invoice.entity.ts create mode 100644 backend/src/modules/financial/entities/journal-entry-line.entity.ts create mode 100644 backend/src/modules/financial/entities/journal-entry.entity.ts create mode 100644 backend/src/modules/financial/entities/journal.entity.ts create mode 100644 backend/src/modules/financial/entities/payment.entity.ts create mode 100644 backend/src/modules/financial/entities/tax.entity.ts create mode 100644 backend/src/modules/financial/financial.controller.ts create mode 100644 backend/src/modules/financial/financial.routes.ts create mode 100644 backend/src/modules/financial/fiscalPeriods.service.ts create mode 100644 backend/src/modules/financial/index.ts create mode 100644 backend/src/modules/financial/invoices.service.ts create mode 100644 backend/src/modules/financial/journal-entries.service.ts create mode 100644 backend/src/modules/financial/journals.service.old.ts create mode 100644 backend/src/modules/financial/journals.service.ts create mode 100644 backend/src/modules/financial/payments.service.ts create mode 100644 backend/src/modules/financial/taxes.service.old.ts create mode 100644 backend/src/modules/financial/taxes.service.ts create mode 100644 backend/src/modules/hr/contracts.service.ts create mode 100644 backend/src/modules/hr/departments.service.ts create mode 100644 backend/src/modules/hr/employees.service.ts create mode 100644 backend/src/modules/hr/hr.controller.ts create mode 100644 backend/src/modules/hr/hr.routes.ts create mode 100644 backend/src/modules/hr/index.ts create mode 100644 backend/src/modules/hr/leaves.service.ts create mode 100644 backend/src/modules/inventory/MIGRATION_STATUS.md create mode 100644 backend/src/modules/inventory/adjustments.service.ts create mode 100644 backend/src/modules/inventory/entities/index.ts create mode 100644 backend/src/modules/inventory/entities/inventory-adjustment-line.entity.ts create mode 100644 backend/src/modules/inventory/entities/inventory-adjustment.entity.ts create mode 100644 backend/src/modules/inventory/entities/location.entity.ts create mode 100644 backend/src/modules/inventory/entities/lot.entity.ts create mode 100644 backend/src/modules/inventory/entities/picking.entity.ts create mode 100644 backend/src/modules/inventory/entities/product.entity.ts create mode 100644 backend/src/modules/inventory/entities/stock-move.entity.ts create mode 100644 backend/src/modules/inventory/entities/stock-quant.entity.ts create mode 100644 backend/src/modules/inventory/entities/stock-valuation-layer.entity.ts create mode 100644 backend/src/modules/inventory/entities/warehouse.entity.ts create mode 100644 backend/src/modules/inventory/index.ts create mode 100644 backend/src/modules/inventory/inventory.controller.ts create mode 100644 backend/src/modules/inventory/inventory.routes.ts create mode 100644 backend/src/modules/inventory/locations.service.ts create mode 100644 backend/src/modules/inventory/lots.service.ts create mode 100644 backend/src/modules/inventory/pickings.service.ts create mode 100644 backend/src/modules/inventory/products.service.ts create mode 100644 backend/src/modules/inventory/valuation.controller.ts create mode 100644 backend/src/modules/inventory/valuation.service.ts create mode 100644 backend/src/modules/inventory/warehouses.service.ts create mode 100644 backend/src/modules/partners/entities/index.ts create mode 100644 backend/src/modules/partners/entities/partner.entity.ts create mode 100644 backend/src/modules/partners/index.ts create mode 100644 backend/src/modules/partners/partners.controller.ts create mode 100644 backend/src/modules/partners/partners.routes.ts create mode 100644 backend/src/modules/partners/partners.service.ts create mode 100644 backend/src/modules/partners/ranking.controller.ts create mode 100644 backend/src/modules/partners/ranking.service.ts create mode 100644 backend/src/modules/projects/index.ts create mode 100644 backend/src/modules/projects/projects.controller.ts create mode 100644 backend/src/modules/projects/projects.routes.ts create mode 100644 backend/src/modules/projects/projects.service.ts create mode 100644 backend/src/modules/projects/tasks.service.ts create mode 100644 backend/src/modules/projects/timesheets.service.ts create mode 100644 backend/src/modules/purchases/index.ts create mode 100644 backend/src/modules/purchases/purchases.controller.ts create mode 100644 backend/src/modules/purchases/purchases.routes.ts create mode 100644 backend/src/modules/purchases/purchases.service.ts create mode 100644 backend/src/modules/purchases/rfqs.service.ts create mode 100644 backend/src/modules/reports/index.ts create mode 100644 backend/src/modules/reports/reports.controller.ts create mode 100644 backend/src/modules/reports/reports.routes.ts create mode 100644 backend/src/modules/reports/reports.service.ts create mode 100644 backend/src/modules/roles/index.ts create mode 100644 backend/src/modules/roles/permissions.controller.ts create mode 100644 backend/src/modules/roles/permissions.routes.ts create mode 100644 backend/src/modules/roles/permissions.service.ts create mode 100644 backend/src/modules/roles/roles.controller.ts create mode 100644 backend/src/modules/roles/roles.routes.ts create mode 100644 backend/src/modules/roles/roles.service.ts create mode 100644 backend/src/modules/sales/customer-groups.service.ts create mode 100644 backend/src/modules/sales/index.ts create mode 100644 backend/src/modules/sales/orders.service.ts create mode 100644 backend/src/modules/sales/pricelists.service.ts create mode 100644 backend/src/modules/sales/quotations.service.ts create mode 100644 backend/src/modules/sales/sales-teams.service.ts create mode 100644 backend/src/modules/sales/sales.controller.ts create mode 100644 backend/src/modules/sales/sales.routes.ts create mode 100644 backend/src/modules/system/activities.service.ts create mode 100644 backend/src/modules/system/index.ts create mode 100644 backend/src/modules/system/messages.service.ts create mode 100644 backend/src/modules/system/notifications.service.ts create mode 100644 backend/src/modules/system/system.controller.ts create mode 100644 backend/src/modules/system/system.routes.ts create mode 100644 backend/src/modules/tenants/index.ts create mode 100644 backend/src/modules/tenants/tenants.controller.ts create mode 100644 backend/src/modules/tenants/tenants.routes.ts create mode 100644 backend/src/modules/tenants/tenants.service.ts create mode 100644 backend/src/modules/users/index.ts create mode 100644 backend/src/modules/users/users.controller.ts create mode 100644 backend/src/modules/users/users.routes.ts create mode 100644 backend/src/modules/users/users.service.ts create mode 100644 backend/src/shared/errors/index.ts create mode 100644 backend/src/shared/middleware/apiKeyAuth.middleware.ts create mode 100644 backend/src/shared/middleware/auth.middleware.ts create mode 100644 backend/src/shared/middleware/fieldPermissions.middleware.ts create mode 100644 backend/src/shared/services/base.service.ts create mode 100644 backend/src/shared/services/index.ts create mode 100644 backend/src/shared/types/index.ts create mode 100644 backend/src/shared/utils/logger.ts create mode 100644 backend/tsconfig.json create mode 100644 database/README.md create mode 100644 database/ddl/00-prerequisites.sql create mode 100644 database/ddl/01-auth-extensions.sql create mode 100644 database/ddl/01-auth.sql create mode 100644 database/ddl/02-core.sql create mode 100644 database/ddl/03-analytics.sql create mode 100644 database/ddl/04-financial.sql create mode 100644 database/ddl/05-inventory-extensions.sql create mode 100644 database/ddl/05-inventory.sql create mode 100644 database/ddl/06-purchase.sql create mode 100644 database/ddl/07-sales.sql create mode 100644 database/ddl/08-projects.sql create mode 100644 database/ddl/09-system.sql create mode 100644 database/ddl/10-billing.sql create mode 100644 database/ddl/11-crm.sql create mode 100644 database/ddl/12-hr.sql create mode 100644 database/ddl/schemas/core_shared/00-schema.sql create mode 100644 database/docker-compose.yml create mode 100644 database/migrations/20251212_001_fiscal_period_validation.sql create mode 100644 database/migrations/20251212_002_partner_rankings.sql create mode 100644 database/migrations/20251212_003_financial_reports.sql create mode 100755 database/scripts/create-database.sh create mode 100755 database/scripts/drop-database.sh create mode 100755 database/scripts/load-seeds.sh create mode 100755 database/scripts/reset-database.sh create mode 100644 database/seeds/dev/00-catalogs.sql create mode 100644 database/seeds/dev/01-tenants.sql create mode 100644 database/seeds/dev/02-companies.sql create mode 100644 database/seeds/dev/03-roles.sql create mode 100644 database/seeds/dev/04-users.sql create mode 100644 database/seeds/dev/05-sample-data.sql create mode 100644 docs/00-vision-general/VISION-ERP-CORE.md create mode 100644 docs/01-analisis-referencias/MAPA-COMPONENTES-GENERICOS.md create mode 100644 docs/01-analisis-referencias/RESUMEN-FASE-0.md create mode 100644 docs/01-analisis-referencias/construccion/COMPONENTES-ESPECIFICOS.md create mode 100644 docs/01-analisis-referencias/construccion/COMPONENTES-GENERICOS.md create mode 100644 docs/01-analisis-referencias/construccion/GAP-ANALYSIS.md create mode 100644 docs/01-analisis-referencias/construccion/MEJORAS-ARQUITECTONICAS.md create mode 100644 docs/01-analisis-referencias/construccion/RETROALIMENTACION.md create mode 100644 docs/01-analisis-referencias/gamilit/ADOPTAR-ADAPTAR-EVITAR.md create mode 100644 docs/01-analisis-referencias/gamilit/README.md create mode 100644 docs/01-analisis-referencias/gamilit/backend-patterns.md create mode 100644 docs/01-analisis-referencias/gamilit/database-architecture.md create mode 100644 docs/01-analisis-referencias/gamilit/devops-automation.md create mode 100644 docs/01-analisis-referencias/gamilit/frontend-patterns.md create mode 100644 docs/01-analisis-referencias/gamilit/ssot-system.md create mode 100644 docs/01-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md create mode 100644 docs/01-analisis-referencias/odoo/README.md create mode 100644 docs/01-analisis-referencias/odoo/VALIDACION-MGN-VS-ODOO.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-account-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-analytic-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-auth-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-base-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-crm-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-hr-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-mail-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-portal-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-project-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-purchase-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-sale-analysis.md create mode 100644 docs/01-analisis-referencias/odoo/odoo-stock-analysis.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/README.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/_MAP.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-AUTH-database.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-auth-backend.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/especificaciones/auth-domain.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/historias-usuario/BACKLOG-MGN001.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-001.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-002.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-003.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-004.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/implementacion/TRACEABILITY.yml create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/INDICE-RF-AUTH.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-001.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-002.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-003.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-004.md create mode 100644 docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-005.md create mode 100644 docs/01-fase-foundation/MGN-002-users/README.md create mode 100644 docs/01-fase-foundation/MGN-002-users/_MAP.md create mode 100644 docs/01-fase-foundation/MGN-002-users/especificaciones/ET-USER-database.md create mode 100644 docs/01-fase-foundation/MGN-002-users/especificaciones/ET-users-backend.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/BACKLOG-MGN002.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-001.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-002.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-003.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-004.md create mode 100644 docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-005.md create mode 100644 docs/01-fase-foundation/MGN-002-users/implementacion/TRACEABILITY.yml create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/INDICE-RF-USER.md create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-001.md create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-002.md create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-003.md create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-004.md create mode 100644 docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-005.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/README.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/_MAP.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-RBAC-database.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-rbac-backend.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/historias-usuario/BACKLOG-MGN003.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-001.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-002.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-003.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-004.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/implementacion/TRACEABILITY.yml create mode 100644 docs/01-fase-foundation/MGN-003-roles/requerimientos/INDICE-RF-ROLE.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-001.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-002.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-003.md create mode 100644 docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-004.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/README.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/_MAP.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-TENANT-database.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-tenants-backend.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/historias-usuario/BACKLOG-MGN004.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-001.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-002.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-003.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-004.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/implementacion/TRACEABILITY.yml create mode 100644 docs/01-fase-foundation/MGN-004-tenants/requerimientos/INDICE-RF-TENANT.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-001.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-002.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-003.md create mode 100644 docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-004.md create mode 100644 docs/01-fase-foundation/README.md create mode 100644 docs/02-definicion-modulos/ALCANCE-POR-MODULO.md create mode 100644 docs/02-definicion-modulos/DEPENDENCIAS-MODULOS.md create mode 100644 docs/02-definicion-modulos/INDICE-MODULOS.md create mode 100644 docs/02-definicion-modulos/LISTA-MODULOS-ERP-GENERICO.md create mode 100644 docs/02-definicion-modulos/RETROALIMENTACION-ERP-CONSTRUCCION.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-001.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-002.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-003.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-004.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-005.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-006.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-007.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-008.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-009.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-010.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-011.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-012.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-013.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-014.md create mode 100644 docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-015.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/README.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-backend.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-database.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-frontend.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/especificaciones/INDICE-ET-CATALOGS.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/INDICE-US-CATALOGS.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/US-MGN005-001.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/US-MGN005-002.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/US-MGN005-003.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/US-MGN005-004.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/historias-usuario/US-MGN005-005.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/INDICE-RF-CATALOG.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/RF-CATALOG-001.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/RF-CATALOG-002.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/RF-CATALOG-003.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/RF-CATALOG-004.md create mode 100644 docs/02-fase-core-business/MGN-005-catalogs/requerimientos/RF-CATALOG-005.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/README.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/especificaciones/ET-SETTINGS-backend.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/especificaciones/ET-SETTINGS-database.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/especificaciones/ET-SETTINGS-frontend.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/especificaciones/INDICE-ET-SETTINGS.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/historias-usuario/INDICE-US-SETTINGS.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/historias-usuario/US-MGN006-001.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/historias-usuario/US-MGN006-002.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/historias-usuario/US-MGN006-003.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/historias-usuario/US-MGN006-004.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-006-settings/requerimientos/INDICE-RF-SETTINGS.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/requerimientos/RF-SETTINGS-001.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/requerimientos/RF-SETTINGS-002.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/requerimientos/RF-SETTINGS-003.md create mode 100644 docs/02-fase-core-business/MGN-006-settings/requerimientos/RF-SETTINGS-004.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/README.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/especificaciones/ET-AUDIT-backend.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/especificaciones/ET-AUDIT-database.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/especificaciones/ET-AUDIT-frontend.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/especificaciones/INDICE-ET-AUDIT.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/historias-usuario/INDICE-US-AUDIT.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/historias-usuario/US-MGN007-001.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/historias-usuario/US-MGN007-002.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/historias-usuario/US-MGN007-003.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/historias-usuario/US-MGN007-004.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-007-audit/requerimientos/INDICE-RF-AUDIT.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/requerimientos/RF-AUDIT-001.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/requerimientos/RF-AUDIT-002.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/requerimientos/RF-AUDIT-003.md create mode 100644 docs/02-fase-core-business/MGN-007-audit/requerimientos/RF-AUDIT-004.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/README.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/especificaciones/ET-NOTIF-backend.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/especificaciones/ET-NOTIF-database.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/especificaciones/ET-NOTIF-frontend.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/especificaciones/INDICE-ET-NOTIF.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/historias-usuario/INDICE-US-NOTIF.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/historias-usuario/US-MGN008-001.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/historias-usuario/US-MGN008-002.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/historias-usuario/US-MGN008-003.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/historias-usuario/US-MGN008-004.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-008-notifications/requerimientos/INDICE-RF-NOTIF.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/requerimientos/RF-NOTIF-001.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/requerimientos/RF-NOTIF-002.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/requerimientos/RF-NOTIF-003.md create mode 100644 docs/02-fase-core-business/MGN-008-notifications/requerimientos/RF-NOTIF-004.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/README.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/especificaciones/ET-REPORT-backend.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/especificaciones/ET-REPORT-database.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/especificaciones/ET-REPORT-frontend.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/especificaciones/INDICE-ET-REPORT.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/historias-usuario/INDICE-US-REPORT.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/historias-usuario/US-MGN009-001.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/historias-usuario/US-MGN009-002.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/historias-usuario/US-MGN009-003.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/historias-usuario/US-MGN009-004.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-009-reports/requerimientos/INDICE-RF-REPORT.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/requerimientos/RF-REPORT-001.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/requerimientos/RF-REPORT-002.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/requerimientos/RF-REPORT-003.md create mode 100644 docs/02-fase-core-business/MGN-009-reports/requerimientos/RF-REPORT-004.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/README.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/_MAP.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/especificaciones/ET-FIN-backend.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/especificaciones/ET-FIN-database.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/especificaciones/ET-FIN-frontend.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/especificaciones/INDICE-ET-FINANCIAL.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/historias-usuario/INDICE-US-FINANCIAL.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/historias-usuario/US-MGN010-001.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/historias-usuario/US-MGN010-002.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/historias-usuario/US-MGN010-003.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/historias-usuario/US-MGN010-004.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/implementacion/TRACEABILITY.yml create mode 100644 docs/02-fase-core-business/MGN-010-financial/requerimientos/INDICE-RF-FINANCIAL.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/requerimientos/RF-FIN-001.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/requerimientos/RF-FIN-002.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/requerimientos/RF-FIN-003.md create mode 100644 docs/02-fase-core-business/MGN-010-financial/requerimientos/RF-FIN-004.md create mode 100644 docs/02-fase-core-business/README.md create mode 100644 docs/03-requerimientos/RF-auth/INDICE-RF-AUTH.md create mode 100644 docs/03-requerimientos/RF-auth/RF-AUTH-001.md create mode 100644 docs/03-requerimientos/RF-auth/RF-AUTH-002.md create mode 100644 docs/03-requerimientos/RF-auth/RF-AUTH-003.md create mode 100644 docs/03-requerimientos/RF-auth/RF-AUTH-004.md create mode 100644 docs/03-requerimientos/RF-auth/RF-AUTH-005.md create mode 100644 docs/03-requerimientos/RF-catalogs/INDICE-RF-CATALOG.md create mode 100644 docs/03-requerimientos/RF-catalogs/RF-CATALOG-001.md create mode 100644 docs/03-requerimientos/RF-catalogs/RF-CATALOG-002.md create mode 100644 docs/03-requerimientos/RF-catalogs/RF-CATALOG-003.md create mode 100644 docs/03-requerimientos/RF-catalogs/RF-CATALOG-004.md create mode 100644 docs/03-requerimientos/RF-catalogs/RF-CATALOG-005.md create mode 100644 docs/03-requerimientos/RF-rbac/INDICE-RF-ROLE.md create mode 100644 docs/03-requerimientos/RF-rbac/RF-ROLE-001.md create mode 100644 docs/03-requerimientos/RF-rbac/RF-ROLE-002.md create mode 100644 docs/03-requerimientos/RF-rbac/RF-ROLE-003.md create mode 100644 docs/03-requerimientos/RF-rbac/RF-ROLE-004.md create mode 100644 docs/03-requerimientos/RF-tenants/INDICE-RF-TENANT.md create mode 100644 docs/03-requerimientos/RF-tenants/RF-TENANT-001.md create mode 100644 docs/03-requerimientos/RF-tenants/RF-TENANT-002.md create mode 100644 docs/03-requerimientos/RF-tenants/RF-TENANT-003.md create mode 100644 docs/03-requerimientos/RF-tenants/RF-TENANT-004.md create mode 100644 docs/03-requerimientos/RF-users/INDICE-RF-USER.md create mode 100644 docs/03-requerimientos/RF-users/RF-USER-001.md create mode 100644 docs/03-requerimientos/RF-users/RF-USER-002.md create mode 100644 docs/03-requerimientos/RF-users/RF-USER-003.md create mode 100644 docs/03-requerimientos/RF-users/RF-USER-004.md create mode 100644 docs/03-requerimientos/RF-users/RF-USER-005.md create mode 100644 docs/04-modelado/FASE-2-INICIO-COMPLETADO.md create mode 100644 docs/04-modelado/MAPEO-SPECS-VERTICALES.md create mode 100644 docs/04-modelado/VALIDACION-DEPENDENCIAS-MGN-015-018.md create mode 100644 docs/04-modelado/database-design/AUTOMATIC-TRACKING-SYSTEM.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-ai_agents.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-billing.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-core_auth.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-core_catalogs.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-core_rbac.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-core_tenants.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-core_users.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-integrations.md create mode 100644 docs/04-modelado/database-design/DDL-SPEC-messaging.md create mode 100644 docs/04-modelado/database-design/README.md create mode 100644 docs/04-modelado/database-design/database-roadmap.md create mode 100644 docs/04-modelado/database-design/schemas/SCHEMAS-STATISTICS.md create mode 100644 docs/04-modelado/database-design/schemas/analytics-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/auth-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/core-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/financial-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/inventory-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/projects-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/purchase-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/sales-schema-ddl.sql create mode 100644 docs/04-modelado/database-design/schemas/system-schema-ddl.sql create mode 100644 docs/04-modelado/domain-models/analytics-domain.md create mode 100644 docs/04-modelado/domain-models/auth-domain.md create mode 100644 docs/04-modelado/domain-models/billing-domain.md create mode 100644 docs/04-modelado/domain-models/crm-domain.md create mode 100644 docs/04-modelado/domain-models/financial-domain.md create mode 100644 docs/04-modelado/domain-models/hr-domain.md create mode 100644 docs/04-modelado/domain-models/inventory-domain.md create mode 100644 docs/04-modelado/domain-models/messaging-domain.md create mode 100644 docs/04-modelado/domain-models/projects-domain.md create mode 100644 docs/04-modelado/domain-models/sales-domain.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/ET-auth-backend.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/ET-rbac-backend.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/ET-tenants-backend.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/ET-users-backend.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/README.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-001-autenticación-de-usuarios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-002-gestión-de-roles-y-permisos-rbac.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-003-gestión-de-usuarios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-004-multi-tenancy-con-schema-level-isolation.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-005-reset-de-contraseña.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-006-registro-de-usuarios-signup.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-007-gestión-de-sesiones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-001/ET-BACKEND-MGN-001-008-record-rules-row-level-security.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-002/ET-BACKEND-MGN-002-001-gestión-de-empresas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-002/ET-BACKEND-MGN-002-002-configuración-de-empresa.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-002/ET-BACKEND-MGN-002-003-asignación-de-usuarios-a-empresas-multi-empresa.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-002/ET-BACKEND-MGN-002-004-jerarquías-de-empresas-holdings.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-002/ET-BACKEND-MGN-002-005-plantillas-de-configuración-por-país.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-001-gestión-de-partners-universales.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-002-gestión-de-países-y-regiones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-003-gestión-de-monedas-y-tasas-de-cambio.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-004-gestión-de-unidades-de-medida-uom.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-005-gestión-de-categorías-de-productos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-003/ET-BACKEND-MGN-003-006-condiciones-de-pago-payment-terms.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-001-gestión-de-plan-de-cuentas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-002-gestión-de-journals-contables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-003-registro-de-asientos-contables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-004-gestión-de-impuestos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-005-gestión-de-facturas-de-cliente.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-006-gestión-de-facturas-de-proveedor.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-007-gestión-de-pagos-y-conciliación.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-004/ET-BACKEND-MGN-004-008-reportes-financieros-balance-y-p&l.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-001-gestión-de-productos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-002-gestión-de-almacenes-y-ubicaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-003-movimientos-de-stock.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-004-pickings-albaranes-de-entrada-salida.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-005-trazabilidad-lotes-y-números-de-serie.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-006-valoración-de-inventario-fifo,-promedio.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-005/ET-BACKEND-MGN-005-007-inventario-físico-y-ajustes.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-001-solicitudes-de-cotización-rfq.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-002-gestión-de-órdenes-de-compra.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-003-workflow-de-aprobación-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-004-recepciones-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-005-facturación-de-proveedores-desde-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-006/ET-BACKEND-MGN-006-006-reportes-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-001-gestión-de-cotizaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-002-conversión-a-órdenes-de-venta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-003-gestión-de-órdenes-de-venta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-004-entregas-de-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-005-facturación-de-clientes-desde-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-007/ET-BACKEND-MGN-007-006-reportes-de-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-008/ET-BACKEND-MGN-008-001-gestión-de-cuentas-analíticas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-008/ET-BACKEND-MGN-008-002-registro-de-líneas-analíticas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-008/ET-BACKEND-MGN-008-003-distribución-analítica-multi-cuenta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-008/ET-BACKEND-MGN-008-004-tags-analíticos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-008/ET-BACKEND-MGN-008-005-reportes-analíticos-p&l-por-proyecto.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-009/ET-BACKEND-MGN-009-001-gestión-de-leads-y-oportunidades.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-009/ET-BACKEND-MGN-009-002-pipeline-de-ventas-kanban.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-009/ET-BACKEND-MGN-009-003-actividades-y-seguimiento.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-009/ET-BACKEND-MGN-009-004-lead-scoring-y-calificación.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-009/ET-BACKEND-MGN-009-005-conversión-a-cotización.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-010/ET-BACKEND-MGN-010-001-gestión-de-empleados.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-010/ET-BACKEND-MGN-010-002-departamentos-y-puestos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-010/ET-BACKEND-MGN-010-003-contratos-laborales.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-010/ET-BACKEND-MGN-010-004-asistencias-check-in-check-out.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-010/ET-BACKEND-MGN-010-005-ausencias-y-permisos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-011/ET-BACKEND-MGN-011-001-gestión-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-011/ET-BACKEND-MGN-011-002-gestión-de-tareas-kanban.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-011/ET-BACKEND-MGN-011-003-milestones-hitos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-011/ET-BACKEND-MGN-011-004-timesheet-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-011/ET-BACKEND-MGN-011-005-vista-gantt-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-012/ET-BACKEND-MGN-012-001-dashboards-configurables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-012/ET-BACKEND-MGN-012-002-query-builder-y-reportes-personalizados.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-012/ET-BACKEND-MGN-012-003-exportación-de-datos-pdf,-excel,-csv.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-012/ET-BACKEND-MGN-012-004-gráficos-y-visualizaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-013/ET-BACKEND-MGN-013-001-acceso-portal-para-clientes.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-013/ET-BACKEND-MGN-013-002-vista-de-documentos-en-portal.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-013/ET-BACKEND-MGN-013-003-aprobación-y-firma-electrónica.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-013/ET-BACKEND-MGN-013-004-mensajería-en-portal.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-001-sistema-de-mensajes-chatter.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-002-notificaciones-in-app-y-email.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-003-tracking-automático-de-cambios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-004-actividades-programadas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-005-followers-seguidores.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-014/ET-BACKEND-MGN-014-006-templates-de-email.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/ET-MGN-015-001-api-planes-suscripcion.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/ET-MGN-015-002-api-suscripciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/ET-MGN-015-003-api-metodos-pago.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/ET-MGN-015-004-api-facturacion.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/ET-MGN-015-005-api-uso-metricas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/backend/mgn-015/README.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-001-autenticación-de-usuarios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-002-gestión-de-roles-y-permisos-rbac.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-003-gestión-de-usuarios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-004-multi-tenancy-con-schema-level-isolation.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-005-reset-de-contraseña.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-006-registro-de-usuarios-signup.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-007-gestión-de-sesiones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-001/ET-FRONTEND-MGN-001-008-record-rules-row-level-security.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-002/ET-FRONTEND-MGN-002-001-gestión-de-empresas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-002/ET-FRONTEND-MGN-002-002-configuración-de-empresa.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-002/ET-FRONTEND-MGN-002-003-asignación-de-usuarios-a-empresas-multi-empresa.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-002/ET-FRONTEND-MGN-002-004-jerarquías-de-empresas-holdings.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-002/ET-FRONTEND-MGN-002-005-plantillas-de-configuración-por-país.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-001-gestión-de-partners-universales.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-002-gestión-de-países-y-regiones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-003-gestión-de-monedas-y-tasas-de-cambio.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-004-gestión-de-unidades-de-medida-uom.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-005-gestión-de-categorías-de-productos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-003/ET-FRONTEND-MGN-003-006-condiciones-de-pago-payment-terms.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-001-gestión-de-plan-de-cuentas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-002-gestión-de-journals-contables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-003-registro-de-asientos-contables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-004-gestión-de-impuestos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-005-gestión-de-facturas-de-cliente.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-006-gestión-de-facturas-de-proveedor.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-007-gestión-de-pagos-y-conciliación.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-004/ET-FRONTEND-MGN-004-008-reportes-financieros-balance-y-p&l.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-001-gestión-de-productos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-002-gestión-de-almacenes-y-ubicaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-003-movimientos-de-stock.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-004-pickings-albaranes-de-entrada-salida.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-005-trazabilidad-lotes-y-números-de-serie.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-006-valoración-de-inventario-fifo,-promedio.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-005/ET-FRONTEND-MGN-005-007-inventario-físico-y-ajustes.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-001-solicitudes-de-cotización-rfq.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-002-gestión-de-órdenes-de-compra.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-003-workflow-de-aprobación-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-004-recepciones-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-005-facturación-de-proveedores-desde-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-006/ET-FRONTEND-MGN-006-006-reportes-de-compras.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-001-gestión-de-cotizaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-002-conversión-a-órdenes-de-venta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-003-gestión-de-órdenes-de-venta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-004-entregas-de-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-005-facturación-de-clientes-desde-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-007/ET-FRONTEND-MGN-007-006-reportes-de-ventas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-008/ET-FRONTEND-MGN-008-001-gestión-de-cuentas-analíticas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-008/ET-FRONTEND-MGN-008-002-registro-de-líneas-analíticas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-008/ET-FRONTEND-MGN-008-003-distribución-analítica-multi-cuenta.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-008/ET-FRONTEND-MGN-008-004-tags-analíticos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-008/ET-FRONTEND-MGN-008-005-reportes-analíticos-p&l-por-proyecto.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-009/ET-FRONTEND-MGN-009-001-gestión-de-leads-y-oportunidades.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-009/ET-FRONTEND-MGN-009-002-pipeline-de-ventas-kanban.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-009/ET-FRONTEND-MGN-009-003-actividades-y-seguimiento.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-009/ET-FRONTEND-MGN-009-004-lead-scoring-y-calificación.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-009/ET-FRONTEND-MGN-009-005-conversión-a-cotización.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-010/ET-FRONTEND-MGN-010-001-gestión-de-empleados.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-010/ET-FRONTEND-MGN-010-002-departamentos-y-puestos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-010/ET-FRONTEND-MGN-010-003-contratos-laborales.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-010/ET-FRONTEND-MGN-010-004-asistencias-check-in-check-out.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-010/ET-FRONTEND-MGN-010-005-ausencias-y-permisos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-011/ET-FRONTEND-MGN-011-001-gestión-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-011/ET-FRONTEND-MGN-011-002-gestión-de-tareas-kanban.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-011/ET-FRONTEND-MGN-011-003-milestones-hitos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-011/ET-FRONTEND-MGN-011-004-timesheet-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-011/ET-FRONTEND-MGN-011-005-vista-gantt-de-proyectos.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-012/ET-FRONTEND-MGN-012-001-dashboards-configurables.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-012/ET-FRONTEND-MGN-012-002-query-builder-y-reportes-personalizados.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-012/ET-FRONTEND-MGN-012-003-exportación-de-datos-pdf,-excel,-csv.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-012/ET-FRONTEND-MGN-012-004-gráficos-y-visualizaciones.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-013/ET-FRONTEND-MGN-013-001-acceso-portal-para-clientes.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-013/ET-FRONTEND-MGN-013-002-vista-de-documentos-en-portal.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-013/ET-FRONTEND-MGN-013-003-aprobación-y-firma-electrónica.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-013/ET-FRONTEND-MGN-013-004-mensajería-en-portal.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-001-sistema-de-mensajes-chatter.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-002-notificaciones-in-app-y-email.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-003-tracking-automático-de-cambios.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-004-actividades-programadas.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-005-followers-seguidores.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/frontend/mgn-014/ET-FRONTEND-MGN-014-006-templates-de-email.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/generate_et.py create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-ALERTAS-PRESUPUESTO.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-BLANKET-ORDERS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-CONCILIACION-BANCARIA.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-CONSOLIDACION-FINANCIERA.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-CONTABILIDAD-ANALITICA-MULTIDIMENSIONAL.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-FIRMA-ELECTRONICA-NOM151.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-GASTOS-EMPLEADOS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-IMPUESTOS-AVANZADOS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-INTEGRACION-CALENDAR.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-INVENTARIOS-CICLICOS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-LOCALIZACION-PAISES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-MAIL-THREAD-TRACKING.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-NOMINA-BASICA.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-OAUTH2-SOCIAL-LOGIN.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-PLANTILLAS-CUENTAS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-PORTAL-PROVEEDORES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-PRESUPUESTOS-REVISIONES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-PRICING-RULES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-PROYECTOS-DEPENDENCIAS-BURNDOWN.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-REPORTES-FINANCIEROS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-RRHH-EVALUACIONES-SKILLS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-SCHEDULER-REPORTES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-SEGURIDAD-API-KEYS-PERMISOS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-SISTEMA-SECUENCIAS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-TAREAS-RECURRENTES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-TASAS-CAMBIO-AUTOMATICAS.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-TRAZABILIDAD-LOTES-SERIES.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-TWO-FACTOR-AUTHENTICATION.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-VALORACION-INVENTARIO.md create mode 100644 docs/04-modelado/especificaciones-tecnicas/transversal/SPEC-WIZARD-TRANSIENT-MODEL.md create mode 100644 docs/04-modelado/requerimientos-funcionales/README.md create mode 100644 docs/04-modelado/requerimientos-funcionales/generate_rfs.py create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-001-autenticacion-usuarios.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-002-gestion-roles.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-003-gestion-usuarios.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-004-multi-tenancy.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-005-reset-password.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-006-registro-usuarios.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-007-session-management.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-001/RF-MGN-001-008-record-rules-rls.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-002/RF-MGN-002-001-gestion-empresas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-002/RF-MGN-002-002-configuracion-empresa.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-002/RF-MGN-002-003-asignacion-usuarios-empresas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-002/RF-MGN-002-004-jerarquias-empresas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-002/RF-MGN-002-005-plantillas-configuracion.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-001-gestion-partners.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-002-gestión-de-países-y-regiones.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-003-gestión-de-monedas-y-tasas-de-cambio.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-004-gestión-de-unidades-de-medida-uom.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-005-gestión-de-categorías-de-productos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-003/RF-MGN-003-006-condiciones-de-pago-payment-terms.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-001-gestión-de-plan-de-cuentas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-002-gestión-de-journals-contables.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-003-registro-de-asientos-contables.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-004-gestión-de-impuestos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-005-gestión-de-facturas-de-cliente.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-006-gestión-de-facturas-de-proveedor.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-007-gestión-de-pagos-y-conciliación.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-004/RF-MGN-004-008-reportes-financieros-balance-y-p&l.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-001-gestión-de-productos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-002-gestión-de-almacenes-y-ubicaciones.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-003-movimientos-de-stock.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-004-pickings-albaranes-de-entrada-salida.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-005-trazabilidad-lotes-y-números-de-serie.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-006-valoración-de-inventario-fifo,-promedio.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-005/RF-MGN-005-007-inventario-físico-y-ajustes.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-001-solicitudes-de-cotización-rfq.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-002-gestión-de-órdenes-de-compra.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-003-workflow-de-aprobación-de-compras.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-004-recepciones-de-compras.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-005-facturación-de-proveedores-desde-compras.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-006/RF-MGN-006-006-reportes-de-compras.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-001-gestión-de-cotizaciones.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-002-conversión-a-órdenes-de-venta.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-003-gestión-de-órdenes-de-venta.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-004-entregas-de-ventas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-005-facturación-de-clientes-desde-ventas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-007/RF-MGN-007-006-reportes-de-ventas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-008/RF-MGN-008-001-gestión-de-cuentas-analíticas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-008/RF-MGN-008-002-registro-de-líneas-analíticas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-008/RF-MGN-008-003-distribución-analítica-multi-cuenta.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-008/RF-MGN-008-004-tags-analíticos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-008/RF-MGN-008-005-reportes-analíticos-p&l-por-proyecto.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-009/RF-MGN-009-001-gestión-de-leads-y-oportunidades.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-009/RF-MGN-009-002-pipeline-de-ventas-kanban.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-009/RF-MGN-009-003-actividades-y-seguimiento.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-009/RF-MGN-009-004-lead-scoring-y-calificación.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-009/RF-MGN-009-005-conversión-a-cotización.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-010/RF-MGN-010-001-gestión-de-empleados.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-010/RF-MGN-010-002-departamentos-y-puestos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-010/RF-MGN-010-003-contratos-laborales.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-010/RF-MGN-010-004-asistencias-check-in-check-out.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-010/RF-MGN-010-005-ausencias-y-permisos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-011/RF-MGN-011-001-gestión-de-proyectos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-011/RF-MGN-011-002-gestión-de-tareas-kanban.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-011/RF-MGN-011-003-milestones-hitos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-011/RF-MGN-011-004-timesheet-de-proyectos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-011/RF-MGN-011-005-vista-gantt-de-proyectos.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-012/RF-MGN-012-001-dashboards-configurables.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-012/RF-MGN-012-002-query-builder-y-reportes-personalizados.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-012/RF-MGN-012-003-exportación-de-datos-pdf,-excel,-csv.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-012/RF-MGN-012-004-gráficos-y-visualizaciones.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-013/RF-MGN-013-001-acceso-portal-para-clientes.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-013/RF-MGN-013-002-vista-de-documentos-en-portal.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-013/RF-MGN-013-003-aprobación-y-firma-electrónica.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-013/RF-MGN-013-004-mensajería-en-portal.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-001-sistema-de-mensajes-chatter.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-002-notificaciones-in-app-y-email.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-003-tracking-automático-de-cambios.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-004-actividades-programadas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-005-followers-seguidores.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-014/RF-MGN-014-006-templates-de-email.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/README.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-001-gestion-planes-suscripcion.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-002-gestion-suscripciones-tenant.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-003-metodos-pago.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-004-facturacion-cobros.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-005-registro-uso-metricas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-006-modo-single-tenant.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-015/RF-MGN-015-007-pricing-por-usuario.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-016/README.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-016/RF-MGN-016-001-integracion-mercadopago.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-016/RF-MGN-016-002-integracion-clip.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-017/README.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-017/RF-MGN-017-001-conexion-whatsapp-business.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-017/RF-MGN-017-005-chatbot-automatizado.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/README.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-001-configuracion-agentes.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-002-bases-conocimiento.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-003-procesamiento-mensajes.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-004-acciones-herramientas.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-005-entrenamiento-feedback.md create mode 100644 docs/04-modelado/requerimientos-funcionales/mgn-018/RF-MGN-018-006-analytics-metricas.md create mode 100644 docs/04-modelado/trazabilidad/GRAFO-DEPENDENCIAS-SCHEMAS.md create mode 100644 docs/04-modelado/trazabilidad/INVENTARIO-OBJETOS-BD.yml create mode 100644 docs/04-modelado/trazabilidad/MATRIZ-TRAZABILIDAD-RF-ET-BD.md create mode 100644 docs/04-modelado/trazabilidad/README.md create mode 100644 docs/04-modelado/trazabilidad/REPORTE-VALIDACION-DDL-DOC.md create mode 100644 docs/04-modelado/trazabilidad/REPORTE-VALIDACION-PREVIA-BD.md create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-001.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-002.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-003.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-004.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-005.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-006.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-007.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-008.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-009.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-010.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-011.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-012.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-013.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-014.yaml create mode 100644 docs/04-modelado/trazabilidad/TRACEABILITY-MGN-015.yaml create mode 100644 docs/04-modelado/trazabilidad/VALIDACION-COBERTURA-ODOO.md create mode 100644 docs/04-modelado/workflows/WORKFLOW-3-WAY-MATCH.md create mode 100644 docs/04-modelado/workflows/WORKFLOW-CIERRE-PERIODO-CONTABLE.md create mode 100644 docs/04-modelado/workflows/WORKFLOW-PAGOS-ANTICIPADOS.md create mode 100644 docs/05-user-stories/PLAN-EJECUCION-US-RESTANTES.md create mode 100644 docs/05-user-stories/README.md create mode 100644 docs/05-user-stories/REPORTE-COMPLETACION-70-US.md create mode 100644 docs/05-user-stories/REPORTE-PROGRESO-FASE-3.md create mode 100644 docs/05-user-stories/RESUMEN-EJECUTIVO-FASE-3.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-001/BACKLOG-MGN001.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-001/US-MGN001-001.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-001/US-MGN001-002.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-001/US-MGN001-003.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-001/US-MGN001-004.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-002/BACKLOG-MGN002.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-002/US-MGN002-001.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-002/US-MGN002-002.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-002/US-MGN002-003.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-002/US-MGN002-004.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-003/BACKLOG-MGN003.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-003/US-MGN003-001.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-003/US-MGN003-002.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-003/US-MGN003-003.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-003/US-MGN003-004.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-004/BACKLOG-MGN004.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-004/US-MGN004-001.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-004/US-MGN004-002.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-004/US-MGN004-003.md create mode 100644 docs/05-user-stories/_legacy_backup/MGN-004/US-MGN004-004.md create mode 100644 docs/05-user-stories/mgn-001/BACKLOG-MGN-001.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-001-001-login-con-email-password.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-001-002-renovar-token-jwt.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-002-001-crear-y-gestionar-roles.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-002-002-asignar-permisos-a-roles.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-002-003-validar-permisos-en-runtime.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-003-001-crud-usuarios.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-003-002-gestion-perfil-y-cambio-password.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-004-001-crear-tenant.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-004-002-schema-isolation.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-004-003-tenant-context-switching.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-005-001-reset-password.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-006-001-signup-autoregistro.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-007-001-gestion-sesiones-activas.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-007-002-logout.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-008-001-rls-policies.md create mode 100644 docs/05-user-stories/mgn-001/US-MGN-001-008-002-field-level-security.md create mode 100644 docs/05-user-stories/mgn-002/BACKLOG-MGN-002.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-001-001-crud-empresas.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-001-002-logo-y-branding.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-002-001-configuracion-fiscal-y-contable.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-003-001-asignar-usuarios-a-empresas.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-003-002-cambiar-empresa-activa.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-004-001-jerarquias-holdings.md create mode 100644 docs/05-user-stories/mgn-002/US-MGN-002-005-001-plantillas-configuracion-por-pais.md create mode 100644 docs/05-user-stories/mgn-003/BACKLOG-MGN-003.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-001-001-crud-partners.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-001-002-direcciones-multiples.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-002-001-paises-y-estados.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-003-001-gestion-monedas.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-003-002-tasas-de-cambio.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-004-001-unidades-de-medida.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-005-001-categorias-de-productos.md create mode 100644 docs/05-user-stories/mgn-003/US-MGN-003-006-001-condiciones-de-pago.md create mode 100644 docs/05-user-stories/mgn-004/BACKLOG-MGN-004.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-001-001-crud-cuentas-contables.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-001-002-jerarquia-cuentas-contables.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-002-001-crud-journals-contables.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-003-001-crear-asiento-contable-draft.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-003-002-validar-y-postear-asiento.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-003-003-cancelar-asiento-reversing-entry.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-004-001-crud-impuestos.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-004-002-calculo-impuestos-automatico.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-005-001-crear-factura-cliente-draft.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-005-002-validar-factura-cliente.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-005-003-cancelar-factura-cliente.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-006-001-crear-factura-proveedor-draft.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-006-002-validar-factura-proveedor.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-006-003-cancelar-factura-proveedor.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-007-001-registrar-pago-recibido.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-007-002-registrar-pago-realizado.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-007-003-cancelar-pago.md create mode 100644 docs/05-user-stories/mgn-004/US-MGN-004-008-001-reportes-financieros-balance-pl.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-001-001-crear-producto.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-001-002-gestionar-variantes-producto.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-002-001-gestionar-almacenes-ubicaciones.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-003-001-crear-movimiento-stock.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-003-002-validar-movimiento-stock.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-003-003-cancelar-movimiento-stock.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-004-001-visualizar-stock-quants.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-004-002-reservar-stock.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-005-001-crear-ajuste-inventario.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-005-002-validar-ajuste-inventario.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-006-001-valoracion-fifo.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-006-002-valoracion-promedio.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-007-001-reporte-inventario-valorizado.md create mode 100644 docs/05-user-stories/mgn-005/US-MGN-005-007-002-reporte-movimientos-stock.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-001-001-crear-rfq.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-001-002-enviar-rfq.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-002-001-crear-orden-compra.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-002-002-confirmar-orden-compra.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-002-003-cancelar-orden-compra.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-003-001-crear-recepcion-compra.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-003-002-validar-recepcion-compra.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-003-003-recepcion-parcial-backorder.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-004-001-crear-devolucion-proveedor.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-004-002-validar-devolucion-proveedor.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-005-001-dashboard-compras.md create mode 100644 docs/05-user-stories/mgn-006/US-MGN-006-005-002-analisis-proveedores.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-001-001-crear-cotizacion.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-001-002-enviar-cotizacion-email.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-002-001-crear-sales-order-desde-cotizacion.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-002-002-confirmar-sales-order.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-002-003-cancelar-sales-order.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-003-001-crear-entrega-desde-sales-order.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-003-002-validar-entrega-actualizar-stock.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-003-003-entrega-parcial-backorder.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-005-001-crear-devolucion-cliente.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-005-002-validar-devolucion-ajustar-stock.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-006-001-dashboard-ventas.md create mode 100644 docs/05-user-stories/mgn-007/US-MGN-007-006-002-analisis-ventas-producto-cliente-periodo.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-001-001-crud-planes-analiticos.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-001-002-configurar-dimensiones-multi-nivel.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-002-001-crud-cuentas-analiticas-por-plan.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-002-002-gestionar-jerarquia-cuentas-analiticas.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-003-001-asignar-distribuciones-analiticas.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-003-002-calcular-distribuciones-automaticas.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-004-001-reporte-p-and-l-por-proyecto-departamento.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-004-002-drill-down-analitico-multi-nivel.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-005-001-crud-presupuestos-analiticos.md create mode 100644 docs/05-user-stories/mgn-008/US-MGN-008-005-002-alertas-desviacion-presupuestaria.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-001-001-crud-leads.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-001-002-calificar-lead-scoring.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-002-001-crud-oportunidades.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-002-002-calcular-probabilidad-cierre.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-003-001-vista-kanban-pipeline.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-003-002-drag-drop-oportunidades.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-004-001-crud-actividades-crm.md create mode 100644 docs/05-user-stories/mgn-009/US-MGN-009-005-001-convertir-lead-oportunidad.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-001-001-crud-empleados.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-001-002-gestionar-documentos-empleado.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-002-001-crud-contratos-laborales.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-002-002-renovacion-automatica-contratos.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-003-001-registro-check-in-check-out-asistencias.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-004-001-gestionar-jerarquia-departamentos.md create mode 100644 docs/05-user-stories/mgn-010/US-MGN-010-005-001-dashboard-rrhh.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-aprobar-timesheet-de-empleados.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-asignar-miembros-y-roles-a-proyecto.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-crud-tareas-de-proyecto.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-dashboard-de-proyecto-avance-budget-horas.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-diagrama-de-gantt-de-proyecto.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-gestionar-dependencias-entre-tareas.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-registrar-timesheet-por-tarea.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-001-vista-kanban-de-tareas-por-estado.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-0-002-diagrama-de-gantt-de-proyecto.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-001-001-crud-proyectos.md create mode 100644 docs/05-user-stories/mgn-011/US-MGN-011-001-002-configurar-proyecto-fases-presupuesto.md create mode 100755 docs/05-user-stories/mgn-011/create_mgn011_us.sh create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-001-001-report-builder-visual-con-drag-drop.md create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-001-002-gestionar-widgets-de-dashboard.md create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-002-001-reportes-financieros-estndar-balance-pl-cash-flow.md create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-003-001-reportes-operacionales-configurables.md create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-004-001-exportar-reportes-a-excelpdf.md create mode 100644 docs/05-user-stories/mgn-012/US-MGN-012-004-002-enviar-reportes-por-email-programado.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-001-001-login-portal-clienteproveedor.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-001-002-registro-self-service-en-portal.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-002-001-vista-de-documentos-en-portal.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-002-002-descargar-documentos-desde-portal.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-003-001-mensajera-interna-en-portal.md create mode 100644 docs/05-user-stories/mgn-013/US-MGN-013-004-001-configuracin-de-perfil-y-preferencias-en-portal.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-001-001-comentar-en-registros-chatter-pattern.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-001-002-adjuntar-archivos-a-comentarios.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-001-003-seguirdejar-de-seguir-registros.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-002-001-notificaciones-push-en-tiempo-real-websocket.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-002-002-notificaciones-por-email-configurables.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-002-003-configurar-preferencias-de-notificaciones-por-usuario.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-003-001-subir-archivos-adjuntos.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-003-002-gestionar-biblioteca-de-adjuntos.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-004-001-aadir-followers-a-registros.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-004-002-notificar-automticamente-a-followers.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-005-001-crud-actividades-tareas-llamadas-reuniones-con-calendario.md create mode 100644 docs/05-user-stories/mgn-014/US-MGN-014-006-001-mensajes-internos-vs-pblicos-en-chatter.md create mode 100644 docs/06-test-plans/MASTER-TEST-PLAN.md create mode 100644 docs/06-test-plans/README.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-001-fundamentos.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-002-empresas.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-003-catalogos.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-004-financiero.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-005-inventario.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-006-compras.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-007-ventas.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-008-analitica.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-009-crm.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-010-rrhh.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-011-proyectos.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-012-reportes.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-013-portal.md create mode 100644 docs/06-test-plans/TEST-PLAN-MGN-014-mensajeria.md create mode 100644 docs/06-test-plans/TP-auth.md create mode 100644 docs/06-test-plans/TP-rbac.md create mode 100644 docs/06-test-plans/TP-tenants.md create mode 100644 docs/06-test-plans/TP-users.md create mode 100644 docs/07-devops/BACKUP-RECOVERY.md create mode 100644 docs/07-devops/CI-CD-PIPELINE.md create mode 100644 docs/07-devops/DEPLOYMENT-GUIDE.md create mode 100644 docs/07-devops/MONITORING-OBSERVABILITY.md create mode 100644 docs/07-devops/README.md create mode 100644 docs/07-devops/SECURITY-HARDENING.md create mode 100755 docs/07-devops/scripts/backup-postgres.sh create mode 100755 docs/07-devops/scripts/health-check.sh create mode 100755 docs/07-devops/scripts/restore-postgres.sh create mode 100644 docs/08-epicas/EPIC-MGN-001-auth.md create mode 100644 docs/08-epicas/EPIC-MGN-002-users.md create mode 100644 docs/08-epicas/EPIC-MGN-003-roles.md create mode 100644 docs/08-epicas/EPIC-MGN-004-tenants.md create mode 100644 docs/08-epicas/EPIC-MGN-005-catalogs.md create mode 100644 docs/08-epicas/EPIC-MGN-006-settings.md create mode 100644 docs/08-epicas/EPIC-MGN-007-audit.md create mode 100644 docs/08-epicas/EPIC-MGN-008-notifications.md create mode 100644 docs/08-epicas/EPIC-MGN-009-reports.md create mode 100644 docs/08-epicas/EPIC-MGN-010-financial.md create mode 100644 docs/08-epicas/EPIC-MGN-011-inventory.md create mode 100644 docs/08-epicas/EPIC-MGN-012-purchasing.md create mode 100644 docs/08-epicas/EPIC-MGN-013-sales.md create mode 100644 docs/08-epicas/EPIC-MGN-014-crm.md create mode 100644 docs/08-epicas/EPIC-MGN-015-projects.md create mode 100644 docs/08-epicas/EPIC-MGN-016-billing.md create mode 100644 docs/08-epicas/EPIC-MGN-017-payments.md create mode 100644 docs/08-epicas/EPIC-MGN-017-stripe-integration.md create mode 100644 docs/08-epicas/EPIC-MGN-018-whatsapp.md create mode 100644 docs/08-epicas/EPIC-MGN-019-ai-agents.md create mode 100644 docs/08-epicas/EPIC-MGN-019-mobile-apps.md create mode 100644 docs/08-epicas/EPIC-MGN-020-onboarding.md create mode 100644 docs/08-epicas/EPIC-MGN-021-ai-tokens.md create mode 100644 docs/08-epicas/README.md create mode 100644 docs/90-transversal/REPORTE-AUDITORIA-DOCUMENTACION.md create mode 100644 docs/97-adr/ADR-001-stack-tecnologico.md create mode 100644 docs/97-adr/ADR-002-arquitectura-modular.md create mode 100644 docs/97-adr/ADR-003-multi-tenancy.md create mode 100644 docs/97-adr/ADR-004-sistema-constantes-ssot.md create mode 100644 docs/97-adr/ADR-005-path-aliases.md create mode 100644 docs/97-adr/ADR-006-rbac-sistema-permisos.md create mode 100644 docs/97-adr/ADR-007-database-design.md create mode 100644 docs/97-adr/ADR-008-api-design.md create mode 100644 docs/97-adr/ADR-009-frontend-architecture.md create mode 100644 docs/97-adr/ADR-010-testing-strategy.md create mode 100644 docs/97-adr/ADR-011-database-clean-load-strategy.md create mode 100644 docs/97-adr/ADR-012-complete-traceability-policy.md create mode 100644 docs/CORRECCION-GAP-001-REPORTE.md create mode 100644 docs/CORRECCION-GAP-002-REPORTE.md create mode 100644 docs/FRONTEND-PRIORITY-MATRIX.md create mode 100644 docs/INSTRUCCIONES-AGENTE-ARQUITECTURA.md create mode 100644 docs/LANZAR-FASE-0.md create mode 100644 docs/PLAN-DESARROLLO-FRONTEND.md create mode 100644 docs/PLAN-DOCUMENTACION-ERP-GENERICO.md create mode 100644 docs/PLAN-EXPANSION-BACKEND.md create mode 100644 docs/PLAN-MAESTRO-MIGRACION-CONSOLIDACION.md create mode 100644 docs/README.md create mode 100644 docs/REPORTE-ALINEACION-DDL-SPECS.md create mode 100644 docs/REPORTE-REVALIDACION-TECNICA-COMPLETA.md create mode 100644 docs/RESUMEN-EJECUTIVO-REVALIDACION.md create mode 100644 docs/SPRINT-PLAN-FASE-1.md create mode 100644 docs/_MAP.md create mode 100644 frontend/.eslintrc.cjs create mode 100644 frontend/Dockerfile create mode 100644 frontend/index.html create mode 100644 frontend/nginx.conf create mode 100644 frontend/package-lock.json create mode 100644 frontend/package.json create mode 100644 frontend/postcss.config.js create mode 100644 frontend/public/vite.svg create mode 100644 frontend/src/app/layouts/AuthLayout.tsx create mode 100644 frontend/src/app/layouts/DashboardLayout.tsx create mode 100644 frontend/src/app/layouts/index.ts create mode 100644 frontend/src/app/providers/index.tsx create mode 100644 frontend/src/app/router/ProtectedRoute.tsx create mode 100644 frontend/src/app/router/index.tsx create mode 100644 frontend/src/app/router/routes.tsx create mode 100644 frontend/src/features/companies/api/companies.api.ts create mode 100644 frontend/src/features/companies/api/index.ts create mode 100644 frontend/src/features/companies/components/CompanyFiltersPanel.tsx create mode 100644 frontend/src/features/companies/components/CompanyForm.tsx create mode 100644 frontend/src/features/companies/components/index.ts create mode 100644 frontend/src/features/companies/hooks/index.ts create mode 100644 frontend/src/features/companies/hooks/useCompanies.ts create mode 100644 frontend/src/features/companies/types/company.types.ts create mode 100644 frontend/src/features/companies/types/index.ts create mode 100644 frontend/src/features/partners/api/index.ts create mode 100644 frontend/src/features/partners/api/partners.api.ts create mode 100644 frontend/src/features/partners/components/PartnerFiltersPanel.tsx create mode 100644 frontend/src/features/partners/components/PartnerForm.tsx create mode 100644 frontend/src/features/partners/components/PartnerStatusBadge.tsx create mode 100644 frontend/src/features/partners/components/PartnerTypeBadge.tsx create mode 100644 frontend/src/features/partners/components/index.ts create mode 100644 frontend/src/features/partners/hooks/index.ts create mode 100644 frontend/src/features/partners/hooks/usePartners.ts create mode 100644 frontend/src/features/partners/types/index.ts create mode 100644 frontend/src/features/partners/types/partner.types.ts create mode 100644 frontend/src/features/users/api/index.ts create mode 100644 frontend/src/features/users/api/users.api.ts create mode 100644 frontend/src/features/users/components/UserFiltersPanel.tsx create mode 100644 frontend/src/features/users/components/UserForm.tsx create mode 100644 frontend/src/features/users/components/UserStatusBadge.tsx create mode 100644 frontend/src/features/users/components/index.ts create mode 100644 frontend/src/features/users/hooks/index.ts create mode 100644 frontend/src/features/users/hooks/useUsers.ts create mode 100644 frontend/src/features/users/types/index.ts create mode 100644 frontend/src/features/users/types/user.types.ts create mode 100644 frontend/src/index.css create mode 100644 frontend/src/main.tsx create mode 100644 frontend/src/pages/NotFoundPage.tsx create mode 100644 frontend/src/pages/auth/ForgotPasswordPage.tsx create mode 100644 frontend/src/pages/auth/LoginPage.tsx create mode 100644 frontend/src/pages/auth/RegisterPage.tsx create mode 100644 frontend/src/pages/companies/CompaniesListPage.tsx create mode 100644 frontend/src/pages/companies/CompanyCreatePage.tsx create mode 100644 frontend/src/pages/companies/CompanyDetailPage.tsx create mode 100644 frontend/src/pages/companies/CompanyEditPage.tsx create mode 100644 frontend/src/pages/dashboard/DashboardPage.tsx create mode 100644 frontend/src/pages/partners/PartnerCreatePage.tsx create mode 100644 frontend/src/pages/partners/PartnerDetailPage.tsx create mode 100644 frontend/src/pages/partners/PartnerEditPage.tsx create mode 100644 frontend/src/pages/partners/PartnersListPage.tsx create mode 100644 frontend/src/pages/users/UserCreatePage.tsx create mode 100644 frontend/src/pages/users/UserDetailPage.tsx create mode 100644 frontend/src/pages/users/UserEditPage.tsx create mode 100644 frontend/src/pages/users/UsersListPage.tsx create mode 100644 frontend/src/pages/users/index.ts create mode 100644 frontend/src/services/api/auth.api.ts create mode 100644 frontend/src/services/api/axios-instance.ts create mode 100644 frontend/src/services/api/index.ts create mode 100644 frontend/src/services/api/users.api.ts create mode 100644 frontend/src/services/index.ts create mode 100644 frontend/src/shared/components/atoms/Avatar/Avatar.tsx create mode 100644 frontend/src/shared/components/atoms/Avatar/index.ts create mode 100644 frontend/src/shared/components/atoms/Badge/Badge.tsx create mode 100644 frontend/src/shared/components/atoms/Badge/index.ts create mode 100644 frontend/src/shared/components/atoms/Button/Button.tsx create mode 100644 frontend/src/shared/components/atoms/Button/index.ts create mode 100644 frontend/src/shared/components/atoms/Input/Input.tsx create mode 100644 frontend/src/shared/components/atoms/Input/index.ts create mode 100644 frontend/src/shared/components/atoms/Label/Label.tsx create mode 100644 frontend/src/shared/components/atoms/Label/index.ts create mode 100644 frontend/src/shared/components/atoms/Spinner/Spinner.tsx create mode 100644 frontend/src/shared/components/atoms/Spinner/index.ts create mode 100644 frontend/src/shared/components/atoms/Tooltip/Tooltip.tsx create mode 100644 frontend/src/shared/components/atoms/Tooltip/index.ts create mode 100644 frontend/src/shared/components/atoms/index.ts create mode 100644 frontend/src/shared/components/index.ts create mode 100644 frontend/src/shared/components/molecules/Alert/Alert.tsx create mode 100644 frontend/src/shared/components/molecules/Alert/index.ts create mode 100644 frontend/src/shared/components/molecules/Card/Card.tsx create mode 100644 frontend/src/shared/components/molecules/Card/index.ts create mode 100644 frontend/src/shared/components/molecules/FormField/FormField.tsx create mode 100644 frontend/src/shared/components/molecules/FormField/index.ts create mode 100644 frontend/src/shared/components/molecules/index.ts create mode 100644 frontend/src/shared/components/organisms/Breadcrumbs/Breadcrumbs.tsx create mode 100644 frontend/src/shared/components/organisms/Breadcrumbs/index.ts create mode 100644 frontend/src/shared/components/organisms/DataTable/DataTable.tsx create mode 100644 frontend/src/shared/components/organisms/DataTable/index.ts create mode 100644 frontend/src/shared/components/organisms/DatePicker/DatePicker.tsx create mode 100644 frontend/src/shared/components/organisms/DatePicker/DateRangePicker.tsx create mode 100644 frontend/src/shared/components/organisms/DatePicker/index.ts create mode 100644 frontend/src/shared/components/organisms/Dropdown/Dropdown.tsx create mode 100644 frontend/src/shared/components/organisms/Dropdown/index.ts create mode 100644 frontend/src/shared/components/organisms/Modal/ConfirmModal.tsx create mode 100644 frontend/src/shared/components/organisms/Modal/Modal.tsx create mode 100644 frontend/src/shared/components/organisms/Modal/index.ts create mode 100644 frontend/src/shared/components/organisms/Pagination/Pagination.tsx create mode 100644 frontend/src/shared/components/organisms/Pagination/index.ts create mode 100644 frontend/src/shared/components/organisms/Select/Select.tsx create mode 100644 frontend/src/shared/components/organisms/Select/index.ts create mode 100644 frontend/src/shared/components/organisms/Sidebar/Sidebar.tsx create mode 100644 frontend/src/shared/components/organisms/Sidebar/index.ts create mode 100644 frontend/src/shared/components/organisms/Tabs/Tabs.tsx create mode 100644 frontend/src/shared/components/organisms/Tabs/index.ts create mode 100644 frontend/src/shared/components/organisms/Toast/Toast.tsx create mode 100644 frontend/src/shared/components/organisms/Toast/index.ts create mode 100644 frontend/src/shared/components/organisms/index.ts create mode 100644 frontend/src/shared/components/templates/EmptyState/EmptyState.tsx create mode 100644 frontend/src/shared/components/templates/EmptyState/index.ts create mode 100644 frontend/src/shared/components/templates/index.ts create mode 100644 frontend/src/shared/constants/api-endpoints.ts create mode 100644 frontend/src/shared/constants/index.ts create mode 100644 frontend/src/shared/constants/roles.ts create mode 100644 frontend/src/shared/constants/status.ts create mode 100644 frontend/src/shared/hooks/index.ts create mode 100644 frontend/src/shared/hooks/useDebounce.ts create mode 100644 frontend/src/shared/hooks/useLocalStorage.ts create mode 100644 frontend/src/shared/hooks/useMediaQuery.ts create mode 100644 frontend/src/shared/index.ts create mode 100644 frontend/src/shared/stores/index.ts create mode 100644 frontend/src/shared/stores/useAuthStore.ts create mode 100644 frontend/src/shared/stores/useCompanyStore.ts create mode 100644 frontend/src/shared/stores/useNotificationStore.ts create mode 100644 frontend/src/shared/stores/useUIStore.ts create mode 100644 frontend/src/shared/types/api.types.ts create mode 100644 frontend/src/shared/types/entities.types.ts create mode 100644 frontend/src/shared/types/index.ts create mode 100644 frontend/src/shared/utils/cn.ts create mode 100644 frontend/src/shared/utils/formatters.ts create mode 100644 frontend/src/shared/utils/index.ts create mode 100644 frontend/src/vite-env.d.ts create mode 100644 frontend/tailwind.config.js create mode 100644 frontend/tsconfig.json create mode 100644 frontend/tsconfig.node.json create mode 100644 frontend/vite.config.d.ts create mode 100644 frontend/vite.config.ts create mode 100644 orchestration/00-guidelines/CONTEXTO-PROYECTO.md create mode 100644 orchestration/00-guidelines/HERENCIA-DIRECTIVAS.md create mode 100644 orchestration/00-guidelines/HERENCIA-SIMCO.md create mode 100644 orchestration/00-guidelines/PROJECT-STATUS.md create mode 100644 orchestration/01-analisis/ANALISIS-GAPS-CONSOLIDADO.md create mode 100644 orchestration/01-analisis/ANALISIS-PROPAGACION-ALINEAMIENTO.md create mode 100644 orchestration/PROXIMA-ACCION.md create mode 100644 orchestration/README.md create mode 100644 orchestration/agentes/requirements-analyst/PLAN-CORRECCIONES-ERP-CORE.md create mode 100644 orchestration/directivas/DIRECTIVA-DOCUMENTACION-PRE-DESARROLLO.md create mode 100644 orchestration/directivas/DIRECTIVA-EXTENSION-VERTICALES.md create mode 100644 orchestration/directivas/DIRECTIVA-HERENCIA-MODULOS.md create mode 100644 orchestration/directivas/DIRECTIVA-MULTI-TENANT.md create mode 100644 orchestration/directivas/DIRECTIVA-PATRONES-ODOO.md create mode 100644 orchestration/directivas/ESTANDARES-API-REST-GENERICO.md create mode 100644 orchestration/estados/ESTADO-AGENTES.json create mode 100644 orchestration/inventarios/BACKEND_INVENTORY.yml create mode 100644 orchestration/inventarios/DATABASE_INVENTORY.yml create mode 100644 orchestration/inventarios/DEPENDENCY_GRAPH.yml create mode 100644 orchestration/inventarios/FRONTEND_INVENTORY.yml create mode 100644 orchestration/inventarios/MASTER_INVENTORY.yml create mode 100644 orchestration/inventarios/README.md create mode 100644 orchestration/inventarios/TRACEABILITY_MATRIX.yml create mode 100644 orchestration/prompts/PROMPT-ERP-BACKEND-AGENT.md create mode 100644 orchestration/prompts/PROMPT-ERP-DATABASE-AGENT.md create mode 100644 orchestration/prompts/PROMPT-ERP-FRONTEND-AGENT.md create mode 100644 orchestration/templates/TEMPLATE-DDL-SPECIFICATION.md create mode 100644 orchestration/templates/TEMPLATE-ESPECIFICACION-BACKEND.md create mode 100644 orchestration/templates/TEMPLATE-REQUERIMIENTO-FUNCIONAL.md create mode 100644 orchestration/templates/TEMPLATE-USER-STORY.md create mode 100644 orchestration/trazas/TRAZA-TAREAS-BACKEND.md create mode 100644 orchestration/trazas/TRAZA-TAREAS-DATABASE.md create mode 100644 orchestration/trazas/TRAZA-TAREAS-FRONTEND.md create mode 100644 package-lock.json create mode 100644 package.json create mode 100644 tsconfig.json diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..26d8039 --- /dev/null +++ b/.env.example @@ -0,0 +1,22 @@ +# Server +NODE_ENV=development +PORT=3011 +API_PREFIX=/api/v1 + +# Database +DB_HOST=localhost +DB_PORT=5432 +DB_NAME=erp_generic +DB_USER=erp_admin +DB_PASSWORD=erp_secret_2024 + +# JWT +JWT_SECRET=your-super-secret-jwt-key-change-in-production +JWT_EXPIRES_IN=24h +JWT_REFRESH_EXPIRES_IN=7d + +# Logging +LOG_LEVEL=debug + +# CORS +CORS_ORIGIN=http://localhost:3010,http://localhost:5173 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..22f4ec5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,32 @@ +# Dependencies +node_modules/ + +# Build output +dist/ + +# Environment files +.env +.env.local +.env.*.local + +# Logs +logs/ +*.log +npm-debug.log* + +# IDE +.idea/ +.vscode/ +*.swp +*.swo + +# OS +.DS_Store +Thumbs.db + +# Test coverage +coverage/ + +# Temporary files +tmp/ +temp/ diff --git a/INVENTARIO.yml b/INVENTARIO.yml new file mode 100644 index 0000000..e945699 --- /dev/null +++ b/INVENTARIO.yml @@ -0,0 +1,31 @@ +# Inventario generado por EPIC-008 +proyecto: erp-core +fecha: "2026-01-04" +generado_por: "inventory-project.sh v1.0.0" + +inventario: + docs: + total: 870 + por_tipo: + markdown: 829 + yaml: 26 + json: 0 + orchestration: + total: 32 + por_tipo: + markdown: 25 + yaml: 6 + json: 1 + +problemas: + archivos_obsoletos: 0 + referencias_antiguas: 0 + simco_faltantes: + - _MAP.md en docs/ + - PROJECT-STATUS.md + +estado_simco: + herencia_simco: true + contexto_proyecto: true + map_docs: false + project_status: false diff --git a/PROJECT-STATUS.md b/PROJECT-STATUS.md new file mode 100644 index 0000000..0feca8d --- /dev/null +++ b/PROJECT-STATUS.md @@ -0,0 +1,27 @@ +# ESTADO DEL PROYECTO + +**Proyecto:** erp-generic +**Estado:** 📋 En planificación +**Progreso:** 0% +**Última actualización:** 2025-11-24 + +--- + +## 📊 RESUMEN + +- **Fase actual:** Análisis y planificación +- **Módulos completados:** 0 +- **Módulos en desarrollo:** 0 +- **Módulos pendientes:** 10 + +--- + +## 🎯 PRÓXIMOS PASOS + +1. Completar análisis de requerimientos +2. Modelado de dominio +3. Comparación con Odoo +4. Diseño de base de datos +5. Inicio de desarrollo + +--- diff --git a/README.md b/README.md new file mode 100644 index 0000000..9ce6d75 --- /dev/null +++ b/README.md @@ -0,0 +1,114 @@ +# ERP Core - Base Genérica Reutilizable + +## Descripción + +ERP Core es el módulo base que proporciona el **60-70% del código compartido** para todas las verticales del ERP Suite. Contiene la funcionalidad común que será extendida por cada vertical específica. + +**Estado:** En desarrollo (60%) +**Versión:** 0.1.0 + +## Estructura del Proyecto + +``` +erp-core/ +├── backend/ # API REST (Node.js + Express + TypeScript) +│ ├── src/ +│ │ ├── modules/ # Módulos de negocio +│ │ ├── shared/ # Código compartido +│ │ └── config/ # Configuración +│ ├── package.json +│ └── tsconfig.json +│ +├── frontend/ # Web App (React + Vite + TypeScript) +│ ├── src/ +│ │ ├── components/ # Componentes reutilizables +│ │ ├── pages/ # Páginas +│ │ ├── stores/ # Estado (Zustand) +│ │ └── services/ # Servicios API +│ ├── package.json +│ └── vite.config.ts +│ +├── database/ # PostgreSQL +│ ├── ddl/ # Definiciones de tablas +│ ├── migrations/ # Migraciones +│ └── seeds/ # Datos iniciales +│ +├── docs/ # Documentación del proyecto +│ ├── 00-vision-general/ +│ ├── 01-fase-mvp/ +│ ├── 02-modelado/ +│ └── ... +│ +└── orchestration/ # Sistema de agentes NEXUS + ├── 00-guidelines/ + │ └── CONTEXTO-PROYECTO.md + ├── trazas/ # Historial de tareas por agente + │ ├── TRAZA-TAREAS-BACKEND.md + │ ├── TRAZA-TAREAS-FRONTEND.md + │ └── TRAZA-TAREAS-DATABASE.md + ├── estados/ # Estado actual de agentes + └── PROXIMA-ACCION.md +``` + +## Stack Tecnológico + +| Capa | Tecnología | +|------|------------| +| **Backend** | Node.js 20+, Express, TypeScript, TypeORM | +| **Frontend** | React 18, Vite, TypeScript, Tailwind CSS, Zustand | +| **Database** | PostgreSQL 15+ con RLS | +| **Auth** | JWT + bcryptjs | + +## Módulos Core + +| Módulo | Estado | Descripción | +|--------|--------|-------------| +| `auth` | En desarrollo | Autenticación y autorización | +| `users` | Planificado | Gestión de usuarios | +| `roles` | Planificado | Roles y permisos (RBAC) | +| `tenants` | Planificado | Multi-tenancy | +| `catalogs` | Planificado | Catálogos maestros | +| `settings` | Planificado | Configuración del sistema | +| `audit` | Planificado | Auditoría y logs | +| `reports` | Planificado | Sistema de reportes | +| `financial` | Planificado | Módulo financiero básico | +| `inventory` | Planificado | Módulo de inventario básico | +| `purchasing` | Planificado | Módulo de compras básico | +| `crm` | Planificado | CRM básico | + +## Inicio Rápido + +```bash +# Backend +cd backend +npm install +cp .env.example .env +npm run dev + +# Frontend +cd frontend +npm install +npm run dev +``` + +## Documentación + +- **Contexto del proyecto:** `orchestration/00-guidelines/CONTEXTO-PROYECTO.md` +- **Próxima tarea:** `orchestration/PROXIMA-ACCION.md` +- **Trazas de agentes:** `orchestration/trazas/` +- **Documentación técnica:** `docs/` + +## Relación con Verticales + +Las verticales (construcción, vidrio-templado, etc.) **extienden** este core: + +``` +erp-core (60-70%) + ↓ hereda +vertical-construccion (+30-40% específico) +vertical-vidrio-templado (+30-40% específico) +... +``` + +--- +*Proyecto parte de ERP Suite - Fábrica de Software con Agentes IA* diff --git a/backend/.env.example b/backend/.env.example new file mode 100644 index 0000000..26d8039 --- /dev/null +++ b/backend/.env.example @@ -0,0 +1,22 @@ +# Server +NODE_ENV=development +PORT=3011 +API_PREFIX=/api/v1 + +# Database +DB_HOST=localhost +DB_PORT=5432 +DB_NAME=erp_generic +DB_USER=erp_admin +DB_PASSWORD=erp_secret_2024 + +# JWT +JWT_SECRET=your-super-secret-jwt-key-change-in-production +JWT_EXPIRES_IN=24h +JWT_REFRESH_EXPIRES_IN=7d + +# Logging +LOG_LEVEL=debug + +# CORS +CORS_ORIGIN=http://localhost:3010,http://localhost:5173 diff --git a/backend/.gitignore b/backend/.gitignore new file mode 100644 index 0000000..22f4ec5 --- /dev/null +++ b/backend/.gitignore @@ -0,0 +1,32 @@ +# Dependencies +node_modules/ + +# Build output +dist/ + +# Environment files +.env +.env.local +.env.*.local + +# Logs +logs/ +*.log +npm-debug.log* + +# IDE +.idea/ +.vscode/ +*.swp +*.swo + +# OS +.DS_Store +Thumbs.db + +# Test coverage +coverage/ + +# Temporary files +tmp/ +temp/ diff --git a/backend/Dockerfile b/backend/Dockerfile new file mode 100644 index 0000000..8376ee0 --- /dev/null +++ b/backend/Dockerfile @@ -0,0 +1,52 @@ +# ============================================================================= +# ERP-CORE Backend - Dockerfile +# ============================================================================= +# Multi-stage build for production +# ============================================================================= + +# Stage 1: Dependencies +FROM node:20-alpine AS deps +WORKDIR /app + +# Install dependencies needed for native modules +RUN apk add --no-cache libc6-compat python3 make g++ + +COPY package*.json ./ +RUN npm ci --only=production && npm cache clean --force + +# Stage 2: Builder +FROM node:20-alpine AS builder +WORKDIR /app + +COPY package*.json ./ +RUN npm ci + +COPY . . +RUN npm run build + +# Stage 3: Production +FROM node:20-alpine AS runner +WORKDIR /app + +ENV NODE_ENV=production + +# Create non-root user +RUN addgroup --system --gid 1001 nodejs +RUN adduser --system --uid 1001 nestjs + +# Copy built application +COPY --from=deps /app/node_modules ./node_modules +COPY --from=builder /app/dist ./dist +COPY --from=builder /app/package*.json ./ + +# Create logs directory +RUN mkdir -p /var/log/erp-core && chown -R nestjs:nodejs /var/log/erp-core + +USER nestjs + +EXPOSE 3011 + +HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://localhost:3011/health || exit 1 + +CMD ["node", "dist/main.js"] diff --git a/backend/TYPEORM_DEPENDENCIES.md b/backend/TYPEORM_DEPENDENCIES.md new file mode 100644 index 0000000..b7c0198 --- /dev/null +++ b/backend/TYPEORM_DEPENDENCIES.md @@ -0,0 +1,78 @@ +# Dependencias para TypeORM + Redis + +## Instrucciones de instalación + +Ejecutar los siguientes comandos para agregar las dependencias necesarias: + +```bash +cd /home/adrian/Documentos/workspace/projects/erp-suite/apps/erp-core/backend + +# Dependencias de producción +npm install typeorm reflect-metadata ioredis + +# Dependencias de desarrollo +npm install --save-dev @types/ioredis +``` + +## Detalle de dependencias + +### Producción (dependencies) + +1. **typeorm** (^0.3.x) + - ORM para TypeScript/JavaScript + - Permite trabajar con entities, repositories y query builders + - Soporta migraciones y subscribers + +2. **reflect-metadata** (^0.2.x) + - Requerido por TypeORM para decoradores + - Debe importarse al inicio de la aplicación + +3. **ioredis** (^5.x) + - Cliente Redis moderno para Node.js + - Usado para blacklist de tokens JWT + - Soporta clustering, pipelines y Lua scripts + +### Desarrollo (devDependencies) + +1. **@types/ioredis** (^5.x) + - Tipos TypeScript para ioredis + - Provee autocompletado e intellisense + +## Verificación post-instalación + +Después de instalar las dependencias, verificar que el proyecto compile: + +```bash +npm run build +``` + +Y que el servidor arranque correctamente: + +```bash +npm run dev +``` + +## Variables de entorno necesarias + +Agregar al archivo `.env`: + +```bash +# Redis (opcional - para blacklist de tokens) +REDIS_HOST=localhost +REDIS_PORT=6379 +REDIS_PASSWORD= +``` + +## Archivos creados + +1. `/src/config/typeorm.ts` - Configuración de TypeORM DataSource +2. `/src/config/redis.ts` - Configuración de cliente Redis +3. `/src/index.ts` - Modificado para inicializar TypeORM y Redis + +## Próximos pasos + +1. Instalar las dependencias listadas arriba +2. Configurar variables de entorno de Redis en `.env` +3. Arrancar servidor con `npm run dev` y verificar logs +4. Comenzar a crear entities gradualmente en `src/modules/*/entities/` +5. Actualizar `typeorm.ts` para incluir las rutas de las entities creadas diff --git a/backend/TYPEORM_INTEGRATION_SUMMARY.md b/backend/TYPEORM_INTEGRATION_SUMMARY.md new file mode 100644 index 0000000..c25247f --- /dev/null +++ b/backend/TYPEORM_INTEGRATION_SUMMARY.md @@ -0,0 +1,302 @@ +# Resumen de Integración TypeORM + Redis + +## Estado de la Tarea: COMPLETADO + +Integración exitosa de TypeORM y Redis al proyecto Express existente manteniendo total compatibilidad con el pool `pg` actual. + +--- + +## Archivos Creados + +### 1. `/src/config/typeorm.ts` +**Propósito:** Configuración del DataSource de TypeORM + +**Características:** +- DataSource configurado para PostgreSQL usando las mismas variables de entorno que el pool `pg` +- Schema por defecto: `auth` +- Logging habilitado en desarrollo, solo errores en producción +- Pool de conexiones reducido (max: 10) para no competir con el pool pg (max: 20) +- Synchronize deshabilitado (se usa DDL manual) +- Funciones exportadas: + - `AppDataSource` - DataSource principal + - `initializeTypeORM()` - Inicializa la conexión + - `closeTypeORM()` - Cierra la conexión + - `isTypeORMConnected()` - Verifica estado de conexión + +**Variables de entorno usadas:** +- `DB_HOST` +- `DB_PORT` +- `DB_USER` +- `DB_PASSWORD` +- `DB_NAME` + +### 2. `/src/config/redis.ts` +**Propósito:** Configuración de cliente Redis para blacklist de tokens JWT + +**Características:** +- Cliente ioredis con reconexión automática +- Logging completo de eventos (connect, ready, error, close, reconnecting) +- Conexión lazy (no automática) +- Redis es opcional - no detiene la aplicación si falla +- Utilidades para blacklist de tokens: + - `blacklistToken(token, expiresIn)` - Agrega token a blacklist + - `isTokenBlacklisted(token)` - Verifica si token está en blacklist + - `cleanupBlacklist()` - Limpieza manual (Redis maneja TTL automáticamente) + +**Funciones exportadas:** +- `redisClient` - Cliente Redis principal +- `initializeRedis()` - Inicializa conexión +- `closeRedis()` - Cierra conexión +- `isRedisConnected()` - Verifica estado +- `blacklistToken()` - Blacklist de token +- `isTokenBlacklisted()` - Verifica blacklist +- `cleanupBlacklist()` - Limpieza manual + +**Variables de entorno nuevas:** +- `REDIS_HOST` (default: localhost) +- `REDIS_PORT` (default: 6379) +- `REDIS_PASSWORD` (opcional) + +### 3. `/src/index.ts` (MODIFICADO) +**Cambios realizados:** + +1. **Importación de reflect-metadata** (línea 1-2): + ```typescript + import 'reflect-metadata'; + ``` + +2. **Importación de nuevos módulos** (líneas 7-8): + ```typescript + import { initializeTypeORM, closeTypeORM } from './config/typeorm.js'; + import { initializeRedis, closeRedis } from './config/redis.js'; + ``` + +3. **Inicialización en bootstrap()** (líneas 24-32): + ```typescript + // Initialize TypeORM DataSource + const typeormConnected = await initializeTypeORM(); + if (!typeormConnected) { + logger.error('Failed to initialize TypeORM. Exiting...'); + process.exit(1); + } + + // Initialize Redis (opcional - no detiene la app si falla) + await initializeRedis(); + ``` + +4. **Graceful shutdown actualizado** (líneas 48-51): + ```typescript + // Cerrar conexiones en orden + await closeRedis(); + await closeTypeORM(); + await closePool(); + ``` + +**Orden de inicialización:** +1. Pool pg (existente) - crítico +2. TypeORM DataSource - crítico +3. Redis - opcional +4. Express server + +**Orden de cierre:** +1. Express server +2. Redis +3. TypeORM +4. Pool pg + +--- + +## Dependencias a Instalar + +### Comando de instalación: +```bash +cd /home/adrian/Documentos/workspace/projects/erp-suite/apps/erp-core/backend + +# Producción +npm install typeorm reflect-metadata ioredis + +# Desarrollo +npm install --save-dev @types/ioredis +``` + +### Detalle: + +**Producción:** +- `typeorm` ^0.3.x - ORM principal +- `reflect-metadata` ^0.2.x - Requerido por decoradores de TypeORM +- `ioredis` ^5.x - Cliente Redis moderno + +**Desarrollo:** +- `@types/ioredis` ^5.x - Tipos TypeScript para ioredis + +--- + +## Variables de Entorno + +Agregar al archivo `.env`: + +```bash +# Redis Configuration (opcional) +REDIS_HOST=localhost +REDIS_PORT=6379 +REDIS_PASSWORD= + +# Las variables de PostgreSQL ya existen: +# DB_HOST=localhost +# DB_PORT=5432 +# DB_NAME=erp_generic +# DB_USER=erp_admin +# DB_PASSWORD=*** +``` + +--- + +## Compatibilidad con Pool `pg` Existente + +### Garantías de compatibilidad: + +1. **NO se modificó** `/src/config/database.ts` +2. **NO se eliminó** ninguna funcionalidad del pool pg +3. **Pool pg sigue siendo la conexión principal** para queries existentes +4. **TypeORM usa su propio pool** (max: 10 conexiones) independiente del pool pg (max: 20) +5. **Ambos pools coexisten** sin conflicto de recursos + +### Estrategia de migración gradual: + +``` +Código existente → Usa pool pg (database.ts) +Nuevo código → Puede usar TypeORM entities +No hay prisa → Migrar cuando sea conveniente +``` + +--- + +## Estructura de Directorios + +``` +backend/ +├── src/ +│ ├── config/ +│ │ ├── database.ts (EXISTENTE - pool pg) +│ │ ├── typeorm.ts (NUEVO - TypeORM DataSource) +│ │ ├── redis.ts (NUEVO - Redis client) +│ │ └── index.ts (EXISTENTE - sin cambios) +│ ├── index.ts (MODIFICADO - inicialización) +│ └── ... +├── TYPEORM_DEPENDENCIES.md (NUEVO - guía de instalación) +└── TYPEORM_INTEGRATION_SUMMARY.md (ESTE ARCHIVO) +``` + +--- + +## Próximos Pasos + +### 1. Instalar dependencias +```bash +npm install typeorm reflect-metadata ioredis +npm install --save-dev @types/ioredis +``` + +### 2. Configurar Redis (opcional) +Agregar variables `REDIS_*` al `.env` + +### 3. Verificar compilación +```bash +npm run build +``` + +### 4. Arrancar servidor +```bash +npm run dev +``` + +### 5. Verificar logs +Buscar en la consola: +- "Database connection successful" (pool pg) +- "TypeORM DataSource initialized successfully" (TypeORM) +- "Redis connection successful" o "Application will continue without Redis" (Redis) +- "Server running on port 3000" + +### 6. Crear entities (cuando sea necesario) +``` +src/modules/auth/entities/ +├── user.entity.ts +├── role.entity.ts +└── permission.entity.ts +``` + +### 7. Actualizar typeorm.ts +Agregar rutas de entities al array `entities` en AppDataSource: +```typescript +entities: [ + 'src/modules/auth/entities/*.entity.ts' +], +``` + +--- + +## Testing + +### Test de conexión TypeORM +```typescript +import { AppDataSource } from './config/typeorm.js'; + +// Verificar que esté inicializado +console.log(AppDataSource.isInitialized); // true +``` + +### Test de conexión Redis +```typescript +import { isRedisConnected, blacklistToken, isTokenBlacklisted } from './config/redis.js'; + +// Verificar conexión +console.log(isRedisConnected()); // true + +// Test de blacklist +await blacklistToken('test-token', 3600); +const isBlacklisted = await isTokenBlacklisted('test-token'); // true +``` + +--- + +## Criterios de Aceptación + +- [x] Archivo `src/config/typeorm.ts` creado +- [x] Archivo `src/config/redis.ts` creado +- [x] `src/index.ts` modificado para inicializar TypeORM +- [x] Compatibilidad con pool pg existente mantenida +- [x] reflect-metadata importado al inicio +- [x] Graceful shutdown actualizado +- [x] Documentación de dependencias creada +- [x] Variables de entorno documentadas + +--- + +## Notas Importantes + +1. **Redis es opcional** - Si Redis no está disponible, la aplicación arrancará normalmente pero la blacklist de tokens estará deshabilitada. + +2. **TypeORM es crítico** - Si TypeORM no puede inicializar, la aplicación no arrancará. Esto es intencional para detectar problemas temprano. + +3. **No usar synchronize** - Las tablas se crean manualmente con DDL, TypeORM solo las usa para queries. + +4. **Schema 'auth'** - TypeORM está configurado para usar el schema 'auth' por defecto. Asegurarse de que las entities se creen en este schema. + +5. **Logging** - En desarrollo, TypeORM logueará todas las queries. En producción, solo errores. + +--- + +## Soporte + +Si hay problemas durante la instalación o arranque: + +1. Verificar que todas las variables de entorno estén configuradas +2. Verificar que PostgreSQL esté corriendo y accesible +3. Verificar que Redis esté corriendo (opcional) +4. Revisar logs para mensajes de error específicos +5. Verificar que las dependencias se instalaron correctamente con `npm list typeorm reflect-metadata ioredis` + +--- + +**Fecha de creación:** 2025-12-12 +**Estado:** Listo para instalar dependencias y arrancar diff --git a/backend/TYPEORM_USAGE_EXAMPLES.md b/backend/TYPEORM_USAGE_EXAMPLES.md new file mode 100644 index 0000000..81d774c --- /dev/null +++ b/backend/TYPEORM_USAGE_EXAMPLES.md @@ -0,0 +1,536 @@ +# Ejemplos de Uso de TypeORM + +Guía rápida para comenzar a usar TypeORM en el proyecto. + +--- + +## 1. Crear una Entity + +### Ejemplo: User Entity + +**Archivo:** `src/modules/auth/entities/user.entity.ts` + +```typescript +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + ManyToMany, + JoinTable, +} from 'typeorm'; +import { Role } from './role.entity'; + +@Entity('users', { schema: 'auth' }) +export class User { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ unique: true, length: 255 }) + email: string; + + @Column({ length: 255 }) + password: string; + + @Column({ name: 'first_name', length: 100 }) + firstName: string; + + @Column({ name: 'last_name', length: 100 }) + lastName: string; + + @Column({ default: true }) + active: boolean; + + @Column({ name: 'email_verified', default: false }) + emailVerified: boolean; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; + + @ManyToMany(() => Role, role => role.users) + @JoinTable({ + name: 'user_roles', + joinColumn: { name: 'user_id', referencedColumnName: 'id' }, + inverseJoinColumn: { name: 'role_id', referencedColumnName: 'id' }, + }) + roles: Role[]; +} +``` + +### Ejemplo: Role Entity + +**Archivo:** `src/modules/auth/entities/role.entity.ts` + +```typescript +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + ManyToMany, +} from 'typeorm'; +import { User } from './user.entity'; + +@Entity('roles', { schema: 'auth' }) +export class Role { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ unique: true, length: 50 }) + name: string; + + @Column({ type: 'text', nullable: true }) + description: string; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; + + @ManyToMany(() => User, user => user.roles) + users: User[]; +} +``` + +--- + +## 2. Actualizar typeorm.ts + +Después de crear entities, actualizar el array `entities` en `src/config/typeorm.ts`: + +```typescript +export const AppDataSource = new DataSource({ + // ... otras configuraciones ... + + entities: [ + 'src/modules/auth/entities/*.entity.ts', + // Agregar más rutas según sea necesario + ], + + // ... resto de configuración ... +}); +``` + +--- + +## 3. Usar Repository en un Service + +### Ejemplo: UserService + +**Archivo:** `src/modules/auth/services/user.service.ts` + +```typescript +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../../config/typeorm.js'; +import { User } from '../entities/user.entity.js'; +import { Role } from '../entities/role.entity.js'; + +export class UserService { + private userRepository: Repository; + private roleRepository: Repository; + + constructor() { + this.userRepository = AppDataSource.getRepository(User); + this.roleRepository = AppDataSource.getRepository(Role); + } + + // Crear usuario + async createUser(data: { + email: string; + password: string; + firstName: string; + lastName: string; + }): Promise { + const user = this.userRepository.create(data); + return await this.userRepository.save(user); + } + + // Buscar usuario por email (con roles) + async findByEmail(email: string): Promise { + return await this.userRepository.findOne({ + where: { email }, + relations: ['roles'], + }); + } + + // Buscar usuario por ID + async findById(id: string): Promise { + return await this.userRepository.findOne({ + where: { id }, + relations: ['roles'], + }); + } + + // Listar todos los usuarios (con paginación) + async findAll(page: number = 1, limit: number = 10): Promise<{ + users: User[]; + total: number; + page: number; + totalPages: number; + }> { + const [users, total] = await this.userRepository.findAndCount({ + skip: (page - 1) * limit, + take: limit, + relations: ['roles'], + order: { createdAt: 'DESC' }, + }); + + return { + users, + total, + page, + totalPages: Math.ceil(total / limit), + }; + } + + // Actualizar usuario + async updateUser(id: string, data: Partial): Promise { + await this.userRepository.update(id, data); + return await this.findById(id); + } + + // Asignar rol a usuario + async assignRole(userId: string, roleId: string): Promise { + const user = await this.userRepository.findOne({ + where: { id: userId }, + relations: ['roles'], + }); + + if (!user) return null; + + const role = await this.roleRepository.findOne({ + where: { id: roleId }, + }); + + if (!role) return null; + + if (!user.roles) user.roles = []; + user.roles.push(role); + + return await this.userRepository.save(user); + } + + // Eliminar usuario (soft delete) + async deleteUser(id: string): Promise { + const result = await this.userRepository.update(id, { active: false }); + return result.affected ? result.affected > 0 : false; + } +} +``` + +--- + +## 4. Query Builder (para queries complejas) + +### Ejemplo: Búsqueda avanzada de usuarios + +```typescript +async searchUsers(filters: { + search?: string; + active?: boolean; + roleId?: string; +}): Promise { + const query = this.userRepository + .createQueryBuilder('user') + .leftJoinAndSelect('user.roles', 'role'); + + if (filters.search) { + query.where( + 'user.email ILIKE :search OR user.firstName ILIKE :search OR user.lastName ILIKE :search', + { search: `%${filters.search}%` } + ); + } + + if (filters.active !== undefined) { + query.andWhere('user.active = :active', { active: filters.active }); + } + + if (filters.roleId) { + query.andWhere('role.id = :roleId', { roleId: filters.roleId }); + } + + return await query.getMany(); +} +``` + +--- + +## 5. Transacciones + +### Ejemplo: Crear usuario con roles en una transacción + +```typescript +async createUserWithRoles( + userData: { + email: string; + password: string; + firstName: string; + lastName: string; + }, + roleIds: string[] +): Promise { + return await AppDataSource.transaction(async (transactionalEntityManager) => { + // Crear usuario + const user = transactionalEntityManager.create(User, userData); + const savedUser = await transactionalEntityManager.save(user); + + // Buscar roles + const roles = await transactionalEntityManager.findByIds(Role, roleIds); + + // Asignar roles + savedUser.roles = roles; + return await transactionalEntityManager.save(savedUser); + }); +} +``` + +--- + +## 6. Raw Queries (cuando sea necesario) + +### Ejemplo: Query personalizada con parámetros + +```typescript +async getUserStats(): Promise<{ total: number; active: number; inactive: number }> { + const result = await AppDataSource.query( + ` + SELECT + COUNT(*) as total, + SUM(CASE WHEN active = true THEN 1 ELSE 0 END) as active, + SUM(CASE WHEN active = false THEN 1 ELSE 0 END) as inactive + FROM auth.users + ` + ); + + return result[0]; +} +``` + +--- + +## 7. Migrar código existente gradualmente + +### Antes (usando pool pg): + +```typescript +// src/modules/auth/services/user.service.ts (viejo) +import { query, queryOne } from '../../../config/database.js'; + +async findByEmail(email: string): Promise { + return await queryOne( + 'SELECT * FROM auth.users WHERE email = $1', + [email] + ); +} +``` + +### Después (usando TypeORM): + +```typescript +// src/modules/auth/services/user.service.ts (nuevo) +import { AppDataSource } from '../../../config/typeorm.js'; +import { User } from '../entities/user.entity.js'; + +async findByEmail(email: string): Promise { + const userRepository = AppDataSource.getRepository(User); + return await userRepository.findOne({ where: { email } }); +} +``` + +**Nota:** Ambos métodos pueden coexistir. Migrar gradualmente cuando sea conveniente. + +--- + +## 8. Uso en Controllers + +### Ejemplo: UserController + +**Archivo:** `src/modules/auth/controllers/user.controller.ts` + +```typescript +import { Request, Response } from 'express'; +import { UserService } from '../services/user.service.js'; + +export class UserController { + private userService: UserService; + + constructor() { + this.userService = new UserService(); + } + + // GET /api/v1/users + async getAll(req: Request, res: Response): Promise { + try { + const page = parseInt(req.query.page as string) || 1; + const limit = parseInt(req.query.limit as string) || 10; + + const result = await this.userService.findAll(page, limit); + + res.json({ + success: true, + data: result, + }); + } catch (error) { + res.status(500).json({ + success: false, + error: 'Error fetching users', + }); + } + } + + // GET /api/v1/users/:id + async getById(req: Request, res: Response): Promise { + try { + const user = await this.userService.findById(req.params.id); + + if (!user) { + res.status(404).json({ + success: false, + error: 'User not found', + }); + return; + } + + res.json({ + success: true, + data: user, + }); + } catch (error) { + res.status(500).json({ + success: false, + error: 'Error fetching user', + }); + } + } + + // POST /api/v1/users + async create(req: Request, res: Response): Promise { + try { + const user = await this.userService.createUser(req.body); + + res.status(201).json({ + success: true, + data: user, + }); + } catch (error) { + res.status(500).json({ + success: false, + error: 'Error creating user', + }); + } + } +} +``` + +--- + +## 9. Validación con Zod (integración) + +```typescript +import { z } from 'zod'; + +const createUserSchema = z.object({ + email: z.string().email(), + password: z.string().min(8), + firstName: z.string().min(2), + lastName: z.string().min(2), +}); + +async create(req: Request, res: Response): Promise { + try { + // Validar datos + const validatedData = createUserSchema.parse(req.body); + + // Crear usuario + const user = await this.userService.createUser(validatedData); + + res.status(201).json({ + success: true, + data: user, + }); + } catch (error) { + if (error instanceof z.ZodError) { + res.status(400).json({ + success: false, + error: 'Validation error', + details: error.errors, + }); + return; + } + + res.status(500).json({ + success: false, + error: 'Error creating user', + }); + } +} +``` + +--- + +## 10. Custom Repository (avanzado) + +### Ejemplo: UserRepository personalizado + +**Archivo:** `src/modules/auth/repositories/user.repository.ts` + +```typescript +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../../config/typeorm.js'; +import { User } from '../entities/user.entity.js'; + +export class UserRepository extends Repository { + constructor() { + super(User, AppDataSource.createEntityManager()); + } + + // Método personalizado + async findActiveUsers(): Promise { + return this.createQueryBuilder('user') + .where('user.active = :active', { active: true }) + .andWhere('user.emailVerified = :verified', { verified: true }) + .leftJoinAndSelect('user.roles', 'role') + .orderBy('user.createdAt', 'DESC') + .getMany(); + } + + // Otro método personalizado + async findByRoleName(roleName: string): Promise { + return this.createQueryBuilder('user') + .leftJoinAndSelect('user.roles', 'role') + .where('role.name = :roleName', { roleName }) + .getMany(); + } +} +``` + +--- + +## Recursos Adicionales + +- [TypeORM Documentation](https://typeorm.io/) +- [TypeORM Entity Documentation](https://typeorm.io/entities) +- [TypeORM Relations](https://typeorm.io/relations) +- [TypeORM Query Builder](https://typeorm.io/select-query-builder) +- [TypeORM Migrations](https://typeorm.io/migrations) + +--- + +## Recomendaciones + +1. Comenzar con entities simples y agregar complejidad gradualmente +2. Usar Repository para queries simples +3. Usar QueryBuilder para queries complejas +4. Usar transacciones para operaciones que afectan múltiples tablas +5. Validar datos con Zod antes de guardar en base de datos +6. No usar `synchronize: true` en producción +7. Crear índices manualmente en DDL para mejor performance +8. Usar eager/lazy loading según el caso de uso +9. Documentar entities con comentarios JSDoc +10. Mantener código existente con pool pg hasta estar listo para migrar diff --git a/backend/package-lock.json b/backend/package-lock.json new file mode 100644 index 0000000..5267452 --- /dev/null +++ b/backend/package-lock.json @@ -0,0 +1,8585 @@ +{ + "name": "@erp-generic/backend", + "version": "0.1.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "@erp-generic/backend", + "version": "0.1.0", + "dependencies": { + "bcryptjs": "^2.4.3", + "compression": "^1.7.4", + "cors": "^2.8.5", + "dotenv": "^16.3.1", + "express": "^4.18.2", + "helmet": "^7.1.0", + "ioredis": "^5.8.2", + "jsonwebtoken": "^9.0.2", + "morgan": "^1.10.0", + "pg": "^8.11.3", + "reflect-metadata": "^0.2.2", + "swagger-jsdoc": "^6.2.8", + "swagger-ui-express": "^5.0.1", + "typeorm": "^0.3.28", + "uuid": "^9.0.1", + "winston": "^3.11.0", + "zod": "^3.22.4" + }, + "devDependencies": { + "@types/bcryptjs": "^2.4.6", + "@types/compression": "^1.7.5", + "@types/cors": "^2.8.17", + "@types/express": "^4.17.21", + "@types/ioredis": "^4.28.10", + "@types/jest": "^29.5.11", + "@types/jsonwebtoken": "^9.0.5", + "@types/morgan": "^1.9.9", + "@types/node": "^20.10.4", + "@types/pg": "^8.10.9", + "@types/swagger-jsdoc": "^6.0.4", + "@types/swagger-ui-express": "^4.1.8", + "@types/uuid": "^9.0.7", + "@typescript-eslint/eslint-plugin": "^6.14.0", + "@typescript-eslint/parser": "^6.14.0", + "eslint": "^8.56.0", + "jest": "^29.7.0", + "ts-jest": "^29.1.1", + "tsx": "^4.6.2", + "typescript": "^5.3.3" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@apidevtools/json-schema-ref-parser": { + "version": "9.1.2", + "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-9.1.2.tgz", + "integrity": "sha512-r1w81DpR+KyRWd3f+rk6TNqMgedmAxZP5v5KWlXQWlgMUUtyEJch0DKEci1SorPMiSeM8XPl7MZ3miJ60JIpQg==", + "license": "MIT", + "dependencies": { + "@jsdevtools/ono": "^7.1.3", + "@types/json-schema": "^7.0.6", + "call-me-maybe": "^1.0.1", + "js-yaml": "^4.1.0" + } + }, + "node_modules/@apidevtools/openapi-schemas": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@apidevtools/openapi-schemas/-/openapi-schemas-2.1.0.tgz", + "integrity": "sha512-Zc1AlqrJlX3SlpupFGpiLi2EbteyP7fXmUOGup6/DnkRgjP9bgMM/ag+n91rsv0U1Gpz0H3VILA/o3bW7Ua6BQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/@apidevtools/swagger-methods": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@apidevtools/swagger-methods/-/swagger-methods-3.0.2.tgz", + "integrity": "sha512-QAkD5kK2b1WfjDS/UQn/qQkbwF31uqRjPTrsCs5ZG9BQGAkjwvqGFjjPqAuzac/IYzpPtRzjCP1WrTuAIjMrXg==", + "license": "MIT" + }, + "node_modules/@apidevtools/swagger-parser": { + "version": "10.0.3", + "resolved": "https://registry.npmjs.org/@apidevtools/swagger-parser/-/swagger-parser-10.0.3.tgz", + "integrity": "sha512-sNiLY51vZOmSPFZA5TF35KZ2HbgYklQnTSDnkghamzLb3EkNtcQnrBQEj5AOCxHpTtXpqMCRM1CrmV2rG6nw4g==", + "license": "MIT", + "dependencies": { + "@apidevtools/json-schema-ref-parser": "^9.0.6", + "@apidevtools/openapi-schemas": "^2.0.4", + "@apidevtools/swagger-methods": "^3.0.2", + "@jsdevtools/ono": "^7.1.3", + "call-me-maybe": "^1.0.1", + "z-schema": "^5.0.1" + }, + "peerDependencies": { + "openapi-types": ">=7" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz", + "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.27.1", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.5.tgz", + "integrity": "sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.5.tgz", + "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/generator": "^7.28.5", + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-module-transforms": "^7.28.3", + "@babel/helpers": "^7.28.4", + "@babel/parser": "^7.28.5", + "@babel/template": "^7.27.2", + "@babel/traverse": "^7.28.5", + "@babel/types": "^7.28.5", + "@jridgewell/remapping": "^2.3.5", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/core/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/generator": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.5.tgz", + "integrity": "sha512-3EwLFhZ38J4VyIP6WNtt2kUdW9dokXA9Cr4IVIFHuCpZ3H8/YFOl5JjZHisrn1fATPBmKKqXzDFvh9fUwHz6CQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.28.5", + "@babel/types": "^7.28.5", + "@jridgewell/gen-mapping": "^0.3.12", + "@jridgewell/trace-mapping": "^0.3.28", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.27.2", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz", + "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.27.2", + "@babel/helper-validator-option": "^7.27.1", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-globals": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz", + "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz", + "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.27.1", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz", + "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.27.1", + "@babel/helper-validator-identifier": "^7.27.1", + "@babel/traverse": "^7.28.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz", + "integrity": "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", + "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.28.5.tgz", + "integrity": "sha512-qSs4ifwzKJSV39ucNjsvc6WVHs6b7S03sOh2OcHF9UHfVPqWWALUsNUVzhSBiItjRZoLHx7nIarVjqKVusUZ1Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz", + "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz", + "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/template": "^7.27.2", + "@babel/types": "^7.28.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.5.tgz", + "integrity": "sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.5" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-syntax-async-generators": { + "version": "7.8.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", + "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-bigint": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-bigint/-/plugin-syntax-bigint-7.8.3.tgz", + "integrity": "sha512-wnTnFlG+YxQm3vDxpGE57Pj0srRU4sHE/mDkt1qv2YJJSeUAec2ma4WLUnUPeKjyrfntVwe/N6dCXpU+zL3Npg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-class-properties": { + "version": "7.12.13", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", + "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.12.13" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-class-static-block": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz", + "integrity": "sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-attributes": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz", + "integrity": "sha512-oFT0FrKHgF53f4vOsZGi2Hh3I35PfSmVs4IBFLFj4dnafP+hIWDLg3VyKmUHfLoLHlyxY4C7DGtmHuJgn+IGww==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-meta": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", + "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-json-strings": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", + "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-jsx": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.27.1.tgz", + "integrity": "sha512-y8YTNIeKoyhGd9O0Jiyzyyqk8gdjnumGTQPsz0xOZOQ2RmkVJeZ1vmmfIvFEKqucBG6axJGBZDE/7iI5suUI/w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-logical-assignment-operators": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", + "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", + "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-numeric-separator": { + "version": "7.10.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", + "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.10.4" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-object-rest-spread": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", + "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-optional-catch-binding": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", + "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-optional-chaining": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", + "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-private-property-in-object": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz", + "integrity": "sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-top-level-await": { + "version": "7.14.5", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", + "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.14.5" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-typescript": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.27.1.tgz", + "integrity": "sha512-xfYCBMxveHrRMnAWl1ZlPXOZjzkN82THFvLhQhFXFt81Z5HnN+EtUkZhv/zcKpmT3fzmWZB0ywiBrbC3vogbwQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/template": { + "version": "7.27.2", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz", + "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/parser": "^7.27.2", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.5.tgz", + "integrity": "sha512-TCCj4t55U90khlYkVV/0TfkJkAkUg3jZFA3Neb7unZT8CPok7iiRfaX0F+WnqWqt7OxhOn0uBKXCw4lbL8W0aQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/generator": "^7.28.5", + "@babel/helper-globals": "^7.28.0", + "@babel/parser": "^7.28.5", + "@babel/template": "^7.27.2", + "@babel/types": "^7.28.5", + "debug": "^4.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.28.5", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.5.tgz", + "integrity": "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.27.1", + "@babel/helper-validator-identifier": "^7.28.5" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@bcoe/v8-coverage": { + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", + "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@colors/colors": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.6.0.tgz", + "integrity": "sha512-Ir+AOibqzrIsL6ajt3Rz3LskB7OiMVHqltZmspbW/TJuTVuyOMirVqAkjfY6JISiLHgyNqicAC8AyHHGzNd/dA==", + "license": "MIT", + "engines": { + "node": ">=0.1.90" + } + }, + "node_modules/@dabh/diagnostics": { + "version": "2.0.8", + "resolved": "https://registry.npmjs.org/@dabh/diagnostics/-/diagnostics-2.0.8.tgz", + "integrity": "sha512-R4MSXTVnuMzGD7bzHdW2ZhhdPC/igELENcq5IjEverBvq5hn1SXCWcsi6eSsdWP0/Ur+SItRRjAktmdoX/8R/Q==", + "license": "MIT", + "dependencies": { + "@so-ric/colorspace": "^1.1.6", + "enabled": "2.0.x", + "kuler": "^2.0.0" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.1.tgz", + "integrity": "sha512-HHB50pdsBX6k47S4u5g/CaLjqS3qwaOVE5ILsq64jyzgMhLuCuZ8rGzM9yhsAjfjkbgUPMzZEPa7DAp7yz6vuA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.1.tgz", + "integrity": "sha512-kFqa6/UcaTbGm/NncN9kzVOODjhZW8e+FRdSeypWe6j33gzclHtwlANs26JrupOntlcWmB0u8+8HZo8s7thHvg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.1.tgz", + "integrity": "sha512-45fuKmAJpxnQWixOGCrS+ro4Uvb4Re9+UTieUY2f8AEc+t7d4AaZ6eUJ3Hva7dtrxAAWHtlEFsXFMAgNnGU9uQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.1.tgz", + "integrity": "sha512-LBEpOz0BsgMEeHgenf5aqmn/lLNTFXVfoWMUox8CtWWYK9X4jmQzWjoGoNb8lmAYml/tQ/Ysvm8q7szu7BoxRQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.1.tgz", + "integrity": "sha512-veg7fL8eMSCVKL7IW4pxb54QERtedFDfY/ASrumK/SbFsXnRazxY4YykN/THYqFnFwJ0aVjiUrVG2PwcdAEqQQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.1.tgz", + "integrity": "sha512-+3ELd+nTzhfWb07Vol7EZ+5PTbJ/u74nC6iv4/lwIU99Ip5uuY6QoIf0Hn4m2HoV0qcnRivN3KSqc+FyCHjoVQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.1.tgz", + "integrity": "sha512-/8Rfgns4XD9XOSXlzUDepG8PX+AVWHliYlUkFI3K3GB6tqbdjYqdhcb4BKRd7C0BhZSoaCxhv8kTcBrcZWP+xg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.1.tgz", + "integrity": "sha512-GITpD8dK9C+r+5yRT/UKVT36h/DQLOHdwGVwwoHidlnA168oD3uxA878XloXebK4Ul3gDBBIvEdL7go9gCUFzQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.1.tgz", + "integrity": "sha512-ieMID0JRZY/ZeCrsFQ3Y3NlHNCqIhTprJfDgSB3/lv5jJZ8FX3hqPyXWhe+gvS5ARMBJ242PM+VNz/ctNj//eA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.1.tgz", + "integrity": "sha512-W9//kCrh/6in9rWIBdKaMtuTTzNj6jSeG/haWBADqLLa9P8O5YSRDzgD5y9QBok4AYlzS6ARHifAb75V6G670Q==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.1.tgz", + "integrity": "sha512-VIUV4z8GD8rtSVMfAj1aXFahsi/+tcoXXNYmXgzISL+KB381vbSTNdeZHHHIYqFyXcoEhu9n5cT+05tRv13rlw==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.1.tgz", + "integrity": "sha512-l4rfiiJRN7sTNI//ff65zJ9z8U+k6zcCg0LALU5iEWzY+a1mVZ8iWC1k5EsNKThZ7XCQ6YWtsZ8EWYm7r1UEsg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.1.tgz", + "integrity": "sha512-U0bEuAOLvO/DWFdygTHWY8C067FXz+UbzKgxYhXC0fDieFa0kDIra1FAhsAARRJbvEyso8aAqvPdNxzWuStBnA==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.1.tgz", + "integrity": "sha512-NzdQ/Xwu6vPSf/GkdmRNsOfIeSGnh7muundsWItmBsVpMoNPVpM61qNzAVY3pZ1glzzAxLR40UyYM23eaDDbYQ==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.1.tgz", + "integrity": "sha512-7zlw8p3IApcsN7mFw0O1Z1PyEk6PlKMu18roImfl3iQHTnr/yAfYv6s4hXPidbDoI2Q0pW+5xeoM4eTCC0UdrQ==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.1.tgz", + "integrity": "sha512-cGj5wli+G+nkVQdZo3+7FDKC25Uh4ZVwOAK6A06Hsvgr8WqBBuOy/1s+PUEd/6Je+vjfm6stX0kmib5b/O2Ykw==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.1.tgz", + "integrity": "sha512-z3H/HYI9MM0HTv3hQZ81f+AKb+yEoCRlUby1F80vbQ5XdzEMyY/9iNlAmhqiBKw4MJXwfgsh7ERGEOhrM1niMA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.1.tgz", + "integrity": "sha512-wzC24DxAvk8Em01YmVXyjl96Mr+ecTPyOuADAvjGg+fyBpGmxmcr2E5ttf7Im8D0sXZihpxzO1isus8MdjMCXQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.1.tgz", + "integrity": "sha512-1YQ8ybGi2yIXswu6eNzJsrYIGFpnlzEWRl6iR5gMgmsrR0FcNoV1m9k9sc3PuP5rUBLshOZylc9nqSgymI+TYg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.1.tgz", + "integrity": "sha512-5Z+DzLCrq5wmU7RDaMDe2DVXMRm2tTDvX2KU14JJVBN2CT/qov7XVix85QoJqHltpvAOZUAc3ndU56HSMWrv8g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.1.tgz", + "integrity": "sha512-Q73ENzIdPF5jap4wqLtsfh8YbYSZ8Q0wnxplOlZUOyZy7B4ZKW8DXGWgTCZmF8VWD7Tciwv5F4NsRf6vYlZtqg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.1.tgz", + "integrity": "sha512-ajbHrGM/XiK+sXM0JzEbJAen+0E+JMQZ2l4RR4VFwvV9JEERx+oxtgkpoKv1SevhjavK2z2ReHk32pjzktWbGg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.1.tgz", + "integrity": "sha512-IPUW+y4VIjuDVn+OMzHc5FV4GubIwPnsz6ubkvN8cuhEqH81NovB53IUlrlBkPMEPxvNnf79MGBoz8rZ2iW8HA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.1.tgz", + "integrity": "sha512-RIVRWiljWA6CdVu8zkWcRmGP7iRRIIwvhDKem8UMBjPql2TXM5PkDVvvrzMtj1V+WFPB4K7zkIGM7VzRtFkjdg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.1.tgz", + "integrity": "sha512-2BR5M8CPbptC1AK5JbJT1fWrHLvejwZidKx3UMSF0ecHMa+smhi16drIrCEggkgviBwLYd5nwrFLSl5Kho96RQ==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.1.tgz", + "integrity": "sha512-d5X6RMYv6taIymSk8JBP+nxv8DQAMY6A51GPgusqLdK9wBz5wWIXy1KjTck6HnjE9hqJzJRdk+1p/t5soSbCtw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@eslint-community/eslint-utils": { + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz", + "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" + } + }, + "node_modules/@eslint-community/regexpp": { + "version": "4.12.2", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.2.tgz", + "integrity": "sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", + "integrity": "sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^9.6.0", + "globals": "^13.19.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint/eslintrc/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/@eslint/eslintrc/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/@eslint/js": { + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.1.tgz", + "integrity": "sha512-d9zaMRSTIKDLhctzH12MtXvJKSSUhaHcjV+2Z+GK+EEY7XKpP5yR4x+N3TAcHTcu963nIr+TMcCb4DBCYX1z6Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/@humanwhocodes/config-array": { + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.13.0.tgz", + "integrity": "sha512-DZLEEqFWQFiyK6h5YIeynKx7JlvCYWL0cImfSRXZ9l4Sg2efkFGTuFf6vzXjK1cq6IYkU+Eg/JizXw+TD2vRNw==", + "deprecated": "Use @eslint/config-array instead", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@humanwhocodes/object-schema": "^2.0.3", + "debug": "^4.3.1", + "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/@humanwhocodes/config-array/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/@humanwhocodes/config-array/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/object-schema": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", + "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==", + "deprecated": "Use @eslint/object-schema instead", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/@ioredis/commands": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/@ioredis/commands/-/commands-1.4.0.tgz", + "integrity": "sha512-aFT2yemJJo+TZCmieA7qnYGQooOS7QfNmYrzGtsYd3g9j5iDP8AimYYAesf79ohjbLG12XxC4nG5DyEnC88AsQ==", + "license": "MIT" + }, + "node_modules/@isaacs/cliui": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "license": "ISC", + "dependencies": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@isaacs/cliui/node_modules/ansi-regex": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/@isaacs/cliui/node_modules/ansi-styles": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/@isaacs/cliui/node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "license": "MIT" + }, + "node_modules/@isaacs/cliui/node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "license": "MIT", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@isaacs/cliui/node_modules/strip-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/@isaacs/cliui/node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/@istanbuljs/load-nyc-config": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", + "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "camelcase": "^5.3.1", + "find-up": "^4.1.0", + "get-package-type": "^0.1.0", + "js-yaml": "^3.13.1", + "resolve-from": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dev": true, + "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/js-yaml": { + "version": "3.14.2", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz", + "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/load-nyc-config/node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/@istanbuljs/schema": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", + "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/@jest/console": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/console/-/console-29.7.0.tgz", + "integrity": "sha512-5Ni4CU7XHQi32IJ398EEP4RrB8eV09sXP2ROqD4bksHrnTree52PsxvX8tpL8LvTZ3pFzXyPbNQReSN41CAhOg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "jest-message-util": "^29.7.0", + "jest-util": "^29.7.0", + "slash": "^3.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/core": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/core/-/core-29.7.0.tgz", + "integrity": "sha512-n7aeXWKMnGtDA48y8TLWJPJmLmmZ642Ceo78cYWEpiD7FzDgmNDV/GCVRorPABdXLJZ/9wzzgZAlHjXjxDHGsg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/console": "^29.7.0", + "@jest/reporters": "^29.7.0", + "@jest/test-result": "^29.7.0", + "@jest/transform": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.9", + "jest-changed-files": "^29.7.0", + "jest-config": "^29.7.0", + "jest-haste-map": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-regex-util": "^29.6.3", + "jest-resolve": "^29.7.0", + "jest-resolve-dependencies": "^29.7.0", + "jest-runner": "^29.7.0", + "jest-runtime": "^29.7.0", + "jest-snapshot": "^29.7.0", + "jest-util": "^29.7.0", + "jest-validate": "^29.7.0", + "jest-watcher": "^29.7.0", + "micromatch": "^4.0.4", + "pretty-format": "^29.7.0", + "slash": "^3.0.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true + } + } + }, + "node_modules/@jest/environment": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/environment/-/environment-29.7.0.tgz", + "integrity": "sha512-aQIfHDq33ExsN4jP1NWGXhxgQ/wixs60gDiKO+XVMd8Mn0NWPWgc34ZQDTb2jKaUWQ7MuwoitXAsN2XVXNMpAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/fake-timers": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "jest-mock": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/expect": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/expect/-/expect-29.7.0.tgz", + "integrity": "sha512-8uMeAMycttpva3P1lBHB8VciS9V0XAr3GymPpipdyQXbBcuhkLQOSe8E/p92RyAdToS6ZD1tFkX+CkhoECE0dQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "expect": "^29.7.0", + "jest-snapshot": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/expect-utils": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/expect-utils/-/expect-utils-29.7.0.tgz", + "integrity": "sha512-GlsNBWiFQFCVi9QVSx7f5AgMeLxe9YCCs5PuP2O2LdjDAA8Jh9eX7lA1Jq/xdXw3Wb3hyvlFNfZIfcRetSzYcA==", + "dev": true, + "license": "MIT", + "dependencies": { + "jest-get-type": "^29.6.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/fake-timers": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/fake-timers/-/fake-timers-29.7.0.tgz", + "integrity": "sha512-q4DH1Ha4TTFPdxLsqDXK1d3+ioSL7yL5oCMJZgDYm6i+6CygW5E5xVr/D1HdsGxjt1ZWSfUAs9OxSB/BNelWrQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@sinonjs/fake-timers": "^10.0.2", + "@types/node": "*", + "jest-message-util": "^29.7.0", + "jest-mock": "^29.7.0", + "jest-util": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/globals": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/globals/-/globals-29.7.0.tgz", + "integrity": "sha512-mpiz3dutLbkW2MNFubUGUEVLkTGiqW6yLVTA+JbP6fI6J5iL9Y0Nlg8k95pcF8ctKwCS7WVxteBs29hhfAotzQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/environment": "^29.7.0", + "@jest/expect": "^29.7.0", + "@jest/types": "^29.6.3", + "jest-mock": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/reporters": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/reporters/-/reporters-29.7.0.tgz", + "integrity": "sha512-DApq0KJbJOEzAFYjHADNNxAE3KbhxQB1y5Kplb5Waqw6zVbuWatSnMjE5gs8FUgEPmNsnZA3NCWl9NG0ia04Pg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@bcoe/v8-coverage": "^0.2.3", + "@jest/console": "^29.7.0", + "@jest/test-result": "^29.7.0", + "@jest/transform": "^29.7.0", + "@jest/types": "^29.6.3", + "@jridgewell/trace-mapping": "^0.3.18", + "@types/node": "*", + "chalk": "^4.0.0", + "collect-v8-coverage": "^1.0.0", + "exit": "^0.1.2", + "glob": "^7.1.3", + "graceful-fs": "^4.2.9", + "istanbul-lib-coverage": "^3.0.0", + "istanbul-lib-instrument": "^6.0.0", + "istanbul-lib-report": "^3.0.0", + "istanbul-lib-source-maps": "^4.0.0", + "istanbul-reports": "^3.1.3", + "jest-message-util": "^29.7.0", + "jest-util": "^29.7.0", + "jest-worker": "^29.7.0", + "slash": "^3.0.0", + "string-length": "^4.0.1", + "strip-ansi": "^6.0.0", + "v8-to-istanbul": "^9.0.1" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true + } + } + }, + "node_modules/@jest/schemas": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@sinclair/typebox": "^0.27.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/source-map": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/source-map/-/source-map-29.6.3.tgz", + "integrity": "sha512-MHjT95QuipcPrpLM+8JMSzFx6eHp5Bm+4XeFDJlwsvVBjmKNiIAvasGK2fxz2WbGRlnvqehFbh07MMa7n3YJnw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.18", + "callsites": "^3.0.0", + "graceful-fs": "^4.2.9" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/test-result": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/test-result/-/test-result-29.7.0.tgz", + "integrity": "sha512-Fdx+tv6x1zlkJPcWXmMDAG2HBnaR9XPSd5aDWQVsfrZmLVT3lU1cwyxLgRmXR9yrq4NBoEm9BMsfgFzTQAbJYA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/console": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "collect-v8-coverage": "^1.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/test-sequencer": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/test-sequencer/-/test-sequencer-29.7.0.tgz", + "integrity": "sha512-GQwJ5WZVrKnOJuiYiAF52UNUJXgTZx1NHjFSEB0qEMmSZKAkdMoIzw/Cj6x6NF4AvV23AUqDpFzQkN/eYCYTxw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/test-result": "^29.7.0", + "graceful-fs": "^4.2.9", + "jest-haste-map": "^29.7.0", + "slash": "^3.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/transform": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", + "integrity": "sha512-ok/BTPFzFKVMwO5eOHRrvnBVHdRy9IrsrW1GpMaQ9MCnilNLXQKmAX8s1YXDFaai9xJpac2ySzV0YeRRECr2Vw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.11.6", + "@jest/types": "^29.6.3", + "@jridgewell/trace-mapping": "^0.3.18", + "babel-plugin-istanbul": "^6.1.1", + "chalk": "^4.0.0", + "convert-source-map": "^2.0.0", + "fast-json-stable-stringify": "^2.1.0", + "graceful-fs": "^4.2.9", + "jest-haste-map": "^29.7.0", + "jest-regex-util": "^29.6.3", + "jest-util": "^29.7.0", + "micromatch": "^4.0.4", + "pirates": "^4.0.4", + "slash": "^3.0.0", + "write-file-atomic": "^4.0.2" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/types": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "integrity": "sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/schemas": "^29.6.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^17.0.8", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "dev": true, + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@jsdevtools/ono": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", + "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==", + "license": "MIT" + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@pkgjs/parseargs": { + "version": "0.11.0", + "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", + "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", + "license": "MIT", + "optional": true, + "engines": { + "node": ">=14" + } + }, + "node_modules/@scarf/scarf": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/@scarf/scarf/-/scarf-1.4.0.tgz", + "integrity": "sha512-xxeapPiUXdZAE3che6f3xogoJPeZgig6omHEy1rIY5WVsB3H2BHNnZH+gHG6x91SCWyQCzWGsuL2Hh3ClO5/qQ==", + "hasInstallScript": true, + "license": "Apache-2.0" + }, + "node_modules/@sinclair/typebox": { + "version": "0.27.8", + "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@sinonjs/commons": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.1.tgz", + "integrity": "sha512-K3mCHKQ9sVh8o1C9cxkwxaOmXoAMlDxC1mYyHrjqOWEcBjYr76t96zL2zlj5dUGZ3HSw240X1qgH3Mjf1yJWpQ==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "type-detect": "4.0.8" + } + }, + "node_modules/@sinonjs/fake-timers": { + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz", + "integrity": "sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "@sinonjs/commons": "^3.0.0" + } + }, + "node_modules/@so-ric/colorspace": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/@so-ric/colorspace/-/colorspace-1.1.6.tgz", + "integrity": "sha512-/KiKkpHNOBgkFJwu9sh48LkHSMYGyuTcSFK/qMBdnOAlrRJzRSXAOFB5qwzaVQuDl8wAvHVMkaASQDReTahxuw==", + "license": "MIT", + "dependencies": { + "color": "^5.0.2", + "text-hex": "1.0.x" + } + }, + "node_modules/@sqltools/formatter": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/@sqltools/formatter/-/formatter-1.2.5.tgz", + "integrity": "sha512-Uy0+khmZqUrUGm5dmMqVlnvufZRSK0FbYzVgp0UMstm+F5+W2/jnEEQyc9vo1ZR/E5ZI/B1WjjoTqBqwJL6Krw==", + "license": "MIT" + }, + "node_modules/@types/babel__core": { + "version": "7.20.5", + "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", + "integrity": "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.20.7", + "@babel/types": "^7.20.7", + "@types/babel__generator": "*", + "@types/babel__template": "*", + "@types/babel__traverse": "*" + } + }, + "node_modules/@types/babel__generator": { + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.27.0.tgz", + "integrity": "sha512-ufFd2Xi92OAVPYsy+P4n7/U7e68fex0+Ee8gSG9KX7eo084CWiQ4sdxktvdl0bOPupXtVJPY19zk6EwWqUQ8lg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__template": { + "version": "7.4.4", + "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", + "integrity": "sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.1.0", + "@babel/types": "^7.0.0" + } + }, + "node_modules/@types/babel__traverse": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.28.0.tgz", + "integrity": "sha512-8PvcXf70gTDZBgt9ptxJ8elBeBjcLOAcOtoO/mPJjtji1+CdGbHgm77om1GrsPxsiE+uXIpNSK64UYaIwQXd4Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.2" + } + }, + "node_modules/@types/bcryptjs": { + "version": "2.4.6", + "resolved": "https://registry.npmjs.org/@types/bcryptjs/-/bcryptjs-2.4.6.tgz", + "integrity": "sha512-9xlo6R2qDs5uixm0bcIqCeMCE6HiQsIyel9KQySStiyqNl2tnj2mP3DX1Nf56MD6KMenNNlBBsy3LJ7gUEQPXQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/body-parser": { + "version": "1.19.6", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz", + "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "node_modules/@types/compression": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/@types/compression/-/compression-1.8.1.tgz", + "integrity": "sha512-kCFuWS0ebDbmxs0AXYn6e2r2nrGAb5KwQhknjSPSPgJcGd8+HVSILlUyFhGqML2gk39HcG7D1ydW9/qpYkN00Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/express": "*", + "@types/node": "*" + } + }, + "node_modules/@types/connect": { + "version": "3.4.38", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/cors": { + "version": "2.8.19", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz", + "integrity": "sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/express": { + "version": "4.17.25", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.25.tgz", + "integrity": "sha512-dVd04UKsfpINUnK0yBoYHDF3xu7xVH4BuDotC/xGuycx4CgbP48X/KF/586bcObxT0HENHXEU8Nqtu6NR+eKhw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.33", + "@types/qs": "*", + "@types/serve-static": "^1" + } + }, + "node_modules/@types/express-serve-static-core": { + "version": "4.19.7", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.7.tgz", + "integrity": "sha512-FvPtiIf1LfhzsaIXhv/PHan/2FeQBbtBDtfX2QfvPxdUelMDEckK08SM6nqo1MIZY3RUlfA+HV8+hFUSio78qg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*", + "@types/send": "*" + } + }, + "node_modules/@types/graceful-fs": { + "version": "4.1.9", + "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", + "integrity": "sha512-olP3sd1qOEe5dXTSaFvQG+02VdRXcdytWLAZsAq1PecU8uqQAhkrnbli7DagjtXKW/Bl7YJbUsa8MPcuc8LHEQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/http-errors": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz", + "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/ioredis": { + "version": "4.28.10", + "resolved": "https://registry.npmjs.org/@types/ioredis/-/ioredis-4.28.10.tgz", + "integrity": "sha512-69LyhUgrXdgcNDv7ogs1qXZomnfOEnSmrmMFqKgt1XMJxmoOSG/u3wYy13yACIfKuMJ8IhKgHafDO3sx19zVQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/istanbul-lib-coverage": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/istanbul-lib-report": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "integrity": "sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-coverage": "*" + } + }, + "node_modules/@types/istanbul-reports": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "integrity": "sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-report": "*" + } + }, + "node_modules/@types/jest": { + "version": "29.5.14", + "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.14.tgz", + "integrity": "sha512-ZN+4sdnLUbo8EVvVc2ao0GFW6oVrQRPn4K2lglySj7APvSrgzxHiNNK99us4WDMi57xxA2yggblIAMNhXOotLQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "expect": "^29.0.0", + "pretty-format": "^29.0.0" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", + "license": "MIT" + }, + "node_modules/@types/jsonwebtoken": { + "version": "9.0.10", + "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz", + "integrity": "sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/ms": "*", + "@types/node": "*" + } + }, + "node_modules/@types/mime": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/morgan": { + "version": "1.9.10", + "resolved": "https://registry.npmjs.org/@types/morgan/-/morgan-1.9.10.tgz", + "integrity": "sha512-sS4A1zheMvsADRVfT0lYbJ4S9lmsey8Zo2F7cnbYjWHP67Q0AwMYuuzLlkIM2N8gAbb9cubhIVFwcIN2XyYCkA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/ms": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", + "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "20.19.26", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.26.tgz", + "integrity": "sha512-0l6cjgF0XnihUpndDhk+nyD3exio3iKaYROSgvh/qSevPXax3L8p5DBRFjbvalnwatGgHEQn2R88y2fA3g4irg==", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~6.21.0" + } + }, + "node_modules/@types/pg": { + "version": "8.15.6", + "resolved": "https://registry.npmjs.org/@types/pg/-/pg-8.15.6.tgz", + "integrity": "sha512-NoaMtzhxOrubeL/7UZuNTrejB4MPAJ0RpxZqXQf2qXuVlTPuG6Y8p4u9dKRaue4yjmC7ZhzVO2/Yyyn25znrPQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "pg-protocol": "*", + "pg-types": "^2.2.0" + } + }, + "node_modules/@types/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/range-parser": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/semver": { + "version": "7.7.1", + "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz", + "integrity": "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/send": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.1.tgz", + "integrity": "sha512-arsCikDvlU99zl1g69TcAB3mzZPpxgw0UQnaHeC1Nwb015xp8bknZv5rIfri9xTOcMuaVgvabfIRA7PSZVuZIQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/serve-static": { + "version": "1.15.10", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.10.tgz", + "integrity": "sha512-tRs1dB+g8Itk72rlSI2ZrW6vZg0YrLI81iQSTkMmOqnqCaNr/8Ek4VwWcN5vZgCYWbg/JJSGBlUaYGAOP73qBw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/http-errors": "*", + "@types/node": "*", + "@types/send": "<1" + } + }, + "node_modules/@types/serve-static/node_modules/@types/send": { + "version": "0.17.6", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.6.tgz", + "integrity": "sha512-Uqt8rPBE8SY0RK8JB1EzVOIZ32uqy8HwdxCnoCOsYrvnswqmFZ/k+9Ikidlk/ImhsdvBsloHbAlewb2IEBV/Og==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "node_modules/@types/stack-utils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@types/stack-utils/-/stack-utils-2.0.3.tgz", + "integrity": "sha512-9aEbYZ3TbYMznPdcdr3SmIrLXwC/AKZXQeCf9Pgao5CKb8CyHuEX5jzWPTkvregvhRJHcpRO6BFoGW9ycaOkYw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/swagger-jsdoc": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.4.tgz", + "integrity": "sha512-W+Xw5epcOZrF/AooUM/PccNMSAFOKWZA5dasNyMujTwsBkU74njSJBpvCCJhHAJ95XRMzQrrW844Btu0uoetwQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/swagger-ui-express": { + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.8.tgz", + "integrity": "sha512-AhZV8/EIreHFmBV5wAs0gzJUNq9JbbSXgJLQubCC0jtIo6prnI9MIRRxnU4MZX9RB9yXxF1V4R7jtLl/Wcj31g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/express": "*", + "@types/serve-static": "*" + } + }, + "node_modules/@types/triple-beam": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/triple-beam/-/triple-beam-1.3.5.tgz", + "integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw==", + "license": "MIT" + }, + "node_modules/@types/uuid": { + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/yargs": { + "version": "17.0.35", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.35.tgz", + "integrity": "sha512-qUHkeCyQFxMXg79wQfTtfndEC+N9ZZg76HJftDJp+qH2tV7Gj4OJi7l+PiWwJ+pWtW8GwSmqsDj/oymhrTWXjg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@types/yargs-parser": { + "version": "21.0.3", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@typescript-eslint/eslint-plugin": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.21.0.tgz", + "integrity": "sha512-oy9+hTPCUFpngkEZUSzbf9MxI65wbKFoQYsgPdILTfbUldp5ovUuphZVe4i30emU9M/kP+T64Di0mxl7dSw3MA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/regexpp": "^4.5.1", + "@typescript-eslint/scope-manager": "6.21.0", + "@typescript-eslint/type-utils": "6.21.0", + "@typescript-eslint/utils": "6.21.0", + "@typescript-eslint/visitor-keys": "6.21.0", + "debug": "^4.3.4", + "graphemer": "^1.4.0", + "ignore": "^5.2.4", + "natural-compare": "^1.4.0", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^6.0.0 || ^6.0.0-alpha", + "eslint": "^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.21.0.tgz", + "integrity": "sha512-tbsV1jPne5CkFQCgPBcDOt30ItF7aJoZL997JSF7MhGQqOeT3svWRYxiqlfA5RUdlHN6Fi+EI9bxqbdyAUZjYQ==", + "dev": true, + "license": "BSD-2-Clause", + "peer": true, + "dependencies": { + "@typescript-eslint/scope-manager": "6.21.0", + "@typescript-eslint/types": "6.21.0", + "@typescript-eslint/typescript-estree": "6.21.0", + "@typescript-eslint/visitor-keys": "6.21.0", + "debug": "^4.3.4" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/scope-manager": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.21.0.tgz", + "integrity": "sha512-OwLUIWZJry80O99zvqXVEioyniJMa+d2GrqpUTqi5/v5D5rOrppJVBPa0yKCblcigC0/aYAzxxqQ1B+DS2RYsg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "6.21.0", + "@typescript-eslint/visitor-keys": "6.21.0" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.21.0.tgz", + "integrity": "sha512-rZQI7wHfao8qMX3Rd3xqeYSMCL3SoiSQLBATSiVKARdFGCYSRvmViieZjqc58jKgs8Y8i9YvVVhRbHSTA4VBag==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/typescript-estree": "6.21.0", + "@typescript-eslint/utils": "6.21.0", + "debug": "^4.3.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.21.0.tgz", + "integrity": "sha512-1kFmZ1rOm5epu9NZEZm1kckCDGj5UJEf7P1kliH4LKu/RkwpsfqqGmY2OOcUs18lSlQBKLDYBOGxRVtrMN5lpg==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/typescript-estree": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.21.0.tgz", + "integrity": "sha512-6npJTkZcO+y2/kr+z0hc4HwNfrrP4kNYh57ek7yCNlrBjWQ1Y0OS7jiZTkgumrvkX5HkEKXFZkkdFNkaW2wmUQ==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "@typescript-eslint/types": "6.21.0", + "@typescript-eslint/visitor-keys": "6.21.0", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "minimatch": "9.0.3", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/utils": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.21.0.tgz", + "integrity": "sha512-NfWVaC8HP9T8cbKQxHcsJBY5YE1O33+jpMwN45qzWWaPDZgLIbo12toGMWnmhvCpd3sIxkpDw3Wv1B3dYrbDQQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.4.0", + "@types/json-schema": "^7.0.12", + "@types/semver": "^7.5.0", + "@typescript-eslint/scope-manager": "6.21.0", + "@typescript-eslint/types": "6.21.0", + "@typescript-eslint/typescript-estree": "6.21.0", + "semver": "^7.5.4" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^7.0.0 || ^8.0.0" + } + }, + "node_modules/@typescript-eslint/visitor-keys": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.21.0.tgz", + "integrity": "sha512-JJtkDduxLi9bivAB+cYOVMtbkqdPOhZ+ZI5LC47MIRrDV4Yn2o+ZnW10Nkmr28xRpSpdJ6Sm42Hjf2+REYXm0A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "6.21.0", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^16.0.0 || >=18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@ungap/structured-clone": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz", + "integrity": "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==", + "dev": true, + "license": "ISC" + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/acorn": { + "version": "8.15.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", + "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", + "dev": true, + "license": "MIT", + "peer": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "dev": true, + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "type-fest": "^0.21.3" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-escapes/node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "dev": true, + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/ansis": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/ansis/-/ansis-4.2.0.tgz", + "integrity": "sha512-HqZ5rWlFjGiV0tDm3UxxgNRqsOTniqoKZu0pIAfh7TZQMGuZK+hH0drySty0si0QXj1ieop4+SkSfPZBPPkHig==", + "license": "ISC", + "engines": { + "node": ">=14" + } + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dev": true, + "license": "ISC", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/app-root-path": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/app-root-path/-/app-root-path-3.1.0.tgz", + "integrity": "sha512-biN3PwB2gUtjaYy/isrU3aNWI5w+fAfvHkSvCKeQGxhmYpwKFUxudR3Yya+KqVRHBmEDYh+/lTozYCFbmzX4nA==", + "license": "MIT", + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "license": "Python-2.0" + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/async": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==", + "license": "MIT" + }, + "node_modules/available-typed-arrays": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz", + "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==", + "license": "MIT", + "dependencies": { + "possible-typed-array-names": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/babel-jest": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.7.0.tgz", + "integrity": "sha512-BrvGY3xZSwEcCzKvKsCi2GgHqDqsYkOP4/by5xCgIwGXQxIEh+8ew3gmrE1y7XRR6LHZIj6yLYnUi/mm2KXKBg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/transform": "^29.7.0", + "@types/babel__core": "^7.1.14", + "babel-plugin-istanbul": "^6.1.1", + "babel-preset-jest": "^29.6.3", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.9", + "slash": "^3.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.8.0" + } + }, + "node_modules/babel-plugin-istanbul": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", + "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "@babel/helper-plugin-utils": "^7.0.0", + "@istanbuljs/load-nyc-config": "^1.0.0", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-instrument": "^5.0.4", + "test-exclude": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/babel-plugin-istanbul/node_modules/istanbul-lib-instrument": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", + "integrity": "sha512-pzqtp31nLv/XFOzXGuvhCb8qhjmTVo5vjVk19XE4CRlSWz0KoeJ3bw9XsA7nOp9YBf4qHjwBxkDzKcME/J29Yg==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "@babel/core": "^7.12.3", + "@babel/parser": "^7.14.7", + "@istanbuljs/schema": "^0.1.2", + "istanbul-lib-coverage": "^3.2.0", + "semver": "^6.3.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/babel-plugin-istanbul/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/babel-plugin-jest-hoist": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/babel-plugin-jest-hoist/-/babel-plugin-jest-hoist-29.6.3.tgz", + "integrity": "sha512-ESAc/RJvGTFEzRwOTT4+lNDk/GNHMkKbNzsvT0qKRfDyyYTskxB5rnU2njIDYVxXCBHHEI1c0YwHob3WaYujOg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/template": "^7.3.3", + "@babel/types": "^7.3.3", + "@types/babel__core": "^7.1.14", + "@types/babel__traverse": "^7.0.6" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/babel-preset-current-node-syntax": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/babel-preset-current-node-syntax/-/babel-preset-current-node-syntax-1.2.0.tgz", + "integrity": "sha512-E/VlAEzRrsLEb2+dv8yp3bo4scof3l9nR4lrld+Iy5NyVqgVYUJnDAmunkhPMisRI32Qc4iRiz425d8vM++2fg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/plugin-syntax-async-generators": "^7.8.4", + "@babel/plugin-syntax-bigint": "^7.8.3", + "@babel/plugin-syntax-class-properties": "^7.12.13", + "@babel/plugin-syntax-class-static-block": "^7.14.5", + "@babel/plugin-syntax-import-attributes": "^7.24.7", + "@babel/plugin-syntax-import-meta": "^7.10.4", + "@babel/plugin-syntax-json-strings": "^7.8.3", + "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4", + "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3", + "@babel/plugin-syntax-numeric-separator": "^7.10.4", + "@babel/plugin-syntax-object-rest-spread": "^7.8.3", + "@babel/plugin-syntax-optional-catch-binding": "^7.8.3", + "@babel/plugin-syntax-optional-chaining": "^7.8.3", + "@babel/plugin-syntax-private-property-in-object": "^7.14.5", + "@babel/plugin-syntax-top-level-await": "^7.14.5" + }, + "peerDependencies": { + "@babel/core": "^7.0.0 || ^8.0.0-0" + } + }, + "node_modules/babel-preset-jest": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/babel-preset-jest/-/babel-preset-jest-29.6.3.tgz", + "integrity": "sha512-0B3bhxR6snWXJZtR/RliHTDPRgn1sNHOR0yVtq/IiQFyuOVjFS+wuio/R4gSNkyYmKmJB4wGZv2NZanmKmTnNA==", + "dev": true, + "license": "MIT", + "dependencies": { + "babel-plugin-jest-hoist": "^29.6.3", + "babel-preset-current-node-syntax": "^1.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "license": "MIT" + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/baseline-browser-mapping": { + "version": "2.9.5", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.5.tgz", + "integrity": "sha512-D5vIoztZOq1XM54LUdttJVc96ggEsIfju2JBvht06pSzpckp3C7HReun67Bghzrtdsq9XdMGbSSB3v3GhMNmAA==", + "dev": true, + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.js" + } + }, + "node_modules/basic-auth": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz", + "integrity": "sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.1.2" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/basic-auth/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "license": "MIT" + }, + "node_modules/bcryptjs": { + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz", + "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==", + "license": "MIT" + }, + "node_modules/body-parser": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", + "type-is": "~1.6.18", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/body-parser/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browserslist": { + "version": "4.28.1", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz", + "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "peer": true, + "dependencies": { + "baseline-browser-mapping": "^2.9.0", + "caniuse-lite": "^1.0.30001759", + "electron-to-chromium": "^1.5.263", + "node-releases": "^2.0.27", + "update-browserslist-db": "^1.2.0" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/bs-logger": { + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", + "integrity": "sha512-pd8DCoxmbgc7hyPKOvxtqNcjYoOsABPQdcCUjGp3d42VR2CX1ORhk2A87oqqu5R1kk+76nsxZupkmyd+MVtCog==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-json-stable-stringify": "2.x" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/bser": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", + "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "node-int64": "^0.4.0" + } + }, + "node_modules/buffer": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", + "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.2.1" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz", + "integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.0", + "es-define-property": "^1.0.0", + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/call-me-maybe": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz", + "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==", + "license": "MIT" + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/camelcase": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", + "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001759", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001759.tgz", + "integrity": "sha512-Pzfx9fOKoKvevQf8oCXoyNRQ5QyxJj+3O0Rqx2V5oxT61KGx8+n6hV/IUyJeifUci2clnmmKVpvtiqRzgiWjSw==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/ci-info": { + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/cjs-module-lexer": { + "version": "1.4.3", + "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-1.4.3.tgz", + "integrity": "sha512-9z8TZaGM1pfswYeXrUpzPrkx8UnWYdhJclsiYMm6x/w5+nN+8Tf/LnAgfLGQCm59qAOxU8WwHEq2vNwF6i4j+Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/cliui": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz", + "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==", + "license": "ISC", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/cluster-key-slot": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz", + "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==", + "license": "Apache-2.0", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/co": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz", + "integrity": "sha512-QVb0dM5HvG+uaxitm8wONl7jltx8dqhfU33DcqtOZcLSVIKSDDLDi7+0LbAKiyI8hD9u42m2YxXSkMGWThaecQ==", + "dev": true, + "license": "MIT", + "engines": { + "iojs": ">= 1.0.0", + "node": ">= 0.12.0" + } + }, + "node_modules/collect-v8-coverage": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/collect-v8-coverage/-/collect-v8-coverage-1.0.3.tgz", + "integrity": "sha512-1L5aqIkwPfiodaMgQunkF1zRhNqifHBmtbbbxcr6yVxxBnliw4TDOW6NxpO8DJLgJ16OT+Y4ztZqP6p/FtXnAw==", + "dev": true, + "license": "MIT" + }, + "node_modules/color": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/color/-/color-5.0.3.tgz", + "integrity": "sha512-ezmVcLR3xAVp8kYOm4GS45ZLLgIE6SPAFoduLr6hTDajwb3KZ2F46gulK3XpcwRFb5KKGCSezCBAY4Dw4HsyXA==", + "license": "MIT", + "dependencies": { + "color-convert": "^3.1.3", + "color-string": "^2.1.3" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/color-string": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz", + "integrity": "sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==", + "license": "MIT", + "dependencies": { + "color-name": "^2.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/color-string/node_modules/color-name": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz", + "integrity": "sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==", + "license": "MIT", + "engines": { + "node": ">=12.20" + } + }, + "node_modules/color/node_modules/color-convert": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-3.1.3.tgz", + "integrity": "sha512-fasDH2ont2GqF5HpyO4w0+BcewlhHEZOFn9c1ckZdHpJ56Qb7MHhH/IcJZbBGgvdtwdwNbLvxiBEdg336iA9Sg==", + "license": "MIT", + "dependencies": { + "color-name": "^2.0.0" + }, + "engines": { + "node": ">=14.6" + } + }, + "node_modules/color/node_modules/color-name": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz", + "integrity": "sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==", + "license": "MIT", + "engines": { + "node": ">=12.20" + } + }, + "node_modules/commander": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.0.tgz", + "integrity": "sha512-zP4jEKbe8SHzKJYQmq8Y9gYjtO/POJLgIdKgV7B9qNmABVFVc+ctqSX6iXh4mCpJfRBOabiZ2YKPg8ciDw6C+Q==", + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, + "node_modules/compressible": { + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", + "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==", + "license": "MIT", + "dependencies": { + "mime-db": ">= 1.43.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/compression": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.8.1.tgz", + "integrity": "sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "compressible": "~2.0.18", + "debug": "2.6.9", + "negotiator": "~0.6.4", + "on-headers": "~1.1.0", + "safe-buffer": "5.2.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/compression/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/compression/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "license": "MIT" + }, + "node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "dev": true, + "license": "MIT" + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "license": "MIT" + }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/create-jest": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/create-jest/-/create-jest-29.7.0.tgz", + "integrity": "sha512-Adz2bdH0Vq3F53KEMJOoftQFutWCukm6J24wbPWRO4k1kMY7gS7ds/uoJkNuV8wDCtWWnuwGcJwpWcih+zEW1Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "chalk": "^4.0.0", + "exit": "^0.1.2", + "graceful-fs": "^4.2.9", + "jest-config": "^29.7.0", + "jest-util": "^29.7.0", + "prompts": "^2.0.1" + }, + "bin": { + "create-jest": "bin/create-jest.js" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/dayjs": { + "version": "1.11.19", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.19.tgz", + "integrity": "sha512-t5EcLVS6QPBNqM2z8fakk/NKel+Xzshgt8FFKAn+qwlD1pzZWxh0nVCrvFK7ZDb6XucZeF9z8C7CBWTRIVApAw==", + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/dedent": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/dedent/-/dedent-1.7.0.tgz", + "integrity": "sha512-HGFtf8yhuhGhqO07SV79tRp+br4MnbdjeVxotpn1QBl30pcLLCQjX5b2295ll0fv8RKDKsmWYrl05usHM9CewQ==", + "license": "MIT", + "peerDependencies": { + "babel-plugin-macros": "^3.1.0" + }, + "peerDependenciesMeta": { + "babel-plugin-macros": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/deepmerge": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/define-data-property": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/denque": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz", + "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==", + "license": "Apache-2.0", + "engines": { + "node": ">=0.10" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/detect-newline": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/detect-newline/-/detect-newline-3.1.0.tgz", + "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/diff-sequences": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", + "integrity": "sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/doctrine": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", + "license": "Apache-2.0", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/dotenv": { + "version": "16.6.1", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz", + "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "license": "MIT" + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/electron-to-chromium": { + "version": "1.5.267", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz", + "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==", + "dev": true, + "license": "ISC" + }, + "node_modules/emittery": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/emittery/-/emittery-0.13.1.tgz", + "integrity": "sha512-DeWwawk6r5yR9jFgnDKYt4sLS0LmHJJi3ZOnb5/JdbYwj3nW+FxQnHIjhBKz8YLC7oRNPVM9NQ47I3CVx34eqQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sindresorhus/emittery?sponsor=1" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/enabled": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/enabled/-/enabled-2.0.0.tgz", + "integrity": "sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ==", + "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/error-ex": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz", + "integrity": "sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-arrayish": "^0.2.1" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/esbuild": { + "version": "0.27.1", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.1.tgz", + "integrity": "sha512-yY35KZckJJuVVPXpvjgxiCuVEJT67F6zDeVTv4rizyPrfGBUpZQsvmxnN+C371c2esD/hNMjj4tpBhuueLN7aA==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.27.1", + "@esbuild/android-arm": "0.27.1", + "@esbuild/android-arm64": "0.27.1", + "@esbuild/android-x64": "0.27.1", + "@esbuild/darwin-arm64": "0.27.1", + "@esbuild/darwin-x64": "0.27.1", + "@esbuild/freebsd-arm64": "0.27.1", + "@esbuild/freebsd-x64": "0.27.1", + "@esbuild/linux-arm": "0.27.1", + "@esbuild/linux-arm64": "0.27.1", + "@esbuild/linux-ia32": "0.27.1", + "@esbuild/linux-loong64": "0.27.1", + "@esbuild/linux-mips64el": "0.27.1", + "@esbuild/linux-ppc64": "0.27.1", + "@esbuild/linux-riscv64": "0.27.1", + "@esbuild/linux-s390x": "0.27.1", + "@esbuild/linux-x64": "0.27.1", + "@esbuild/netbsd-arm64": "0.27.1", + "@esbuild/netbsd-x64": "0.27.1", + "@esbuild/openbsd-arm64": "0.27.1", + "@esbuild/openbsd-x64": "0.27.1", + "@esbuild/openharmony-arm64": "0.27.1", + "@esbuild/sunos-x64": "0.27.1", + "@esbuild/win32-arm64": "0.27.1", + "@esbuild/win32-ia32": "0.27.1", + "@esbuild/win32-x64": "0.27.1" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "8.57.1", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", + "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", + "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@eslint-community/eslint-utils": "^4.2.0", + "@eslint-community/regexpp": "^4.6.1", + "@eslint/eslintrc": "^2.1.4", + "@eslint/js": "8.57.1", + "@humanwhocodes/config-array": "^0.13.0", + "@humanwhocodes/module-importer": "^1.0.1", + "@nodelib/fs.walk": "^1.2.8", + "@ungap/structured-clone": "^1.2.0", + "ajv": "^6.12.4", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "doctrine": "^3.0.0", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^7.2.2", + "eslint-visitor-keys": "^3.4.3", + "espree": "^9.6.1", + "esquery": "^1.4.2", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^6.0.1", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "globals": "^13.19.0", + "graphemer": "^1.4.0", + "ignore": "^5.2.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "is-path-inside": "^3.0.3", + "js-yaml": "^4.1.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.3", + "strip-ansi": "^6.0.1", + "text-table": "^0.2.0" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-scope": { + "version": "7.2.2", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", + "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/eslint/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/espree": { + "version": "9.6.1", + "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", + "integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "acorn": "^8.9.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "dev": true, + "license": "BSD-2-Clause", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esquery": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz", + "integrity": "sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "dev": true, + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/exit": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/exit/-/exit-0.1.2.tgz", + "integrity": "sha512-Zk/eNKV2zbjpKzrsQ+n1G6poVbErQxJ0LBOJXaKZ1EViLzH+hrLu9cdXI4zw9dBQJslwBEpbQ2P1oS7nDxs6jQ==", + "dev": true, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/expect": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/expect/-/expect-29.7.0.tgz", + "integrity": "sha512-2Zks0hf1VLFYI1kbh0I5jP3KHHyCHpkfyHBzsSXRFgl/Bg9mWYfMW8oD+PdMPlEwy5HNsR9JutYy6pMeOh61nw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/expect-utils": "^29.7.0", + "jest-get-type": "^29.6.3", + "jest-matcher-utils": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-util": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/express": { + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", + "content-type": "~1.0.4", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", + "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "~0.19.0", + "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", + "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.8" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-glob/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fastq": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz", + "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fb-watchman": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", + "integrity": "sha512-p5161BqbuCaSnB8jIbzQHOlpgsPmK5rJVDfDKO91Axs5NC1uu3HRQm6wt9cd9/+GtQQIO53JdGXXoyDpTAsgYA==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "bser": "2.1.1" + } + }, + "node_modules/fecha": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/fecha/-/fecha-4.2.3.tgz", + "integrity": "sha512-OP2IUU6HeYKJi3i0z4A19kHMQoLVs4Hc+DPqqxI2h/DPZHTm/vjsfC6P0b4jCMy14XizLBqvndQ+UilD7707Jw==", + "license": "MIT" + }, + "node_modules/file-entry-cache": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", + "dev": true, + "license": "MIT", + "dependencies": { + "flat-cache": "^3.0.4" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dev": true, + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/finalhandler": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz", + "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "statuses": "~2.0.2", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/finalhandler/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/finalhandler/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", + "integrity": "sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==", + "dev": true, + "license": "MIT", + "dependencies": { + "flatted": "^3.2.9", + "keyv": "^4.5.3", + "rimraf": "^3.0.2" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/flatted": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz", + "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==", + "dev": true, + "license": "ISC" + }, + "node_modules/fn.name": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/fn.name/-/fn.name-1.1.0.tgz", + "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==", + "license": "MIT" + }, + "node_modules/for-each": { + "version": "0.3.5", + "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.5.tgz", + "integrity": "sha512-dKx12eRCVIzqCxFGplyFKJMPvLEWgmNtUrpTiJIR5u97zEhRG8ySrtboPHZXx7daLxQVrl643cTzbab2tkQjxg==", + "license": "MIT", + "dependencies": { + "is-callable": "^1.2.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/foreground-child": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", + "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", + "license": "ISC", + "dependencies": { + "cross-spawn": "^7.0.6", + "signal-exit": "^4.0.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/foreground-child/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "license": "ISC", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "license": "ISC" + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/get-tsconfig": { + "version": "4.13.0", + "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.13.0.tgz", + "integrity": "sha512-1VKTZJCwBrvbd+Wn3AOgQP/2Av+TfTCOlE4AcRJE72W1ksZXbAx8PPBR9RzgTeSPzlPMHrbANMH3LbltH73wxQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "resolve-pkg-maps": "^1.0.0" + }, + "funding": { + "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1" + } + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "deprecated": "Glob versions prior to v9 are no longer supported", + "dev": true, + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/glob/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/glob/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/globals": { + "version": "13.24.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", + "integrity": "sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "dev": true, + "license": "MIT", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/graphemer": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==", + "dev": true, + "license": "MIT" + }, + "node_modules/handlebars": { + "version": "4.7.8", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", + "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "minimist": "^1.2.5", + "neo-async": "^2.6.2", + "source-map": "^0.6.1", + "wordwrap": "^1.0.0" + }, + "bin": { + "handlebars": "bin/handlebars" + }, + "engines": { + "node": ">=0.4.7" + }, + "optionalDependencies": { + "uglify-js": "^3.1.4" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-property-descriptors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "license": "MIT", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/helmet": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz", + "integrity": "sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw==", + "license": "MIT", + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "dev": true, + "license": "MIT" + }, + "node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ieee754": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", + "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "BSD-3-Clause" + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz", + "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-local": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/import-local/-/import-local-3.2.0.tgz", + "integrity": "sha512-2SPlun1JUPWoM6t3F0dw0FkCF/jWY8kttcY4f599GLTSjh2OCuuhdTkJQsEcZzBqbXZGKMK2OqW1oZsjtf/gQA==", + "dev": true, + "license": "MIT", + "dependencies": { + "pkg-dir": "^4.2.0", + "resolve-cwd": "^3.0.0" + }, + "bin": { + "import-local-fixture": "fixtures/cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", + "license": "ISC", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ioredis": { + "version": "5.8.2", + "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-5.8.2.tgz", + "integrity": "sha512-C6uC+kleiIMmjViJINWk80sOQw5lEzse1ZmvD+S/s8p8CWapftSaC+kocGTx6xrbrJ4WmYQGC08ffHLr6ToR6Q==", + "license": "MIT", + "peer": true, + "dependencies": { + "@ioredis/commands": "1.4.0", + "cluster-key-slot": "^1.1.0", + "debug": "^4.3.4", + "denque": "^2.1.0", + "lodash.defaults": "^4.2.0", + "lodash.isarguments": "^3.1.0", + "redis-errors": "^1.2.0", + "redis-parser": "^3.0.0", + "standard-as-callback": "^2.1.0" + }, + "engines": { + "node": ">=12.22.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/ioredis" + } + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/is-arrayish": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "dev": true, + "license": "MIT" + }, + "node_modules/is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-core-module": { + "version": "2.16.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz", + "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==", + "dev": true, + "license": "MIT", + "dependencies": { + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-generator-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-generator-fn/-/is-generator-fn-2.1.0.tgz", + "integrity": "sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-typed-array": { + "version": "1.1.15", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.15.tgz", + "integrity": "sha512-p3EcsicXjit7SaskXHs1hA91QxgTw46Fv6EFKKGS5DRFLD8yKnohjF3hxoju94b/OcMZoQukzpPpBE9uLVKzgQ==", + "license": "MIT", + "dependencies": { + "which-typed-array": "^1.1.16" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==", + "license": "MIT" + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/istanbul-lib-coverage": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", + "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=8" + } + }, + "node_modules/istanbul-lib-instrument": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-6.0.3.tgz", + "integrity": "sha512-Vtgk7L/R2JHyyGW07spoFlB8/lpjiOLTjMdms6AFMraYt3BaJauod/NGrfnVG/y4Ix1JEuMRPDPEj2ua+zz1/Q==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "@babel/core": "^7.23.9", + "@babel/parser": "^7.23.9", + "@istanbuljs/schema": "^0.1.3", + "istanbul-lib-coverage": "^3.2.0", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-report": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", + "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "istanbul-lib-coverage": "^3.0.0", + "make-dir": "^4.0.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-lib-source-maps": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.1.tgz", + "integrity": "sha512-n3s8EwkdFIJCG3BPKBYvskgXGoy88ARzvegkitk60NxRdwltLOTaH7CUiMRXvwYorl0Q712iEjcWB+fK/MrWVw==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "debug": "^4.1.1", + "istanbul-lib-coverage": "^3.0.0", + "source-map": "^0.6.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/istanbul-reports": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz", + "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "html-escaper": "^2.0.0", + "istanbul-lib-report": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/jackspeak": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", + "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", + "license": "BlueOak-1.0.0", + "dependencies": { + "@isaacs/cliui": "^8.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + }, + "optionalDependencies": { + "@pkgjs/parseargs": "^0.11.0" + } + }, + "node_modules/jest": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest/-/jest-29.7.0.tgz", + "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@jest/core": "^29.7.0", + "@jest/types": "^29.6.3", + "import-local": "^3.0.2", + "jest-cli": "^29.7.0" + }, + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true + } + } + }, + "node_modules/jest-changed-files": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-changed-files/-/jest-changed-files-29.7.0.tgz", + "integrity": "sha512-fEArFiwf1BpQ+4bXSprcDc3/x4HSzL4al2tozwVpDFpsxALjLYdyiIK4e5Vz66GQJIbXJ82+35PtysofptNX2w==", + "dev": true, + "license": "MIT", + "dependencies": { + "execa": "^5.0.0", + "jest-util": "^29.7.0", + "p-limit": "^3.1.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-circus": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-circus/-/jest-circus-29.7.0.tgz", + "integrity": "sha512-3E1nCMgipcTkCocFwM90XXQab9bS+GMsjdpmPrlelaxwD93Ad8iVEjX/vvHPdLPnFf+L40u+5+iutRdA1N9myw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/environment": "^29.7.0", + "@jest/expect": "^29.7.0", + "@jest/test-result": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "co": "^4.6.0", + "dedent": "^1.0.0", + "is-generator-fn": "^2.0.0", + "jest-each": "^29.7.0", + "jest-matcher-utils": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-runtime": "^29.7.0", + "jest-snapshot": "^29.7.0", + "jest-util": "^29.7.0", + "p-limit": "^3.1.0", + "pretty-format": "^29.7.0", + "pure-rand": "^6.0.0", + "slash": "^3.0.0", + "stack-utils": "^2.0.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-cli": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-cli/-/jest-cli-29.7.0.tgz", + "integrity": "sha512-OVVobw2IubN/GSYsxETi+gOe7Ka59EFMR/twOU3Jb2GnKKeMGJB5SGUUrEz3SFVmJASUdZUzy83sLNNQ2gZslg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/core": "^29.7.0", + "@jest/test-result": "^29.7.0", + "@jest/types": "^29.6.3", + "chalk": "^4.0.0", + "create-jest": "^29.7.0", + "exit": "^0.1.2", + "import-local": "^3.0.2", + "jest-config": "^29.7.0", + "jest-util": "^29.7.0", + "jest-validate": "^29.7.0", + "yargs": "^17.3.1" + }, + "bin": { + "jest": "bin/jest.js" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "node-notifier": "^8.0.1 || ^9.0.0 || ^10.0.0" + }, + "peerDependenciesMeta": { + "node-notifier": { + "optional": true + } + } + }, + "node_modules/jest-config": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-config/-/jest-config-29.7.0.tgz", + "integrity": "sha512-uXbpfeQ7R6TZBqI3/TxCU4q4ttk3u0PJeC+E0zbfSoSjq6bJ7buBPxzQPL0ifrkY4DNu4JUdk0ImlBUYi840eQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.11.6", + "@jest/test-sequencer": "^29.7.0", + "@jest/types": "^29.6.3", + "babel-jest": "^29.7.0", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "deepmerge": "^4.2.2", + "glob": "^7.1.3", + "graceful-fs": "^4.2.9", + "jest-circus": "^29.7.0", + "jest-environment-node": "^29.7.0", + "jest-get-type": "^29.6.3", + "jest-regex-util": "^29.6.3", + "jest-resolve": "^29.7.0", + "jest-runner": "^29.7.0", + "jest-util": "^29.7.0", + "jest-validate": "^29.7.0", + "micromatch": "^4.0.4", + "parse-json": "^5.2.0", + "pretty-format": "^29.7.0", + "slash": "^3.0.0", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "peerDependencies": { + "@types/node": "*", + "ts-node": ">=9.0.0" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "ts-node": { + "optional": true + } + } + }, + "node_modules/jest-diff": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.7.0.tgz", + "integrity": "sha512-LMIgiIrhigmPrs03JHpxUh2yISK3vLFPkAodPeo0+BuF7wA2FoQbkEg1u8gBYBThncu7e1oEDUfIXVuTqLRUjw==", + "dev": true, + "license": "MIT", + "dependencies": { + "chalk": "^4.0.0", + "diff-sequences": "^29.6.3", + "jest-get-type": "^29.6.3", + "pretty-format": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-docblock": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-docblock/-/jest-docblock-29.7.0.tgz", + "integrity": "sha512-q617Auw3A612guyaFgsbFeYpNP5t2aoUNLwBUbc/0kD1R4t9ixDbyFTHd1nok4epoVFpr7PmeWHrhvuV3XaJ4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "detect-newline": "^3.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-each": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-each/-/jest-each-29.7.0.tgz", + "integrity": "sha512-gns+Er14+ZrEoC5fhOfYCY1LOHHr0TI+rQUHZS8Ttw2l7gl+80eHc/gFf2Ktkw0+SIACDTeWvpFcv3B04VembQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "chalk": "^4.0.0", + "jest-get-type": "^29.6.3", + "jest-util": "^29.7.0", + "pretty-format": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-environment-node": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-environment-node/-/jest-environment-node-29.7.0.tgz", + "integrity": "sha512-DOSwCRqXirTOyheM+4d5YZOrWcdu0LNZ87ewUoywbcb2XR4wKgqiG8vNeYwhjFMbEkfju7wx2GYH0P2gevGvFw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/environment": "^29.7.0", + "@jest/fake-timers": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "jest-mock": "^29.7.0", + "jest-util": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-get-type": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/jest-get-type/-/jest-get-type-29.6.3.tgz", + "integrity": "sha512-zrteXnqYxfQh7l5FHyL38jL39di8H8rHoecLH3JNxH3BwOrBsNeabdap5e0I23lD4HHI8W5VFBZqG4Eaq5LNcw==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-haste-map": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", + "integrity": "sha512-fP8u2pyfqx0K1rGn1R9pyE0/KTn+G7PxktWidOBTqFPLYX0b9ksaMFkhK5vrS3DVun09pckLdlx90QthlW7AmA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/graceful-fs": "^4.1.3", + "@types/node": "*", + "anymatch": "^3.0.3", + "fb-watchman": "^2.0.0", + "graceful-fs": "^4.2.9", + "jest-regex-util": "^29.6.3", + "jest-util": "^29.7.0", + "jest-worker": "^29.7.0", + "micromatch": "^4.0.4", + "walker": "^1.0.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + }, + "optionalDependencies": { + "fsevents": "^2.3.2" + } + }, + "node_modules/jest-leak-detector": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-leak-detector/-/jest-leak-detector-29.7.0.tgz", + "integrity": "sha512-kYA8IJcSYtST2BY9I+SMC32nDpBT3J2NvWJx8+JCuCdl/CR1I4EKUJROiP8XtCcxqgTTBGJNdbB1A8XRKbTetw==", + "dev": true, + "license": "MIT", + "dependencies": { + "jest-get-type": "^29.6.3", + "pretty-format": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-matcher-utils": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-matcher-utils/-/jest-matcher-utils-29.7.0.tgz", + "integrity": "sha512-sBkD+Xi9DtcChsI3L3u0+N0opgPYnCRPtGcQYrgXmR+hmt/fYfWAL0xRXYU8eWOdfuLgBe0YCW3AFtnRLagq/g==", + "dev": true, + "license": "MIT", + "dependencies": { + "chalk": "^4.0.0", + "jest-diff": "^29.7.0", + "jest-get-type": "^29.6.3", + "pretty-format": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-message-util": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-message-util/-/jest-message-util-29.7.0.tgz", + "integrity": "sha512-GBEV4GRADeP+qtB2+6u61stea8mGcOT4mCtrYISZwfu9/ISHFJ/5zOMXYbpBE9RsS5+Gb63DW4FgmnKJ79Kf6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.12.13", + "@jest/types": "^29.6.3", + "@types/stack-utils": "^2.0.0", + "chalk": "^4.0.0", + "graceful-fs": "^4.2.9", + "micromatch": "^4.0.4", + "pretty-format": "^29.7.0", + "slash": "^3.0.0", + "stack-utils": "^2.0.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-mock": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-29.7.0.tgz", + "integrity": "sha512-ITOMZn+UkYS4ZFh83xYAOzWStloNzJFO2s8DWrE4lhtGD+AorgnbkiKERe4wQVBydIGPx059g6riW5Btp6Llnw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/node": "*", + "jest-util": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-pnp-resolver": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/jest-pnp-resolver/-/jest-pnp-resolver-1.2.3.tgz", + "integrity": "sha512-+3NpwQEnRoIBtx4fyhblQDPgJI0H1IEIkX7ShLUjPGA7TtUTvI1oiKi3SR4oBR0hQhQR80l4WAe5RrXBwWMA8w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + }, + "peerDependencies": { + "jest-resolve": "*" + }, + "peerDependenciesMeta": { + "jest-resolve": { + "optional": true + } + } + }, + "node_modules/jest-regex-util": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", + "integrity": "sha512-KJJBsRCyyLNWCNBOvZyRDnAIfUiRJ8v+hOBQYGn8gDyF3UegwiP4gwRR3/SDa42g1YbVycTidUF3rKjyLFDWbg==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-resolve": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-resolve/-/jest-resolve-29.7.0.tgz", + "integrity": "sha512-IOVhZSrg+UvVAshDSDtHyFCCBUl/Q3AAJv8iZ6ZjnZ74xzvwuzLXid9IIIPgTnY62SJjfuupMKZsZQRsCvxEgA==", + "dev": true, + "license": "MIT", + "dependencies": { + "chalk": "^4.0.0", + "graceful-fs": "^4.2.9", + "jest-haste-map": "^29.7.0", + "jest-pnp-resolver": "^1.2.2", + "jest-util": "^29.7.0", + "jest-validate": "^29.7.0", + "resolve": "^1.20.0", + "resolve.exports": "^2.0.0", + "slash": "^3.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-resolve-dependencies": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-resolve-dependencies/-/jest-resolve-dependencies-29.7.0.tgz", + "integrity": "sha512-un0zD/6qxJ+S0et7WxeI3H5XSe9lTBBR7bOHCHXkKR6luG5mwDDlIzVQ0V5cZCuoTgEdcdwzTghYkTWfubi+nA==", + "dev": true, + "license": "MIT", + "dependencies": { + "jest-regex-util": "^29.6.3", + "jest-snapshot": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-runner": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-runner/-/jest-runner-29.7.0.tgz", + "integrity": "sha512-fsc4N6cPCAahybGBfTRcq5wFR6fpLznMg47sY5aDpsoejOcVYFb07AHuSnR0liMcPTgBsA3ZJL6kFOjPdoNipQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/console": "^29.7.0", + "@jest/environment": "^29.7.0", + "@jest/test-result": "^29.7.0", + "@jest/transform": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "emittery": "^0.13.1", + "graceful-fs": "^4.2.9", + "jest-docblock": "^29.7.0", + "jest-environment-node": "^29.7.0", + "jest-haste-map": "^29.7.0", + "jest-leak-detector": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-resolve": "^29.7.0", + "jest-runtime": "^29.7.0", + "jest-util": "^29.7.0", + "jest-watcher": "^29.7.0", + "jest-worker": "^29.7.0", + "p-limit": "^3.1.0", + "source-map-support": "0.5.13" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-runtime": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-runtime/-/jest-runtime-29.7.0.tgz", + "integrity": "sha512-gUnLjgwdGqW7B4LvOIkbKs9WGbn+QLqRQQ9juC6HndeDiezIwhDP+mhMwHWCEcfQ5RUXa6OPnFF8BJh5xegwwQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/environment": "^29.7.0", + "@jest/fake-timers": "^29.7.0", + "@jest/globals": "^29.7.0", + "@jest/source-map": "^29.6.3", + "@jest/test-result": "^29.7.0", + "@jest/transform": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "cjs-module-lexer": "^1.0.0", + "collect-v8-coverage": "^1.0.0", + "glob": "^7.1.3", + "graceful-fs": "^4.2.9", + "jest-haste-map": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-mock": "^29.7.0", + "jest-regex-util": "^29.6.3", + "jest-resolve": "^29.7.0", + "jest-snapshot": "^29.7.0", + "jest-util": "^29.7.0", + "slash": "^3.0.0", + "strip-bom": "^4.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-snapshot": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.7.0.tgz", + "integrity": "sha512-Rm0BMWtxBcioHr1/OX5YCP8Uov4riHvKPknOGs804Zg9JGZgmIBkbtlxJC/7Z4msKYVbIJtfU+tKb8xlYNfdkw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/core": "^7.11.6", + "@babel/generator": "^7.7.2", + "@babel/plugin-syntax-jsx": "^7.7.2", + "@babel/plugin-syntax-typescript": "^7.7.2", + "@babel/types": "^7.3.3", + "@jest/expect-utils": "^29.7.0", + "@jest/transform": "^29.7.0", + "@jest/types": "^29.6.3", + "babel-preset-current-node-syntax": "^1.0.0", + "chalk": "^4.0.0", + "expect": "^29.7.0", + "graceful-fs": "^4.2.9", + "jest-diff": "^29.7.0", + "jest-get-type": "^29.6.3", + "jest-matcher-utils": "^29.7.0", + "jest-message-util": "^29.7.0", + "jest-util": "^29.7.0", + "natural-compare": "^1.4.0", + "pretty-format": "^29.7.0", + "semver": "^7.5.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-util": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "integrity": "sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "graceful-fs": "^4.2.9", + "picomatch": "^2.2.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-validate": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-validate/-/jest-validate-29.7.0.tgz", + "integrity": "sha512-ZB7wHqaRGVw/9hST/OuFUReG7M8vKeq0/J2egIGLdvjHCmYqGARhzXmtgi+gVeZ5uXFF219aOc3Ls2yLg27tkw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "camelcase": "^6.2.0", + "chalk": "^4.0.0", + "jest-get-type": "^29.6.3", + "leven": "^3.1.0", + "pretty-format": "^29.7.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-validate/node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/jest-watcher": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-watcher/-/jest-watcher-29.7.0.tgz", + "integrity": "sha512-49Fg7WXkU3Vl2h6LbLtMQ/HyB6rXSIX7SqvBLQmssRBGN9I0PNvPmAmCWSOY6SOvrjhI/F7/bGAv9RtnsPA03g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/test-result": "^29.7.0", + "@jest/types": "^29.6.3", + "@types/node": "*", + "ansi-escapes": "^4.2.1", + "chalk": "^4.0.0", + "emittery": "^0.13.1", + "jest-util": "^29.7.0", + "string-length": "^4.0.1" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "integrity": "sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "jest-util": "^29.7.0", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/js-yaml": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz", + "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==", + "dev": true, + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "dev": true, + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/jsonwebtoken": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", + "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==", + "license": "MIT", + "dependencies": { + "jws": "^4.0.1", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jwa": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz", + "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==", + "license": "MIT", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz", + "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==", + "license": "MIT", + "dependencies": { + "jwa": "^2.0.1", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "dev": true, + "license": "MIT", + "dependencies": { + "json-buffer": "3.0.1" + } + }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/kuler": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/kuler/-/kuler-2.0.0.tgz", + "integrity": "sha512-Xq9nH7KlWZmXAtodXDDRE7vs6DU1gTU8zYDHDiWLSip45Egwq3plLHzPn27NgvzL2r1LMPC1vdqh98sQxtqj4A==", + "license": "MIT" + }, + "node_modules/leven": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lines-and-columns": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "dev": true, + "license": "MIT" + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.defaults": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz", + "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==", + "license": "MIT" + }, + "node_modules/lodash.get": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==", + "deprecated": "This package is deprecated. Use the optional chaining (?.) operator instead.", + "license": "MIT" + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "license": "MIT" + }, + "node_modules/lodash.isarguments": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz", + "integrity": "sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==", + "license": "MIT" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "license": "MIT" + }, + "node_modules/lodash.isequal": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz", + "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==", + "deprecated": "This package is deprecated. Use require('node:util').isDeepStrictEqual instead.", + "license": "MIT" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "license": "MIT" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "license": "MIT" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "license": "MIT" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "license": "MIT" + }, + "node_modules/lodash.memoize": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==", + "dev": true, + "license": "MIT" + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/lodash.mergewith": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.2.tgz", + "integrity": "sha512-GK3g5RPZWTRSeLSpgP8Xhra+pnjBC56q9FZYe1d5RN3TJ35dbkGy3YqBSMbyCrlbi+CM9Z3Jk5yTL7RCsqboyQ==", + "license": "MIT" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "license": "MIT" + }, + "node_modules/logform": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/logform/-/logform-2.7.0.tgz", + "integrity": "sha512-TFYA4jnP7PVbmlBIfhlSe+WKxs9dklXMTEGcBCIvLhE/Tn3H6Gk1norupVW7m5Cnd4bLcr08AytbyV/xj7f/kQ==", + "license": "MIT", + "dependencies": { + "@colors/colors": "1.6.0", + "@types/triple-beam": "^1.3.2", + "fecha": "^4.2.0", + "ms": "^2.1.1", + "safe-stable-stringify": "^2.3.1", + "triple-beam": "^1.3.0" + }, + "engines": { + "node": ">= 12.0.0" + } + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "dev": true, + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/make-dir": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", + "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", + "dev": true, + "license": "MIT", + "dependencies": { + "semver": "^7.5.3" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", + "dev": true, + "license": "ISC" + }, + "node_modules/makeerror": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", + "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "tmpl": "1.0.5" + } + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "dev": true, + "license": "MIT" + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dev": true, + "license": "MIT", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/minipass": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", + "license": "ISC", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/morgan": { + "version": "1.10.1", + "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz", + "integrity": "sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==", + "license": "MIT", + "dependencies": { + "basic-auth": "~2.0.1", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-finished": "~2.3.0", + "on-headers": "~1.1.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/morgan/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/morgan/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/morgan/node_modules/on-finished": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz", + "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", + "dev": true, + "license": "MIT" + }, + "node_modules/negotiator": { + "version": "0.6.4", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz", + "integrity": "sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "dev": true, + "license": "MIT" + }, + "node_modules/node-int64": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", + "integrity": "sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw==", + "dev": true, + "license": "MIT" + }, + "node_modules/node-releases": { + "version": "2.0.27", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz", + "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/on-headers": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/one-time": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/one-time/-/one-time-1.0.0.tgz", + "integrity": "sha512-5DXOiRKwuSEcQ/l0kGCF6Q3jcADFv5tSmRaJck/OqkVFcOzutB134KRSfF0xDrL39MNnqxbHBbUUcjZIhTgb2g==", + "license": "MIT", + "dependencies": { + "fn.name": "1.x.x" + } + }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/openapi-types": { + "version": "12.1.3", + "resolved": "https://registry.npmjs.org/openapi-types/-/openapi-types-12.1.3.tgz", + "integrity": "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw==", + "license": "MIT", + "peer": true + }, + "node_modules/optionator": { + "version": "0.9.4", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", + "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", + "dev": true, + "license": "MIT", + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/package-json-from-dist": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", + "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", + "license": "BlueOak-1.0.0" + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dev": true, + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-json": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.0.0", + "error-ex": "^1.3.1", + "json-parse-even-better-errors": "^2.3.0", + "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "dev": true, + "license": "MIT" + }, + "node_modules/path-scurry": { + "version": "1.11.1", + "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", + "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", + "license": "BlueOak-1.0.0", + "dependencies": { + "lru-cache": "^10.2.0", + "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" + }, + "engines": { + "node": ">=16 || 14 >=14.18" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/path-scurry/node_modules/lru-cache": { + "version": "10.4.3", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", + "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", + "license": "ISC" + }, + "node_modules/path-to-regexp": { + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/pg": { + "version": "8.16.3", + "resolved": "https://registry.npmjs.org/pg/-/pg-8.16.3.tgz", + "integrity": "sha512-enxc1h0jA/aq5oSDMvqyW3q89ra6XIIDZgCX9vkMrnz5DFTw/Ny3Li2lFQ+pt3L6MCgm/5o2o8HW9hiJji+xvw==", + "license": "MIT", + "peer": true, + "dependencies": { + "pg-connection-string": "^2.9.1", + "pg-pool": "^3.10.1", + "pg-protocol": "^1.10.3", + "pg-types": "2.2.0", + "pgpass": "1.0.5" + }, + "engines": { + "node": ">= 16.0.0" + }, + "optionalDependencies": { + "pg-cloudflare": "^1.2.7" + }, + "peerDependencies": { + "pg-native": ">=3.0.1" + }, + "peerDependenciesMeta": { + "pg-native": { + "optional": true + } + } + }, + "node_modules/pg-cloudflare": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/pg-cloudflare/-/pg-cloudflare-1.2.7.tgz", + "integrity": "sha512-YgCtzMH0ptvZJslLM1ffsY4EuGaU0cx4XSdXLRFae8bPP4dS5xL1tNB3k2o/N64cHJpwU7dxKli/nZ2lUa5fLg==", + "license": "MIT", + "optional": true + }, + "node_modules/pg-connection-string": { + "version": "2.9.1", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.9.1.tgz", + "integrity": "sha512-nkc6NpDcvPVpZXxrreI/FOtX3XemeLl8E0qFr6F2Lrm/I8WOnaWNhIPK2Z7OHpw7gh5XJThi6j6ppgNoaT1w4w==", + "license": "MIT" + }, + "node_modules/pg-int8": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/pg-int8/-/pg-int8-1.0.1.tgz", + "integrity": "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==", + "license": "ISC", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/pg-pool": { + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.10.1.tgz", + "integrity": "sha512-Tu8jMlcX+9d8+QVzKIvM/uJtp07PKr82IUOYEphaWcoBhIYkoHpLXN3qO59nAI11ripznDsEzEv8nUxBVWajGg==", + "license": "MIT", + "peerDependencies": { + "pg": ">=8.0" + } + }, + "node_modules/pg-protocol": { + "version": "1.10.3", + "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.10.3.tgz", + "integrity": "sha512-6DIBgBQaTKDJyxnXaLiLR8wBpQQcGWuAESkRBX/t6OwA8YsqP+iVSiond2EDy6Y/dsGk8rh/jtax3js5NeV7JQ==", + "license": "MIT" + }, + "node_modules/pg-types": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/pg-types/-/pg-types-2.2.0.tgz", + "integrity": "sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==", + "license": "MIT", + "dependencies": { + "pg-int8": "1.0.1", + "postgres-array": "~2.0.0", + "postgres-bytea": "~1.0.0", + "postgres-date": "~1.0.4", + "postgres-interval": "^1.1.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/pgpass": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/pgpass/-/pgpass-1.0.5.tgz", + "integrity": "sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==", + "license": "MIT", + "dependencies": { + "split2": "^4.1.0" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "dev": true, + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pirates": { + "version": "4.0.7", + "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz", + "integrity": "sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, + "node_modules/pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "find-up": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^4.1.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-dir/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-dir/node_modules/p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^2.2.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/possible-typed-array-names": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.1.0.tgz", + "integrity": "sha512-/+5VFTchJDoVj3bhoqi6UeymcD00DAwb1nJwamzPvHEszJ4FpF6SNNbUbOS8yI56qHzdV8eK0qEfOSiodkTdxg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/postgres-array": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/postgres-array/-/postgres-array-2.0.0.tgz", + "integrity": "sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/postgres-bytea": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.0.tgz", + "integrity": "sha512-xy3pmLuQqRBZBXDULy7KbaitYqLcmxigw14Q5sj8QBVLqEwXfeybIKVWiqAXTlcvdvb0+xkOtDbfQMOf4lST1w==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-date": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/postgres-date/-/postgres-date-1.0.7.tgz", + "integrity": "sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-interval": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/postgres-interval/-/postgres-interval-1.2.0.tgz", + "integrity": "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==", + "license": "MIT", + "dependencies": { + "xtend": "^4.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/pretty-format": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", + "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jest/schemas": "^29.6.3", + "ansi-styles": "^5.0.0", + "react-is": "^18.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/pretty-format/node_modules/ansi-styles": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", + "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/pure-rand": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz", + "integrity": "sha512-bVWawvoZoBYpp6yIoQtQXHZjmz35RSVHnUOTefl8Vcjr8snTPY1wnpSPMWekcFwbxI6gtmT7rSYPFvz71ldiOA==", + "dev": true, + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/dubzzz" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fast-check" + } + ], + "license": "MIT" + }, + "node_modules/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/react-is": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", + "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", + "dev": true, + "license": "MIT" + }, + "node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/redis-errors": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz", + "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/redis-parser": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz", + "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==", + "license": "MIT", + "dependencies": { + "redis-errors": "^1.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/reflect-metadata": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz", + "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==", + "license": "Apache-2.0" + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/resolve": { + "version": "1.22.11", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.11.tgz", + "integrity": "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-core-module": "^2.16.1", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-cwd": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-cwd/-/resolve-cwd-3.0.0.tgz", + "integrity": "sha512-OrZaX2Mb+rJCpH/6CpSqt9xFVpN++x01XnN2ie9g6P5/3xelLAkXWVADpdz1IHD/KFfEXyE6V0U01OQ3UO2rEg==", + "dev": true, + "license": "MIT", + "dependencies": { + "resolve-from": "^5.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/resolve-cwd/node_modules/resolve-from": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", + "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/resolve-pkg-maps": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/resolve-pkg-maps/-/resolve-pkg-maps-1.0.0.tgz", + "integrity": "sha512-seS2Tj26TBVOC2NIc2rOe2y2ZO7efxITtLZcGSOnHHNOQ7CkiUBfw0Iw2ck6xkIhPwLhKNLS8BO+hEpngQlqzw==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/privatenumber/resolve-pkg-maps?sponsor=1" + } + }, + "node_modules/resolve.exports": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/resolve.exports/-/resolve.exports-2.0.3.tgz", + "integrity": "sha512-OcXjMsGdhL4XnbShKpAcSqPMzQoYkYyhbEaeSko47MjRP9NfEQMhZkXL1DoFlt9LWQn4YttrdnV6X2OiyzBi+A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/reusify": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", + "dev": true, + "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "deprecated": "Rimraf versions prior to v4 are no longer supported", + "dev": true, + "license": "ISC", + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safe-stable-stringify": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz", + "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/send": { + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.1.tgz", + "integrity": "sha512-p4rRk4f23ynFEfcD9LA0xRYngj+IyGiEYyqqOak8kaN0TvNmuxC2dcVeBn62GpCeR2CpWqyHCNScTP91QbAVFg==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/send/node_modules/debug/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/send/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/serve-static": { + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.19.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-static/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/serve-static/node_modules/debug/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/serve-static/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/serve-static/node_modules/send": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-static/node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/serve-static/node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/set-function-length": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/sha.js": { + "version": "2.4.12", + "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.12.tgz", + "integrity": "sha512-8LzC5+bvI45BjpfXU8V5fdU2mfeKiQe1D1gIMn7XUlF3OTUrpdJpPPH4EMAnF0DsHHdSZqCdSss5qCmJKuiO3w==", + "license": "(MIT AND BSD-3-Clause)", + "dependencies": { + "inherits": "^2.0.4", + "safe-buffer": "^5.2.1", + "to-buffer": "^1.2.0" + }, + "bin": { + "sha.js": "bin.js" + }, + "engines": { + "node": ">= 0.10" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "dev": true, + "license": "MIT" + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.13", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.13.tgz", + "integrity": "sha512-SHSKFHadjVA5oR4PPqhtAVdcBWwRYVd6g6cAXnIbRiIwc2EhPrTuKUBdSLvlEKyIP3GCf89fltvcZiP9MMFA1w==", + "dev": true, + "license": "MIT", + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/split2": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", + "license": "ISC", + "engines": { + "node": ">= 10.x" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/sql-highlight": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/sql-highlight/-/sql-highlight-6.1.0.tgz", + "integrity": "sha512-ed7OK4e9ywpE7pgRMkMQmZDPKSVdm0oX5IEtZiKnFucSF0zu6c80GZBe38UqHuVhTWJ9xsKgSMjCG2bml86KvA==", + "funding": [ + "https://github.com/scriptcoded/sql-highlight?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/scriptcoded" + } + ], + "license": "MIT", + "engines": { + "node": ">=14" + } + }, + "node_modules/stack-trace": { + "version": "0.0.10", + "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.10.tgz", + "integrity": "sha512-KGzahc7puUKkzyMt+IqAep+TVNbKP+k2Lmwhub39m1AsTSkaDutx56aDCo+HLDzf/D26BIHTJWNiTG1KAJiQCg==", + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/stack-utils": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-2.0.6.tgz", + "integrity": "sha512-XlkWvfIm6RmsWtNJx+uqtKLS8eqFbxUg0ZzLXqY0caEy9l7hruX8IpiDnjsLavoBgqCCR71TqWO8MaXYheJ3RQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/stack-utils/node_modules/escape-string-regexp": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz", + "integrity": "sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/standard-as-callback": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz", + "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==", + "license": "MIT" + }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/string_decoder": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.2.0" + } + }, + "node_modules/string-length": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/string-length/-/string-length-4.0.2.tgz", + "integrity": "sha512-+l6rNN5fYHNhZZy41RXsYptCjA2Igmq4EG7kZAYFQI1E1VTXarr6ZPXBg6eq7Y6eK4FEhY6AJlyuFIb/v/S0VQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "char-regex": "^1.0.2", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string-width-cjs": { + "name": "string-width", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi-cjs": { + "name": "strip-ansi", + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-bom": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz", + "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/swagger-jsdoc": { + "version": "6.2.8", + "resolved": "https://registry.npmjs.org/swagger-jsdoc/-/swagger-jsdoc-6.2.8.tgz", + "integrity": "sha512-VPvil1+JRpmJ55CgAtn8DIcpBs0bL5L3q5bVQvF4tAW/k/9JYSj7dCpaYCAv5rufe0vcCbBRQXGvzpkWjvLklQ==", + "license": "MIT", + "dependencies": { + "commander": "6.2.0", + "doctrine": "3.0.0", + "glob": "7.1.6", + "lodash.mergewith": "^4.6.2", + "swagger-parser": "^10.0.3", + "yaml": "2.0.0-1" + }, + "bin": { + "swagger-jsdoc": "bin/swagger-jsdoc.js" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/swagger-jsdoc/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/swagger-jsdoc/node_modules/glob": { + "version": "7.1.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", + "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", + "deprecated": "Glob versions prior to v9 are no longer supported", + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/swagger-jsdoc/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/swagger-parser": { + "version": "10.0.3", + "resolved": "https://registry.npmjs.org/swagger-parser/-/swagger-parser-10.0.3.tgz", + "integrity": "sha512-nF7oMeL4KypldrQhac8RyHerJeGPD1p2xDh900GPvc+Nk7nWP6jX2FcC7WmkinMoAmoO774+AFXcWsW8gMWEIg==", + "license": "MIT", + "dependencies": { + "@apidevtools/swagger-parser": "10.0.3" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/swagger-ui-dist": { + "version": "5.31.0", + "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.31.0.tgz", + "integrity": "sha512-zSUTIck02fSga6rc0RZP3b7J7wgHXwLea8ZjgLA3Vgnb8QeOl3Wou2/j5QkzSGeoz6HusP/coYuJl33aQxQZpg==", + "license": "Apache-2.0", + "dependencies": { + "@scarf/scarf": "=1.4.0" + } + }, + "node_modules/swagger-ui-express": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/swagger-ui-express/-/swagger-ui-express-5.0.1.tgz", + "integrity": "sha512-SrNU3RiBGTLLmFU8GIJdOdanJTl4TOmT27tt3bWWHppqYmAZ6IDuEuBvMU6nZq0zLEe6b/1rACXCgLZqO6ZfrA==", + "license": "MIT", + "dependencies": { + "swagger-ui-dist": ">=5.0.0" + }, + "engines": { + "node": ">= v0.10.32" + }, + "peerDependencies": { + "express": ">=4.0.0 || >=5.0.0-beta" + } + }, + "node_modules/test-exclude": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", + "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", + "dev": true, + "license": "ISC", + "dependencies": { + "@istanbuljs/schema": "^0.1.2", + "glob": "^7.1.4", + "minimatch": "^3.0.4" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/test-exclude/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/test-exclude/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/text-hex": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", + "integrity": "sha512-uuVGNWzgJ4yhRaNSiubPY7OjISw4sw4E5Uv0wbjp+OzcbmVU/rsT8ujgcXJhn9ypzsgr5vlzpPqP+MBBKcGvbg==", + "license": "MIT" + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==", + "dev": true, + "license": "MIT" + }, + "node_modules/tmpl": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", + "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/to-buffer": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/to-buffer/-/to-buffer-1.2.2.tgz", + "integrity": "sha512-db0E3UJjcFhpDhAF4tLo03oli3pwl3dbnzXOUIlRKrp+ldk/VUxzpWYZENsw2SZiuBjHAk7DfB0VU7NKdpb6sw==", + "license": "MIT", + "dependencies": { + "isarray": "^2.0.5", + "safe-buffer": "^5.2.1", + "typed-array-buffer": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/triple-beam": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz", + "integrity": "sha512-aZbgViZrg1QNcG+LULa7nhZpJTZSLm/mXnHXnbAbjmN5aSa0y7V+wvv6+4WaBtpISJzThKy+PIPxc1Nq1EJ9mg==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/ts-api-utils": { + "version": "1.4.3", + "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-1.4.3.tgz", + "integrity": "sha512-i3eMG77UTMD0hZhgRS562pv83RC6ukSAC2GMNWc+9dieh/+jDM5u5YG+NHX6VNDRHQcHwmsTHctP9LhbC3WxVw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=16" + }, + "peerDependencies": { + "typescript": ">=4.2.0" + } + }, + "node_modules/ts-jest": { + "version": "29.4.6", + "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.6.tgz", + "integrity": "sha512-fSpWtOO/1AjSNQguk43hb/JCo16oJDnMJf3CdEGNkqsEX3t0KX96xvyX1D7PfLCpVoKu4MfVrqUkFyblYoY4lA==", + "dev": true, + "license": "MIT", + "dependencies": { + "bs-logger": "^0.2.6", + "fast-json-stable-stringify": "^2.1.0", + "handlebars": "^4.7.8", + "json5": "^2.2.3", + "lodash.memoize": "^4.1.2", + "make-error": "^1.3.6", + "semver": "^7.7.3", + "type-fest": "^4.41.0", + "yargs-parser": "^21.1.1" + }, + "bin": { + "ts-jest": "cli.js" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || ^18.0.0 || >=20.0.0" + }, + "peerDependencies": { + "@babel/core": ">=7.0.0-beta.0 <8", + "@jest/transform": "^29.0.0 || ^30.0.0", + "@jest/types": "^29.0.0 || ^30.0.0", + "babel-jest": "^29.0.0 || ^30.0.0", + "jest": "^29.0.0 || ^30.0.0", + "jest-util": "^29.0.0 || ^30.0.0", + "typescript": ">=4.3 <6" + }, + "peerDependenciesMeta": { + "@babel/core": { + "optional": true + }, + "@jest/transform": { + "optional": true + }, + "@jest/types": { + "optional": true + }, + "babel-jest": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "jest-util": { + "optional": true + } + } + }, + "node_modules/ts-jest/node_modules/type-fest": { + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", + "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "dev": true, + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + }, + "node_modules/tsx": { + "version": "4.21.0", + "resolved": "https://registry.npmjs.org/tsx/-/tsx-4.21.0.tgz", + "integrity": "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw==", + "dev": true, + "license": "MIT", + "dependencies": { + "esbuild": "~0.27.0", + "get-tsconfig": "^4.7.5" + }, + "bin": { + "tsx": "dist/cli.mjs" + }, + "engines": { + "node": ">=18.0.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + } + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-detect": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "dev": true, + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/typed-array-buffer": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.3.tgz", + "integrity": "sha512-nAYYwfY3qnzX30IkA6AQZjVbtK6duGontcQm1WSG1MD94YLqK0515GNApXkoxKOWMusVssAHWLh9SeaoefYFGw==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.3", + "es-errors": "^1.3.0", + "is-typed-array": "^1.1.14" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/typeorm": { + "version": "0.3.28", + "resolved": "https://registry.npmjs.org/typeorm/-/typeorm-0.3.28.tgz", + "integrity": "sha512-6GH7wXhtfq2D33ZuRXYwIsl/qM5685WZcODZb7noOOcRMteM9KF2x2ap3H0EBjnSV0VO4gNAfJT5Ukp0PkOlvg==", + "license": "MIT", + "dependencies": { + "@sqltools/formatter": "^1.2.5", + "ansis": "^4.2.0", + "app-root-path": "^3.1.0", + "buffer": "^6.0.3", + "dayjs": "^1.11.19", + "debug": "^4.4.3", + "dedent": "^1.7.0", + "dotenv": "^16.6.1", + "glob": "^10.5.0", + "reflect-metadata": "^0.2.2", + "sha.js": "^2.4.12", + "sql-highlight": "^6.1.0", + "tslib": "^2.8.1", + "uuid": "^11.1.0", + "yargs": "^17.7.2" + }, + "bin": { + "typeorm": "cli.js", + "typeorm-ts-node-commonjs": "cli-ts-node-commonjs.js", + "typeorm-ts-node-esm": "cli-ts-node-esm.js" + }, + "engines": { + "node": ">=16.13.0" + }, + "funding": { + "url": "https://opencollective.com/typeorm" + }, + "peerDependencies": { + "@google-cloud/spanner": "^5.18.0 || ^6.0.0 || ^7.0.0 || ^8.0.0", + "@sap/hana-client": "^2.14.22", + "better-sqlite3": "^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^12.0.0", + "ioredis": "^5.0.4", + "mongodb": "^5.8.0 || ^6.0.0", + "mssql": "^9.1.1 || ^10.0.0 || ^11.0.0 || ^12.0.0", + "mysql2": "^2.2.5 || ^3.0.1", + "oracledb": "^6.3.0", + "pg": "^8.5.1", + "pg-native": "^3.0.0", + "pg-query-stream": "^4.0.0", + "redis": "^3.1.1 || ^4.0.0 || ^5.0.14", + "sql.js": "^1.4.0", + "sqlite3": "^5.0.3", + "ts-node": "^10.7.0", + "typeorm-aurora-data-api-driver": "^2.0.0 || ^3.0.0" + }, + "peerDependenciesMeta": { + "@google-cloud/spanner": { + "optional": true + }, + "@sap/hana-client": { + "optional": true + }, + "better-sqlite3": { + "optional": true + }, + "ioredis": { + "optional": true + }, + "mongodb": { + "optional": true + }, + "mssql": { + "optional": true + }, + "mysql2": { + "optional": true + }, + "oracledb": { + "optional": true + }, + "pg": { + "optional": true + }, + "pg-native": { + "optional": true + }, + "pg-query-stream": { + "optional": true + }, + "redis": { + "optional": true + }, + "sql.js": { + "optional": true + }, + "sqlite3": { + "optional": true + }, + "ts-node": { + "optional": true + }, + "typeorm-aurora-data-api-driver": { + "optional": true + } + } + }, + "node_modules/typeorm/node_modules/glob": { + "version": "10.5.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz", + "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==", + "license": "ISC", + "dependencies": { + "foreground-child": "^3.1.0", + "jackspeak": "^3.1.2", + "minimatch": "^9.0.4", + "minipass": "^7.1.2", + "package-json-from-dist": "^1.0.0", + "path-scurry": "^1.11.1" + }, + "bin": { + "glob": "dist/esm/bin.mjs" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/typeorm/node_modules/minimatch": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", + "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/typeorm/node_modules/uuid": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.0.tgz", + "integrity": "sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "license": "MIT", + "bin": { + "uuid": "dist/esm/bin/uuid" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/uglify-js": { + "version": "3.19.3", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz", + "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==", + "dev": true, + "license": "BSD-2-Clause", + "optional": true, + "bin": { + "uglifyjs": "bin/uglifyjs" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/undici-types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.2.tgz", + "integrity": "sha512-E85pfNzMQ9jpKkA7+TJAi4TJN+tBCuWh5rUcS/sv6cFi+1q9LYDwDI5dpUL0u/73EElyQ8d3TEaeW4sPedBqYA==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "license": "MIT" + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/uuid": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/v8-to-istanbul": { + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/v8-to-istanbul/-/v8-to-istanbul-9.3.0.tgz", + "integrity": "sha512-kiGUalWN+rgBJ/1OHZsBtU4rXZOfj/7rKQxULKlIzwzQSvMJUUNgPwJEEh7gU6xEVxC0ahoOBvN2YI8GH6FNgA==", + "dev": true, + "license": "ISC", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.12", + "@types/istanbul-lib-coverage": "^2.0.1", + "convert-source-map": "^2.0.0" + }, + "engines": { + "node": ">=10.12.0" + } + }, + "node_modules/validator": { + "version": "13.15.23", + "resolved": "https://registry.npmjs.org/validator/-/validator-13.15.23.tgz", + "integrity": "sha512-4yoz1kEWqUjzi5zsPbAS/903QXSYp0UOtHsPpp7p9rHAw/W+dkInskAE386Fat3oKRROwO98d9ZB0G4cObgUyw==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/walker": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", + "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "makeerror": "1.0.12" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/which-typed-array": { + "version": "1.1.19", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.19.tgz", + "integrity": "sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==", + "license": "MIT", + "dependencies": { + "available-typed-arrays": "^1.0.7", + "call-bind": "^1.0.8", + "call-bound": "^1.0.4", + "for-each": "^0.3.5", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-tostringtag": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/winston": { + "version": "3.19.0", + "resolved": "https://registry.npmjs.org/winston/-/winston-3.19.0.tgz", + "integrity": "sha512-LZNJgPzfKR+/J3cHkxcpHKpKKvGfDZVPS4hfJCc4cCG0CgYzvlD6yE/S3CIL/Yt91ak327YCpiF/0MyeZHEHKA==", + "license": "MIT", + "dependencies": { + "@colors/colors": "^1.6.0", + "@dabh/diagnostics": "^2.0.8", + "async": "^3.2.3", + "is-stream": "^2.0.0", + "logform": "^2.7.0", + "one-time": "^1.0.0", + "readable-stream": "^3.4.0", + "safe-stable-stringify": "^2.3.1", + "stack-trace": "0.0.x", + "triple-beam": "^1.3.0", + "winston-transport": "^4.9.0" + }, + "engines": { + "node": ">= 12.0.0" + } + }, + "node_modules/winston-transport": { + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.9.0.tgz", + "integrity": "sha512-8drMJ4rkgaPo1Me4zD/3WLfI/zPdA9o2IipKODunnGDcuqbHwjsbB79ylv04LCGGzU0xQ6vTznOMpQGaLhhm6A==", + "license": "MIT", + "dependencies": { + "logform": "^2.7.0", + "readable-stream": "^3.6.2", + "triple-beam": "^1.3.0" + }, + "engines": { + "node": ">= 12.0.0" + } + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi-cjs": { + "name": "wrap-ansi", + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + }, + "node_modules/write-file-atomic": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", + "integrity": "sha512-7KxauUdBmSdWnmpaGFg+ppNjKF8uNLry8LyzjauQDOVONfFLNKrKvQOxZ/VuTIcS/gge/YNahf5RIIQWTSarlg==", + "dev": true, + "license": "ISC", + "dependencies": { + "imurmurhash": "^0.1.4", + "signal-exit": "^3.0.7" + }, + "engines": { + "node": "^12.13.0 || ^14.15.0 || >=16.0.0" + } + }, + "node_modules/xtend": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "license": "MIT", + "engines": { + "node": ">=0.4" + } + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "license": "ISC", + "engines": { + "node": ">=10" + } + }, + "node_modules/yallist": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "dev": true, + "license": "ISC" + }, + "node_modules/yaml": { + "version": "2.0.0-1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.0.0-1.tgz", + "integrity": "sha512-W7h5dEhywMKenDJh2iX/LABkbFnBxasD27oyXWDS/feDsxiw0dD5ncXdYXgkvAsXIY2MpW/ZKkr9IU30DBdMNQ==", + "license": "ISC", + "engines": { + "node": ">= 6" + } + }, + "node_modules/yargs": { + "version": "17.7.2", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz", + "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==", + "license": "MIT", + "dependencies": { + "cliui": "^8.0.1", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.3", + "y18n": "^5.0.5", + "yargs-parser": "^21.1.1" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/yargs-parser": { + "version": "21.1.1", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz", + "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/z-schema": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/z-schema/-/z-schema-5.0.5.tgz", + "integrity": "sha512-D7eujBWkLa3p2sIpJA0d1pr7es+a7m0vFAnZLlCEKq/Ij2k0MLi9Br2UPxoxdYystm5K1yeBGzub0FlYUEWj2Q==", + "license": "MIT", + "dependencies": { + "lodash.get": "^4.4.2", + "lodash.isequal": "^4.5.0", + "validator": "^13.7.0" + }, + "bin": { + "z-schema": "bin/z-schema" + }, + "engines": { + "node": ">=8.0.0" + }, + "optionalDependencies": { + "commander": "^9.4.1" + } + }, + "node_modules/z-schema/node_modules/commander": { + "version": "9.5.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.5.0.tgz", + "integrity": "sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==", + "license": "MIT", + "optional": true, + "engines": { + "node": "^12.20.0 || >=14" + } + }, + "node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + } + } +} diff --git a/backend/package.json b/backend/package.json new file mode 100644 index 0000000..427afb7 --- /dev/null +++ b/backend/package.json @@ -0,0 +1,59 @@ +{ + "name": "@erp-generic/backend", + "version": "0.1.0", + "description": "ERP Generic Backend API", + "main": "dist/index.js", + "scripts": { + "dev": "tsx watch src/index.ts", + "build": "tsc", + "start": "node dist/index.js", + "lint": "eslint src --ext .ts", + "test": "jest", + "test:watch": "jest --watch", + "test:coverage": "jest --coverage" + }, + "dependencies": { + "bcryptjs": "^2.4.3", + "compression": "^1.7.4", + "cors": "^2.8.5", + "dotenv": "^16.3.1", + "express": "^4.18.2", + "helmet": "^7.1.0", + "ioredis": "^5.8.2", + "jsonwebtoken": "^9.0.2", + "morgan": "^1.10.0", + "pg": "^8.11.3", + "reflect-metadata": "^0.2.2", + "swagger-jsdoc": "^6.2.8", + "swagger-ui-express": "^5.0.1", + "typeorm": "^0.3.28", + "uuid": "^9.0.1", + "winston": "^3.11.0", + "zod": "^3.22.4" + }, + "devDependencies": { + "@types/bcryptjs": "^2.4.6", + "@types/compression": "^1.7.5", + "@types/cors": "^2.8.17", + "@types/express": "^4.17.21", + "@types/ioredis": "^4.28.10", + "@types/jest": "^29.5.11", + "@types/jsonwebtoken": "^9.0.5", + "@types/morgan": "^1.9.9", + "@types/node": "^20.10.4", + "@types/pg": "^8.10.9", + "@types/swagger-jsdoc": "^6.0.4", + "@types/swagger-ui-express": "^4.1.8", + "@types/uuid": "^9.0.7", + "@typescript-eslint/eslint-plugin": "^6.14.0", + "@typescript-eslint/parser": "^6.14.0", + "eslint": "^8.56.0", + "jest": "^29.7.0", + "ts-jest": "^29.1.1", + "tsx": "^4.6.2", + "typescript": "^5.3.3" + }, + "engines": { + "node": ">=20.0.0" + } +} diff --git a/backend/service.descriptor.yml b/backend/service.descriptor.yml new file mode 100644 index 0000000..3eada79 --- /dev/null +++ b/backend/service.descriptor.yml @@ -0,0 +1,134 @@ +# ============================================================================== +# SERVICE DESCRIPTOR - ERP CORE API +# ============================================================================== +# API central del ERP Suite +# Mantenido por: Backend-Agent +# Actualizado: 2025-12-18 +# ============================================================================== + +version: "1.0.0" + +# ------------------------------------------------------------------------------ +# IDENTIFICACION DEL SERVICIO +# ------------------------------------------------------------------------------ +service: + name: "erp-core-api" + display_name: "ERP Core API" + description: "API central con funcionalidad compartida del ERP" + type: "backend" + runtime: "node" + framework: "nestjs" + owner_agent: "NEXUS-BACKEND" + +# ------------------------------------------------------------------------------ +# CONFIGURACION DE PUERTOS +# ------------------------------------------------------------------------------ +ports: + internal: 3010 + registry_ref: "projects.erp_suite.services.api" + protocol: "http" + +# ------------------------------------------------------------------------------ +# CONFIGURACION DE BASE DE DATOS +# ------------------------------------------------------------------------------ +database: + registry_ref: "erp_core" + schemas: + - "public" + - "auth" + - "core" + role: "runtime" + +# ------------------------------------------------------------------------------ +# DEPENDENCIAS +# ------------------------------------------------------------------------------ +dependencies: + services: + - name: "postgres" + type: "database" + required: true + - name: "redis" + type: "cache" + required: false + +# ------------------------------------------------------------------------------ +# MODULOS +# ------------------------------------------------------------------------------ +modules: + auth: + description: "Autenticacion y sesiones" + endpoints: + - { path: "/auth/login", method: "POST" } + - { path: "/auth/register", method: "POST" } + - { path: "/auth/refresh", method: "POST" } + - { path: "/auth/logout", method: "POST" } + + users: + description: "Gestion de usuarios" + endpoints: + - { path: "/users", method: "GET" } + - { path: "/users/:id", method: "GET" } + - { path: "/users", method: "POST" } + - { path: "/users/:id", method: "PUT" } + + companies: + description: "Gestion de empresas" + endpoints: + - { path: "/companies", method: "GET" } + - { path: "/companies/:id", method: "GET" } + - { path: "/companies", method: "POST" } + + tenants: + description: "Multi-tenancy" + endpoints: + - { path: "/tenants", method: "GET" } + - { path: "/tenants/:id", method: "GET" } + + core: + description: "Catalogos base" + submodules: + - countries + - currencies + - uom + - sequences + +# ------------------------------------------------------------------------------ +# DOCKER +# ------------------------------------------------------------------------------ +docker: + image: "erp-core-api" + dockerfile: "Dockerfile" + networks: + - "erp_core_${ENV:-local}" + - "infra_shared" + labels: + traefik: + enable: true + router: "erp-core-api" + rule: "Host(`api.erp.localhost`)" + +# ------------------------------------------------------------------------------ +# HEALTH CHECK +# ------------------------------------------------------------------------------ +healthcheck: + endpoint: "/health" + interval: "30s" + timeout: "5s" + retries: 3 + +# ------------------------------------------------------------------------------ +# ESTADO +# ------------------------------------------------------------------------------ +status: + phase: "development" + version: "0.1.0" + completeness: 25 + +# ------------------------------------------------------------------------------ +# METADATA +# ------------------------------------------------------------------------------ +metadata: + created_at: "2025-12-18" + created_by: "Backend-Agent" + project: "erp-suite" + team: "erp-team" diff --git a/backend/src/app.ts b/backend/src/app.ts new file mode 100644 index 0000000..d98076d --- /dev/null +++ b/backend/src/app.ts @@ -0,0 +1,112 @@ +import express, { Application, Request, Response, NextFunction } from 'express'; +import cors from 'cors'; +import helmet from 'helmet'; +import compression from 'compression'; +import morgan from 'morgan'; +import { config } from './config/index.js'; +import { logger } from './shared/utils/logger.js'; +import { AppError, ApiResponse } from './shared/types/index.js'; +import { setupSwagger } from './config/swagger.config.js'; +import authRoutes from './modules/auth/auth.routes.js'; +import apiKeysRoutes from './modules/auth/apiKeys.routes.js'; +import usersRoutes from './modules/users/users.routes.js'; +import { rolesRoutes, permissionsRoutes } from './modules/roles/index.js'; +import { tenantsRoutes } from './modules/tenants/index.js'; +import companiesRoutes from './modules/companies/companies.routes.js'; +import coreRoutes from './modules/core/core.routes.js'; +import partnersRoutes from './modules/partners/partners.routes.js'; +import inventoryRoutes from './modules/inventory/inventory.routes.js'; +import financialRoutes from './modules/financial/financial.routes.js'; +import purchasesRoutes from './modules/purchases/purchases.routes.js'; +import salesRoutes from './modules/sales/sales.routes.js'; +import projectsRoutes from './modules/projects/projects.routes.js'; +import systemRoutes from './modules/system/system.routes.js'; +import crmRoutes from './modules/crm/crm.routes.js'; +import hrRoutes from './modules/hr/hr.routes.js'; +import reportsRoutes from './modules/reports/reports.routes.js'; + +const app: Application = express(); + +// Security middleware +app.use(helmet()); +app.use(cors({ + origin: config.cors.origin, + credentials: true, +})); + +// Request parsing +app.use(express.json({ limit: '10mb' })); +app.use(express.urlencoded({ extended: true })); +app.use(compression()); + +// Logging +const morganFormat = config.env === 'production' ? 'combined' : 'dev'; +app.use(morgan(morganFormat, { + stream: { write: (message) => logger.http(message.trim()) } +})); + +// Swagger documentation +const apiPrefix = config.apiPrefix; +setupSwagger(app, apiPrefix); + +// Health check +app.get('/health', (_req: Request, res: Response) => { + res.json({ status: 'ok', timestamp: new Date().toISOString() }); +}); + +// API routes +app.use(`${apiPrefix}/auth`, authRoutes); +app.use(`${apiPrefix}/auth/api-keys`, apiKeysRoutes); +app.use(`${apiPrefix}/users`, usersRoutes); +app.use(`${apiPrefix}/roles`, rolesRoutes); +app.use(`${apiPrefix}/permissions`, permissionsRoutes); +app.use(`${apiPrefix}/tenants`, tenantsRoutes); +app.use(`${apiPrefix}/companies`, companiesRoutes); +app.use(`${apiPrefix}/core`, coreRoutes); +app.use(`${apiPrefix}/partners`, partnersRoutes); +app.use(`${apiPrefix}/inventory`, inventoryRoutes); +app.use(`${apiPrefix}/financial`, financialRoutes); +app.use(`${apiPrefix}/purchases`, purchasesRoutes); +app.use(`${apiPrefix}/sales`, salesRoutes); +app.use(`${apiPrefix}/projects`, projectsRoutes); +app.use(`${apiPrefix}/system`, systemRoutes); +app.use(`${apiPrefix}/crm`, crmRoutes); +app.use(`${apiPrefix}/hr`, hrRoutes); +app.use(`${apiPrefix}/reports`, reportsRoutes); + +// 404 handler +app.use((_req: Request, res: Response) => { + const response: ApiResponse = { + success: false, + error: 'Endpoint no encontrado' + }; + res.status(404).json(response); +}); + +// Global error handler +app.use((err: Error, _req: Request, res: Response, _next: NextFunction) => { + logger.error('Unhandled error', { + error: err.message, + stack: err.stack, + name: err.name + }); + + if (err instanceof AppError) { + const response: ApiResponse = { + success: false, + error: err.message, + }; + return res.status(err.statusCode).json(response); + } + + // Generic error + const response: ApiResponse = { + success: false, + error: config.env === 'production' + ? 'Error interno del servidor' + : err.message, + }; + res.status(500).json(response); +}); + +export default app; diff --git a/backend/src/config/database.ts b/backend/src/config/database.ts new file mode 100644 index 0000000..7df470d --- /dev/null +++ b/backend/src/config/database.ts @@ -0,0 +1,69 @@ +import { Pool, PoolConfig, PoolClient } from 'pg'; + +// Re-export PoolClient for use in services +export type { PoolClient }; +import { config } from './index.js'; +import { logger } from '../shared/utils/logger.js'; + +const poolConfig: PoolConfig = { + host: config.database.host, + port: config.database.port, + database: config.database.name, + user: config.database.user, + password: config.database.password, + max: 20, + idleTimeoutMillis: 30000, + connectionTimeoutMillis: 2000, +}; + +export const pool = new Pool(poolConfig); + +pool.on('connect', () => { + logger.debug('New database connection established'); +}); + +pool.on('error', (err) => { + logger.error('Unexpected database error', { error: err.message }); +}); + +export async function testConnection(): Promise { + try { + const client = await pool.connect(); + const result = await client.query('SELECT NOW()'); + client.release(); + logger.info('Database connection successful', { timestamp: result.rows[0].now }); + return true; + } catch (error) { + logger.error('Database connection failed', { error: (error as Error).message }); + return false; + } +} + +export async function query(text: string, params?: any[]): Promise { + const start = Date.now(); + const result = await pool.query(text, params); + const duration = Date.now() - start; + + logger.debug('Query executed', { + text: text.substring(0, 100), + duration: `${duration}ms`, + rows: result.rowCount + }); + + return result.rows as T[]; +} + +export async function queryOne(text: string, params?: any[]): Promise { + const rows = await query(text, params); + return rows[0] || null; +} + +export async function getClient() { + const client = await pool.connect(); + return client; +} + +export async function closePool(): Promise { + await pool.end(); + logger.info('Database pool closed'); +} diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts new file mode 100644 index 0000000..e612525 --- /dev/null +++ b/backend/src/config/index.ts @@ -0,0 +1,35 @@ +import dotenv from 'dotenv'; +import path from 'path'; + +// Load .env file +dotenv.config({ path: path.resolve(__dirname, '../../.env') }); + +export const config = { + env: process.env.NODE_ENV || 'development', + port: parseInt(process.env.PORT || '3000', 10), + apiPrefix: process.env.API_PREFIX || '/api/v1', + + database: { + host: process.env.DB_HOST || 'localhost', + port: parseInt(process.env.DB_PORT || '5432', 10), + name: process.env.DB_NAME || 'erp_generic', + user: process.env.DB_USER || 'erp_admin', + password: process.env.DB_PASSWORD || '', + }, + + jwt: { + secret: process.env.JWT_SECRET || 'change-this-secret', + expiresIn: process.env.JWT_EXPIRES_IN || '24h', + refreshExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d', + }, + + logging: { + level: process.env.LOG_LEVEL || 'info', + }, + + cors: { + origin: process.env.CORS_ORIGIN || 'http://localhost:5173', + }, +} as const; + +export type Config = typeof config; diff --git a/backend/src/config/redis.ts b/backend/src/config/redis.ts new file mode 100644 index 0000000..445050c --- /dev/null +++ b/backend/src/config/redis.ts @@ -0,0 +1,178 @@ +import Redis from 'ioredis'; +import { logger } from '../shared/utils/logger.js'; + +/** + * Configuración de Redis para blacklist de tokens JWT + */ +const redisConfig = { + host: process.env.REDIS_HOST || 'localhost', + port: parseInt(process.env.REDIS_PORT || '6379', 10), + password: process.env.REDIS_PASSWORD || undefined, + + // Configuración de reconexión + retryStrategy(times: number) { + const delay = Math.min(times * 50, 2000); + return delay; + }, + + // Timeouts + connectTimeout: 10000, + maxRetriesPerRequest: 3, + + // Logging de eventos + lazyConnect: true, // No conectar automáticamente, esperar a connect() +}; + +/** + * Cliente Redis para blacklist de tokens + */ +export const redisClient = new Redis(redisConfig); + +// Event listeners +redisClient.on('connect', () => { + logger.info('Redis client connecting...', { + host: redisConfig.host, + port: redisConfig.port, + }); +}); + +redisClient.on('ready', () => { + logger.info('Redis client ready'); +}); + +redisClient.on('error', (error) => { + logger.error('Redis client error', { + error: error.message, + stack: error.stack, + }); +}); + +redisClient.on('close', () => { + logger.warn('Redis connection closed'); +}); + +redisClient.on('reconnecting', () => { + logger.info('Redis client reconnecting...'); +}); + +/** + * Inicializa la conexión a Redis + * @returns Promise - true si la conexión fue exitosa + */ +export async function initializeRedis(): Promise { + try { + await redisClient.connect(); + + // Test de conexión + await redisClient.ping(); + + logger.info('Redis connection successful', { + host: redisConfig.host, + port: redisConfig.port, + }); + + return true; + } catch (error) { + logger.error('Failed to connect to Redis', { + error: (error as Error).message, + host: redisConfig.host, + port: redisConfig.port, + }); + + // Redis es opcional, no debe detener la app + logger.warn('Application will continue without Redis (token blacklist disabled)'); + return false; + } +} + +/** + * Cierra la conexión a Redis + */ +export async function closeRedis(): Promise { + try { + await redisClient.quit(); + logger.info('Redis connection closed gracefully'); + } catch (error) { + logger.error('Error closing Redis connection', { + error: (error as Error).message, + }); + + // Forzar desconexión si quit() falla + redisClient.disconnect(); + } +} + +/** + * Verifica si Redis está conectado + */ +export function isRedisConnected(): boolean { + return redisClient.status === 'ready'; +} + +// ===== Utilidades para Token Blacklist ===== + +/** + * Agrega un token a la blacklist + * @param token - Token JWT a invalidar + * @param expiresIn - Tiempo de expiración en segundos + */ +export async function blacklistToken(token: string, expiresIn: number): Promise { + if (!isRedisConnected()) { + logger.warn('Cannot blacklist token: Redis not connected'); + return; + } + + try { + const key = `blacklist:${token}`; + await redisClient.setex(key, expiresIn, '1'); + logger.debug('Token added to blacklist', { expiresIn }); + } catch (error) { + logger.error('Error blacklisting token', { + error: (error as Error).message, + }); + } +} + +/** + * Verifica si un token está en la blacklist + * @param token - Token JWT a verificar + * @returns Promise - true si el token está en blacklist + */ +export async function isTokenBlacklisted(token: string): Promise { + if (!isRedisConnected()) { + logger.warn('Cannot check blacklist: Redis not connected'); + return false; // Si Redis no está disponible, permitir el acceso + } + + try { + const key = `blacklist:${token}`; + const result = await redisClient.get(key); + return result !== null; + } catch (error) { + logger.error('Error checking token blacklist', { + error: (error as Error).message, + }); + return false; // En caso de error, no bloquear el acceso + } +} + +/** + * Limpia tokens expirados de la blacklist + * Nota: Redis hace esto automáticamente con SETEX, esta función es para uso manual si es necesario + */ +export async function cleanupBlacklist(): Promise { + if (!isRedisConnected()) { + logger.warn('Cannot cleanup blacklist: Redis not connected'); + return; + } + + try { + // Redis maneja automáticamente la expiración con SETEX + // Esta función está disponible para limpieza manual si se necesita + logger.info('Blacklist cleanup completed (handled by Redis TTL)'); + } catch (error) { + logger.error('Error during blacklist cleanup', { + error: (error as Error).message, + }); + } +} diff --git a/backend/src/config/swagger.config.ts b/backend/src/config/swagger.config.ts new file mode 100644 index 0000000..0623bb6 --- /dev/null +++ b/backend/src/config/swagger.config.ts @@ -0,0 +1,200 @@ +/** + * Swagger/OpenAPI Configuration for ERP Generic Core + */ + +import swaggerJSDoc from 'swagger-jsdoc'; +import { Express } from 'express'; +import swaggerUi from 'swagger-ui-express'; +import path from 'path'; +import { fileURLToPath } from 'url'; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = path.dirname(__filename); + +// Swagger definition +const swaggerDefinition = { + openapi: '3.0.0', + info: { + title: 'ERP Generic - Core API', + version: '0.1.0', + description: ` + API para el sistema ERP genérico multitenant. + + ## Características principales + - Autenticación JWT y gestión de sesiones + - Multi-tenant con aislamiento de datos por empresa + - Gestión financiera y contable completa + - Control de inventario y almacenes + - Módulos de compras y ventas + - CRM y gestión de partners (clientes, proveedores) + - Proyectos y recursos humanos + - Sistema de permisos granular mediante API Keys + + ## Autenticación + Todos los endpoints requieren autenticación mediante Bearer Token (JWT). + El token debe incluirse en el header Authorization: Bearer + + ## Multi-tenant + El sistema identifica automáticamente la empresa (tenant) del usuario autenticado + y filtra todos los datos según el contexto de la empresa. + `, + contact: { + name: 'ERP Generic Support', + email: 'support@erpgeneric.com', + }, + license: { + name: 'Proprietary', + }, + }, + servers: [ + { + url: 'http://localhost:3003/api/v1', + description: 'Desarrollo local', + }, + { + url: 'https://api.erpgeneric.com/api/v1', + description: 'Producción', + }, + ], + tags: [ + { name: 'Auth', description: 'Autenticación y autorización (JWT)' }, + { name: 'Users', description: 'Gestión de usuarios y perfiles' }, + { name: 'Companies', description: 'Gestión de empresas (multi-tenant)' }, + { name: 'Core', description: 'Configuración central y parámetros del sistema' }, + { name: 'Partners', description: 'Gestión de partners (clientes, proveedores, contactos)' }, + { name: 'Inventory', description: 'Control de inventario, productos y almacenes' }, + { name: 'Financial', description: 'Gestión financiera, contable y movimientos' }, + { name: 'Purchases', description: 'Módulo de compras y órdenes de compra' }, + { name: 'Sales', description: 'Módulo de ventas, cotizaciones y pedidos' }, + { name: 'Projects', description: 'Gestión de proyectos y tareas' }, + { name: 'System', description: 'Configuración del sistema, logs y auditoría' }, + { name: 'CRM', description: 'CRM, oportunidades y seguimiento comercial' }, + { name: 'HR', description: 'Recursos humanos, empleados y nómina' }, + { name: 'Reports', description: 'Reportes y analíticas del sistema' }, + { name: 'Health', description: 'Health checks y monitoreo' }, + ], + components: { + securitySchemes: { + BearerAuth: { + type: 'http', + scheme: 'bearer', + bearerFormat: 'JWT', + description: 'Token JWT obtenido del endpoint de login', + }, + ApiKeyAuth: { + type: 'apiKey', + in: 'header', + name: 'X-API-Key', + description: 'API Key para operaciones administrativas específicas', + }, + }, + schemas: { + ApiResponse: { + type: 'object', + properties: { + success: { + type: 'boolean', + }, + data: { + type: 'object', + }, + error: { + type: 'string', + }, + }, + }, + PaginatedResponse: { + type: 'object', + properties: { + success: { + type: 'boolean', + example: true, + }, + data: { + type: 'array', + items: { + type: 'object', + }, + }, + pagination: { + type: 'object', + properties: { + page: { + type: 'integer', + example: 1, + }, + limit: { + type: 'integer', + example: 20, + }, + total: { + type: 'integer', + example: 100, + }, + totalPages: { + type: 'integer', + example: 5, + }, + }, + }, + }, + }, + }, + }, + security: [ + { + BearerAuth: [], + }, + ], +}; + +// Options for swagger-jsdoc +const options: swaggerJSDoc.Options = { + definition: swaggerDefinition, + // Path to the API routes for JSDoc comments + apis: [ + path.join(__dirname, '../modules/**/*.routes.ts'), + path.join(__dirname, '../modules/**/*.routes.js'), + path.join(__dirname, '../docs/openapi.yaml'), + ], +}; + +// Initialize swagger-jsdoc +const swaggerSpec = swaggerJSDoc(options); + +/** + * Setup Swagger documentation for Express app + */ +export function setupSwagger(app: Express, prefix: string = '/api/v1') { + // Swagger UI options + const swaggerUiOptions = { + customCss: ` + .swagger-ui .topbar { display: none } + .swagger-ui .info { margin: 50px 0; } + .swagger-ui .info .title { font-size: 36px; } + `, + customSiteTitle: 'ERP Generic - API Documentation', + swaggerOptions: { + persistAuthorization: true, + displayRequestDuration: true, + filter: true, + tagsSorter: 'alpha', + operationsSorter: 'alpha', + }, + }; + + // Serve Swagger UI + app.use(`${prefix}/docs`, swaggerUi.serve); + app.get(`${prefix}/docs`, swaggerUi.setup(swaggerSpec, swaggerUiOptions)); + + // Serve OpenAPI spec as JSON + app.get(`${prefix}/docs.json`, (req, res) => { + res.setHeader('Content-Type', 'application/json'); + res.send(swaggerSpec); + }); + + console.log(`📚 Swagger docs available at: http://localhost:${process.env.PORT || 3003}${prefix}/docs`); + console.log(`📄 OpenAPI spec JSON at: http://localhost:${process.env.PORT || 3003}${prefix}/docs.json`); +} + +export { swaggerSpec }; diff --git a/backend/src/config/typeorm.ts b/backend/src/config/typeorm.ts new file mode 100644 index 0000000..2b50f26 --- /dev/null +++ b/backend/src/config/typeorm.ts @@ -0,0 +1,215 @@ +import { DataSource } from 'typeorm'; +import { config } from './index.js'; +import { logger } from '../shared/utils/logger.js'; + +// Import Auth Core Entities +import { + Tenant, + Company, + User, + Role, + Permission, + Session, + PasswordReset, +} from '../modules/auth/entities/index.js'; + +// Import Auth Extension Entities +import { + Group, + ApiKey, + TrustedDevice, + VerificationCode, + MfaAuditLog, + OAuthProvider, + OAuthUserLink, + OAuthState, +} from '../modules/auth/entities/index.js'; + +// Import Core Module Entities +import { Partner } from '../modules/partners/entities/index.js'; +import { + Currency, + Country, + UomCategory, + Uom, + ProductCategory, + Sequence, +} from '../modules/core/entities/index.js'; + +// Import Financial Entities +import { + AccountType, + Account, + Journal, + JournalEntry, + JournalEntryLine, + Invoice, + InvoiceLine, + Payment, + Tax, + FiscalYear, + FiscalPeriod, +} from '../modules/financial/entities/index.js'; + +// Import Inventory Entities +import { + Product, + Warehouse, + Location, + StockQuant, + Lot, + Picking, + StockMove, + InventoryAdjustment, + InventoryAdjustmentLine, + StockValuationLayer, +} from '../modules/inventory/entities/index.js'; + +/** + * TypeORM DataSource configuration + * + * Configurado para coexistir con el pool pg existente. + * Permite migración gradual a entities sin romper el código actual. + */ +export const AppDataSource = new DataSource({ + type: 'postgres', + host: config.database.host, + port: config.database.port, + username: config.database.user, + password: config.database.password, + database: config.database.name, + + // Schema por defecto para entities de autenticación + schema: 'auth', + + // Entities registradas + entities: [ + // Auth Core Entities + Tenant, + Company, + User, + Role, + Permission, + Session, + PasswordReset, + // Auth Extension Entities + Group, + ApiKey, + TrustedDevice, + VerificationCode, + MfaAuditLog, + OAuthProvider, + OAuthUserLink, + OAuthState, + // Core Module Entities + Partner, + Currency, + Country, + UomCategory, + Uom, + ProductCategory, + Sequence, + // Financial Entities + AccountType, + Account, + Journal, + JournalEntry, + JournalEntryLine, + Invoice, + InvoiceLine, + Payment, + Tax, + FiscalYear, + FiscalPeriod, + // Inventory Entities + Product, + Warehouse, + Location, + StockQuant, + Lot, + Picking, + StockMove, + InventoryAdjustment, + InventoryAdjustmentLine, + StockValuationLayer, + ], + + // Directorios de migraciones (para uso futuro) + migrations: [ + // 'src/database/migrations/*.ts' + ], + + // Directorios de subscribers (para uso futuro) + subscribers: [ + // 'src/database/subscribers/*.ts' + ], + + // NO usar synchronize en producción - usamos DDL manual + synchronize: false, + + // Logging: habilitado en desarrollo, solo errores en producción + logging: config.env === 'development' ? ['query', 'error', 'warn'] : ['error'], + + // Log queries lentas (> 1000ms) + maxQueryExecutionTime: 1000, + + // Pool de conexiones (configuración conservadora para no interferir con pool pg) + extra: { + max: 10, // Menor que el pool pg (20) para no competir por conexiones + min: 2, + idleTimeoutMillis: 30000, + connectionTimeoutMillis: 2000, + }, + + // Cache de queries (opcional, se puede habilitar después) + cache: false, +}); + +/** + * Inicializa la conexión TypeORM + * @returns Promise - true si la conexión fue exitosa + */ +export async function initializeTypeORM(): Promise { + try { + if (!AppDataSource.isInitialized) { + await AppDataSource.initialize(); + logger.info('TypeORM DataSource initialized successfully', { + database: config.database.name, + schema: 'auth', + host: config.database.host, + }); + return true; + } + logger.warn('TypeORM DataSource already initialized'); + return true; + } catch (error) { + logger.error('Failed to initialize TypeORM DataSource', { + error: (error as Error).message, + stack: (error as Error).stack, + }); + return false; + } +} + +/** + * Cierra la conexión TypeORM + */ +export async function closeTypeORM(): Promise { + try { + if (AppDataSource.isInitialized) { + await AppDataSource.destroy(); + logger.info('TypeORM DataSource closed'); + } + } catch (error) { + logger.error('Error closing TypeORM DataSource', { + error: (error as Error).message, + }); + } +} + +/** + * Obtiene el estado de la conexión TypeORM + */ +export function isTypeORMConnected(): boolean { + return AppDataSource.isInitialized; +} diff --git a/backend/src/docs/openapi.yaml b/backend/src/docs/openapi.yaml new file mode 100644 index 0000000..2b616d2 --- /dev/null +++ b/backend/src/docs/openapi.yaml @@ -0,0 +1,138 @@ +openapi: 3.0.0 +info: + title: ERP Generic - Core API + description: | + API para el sistema ERP genérico multitenant. + + ## Características principales + - Autenticación JWT y gestión de sesiones + - Multi-tenant con aislamiento de datos + - Gestión financiera y contable + - Control de inventario y almacenes + - Compras y ventas + - CRM y gestión de partners + - Proyectos y recursos humanos + - Sistema de permisos granular (API Keys) + + ## Autenticación + Todos los endpoints requieren autenticación mediante Bearer Token (JWT). + Algunos endpoints administrativos pueden requerir API Key específica. + + version: 0.1.0 + contact: + name: ERP Generic Support + email: support@erpgeneric.com + license: + name: Proprietary + +servers: + - url: http://localhost:3003/api/v1 + description: Desarrollo local + - url: https://api.erpgeneric.com/api/v1 + description: Producción + +tags: + - name: Auth + description: Autenticación y autorización + - name: Users + description: Gestión de usuarios + - name: Companies + description: Gestión de empresas (tenants) + - name: Core + description: Configuración central y parámetros + - name: Partners + description: Gestión de partners (clientes, proveedores, contactos) + - name: Inventory + description: Control de inventario y productos + - name: Financial + description: Gestión financiera y contable + - name: Purchases + description: Compras y órdenes de compra + - name: Sales + description: Ventas, cotizaciones y pedidos + - name: Projects + description: Gestión de proyectos y tareas + - name: System + description: Configuración del sistema y logs + - name: CRM + description: CRM y gestión de oportunidades + - name: HR + description: Recursos humanos y empleados + - name: Reports + description: Reportes y analíticas + +components: + securitySchemes: + BearerAuth: + type: http + scheme: bearer + bearerFormat: JWT + description: Token JWT obtenido del endpoint de login + + ApiKeyAuth: + type: apiKey + in: header + name: X-API-Key + description: API Key para operaciones específicas + + schemas: + ApiResponse: + type: object + properties: + success: + type: boolean + data: + type: object + error: + type: string + + PaginatedResponse: + type: object + properties: + success: + type: boolean + example: true + data: + type: array + items: + type: object + pagination: + type: object + properties: + page: + type: integer + example: 1 + limit: + type: integer + example: 20 + total: + type: integer + example: 100 + totalPages: + type: integer + example: 5 + +security: + - BearerAuth: [] + +paths: + /health: + get: + tags: + - Health + summary: Health check del servidor + security: [] + responses: + '200': + description: Servidor funcionando correctamente + content: + application/json: + schema: + type: object + properties: + status: + type: string + example: ok + timestamp: + type: string + format: date-time diff --git a/backend/src/index.ts b/backend/src/index.ts new file mode 100644 index 0000000..9fed9f9 --- /dev/null +++ b/backend/src/index.ts @@ -0,0 +1,71 @@ +// Importar reflect-metadata al inicio (requerido por TypeORM) +import 'reflect-metadata'; + +import app from './app.js'; +import { config } from './config/index.js'; +import { testConnection, closePool } from './config/database.js'; +import { initializeTypeORM, closeTypeORM } from './config/typeorm.js'; +import { initializeRedis, closeRedis } from './config/redis.js'; +import { logger } from './shared/utils/logger.js'; + +async function bootstrap(): Promise { + logger.info('Starting ERP Generic Backend...', { + env: config.env, + port: config.port, + }); + + // Test database connection (pool pg existente) + const dbConnected = await testConnection(); + if (!dbConnected) { + logger.error('Failed to connect to database. Exiting...'); + process.exit(1); + } + + // Initialize TypeORM DataSource + const typeormConnected = await initializeTypeORM(); + if (!typeormConnected) { + logger.error('Failed to initialize TypeORM. Exiting...'); + process.exit(1); + } + + // Initialize Redis (opcional - no detiene la app si falla) + await initializeRedis(); + + // Start server + const server = app.listen(config.port, () => { + logger.info(`Server running on port ${config.port}`); + logger.info(`API available at http://localhost:${config.port}${config.apiPrefix}`); + logger.info(`Health check at http://localhost:${config.port}/health`); + }); + + // Graceful shutdown + const shutdown = async (signal: string) => { + logger.info(`Received ${signal}. Starting graceful shutdown...`); + + server.close(async () => { + logger.info('HTTP server closed'); + + // Cerrar conexiones en orden + await closeRedis(); + await closeTypeORM(); + await closePool(); + + logger.info('Shutdown complete'); + process.exit(0); + }); + + // Force shutdown after 10s + setTimeout(() => { + logger.error('Forced shutdown after timeout'); + process.exit(1); + }, 10000); + }; + + process.on('SIGTERM', () => shutdown('SIGTERM')); + process.on('SIGINT', () => shutdown('SIGINT')); +} + +bootstrap().catch((error) => { + logger.error('Failed to start server', { error: error.message }); + process.exit(1); +}); diff --git a/backend/src/modules/auth/apiKeys.controller.ts b/backend/src/modules/auth/apiKeys.controller.ts new file mode 100644 index 0000000..bb6cb71 --- /dev/null +++ b/backend/src/modules/auth/apiKeys.controller.ts @@ -0,0 +1,331 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { apiKeysService, CreateApiKeyDto, UpdateApiKeyDto, ApiKeyFilters } from './apiKeys.service.js'; +import { AuthenticatedRequest, ValidationError, ApiResponse } from '../../shared/types/index.js'; + +// ============================================================================ +// VALIDATION SCHEMAS +// ============================================================================ + +const createApiKeySchema = z.object({ + name: z.string().min(1, 'Nombre requerido').max(255), + scope: z.string().max(100).optional(), + allowed_ips: z.array(z.string().ip()).optional(), + expiration_days: z.number().int().positive().max(365).optional(), +}); + +const updateApiKeySchema = z.object({ + name: z.string().min(1).max(255).optional(), + scope: z.string().max(100).nullable().optional(), + allowed_ips: z.array(z.string().ip()).nullable().optional(), + expiration_date: z.string().datetime().nullable().optional(), + is_active: z.boolean().optional(), +}); + +const listApiKeysSchema = z.object({ + user_id: z.string().uuid().optional(), + is_active: z.enum(['true', 'false']).optional(), + scope: z.string().optional(), +}); + +// ============================================================================ +// CONTROLLER +// ============================================================================ + +class ApiKeysController { + /** + * Create a new API key + * POST /api/auth/api-keys + */ + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = createApiKeySchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const dto: CreateApiKeyDto = { + ...validation.data, + user_id: req.user!.userId, + tenant_id: req.user!.tenantId, + }; + + const result = await apiKeysService.create(dto); + + const response: ApiResponse = { + success: true, + data: result, + message: 'API key creada exitosamente. Guarde la clave, no podrá verla de nuevo.', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + /** + * List API keys for the current user + * GET /api/auth/api-keys + */ + async list(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = listApiKeysSchema.safeParse(req.query); + if (!validation.success) { + throw new ValidationError('Parámetros inválidos', validation.error.errors); + } + + const filters: ApiKeyFilters = { + tenant_id: req.user!.tenantId, + // By default, only show user's own keys unless admin + user_id: validation.data.user_id || req.user!.userId, + }; + + // Admins can view all keys in tenant + if (validation.data.user_id && req.user!.roles.includes('admin')) { + filters.user_id = validation.data.user_id; + } + + if (validation.data.is_active !== undefined) { + filters.is_active = validation.data.is_active === 'true'; + } + + if (validation.data.scope) { + filters.scope = validation.data.scope; + } + + const apiKeys = await apiKeysService.findAll(filters); + + const response: ApiResponse = { + success: true, + data: apiKeys, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Get a specific API key + * GET /api/auth/api-keys/:id + */ + async getById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + + const apiKey = await apiKeysService.findById(id, req.user!.tenantId); + + if (!apiKey) { + const response: ApiResponse = { + success: false, + error: 'API key no encontrada', + }; + res.status(404).json(response); + return; + } + + // Check ownership (unless admin) + if (apiKey.user_id !== req.user!.userId && !req.user!.roles.includes('admin')) { + const response: ApiResponse = { + success: false, + error: 'No tiene permisos para ver esta API key', + }; + res.status(403).json(response); + return; + } + + const response: ApiResponse = { + success: true, + data: apiKey, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Update an API key + * PATCH /api/auth/api-keys/:id + */ + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + + const validation = updateApiKeySchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + // Check ownership first + const existing = await apiKeysService.findById(id, req.user!.tenantId); + if (!existing) { + const response: ApiResponse = { + success: false, + error: 'API key no encontrada', + }; + res.status(404).json(response); + return; + } + + if (existing.user_id !== req.user!.userId && !req.user!.roles.includes('admin')) { + const response: ApiResponse = { + success: false, + error: 'No tiene permisos para modificar esta API key', + }; + res.status(403).json(response); + return; + } + + const dto: UpdateApiKeyDto = { + ...validation.data, + expiration_date: validation.data.expiration_date + ? new Date(validation.data.expiration_date) + : validation.data.expiration_date === null + ? null + : undefined, + }; + + const updated = await apiKeysService.update(id, req.user!.tenantId, dto); + + const response: ApiResponse = { + success: true, + data: updated, + message: 'API key actualizada', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Revoke an API key (soft delete) + * POST /api/auth/api-keys/:id/revoke + */ + async revoke(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + + // Check ownership first + const existing = await apiKeysService.findById(id, req.user!.tenantId); + if (!existing) { + const response: ApiResponse = { + success: false, + error: 'API key no encontrada', + }; + res.status(404).json(response); + return; + } + + if (existing.user_id !== req.user!.userId && !req.user!.roles.includes('admin')) { + const response: ApiResponse = { + success: false, + error: 'No tiene permisos para revocar esta API key', + }; + res.status(403).json(response); + return; + } + + await apiKeysService.revoke(id, req.user!.tenantId); + + const response: ApiResponse = { + success: true, + message: 'API key revocada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Delete an API key permanently + * DELETE /api/auth/api-keys/:id + */ + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + + // Check ownership first + const existing = await apiKeysService.findById(id, req.user!.tenantId); + if (!existing) { + const response: ApiResponse = { + success: false, + error: 'API key no encontrada', + }; + res.status(404).json(response); + return; + } + + if (existing.user_id !== req.user!.userId && !req.user!.roles.includes('admin')) { + const response: ApiResponse = { + success: false, + error: 'No tiene permisos para eliminar esta API key', + }; + res.status(403).json(response); + return; + } + + await apiKeysService.delete(id, req.user!.tenantId); + + const response: ApiResponse = { + success: true, + message: 'API key eliminada permanentemente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Regenerate an API key (invalidates old key, creates new) + * POST /api/auth/api-keys/:id/regenerate + */ + async regenerate(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + + // Check ownership first + const existing = await apiKeysService.findById(id, req.user!.tenantId); + if (!existing) { + const response: ApiResponse = { + success: false, + error: 'API key no encontrada', + }; + res.status(404).json(response); + return; + } + + if (existing.user_id !== req.user!.userId && !req.user!.roles.includes('admin')) { + const response: ApiResponse = { + success: false, + error: 'No tiene permisos para regenerar esta API key', + }; + res.status(403).json(response); + return; + } + + const result = await apiKeysService.regenerate(id, req.user!.tenantId); + + const response: ApiResponse = { + success: true, + data: result, + message: 'API key regenerada. Guarde la nueva clave, no podrá verla de nuevo.', + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const apiKeysController = new ApiKeysController(); diff --git a/backend/src/modules/auth/apiKeys.routes.ts b/backend/src/modules/auth/apiKeys.routes.ts new file mode 100644 index 0000000..b6ea65d --- /dev/null +++ b/backend/src/modules/auth/apiKeys.routes.ts @@ -0,0 +1,56 @@ +import { Router } from 'express'; +import { apiKeysController } from './apiKeys.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ============================================================================ +// API KEY MANAGEMENT ROUTES +// ============================================================================ + +/** + * Create a new API key + * POST /api/auth/api-keys + */ +router.post('/', (req, res, next) => apiKeysController.create(req, res, next)); + +/** + * List API keys (user's own, or all for admins) + * GET /api/auth/api-keys + */ +router.get('/', (req, res, next) => apiKeysController.list(req, res, next)); + +/** + * Get a specific API key + * GET /api/auth/api-keys/:id + */ +router.get('/:id', (req, res, next) => apiKeysController.getById(req, res, next)); + +/** + * Update an API key + * PATCH /api/auth/api-keys/:id + */ +router.patch('/:id', (req, res, next) => apiKeysController.update(req, res, next)); + +/** + * Revoke an API key (soft delete) + * POST /api/auth/api-keys/:id/revoke + */ +router.post('/:id/revoke', (req, res, next) => apiKeysController.revoke(req, res, next)); + +/** + * Delete an API key permanently + * DELETE /api/auth/api-keys/:id + */ +router.delete('/:id', (req, res, next) => apiKeysController.delete(req, res, next)); + +/** + * Regenerate an API key + * POST /api/auth/api-keys/:id/regenerate + */ +router.post('/:id/regenerate', (req, res, next) => apiKeysController.regenerate(req, res, next)); + +export default router; diff --git a/backend/src/modules/auth/apiKeys.service.ts b/backend/src/modules/auth/apiKeys.service.ts new file mode 100644 index 0000000..784640a --- /dev/null +++ b/backend/src/modules/auth/apiKeys.service.ts @@ -0,0 +1,491 @@ +import crypto from 'crypto'; +import { query, queryOne } from '../../config/database.js'; +import { ValidationError, NotFoundError, UnauthorizedError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export interface ApiKey { + id: string; + user_id: string; + tenant_id: string; + name: string; + key_index: string; + key_hash: string; + scope: string | null; + allowed_ips: string[] | null; + expiration_date: Date | null; + last_used_at: Date | null; + is_active: boolean; + created_at: Date; + updated_at: Date; +} + +export interface CreateApiKeyDto { + user_id: string; + tenant_id: string; + name: string; + scope?: string; + allowed_ips?: string[]; + expiration_days?: number; +} + +export interface UpdateApiKeyDto { + name?: string; + scope?: string; + allowed_ips?: string[]; + expiration_date?: Date | null; + is_active?: boolean; +} + +export interface ApiKeyWithPlainKey { + apiKey: Omit; + plainKey: string; +} + +export interface ApiKeyValidationResult { + valid: boolean; + apiKey?: ApiKey; + user?: { + id: string; + tenant_id: string; + email: string; + roles: string[]; + }; + error?: string; +} + +export interface ApiKeyFilters { + user_id?: string; + tenant_id?: string; + is_active?: boolean; + scope?: string; +} + +// ============================================================================ +// CONSTANTS +// ============================================================================ + +const API_KEY_PREFIX = 'mgn_'; +const KEY_LENGTH = 32; // 32 bytes = 256 bits +const HASH_ITERATIONS = 100000; +const HASH_KEYLEN = 64; +const HASH_DIGEST = 'sha512'; + +// ============================================================================ +// SERVICE +// ============================================================================ + +class ApiKeysService { + /** + * Generate a cryptographically secure API key + */ + private generatePlainKey(): string { + const randomBytes = crypto.randomBytes(KEY_LENGTH); + const key = randomBytes.toString('base64url'); + return `${API_KEY_PREFIX}${key}`; + } + + /** + * Extract the key index (first 16 chars after prefix) for lookup + */ + private getKeyIndex(plainKey: string): string { + const keyWithoutPrefix = plainKey.replace(API_KEY_PREFIX, ''); + return keyWithoutPrefix.substring(0, 16); + } + + /** + * Hash the API key using PBKDF2 + */ + private async hashKey(plainKey: string): Promise { + const salt = crypto.randomBytes(16).toString('hex'); + + return new Promise((resolve, reject) => { + crypto.pbkdf2( + plainKey, + salt, + HASH_ITERATIONS, + HASH_KEYLEN, + HASH_DIGEST, + (err, derivedKey) => { + if (err) reject(err); + resolve(`${salt}:${derivedKey.toString('hex')}`); + } + ); + }); + } + + /** + * Verify a plain key against a stored hash + */ + private async verifyKey(plainKey: string, storedHash: string): Promise { + const [salt, hash] = storedHash.split(':'); + + return new Promise((resolve, reject) => { + crypto.pbkdf2( + plainKey, + salt, + HASH_ITERATIONS, + HASH_KEYLEN, + HASH_DIGEST, + (err, derivedKey) => { + if (err) reject(err); + resolve(derivedKey.toString('hex') === hash); + } + ); + }); + } + + /** + * Create a new API key + * Returns the plain key only once - it cannot be retrieved later + */ + async create(dto: CreateApiKeyDto): Promise { + // Validate user exists + const user = await queryOne<{ id: string }>( + 'SELECT id FROM auth.users WHERE id = $1 AND tenant_id = $2', + [dto.user_id, dto.tenant_id] + ); + + if (!user) { + throw new ValidationError('Usuario no encontrado'); + } + + // Check for duplicate name + const existing = await queryOne<{ id: string }>( + 'SELECT id FROM auth.api_keys WHERE user_id = $1 AND name = $2', + [dto.user_id, dto.name] + ); + + if (existing) { + throw new ValidationError('Ya existe una API key con ese nombre'); + } + + // Generate key + const plainKey = this.generatePlainKey(); + const keyIndex = this.getKeyIndex(plainKey); + const keyHash = await this.hashKey(plainKey); + + // Calculate expiration date + let expirationDate: Date | null = null; + if (dto.expiration_days) { + expirationDate = new Date(); + expirationDate.setDate(expirationDate.getDate() + dto.expiration_days); + } + + // Insert API key + const apiKey = await queryOne( + `INSERT INTO auth.api_keys ( + user_id, tenant_id, name, key_index, key_hash, + scope, allowed_ips, expiration_date, is_active + ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, true) + RETURNING id, user_id, tenant_id, name, key_index, scope, + allowed_ips, expiration_date, is_active, created_at, updated_at`, + [ + dto.user_id, + dto.tenant_id, + dto.name, + keyIndex, + keyHash, + dto.scope || null, + dto.allowed_ips || null, + expirationDate, + ] + ); + + if (!apiKey) { + throw new Error('Error al crear API key'); + } + + logger.info('API key created', { + apiKeyId: apiKey.id, + userId: dto.user_id, + name: dto.name + }); + + return { + apiKey, + plainKey, // Only returned once! + }; + } + + /** + * Find all API keys for a user/tenant + */ + async findAll(filters: ApiKeyFilters): Promise[]> { + const conditions: string[] = []; + const params: any[] = []; + let paramIndex = 1; + + if (filters.user_id) { + conditions.push(`user_id = $${paramIndex++}`); + params.push(filters.user_id); + } + + if (filters.tenant_id) { + conditions.push(`tenant_id = $${paramIndex++}`); + params.push(filters.tenant_id); + } + + if (filters.is_active !== undefined) { + conditions.push(`is_active = $${paramIndex++}`); + params.push(filters.is_active); + } + + if (filters.scope) { + conditions.push(`scope = $${paramIndex++}`); + params.push(filters.scope); + } + + const whereClause = conditions.length > 0 + ? `WHERE ${conditions.join(' AND ')}` + : ''; + + const apiKeys = await query( + `SELECT id, user_id, tenant_id, name, key_index, scope, + allowed_ips, expiration_date, last_used_at, is_active, + created_at, updated_at + FROM auth.api_keys + ${whereClause} + ORDER BY created_at DESC`, + params + ); + + return apiKeys; + } + + /** + * Find a specific API key by ID + */ + async findById(id: string, tenantId: string): Promise | null> { + const apiKey = await queryOne( + `SELECT id, user_id, tenant_id, name, key_index, scope, + allowed_ips, expiration_date, last_used_at, is_active, + created_at, updated_at + FROM auth.api_keys + WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + return apiKey; + } + + /** + * Update an API key + */ + async update(id: string, tenantId: string, dto: UpdateApiKeyDto): Promise> { + const existing = await this.findById(id, tenantId); + if (!existing) { + throw new NotFoundError('API key no encontrada'); + } + + const updates: string[] = ['updated_at = NOW()']; + const params: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updates.push(`name = $${paramIndex++}`); + params.push(dto.name); + } + + if (dto.scope !== undefined) { + updates.push(`scope = $${paramIndex++}`); + params.push(dto.scope); + } + + if (dto.allowed_ips !== undefined) { + updates.push(`allowed_ips = $${paramIndex++}`); + params.push(dto.allowed_ips); + } + + if (dto.expiration_date !== undefined) { + updates.push(`expiration_date = $${paramIndex++}`); + params.push(dto.expiration_date); + } + + if (dto.is_active !== undefined) { + updates.push(`is_active = $${paramIndex++}`); + params.push(dto.is_active); + } + + params.push(id); + params.push(tenantId); + + const updated = await queryOne( + `UPDATE auth.api_keys + SET ${updates.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} + RETURNING id, user_id, tenant_id, name, key_index, scope, + allowed_ips, expiration_date, last_used_at, is_active, + created_at, updated_at`, + params + ); + + if (!updated) { + throw new Error('Error al actualizar API key'); + } + + logger.info('API key updated', { apiKeyId: id }); + + return updated; + } + + /** + * Revoke (soft delete) an API key + */ + async revoke(id: string, tenantId: string): Promise { + const result = await query( + `UPDATE auth.api_keys + SET is_active = false, updated_at = NOW() + WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!result) { + throw new NotFoundError('API key no encontrada'); + } + + logger.info('API key revoked', { apiKeyId: id }); + } + + /** + * Delete an API key permanently + */ + async delete(id: string, tenantId: string): Promise { + const result = await query( + 'DELETE FROM auth.api_keys WHERE id = $1 AND tenant_id = $2', + [id, tenantId] + ); + + logger.info('API key deleted', { apiKeyId: id }); + } + + /** + * Validate an API key and return the associated user info + * This is the main method used by the authentication middleware + */ + async validate(plainKey: string, clientIp?: string): Promise { + // Check prefix + if (!plainKey.startsWith(API_KEY_PREFIX)) { + return { valid: false, error: 'Formato de API key inválido' }; + } + + // Extract key index for lookup + const keyIndex = this.getKeyIndex(plainKey); + + // Find API key by index + const apiKey = await queryOne( + `SELECT * FROM auth.api_keys + WHERE key_index = $1 AND is_active = true`, + [keyIndex] + ); + + if (!apiKey) { + return { valid: false, error: 'API key no encontrada o inactiva' }; + } + + // Verify hash + const isValid = await this.verifyKey(plainKey, apiKey.key_hash); + if (!isValid) { + return { valid: false, error: 'API key inválida' }; + } + + // Check expiration + if (apiKey.expiration_date && new Date(apiKey.expiration_date) < new Date()) { + return { valid: false, error: 'API key expirada' }; + } + + // Check IP whitelist + if (apiKey.allowed_ips && apiKey.allowed_ips.length > 0 && clientIp) { + if (!apiKey.allowed_ips.includes(clientIp)) { + logger.warn('API key IP not allowed', { + apiKeyId: apiKey.id, + clientIp, + allowedIps: apiKey.allowed_ips + }); + return { valid: false, error: 'IP no autorizada' }; + } + } + + // Get user info with roles + const user = await queryOne<{ + id: string; + tenant_id: string; + email: string; + role_codes: string[]; + }>( + `SELECT u.id, u.tenant_id, u.email, array_agg(r.code) as role_codes + FROM auth.users u + LEFT JOIN auth.user_roles ur ON u.id = ur.user_id + LEFT JOIN auth.roles r ON ur.role_id = r.id + WHERE u.id = $1 AND u.status = 'active' + GROUP BY u.id`, + [apiKey.user_id] + ); + + if (!user) { + return { valid: false, error: 'Usuario asociado no encontrado o inactivo' }; + } + + // Update last used timestamp (async, don't wait) + query( + 'UPDATE auth.api_keys SET last_used_at = NOW() WHERE id = $1', + [apiKey.id] + ).catch(err => logger.error('Error updating last_used_at', { error: err })); + + return { + valid: true, + apiKey, + user: { + id: user.id, + tenant_id: user.tenant_id, + email: user.email, + roles: user.role_codes?.filter(Boolean) || [], + }, + }; + } + + /** + * Regenerate an API key (creates new key, invalidates old) + */ + async regenerate(id: string, tenantId: string): Promise { + const existing = await queryOne( + 'SELECT * FROM auth.api_keys WHERE id = $1 AND tenant_id = $2', + [id, tenantId] + ); + + if (!existing) { + throw new NotFoundError('API key no encontrada'); + } + + // Generate new key + const plainKey = this.generatePlainKey(); + const keyIndex = this.getKeyIndex(plainKey); + const keyHash = await this.hashKey(plainKey); + + // Update with new key + const updated = await queryOne( + `UPDATE auth.api_keys + SET key_index = $1, key_hash = $2, updated_at = NOW() + WHERE id = $3 AND tenant_id = $4 + RETURNING id, user_id, tenant_id, name, key_index, scope, + allowed_ips, expiration_date, is_active, created_at, updated_at`, + [keyIndex, keyHash, id, tenantId] + ); + + if (!updated) { + throw new Error('Error al regenerar API key'); + } + + logger.info('API key regenerated', { apiKeyId: id }); + + return { + apiKey: updated, + plainKey, + }; + } +} + +export const apiKeysService = new ApiKeysService(); diff --git a/backend/src/modules/auth/auth.controller.ts b/backend/src/modules/auth/auth.controller.ts new file mode 100644 index 0000000..5e6c5e0 --- /dev/null +++ b/backend/src/modules/auth/auth.controller.ts @@ -0,0 +1,192 @@ +import { Request, Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { authService } from './auth.service.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError } from '../../shared/types/index.js'; + +// Validation schemas +const loginSchema = z.object({ + email: z.string().email('Email inválido'), + password: z.string().min(6, 'La contraseña debe tener al menos 6 caracteres'), +}); + +const registerSchema = z.object({ + email: z.string().email('Email inválido'), + password: z.string().min(8, 'La contraseña debe tener al menos 8 caracteres'), + // Soporta ambos formatos: full_name (legacy) o firstName+lastName (frontend) + full_name: z.string().min(2, 'El nombre debe tener al menos 2 caracteres').optional(), + firstName: z.string().min(2, 'Nombre debe tener al menos 2 caracteres').optional(), + lastName: z.string().min(2, 'Apellido debe tener al menos 2 caracteres').optional(), + tenant_id: z.string().uuid('Tenant ID inválido').optional(), + companyName: z.string().optional(), +}).refine( + (data) => data.full_name || (data.firstName && data.lastName), + { message: 'Se requiere full_name o firstName y lastName', path: ['full_name'] } +); + +const changePasswordSchema = z.object({ + current_password: z.string().min(1, 'Contraseña actual requerida'), + new_password: z.string().min(8, 'La nueva contraseña debe tener al menos 8 caracteres'), +}); + +const refreshTokenSchema = z.object({ + refresh_token: z.string().min(1, 'Refresh token requerido'), +}); + +export class AuthController { + async login(req: Request, res: Response, next: NextFunction): Promise { + try { + const validation = loginSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + // Extract request metadata for session tracking + const metadata = { + ipAddress: req.ip || req.socket.remoteAddress || 'unknown', + userAgent: req.get('User-Agent') || 'unknown', + }; + + const result = await authService.login({ + ...validation.data, + metadata, + }); + + const response: ApiResponse = { + success: true, + data: result, + message: 'Inicio de sesión exitoso', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async register(req: Request, res: Response, next: NextFunction): Promise { + try { + const validation = registerSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const result = await authService.register(validation.data); + + const response: ApiResponse = { + success: true, + data: result, + message: 'Usuario registrado exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + async refreshToken(req: Request, res: Response, next: NextFunction): Promise { + try { + const validation = refreshTokenSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + // Extract request metadata for session tracking + const metadata = { + ipAddress: req.ip || req.socket.remoteAddress || 'unknown', + userAgent: req.get('User-Agent') || 'unknown', + }; + + const tokens = await authService.refreshToken(validation.data.refresh_token, metadata); + + const response: ApiResponse = { + success: true, + data: { tokens }, + message: 'Token renovado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async changePassword(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = changePasswordSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const userId = req.user!.userId; + await authService.changePassword( + userId, + validation.data.current_password, + validation.data.new_password + ); + + const response: ApiResponse = { + success: true, + message: 'Contraseña actualizada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async getProfile(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const userId = req.user!.userId; + const profile = await authService.getProfile(userId); + + const response: ApiResponse = { + success: true, + data: profile, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async logout(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + // sessionId can come from body (sent by client after login) + const sessionId = req.body?.sessionId; + if (sessionId) { + await authService.logout(sessionId); + } + + const response: ApiResponse = { + success: true, + message: 'Sesión cerrada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async logoutAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const userId = req.user!.userId; + const sessionsRevoked = await authService.logoutAll(userId); + + const response: ApiResponse = { + success: true, + data: { sessionsRevoked }, + message: 'Todas las sesiones han sido cerradas', + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const authController = new AuthController(); diff --git a/backend/src/modules/auth/auth.routes.ts b/backend/src/modules/auth/auth.routes.ts new file mode 100644 index 0000000..6194e6b --- /dev/null +++ b/backend/src/modules/auth/auth.routes.ts @@ -0,0 +1,18 @@ +import { Router } from 'express'; +import { authController } from './auth.controller.js'; +import { authenticate } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// Public routes +router.post('/login', (req, res, next) => authController.login(req, res, next)); +router.post('/register', (req, res, next) => authController.register(req, res, next)); +router.post('/refresh', (req, res, next) => authController.refreshToken(req, res, next)); + +// Protected routes +router.get('/profile', authenticate, (req, res, next) => authController.getProfile(req, res, next)); +router.post('/change-password', authenticate, (req, res, next) => authController.changePassword(req, res, next)); +router.post('/logout', authenticate, (req, res, next) => authController.logout(req, res, next)); +router.post('/logout-all', authenticate, (req, res, next) => authController.logoutAll(req, res, next)); + +export default router; diff --git a/backend/src/modules/auth/auth.service.ts b/backend/src/modules/auth/auth.service.ts new file mode 100644 index 0000000..43efe10 --- /dev/null +++ b/backend/src/modules/auth/auth.service.ts @@ -0,0 +1,234 @@ +import bcrypt from 'bcryptjs'; +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { User, UserStatus, Role } from './entities/index.js'; +import { tokenService, TokenPair, RequestMetadata } from './services/token.service.js'; +import { UnauthorizedError, ValidationError, NotFoundError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +export interface LoginDto { + email: string; + password: string; + metadata?: RequestMetadata; // IP and user agent for session tracking +} + +export interface RegisterDto { + email: string; + password: string; + // Soporta ambos formatos para compatibilidad frontend/backend + full_name?: string; + firstName?: string; + lastName?: string; + tenant_id?: string; + companyName?: string; +} + +/** + * Transforma full_name a firstName/lastName para respuesta al frontend + */ +export function splitFullName(fullName: string): { firstName: string; lastName: string } { + const parts = fullName.trim().split(/\s+/); + if (parts.length === 1) { + return { firstName: parts[0], lastName: '' }; + } + const firstName = parts[0]; + const lastName = parts.slice(1).join(' '); + return { firstName, lastName }; +} + +/** + * Transforma firstName/lastName a full_name para almacenar en BD + */ +export function buildFullName(firstName?: string, lastName?: string, fullName?: string): string { + if (fullName) return fullName.trim(); + return `${firstName || ''} ${lastName || ''}`.trim(); +} + +export interface LoginResponse { + user: Omit & { firstName: string; lastName: string }; + tokens: TokenPair; +} + +class AuthService { + private userRepository: Repository; + + constructor() { + this.userRepository = AppDataSource.getRepository(User); + } + + async login(dto: LoginDto): Promise { + // Find user by email using TypeORM + const user = await this.userRepository.findOne({ + where: { email: dto.email.toLowerCase(), status: UserStatus.ACTIVE }, + relations: ['roles'], + }); + + if (!user) { + throw new UnauthorizedError('Credenciales inválidas'); + } + + // Verify password + const isValidPassword = await bcrypt.compare(dto.password, user.passwordHash || ''); + if (!isValidPassword) { + throw new UnauthorizedError('Credenciales inválidas'); + } + + // Update last login + user.lastLoginAt = new Date(); + user.loginCount += 1; + if (dto.metadata?.ipAddress) { + user.lastLoginIp = dto.metadata.ipAddress; + } + await this.userRepository.save(user); + + // Generate token pair using TokenService + const metadata: RequestMetadata = dto.metadata || { + ipAddress: 'unknown', + userAgent: 'unknown', + }; + const tokens = await tokenService.generateTokenPair(user, metadata); + + // Transform fullName to firstName/lastName for frontend response + const { firstName, lastName } = splitFullName(user.fullName); + + // Remove passwordHash from response and add firstName/lastName + const { passwordHash, ...userWithoutPassword } = user; + const userResponse = { + ...userWithoutPassword, + firstName, + lastName, + }; + + logger.info('User logged in', { userId: user.id, email: user.email }); + + return { + user: userResponse as any, + tokens, + }; + } + + async register(dto: RegisterDto): Promise { + // Check if email already exists using TypeORM + const existingUser = await this.userRepository.findOne({ + where: { email: dto.email.toLowerCase() }, + }); + + if (existingUser) { + throw new ValidationError('El email ya está registrado'); + } + + // Transform firstName/lastName to fullName for database storage + const fullName = buildFullName(dto.firstName, dto.lastName, dto.full_name); + + // Hash password + const passwordHash = await bcrypt.hash(dto.password, 10); + + // Generate tenantId if not provided (new company registration) + const tenantId = dto.tenant_id || crypto.randomUUID(); + + // Create user using TypeORM + const newUser = this.userRepository.create({ + email: dto.email.toLowerCase(), + passwordHash, + fullName, + tenantId, + status: UserStatus.ACTIVE, + }); + + await this.userRepository.save(newUser); + + // Load roles relation for token generation + const userWithRoles = await this.userRepository.findOne({ + where: { id: newUser.id }, + relations: ['roles'], + }); + + if (!userWithRoles) { + throw new Error('Error al crear usuario'); + } + + // Generate token pair using TokenService + const metadata: RequestMetadata = { + ipAddress: 'unknown', + userAgent: 'unknown', + }; + const tokens = await tokenService.generateTokenPair(userWithRoles, metadata); + + // Transform fullName to firstName/lastName for frontend response + const { firstName, lastName } = splitFullName(userWithRoles.fullName); + + // Remove passwordHash from response and add firstName/lastName + const { passwordHash: _, ...userWithoutPassword } = userWithRoles; + const userResponse = { + ...userWithoutPassword, + firstName, + lastName, + }; + + logger.info('User registered', { userId: userWithRoles.id, email: userWithRoles.email }); + + return { + user: userResponse as any, + tokens, + }; + } + + async refreshToken(refreshToken: string, metadata: RequestMetadata): Promise { + // Delegate completely to TokenService + return tokenService.refreshTokens(refreshToken, metadata); + } + + async logout(sessionId: string): Promise { + await tokenService.revokeSession(sessionId, 'user_logout'); + } + + async logoutAll(userId: string): Promise { + return tokenService.revokeAllUserSessions(userId, 'logout_all'); + } + + async changePassword(userId: string, currentPassword: string, newPassword: string): Promise { + // Find user using TypeORM + const user = await this.userRepository.findOne({ + where: { id: userId }, + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Verify current password + const isValidPassword = await bcrypt.compare(currentPassword, user.passwordHash || ''); + if (!isValidPassword) { + throw new UnauthorizedError('Contraseña actual incorrecta'); + } + + // Hash new password and update user + const newPasswordHash = await bcrypt.hash(newPassword, 10); + user.passwordHash = newPasswordHash; + user.updatedAt = new Date(); + await this.userRepository.save(user); + + // Revoke all sessions after password change for security + const revokedCount = await tokenService.revokeAllUserSessions(userId, 'password_changed'); + + logger.info('Password changed and all sessions revoked', { userId, revokedCount }); + } + + async getProfile(userId: string): Promise> { + // Find user using TypeORM with relations + const user = await this.userRepository.findOne({ + where: { id: userId }, + relations: ['roles', 'companies'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Remove passwordHash from response + const { passwordHash, ...userWithoutPassword } = user; + return userWithoutPassword; + } +} + +export const authService = new AuthService(); diff --git a/backend/src/modules/auth/entities/api-key.entity.ts b/backend/src/modules/auth/entities/api-key.entity.ts new file mode 100644 index 0000000..418fe2a --- /dev/null +++ b/backend/src/modules/auth/entities/api-key.entity.ts @@ -0,0 +1,87 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; +import { Tenant } from './tenant.entity.js'; + +@Entity({ schema: 'auth', name: 'api_keys' }) +@Index('idx_api_keys_lookup', ['keyIndex', 'isActive'], { + where: 'is_active = TRUE', +}) +@Index('idx_api_keys_expiration', ['expirationDate'], { + where: 'expiration_date IS NOT NULL', +}) +@Index('idx_api_keys_user', ['userId']) +@Index('idx_api_keys_tenant', ['tenantId']) +export class ApiKey { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + // Descripción + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + // Seguridad + @Column({ type: 'varchar', length: 16, nullable: false, name: 'key_index' }) + keyIndex: string; + + @Column({ type: 'varchar', length: 255, nullable: false, name: 'key_hash' }) + keyHash: string; + + // Scope y restricciones + @Column({ type: 'varchar', length: 100, nullable: true }) + scope: string | null; + + @Column({ type: 'inet', array: true, nullable: true, name: 'allowed_ips' }) + allowedIps: string[] | null; + + // Expiración + @Column({ + type: 'timestamptz', + nullable: true, + name: 'expiration_date', + }) + expirationDate: Date | null; + + @Column({ type: 'timestamptz', nullable: true, name: 'last_used_at' }) + lastUsedAt: Date | null; + + // Estado + @Column({ type: 'boolean', default: true, nullable: false, name: 'is_active' }) + isActive: boolean; + + // Relaciones + @ManyToOne(() => User, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'user_id' }) + user: User; + + @ManyToOne(() => Tenant, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'revoked_by' }) + revokedByUser: User | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ type: 'timestamptz', nullable: true, name: 'revoked_at' }) + revokedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'revoked_by' }) + revokedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/company.entity.ts b/backend/src/modules/auth/entities/company.entity.ts new file mode 100644 index 0000000..b5bdd70 --- /dev/null +++ b/backend/src/modules/auth/entities/company.entity.ts @@ -0,0 +1,93 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + ManyToMany, +} from 'typeorm'; +import { Tenant } from './tenant.entity.js'; +import { User } from './user.entity.js'; + +@Entity({ schema: 'auth', name: 'companies' }) +@Index('idx_companies_tenant_id', ['tenantId']) +@Index('idx_companies_parent_company_id', ['parentCompanyId']) +@Index('idx_companies_active', ['tenantId'], { where: 'deleted_at IS NULL' }) +@Index('idx_companies_tax_id', ['taxId']) +export class Company { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 255, nullable: true, name: 'legal_name' }) + legalName: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true, name: 'tax_id' }) + taxId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'currency_id' }) + currencyId: string | null; + + @Column({ + type: 'uuid', + nullable: true, + name: 'parent_company_id', + }) + parentCompanyId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'partner_id' }) + partnerId: string | null; + + @Column({ type: 'jsonb', default: {} }) + settings: Record; + + // Relaciones + @ManyToOne(() => Tenant, (tenant) => tenant.companies, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => Company, (company) => company.childCompanies, { + nullable: true, + }) + @JoinColumn({ name: 'parent_company_id' }) + parentCompany: Company | null; + + @ManyToMany(() => Company) + childCompanies: Company[]; + + @ManyToMany(() => User, (user) => user.companies) + users: User[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/group.entity.ts b/backend/src/modules/auth/entities/group.entity.ts new file mode 100644 index 0000000..c616efd --- /dev/null +++ b/backend/src/modules/auth/entities/group.entity.ts @@ -0,0 +1,89 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Tenant } from './tenant.entity.js'; +import { User } from './user.entity.js'; + +@Entity({ schema: 'auth', name: 'groups' }) +@Index('idx_groups_tenant_id', ['tenantId']) +@Index('idx_groups_code', ['code']) +@Index('idx_groups_category', ['category']) +@Index('idx_groups_is_system', ['isSystem']) +export class Group { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + code: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + // Configuración + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_system' }) + isSystem: boolean; + + @Column({ type: 'varchar', length: 100, nullable: true }) + category: string | null; + + @Column({ type: 'varchar', length: 20, nullable: true }) + color: string | null; + + // API Keys + @Column({ + type: 'integer', + default: 30, + nullable: true, + name: 'api_key_max_duration_days', + }) + apiKeyMaxDurationDays: number | null; + + // Relaciones + @ManyToOne(() => Tenant, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'created_by' }) + createdByUser: User | null; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'updated_by' }) + updatedByUser: User | null; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'deleted_by' }) + deletedByUser: User | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ name: 'updated_at', type: 'timestamp', nullable: true }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/index.ts b/backend/src/modules/auth/entities/index.ts new file mode 100644 index 0000000..1987270 --- /dev/null +++ b/backend/src/modules/auth/entities/index.ts @@ -0,0 +1,15 @@ +export { Tenant, TenantStatus } from './tenant.entity.js'; +export { Company } from './company.entity.js'; +export { User, UserStatus } from './user.entity.js'; +export { Role } from './role.entity.js'; +export { Permission, PermissionAction } from './permission.entity.js'; +export { Session, SessionStatus } from './session.entity.js'; +export { PasswordReset } from './password-reset.entity.js'; +export { Group } from './group.entity.js'; +export { ApiKey } from './api-key.entity.js'; +export { TrustedDevice, TrustLevel } from './trusted-device.entity.js'; +export { VerificationCode, CodeType } from './verification-code.entity.js'; +export { MfaAuditLog, MfaEventType } from './mfa-audit-log.entity.js'; +export { OAuthProvider } from './oauth-provider.entity.js'; +export { OAuthUserLink } from './oauth-user-link.entity.js'; +export { OAuthState } from './oauth-state.entity.js'; diff --git a/backend/src/modules/auth/entities/mfa-audit-log.entity.ts b/backend/src/modules/auth/entities/mfa-audit-log.entity.ts new file mode 100644 index 0000000..c9b6367 --- /dev/null +++ b/backend/src/modules/auth/entities/mfa-audit-log.entity.ts @@ -0,0 +1,87 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; + +export enum MfaEventType { + MFA_SETUP_INITIATED = 'mfa_setup_initiated', + MFA_SETUP_COMPLETED = 'mfa_setup_completed', + MFA_DISABLED = 'mfa_disabled', + TOTP_VERIFIED = 'totp_verified', + TOTP_FAILED = 'totp_failed', + BACKUP_CODE_USED = 'backup_code_used', + BACKUP_CODES_REGENERATED = 'backup_codes_regenerated', + DEVICE_TRUSTED = 'device_trusted', + DEVICE_REVOKED = 'device_revoked', + ANOMALY_DETECTED = 'anomaly_detected', + ACCOUNT_LOCKED = 'account_locked', + ACCOUNT_UNLOCKED = 'account_unlocked', +} + +@Entity({ schema: 'auth', name: 'mfa_audit_log' }) +@Index('idx_mfa_audit_user', ['userId', 'createdAt']) +@Index('idx_mfa_audit_event', ['eventType', 'createdAt']) +@Index('idx_mfa_audit_failures', ['userId', 'createdAt'], { + where: 'success = FALSE', +}) +export class MfaAuditLog { + @PrimaryGeneratedColumn('uuid') + id: string; + + // Usuario + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + // Evento + @Column({ + type: 'enum', + enum: MfaEventType, + nullable: false, + name: 'event_type', + }) + eventType: MfaEventType; + + // Resultado + @Column({ type: 'boolean', nullable: false }) + success: boolean; + + @Column({ type: 'varchar', length: 128, nullable: true, name: 'failure_reason' }) + failureReason: string | null; + + // Contexto + @Column({ type: 'inet', nullable: true, name: 'ip_address' }) + ipAddress: string | null; + + @Column({ type: 'text', nullable: true, name: 'user_agent' }) + userAgent: string | null; + + @Column({ + type: 'varchar', + length: 128, + nullable: true, + name: 'device_fingerprint', + }) + deviceFingerprint: string | null; + + @Column({ type: 'jsonb', nullable: true }) + location: Record | null; + + // Metadata adicional + @Column({ type: 'jsonb', default: {}, nullable: true }) + metadata: Record; + + // Relaciones + @ManyToOne(() => User) + @JoinColumn({ name: 'user_id' }) + user: User; + + // Timestamp + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; +} diff --git a/backend/src/modules/auth/entities/oauth-provider.entity.ts b/backend/src/modules/auth/entities/oauth-provider.entity.ts new file mode 100644 index 0000000..d019d86 --- /dev/null +++ b/backend/src/modules/auth/entities/oauth-provider.entity.ts @@ -0,0 +1,191 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Tenant } from './tenant.entity.js'; +import { User } from './user.entity.js'; +import { Role } from './role.entity.js'; + +@Entity({ schema: 'auth', name: 'oauth_providers' }) +@Index('idx_oauth_providers_enabled', ['isEnabled']) +@Index('idx_oauth_providers_tenant', ['tenantId']) +@Index('idx_oauth_providers_code', ['code']) +export class OAuthProvider { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: true, name: 'tenant_id' }) + tenantId: string | null; + + @Column({ type: 'varchar', length: 50, nullable: false, unique: true }) + code: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + // Configuración OAuth2 + @Column({ type: 'varchar', length: 255, nullable: false, name: 'client_id' }) + clientId: string; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'client_secret' }) + clientSecret: string | null; + + // Endpoints OAuth2 + @Column({ + type: 'varchar', + length: 500, + nullable: false, + name: 'authorization_endpoint', + }) + authorizationEndpoint: string; + + @Column({ + type: 'varchar', + length: 500, + nullable: false, + name: 'token_endpoint', + }) + tokenEndpoint: string; + + @Column({ + type: 'varchar', + length: 500, + nullable: false, + name: 'userinfo_endpoint', + }) + userinfoEndpoint: string; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'jwks_uri' }) + jwksUri: string | null; + + // Scopes y parámetros + @Column({ + type: 'varchar', + length: 500, + default: 'openid profile email', + nullable: false, + }) + scope: string; + + @Column({ + type: 'varchar', + length: 50, + default: 'code', + nullable: false, + name: 'response_type', + }) + responseType: string; + + // PKCE Configuration + @Column({ + type: 'boolean', + default: true, + nullable: false, + name: 'pkce_enabled', + }) + pkceEnabled: boolean; + + @Column({ + type: 'varchar', + length: 10, + default: 'S256', + nullable: true, + name: 'code_challenge_method', + }) + codeChallengeMethod: string | null; + + // Mapeo de claims + @Column({ + type: 'jsonb', + nullable: false, + name: 'claim_mapping', + default: { + sub: 'oauth_uid', + email: 'email', + name: 'name', + picture: 'avatar_url', + }, + }) + claimMapping: Record; + + // UI + @Column({ type: 'varchar', length: 100, nullable: true, name: 'icon_class' }) + iconClass: string | null; + + @Column({ type: 'varchar', length: 100, nullable: true, name: 'button_text' }) + buttonText: string | null; + + @Column({ type: 'varchar', length: 20, nullable: true, name: 'button_color' }) + buttonColor: string | null; + + @Column({ + type: 'integer', + default: 10, + nullable: false, + name: 'display_order', + }) + displayOrder: number; + + // Estado + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_enabled' }) + isEnabled: boolean; + + @Column({ type: 'boolean', default: true, nullable: false, name: 'is_visible' }) + isVisible: boolean; + + // Restricciones + @Column({ + type: 'text', + array: true, + nullable: true, + name: 'allowed_domains', + }) + allowedDomains: string[] | null; + + @Column({ + type: 'boolean', + default: false, + nullable: false, + name: 'auto_create_users', + }) + autoCreateUsers: boolean; + + @Column({ type: 'uuid', nullable: true, name: 'default_role_id' }) + defaultRoleId: string | null; + + // Relaciones + @ManyToOne(() => Tenant, { onDelete: 'CASCADE', nullable: true }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant | null; + + @ManyToOne(() => Role, { nullable: true }) + @JoinColumn({ name: 'default_role_id' }) + defaultRole: Role | null; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'created_by' }) + createdByUser: User | null; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'updated_by' }) + updatedByUser: User | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ name: 'updated_at', type: 'timestamptz' }) + updatedAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/oauth-state.entity.ts b/backend/src/modules/auth/entities/oauth-state.entity.ts new file mode 100644 index 0000000..f5d0481 --- /dev/null +++ b/backend/src/modules/auth/entities/oauth-state.entity.ts @@ -0,0 +1,66 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { OAuthProvider } from './oauth-provider.entity.js'; +import { User } from './user.entity.js'; + +@Entity({ schema: 'auth', name: 'oauth_states' }) +@Index('idx_oauth_states_state', ['state']) +@Index('idx_oauth_states_expires', ['expiresAt']) +export class OAuthState { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 64, nullable: false, unique: true }) + state: string; + + // PKCE + @Column({ type: 'varchar', length: 128, nullable: true, name: 'code_verifier' }) + codeVerifier: string | null; + + // Contexto + @Column({ type: 'uuid', nullable: false, name: 'provider_id' }) + providerId: string; + + @Column({ type: 'varchar', length: 500, nullable: false, name: 'redirect_uri' }) + redirectUri: string; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'return_url' }) + returnUrl: string | null; + + // Vinculación con usuario existente (para linking) + @Column({ type: 'uuid', nullable: true, name: 'link_user_id' }) + linkUserId: string | null; + + // Metadata + @Column({ type: 'inet', nullable: true, name: 'ip_address' }) + ipAddress: string | null; + + @Column({ type: 'text', nullable: true, name: 'user_agent' }) + userAgent: string | null; + + // Relaciones + @ManyToOne(() => OAuthProvider) + @JoinColumn({ name: 'provider_id' }) + provider: OAuthProvider; + + @ManyToOne(() => User, { nullable: true }) + @JoinColumn({ name: 'link_user_id' }) + linkUser: User | null; + + // Tiempo de vida + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ type: 'timestamptz', nullable: false, name: 'expires_at' }) + expiresAt: Date; + + @Column({ type: 'timestamptz', nullable: true, name: 'used_at' }) + usedAt: Date | null; +} diff --git a/backend/src/modules/auth/entities/oauth-user-link.entity.ts b/backend/src/modules/auth/entities/oauth-user-link.entity.ts new file mode 100644 index 0000000..d75f529 --- /dev/null +++ b/backend/src/modules/auth/entities/oauth-user-link.entity.ts @@ -0,0 +1,73 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; +import { OAuthProvider } from './oauth-provider.entity.js'; + +@Entity({ schema: 'auth', name: 'oauth_user_links' }) +@Index('idx_oauth_links_user', ['userId']) +@Index('idx_oauth_links_provider', ['providerId']) +@Index('idx_oauth_links_oauth_uid', ['oauthUid']) +export class OAuthUserLink { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + @Column({ type: 'uuid', nullable: false, name: 'provider_id' }) + providerId: string; + + // Identificación OAuth + @Column({ type: 'varchar', length: 255, nullable: false, name: 'oauth_uid' }) + oauthUid: string; + + @Column({ type: 'varchar', length: 255, nullable: true, name: 'oauth_email' }) + oauthEmail: string | null; + + // Tokens (encriptados) + @Column({ type: 'text', nullable: true, name: 'access_token' }) + accessToken: string | null; + + @Column({ type: 'text', nullable: true, name: 'refresh_token' }) + refreshToken: string | null; + + @Column({ type: 'text', nullable: true, name: 'id_token' }) + idToken: string | null; + + @Column({ type: 'timestamptz', nullable: true, name: 'token_expires_at' }) + tokenExpiresAt: Date | null; + + // Metadata + @Column({ type: 'jsonb', nullable: true, name: 'raw_userinfo' }) + rawUserinfo: Record | null; + + @Column({ type: 'timestamptz', nullable: true, name: 'last_login_at' }) + lastLoginAt: Date | null; + + @Column({ type: 'integer', default: 0, nullable: false, name: 'login_count' }) + loginCount: number; + + // Relaciones + @ManyToOne(() => User, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'user_id' }) + user: User; + + @ManyToOne(() => OAuthProvider, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'provider_id' }) + provider: OAuthProvider; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at', type: 'timestamptz' }) + updatedAt: Date; +} diff --git a/backend/src/modules/auth/entities/password-reset.entity.ts b/backend/src/modules/auth/entities/password-reset.entity.ts new file mode 100644 index 0000000..79ac700 --- /dev/null +++ b/backend/src/modules/auth/entities/password-reset.entity.ts @@ -0,0 +1,45 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; + +@Entity({ schema: 'auth', name: 'password_resets' }) +@Index('idx_password_resets_user_id', ['userId']) +@Index('idx_password_resets_token', ['token']) +@Index('idx_password_resets_expires_at', ['expiresAt']) +export class PasswordReset { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + @Column({ type: 'varchar', length: 500, unique: true, nullable: false }) + token: string; + + @Column({ type: 'timestamp', nullable: false, name: 'expires_at' }) + expiresAt: Date; + + @Column({ type: 'timestamp', nullable: true, name: 'used_at' }) + usedAt: Date | null; + + @Column({ type: 'inet', nullable: true, name: 'ip_address' }) + ipAddress: string | null; + + // Relaciones + @ManyToOne(() => User, (user) => user.passwordResets, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'user_id' }) + user: User; + + // Timestamps + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/auth/entities/permission.entity.ts b/backend/src/modules/auth/entities/permission.entity.ts new file mode 100644 index 0000000..e67566c --- /dev/null +++ b/backend/src/modules/auth/entities/permission.entity.ts @@ -0,0 +1,52 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToMany, +} from 'typeorm'; +import { Role } from './role.entity.js'; + +export enum PermissionAction { + CREATE = 'create', + READ = 'read', + UPDATE = 'update', + DELETE = 'delete', + APPROVE = 'approve', + CANCEL = 'cancel', + EXPORT = 'export', +} + +@Entity({ schema: 'auth', name: 'permissions' }) +@Index('idx_permissions_resource', ['resource']) +@Index('idx_permissions_action', ['action']) +@Index('idx_permissions_module', ['module']) +export class Permission { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + resource: string; + + @Column({ + type: 'enum', + enum: PermissionAction, + nullable: false, + }) + action: PermissionAction; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true }) + module: string | null; + + // Relaciones + @ManyToMany(() => Role, (role) => role.permissions) + roles: Role[]; + + // Sin tenant_id: permisos son globales + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/auth/entities/role.entity.ts b/backend/src/modules/auth/entities/role.entity.ts new file mode 100644 index 0000000..670c7e6 --- /dev/null +++ b/backend/src/modules/auth/entities/role.entity.ts @@ -0,0 +1,84 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + ManyToMany, + JoinColumn, + JoinTable, +} from 'typeorm'; +import { Tenant } from './tenant.entity.js'; +import { User } from './user.entity.js'; +import { Permission } from './permission.entity.js'; + +@Entity({ schema: 'auth', name: 'roles' }) +@Index('idx_roles_tenant_id', ['tenantId']) +@Index('idx_roles_code', ['code']) +@Index('idx_roles_is_system', ['isSystem']) +export class Role { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 50, nullable: false }) + code: string; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_system' }) + isSystem: boolean; + + @Column({ type: 'varchar', length: 20, nullable: true }) + color: string | null; + + // Relaciones + @ManyToOne(() => Tenant, (tenant) => tenant.roles, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToMany(() => Permission, (permission) => permission.roles) + @JoinTable({ + name: 'role_permissions', + schema: 'auth', + joinColumn: { name: 'role_id', referencedColumnName: 'id' }, + inverseJoinColumn: { name: 'permission_id', referencedColumnName: 'id' }, + }) + permissions: Permission[]; + + @ManyToMany(() => User, (user) => user.roles) + users: User[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/session.entity.ts b/backend/src/modules/auth/entities/session.entity.ts new file mode 100644 index 0000000..b34c19d --- /dev/null +++ b/backend/src/modules/auth/entities/session.entity.ts @@ -0,0 +1,90 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; + +export enum SessionStatus { + ACTIVE = 'active', + EXPIRED = 'expired', + REVOKED = 'revoked', +} + +@Entity({ schema: 'auth', name: 'sessions' }) +@Index('idx_sessions_user_id', ['userId']) +@Index('idx_sessions_token', ['token']) +@Index('idx_sessions_status', ['status']) +@Index('idx_sessions_expires_at', ['expiresAt']) +export class Session { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + @Column({ type: 'varchar', length: 500, unique: true, nullable: false }) + token: string; + + @Column({ + type: 'varchar', + length: 500, + unique: true, + nullable: true, + name: 'refresh_token', + }) + refreshToken: string | null; + + @Column({ + type: 'enum', + enum: SessionStatus, + default: SessionStatus.ACTIVE, + nullable: false, + }) + status: SessionStatus; + + @Column({ type: 'timestamp', nullable: false, name: 'expires_at' }) + expiresAt: Date; + + @Column({ + type: 'timestamp', + nullable: true, + name: 'refresh_expires_at', + }) + refreshExpiresAt: Date | null; + + @Column({ type: 'inet', nullable: true, name: 'ip_address' }) + ipAddress: string | null; + + @Column({ type: 'text', nullable: true, name: 'user_agent' }) + userAgent: string | null; + + @Column({ type: 'jsonb', nullable: true, name: 'device_info' }) + deviceInfo: Record | null; + + // Relaciones + @ManyToOne(() => User, (user) => user.sessions, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'user_id' }) + user: User; + + // Timestamps + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'timestamp', nullable: true, name: 'revoked_at' }) + revokedAt: Date | null; + + @Column({ + type: 'varchar', + length: 100, + nullable: true, + name: 'revoked_reason', + }) + revokedReason: string | null; +} diff --git a/backend/src/modules/auth/entities/tenant.entity.ts b/backend/src/modules/auth/entities/tenant.entity.ts new file mode 100644 index 0000000..2d0d447 --- /dev/null +++ b/backend/src/modules/auth/entities/tenant.entity.ts @@ -0,0 +1,93 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + OneToMany, +} from 'typeorm'; +import { Company } from './company.entity.js'; +import { User } from './user.entity.js'; +import { Role } from './role.entity.js'; + +export enum TenantStatus { + ACTIVE = 'active', + SUSPENDED = 'suspended', + TRIAL = 'trial', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'auth', name: 'tenants' }) +@Index('idx_tenants_subdomain', ['subdomain']) +@Index('idx_tenants_status', ['status'], { where: 'deleted_at IS NULL' }) +@Index('idx_tenants_created_at', ['createdAt']) +export class Tenant { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 100, unique: true, nullable: false }) + subdomain: string; + + @Column({ + type: 'varchar', + length: 100, + unique: true, + nullable: false, + name: 'schema_name', + }) + schemaName: string; + + @Column({ + type: 'enum', + enum: TenantStatus, + default: TenantStatus.ACTIVE, + nullable: false, + }) + status: TenantStatus; + + @Column({ type: 'jsonb', default: {} }) + settings: Record; + + @Column({ type: 'varchar', length: 50, default: 'basic', nullable: true }) + plan: string; + + @Column({ type: 'integer', default: 10, name: 'max_users' }) + maxUsers: number; + + // Relaciones + @OneToMany(() => Company, (company) => company.tenant) + companies: Company[]; + + @OneToMany(() => User, (user) => user.tenant) + users: User[]; + + @OneToMany(() => Role, (role) => role.tenant) + roles: Role[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/trusted-device.entity.ts b/backend/src/modules/auth/entities/trusted-device.entity.ts new file mode 100644 index 0000000..5c5b81f --- /dev/null +++ b/backend/src/modules/auth/entities/trusted-device.entity.ts @@ -0,0 +1,115 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; + +export enum TrustLevel { + STANDARD = 'standard', + HIGH = 'high', + TEMPORARY = 'temporary', +} + +@Entity({ schema: 'auth', name: 'trusted_devices' }) +@Index('idx_trusted_devices_user', ['userId'], { where: 'is_active' }) +@Index('idx_trusted_devices_fingerprint', ['deviceFingerprint']) +@Index('idx_trusted_devices_expires', ['trustExpiresAt'], { + where: 'trust_expires_at IS NOT NULL AND is_active', +}) +export class TrustedDevice { + @PrimaryGeneratedColumn('uuid') + id: string; + + // Relación con usuario + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + // Identificación del dispositivo + @Column({ + type: 'varchar', + length: 128, + nullable: false, + name: 'device_fingerprint', + }) + deviceFingerprint: string; + + @Column({ type: 'varchar', length: 128, nullable: true, name: 'device_name' }) + deviceName: string | null; + + @Column({ type: 'varchar', length: 32, nullable: true, name: 'device_type' }) + deviceType: string | null; + + // Información del dispositivo + @Column({ type: 'text', nullable: true, name: 'user_agent' }) + userAgent: string | null; + + @Column({ type: 'varchar', length: 64, nullable: true, name: 'browser_name' }) + browserName: string | null; + + @Column({ + type: 'varchar', + length: 32, + nullable: true, + name: 'browser_version', + }) + browserVersion: string | null; + + @Column({ type: 'varchar', length: 64, nullable: true, name: 'os_name' }) + osName: string | null; + + @Column({ type: 'varchar', length: 32, nullable: true, name: 'os_version' }) + osVersion: string | null; + + // Ubicación del registro + @Column({ type: 'inet', nullable: false, name: 'registered_ip' }) + registeredIp: string; + + @Column({ type: 'jsonb', nullable: true, name: 'registered_location' }) + registeredLocation: Record | null; + + // Estado de confianza + @Column({ type: 'boolean', default: true, nullable: false, name: 'is_active' }) + isActive: boolean; + + @Column({ + type: 'enum', + enum: TrustLevel, + default: TrustLevel.STANDARD, + nullable: false, + name: 'trust_level', + }) + trustLevel: TrustLevel; + + @Column({ type: 'timestamptz', nullable: true, name: 'trust_expires_at' }) + trustExpiresAt: Date | null; + + // Uso + @Column({ type: 'timestamptz', nullable: false, name: 'last_used_at' }) + lastUsedAt: Date; + + @Column({ type: 'inet', nullable: true, name: 'last_used_ip' }) + lastUsedIp: string | null; + + @Column({ type: 'integer', default: 1, nullable: false, name: 'use_count' }) + useCount: number; + + // Relaciones + @ManyToOne(() => User, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'user_id' }) + user: User; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ type: 'timestamptz', nullable: true, name: 'revoked_at' }) + revokedAt: Date | null; + + @Column({ type: 'varchar', length: 128, nullable: true, name: 'revoked_reason' }) + revokedReason: string | null; +} diff --git a/backend/src/modules/auth/entities/user.entity.ts b/backend/src/modules/auth/entities/user.entity.ts new file mode 100644 index 0000000..cabb098 --- /dev/null +++ b/backend/src/modules/auth/entities/user.entity.ts @@ -0,0 +1,141 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + ManyToMany, + JoinColumn, + JoinTable, + OneToMany, +} from 'typeorm'; +import { Tenant } from './tenant.entity.js'; +import { Role } from './role.entity.js'; +import { Company } from './company.entity.js'; +import { Session } from './session.entity.js'; +import { PasswordReset } from './password-reset.entity.js'; + +export enum UserStatus { + ACTIVE = 'active', + INACTIVE = 'inactive', + SUSPENDED = 'suspended', + PENDING_VERIFICATION = 'pending_verification', +} + +@Entity({ schema: 'auth', name: 'users' }) +@Index('idx_users_tenant_id', ['tenantId']) +@Index('idx_users_email', ['email']) +@Index('idx_users_status', ['status'], { where: 'deleted_at IS NULL' }) +@Index('idx_users_email_tenant', ['tenantId', 'email']) +@Index('idx_users_created_at', ['createdAt']) +export class User { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + email: string; + + @Column({ type: 'varchar', length: 255, nullable: false, name: 'password_hash' }) + passwordHash: string; + + @Column({ type: 'varchar', length: 255, nullable: false, name: 'full_name' }) + fullName: string; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'avatar_url' }) + avatarUrl: string | null; + + @Column({ + type: 'enum', + enum: UserStatus, + default: UserStatus.ACTIVE, + nullable: false, + }) + status: UserStatus; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_superuser' }) + isSuperuser: boolean; + + @Column({ + type: 'timestamp', + nullable: true, + name: 'email_verified_at', + }) + emailVerifiedAt: Date | null; + + @Column({ type: 'timestamp', nullable: true, name: 'last_login_at' }) + lastLoginAt: Date | null; + + @Column({ type: 'inet', nullable: true, name: 'last_login_ip' }) + lastLoginIp: string | null; + + @Column({ type: 'integer', default: 0, name: 'login_count' }) + loginCount: number; + + @Column({ type: 'varchar', length: 10, default: 'es' }) + language: string; + + @Column({ type: 'varchar', length: 50, default: 'America/Mexico_City' }) + timezone: string; + + @Column({ type: 'jsonb', default: {} }) + settings: Record; + + // Relaciones + @ManyToOne(() => Tenant, (tenant) => tenant.users, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToMany(() => Role, (role) => role.users) + @JoinTable({ + name: 'user_roles', + schema: 'auth', + joinColumn: { name: 'user_id', referencedColumnName: 'id' }, + inverseJoinColumn: { name: 'role_id', referencedColumnName: 'id' }, + }) + roles: Role[]; + + @ManyToMany(() => Company, (company) => company.users) + @JoinTable({ + name: 'user_companies', + schema: 'auth', + joinColumn: { name: 'user_id', referencedColumnName: 'id' }, + inverseJoinColumn: { name: 'company_id', referencedColumnName: 'id' }, + }) + companies: Company[]; + + @OneToMany(() => Session, (session) => session.user) + sessions: Session[]; + + @OneToMany(() => PasswordReset, (passwordReset) => passwordReset.user) + passwordResets: PasswordReset[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/auth/entities/verification-code.entity.ts b/backend/src/modules/auth/entities/verification-code.entity.ts new file mode 100644 index 0000000..e71668e --- /dev/null +++ b/backend/src/modules/auth/entities/verification-code.entity.ts @@ -0,0 +1,90 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { User } from './user.entity.js'; +import { Session } from './session.entity.js'; + +export enum CodeType { + TOTP_SETUP = 'totp_setup', + SMS = 'sms', + EMAIL = 'email', + BACKUP = 'backup', +} + +@Entity({ schema: 'auth', name: 'verification_codes' }) +@Index('idx_verification_codes_user', ['userId', 'codeType'], { + where: 'used_at IS NULL', +}) +@Index('idx_verification_codes_expires', ['expiresAt'], { + where: 'used_at IS NULL', +}) +export class VerificationCode { + @PrimaryGeneratedColumn('uuid') + id: string; + + // Relaciones + @Column({ type: 'uuid', nullable: false, name: 'user_id' }) + userId: string; + + @Column({ type: 'uuid', nullable: true, name: 'session_id' }) + sessionId: string | null; + + // Tipo de código + @Column({ + type: 'enum', + enum: CodeType, + nullable: false, + name: 'code_type', + }) + codeType: CodeType; + + // Código (hash SHA-256) + @Column({ type: 'varchar', length: 64, nullable: false, name: 'code_hash' }) + codeHash: string; + + @Column({ type: 'integer', default: 6, nullable: false, name: 'code_length' }) + codeLength: number; + + // Destino (para SMS/Email) + @Column({ type: 'varchar', length: 256, nullable: true }) + destination: string | null; + + // Intentos + @Column({ type: 'integer', default: 0, nullable: false }) + attempts: number; + + @Column({ type: 'integer', default: 5, nullable: false, name: 'max_attempts' }) + maxAttempts: number; + + // Validez + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ type: 'timestamptz', nullable: false, name: 'expires_at' }) + expiresAt: Date; + + @Column({ type: 'timestamptz', nullable: true, name: 'used_at' }) + usedAt: Date | null; + + // Metadata + @Column({ type: 'inet', nullable: true, name: 'ip_address' }) + ipAddress: string | null; + + @Column({ type: 'text', nullable: true, name: 'user_agent' }) + userAgent: string | null; + + // Relaciones + @ManyToOne(() => User, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'user_id' }) + user: User; + + @ManyToOne(() => Session, { onDelete: 'CASCADE', nullable: true }) + @JoinColumn({ name: 'session_id' }) + session: Session | null; +} diff --git a/backend/src/modules/auth/index.ts b/backend/src/modules/auth/index.ts new file mode 100644 index 0000000..2afcd75 --- /dev/null +++ b/backend/src/modules/auth/index.ts @@ -0,0 +1,8 @@ +export * from './auth.service.js'; +export * from './auth.controller.js'; +export { default as authRoutes } from './auth.routes.js'; + +// API Keys +export * from './apiKeys.service.js'; +export * from './apiKeys.controller.js'; +export { default as apiKeysRoutes } from './apiKeys.routes.js'; diff --git a/backend/src/modules/auth/services/token.service.ts b/backend/src/modules/auth/services/token.service.ts new file mode 100644 index 0000000..ee671ba --- /dev/null +++ b/backend/src/modules/auth/services/token.service.ts @@ -0,0 +1,456 @@ +import jwt, { SignOptions } from 'jsonwebtoken'; +import { v4 as uuidv4 } from 'uuid'; +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../../config/typeorm.js'; +import { config } from '../../../config/index.js'; +import { User, Session, SessionStatus } from '../entities/index.js'; +import { blacklistToken, isTokenBlacklisted } from '../../../config/redis.js'; +import { logger } from '../../../shared/utils/logger.js'; +import { UnauthorizedError } from '../../../shared/types/index.js'; + +// ===== Interfaces ===== + +/** + * JWT Payload structure for access and refresh tokens + */ +export interface JwtPayload { + sub: string; // User ID + tid: string; // Tenant ID + email: string; + roles: string[]; + jti: string; // JWT ID único + iat: number; + exp: number; +} + +/** + * Token pair returned after authentication + */ +export interface TokenPair { + accessToken: string; + refreshToken: string; + accessTokenExpiresAt: Date; + refreshTokenExpiresAt: Date; + sessionId: string; +} + +/** + * Request metadata for session tracking + */ +export interface RequestMetadata { + ipAddress: string; + userAgent: string; +} + +// ===== TokenService Class ===== + +/** + * Service for managing JWT tokens with blacklist support via Redis + * and session tracking via TypeORM + */ +class TokenService { + private sessionRepository: Repository; + + // Configuration constants + private readonly ACCESS_TOKEN_EXPIRY = '15m'; + private readonly REFRESH_TOKEN_EXPIRY = '7d'; + private readonly ALGORITHM = 'HS256' as const; + + constructor() { + this.sessionRepository = AppDataSource.getRepository(Session); + } + + /** + * Generates a new token pair (access + refresh) and creates a session + * @param user - User entity with roles loaded + * @param metadata - Request metadata (IP, user agent) + * @returns Promise - Access and refresh tokens with expiration dates + */ + async generateTokenPair(user: User, metadata: RequestMetadata): Promise { + try { + logger.debug('Generating token pair', { userId: user.id, tenantId: user.tenantId }); + + // Extract role codes from user roles + const roles = user.roles ? user.roles.map(role => role.code) : []; + + // Calculate expiration dates + const accessTokenExpiresAt = this.calculateExpiration(this.ACCESS_TOKEN_EXPIRY); + const refreshTokenExpiresAt = this.calculateExpiration(this.REFRESH_TOKEN_EXPIRY); + + // Generate unique JWT IDs + const accessJti = this.generateJti(); + const refreshJti = this.generateJti(); + + // Generate access token + const accessToken = this.generateToken({ + sub: user.id, + tid: user.tenantId, + email: user.email, + roles, + jti: accessJti, + }, this.ACCESS_TOKEN_EXPIRY); + + // Generate refresh token + const refreshToken = this.generateToken({ + sub: user.id, + tid: user.tenantId, + email: user.email, + roles, + jti: refreshJti, + }, this.REFRESH_TOKEN_EXPIRY); + + // Create session record in database + const session = this.sessionRepository.create({ + userId: user.id, + token: accessJti, // Store JTI instead of full token + refreshToken: refreshJti, // Store JTI instead of full token + status: SessionStatus.ACTIVE, + expiresAt: accessTokenExpiresAt, + refreshExpiresAt: refreshTokenExpiresAt, + ipAddress: metadata.ipAddress, + userAgent: metadata.userAgent, + }); + + await this.sessionRepository.save(session); + + logger.info('Token pair generated successfully', { + userId: user.id, + sessionId: session.id, + tenantId: user.tenantId, + }); + + return { + accessToken, + refreshToken, + accessTokenExpiresAt, + refreshTokenExpiresAt, + sessionId: session.id, + }; + } catch (error) { + logger.error('Error generating token pair', { + error: (error as Error).message, + userId: user.id, + }); + throw error; + } + } + + /** + * Refreshes an access token using a valid refresh token + * Implements token replay detection for enhanced security + * @param refreshToken - Valid refresh token + * @param metadata - Request metadata (IP, user agent) + * @returns Promise - New access and refresh tokens + * @throws UnauthorizedError if token is invalid or replay detected + */ + async refreshTokens(refreshToken: string, metadata: RequestMetadata): Promise { + try { + logger.debug('Refreshing tokens'); + + // Verify refresh token + const payload = this.verifyRefreshToken(refreshToken); + + // Find active session with this refresh token JTI + const session = await this.sessionRepository.findOne({ + where: { + refreshToken: payload.jti, + status: SessionStatus.ACTIVE, + }, + relations: ['user', 'user.roles'], + }); + + if (!session) { + logger.warn('Refresh token not found or session inactive', { + jti: payload.jti, + }); + throw new UnauthorizedError('Refresh token inválido o expirado'); + } + + // Check if session has already been used (token replay detection) + if (session.revokedAt !== null) { + logger.error('TOKEN REPLAY DETECTED - Session was already used', { + sessionId: session.id, + userId: session.userId, + jti: payload.jti, + }); + + // SECURITY: Revoke ALL user sessions on replay detection + const revokedCount = await this.revokeAllUserSessions( + session.userId, + 'Token replay detected' + ); + + logger.error('All user sessions revoked due to token replay', { + userId: session.userId, + revokedCount, + }); + + throw new UnauthorizedError('Replay de token detectado. Todas las sesiones han sido revocadas por seguridad.'); + } + + // Verify session hasn't expired + if (session.refreshExpiresAt && new Date() > session.refreshExpiresAt) { + logger.warn('Refresh token expired', { + sessionId: session.id, + expiredAt: session.refreshExpiresAt, + }); + + await this.revokeSession(session.id, 'Token expired'); + throw new UnauthorizedError('Refresh token expirado'); + } + + // Mark current session as used (revoke it) + session.status = SessionStatus.REVOKED; + session.revokedAt = new Date(); + session.revokedReason = 'Used for refresh'; + await this.sessionRepository.save(session); + + // Generate new token pair + const newTokenPair = await this.generateTokenPair(session.user, metadata); + + logger.info('Tokens refreshed successfully', { + userId: session.userId, + oldSessionId: session.id, + newSessionId: newTokenPair.sessionId, + }); + + return newTokenPair; + } catch (error) { + logger.error('Error refreshing tokens', { + error: (error as Error).message, + }); + throw error; + } + } + + /** + * Revokes a session and blacklists its access token + * @param sessionId - Session ID to revoke + * @param reason - Reason for revocation + */ + async revokeSession(sessionId: string, reason: string): Promise { + try { + logger.debug('Revoking session', { sessionId, reason }); + + const session = await this.sessionRepository.findOne({ + where: { id: sessionId }, + }); + + if (!session) { + logger.warn('Session not found for revocation', { sessionId }); + return; + } + + // Mark session as revoked + session.status = SessionStatus.REVOKED; + session.revokedAt = new Date(); + session.revokedReason = reason; + await this.sessionRepository.save(session); + + // Blacklist the access token (JTI) in Redis + const remainingTTL = this.calculateRemainingTTL(session.expiresAt); + if (remainingTTL > 0) { + await this.blacklistAccessToken(session.token, remainingTTL); + } + + logger.info('Session revoked successfully', { sessionId, reason }); + } catch (error) { + logger.error('Error revoking session', { + error: (error as Error).message, + sessionId, + }); + throw error; + } + } + + /** + * Revokes all active sessions for a user + * Used for security events like password change or token replay detection + * @param userId - User ID whose sessions to revoke + * @param reason - Reason for revocation + * @returns Promise - Number of sessions revoked + */ + async revokeAllUserSessions(userId: string, reason: string): Promise { + try { + logger.debug('Revoking all user sessions', { userId, reason }); + + const sessions = await this.sessionRepository.find({ + where: { + userId, + status: SessionStatus.ACTIVE, + }, + }); + + if (sessions.length === 0) { + logger.debug('No active sessions found for user', { userId }); + return 0; + } + + // Revoke each session + for (const session of sessions) { + session.status = SessionStatus.REVOKED; + session.revokedAt = new Date(); + session.revokedReason = reason; + + // Blacklist access token + const remainingTTL = this.calculateRemainingTTL(session.expiresAt); + if (remainingTTL > 0) { + await this.blacklistAccessToken(session.token, remainingTTL); + } + } + + await this.sessionRepository.save(sessions); + + logger.info('All user sessions revoked', { + userId, + count: sessions.length, + reason, + }); + + return sessions.length; + } catch (error) { + logger.error('Error revoking all user sessions', { + error: (error as Error).message, + userId, + }); + throw error; + } + } + + /** + * Adds an access token to the Redis blacklist + * @param jti - JWT ID to blacklist + * @param expiresIn - TTL in seconds + */ + async blacklistAccessToken(jti: string, expiresIn: number): Promise { + try { + await blacklistToken(jti, expiresIn); + logger.debug('Access token blacklisted', { jti, expiresIn }); + } catch (error) { + logger.error('Error blacklisting access token', { + error: (error as Error).message, + jti, + }); + // Don't throw - blacklist is optional (Redis might be unavailable) + } + } + + /** + * Checks if an access token is blacklisted + * @param jti - JWT ID to check + * @returns Promise - true if blacklisted + */ + async isAccessTokenBlacklisted(jti: string): Promise { + try { + return await isTokenBlacklisted(jti); + } catch (error) { + logger.error('Error checking token blacklist', { + error: (error as Error).message, + jti, + }); + // Return false on error - fail open + return false; + } + } + + // ===== Private Helper Methods ===== + + /** + * Generates a JWT token with the specified payload and expiry + * @param payload - Token payload (without iat/exp) + * @param expiresIn - Expiration time string (e.g., '15m', '7d') + * @returns string - Signed JWT token + */ + private generateToken(payload: Omit, expiresIn: string): string { + return jwt.sign(payload, config.jwt.secret, { + expiresIn: expiresIn as jwt.SignOptions['expiresIn'], + algorithm: this.ALGORITHM, + } as SignOptions); + } + + /** + * Verifies an access token and returns its payload + * @param token - JWT access token + * @returns JwtPayload - Decoded payload + * @throws UnauthorizedError if token is invalid + */ + private verifyAccessToken(token: string): JwtPayload { + try { + return jwt.verify(token, config.jwt.secret, { + algorithms: [this.ALGORITHM], + }) as JwtPayload; + } catch (error) { + logger.warn('Invalid access token', { + error: (error as Error).message, + }); + throw new UnauthorizedError('Access token inválido o expirado'); + } + } + + /** + * Verifies a refresh token and returns its payload + * @param token - JWT refresh token + * @returns JwtPayload - Decoded payload + * @throws UnauthorizedError if token is invalid + */ + private verifyRefreshToken(token: string): JwtPayload { + try { + return jwt.verify(token, config.jwt.secret, { + algorithms: [this.ALGORITHM], + }) as JwtPayload; + } catch (error) { + logger.warn('Invalid refresh token', { + error: (error as Error).message, + }); + throw new UnauthorizedError('Refresh token inválido o expirado'); + } + } + + /** + * Generates a unique JWT ID (JTI) using UUID v4 + * @returns string - Unique identifier + */ + private generateJti(): string { + return uuidv4(); + } + + /** + * Calculates expiration date from a time string + * @param expiresIn - Time string (e.g., '15m', '7d') + * @returns Date - Expiration date + */ + private calculateExpiration(expiresIn: string): Date { + const unit = expiresIn.slice(-1); + const value = parseInt(expiresIn.slice(0, -1), 10); + + const now = new Date(); + + switch (unit) { + case 's': + return new Date(now.getTime() + value * 1000); + case 'm': + return new Date(now.getTime() + value * 60 * 1000); + case 'h': + return new Date(now.getTime() + value * 60 * 60 * 1000); + case 'd': + return new Date(now.getTime() + value * 24 * 60 * 60 * 1000); + default: + throw new Error(`Invalid time unit: ${unit}`); + } + } + + /** + * Calculates remaining TTL in seconds for a given expiration date + * @param expiresAt - Expiration date + * @returns number - Remaining seconds (0 if already expired) + */ + private calculateRemainingTTL(expiresAt: Date): number { + const now = new Date(); + const remainingMs = expiresAt.getTime() - now.getTime(); + return Math.max(0, Math.floor(remainingMs / 1000)); + } +} + +// ===== Export Singleton Instance ===== + +export const tokenService = new TokenService(); diff --git a/backend/src/modules/companies/companies.controller.ts b/backend/src/modules/companies/companies.controller.ts new file mode 100644 index 0000000..e59bc40 --- /dev/null +++ b/backend/src/modules/companies/companies.controller.ts @@ -0,0 +1,241 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { companiesService, CreateCompanyDto, UpdateCompanyDto, CompanyFilters } from './companies.service.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError } from '../../shared/types/index.js'; + +// Validation schemas (accept both snake_case and camelCase from frontend) +const createCompanySchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(255), + legal_name: z.string().max(255).optional(), + legalName: z.string().max(255).optional(), + tax_id: z.string().max(50).optional(), + taxId: z.string().max(50).optional(), + currency_id: z.string().uuid().optional(), + currencyId: z.string().uuid().optional(), + parent_company_id: z.string().uuid().optional(), + parentCompanyId: z.string().uuid().optional(), + settings: z.record(z.any()).optional(), +}); + +const updateCompanySchema = z.object({ + name: z.string().min(1).max(255).optional(), + legal_name: z.string().max(255).optional().nullable(), + legalName: z.string().max(255).optional().nullable(), + tax_id: z.string().max(50).optional().nullable(), + taxId: z.string().max(50).optional().nullable(), + currency_id: z.string().uuid().optional().nullable(), + currencyId: z.string().uuid().optional().nullable(), + parent_company_id: z.string().uuid().optional().nullable(), + parentCompanyId: z.string().uuid().optional().nullable(), + settings: z.record(z.any()).optional(), +}); + +const querySchema = z.object({ + search: z.string().optional(), + parent_company_id: z.string().uuid().optional(), + parentCompanyId: z.string().uuid().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class CompaniesController { + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = querySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const tenantId = req.user!.tenantId; + const filters: CompanyFilters = { + search: queryResult.data.search, + parentCompanyId: queryResult.data.parentCompanyId || queryResult.data.parent_company_id, + page: queryResult.data.page, + limit: queryResult.data.limit, + }; + + const result = await companiesService.findAll(tenantId, filters); + + const response: ApiResponse = { + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page || 1, + limit: filters.limit || 20, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const company = await companiesService.findById(id, tenantId); + + const response: ApiResponse = { + success: true, + data: company, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createCompanySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de empresa inválidos', parseResult.error.errors); + } + + const data = parseResult.data; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + // Transform to camelCase DTO + const dto: CreateCompanyDto = { + name: data.name, + legalName: data.legalName || data.legal_name, + taxId: data.taxId || data.tax_id, + currencyId: data.currencyId || data.currency_id, + parentCompanyId: data.parentCompanyId || data.parent_company_id, + settings: data.settings, + }; + + const company = await companiesService.create(dto, tenantId, userId); + + const response: ApiResponse = { + success: true, + data: company, + message: 'Empresa creada exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const parseResult = updateCompanySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de empresa inválidos', parseResult.error.errors); + } + + const data = parseResult.data; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + // Transform to camelCase DTO + const dto: UpdateCompanyDto = {}; + if (data.name !== undefined) dto.name = data.name; + if (data.legalName !== undefined || data.legal_name !== undefined) { + dto.legalName = data.legalName ?? data.legal_name; + } + if (data.taxId !== undefined || data.tax_id !== undefined) { + dto.taxId = data.taxId ?? data.tax_id; + } + if (data.currencyId !== undefined || data.currency_id !== undefined) { + dto.currencyId = data.currencyId ?? data.currency_id; + } + if (data.parentCompanyId !== undefined || data.parent_company_id !== undefined) { + dto.parentCompanyId = data.parentCompanyId ?? data.parent_company_id; + } + if (data.settings !== undefined) dto.settings = data.settings; + + const company = await companiesService.update(id, dto, tenantId, userId); + + const response: ApiResponse = { + success: true, + data: company, + message: 'Empresa actualizada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + await companiesService.delete(id, tenantId, userId); + + const response: ApiResponse = { + success: true, + message: 'Empresa eliminada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async getUsers(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const users = await companiesService.getUsers(id, tenantId); + + const response: ApiResponse = { + success: true, + data: users, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async getSubsidiaries(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const subsidiaries = await companiesService.getSubsidiaries(id, tenantId); + + const response: ApiResponse = { + success: true, + data: subsidiaries, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async getHierarchy(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const hierarchy = await companiesService.getHierarchy(tenantId); + + const response: ApiResponse = { + success: true, + data: hierarchy, + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const companiesController = new CompaniesController(); diff --git a/backend/src/modules/companies/companies.routes.ts b/backend/src/modules/companies/companies.routes.ts new file mode 100644 index 0000000..e18bb78 --- /dev/null +++ b/backend/src/modules/companies/companies.routes.ts @@ -0,0 +1,50 @@ +import { Router } from 'express'; +import { companiesController } from './companies.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// List companies (admin, manager) +router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + companiesController.findAll(req, res, next) +); + +// Get company hierarchy tree (must be before /:id to avoid conflict) +router.get('/hierarchy/tree', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + companiesController.getHierarchy(req, res, next) +); + +// Get company by ID +router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + companiesController.findById(req, res, next) +); + +// Create company (admin only) +router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) => + companiesController.create(req, res, next) +); + +// Update company (admin only) +router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + companiesController.update(req, res, next) +); + +// Delete company (admin only) +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + companiesController.delete(req, res, next) +); + +// Get users assigned to company +router.get('/:id/users', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + companiesController.getUsers(req, res, next) +); + +// Get subsidiaries (child companies) +router.get('/:id/subsidiaries', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + companiesController.getSubsidiaries(req, res, next) +); + +export default router; diff --git a/backend/src/modules/companies/companies.service.ts b/backend/src/modules/companies/companies.service.ts new file mode 100644 index 0000000..f42e47e --- /dev/null +++ b/backend/src/modules/companies/companies.service.ts @@ -0,0 +1,472 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Company } from '../auth/entities/index.js'; +import { NotFoundError, ValidationError, ForbiddenError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateCompanyDto { + name: string; + legalName?: string; + taxId?: string; + currencyId?: string; + parentCompanyId?: string; + settings?: Record; +} + +export interface UpdateCompanyDto { + name?: string; + legalName?: string | null; + taxId?: string | null; + currencyId?: string | null; + parentCompanyId?: string | null; + settings?: Record; +} + +export interface CompanyFilters { + search?: string; + parentCompanyId?: string; + page?: number; + limit?: number; +} + +export interface CompanyWithRelations extends Company { + currencyCode?: string; + parentCompanyName?: string; +} + +// ===== CompaniesService Class ===== + +class CompaniesService { + private companyRepository: Repository; + + constructor() { + this.companyRepository = AppDataSource.getRepository(Company); + } + + /** + * Get all companies for a tenant with filters and pagination + */ + async findAll( + tenantId: string, + filters: CompanyFilters = {} + ): Promise<{ data: CompanyWithRelations[]; total: number }> { + try { + const { search, parentCompanyId, page = 1, limit = 20 } = filters; + const skip = (page - 1) * limit; + + const queryBuilder = this.companyRepository + .createQueryBuilder('company') + .leftJoin('company.parentCompany', 'parentCompany') + .addSelect(['parentCompany.name']) + .where('company.tenantId = :tenantId', { tenantId }) + .andWhere('company.deletedAt IS NULL'); + + // Apply search filter + if (search) { + queryBuilder.andWhere( + '(company.name ILIKE :search OR company.legalName ILIKE :search OR company.taxId ILIKE :search)', + { search: `%${search}%` } + ); + } + + // Filter by parent company + if (parentCompanyId) { + queryBuilder.andWhere('company.parentCompanyId = :parentCompanyId', { parentCompanyId }); + } + + // Get total count + const total = await queryBuilder.getCount(); + + // Get paginated results + const companies = await queryBuilder + .orderBy('company.name', 'ASC') + .skip(skip) + .take(limit) + .getMany(); + + // Map to include relation names + const data: CompanyWithRelations[] = companies.map(company => ({ + ...company, + parentCompanyName: company.parentCompany?.name, + })); + + logger.debug('Companies retrieved', { tenantId, count: data.length, total }); + + return { data, total }; + } catch (error) { + logger.error('Error retrieving companies', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get company by ID + */ + async findById(id: string, tenantId: string): Promise { + try { + const company = await this.companyRepository + .createQueryBuilder('company') + .leftJoin('company.parentCompany', 'parentCompany') + .addSelect(['parentCompany.name']) + .where('company.id = :id', { id }) + .andWhere('company.tenantId = :tenantId', { tenantId }) + .andWhere('company.deletedAt IS NULL') + .getOne(); + + if (!company) { + throw new NotFoundError('Empresa no encontrada'); + } + + return { + ...company, + parentCompanyName: company.parentCompany?.name, + }; + } catch (error) { + logger.error('Error finding company', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Create a new company + */ + async create( + dto: CreateCompanyDto, + tenantId: string, + userId: string + ): Promise { + try { + // Validate unique tax_id within tenant + if (dto.taxId) { + const existing = await this.companyRepository.findOne({ + where: { + tenantId, + taxId: dto.taxId, + deletedAt: IsNull(), + }, + }); + + if (existing) { + throw new ValidationError('Ya existe una empresa con este RFC'); + } + } + + // Validate parent company exists + if (dto.parentCompanyId) { + const parent = await this.companyRepository.findOne({ + where: { + id: dto.parentCompanyId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Empresa matriz no encontrada'); + } + } + + // Create company + const company = this.companyRepository.create({ + tenantId, + name: dto.name, + legalName: dto.legalName || null, + taxId: dto.taxId || null, + currencyId: dto.currencyId || null, + parentCompanyId: dto.parentCompanyId || null, + settings: dto.settings || {}, + createdBy: userId, + }); + + await this.companyRepository.save(company); + + logger.info('Company created', { + companyId: company.id, + tenantId, + name: company.name, + createdBy: userId, + }); + + return company; + } catch (error) { + logger.error('Error creating company', { + error: (error as Error).message, + tenantId, + dto, + }); + throw error; + } + } + + /** + * Update a company + */ + async update( + id: string, + dto: UpdateCompanyDto, + tenantId: string, + userId: string + ): Promise { + try { + const existing = await this.findById(id, tenantId); + + // Validate unique tax_id if changing + if (dto.taxId !== undefined && dto.taxId !== existing.taxId) { + if (dto.taxId) { + const duplicate = await this.companyRepository.findOne({ + where: { + tenantId, + taxId: dto.taxId, + deletedAt: IsNull(), + }, + }); + + if (duplicate && duplicate.id !== id) { + throw new ValidationError('Ya existe una empresa con este RFC'); + } + } + } + + // Validate parent company (prevent self-reference and cycles) + if (dto.parentCompanyId !== undefined && dto.parentCompanyId) { + if (dto.parentCompanyId === id) { + throw new ValidationError('Una empresa no puede ser su propia matriz'); + } + + const parent = await this.companyRepository.findOne({ + where: { + id: dto.parentCompanyId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Empresa matriz no encontrada'); + } + + // Check for circular reference + if (await this.wouldCreateCycle(id, dto.parentCompanyId, tenantId)) { + throw new ValidationError('La asignación crearía una referencia circular'); + } + } + + // Update allowed fields + if (dto.name !== undefined) existing.name = dto.name; + if (dto.legalName !== undefined) existing.legalName = dto.legalName; + if (dto.taxId !== undefined) existing.taxId = dto.taxId; + if (dto.currencyId !== undefined) existing.currencyId = dto.currencyId; + if (dto.parentCompanyId !== undefined) existing.parentCompanyId = dto.parentCompanyId; + if (dto.settings !== undefined) { + existing.settings = { ...existing.settings, ...dto.settings }; + } + + existing.updatedBy = userId; + existing.updatedAt = new Date(); + + await this.companyRepository.save(existing); + + logger.info('Company updated', { + companyId: id, + tenantId, + updatedBy: userId, + }); + + return await this.findById(id, tenantId); + } catch (error) { + logger.error('Error updating company', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Soft delete a company + */ + async delete(id: string, tenantId: string, userId: string): Promise { + try { + await this.findById(id, tenantId); + + // Check if company has child companies + const childrenCount = await this.companyRepository.count({ + where: { + parentCompanyId: id, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (childrenCount > 0) { + throw new ForbiddenError( + 'No se puede eliminar una empresa que tiene empresas subsidiarias' + ); + } + + // Soft delete + await this.companyRepository.update( + { id, tenantId }, + { + deletedAt: new Date(), + deletedBy: userId, + } + ); + + logger.info('Company deleted', { + companyId: id, + tenantId, + deletedBy: userId, + }); + } catch (error) { + logger.error('Error deleting company', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Get users assigned to a company + */ + async getUsers(companyId: string, tenantId: string): Promise { + try { + await this.findById(companyId, tenantId); + + // Using raw query for user_companies junction table + const users = await this.companyRepository.query( + `SELECT u.id, u.email, u.full_name, u.status, uc.is_default, uc.assigned_at + FROM auth.users u + INNER JOIN auth.user_companies uc ON u.id = uc.user_id + WHERE uc.company_id = $1 AND u.tenant_id = $2 AND u.deleted_at IS NULL + ORDER BY u.full_name`, + [companyId, tenantId] + ); + + return users; + } catch (error) { + logger.error('Error getting company users', { + error: (error as Error).message, + companyId, + tenantId, + }); + throw error; + } + } + + /** + * Get child companies (subsidiaries) + */ + async getSubsidiaries(companyId: string, tenantId: string): Promise { + try { + await this.findById(companyId, tenantId); + + return await this.companyRepository.find({ + where: { + parentCompanyId: companyId, + tenantId, + deletedAt: IsNull(), + }, + order: { name: 'ASC' }, + }); + } catch (error) { + logger.error('Error getting subsidiaries', { + error: (error as Error).message, + companyId, + tenantId, + }); + throw error; + } + } + + /** + * Get full company hierarchy (tree structure) + */ + async getHierarchy(tenantId: string): Promise { + try { + // Get all companies + const companies = await this.companyRepository.find({ + where: { tenantId, deletedAt: IsNull() }, + order: { name: 'ASC' }, + }); + + // Build tree structure + const companyMap = new Map(); + const roots: any[] = []; + + // First pass: create map + for (const company of companies) { + companyMap.set(company.id, { + ...company, + children: [], + }); + } + + // Second pass: build tree + for (const company of companies) { + const node = companyMap.get(company.id); + if (company.parentCompanyId && companyMap.has(company.parentCompanyId)) { + companyMap.get(company.parentCompanyId).children.push(node); + } else { + roots.push(node); + } + } + + return roots; + } catch (error) { + logger.error('Error getting company hierarchy', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Check if assigning a parent would create a circular reference + */ + private async wouldCreateCycle( + companyId: string, + newParentId: string, + tenantId: string + ): Promise { + let currentId: string | null = newParentId; + const visited = new Set(); + + while (currentId) { + if (visited.has(currentId)) { + return true; // Found a cycle + } + if (currentId === companyId) { + return true; // Would create a cycle + } + + visited.add(currentId); + + const parent = await this.companyRepository.findOne({ + where: { id: currentId, tenantId, deletedAt: IsNull() }, + select: ['parentCompanyId'], + }); + + currentId = parent?.parentCompanyId || null; + } + + return false; + } +} + +// ===== Export Singleton Instance ===== + +export const companiesService = new CompaniesService(); diff --git a/backend/src/modules/companies/index.ts b/backend/src/modules/companies/index.ts new file mode 100644 index 0000000..fbf5e5b --- /dev/null +++ b/backend/src/modules/companies/index.ts @@ -0,0 +1,3 @@ +export * from './companies.service.js'; +export * from './companies.controller.js'; +export { default as companiesRoutes } from './companies.routes.js'; diff --git a/backend/src/modules/core/core.controller.ts b/backend/src/modules/core/core.controller.ts new file mode 100644 index 0000000..79f6c90 --- /dev/null +++ b/backend/src/modules/core/core.controller.ts @@ -0,0 +1,257 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { currenciesService, CreateCurrencyDto, UpdateCurrencyDto } from './currencies.service.js'; +import { countriesService } from './countries.service.js'; +import { uomService, CreateUomDto, UpdateUomDto } from './uom.service.js'; +import { productCategoriesService, CreateProductCategoryDto, UpdateProductCategoryDto } from './product-categories.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Schemas +const createCurrencySchema = z.object({ + code: z.string().length(3, 'El código debe tener 3 caracteres').toUpperCase(), + name: z.string().min(1, 'El nombre es requerido').max(100), + symbol: z.string().min(1).max(10), + decimal_places: z.number().int().min(0).max(6).optional(), + decimals: z.number().int().min(0).max(6).optional(), // Accept camelCase +}).refine((data) => data.decimal_places !== undefined || data.decimals !== undefined, { + message: 'decimal_places or decimals is required', +}); + +const updateCurrencySchema = z.object({ + name: z.string().min(1).max(100).optional(), + symbol: z.string().min(1).max(10).optional(), + decimal_places: z.number().int().min(0).max(6).optional(), + decimals: z.number().int().min(0).max(6).optional(), // Accept camelCase + active: z.boolean().optional(), +}); + +const createUomSchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(100), + code: z.string().min(1).max(20), + category_id: z.string().uuid().optional(), + categoryId: z.string().uuid().optional(), // Accept camelCase + uom_type: z.enum(['reference', 'bigger', 'smaller']).optional(), + uomType: z.enum(['reference', 'bigger', 'smaller']).optional(), // Accept camelCase + ratio: z.number().positive().default(1), +}).refine((data) => data.category_id !== undefined || data.categoryId !== undefined, { + message: 'category_id or categoryId is required', +}); + +const updateUomSchema = z.object({ + name: z.string().min(1).max(100).optional(), + ratio: z.number().positive().optional(), + active: z.boolean().optional(), +}); + +const createCategorySchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(100), + code: z.string().min(1).max(50), + parent_id: z.string().uuid().optional(), + parentId: z.string().uuid().optional(), // Accept camelCase +}); + +const updateCategorySchema = z.object({ + name: z.string().min(1).max(100).optional(), + parent_id: z.string().uuid().optional().nullable(), + parentId: z.string().uuid().optional().nullable(), // Accept camelCase + active: z.boolean().optional(), +}); + +class CoreController { + // ========== CURRENCIES ========== + async getCurrencies(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activeOnly = req.query.active === 'true'; + const currencies = await currenciesService.findAll(activeOnly); + res.json({ success: true, data: currencies }); + } catch (error) { + next(error); + } + } + + async getCurrency(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const currency = await currenciesService.findById(req.params.id); + res.json({ success: true, data: currency }); + } catch (error) { + next(error); + } + } + + async createCurrency(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createCurrencySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de moneda inválidos', parseResult.error.errors); + } + const dto: CreateCurrencyDto = parseResult.data; + const currency = await currenciesService.create(dto); + res.status(201).json({ success: true, data: currency, message: 'Moneda creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateCurrency(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateCurrencySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de moneda inválidos', parseResult.error.errors); + } + const dto: UpdateCurrencyDto = parseResult.data; + const currency = await currenciesService.update(req.params.id, dto); + res.json({ success: true, data: currency, message: 'Moneda actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== COUNTRIES ========== + async getCountries(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const countries = await countriesService.findAll(); + res.json({ success: true, data: countries }); + } catch (error) { + next(error); + } + } + + async getCountry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const country = await countriesService.findById(req.params.id); + res.json({ success: true, data: country }); + } catch (error) { + next(error); + } + } + + // ========== UOM CATEGORIES ========== + async getUomCategories(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activeOnly = req.query.active === 'true'; + const categories = await uomService.findAllCategories(activeOnly); + res.json({ success: true, data: categories }); + } catch (error) { + next(error); + } + } + + async getUomCategory(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const category = await uomService.findCategoryById(req.params.id); + res.json({ success: true, data: category }); + } catch (error) { + next(error); + } + } + + // ========== UOM ========== + async getUoms(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activeOnly = req.query.active === 'true'; + const categoryId = req.query.category_id as string | undefined; + const uoms = await uomService.findAll(categoryId, activeOnly); + res.json({ success: true, data: uoms }); + } catch (error) { + next(error); + } + } + + async getUom(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const uom = await uomService.findById(req.params.id); + res.json({ success: true, data: uom }); + } catch (error) { + next(error); + } + } + + async createUom(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createUomSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de UdM inválidos', parseResult.error.errors); + } + const dto: CreateUomDto = parseResult.data; + const uom = await uomService.create(dto); + res.status(201).json({ success: true, data: uom, message: 'Unidad de medida creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateUom(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateUomSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de UdM inválidos', parseResult.error.errors); + } + const dto: UpdateUomDto = parseResult.data; + const uom = await uomService.update(req.params.id, dto); + res.json({ success: true, data: uom, message: 'Unidad de medida actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== PRODUCT CATEGORIES ========== + async getProductCategories(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activeOnly = req.query.active === 'true'; + const parentId = req.query.parent_id as string | undefined; + const categories = await productCategoriesService.findAll(req.tenantId!, parentId, activeOnly); + res.json({ success: true, data: categories }); + } catch (error) { + next(error); + } + } + + async getProductCategory(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const category = await productCategoriesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: category }); + } catch (error) { + next(error); + } + } + + async createProductCategory(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createCategorySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de categoría inválidos', parseResult.error.errors); + } + const dto: CreateProductCategoryDto = parseResult.data; + const category = await productCategoriesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: category, message: 'Categoría creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateProductCategory(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateCategorySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de categoría inválidos', parseResult.error.errors); + } + const dto: UpdateProductCategoryDto = parseResult.data; + const category = await productCategoriesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: category, message: 'Categoría actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteProductCategory(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await productCategoriesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Categoría eliminada exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const coreController = new CoreController(); diff --git a/backend/src/modules/core/core.routes.ts b/backend/src/modules/core/core.routes.ts new file mode 100644 index 0000000..f353f73 --- /dev/null +++ b/backend/src/modules/core/core.routes.ts @@ -0,0 +1,51 @@ +import { Router } from 'express'; +import { coreController } from './core.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== CURRENCIES ========== +router.get('/currencies', (req, res, next) => coreController.getCurrencies(req, res, next)); +router.get('/currencies/:id', (req, res, next) => coreController.getCurrency(req, res, next)); +router.post('/currencies', requireRoles('admin', 'super_admin'), (req, res, next) => + coreController.createCurrency(req, res, next) +); +router.put('/currencies/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + coreController.updateCurrency(req, res, next) +); + +// ========== COUNTRIES ========== +router.get('/countries', (req, res, next) => coreController.getCountries(req, res, next)); +router.get('/countries/:id', (req, res, next) => coreController.getCountry(req, res, next)); + +// ========== UOM CATEGORIES ========== +router.get('/uom-categories', (req, res, next) => coreController.getUomCategories(req, res, next)); +router.get('/uom-categories/:id', (req, res, next) => coreController.getUomCategory(req, res, next)); + +// ========== UOM ========== +router.get('/uom', (req, res, next) => coreController.getUoms(req, res, next)); +router.get('/uom/:id', (req, res, next) => coreController.getUom(req, res, next)); +router.post('/uom', requireRoles('admin', 'super_admin'), (req, res, next) => + coreController.createUom(req, res, next) +); +router.put('/uom/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + coreController.updateUom(req, res, next) +); + +// ========== PRODUCT CATEGORIES ========== +router.get('/product-categories', (req, res, next) => coreController.getProductCategories(req, res, next)); +router.get('/product-categories/:id', (req, res, next) => coreController.getProductCategory(req, res, next)); +router.post('/product-categories', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + coreController.createProductCategory(req, res, next) +); +router.put('/product-categories/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + coreController.updateProductCategory(req, res, next) +); +router.delete('/product-categories/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + coreController.deleteProductCategory(req, res, next) +); + +export default router; diff --git a/backend/src/modules/core/countries.service.ts b/backend/src/modules/core/countries.service.ts new file mode 100644 index 0000000..943a37c --- /dev/null +++ b/backend/src/modules/core/countries.service.ts @@ -0,0 +1,45 @@ +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Country } from './entities/country.entity.js'; +import { NotFoundError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +class CountriesService { + private repository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(Country); + } + + async findAll(): Promise { + logger.debug('Finding all countries'); + + return this.repository.find({ + order: { name: 'ASC' }, + }); + } + + async findById(id: string): Promise { + logger.debug('Finding country by id', { id }); + + const country = await this.repository.findOne({ + where: { id }, + }); + + if (!country) { + throw new NotFoundError('País no encontrado'); + } + + return country; + } + + async findByCode(code: string): Promise { + logger.debug('Finding country by code', { code }); + + return this.repository.findOne({ + where: { code: code.toUpperCase() }, + }); + } +} + +export const countriesService = new CountriesService(); diff --git a/backend/src/modules/core/currencies.service.ts b/backend/src/modules/core/currencies.service.ts new file mode 100644 index 0000000..2d0e988 --- /dev/null +++ b/backend/src/modules/core/currencies.service.ts @@ -0,0 +1,118 @@ +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Currency } from './entities/currency.entity.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +export interface CreateCurrencyDto { + code: string; + name: string; + symbol: string; + decimal_places?: number; + decimals?: number; // Accept camelCase too +} + +export interface UpdateCurrencyDto { + name?: string; + symbol?: string; + decimal_places?: number; + decimals?: number; // Accept camelCase too + active?: boolean; +} + +class CurrenciesService { + private repository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(Currency); + } + + async findAll(activeOnly: boolean = false): Promise { + logger.debug('Finding all currencies', { activeOnly }); + + const queryBuilder = this.repository + .createQueryBuilder('currency') + .orderBy('currency.code', 'ASC'); + + if (activeOnly) { + queryBuilder.where('currency.active = :active', { active: true }); + } + + return queryBuilder.getMany(); + } + + async findById(id: string): Promise { + logger.debug('Finding currency by id', { id }); + + const currency = await this.repository.findOne({ + where: { id }, + }); + + if (!currency) { + throw new NotFoundError('Moneda no encontrada'); + } + + return currency; + } + + async findByCode(code: string): Promise { + logger.debug('Finding currency by code', { code }); + + return this.repository.findOne({ + where: { code: code.toUpperCase() }, + }); + } + + async create(dto: CreateCurrencyDto): Promise { + logger.debug('Creating currency', { code: dto.code }); + + const existing = await this.findByCode(dto.code); + if (existing) { + throw new ConflictError(`Ya existe una moneda con código ${dto.code}`); + } + + // Accept both snake_case and camelCase + const decimals = dto.decimal_places ?? dto.decimals ?? 2; + + const currency = this.repository.create({ + code: dto.code.toUpperCase(), + name: dto.name, + symbol: dto.symbol, + decimals, + }); + + const saved = await this.repository.save(currency); + logger.info('Currency created', { id: saved.id, code: saved.code }); + + return saved; + } + + async update(id: string, dto: UpdateCurrencyDto): Promise { + logger.debug('Updating currency', { id }); + + const currency = await this.findById(id); + + // Accept both snake_case and camelCase + const decimals = dto.decimal_places ?? dto.decimals; + + if (dto.name !== undefined) { + currency.name = dto.name; + } + if (dto.symbol !== undefined) { + currency.symbol = dto.symbol; + } + if (decimals !== undefined) { + currency.decimals = decimals; + } + if (dto.active !== undefined) { + currency.active = dto.active; + } + + const updated = await this.repository.save(currency); + logger.info('Currency updated', { id: updated.id, code: updated.code }); + + return updated; + } +} + +export const currenciesService = new CurrenciesService(); diff --git a/backend/src/modules/core/entities/country.entity.ts b/backend/src/modules/core/entities/country.entity.ts new file mode 100644 index 0000000..e3a6384 --- /dev/null +++ b/backend/src/modules/core/entities/country.entity.ts @@ -0,0 +1,35 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, +} from 'typeorm'; + +@Entity({ schema: 'core', name: 'countries' }) +@Index('idx_countries_code', ['code'], { unique: true }) +export class Country { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 2, nullable: false, unique: true }) + code: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 10, nullable: true, name: 'phone_code' }) + phoneCode: string | null; + + @Column({ + type: 'varchar', + length: 3, + nullable: true, + name: 'currency_code', + }) + currencyCode: string | null; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/core/entities/currency.entity.ts b/backend/src/modules/core/entities/currency.entity.ts new file mode 100644 index 0000000..f322222 --- /dev/null +++ b/backend/src/modules/core/entities/currency.entity.ts @@ -0,0 +1,43 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, +} from 'typeorm'; + +@Entity({ schema: 'core', name: 'currencies' }) +@Index('idx_currencies_code', ['code'], { unique: true }) +@Index('idx_currencies_active', ['active']) +export class Currency { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 3, nullable: false, unique: true }) + code: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 10, nullable: false }) + symbol: string; + + @Column({ type: 'integer', nullable: false, default: 2, name: 'decimals' }) + decimals: number; + + @Column({ + type: 'decimal', + precision: 12, + scale: 6, + nullable: true, + default: 0.01, + }) + rounding: number; + + @Column({ type: 'boolean', nullable: false, default: true }) + active: boolean; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/core/entities/index.ts b/backend/src/modules/core/entities/index.ts new file mode 100644 index 0000000..fda5d7a --- /dev/null +++ b/backend/src/modules/core/entities/index.ts @@ -0,0 +1,6 @@ +export { Currency } from './currency.entity.js'; +export { Country } from './country.entity.js'; +export { UomCategory } from './uom-category.entity.js'; +export { Uom, UomType } from './uom.entity.js'; +export { ProductCategory } from './product-category.entity.js'; +export { Sequence, ResetPeriod } from './sequence.entity.js'; diff --git a/backend/src/modules/core/entities/product-category.entity.ts b/backend/src/modules/core/entities/product-category.entity.ts new file mode 100644 index 0000000..d9fdd08 --- /dev/null +++ b/backend/src/modules/core/entities/product-category.entity.ts @@ -0,0 +1,79 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + OneToMany, +} from 'typeorm'; + +@Entity({ schema: 'core', name: 'product_categories' }) +@Index('idx_product_categories_tenant_id', ['tenantId']) +@Index('idx_product_categories_parent_id', ['parentId']) +@Index('idx_product_categories_code_tenant', ['tenantId', 'code'], { + unique: true, +}) +@Index('idx_product_categories_active', ['tenantId', 'active'], { + where: 'deleted_at IS NULL', +}) +export class ProductCategory { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 50, nullable: true }) + code: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'parent_id' }) + parentId: string | null; + + @Column({ type: 'text', nullable: true, name: 'full_path' }) + fullPath: string | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + @Column({ type: 'boolean', nullable: false, default: true }) + active: boolean; + + // Relations + @ManyToOne(() => ProductCategory, (category) => category.children, { + nullable: true, + }) + @JoinColumn({ name: 'parent_id' }) + parent: ProductCategory | null; + + @OneToMany(() => ProductCategory, (category) => category.parent) + children: ProductCategory[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/core/entities/sequence.entity.ts b/backend/src/modules/core/entities/sequence.entity.ts new file mode 100644 index 0000000..cc28829 --- /dev/null +++ b/backend/src/modules/core/entities/sequence.entity.ts @@ -0,0 +1,83 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, +} from 'typeorm'; + +export enum ResetPeriod { + NONE = 'none', + YEAR = 'year', + MONTH = 'month', +} + +@Entity({ schema: 'core', name: 'sequences' }) +@Index('idx_sequences_tenant_id', ['tenantId']) +@Index('idx_sequences_code_tenant', ['tenantId', 'code'], { unique: true }) +@Index('idx_sequences_active', ['tenantId', 'isActive']) +export class Sequence { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: true, name: 'company_id' }) + companyId: string | null; + + @Column({ type: 'varchar', length: 100, nullable: false }) + code: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 50, nullable: true }) + prefix: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true }) + suffix: string | null; + + @Column({ type: 'integer', nullable: false, default: 1, name: 'next_number' }) + nextNumber: number; + + @Column({ type: 'integer', nullable: false, default: 4 }) + padding: number; + + @Column({ + type: 'enum', + enum: ResetPeriod, + nullable: true, + default: ResetPeriod.NONE, + name: 'reset_period', + }) + resetPeriod: ResetPeriod | null; + + @Column({ + type: 'timestamp', + nullable: true, + name: 'last_reset_date', + }) + lastResetDate: Date | null; + + @Column({ type: 'boolean', nullable: false, default: true, name: 'is_active' }) + isActive: boolean; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/core/entities/uom-category.entity.ts b/backend/src/modules/core/entities/uom-category.entity.ts new file mode 100644 index 0000000..c115800 --- /dev/null +++ b/backend/src/modules/core/entities/uom-category.entity.ts @@ -0,0 +1,30 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + OneToMany, +} from 'typeorm'; +import { Uom } from './uom.entity.js'; + +@Entity({ schema: 'core', name: 'uom_categories' }) +@Index('idx_uom_categories_name', ['name'], { unique: true }) +export class UomCategory { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 100, nullable: false, unique: true }) + name: string; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + // Relations + @OneToMany(() => Uom, (uom) => uom.category) + uoms: Uom[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/core/entities/uom.entity.ts b/backend/src/modules/core/entities/uom.entity.ts new file mode 100644 index 0000000..98ba8aa --- /dev/null +++ b/backend/src/modules/core/entities/uom.entity.ts @@ -0,0 +1,76 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { UomCategory } from './uom-category.entity.js'; + +export enum UomType { + REFERENCE = 'reference', + BIGGER = 'bigger', + SMALLER = 'smaller', +} + +@Entity({ schema: 'core', name: 'uom' }) +@Index('idx_uom_category_id', ['categoryId']) +@Index('idx_uom_code', ['code']) +@Index('idx_uom_active', ['active']) +@Index('idx_uom_name_category', ['categoryId', 'name'], { unique: true }) +export class Uom { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'category_id' }) + categoryId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 20, nullable: true }) + code: string | null; + + @Column({ + type: 'enum', + enum: UomType, + nullable: false, + default: UomType.REFERENCE, + name: 'uom_type', + }) + uomType: UomType; + + @Column({ + type: 'decimal', + precision: 12, + scale: 6, + nullable: false, + default: 1.0, + }) + factor: number; + + @Column({ + type: 'decimal', + precision: 12, + scale: 6, + nullable: true, + default: 0.01, + }) + rounding: number; + + @Column({ type: 'boolean', nullable: false, default: true }) + active: boolean; + + // Relations + @ManyToOne(() => UomCategory, (category) => category.uoms, { + nullable: false, + }) + @JoinColumn({ name: 'category_id' }) + category: UomCategory; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/core/index.ts b/backend/src/modules/core/index.ts new file mode 100644 index 0000000..10a620d --- /dev/null +++ b/backend/src/modules/core/index.ts @@ -0,0 +1,8 @@ +export * from './currencies.service.js'; +export * from './countries.service.js'; +export * from './uom.service.js'; +export * from './product-categories.service.js'; +export * from './sequences.service.js'; +export * from './entities/index.js'; +export * from './core.controller.js'; +export { default as coreRoutes } from './core.routes.js'; diff --git a/backend/src/modules/core/product-categories.service.ts b/backend/src/modules/core/product-categories.service.ts new file mode 100644 index 0000000..8401c99 --- /dev/null +++ b/backend/src/modules/core/product-categories.service.ts @@ -0,0 +1,223 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { ProductCategory } from './entities/product-category.entity.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +export interface CreateProductCategoryDto { + name: string; + code: string; + parent_id?: string; + parentId?: string; // Accept camelCase too +} + +export interface UpdateProductCategoryDto { + name?: string; + parent_id?: string | null; + parentId?: string | null; // Accept camelCase too + active?: boolean; +} + +class ProductCategoriesService { + private repository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(ProductCategory); + } + + async findAll( + tenantId: string, + parentId?: string, + activeOnly: boolean = false + ): Promise { + logger.debug('Finding all product categories', { + tenantId, + parentId, + activeOnly, + }); + + const queryBuilder = this.repository + .createQueryBuilder('pc') + .leftJoinAndSelect('pc.parent', 'parent') + .where('pc.tenantId = :tenantId', { tenantId }) + .andWhere('pc.deletedAt IS NULL'); + + if (parentId !== undefined) { + if (parentId === null || parentId === 'null') { + queryBuilder.andWhere('pc.parentId IS NULL'); + } else { + queryBuilder.andWhere('pc.parentId = :parentId', { parentId }); + } + } + + if (activeOnly) { + queryBuilder.andWhere('pc.active = :active', { active: true }); + } + + queryBuilder.orderBy('pc.name', 'ASC'); + + return queryBuilder.getMany(); + } + + async findById(id: string, tenantId: string): Promise { + logger.debug('Finding product category by id', { id, tenantId }); + + const category = await this.repository.findOne({ + where: { + id, + tenantId, + deletedAt: IsNull(), + }, + relations: ['parent'], + }); + + if (!category) { + throw new NotFoundError('Categoría de producto no encontrada'); + } + + return category; + } + + async create( + dto: CreateProductCategoryDto, + tenantId: string, + userId: string + ): Promise { + logger.debug('Creating product category', { dto, tenantId, userId }); + + // Accept both snake_case and camelCase + const parentId = dto.parent_id ?? dto.parentId; + + // Check unique code within tenant + const existing = await this.repository.findOne({ + where: { + tenantId, + code: dto.code, + deletedAt: IsNull(), + }, + }); + + if (existing) { + throw new ConflictError(`Ya existe una categoría con código ${dto.code}`); + } + + // Validate parent if specified + if (parentId) { + const parent = await this.repository.findOne({ + where: { + id: parentId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Categoría padre no encontrada'); + } + } + + const category = this.repository.create({ + tenantId, + name: dto.name, + code: dto.code, + parentId: parentId || null, + createdBy: userId, + }); + + const saved = await this.repository.save(category); + logger.info('Product category created', { + id: saved.id, + code: saved.code, + tenantId, + }); + + return saved; + } + + async update( + id: string, + dto: UpdateProductCategoryDto, + tenantId: string, + userId: string + ): Promise { + logger.debug('Updating product category', { id, dto, tenantId, userId }); + + const category = await this.findById(id, tenantId); + + // Accept both snake_case and camelCase + const parentId = dto.parent_id ?? dto.parentId; + + // Validate parent (prevent self-reference) + if (parentId !== undefined) { + if (parentId === id) { + throw new ConflictError('Una categoría no puede ser su propio padre'); + } + + if (parentId !== null) { + const parent = await this.repository.findOne({ + where: { + id: parentId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Categoría padre no encontrada'); + } + } + + category.parentId = parentId; + } + + if (dto.name !== undefined) { + category.name = dto.name; + } + + if (dto.active !== undefined) { + category.active = dto.active; + } + + category.updatedBy = userId; + + const updated = await this.repository.save(category); + logger.info('Product category updated', { + id: updated.id, + code: updated.code, + tenantId, + }); + + return updated; + } + + async delete(id: string, tenantId: string): Promise { + logger.debug('Deleting product category', { id, tenantId }); + + const category = await this.findById(id, tenantId); + + // Check if has children + const childrenCount = await this.repository.count({ + where: { + parentId: id, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (childrenCount > 0) { + throw new ConflictError( + 'No se puede eliminar una categoría que tiene subcategorías' + ); + } + + // Note: We should check for products in inventory schema + // For now, we'll just perform a hard delete as in original + // In a real scenario, you'd want to check inventory.products table + + await this.repository.delete({ id, tenantId }); + + logger.info('Product category deleted', { id, tenantId }); + } +} + +export const productCategoriesService = new ProductCategoriesService(); diff --git a/backend/src/modules/core/sequences.service.ts b/backend/src/modules/core/sequences.service.ts new file mode 100644 index 0000000..7c5982a --- /dev/null +++ b/backend/src/modules/core/sequences.service.ts @@ -0,0 +1,466 @@ +import { Repository, DataSource } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Sequence, ResetPeriod } from './entities/sequence.entity.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export interface CreateSequenceDto { + code: string; + name: string; + prefix?: string; + suffix?: string; + start_number?: number; + startNumber?: number; // Accept camelCase too + padding?: number; + reset_period?: 'none' | 'year' | 'month'; + resetPeriod?: 'none' | 'year' | 'month'; // Accept camelCase too +} + +export interface UpdateSequenceDto { + name?: string; + prefix?: string | null; + suffix?: string | null; + padding?: number; + reset_period?: 'none' | 'year' | 'month'; + resetPeriod?: 'none' | 'year' | 'month'; // Accept camelCase too + is_active?: boolean; + isActive?: boolean; // Accept camelCase too +} + +// ============================================================================ +// PREDEFINED SEQUENCE CODES +// ============================================================================ + +export const SEQUENCE_CODES = { + // Sales + SALES_ORDER: 'SO', + QUOTATION: 'QT', + + // Purchases + PURCHASE_ORDER: 'PO', + RFQ: 'RFQ', + + // Inventory + PICKING_IN: 'WH/IN', + PICKING_OUT: 'WH/OUT', + PICKING_INT: 'WH/INT', + INVENTORY_ADJ: 'INV/ADJ', + + // Financial + INVOICE_CUSTOMER: 'INV', + INVOICE_SUPPLIER: 'BILL', + PAYMENT: 'PAY', + JOURNAL_ENTRY: 'JE', + + // CRM + LEAD: 'LEAD', + OPPORTUNITY: 'OPP', + + // Projects + PROJECT: 'PRJ', + TASK: 'TASK', + + // HR + EMPLOYEE: 'EMP', + CONTRACT: 'CTR', +} as const; + +// ============================================================================ +// SERVICE +// ============================================================================ + +class SequencesService { + private repository: Repository; + private dataSource: DataSource; + + constructor() { + this.repository = AppDataSource.getRepository(Sequence); + this.dataSource = AppDataSource; + } + + /** + * Get the next number in a sequence using the database function + * This is atomic and handles concurrent requests safely + */ + async getNextNumber( + sequenceCode: string, + tenantId: string, + queryRunner?: any + ): Promise { + logger.debug('Generating next sequence number', { sequenceCode, tenantId }); + + const executeQuery = queryRunner + ? (sql: string, params: any[]) => queryRunner.query(sql, params) + : (sql: string, params: any[]) => this.dataSource.query(sql, params); + + try { + // Use the database function for atomic sequence generation + const result = await executeQuery( + `SELECT core.generate_next_sequence($1, $2) as sequence_number`, + [sequenceCode, tenantId] + ); + + if (!result?.[0]?.sequence_number) { + // Sequence doesn't exist, try to create it with default settings + logger.warn('Sequence not found, creating default', { + sequenceCode, + tenantId, + }); + + await this.ensureSequenceExists(sequenceCode, tenantId, queryRunner); + + // Try again + const retryResult = await executeQuery( + `SELECT core.generate_next_sequence($1, $2) as sequence_number`, + [sequenceCode, tenantId] + ); + + if (!retryResult?.[0]?.sequence_number) { + throw new NotFoundError(`Secuencia ${sequenceCode} no encontrada`); + } + + logger.debug('Generated sequence number after creating default', { + sequenceCode, + number: retryResult[0].sequence_number, + }); + + return retryResult[0].sequence_number; + } + + logger.debug('Generated sequence number', { + sequenceCode, + number: result[0].sequence_number, + }); + + return result[0].sequence_number; + } catch (error) { + logger.error('Error generating sequence number', { + sequenceCode, + tenantId, + error: (error as Error).message, + }); + throw error; + } + } + + /** + * Ensure a sequence exists, creating it with defaults if not + */ + async ensureSequenceExists( + sequenceCode: string, + tenantId: string, + queryRunner?: any + ): Promise { + logger.debug('Ensuring sequence exists', { sequenceCode, tenantId }); + + // Check if exists + const existing = await this.repository.findOne({ + where: { code: sequenceCode, tenantId }, + }); + + if (existing) { + logger.debug('Sequence already exists', { sequenceCode, tenantId }); + return; + } + + // Create with defaults based on code + const defaults = this.getDefaultsForCode(sequenceCode); + + const sequence = this.repository.create({ + tenantId, + code: sequenceCode, + name: defaults.name, + prefix: defaults.prefix, + padding: defaults.padding, + nextNumber: 1, + }); + + await this.repository.save(sequence); + + logger.info('Created default sequence', { sequenceCode, tenantId }); + } + + /** + * Get default settings for a sequence code + */ + private getDefaultsForCode(code: string): { + name: string; + prefix: string; + padding: number; + } { + const defaults: Record< + string, + { name: string; prefix: string; padding: number } + > = { + [SEQUENCE_CODES.SALES_ORDER]: { + name: 'Órdenes de Venta', + prefix: 'SO-', + padding: 5, + }, + [SEQUENCE_CODES.QUOTATION]: { + name: 'Cotizaciones', + prefix: 'QT-', + padding: 5, + }, + [SEQUENCE_CODES.PURCHASE_ORDER]: { + name: 'Órdenes de Compra', + prefix: 'PO-', + padding: 5, + }, + [SEQUENCE_CODES.RFQ]: { + name: 'Solicitudes de Cotización', + prefix: 'RFQ-', + padding: 5, + }, + [SEQUENCE_CODES.PICKING_IN]: { + name: 'Recepciones', + prefix: 'WH/IN/', + padding: 5, + }, + [SEQUENCE_CODES.PICKING_OUT]: { + name: 'Entregas', + prefix: 'WH/OUT/', + padding: 5, + }, + [SEQUENCE_CODES.PICKING_INT]: { + name: 'Transferencias', + prefix: 'WH/INT/', + padding: 5, + }, + [SEQUENCE_CODES.INVENTORY_ADJ]: { + name: 'Ajustes de Inventario', + prefix: 'ADJ/', + padding: 5, + }, + [SEQUENCE_CODES.INVOICE_CUSTOMER]: { + name: 'Facturas de Cliente', + prefix: 'INV/', + padding: 6, + }, + [SEQUENCE_CODES.INVOICE_SUPPLIER]: { + name: 'Facturas de Proveedor', + prefix: 'BILL/', + padding: 6, + }, + [SEQUENCE_CODES.PAYMENT]: { name: 'Pagos', prefix: 'PAY/', padding: 5 }, + [SEQUENCE_CODES.JOURNAL_ENTRY]: { + name: 'Asientos Contables', + prefix: 'JE/', + padding: 6, + }, + [SEQUENCE_CODES.LEAD]: { name: 'Prospectos', prefix: 'LEAD-', padding: 5 }, + [SEQUENCE_CODES.OPPORTUNITY]: { + name: 'Oportunidades', + prefix: 'OPP-', + padding: 5, + }, + [SEQUENCE_CODES.PROJECT]: { + name: 'Proyectos', + prefix: 'PRJ-', + padding: 4, + }, + [SEQUENCE_CODES.TASK]: { name: 'Tareas', prefix: 'TASK-', padding: 5 }, + [SEQUENCE_CODES.EMPLOYEE]: { + name: 'Empleados', + prefix: 'EMP-', + padding: 4, + }, + [SEQUENCE_CODES.CONTRACT]: { + name: 'Contratos', + prefix: 'CTR-', + padding: 5, + }, + }; + + return defaults[code] || { name: code, prefix: `${code}-`, padding: 5 }; + } + + /** + * Get all sequences for a tenant + */ + async findAll(tenantId: string): Promise { + logger.debug('Finding all sequences', { tenantId }); + + return this.repository.find({ + where: { tenantId }, + order: { code: 'ASC' }, + }); + } + + /** + * Get a specific sequence by code + */ + async findByCode(code: string, tenantId: string): Promise { + logger.debug('Finding sequence by code', { code, tenantId }); + + return this.repository.findOne({ + where: { code, tenantId }, + }); + } + + /** + * Create a new sequence + */ + async create(dto: CreateSequenceDto, tenantId: string): Promise { + logger.debug('Creating sequence', { dto, tenantId }); + + // Check for existing + const existing = await this.findByCode(dto.code, tenantId); + if (existing) { + throw new ValidationError( + `Ya existe una secuencia con código ${dto.code}` + ); + } + + // Accept both snake_case and camelCase + const startNumber = dto.start_number ?? dto.startNumber ?? 1; + const resetPeriod = dto.reset_period ?? dto.resetPeriod ?? 'none'; + + const sequence = this.repository.create({ + tenantId, + code: dto.code, + name: dto.name, + prefix: dto.prefix || null, + suffix: dto.suffix || null, + nextNumber: startNumber, + padding: dto.padding || 5, + resetPeriod: resetPeriod as ResetPeriod, + }); + + const saved = await this.repository.save(sequence); + + logger.info('Sequence created', { code: dto.code, tenantId }); + + return saved; + } + + /** + * Update a sequence + */ + async update( + code: string, + dto: UpdateSequenceDto, + tenantId: string + ): Promise { + logger.debug('Updating sequence', { code, dto, tenantId }); + + const existing = await this.findByCode(code, tenantId); + if (!existing) { + throw new NotFoundError('Secuencia no encontrada'); + } + + // Accept both snake_case and camelCase + const resetPeriod = dto.reset_period ?? dto.resetPeriod; + const isActive = dto.is_active ?? dto.isActive; + + if (dto.name !== undefined) { + existing.name = dto.name; + } + if (dto.prefix !== undefined) { + existing.prefix = dto.prefix; + } + if (dto.suffix !== undefined) { + existing.suffix = dto.suffix; + } + if (dto.padding !== undefined) { + existing.padding = dto.padding; + } + if (resetPeriod !== undefined) { + existing.resetPeriod = resetPeriod as ResetPeriod; + } + if (isActive !== undefined) { + existing.isActive = isActive; + } + + const updated = await this.repository.save(existing); + + logger.info('Sequence updated', { code, tenantId }); + + return updated; + } + + /** + * Reset a sequence to a specific number + */ + async reset( + code: string, + tenantId: string, + newNumber: number = 1 + ): Promise { + logger.debug('Resetting sequence', { code, tenantId, newNumber }); + + const sequence = await this.findByCode(code, tenantId); + if (!sequence) { + throw new NotFoundError('Secuencia no encontrada'); + } + + sequence.nextNumber = newNumber; + sequence.lastResetDate = new Date(); + + const updated = await this.repository.save(sequence); + + logger.info('Sequence reset', { code, tenantId, newNumber }); + + return updated; + } + + /** + * Preview what the next number would be (without incrementing) + */ + async preview(code: string, tenantId: string): Promise { + logger.debug('Previewing next sequence number', { code, tenantId }); + + const sequence = await this.findByCode(code, tenantId); + if (!sequence) { + throw new NotFoundError('Secuencia no encontrada'); + } + + const paddedNumber = String(sequence.nextNumber).padStart( + sequence.padding, + '0' + ); + const prefix = sequence.prefix || ''; + const suffix = sequence.suffix || ''; + + return `${prefix}${paddedNumber}${suffix}`; + } + + /** + * Initialize all standard sequences for a new tenant + */ + async initializeForTenant(tenantId: string): Promise { + logger.debug('Initializing sequences for tenant', { tenantId }); + + const queryRunner = this.dataSource.createQueryRunner(); + await queryRunner.connect(); + await queryRunner.startTransaction(); + + try { + for (const [key, code] of Object.entries(SEQUENCE_CODES)) { + await this.ensureSequenceExists(code, tenantId, queryRunner); + } + + await queryRunner.commitTransaction(); + + logger.info('Initialized sequences for tenant', { + tenantId, + count: Object.keys(SEQUENCE_CODES).length, + }); + } catch (error) { + await queryRunner.rollbackTransaction(); + logger.error('Error initializing sequences for tenant', { + tenantId, + error: (error as Error).message, + }); + throw error; + } finally { + await queryRunner.release(); + } + } +} + +export const sequencesService = new SequencesService(); diff --git a/backend/src/modules/core/uom.service.ts b/backend/src/modules/core/uom.service.ts new file mode 100644 index 0000000..dc3abd6 --- /dev/null +++ b/backend/src/modules/core/uom.service.ts @@ -0,0 +1,162 @@ +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Uom, UomType } from './entities/uom.entity.js'; +import { UomCategory } from './entities/uom-category.entity.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +export interface CreateUomDto { + name: string; + code: string; + category_id?: string; + categoryId?: string; // Accept camelCase too + uom_type?: 'reference' | 'bigger' | 'smaller'; + uomType?: 'reference' | 'bigger' | 'smaller'; // Accept camelCase too + ratio?: number; +} + +export interface UpdateUomDto { + name?: string; + ratio?: number; + active?: boolean; +} + +class UomService { + private repository: Repository; + private categoryRepository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(Uom); + this.categoryRepository = AppDataSource.getRepository(UomCategory); + } + + // Categories + async findAllCategories(activeOnly: boolean = false): Promise { + logger.debug('Finding all UOM categories', { activeOnly }); + + const queryBuilder = this.categoryRepository + .createQueryBuilder('category') + .orderBy('category.name', 'ASC'); + + // Note: activeOnly is not supported since the table doesn't have an active field + // Keeping the parameter for backward compatibility + + return queryBuilder.getMany(); + } + + async findCategoryById(id: string): Promise { + logger.debug('Finding UOM category by id', { id }); + + const category = await this.categoryRepository.findOne({ + where: { id }, + }); + + if (!category) { + throw new NotFoundError('Categoría de UdM no encontrada'); + } + + return category; + } + + // UoM + async findAll(categoryId?: string, activeOnly: boolean = false): Promise { + logger.debug('Finding all UOMs', { categoryId, activeOnly }); + + const queryBuilder = this.repository + .createQueryBuilder('u') + .leftJoinAndSelect('u.category', 'uc') + .orderBy('uc.name', 'ASC') + .addOrderBy('u.uomType', 'ASC') + .addOrderBy('u.name', 'ASC'); + + if (categoryId) { + queryBuilder.where('u.categoryId = :categoryId', { categoryId }); + } + + if (activeOnly) { + queryBuilder.andWhere('u.active = :active', { active: true }); + } + + return queryBuilder.getMany(); + } + + async findById(id: string): Promise { + logger.debug('Finding UOM by id', { id }); + + const uom = await this.repository.findOne({ + where: { id }, + relations: ['category'], + }); + + if (!uom) { + throw new NotFoundError('Unidad de medida no encontrada'); + } + + return uom; + } + + async create(dto: CreateUomDto): Promise { + logger.debug('Creating UOM', { dto }); + + // Accept both snake_case and camelCase + const categoryId = dto.category_id ?? dto.categoryId; + const uomType = dto.uom_type ?? dto.uomType ?? 'reference'; + const factor = dto.ratio ?? 1; + + if (!categoryId) { + throw new NotFoundError('category_id es requerido'); + } + + // Validate category exists + await this.findCategoryById(categoryId); + + // Check unique code + if (dto.code) { + const existing = await this.repository.findOne({ + where: { code: dto.code }, + }); + + if (existing) { + throw new ConflictError(`Ya existe una UdM con código ${dto.code}`); + } + } + + const uom = this.repository.create({ + name: dto.name, + code: dto.code, + categoryId, + uomType: uomType as UomType, + factor, + }); + + const saved = await this.repository.save(uom); + logger.info('UOM created', { id: saved.id, code: saved.code }); + + return saved; + } + + async update(id: string, dto: UpdateUomDto): Promise { + logger.debug('Updating UOM', { id, dto }); + + const uom = await this.findById(id); + + if (dto.name !== undefined) { + uom.name = dto.name; + } + + if (dto.ratio !== undefined) { + uom.factor = dto.ratio; + } + + if (dto.active !== undefined) { + uom.active = dto.active; + } + + const updated = await this.repository.save(uom); + logger.info('UOM updated', { id: updated.id, code: updated.code }); + + return updated; + } +} + +export const uomService = new UomService(); diff --git a/backend/src/modules/crm/crm.controller.ts b/backend/src/modules/crm/crm.controller.ts new file mode 100644 index 0000000..d69bce6 --- /dev/null +++ b/backend/src/modules/crm/crm.controller.ts @@ -0,0 +1,682 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { leadsService, CreateLeadDto, UpdateLeadDto, LeadFilters } from './leads.service.js'; +import { opportunitiesService, CreateOpportunityDto, UpdateOpportunityDto, OpportunityFilters } from './opportunities.service.js'; +import { stagesService, CreateLeadStageDto, UpdateLeadStageDto, CreateOpportunityStageDto, UpdateOpportunityStageDto, CreateLostReasonDto, UpdateLostReasonDto } from './stages.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Lead schemas +const createLeadSchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(255), + ref: z.string().max(100).optional(), + contact_name: z.string().max(255).optional(), + email: z.string().email().max(255).optional(), + phone: z.string().max(50).optional(), + mobile: z.string().max(50).optional(), + website: z.string().url().max(255).optional(), + company_prospect_name: z.string().max(255).optional(), + job_position: z.string().max(100).optional(), + industry: z.string().max(100).optional(), + employee_count: z.string().max(50).optional(), + annual_revenue: z.number().min(0).optional(), + street: z.string().max(255).optional(), + city: z.string().max(100).optional(), + state: z.string().max(100).optional(), + zip: z.string().max(20).optional(), + country: z.string().max(100).optional(), + stage_id: z.string().uuid().optional(), + user_id: z.string().uuid().optional(), + sales_team_id: z.string().uuid().optional(), + source: z.enum(['website', 'phone', 'email', 'referral', 'social_media', 'advertising', 'event', 'other']).optional(), + priority: z.number().int().min(0).max(3).optional(), + probability: z.number().min(0).max(100).optional(), + expected_revenue: z.number().min(0).optional(), + date_deadline: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + description: z.string().optional(), + notes: z.string().optional(), + tags: z.array(z.string()).optional(), +}); + +const updateLeadSchema = z.object({ + name: z.string().min(1).max(255).optional(), + ref: z.string().max(100).optional().nullable(), + contact_name: z.string().max(255).optional().nullable(), + email: z.string().email().max(255).optional().nullable(), + phone: z.string().max(50).optional().nullable(), + mobile: z.string().max(50).optional().nullable(), + website: z.string().url().max(255).optional().nullable(), + company_prospect_name: z.string().max(255).optional().nullable(), + job_position: z.string().max(100).optional().nullable(), + industry: z.string().max(100).optional().nullable(), + employee_count: z.string().max(50).optional().nullable(), + annual_revenue: z.number().min(0).optional().nullable(), + street: z.string().max(255).optional().nullable(), + city: z.string().max(100).optional().nullable(), + state: z.string().max(100).optional().nullable(), + zip: z.string().max(20).optional().nullable(), + country: z.string().max(100).optional().nullable(), + stage_id: z.string().uuid().optional().nullable(), + user_id: z.string().uuid().optional().nullable(), + sales_team_id: z.string().uuid().optional().nullable(), + source: z.enum(['website', 'phone', 'email', 'referral', 'social_media', 'advertising', 'event', 'other']).optional().nullable(), + priority: z.number().int().min(0).max(3).optional(), + probability: z.number().min(0).max(100).optional(), + expected_revenue: z.number().min(0).optional().nullable(), + date_deadline: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + description: z.string().optional().nullable(), + notes: z.string().optional().nullable(), + tags: z.array(z.string()).optional().nullable(), +}); + +const leadQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + status: z.enum(['new', 'contacted', 'qualified', 'converted', 'lost']).optional(), + stage_id: z.string().uuid().optional(), + user_id: z.string().uuid().optional(), + source: z.enum(['website', 'phone', 'email', 'referral', 'social_media', 'advertising', 'event', 'other']).optional(), + priority: z.coerce.number().int().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +const lostSchema = z.object({ + lost_reason_id: z.string().uuid(), + notes: z.string().optional(), +}); + +const moveStageSchema = z.object({ + stage_id: z.string().uuid(), +}); + +// Opportunity schemas +const createOpportunitySchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(255), + ref: z.string().max(100).optional(), + partner_id: z.string().uuid(), + contact_name: z.string().max(255).optional(), + email: z.string().email().max(255).optional(), + phone: z.string().max(50).optional(), + stage_id: z.string().uuid().optional(), + user_id: z.string().uuid().optional(), + sales_team_id: z.string().uuid().optional(), + priority: z.number().int().min(0).max(3).optional(), + probability: z.number().min(0).max(100).optional(), + expected_revenue: z.number().min(0).optional(), + recurring_revenue: z.number().min(0).optional(), + recurring_plan: z.string().max(50).optional(), + date_deadline: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + source: z.enum(['website', 'phone', 'email', 'referral', 'social_media', 'advertising', 'event', 'other']).optional(), + description: z.string().optional(), + notes: z.string().optional(), + tags: z.array(z.string()).optional(), +}); + +const updateOpportunitySchema = z.object({ + name: z.string().min(1).max(255).optional(), + ref: z.string().max(100).optional().nullable(), + partner_id: z.string().uuid().optional(), + contact_name: z.string().max(255).optional().nullable(), + email: z.string().email().max(255).optional().nullable(), + phone: z.string().max(50).optional().nullable(), + stage_id: z.string().uuid().optional().nullable(), + user_id: z.string().uuid().optional().nullable(), + sales_team_id: z.string().uuid().optional().nullable(), + priority: z.number().int().min(0).max(3).optional(), + probability: z.number().min(0).max(100).optional(), + expected_revenue: z.number().min(0).optional().nullable(), + recurring_revenue: z.number().min(0).optional().nullable(), + recurring_plan: z.string().max(50).optional().nullable(), + date_deadline: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + description: z.string().optional().nullable(), + notes: z.string().optional().nullable(), + tags: z.array(z.string()).optional().nullable(), +}); + +const opportunityQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + status: z.enum(['open', 'won', 'lost']).optional(), + stage_id: z.string().uuid().optional(), + user_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + priority: z.coerce.number().int().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Stage schemas +const createStageSchema = z.object({ + name: z.string().min(1).max(100), + sequence: z.number().int().optional(), + is_won: z.boolean().optional(), + probability: z.number().min(0).max(100).optional(), + requirements: z.string().optional(), +}); + +const updateStageSchema = z.object({ + name: z.string().min(1).max(100).optional(), + sequence: z.number().int().optional(), + is_won: z.boolean().optional(), + probability: z.number().min(0).max(100).optional(), + requirements: z.string().optional().nullable(), + active: z.boolean().optional(), +}); + +// Lost reason schemas +const createLostReasonSchema = z.object({ + name: z.string().min(1).max(100), + description: z.string().optional(), +}); + +const updateLostReasonSchema = z.object({ + name: z.string().min(1).max(100).optional(), + description: z.string().optional().nullable(), + active: z.boolean().optional(), +}); + +class CrmController { + // ========== LEADS ========== + + async getLeads(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = leadQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: LeadFilters = queryResult.data; + const result = await leadsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getLead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const lead = await leadsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: lead }); + } catch (error) { + next(error); + } + } + + async createLead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLeadSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lead invalidos', parseResult.error.errors); + } + + const dto: CreateLeadDto = parseResult.data; + const lead = await leadsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: lead, + message: 'Lead creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateLead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLeadSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lead invalidos', parseResult.error.errors); + } + + const dto: UpdateLeadDto = parseResult.data; + const lead = await leadsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: lead, + message: 'Lead actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async moveLeadStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = moveStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const lead = await leadsService.moveStage(req.params.id, parseResult.data.stage_id, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: lead, + message: 'Lead movido a nueva etapa', + }); + } catch (error) { + next(error); + } + } + + async convertLead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const result = await leadsService.convert(req.params.id, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: result.lead, + opportunity_id: result.opportunity_id, + message: 'Lead convertido a oportunidad exitosamente', + }); + } catch (error) { + next(error); + } + } + + async markLeadLost(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = lostSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const lead = await leadsService.markLost( + req.params.id, + parseResult.data.lost_reason_id, + parseResult.data.notes, + req.tenantId!, + req.user!.userId + ); + + res.json({ + success: true, + data: lead, + message: 'Lead marcado como perdido', + }); + } catch (error) { + next(error); + } + } + + async deleteLead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await leadsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Lead eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== OPPORTUNITIES ========== + + async getOpportunities(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = opportunityQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: OpportunityFilters = queryResult.data; + const result = await opportunitiesService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getOpportunity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const opportunity = await opportunitiesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: opportunity }); + } catch (error) { + next(error); + } + } + + async createOpportunity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createOpportunitySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de oportunidad invalidos', parseResult.error.errors); + } + + const dto: CreateOpportunityDto = parseResult.data; + const opportunity = await opportunitiesService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: opportunity, + message: 'Oportunidad creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateOpportunity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateOpportunitySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de oportunidad invalidos', parseResult.error.errors); + } + + const dto: UpdateOpportunityDto = parseResult.data; + const opportunity = await opportunitiesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: opportunity, + message: 'Oportunidad actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async moveOpportunityStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = moveStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const opportunity = await opportunitiesService.moveStage(req.params.id, parseResult.data.stage_id, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: opportunity, + message: 'Oportunidad movida a nueva etapa', + }); + } catch (error) { + next(error); + } + } + + async markOpportunityWon(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const opportunity = await opportunitiesService.markWon(req.params.id, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: opportunity, + message: 'Oportunidad marcada como ganada', + }); + } catch (error) { + next(error); + } + } + + async markOpportunityLost(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = lostSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const opportunity = await opportunitiesService.markLost( + req.params.id, + parseResult.data.lost_reason_id, + parseResult.data.notes, + req.tenantId!, + req.user!.userId + ); + + res.json({ + success: true, + data: opportunity, + message: 'Oportunidad marcada como perdida', + }); + } catch (error) { + next(error); + } + } + + async createOpportunityQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const result = await opportunitiesService.createQuotation(req.params.id, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: result.opportunity, + quotation_id: result.quotation_id, + message: 'Cotizacion creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteOpportunity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await opportunitiesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Oportunidad eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async getPipeline(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const companyId = req.query.company_id as string | undefined; + const pipeline = await opportunitiesService.getPipeline(req.tenantId!, companyId); + + res.json({ + success: true, + data: pipeline, + }); + } catch (error) { + next(error); + } + } + + // ========== LEAD STAGES ========== + + async getLeadStages(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const includeInactive = req.query.include_inactive === 'true'; + const stages = await stagesService.getLeadStages(req.tenantId!, includeInactive); + res.json({ success: true, data: stages }); + } catch (error) { + next(error); + } + } + + async createLeadStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de etapa invalidos', parseResult.error.errors); + } + + const dto: CreateLeadStageDto = parseResult.data; + const stage = await stagesService.createLeadStage(dto, req.tenantId!); + + res.status(201).json({ + success: true, + data: stage, + message: 'Etapa de lead creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateLeadStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de etapa invalidos', parseResult.error.errors); + } + + const dto: UpdateLeadStageDto = parseResult.data; + const stage = await stagesService.updateLeadStage(req.params.id, dto, req.tenantId!); + + res.json({ + success: true, + data: stage, + message: 'Etapa de lead actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteLeadStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await stagesService.deleteLeadStage(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Etapa de lead eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== OPPORTUNITY STAGES ========== + + async getOpportunityStages(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const includeInactive = req.query.include_inactive === 'true'; + const stages = await stagesService.getOpportunityStages(req.tenantId!, includeInactive); + res.json({ success: true, data: stages }); + } catch (error) { + next(error); + } + } + + async createOpportunityStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de etapa invalidos', parseResult.error.errors); + } + + const dto: CreateOpportunityStageDto = parseResult.data; + const stage = await stagesService.createOpportunityStage(dto, req.tenantId!); + + res.status(201).json({ + success: true, + data: stage, + message: 'Etapa de oportunidad creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateOpportunityStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateStageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de etapa invalidos', parseResult.error.errors); + } + + const dto: UpdateOpportunityStageDto = parseResult.data; + const stage = await stagesService.updateOpportunityStage(req.params.id, dto, req.tenantId!); + + res.json({ + success: true, + data: stage, + message: 'Etapa de oportunidad actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteOpportunityStage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await stagesService.deleteOpportunityStage(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Etapa de oportunidad eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== LOST REASONS ========== + + async getLostReasons(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const includeInactive = req.query.include_inactive === 'true'; + const reasons = await stagesService.getLostReasons(req.tenantId!, includeInactive); + res.json({ success: true, data: reasons }); + } catch (error) { + next(error); + } + } + + async createLostReason(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLostReasonSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de razon invalidos', parseResult.error.errors); + } + + const dto: CreateLostReasonDto = parseResult.data; + const reason = await stagesService.createLostReason(dto, req.tenantId!); + + res.status(201).json({ + success: true, + data: reason, + message: 'Razon de perdida creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateLostReason(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLostReasonSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de razon invalidos', parseResult.error.errors); + } + + const dto: UpdateLostReasonDto = parseResult.data; + const reason = await stagesService.updateLostReason(req.params.id, dto, req.tenantId!); + + res.json({ + success: true, + data: reason, + message: 'Razon de perdida actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteLostReason(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await stagesService.deleteLostReason(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Razon de perdida eliminada exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const crmController = new CrmController(); diff --git a/backend/src/modules/crm/crm.routes.ts b/backend/src/modules/crm/crm.routes.ts new file mode 100644 index 0000000..8445ca9 --- /dev/null +++ b/backend/src/modules/crm/crm.routes.ts @@ -0,0 +1,126 @@ +import { Router } from 'express'; +import { crmController } from './crm.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== LEADS ========== + +router.get('/leads', (req, res, next) => crmController.getLeads(req, res, next)); + +router.get('/leads/:id', (req, res, next) => crmController.getLead(req, res, next)); + +router.post('/leads', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.createLead(req, res, next) +); + +router.put('/leads/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.updateLead(req, res, next) +); + +router.post('/leads/:id/move', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.moveLeadStage(req, res, next) +); + +router.post('/leads/:id/convert', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.convertLead(req, res, next) +); + +router.post('/leads/:id/lost', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.markLeadLost(req, res, next) +); + +router.delete('/leads/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.deleteLead(req, res, next) +); + +// ========== OPPORTUNITIES ========== + +router.get('/opportunities', (req, res, next) => crmController.getOpportunities(req, res, next)); + +router.get('/opportunities/:id', (req, res, next) => crmController.getOpportunity(req, res, next)); + +router.post('/opportunities', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.createOpportunity(req, res, next) +); + +router.put('/opportunities/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.updateOpportunity(req, res, next) +); + +router.post('/opportunities/:id/move', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.moveOpportunityStage(req, res, next) +); + +router.post('/opportunities/:id/won', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.markOpportunityWon(req, res, next) +); + +router.post('/opportunities/:id/lost', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.markOpportunityLost(req, res, next) +); + +router.post('/opportunities/:id/quote', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + crmController.createOpportunityQuotation(req, res, next) +); + +router.delete('/opportunities/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.deleteOpportunity(req, res, next) +); + +// ========== PIPELINE ========== + +router.get('/pipeline', (req, res, next) => crmController.getPipeline(req, res, next)); + +// ========== LEAD STAGES ========== + +router.get('/lead-stages', (req, res, next) => crmController.getLeadStages(req, res, next)); + +router.post('/lead-stages', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.createLeadStage(req, res, next) +); + +router.put('/lead-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.updateLeadStage(req, res, next) +); + +router.delete('/lead-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.deleteLeadStage(req, res, next) +); + +// ========== OPPORTUNITY STAGES ========== + +router.get('/opportunity-stages', (req, res, next) => crmController.getOpportunityStages(req, res, next)); + +router.post('/opportunity-stages', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.createOpportunityStage(req, res, next) +); + +router.put('/opportunity-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.updateOpportunityStage(req, res, next) +); + +router.delete('/opportunity-stages/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.deleteOpportunityStage(req, res, next) +); + +// ========== LOST REASONS ========== + +router.get('/lost-reasons', (req, res, next) => crmController.getLostReasons(req, res, next)); + +router.post('/lost-reasons', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.createLostReason(req, res, next) +); + +router.put('/lost-reasons/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.updateLostReason(req, res, next) +); + +router.delete('/lost-reasons/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + crmController.deleteLostReason(req, res, next) +); + +export default router; diff --git a/backend/src/modules/crm/index.ts b/backend/src/modules/crm/index.ts new file mode 100644 index 0000000..51e42d6 --- /dev/null +++ b/backend/src/modules/crm/index.ts @@ -0,0 +1,5 @@ +export * from './leads.service.js'; +export * from './opportunities.service.js'; +export * from './stages.service.js'; +export * from './crm.controller.js'; +export { default as crmRoutes } from './crm.routes.js'; diff --git a/backend/src/modules/crm/leads.service.ts b/backend/src/modules/crm/leads.service.ts new file mode 100644 index 0000000..4dfeadc --- /dev/null +++ b/backend/src/modules/crm/leads.service.ts @@ -0,0 +1,449 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/errors/index.js'; + +export type LeadStatus = 'new' | 'contacted' | 'qualified' | 'converted' | 'lost'; +export type LeadSource = 'website' | 'phone' | 'email' | 'referral' | 'social_media' | 'advertising' | 'event' | 'other'; + +export interface Lead { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + ref?: string; + contact_name?: string; + email?: string; + phone?: string; + mobile?: string; + website?: string; + company_prospect_name?: string; + job_position?: string; + industry?: string; + employee_count?: string; + annual_revenue?: number; + street?: string; + city?: string; + state?: string; + zip?: string; + country?: string; + stage_id?: string; + stage_name?: string; + status: LeadStatus; + user_id?: string; + user_name?: string; + sales_team_id?: string; + source?: LeadSource; + priority: number; + probability: number; + expected_revenue?: number; + date_open?: Date; + date_closed?: Date; + date_deadline?: Date; + date_last_activity?: Date; + partner_id?: string; + opportunity_id?: string; + lost_reason_id?: string; + lost_reason_name?: string; + lost_notes?: string; + description?: string; + notes?: string; + tags?: string[]; + created_at: Date; +} + +export interface CreateLeadDto { + company_id: string; + name: string; + ref?: string; + contact_name?: string; + email?: string; + phone?: string; + mobile?: string; + website?: string; + company_prospect_name?: string; + job_position?: string; + industry?: string; + employee_count?: string; + annual_revenue?: number; + street?: string; + city?: string; + state?: string; + zip?: string; + country?: string; + stage_id?: string; + user_id?: string; + sales_team_id?: string; + source?: LeadSource; + priority?: number; + probability?: number; + expected_revenue?: number; + date_deadline?: string; + description?: string; + notes?: string; + tags?: string[]; +} + +export interface UpdateLeadDto { + name?: string; + ref?: string | null; + contact_name?: string | null; + email?: string | null; + phone?: string | null; + mobile?: string | null; + website?: string | null; + company_prospect_name?: string | null; + job_position?: string | null; + industry?: string | null; + employee_count?: string | null; + annual_revenue?: number | null; + street?: string | null; + city?: string | null; + state?: string | null; + zip?: string | null; + country?: string | null; + stage_id?: string | null; + user_id?: string | null; + sales_team_id?: string | null; + source?: LeadSource | null; + priority?: number; + probability?: number; + expected_revenue?: number | null; + date_deadline?: string | null; + description?: string | null; + notes?: string | null; + tags?: string[] | null; +} + +export interface LeadFilters { + company_id?: string; + status?: LeadStatus; + stage_id?: string; + user_id?: string; + source?: LeadSource; + priority?: number; + search?: string; + page?: number; + limit?: number; +} + +class LeadsService { + async findAll(tenantId: string, filters: LeadFilters = {}): Promise<{ data: Lead[]; total: number }> { + const { company_id, status, stage_id, user_id, source, priority, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE l.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND l.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (status) { + whereClause += ` AND l.status = $${paramIndex++}`; + params.push(status); + } + + if (stage_id) { + whereClause += ` AND l.stage_id = $${paramIndex++}`; + params.push(stage_id); + } + + if (user_id) { + whereClause += ` AND l.user_id = $${paramIndex++}`; + params.push(user_id); + } + + if (source) { + whereClause += ` AND l.source = $${paramIndex++}`; + params.push(source); + } + + if (priority !== undefined) { + whereClause += ` AND l.priority = $${paramIndex++}`; + params.push(priority); + } + + if (search) { + whereClause += ` AND (l.name ILIKE $${paramIndex} OR l.contact_name ILIKE $${paramIndex} OR l.email ILIKE $${paramIndex} OR l.company_name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.leads l ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT l.*, + c.name as company_org_name, + ls.name as stage_name, + u.email as user_email, + lr.name as lost_reason_name + FROM crm.leads l + LEFT JOIN auth.companies c ON l.company_id = c.id + LEFT JOIN crm.lead_stages ls ON l.stage_id = ls.id + LEFT JOIN auth.users u ON l.user_id = u.id + LEFT JOIN crm.lost_reasons lr ON l.lost_reason_id = lr.id + ${whereClause} + ORDER BY l.priority DESC, l.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const lead = await queryOne( + `SELECT l.*, + c.name as company_org_name, + ls.name as stage_name, + u.email as user_email, + lr.name as lost_reason_name + FROM crm.leads l + LEFT JOIN auth.companies c ON l.company_id = c.id + LEFT JOIN crm.lead_stages ls ON l.stage_id = ls.id + LEFT JOIN auth.users u ON l.user_id = u.id + LEFT JOIN crm.lost_reasons lr ON l.lost_reason_id = lr.id + WHERE l.id = $1 AND l.tenant_id = $2`, + [id, tenantId] + ); + + if (!lead) { + throw new NotFoundError('Lead no encontrado'); + } + + return lead; + } + + async create(dto: CreateLeadDto, tenantId: string, userId: string): Promise { + const lead = await queryOne( + `INSERT INTO crm.leads ( + tenant_id, company_id, name, ref, contact_name, email, phone, mobile, website, + company_name, job_position, industry, employee_count, annual_revenue, + street, city, state, zip, country, stage_id, user_id, sales_team_id, source, + priority, probability, expected_revenue, date_deadline, description, notes, tags, + date_open, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, + $18, $19, $20, $21, $22, $23, $24, $25, $26, $27, $28, $29, $30, CURRENT_TIMESTAMP, $31) + RETURNING *`, + [ + tenantId, dto.company_id, dto.name, dto.ref, dto.contact_name, dto.email, dto.phone, + dto.mobile, dto.website, dto.company_prospect_name, dto.job_position, dto.industry, + dto.employee_count, dto.annual_revenue, dto.street, dto.city, dto.state, dto.zip, + dto.country, dto.stage_id, dto.user_id, dto.sales_team_id, dto.source, + dto.priority || 0, dto.probability || 0, dto.expected_revenue, dto.date_deadline, + dto.description, dto.notes, dto.tags, userId + ] + ); + + return this.findById(lead!.id, tenantId); + } + + async update(id: string, dto: UpdateLeadDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status === 'converted' || existing.status === 'lost') { + throw new ValidationError('No se puede editar un lead convertido o perdido'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = [ + 'name', 'ref', 'contact_name', 'email', 'phone', 'mobile', 'website', + 'company_prospect_name', 'job_position', 'industry', 'employee_count', 'annual_revenue', + 'street', 'city', 'state', 'zip', 'country', 'stage_id', 'user_id', 'sales_team_id', + 'source', 'priority', 'probability', 'expected_revenue', 'date_deadline', + 'description', 'notes', 'tags' + ]; + + for (const field of fieldsToUpdate) { + const key = field === 'company_prospect_name' ? 'company_name' : field; + if ((dto as any)[field] !== undefined) { + updateFields.push(`${key} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`date_last_activity = CURRENT_TIMESTAMP`); + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + + values.push(id, tenantId); + + await query( + `UPDATE crm.leads SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async moveStage(id: string, stageId: string, tenantId: string, userId: string): Promise { + const lead = await this.findById(id, tenantId); + + if (lead.status === 'converted' || lead.status === 'lost') { + throw new ValidationError('No se puede mover un lead convertido o perdido'); + } + + await query( + `UPDATE crm.leads SET + stage_id = $1, + date_last_activity = CURRENT_TIMESTAMP, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [stageId, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async convert(id: string, tenantId: string, userId: string): Promise<{ lead: Lead; opportunity_id: string }> { + const lead = await this.findById(id, tenantId); + + if (lead.status === 'converted') { + throw new ValidationError('El lead ya fue convertido'); + } + + if (lead.status === 'lost') { + throw new ValidationError('No se puede convertir un lead perdido'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Create or get partner + let partnerId = lead.partner_id; + + if (!partnerId && lead.email) { + // Check if partner exists with same email + const existingPartner = await client.query( + `SELECT id FROM core.partners WHERE email = $1 AND tenant_id = $2`, + [lead.email, tenantId] + ); + + if (existingPartner.rows.length > 0) { + partnerId = existingPartner.rows[0].id; + } else { + // Create new partner + const partnerResult = await client.query( + `INSERT INTO core.partners (tenant_id, name, email, phone, mobile, is_customer, created_by) + VALUES ($1, $2, $3, $4, $5, TRUE, $6) + RETURNING id`, + [tenantId, lead.contact_name || lead.name, lead.email, lead.phone, lead.mobile, userId] + ); + partnerId = partnerResult.rows[0].id; + } + } + + if (!partnerId) { + throw new ValidationError('El lead debe tener un email o partner asociado para convertirse'); + } + + // Get default opportunity stage + const stageResult = await client.query( + `SELECT id FROM crm.opportunity_stages WHERE tenant_id = $1 ORDER BY sequence LIMIT 1`, + [tenantId] + ); + + const stageId = stageResult.rows[0]?.id || null; + + // Create opportunity + const opportunityResult = await client.query( + `INSERT INTO crm.opportunities ( + tenant_id, company_id, name, partner_id, contact_name, email, phone, + stage_id, user_id, sales_team_id, source, priority, probability, + expected_revenue, lead_id, description, notes, tags, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19) + RETURNING id`, + [ + tenantId, lead.company_id, lead.name, partnerId, lead.contact_name, lead.email, + lead.phone, stageId, lead.user_id, lead.sales_team_id, lead.source, lead.priority, + lead.probability, lead.expected_revenue, id, lead.description, lead.notes, lead.tags, userId + ] + ); + const opportunityId = opportunityResult.rows[0].id; + + // Update lead + await client.query( + `UPDATE crm.leads SET + status = 'converted', + partner_id = $1, + opportunity_id = $2, + date_closed = CURRENT_TIMESTAMP, + updated_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $4`, + [partnerId, opportunityId, userId, id] + ); + + await client.query('COMMIT'); + + const updatedLead = await this.findById(id, tenantId); + + return { lead: updatedLead, opportunity_id: opportunityId }; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async markLost(id: string, lostReasonId: string, notes: string | undefined, tenantId: string, userId: string): Promise { + const lead = await this.findById(id, tenantId); + + if (lead.status === 'converted') { + throw new ValidationError('No se puede marcar como perdido un lead convertido'); + } + + if (lead.status === 'lost') { + throw new ValidationError('El lead ya esta marcado como perdido'); + } + + await query( + `UPDATE crm.leads SET + status = 'lost', + lost_reason_id = $1, + lost_notes = $2, + date_closed = CURRENT_TIMESTAMP, + updated_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $4 AND tenant_id = $5`, + [lostReasonId, notes, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const lead = await this.findById(id, tenantId); + + if (lead.opportunity_id) { + throw new ConflictError('No se puede eliminar un lead que tiene una oportunidad asociada'); + } + + await query(`DELETE FROM crm.leads WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const leadsService = new LeadsService(); diff --git a/backend/src/modules/crm/opportunities.service.ts b/backend/src/modules/crm/opportunities.service.ts new file mode 100644 index 0000000..7d051a7 --- /dev/null +++ b/backend/src/modules/crm/opportunities.service.ts @@ -0,0 +1,503 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; +import { LeadSource } from './leads.service.js'; + +export type OpportunityStatus = 'open' | 'won' | 'lost'; + +export interface Opportunity { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + ref?: string; + partner_id: string; + partner_name?: string; + contact_name?: string; + email?: string; + phone?: string; + stage_id?: string; + stage_name?: string; + status: OpportunityStatus; + user_id?: string; + user_name?: string; + sales_team_id?: string; + priority: number; + probability: number; + expected_revenue?: number; + recurring_revenue?: number; + recurring_plan?: string; + date_deadline?: Date; + date_closed?: Date; + date_last_activity?: Date; + lead_id?: string; + source?: LeadSource; + lost_reason_id?: string; + lost_reason_name?: string; + lost_notes?: string; + quotation_id?: string; + order_id?: string; + description?: string; + notes?: string; + tags?: string[]; + created_at: Date; +} + +export interface CreateOpportunityDto { + company_id: string; + name: string; + ref?: string; + partner_id: string; + contact_name?: string; + email?: string; + phone?: string; + stage_id?: string; + user_id?: string; + sales_team_id?: string; + priority?: number; + probability?: number; + expected_revenue?: number; + recurring_revenue?: number; + recurring_plan?: string; + date_deadline?: string; + source?: LeadSource; + description?: string; + notes?: string; + tags?: string[]; +} + +export interface UpdateOpportunityDto { + name?: string; + ref?: string | null; + partner_id?: string; + contact_name?: string | null; + email?: string | null; + phone?: string | null; + stage_id?: string | null; + user_id?: string | null; + sales_team_id?: string | null; + priority?: number; + probability?: number; + expected_revenue?: number | null; + recurring_revenue?: number | null; + recurring_plan?: string | null; + date_deadline?: string | null; + description?: string | null; + notes?: string | null; + tags?: string[] | null; +} + +export interface OpportunityFilters { + company_id?: string; + status?: OpportunityStatus; + stage_id?: string; + user_id?: string; + partner_id?: string; + priority?: number; + search?: string; + page?: number; + limit?: number; +} + +class OpportunitiesService { + async findAll(tenantId: string, filters: OpportunityFilters = {}): Promise<{ data: Opportunity[]; total: number }> { + const { company_id, status, stage_id, user_id, partner_id, priority, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE o.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND o.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (status) { + whereClause += ` AND o.status = $${paramIndex++}`; + params.push(status); + } + + if (stage_id) { + whereClause += ` AND o.stage_id = $${paramIndex++}`; + params.push(stage_id); + } + + if (user_id) { + whereClause += ` AND o.user_id = $${paramIndex++}`; + params.push(user_id); + } + + if (partner_id) { + whereClause += ` AND o.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (priority !== undefined) { + whereClause += ` AND o.priority = $${paramIndex++}`; + params.push(priority); + } + + if (search) { + whereClause += ` AND (o.name ILIKE $${paramIndex} OR o.contact_name ILIKE $${paramIndex} OR o.email ILIKE $${paramIndex} OR p.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.opportunities o + LEFT JOIN core.partners p ON o.partner_id = p.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT o.*, + c.name as company_org_name, + p.name as partner_name, + os.name as stage_name, + u.email as user_email, + lr.name as lost_reason_name + FROM crm.opportunities o + LEFT JOIN auth.companies c ON o.company_id = c.id + LEFT JOIN core.partners p ON o.partner_id = p.id + LEFT JOIN crm.opportunity_stages os ON o.stage_id = os.id + LEFT JOIN auth.users u ON o.user_id = u.id + LEFT JOIN crm.lost_reasons lr ON o.lost_reason_id = lr.id + ${whereClause} + ORDER BY o.priority DESC, o.expected_revenue DESC NULLS LAST, o.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const opportunity = await queryOne( + `SELECT o.*, + c.name as company_org_name, + p.name as partner_name, + os.name as stage_name, + u.email as user_email, + lr.name as lost_reason_name + FROM crm.opportunities o + LEFT JOIN auth.companies c ON o.company_id = c.id + LEFT JOIN core.partners p ON o.partner_id = p.id + LEFT JOIN crm.opportunity_stages os ON o.stage_id = os.id + LEFT JOIN auth.users u ON o.user_id = u.id + LEFT JOIN crm.lost_reasons lr ON o.lost_reason_id = lr.id + WHERE o.id = $1 AND o.tenant_id = $2`, + [id, tenantId] + ); + + if (!opportunity) { + throw new NotFoundError('Oportunidad no encontrada'); + } + + return opportunity; + } + + async create(dto: CreateOpportunityDto, tenantId: string, userId: string): Promise { + const opportunity = await queryOne( + `INSERT INTO crm.opportunities ( + tenant_id, company_id, name, ref, partner_id, contact_name, email, phone, + stage_id, user_id, sales_team_id, priority, probability, expected_revenue, + recurring_revenue, recurring_plan, date_deadline, source, description, notes, tags, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22) + RETURNING *`, + [ + tenantId, dto.company_id, dto.name, dto.ref, dto.partner_id, dto.contact_name, + dto.email, dto.phone, dto.stage_id, dto.user_id, dto.sales_team_id, + dto.priority || 0, dto.probability || 0, dto.expected_revenue, dto.recurring_revenue, + dto.recurring_plan, dto.date_deadline, dto.source, dto.description, dto.notes, dto.tags, userId + ] + ); + + return this.findById(opportunity!.id, tenantId); + } + + async update(id: string, dto: UpdateOpportunityDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'open') { + throw new ValidationError('Solo se pueden editar oportunidades abiertas'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = [ + 'name', 'ref', 'partner_id', 'contact_name', 'email', 'phone', 'stage_id', + 'user_id', 'sales_team_id', 'priority', 'probability', 'expected_revenue', + 'recurring_revenue', 'recurring_plan', 'date_deadline', 'description', 'notes', 'tags' + ]; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`date_last_activity = CURRENT_TIMESTAMP`); + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + + values.push(id, tenantId); + + await query( + `UPDATE crm.opportunities SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async moveStage(id: string, stageId: string, tenantId: string, userId: string): Promise { + const opportunity = await this.findById(id, tenantId); + + if (opportunity.status !== 'open') { + throw new ValidationError('Solo se pueden mover oportunidades abiertas'); + } + + // Get stage probability + const stage = await queryOne<{ probability: number; is_won: boolean }>( + `SELECT probability, is_won FROM crm.opportunity_stages WHERE id = $1 AND tenant_id = $2`, + [stageId, tenantId] + ); + + if (!stage) { + throw new NotFoundError('Etapa no encontrada'); + } + + await query( + `UPDATE crm.opportunities SET + stage_id = $1, + probability = $2, + date_last_activity = CURRENT_TIMESTAMP, + updated_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $4 AND tenant_id = $5`, + [stageId, stage.probability, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async markWon(id: string, tenantId: string, userId: string): Promise { + const opportunity = await this.findById(id, tenantId); + + if (opportunity.status !== 'open') { + throw new ValidationError('Solo se pueden marcar como ganadas oportunidades abiertas'); + } + + await query( + `UPDATE crm.opportunities SET + status = 'won', + probability = 100, + date_closed = CURRENT_TIMESTAMP, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async markLost(id: string, lostReasonId: string, notes: string | undefined, tenantId: string, userId: string): Promise { + const opportunity = await this.findById(id, tenantId); + + if (opportunity.status !== 'open') { + throw new ValidationError('Solo se pueden marcar como perdidas oportunidades abiertas'); + } + + await query( + `UPDATE crm.opportunities SET + status = 'lost', + probability = 0, + lost_reason_id = $1, + lost_notes = $2, + date_closed = CURRENT_TIMESTAMP, + updated_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $4 AND tenant_id = $5`, + [lostReasonId, notes, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async createQuotation(id: string, tenantId: string, userId: string): Promise<{ opportunity: Opportunity; quotation_id: string }> { + const opportunity = await this.findById(id, tenantId); + + if (opportunity.status !== 'open') { + throw new ValidationError('Solo se pueden crear cotizaciones de oportunidades abiertas'); + } + + if (opportunity.quotation_id) { + throw new ValidationError('Esta oportunidad ya tiene una cotizacion asociada'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Generate quotation name + const seqResult = await client.query( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 3) AS INTEGER)), 0) + 1 as next_num + FROM sales.quotations WHERE tenant_id = $1 AND name LIKE 'SO%'`, + [tenantId] + ); + const nextNum = seqResult.rows[0]?.next_num || 1; + const quotationName = `SO${String(nextNum).padStart(6, '0')}`; + + // Get default currency + const currencyResult = await client.query( + `SELECT id FROM core.currencies WHERE code = 'MXN' AND tenant_id = $1 LIMIT 1`, + [tenantId] + ); + const currencyId = currencyResult.rows[0]?.id; + + if (!currencyId) { + throw new ValidationError('No se encontro una moneda configurada'); + } + + // Create quotation + const quotationResult = await client.query( + `INSERT INTO sales.quotations ( + tenant_id, company_id, name, partner_id, quotation_date, validity_date, + currency_id, user_id, notes, created_by + ) + VALUES ($1, $2, $3, $4, CURRENT_DATE, CURRENT_DATE + INTERVAL '30 days', $5, $6, $7, $8) + RETURNING id`, + [ + tenantId, opportunity.company_id, quotationName, opportunity.partner_id, + currencyId, userId, opportunity.description, userId + ] + ); + const quotationId = quotationResult.rows[0].id; + + // Update opportunity + await client.query( + `UPDATE crm.opportunities SET + quotation_id = $1, + date_last_activity = CURRENT_TIMESTAMP, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3`, + [quotationId, userId, id] + ); + + await client.query('COMMIT'); + + const updatedOpportunity = await this.findById(id, tenantId); + + return { opportunity: updatedOpportunity, quotation_id: quotationId }; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async delete(id: string, tenantId: string): Promise { + const opportunity = await this.findById(id, tenantId); + + if (opportunity.quotation_id || opportunity.order_id) { + throw new ValidationError('No se puede eliminar una oportunidad con cotizacion u orden asociada'); + } + + // Update lead if exists + if (opportunity.lead_id) { + await query( + `UPDATE crm.leads SET opportunity_id = NULL WHERE id = $1`, + [opportunity.lead_id] + ); + } + + await query(`DELETE FROM crm.opportunities WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // Pipeline view - grouped by stage + async getPipeline(tenantId: string, companyId?: string): Promise<{ stages: any[]; totals: any }> { + let whereClause = 'WHERE o.tenant_id = $1 AND o.status = $2'; + const params: any[] = [tenantId, 'open']; + + if (companyId) { + whereClause += ` AND o.company_id = $3`; + params.push(companyId); + } + + const stages = await query<{ id: string; name: string; sequence: number; probability: number }>( + `SELECT id, name, sequence, probability + FROM crm.opportunity_stages + WHERE tenant_id = $1 AND active = TRUE + ORDER BY sequence`, + [tenantId] + ); + + const opportunities = await query( + `SELECT o.id, o.name, o.partner_id, p.name as partner_name, + o.stage_id, o.expected_revenue, o.probability, o.priority, + o.date_deadline, o.user_id + FROM crm.opportunities o + LEFT JOIN core.partners p ON o.partner_id = p.id + ${whereClause} + ORDER BY o.priority DESC, o.expected_revenue DESC`, + params + ); + + // Group opportunities by stage + const pipelineStages = stages.map(stage => ({ + ...stage, + opportunities: opportunities.filter((opp: any) => opp.stage_id === stage.id), + count: opportunities.filter((opp: any) => opp.stage_id === stage.id).length, + total_revenue: opportunities + .filter((opp: any) => opp.stage_id === stage.id) + .reduce((sum: number, opp: any) => sum + (parseFloat(opp.expected_revenue) || 0), 0) + })); + + // Add "No stage" for opportunities without stage + const noStageOpps = opportunities.filter((opp: any) => !opp.stage_id); + if (noStageOpps.length > 0) { + pipelineStages.unshift({ + id: null as unknown as string, + name: 'Sin etapa', + sequence: 0, + probability: 0, + opportunities: noStageOpps, + count: noStageOpps.length, + total_revenue: noStageOpps.reduce((sum: number, opp: any) => sum + (parseFloat(opp.expected_revenue) || 0), 0) + }); + } + + const totals = { + total_opportunities: opportunities.length, + total_expected_revenue: opportunities.reduce((sum: number, opp: any) => sum + (parseFloat(opp.expected_revenue) || 0), 0), + weighted_revenue: opportunities.reduce((sum: number, opp: any) => { + const revenue = parseFloat(opp.expected_revenue) || 0; + const probability = parseFloat(opp.probability) || 0; + return sum + (revenue * probability / 100); + }, 0) + }; + + return { stages: pipelineStages, totals }; + } +} + +export const opportunitiesService = new OpportunitiesService(); diff --git a/backend/src/modules/crm/stages.service.ts b/backend/src/modules/crm/stages.service.ts new file mode 100644 index 0000000..92f01f9 --- /dev/null +++ b/backend/src/modules/crm/stages.service.ts @@ -0,0 +1,435 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +// ========== LEAD STAGES ========== + +export interface LeadStage { + id: string; + tenant_id: string; + name: string; + sequence: number; + is_won: boolean; + probability: number; + requirements?: string; + active: boolean; + created_at: Date; +} + +export interface CreateLeadStageDto { + name: string; + sequence?: number; + is_won?: boolean; + probability?: number; + requirements?: string; +} + +export interface UpdateLeadStageDto { + name?: string; + sequence?: number; + is_won?: boolean; + probability?: number; + requirements?: string | null; + active?: boolean; +} + +// ========== OPPORTUNITY STAGES ========== + +export interface OpportunityStage { + id: string; + tenant_id: string; + name: string; + sequence: number; + is_won: boolean; + probability: number; + requirements?: string; + active: boolean; + created_at: Date; +} + +export interface CreateOpportunityStageDto { + name: string; + sequence?: number; + is_won?: boolean; + probability?: number; + requirements?: string; +} + +export interface UpdateOpportunityStageDto { + name?: string; + sequence?: number; + is_won?: boolean; + probability?: number; + requirements?: string | null; + active?: boolean; +} + +// ========== LOST REASONS ========== + +export interface LostReason { + id: string; + tenant_id: string; + name: string; + description?: string; + active: boolean; + created_at: Date; +} + +export interface CreateLostReasonDto { + name: string; + description?: string; +} + +export interface UpdateLostReasonDto { + name?: string; + description?: string | null; + active?: boolean; +} + +class StagesService { + // ========== LEAD STAGES ========== + + async getLeadStages(tenantId: string, includeInactive = false): Promise { + let whereClause = 'WHERE tenant_id = $1'; + if (!includeInactive) { + whereClause += ' AND active = TRUE'; + } + + return query( + `SELECT * FROM crm.lead_stages ${whereClause} ORDER BY sequence`, + [tenantId] + ); + } + + async getLeadStageById(id: string, tenantId: string): Promise { + const stage = await queryOne( + `SELECT * FROM crm.lead_stages WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!stage) { + throw new NotFoundError('Etapa de lead no encontrada'); + } + + return stage; + } + + async createLeadStage(dto: CreateLeadStageDto, tenantId: string): Promise { + // Check unique name + const existing = await queryOne( + `SELECT id FROM crm.lead_stages WHERE name = $1 AND tenant_id = $2`, + [dto.name, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe una etapa con ese nombre'); + } + + const stage = await queryOne( + `INSERT INTO crm.lead_stages (tenant_id, name, sequence, is_won, probability, requirements) + VALUES ($1, $2, $3, $4, $5, $6) + RETURNING *`, + [tenantId, dto.name, dto.sequence || 10, dto.is_won || false, dto.probability || 0, dto.requirements] + ); + + return stage!; + } + + async updateLeadStage(id: string, dto: UpdateLeadStageDto, tenantId: string): Promise { + await this.getLeadStageById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + // Check unique name + const existing = await queryOne( + `SELECT id FROM crm.lead_stages WHERE name = $1 AND tenant_id = $2 AND id != $3`, + [dto.name, tenantId, id] + ); + if (existing) { + throw new ConflictError('Ya existe una etapa con ese nombre'); + } + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.sequence !== undefined) { + updateFields.push(`sequence = $${paramIndex++}`); + values.push(dto.sequence); + } + if (dto.is_won !== undefined) { + updateFields.push(`is_won = $${paramIndex++}`); + values.push(dto.is_won); + } + if (dto.probability !== undefined) { + updateFields.push(`probability = $${paramIndex++}`); + values.push(dto.probability); + } + if (dto.requirements !== undefined) { + updateFields.push(`requirements = $${paramIndex++}`); + values.push(dto.requirements); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + if (updateFields.length === 0) { + return this.getLeadStageById(id, tenantId); + } + + values.push(id, tenantId); + + await query( + `UPDATE crm.lead_stages SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.getLeadStageById(id, tenantId); + } + + async deleteLeadStage(id: string, tenantId: string): Promise { + await this.getLeadStageById(id, tenantId); + + // Check if stage is in use + const inUse = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.leads WHERE stage_id = $1`, + [id] + ); + + if (parseInt(inUse?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar una etapa que tiene leads asociados'); + } + + await query(`DELETE FROM crm.lead_stages WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // ========== OPPORTUNITY STAGES ========== + + async getOpportunityStages(tenantId: string, includeInactive = false): Promise { + let whereClause = 'WHERE tenant_id = $1'; + if (!includeInactive) { + whereClause += ' AND active = TRUE'; + } + + return query( + `SELECT * FROM crm.opportunity_stages ${whereClause} ORDER BY sequence`, + [tenantId] + ); + } + + async getOpportunityStageById(id: string, tenantId: string): Promise { + const stage = await queryOne( + `SELECT * FROM crm.opportunity_stages WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!stage) { + throw new NotFoundError('Etapa de oportunidad no encontrada'); + } + + return stage; + } + + async createOpportunityStage(dto: CreateOpportunityStageDto, tenantId: string): Promise { + // Check unique name + const existing = await queryOne( + `SELECT id FROM crm.opportunity_stages WHERE name = $1 AND tenant_id = $2`, + [dto.name, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe una etapa con ese nombre'); + } + + const stage = await queryOne( + `INSERT INTO crm.opportunity_stages (tenant_id, name, sequence, is_won, probability, requirements) + VALUES ($1, $2, $3, $4, $5, $6) + RETURNING *`, + [tenantId, dto.name, dto.sequence || 10, dto.is_won || false, dto.probability || 0, dto.requirements] + ); + + return stage!; + } + + async updateOpportunityStage(id: string, dto: UpdateOpportunityStageDto, tenantId: string): Promise { + await this.getOpportunityStageById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + const existing = await queryOne( + `SELECT id FROM crm.opportunity_stages WHERE name = $1 AND tenant_id = $2 AND id != $3`, + [dto.name, tenantId, id] + ); + if (existing) { + throw new ConflictError('Ya existe una etapa con ese nombre'); + } + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.sequence !== undefined) { + updateFields.push(`sequence = $${paramIndex++}`); + values.push(dto.sequence); + } + if (dto.is_won !== undefined) { + updateFields.push(`is_won = $${paramIndex++}`); + values.push(dto.is_won); + } + if (dto.probability !== undefined) { + updateFields.push(`probability = $${paramIndex++}`); + values.push(dto.probability); + } + if (dto.requirements !== undefined) { + updateFields.push(`requirements = $${paramIndex++}`); + values.push(dto.requirements); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + if (updateFields.length === 0) { + return this.getOpportunityStageById(id, tenantId); + } + + values.push(id, tenantId); + + await query( + `UPDATE crm.opportunity_stages SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.getOpportunityStageById(id, tenantId); + } + + async deleteOpportunityStage(id: string, tenantId: string): Promise { + await this.getOpportunityStageById(id, tenantId); + + const inUse = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.opportunities WHERE stage_id = $1`, + [id] + ); + + if (parseInt(inUse?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar una etapa que tiene oportunidades asociadas'); + } + + await query(`DELETE FROM crm.opportunity_stages WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // ========== LOST REASONS ========== + + async getLostReasons(tenantId: string, includeInactive = false): Promise { + let whereClause = 'WHERE tenant_id = $1'; + if (!includeInactive) { + whereClause += ' AND active = TRUE'; + } + + return query( + `SELECT * FROM crm.lost_reasons ${whereClause} ORDER BY name`, + [tenantId] + ); + } + + async getLostReasonById(id: string, tenantId: string): Promise { + const reason = await queryOne( + `SELECT * FROM crm.lost_reasons WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!reason) { + throw new NotFoundError('Razon de perdida no encontrada'); + } + + return reason; + } + + async createLostReason(dto: CreateLostReasonDto, tenantId: string): Promise { + const existing = await queryOne( + `SELECT id FROM crm.lost_reasons WHERE name = $1 AND tenant_id = $2`, + [dto.name, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe una razon con ese nombre'); + } + + const reason = await queryOne( + `INSERT INTO crm.lost_reasons (tenant_id, name, description) + VALUES ($1, $2, $3) + RETURNING *`, + [tenantId, dto.name, dto.description] + ); + + return reason!; + } + + async updateLostReason(id: string, dto: UpdateLostReasonDto, tenantId: string): Promise { + await this.getLostReasonById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + const existing = await queryOne( + `SELECT id FROM crm.lost_reasons WHERE name = $1 AND tenant_id = $2 AND id != $3`, + [dto.name, tenantId, id] + ); + if (existing) { + throw new ConflictError('Ya existe una razon con ese nombre'); + } + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + if (updateFields.length === 0) { + return this.getLostReasonById(id, tenantId); + } + + values.push(id, tenantId); + + await query( + `UPDATE crm.lost_reasons SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.getLostReasonById(id, tenantId); + } + + async deleteLostReason(id: string, tenantId: string): Promise { + await this.getLostReasonById(id, tenantId); + + const inUseLeads = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.leads WHERE lost_reason_id = $1`, + [id] + ); + + const inUseOpps = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM crm.opportunities WHERE lost_reason_id = $1`, + [id] + ); + + if (parseInt(inUseLeads?.count || '0') > 0 || parseInt(inUseOpps?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar una razon que esta en uso'); + } + + await query(`DELETE FROM crm.lost_reasons WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const stagesService = new StagesService(); diff --git a/backend/src/modules/financial/MIGRATION_GUIDE.md b/backend/src/modules/financial/MIGRATION_GUIDE.md new file mode 100644 index 0000000..34060a8 --- /dev/null +++ b/backend/src/modules/financial/MIGRATION_GUIDE.md @@ -0,0 +1,612 @@ +# Financial Module TypeORM Migration Guide + +## Overview + +This guide documents the migration of the Financial module from raw SQL queries to TypeORM. The migration maintains backwards compatibility while introducing modern ORM patterns. + +## Completed Tasks + +### 1. Entity Creation ✅ + +All TypeORM entities have been created in `/src/modules/financial/entities/`: + +- **account-type.entity.ts** - Chart of account types catalog +- **account.entity.ts** - Accounts with hierarchy support +- **journal.entity.ts** - Accounting journals +- **journal-entry.entity.ts** - Journal entries (header) +- **journal-entry-line.entity.ts** - Journal entry lines (detail) +- **invoice.entity.ts** - Customer and supplier invoices +- **invoice-line.entity.ts** - Invoice line items +- **payment.entity.ts** - Payment transactions +- **tax.entity.ts** - Tax configuration +- **fiscal-year.entity.ts** - Fiscal years +- **fiscal-period.entity.ts** - Fiscal periods (months/quarters) +- **index.ts** - Barrel export file + +### 2. Entity Registration ✅ + +All financial entities have been registered in `/src/config/typeorm.ts`: +- Import statements added +- Entities added to the `entities` array in AppDataSource configuration + +### 3. Service Refactoring ✅ + +#### accounts.service.ts - COMPLETED + +The accounts service has been fully migrated to TypeORM with the following features: + +**Key Changes:** +- Uses `Repository` and `Repository` +- Implements QueryBuilder for complex queries with joins +- Supports both snake_case (DB) and camelCase (TS) through decorators +- Maintains all original functionality including: + - Account hierarchy with cycle detection + - Soft delete with validation + - Balance calculations + - Full CRUD operations + +**Pattern to Follow:** +```typescript +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Entity } from './entities/index.js'; + +class MyService { + private repository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(Entity); + } + + async findAll(tenantId: string, filters = {}) { + const queryBuilder = this.repository + .createQueryBuilder('alias') + .leftJoin('alias.relation', 'relation') + .addSelect(['relation.field']) + .where('alias.tenantId = :tenantId', { tenantId }); + + // Apply filters + // Get count and results + return { data, total }; + } +} +``` + +## Remaining Tasks + +### Services to Migrate + +#### 1. journals.service.ts - PRIORITY HIGH + +**Current State:** Uses raw SQL queries +**Target Pattern:** Same as accounts.service.ts + +**Migration Steps:** +1. Import Journal entity and Repository +2. Replace all `query()` and `queryOne()` calls with Repository methods +3. Use QueryBuilder for complex queries with joins (company, account, currency) +4. Update return types to use entity types instead of interfaces +5. Maintain validation logic for: + - Unique code per company + - Journal entry existence check before delete +6. Test endpoints thoroughly + +**Key Relationships:** +- Journal → Company (ManyToOne) +- Journal → Account (default account, ManyToOne, optional) + +--- + +#### 2. taxes.service.ts - PRIORITY HIGH + +**Current State:** Uses raw SQL queries +**Special Feature:** Tax calculation logic + +**Migration Steps:** +1. Import Tax entity and Repository +2. Migrate CRUD operations to Repository +3. **IMPORTANT:** Keep `calculateTaxes()` and `calculateDocumentTaxes()` logic intact +4. These calculation methods can still use raw queries if needed +5. Update filters to use QueryBuilder + +**Tax Calculation Logic:** +- Located in lines 224-354 of current service +- Critical for invoice and payment processing +- DO NOT modify calculation algorithms +- Only update data access layer + +--- + +#### 3. journal-entries.service.ts - PRIORITY MEDIUM + +**Current State:** Uses raw SQL with transactions +**Complexity:** HIGH - Multi-table operations + +**Migration Steps:** +1. Import JournalEntry, JournalEntryLine entities +2. Use TypeORM QueryRunner for transactions: +```typescript +const queryRunner = AppDataSource.createQueryRunner(); +await queryRunner.connect(); +await queryRunner.startTransaction(); + +try { + // Operations + await queryRunner.commitTransaction(); +} catch (error) { + await queryRunner.rollbackTransaction(); + throw error; +} finally { + await queryRunner.release(); +} +``` + +3. **Double-Entry Balance Validation:** + - Keep validation logic lines 172-177 + - Validate debit = credit before saving +4. Use cascade operations for lines: + - `cascade: true` is already set in entity + - Can save entry with lines in single operation + +**Critical Features:** +- Transaction management (BEGIN/COMMIT/ROLLBACK) +- Balance validation (debits must equal credits) +- Status transitions (draft → posted → cancelled) +- Fiscal period validation + +--- + +#### 4. invoices.service.ts - PRIORITY MEDIUM + +**Current State:** Uses raw SQL with complex line management +**Complexity:** HIGH - Invoice lines, tax calculations + +**Migration Steps:** +1. Import Invoice, InvoiceLine entities +2. Use transactions for multi-table operations +3. **Tax Integration:** + - Line 331-340: Uses taxesService.calculateTaxes() + - Keep this integration intact + - Only migrate data access +4. **Amount Calculations:** + - updateTotals() method (lines 525-543) + - Can use QueryBuilder aggregation or raw SQL +5. **Number Generation:** + - Lines 472-478: Sequential invoice numbering + - Keep this logic, migrate to Repository + +**Relationships:** +- Invoice → Company +- Invoice → Journal (optional) +- Invoice → JournalEntry (optional, for accounting integration) +- Invoice → InvoiceLine[] (one-to-many, cascade) +- InvoiceLine → Account (optional) + +--- + +#### 5. payments.service.ts - PRIORITY MEDIUM + +**Current State:** Uses raw SQL with invoice reconciliation +**Complexity:** MEDIUM-HIGH - Payment-Invoice linking + +**Migration Steps:** +1. Import Payment entity +2. **Payment-Invoice Junction:** + - Table: `financial.payment_invoice` + - Not modeled as entity (junction table) + - Can use raw SQL for this or create entity +3. Use transactions for reconciliation +4. **Invoice Status Updates:** + - Lines 373-380: Updates invoice amounts + - Must coordinate with Invoice entity + +**Critical Logic:** +- Reconciliation workflow (lines 314-401) +- Invoice amount updates +- Transaction rollback on errors + +--- + +#### 6. fiscalPeriods.service.ts - PRIORITY LOW + +**Current State:** Uses raw SQL + database functions +**Complexity:** MEDIUM - Database function calls + +**Migration Steps:** +1. Import FiscalYear, FiscalPeriod entities +2. Basic CRUD can use Repository +3. **Database Functions:** + - Line 242: `financial.close_fiscal_period()` + - Line 265: `financial.reopen_fiscal_period()` + - Keep these as raw SQL calls: + ```typescript + await this.repository.query( + 'SELECT * FROM financial.close_fiscal_period($1, $2)', + [periodId, userId] + ); + ``` +4. **Date Overlap Validation:** + - Lines 102-107, 207-212 + - Use QueryBuilder with date range checks + +--- + +## Controller Updates + +### Accept Both snake_case and camelCase + +The controller currently only accepts snake_case. Update to support both: + +**Current:** +```typescript +const createAccountSchema = z.object({ + company_id: z.string().uuid(), + code: z.string(), + // ... +}); +``` + +**Updated:** +```typescript +const createAccountSchema = z.object({ + companyId: z.string().uuid().optional(), + company_id: z.string().uuid().optional(), + code: z.string(), + // ... +}).refine( + (data) => data.companyId || data.company_id, + { message: "Either companyId or company_id is required" } +); + +// Then normalize before service call: +const dto = { + companyId: parseResult.data.companyId || parseResult.data.company_id, + // ... rest of fields +}; +``` + +**Simpler Approach:** +Transform incoming data before validation: +```typescript +// Add utility function +function toCamelCase(obj: any): any { + const camelObj: any = {}; + for (const key in obj) { + const camelKey = key.replace(/_([a-z])/g, (g) => g[1].toUpperCase()); + camelObj[camelKey] = obj[key]; + } + return camelObj; +} + +// Use in controller +const normalizedBody = toCamelCase(req.body); +const parseResult = createAccountSchema.safeParse(normalizedBody); +``` + +--- + +## Migration Patterns + +### 1. Repository Setup + +```typescript +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { MyEntity } from './entities/index.js'; + +class MyService { + private repository: Repository; + + constructor() { + this.repository = AppDataSource.getRepository(MyEntity); + } +} +``` + +### 2. Simple Find Operations + +**Before (Raw SQL):** +```typescript +const result = await queryOne( + `SELECT * FROM schema.table WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] +); +``` + +**After (TypeORM):** +```typescript +const result = await this.repository.findOne({ + where: { id, tenantId, deletedAt: IsNull() } +}); +``` + +### 3. Complex Queries with Joins + +**Before:** +```typescript +const data = await query( + `SELECT e.*, r.name as relation_name + FROM schema.entities e + LEFT JOIN schema.relations r ON e.relation_id = r.id + WHERE e.tenant_id = $1`, + [tenantId] +); +``` + +**After:** +```typescript +const data = await this.repository + .createQueryBuilder('entity') + .leftJoin('entity.relation', 'relation') + .addSelect(['relation.name']) + .where('entity.tenantId = :tenantId', { tenantId }) + .getMany(); +``` + +### 4. Transactions + +**Before:** +```typescript +const client = await getClient(); +try { + await client.query('BEGIN'); + // operations + await client.query('COMMIT'); +} catch (error) { + await client.query('ROLLBACK'); + throw error; +} finally { + client.release(); +} +``` + +**After:** +```typescript +const queryRunner = AppDataSource.createQueryRunner(); +await queryRunner.connect(); +await queryRunner.startTransaction(); + +try { + // operations using queryRunner.manager + await queryRunner.manager.save(entity); + await queryRunner.commitTransaction(); +} catch (error) { + await queryRunner.rollbackTransaction(); + throw error; +} finally { + await queryRunner.release(); +} +``` + +### 5. Soft Deletes + +**Pattern:** +```typescript +await this.repository.update( + { id, tenantId }, + { + deletedAt: new Date(), + deletedBy: userId, + } +); +``` + +### 6. Pagination + +```typescript +const skip = (page - 1) * limit; + +const [data, total] = await this.repository.findAndCount({ + where: { tenantId, deletedAt: IsNull() }, + skip, + take: limit, + order: { createdAt: 'DESC' }, +}); + +return { data, total }; +``` + +--- + +## Testing Strategy + +### 1. Unit Tests + +For each refactored service: + +```typescript +describe('AccountsService', () => { + let service: AccountsService; + let repository: Repository; + + beforeEach(() => { + repository = AppDataSource.getRepository(Account); + service = new AccountsService(); + }); + + it('should create account with valid data', async () => { + const dto = { /* ... */ }; + const result = await service.create(dto, tenantId, userId); + expect(result.id).toBeDefined(); + expect(result.code).toBe(dto.code); + }); +}); +``` + +### 2. Integration Tests + +Test with actual database: + +```bash +# Run tests +npm test src/modules/financial/__tests__/ +``` + +### 3. API Tests + +Test HTTP endpoints: + +```bash +# Test accounts endpoints +curl -X GET http://localhost:3000/api/financial/accounts?companyId=xxx +curl -X POST http://localhost:3000/api/financial/accounts -d '{"companyId":"xxx",...}' +``` + +--- + +## Rollback Plan + +If migration causes issues: + +1. **Restore Old Services:** +```bash +cd src/modules/financial +mv accounts.service.ts accounts.service.new.ts +mv accounts.service.old.ts accounts.service.ts +``` + +2. **Remove Entity Imports:** +Edit `/src/config/typeorm.ts` and remove financial entity imports + +3. **Restart Application:** +```bash +npm run dev +``` + +--- + +## Database Schema Notes + +### Schema: `financial` + +All tables use the `financial` schema as specified in entities. + +### Important Columns: + +- **tenant_id**: Multi-tenancy isolation (UUID, NOT NULL) +- **company_id**: Company isolation (UUID, NOT NULL) +- **deleted_at**: Soft delete timestamp (NULL = active) +- **created_at**: Audit timestamp +- **created_by**: User ID who created (UUID) +- **updated_at**: Audit timestamp +- **updated_by**: User ID who updated (UUID) + +### Decimal Precision: + +- **Amounts**: DECIMAL(15, 2) - invoices, payments +- **Quantity**: DECIMAL(15, 4) - invoice lines +- **Tax Rate**: DECIMAL(5, 2) - tax percentage + +--- + +## Common Issues and Solutions + +### Issue 1: Column Name Mismatch + +**Error:** `column "companyId" does not exist` + +**Solution:** Entity decorators map camelCase to snake_case: +```typescript +@Column({ name: 'company_id' }) +companyId: string; +``` + +### Issue 2: Soft Deletes Not Working + +**Solution:** Always include `deletedAt: IsNull()` in where clauses: +```typescript +where: { id, tenantId, deletedAt: IsNull() } +``` + +### Issue 3: Transaction Not Rolling Back + +**Solution:** Always use try-catch-finally with queryRunner: +```typescript +finally { + await queryRunner.release(); // MUST release +} +``` + +### Issue 4: Relations Not Loading + +**Solution:** Use leftJoin or relations option: +```typescript +// Option 1: Query Builder +.leftJoin('entity.relation', 'relation') +.addSelect(['relation.field']) + +// Option 2: Find options +findOne({ + where: { id }, + relations: ['relation'], +}) +``` + +--- + +## Performance Considerations + +### 1. Query Optimization + +- Use `leftJoin` + `addSelect` instead of `relations` option for better control +- Add indexes on frequently queried columns (already in entities) +- Use pagination for large result sets + +### 2. Connection Pooling + +TypeORM pool configuration (in typeorm.ts): +```typescript +extra: { + max: 10, // Conservative to not compete with pg pool + min: 2, + idleTimeoutMillis: 30000, +} +``` + +### 3. Caching + +Currently disabled: +```typescript +cache: false +``` + +Can enable later for read-heavy operations. + +--- + +## Next Steps + +1. **Complete service migrations** in this order: + - taxes.service.ts (High priority, simple) + - journals.service.ts (High priority, simple) + - journal-entries.service.ts (Medium, complex transactions) + - invoices.service.ts (Medium, tax integration) + - payments.service.ts (Medium, reconciliation) + - fiscalPeriods.service.ts (Low, DB functions) + +2. **Update controller** to accept both snake_case and camelCase + +3. **Write tests** for each migrated service + +4. **Update API documentation** to reflect camelCase support + +5. **Monitor performance** after deployment + +--- + +## Support and Questions + +For questions about this migration: +- Check existing patterns in `accounts.service.ts` +- Review TypeORM documentation: https://typeorm.io +- Check entity definitions in `/entities/` folder + +--- + +## Changelog + +### 2024-12-14 +- Created all TypeORM entities +- Registered entities in AppDataSource +- Completed accounts.service.ts migration +- Created this migration guide diff --git a/backend/src/modules/financial/accounts.service.old.ts b/backend/src/modules/financial/accounts.service.old.ts new file mode 100644 index 0000000..14d2fb5 --- /dev/null +++ b/backend/src/modules/financial/accounts.service.old.ts @@ -0,0 +1,330 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export type AccountType = 'asset' | 'liability' | 'equity' | 'income' | 'expense'; + +export interface AccountTypeEntity { + id: string; + code: string; + name: string; + account_type: AccountType; + description?: string; +} + +export interface Account { + id: string; + tenant_id: string; + company_id: string; + code: string; + name: string; + account_type_id: string; + account_type_name?: string; + account_type_code?: string; + parent_id?: string; + parent_name?: string; + currency_id?: string; + currency_code?: string; + is_reconcilable: boolean; + is_deprecated: boolean; + notes?: string; + created_at: Date; +} + +export interface CreateAccountDto { + company_id: string; + code: string; + name: string; + account_type_id: string; + parent_id?: string; + currency_id?: string; + is_reconcilable?: boolean; + notes?: string; +} + +export interface UpdateAccountDto { + name?: string; + parent_id?: string | null; + currency_id?: string | null; + is_reconcilable?: boolean; + is_deprecated?: boolean; + notes?: string | null; +} + +export interface AccountFilters { + company_id?: string; + account_type_id?: string; + parent_id?: string; + is_deprecated?: boolean; + search?: string; + page?: number; + limit?: number; +} + +class AccountsService { + // Account Types (catalog) + async findAllAccountTypes(): Promise { + return query( + `SELECT * FROM financial.account_types ORDER BY code` + ); + } + + async findAccountTypeById(id: string): Promise { + const accountType = await queryOne( + `SELECT * FROM financial.account_types WHERE id = $1`, + [id] + ); + if (!accountType) { + throw new NotFoundError('Tipo de cuenta no encontrado'); + } + return accountType; + } + + // Accounts + async findAll(tenantId: string, filters: AccountFilters = {}): Promise<{ data: Account[]; total: number }> { + const { company_id, account_type_id, parent_id, is_deprecated, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE a.tenant_id = $1 AND a.deleted_at IS NULL'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND a.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (account_type_id) { + whereClause += ` AND a.account_type_id = $${paramIndex++}`; + params.push(account_type_id); + } + + if (parent_id !== undefined) { + if (parent_id === null || parent_id === 'null') { + whereClause += ' AND a.parent_id IS NULL'; + } else { + whereClause += ` AND a.parent_id = $${paramIndex++}`; + params.push(parent_id); + } + } + + if (is_deprecated !== undefined) { + whereClause += ` AND a.is_deprecated = $${paramIndex++}`; + params.push(is_deprecated); + } + + if (search) { + whereClause += ` AND (a.code ILIKE $${paramIndex} OR a.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.accounts a ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT a.*, + at.name as account_type_name, + at.code as account_type_code, + ap.name as parent_name, + cur.code as currency_code + FROM financial.accounts a + LEFT JOIN financial.account_types at ON a.account_type_id = at.id + LEFT JOIN financial.accounts ap ON a.parent_id = ap.id + LEFT JOIN core.currencies cur ON a.currency_id = cur.id + ${whereClause} + ORDER BY a.code + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const account = await queryOne( + `SELECT a.*, + at.name as account_type_name, + at.code as account_type_code, + ap.name as parent_name, + cur.code as currency_code + FROM financial.accounts a + LEFT JOIN financial.account_types at ON a.account_type_id = at.id + LEFT JOIN financial.accounts ap ON a.parent_id = ap.id + LEFT JOIN core.currencies cur ON a.currency_id = cur.id + WHERE a.id = $1 AND a.tenant_id = $2 AND a.deleted_at IS NULL`, + [id, tenantId] + ); + + if (!account) { + throw new NotFoundError('Cuenta no encontrada'); + } + + return account; + } + + async create(dto: CreateAccountDto, tenantId: string, userId: string): Promise { + // Validate unique code within company + const existing = await queryOne( + `SELECT id FROM financial.accounts WHERE company_id = $1 AND code = $2 AND deleted_at IS NULL`, + [dto.company_id, dto.code] + ); + if (existing) { + throw new ConflictError(`Ya existe una cuenta con código ${dto.code}`); + } + + // Validate account type exists + await this.findAccountTypeById(dto.account_type_id); + + // Validate parent account if specified + if (dto.parent_id) { + const parent = await queryOne( + `SELECT id FROM financial.accounts WHERE id = $1 AND company_id = $2 AND deleted_at IS NULL`, + [dto.parent_id, dto.company_id] + ); + if (!parent) { + throw new NotFoundError('Cuenta padre no encontrada'); + } + } + + const account = await queryOne( + `INSERT INTO financial.accounts (tenant_id, company_id, code, name, account_type_id, parent_id, currency_id, is_reconcilable, notes, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, + dto.company_id, + dto.code, + dto.name, + dto.account_type_id, + dto.parent_id, + dto.currency_id, + dto.is_reconcilable || false, + dto.notes, + userId, + ] + ); + + return account!; + } + + async update(id: string, dto: UpdateAccountDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + // Validate parent (prevent self-reference) + if (dto.parent_id) { + if (dto.parent_id === id) { + throw new ConflictError('Una cuenta no puede ser su propia cuenta padre'); + } + const parent = await queryOne( + `SELECT id FROM financial.accounts WHERE id = $1 AND company_id = $2 AND deleted_at IS NULL`, + [dto.parent_id, existing.company_id] + ); + if (!parent) { + throw new NotFoundError('Cuenta padre no encontrada'); + } + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.parent_id !== undefined) { + updateFields.push(`parent_id = $${paramIndex++}`); + values.push(dto.parent_id); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.is_reconcilable !== undefined) { + updateFields.push(`is_reconcilable = $${paramIndex++}`); + values.push(dto.is_reconcilable); + } + if (dto.is_deprecated !== undefined) { + updateFields.push(`is_deprecated = $${paramIndex++}`); + values.push(dto.is_deprecated); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + const account = await queryOne( + `UPDATE financial.accounts + SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} AND deleted_at IS NULL + RETURNING *`, + values + ); + + return account!; + } + + async delete(id: string, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Check if account has children + const children = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.accounts WHERE parent_id = $1 AND deleted_at IS NULL`, + [id] + ); + if (parseInt(children?.count || '0', 10) > 0) { + throw new ConflictError('No se puede eliminar una cuenta que tiene subcuentas'); + } + + // Check if account has journal entry lines + const entries = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journal_entry_lines WHERE account_id = $1`, + [id] + ); + if (parseInt(entries?.count || '0', 10) > 0) { + throw new ConflictError('No se puede eliminar una cuenta que tiene movimientos contables'); + } + + // Soft delete + await query( + `UPDATE financial.accounts SET deleted_at = CURRENT_TIMESTAMP, deleted_by = $1 WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + } + + async getBalance(accountId: string, tenantId: string): Promise<{ debit: number; credit: number; balance: number }> { + await this.findById(accountId, tenantId); + + const result = await queryOne<{ total_debit: string; total_credit: string }>( + `SELECT COALESCE(SUM(jel.debit), 0) as total_debit, + COALESCE(SUM(jel.credit), 0) as total_credit + FROM financial.journal_entry_lines jel + INNER JOIN financial.journal_entries je ON jel.entry_id = je.id + WHERE jel.account_id = $1 AND je.status = 'posted'`, + [accountId] + ); + + const debit = parseFloat(result?.total_debit || '0'); + const credit = parseFloat(result?.total_credit || '0'); + + return { + debit, + credit, + balance: debit - credit, + }; + } +} + +export const accountsService = new AccountsService(); diff --git a/backend/src/modules/financial/accounts.service.ts b/backend/src/modules/financial/accounts.service.ts new file mode 100644 index 0000000..8cbc8ec --- /dev/null +++ b/backend/src/modules/financial/accounts.service.ts @@ -0,0 +1,468 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Account, AccountType } from './entities/index.js'; +import { NotFoundError, ValidationError, ForbiddenError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateAccountDto { + companyId: string; + code: string; + name: string; + accountTypeId: string; + parentId?: string; + currencyId?: string; + isReconcilable?: boolean; + notes?: string; +} + +export interface UpdateAccountDto { + name?: string; + parentId?: string | null; + currencyId?: string | null; + isReconcilable?: boolean; + isDeprecated?: boolean; + notes?: string | null; +} + +export interface AccountFilters { + companyId?: string; + accountTypeId?: string; + parentId?: string; + isDeprecated?: boolean; + search?: string; + page?: number; + limit?: number; +} + +export interface AccountWithRelations extends Account { + accountTypeName?: string; + accountTypeCode?: string; + parentName?: string; + currencyCode?: string; +} + +// ===== AccountsService Class ===== + +class AccountsService { + private accountRepository: Repository; + private accountTypeRepository: Repository; + + constructor() { + this.accountRepository = AppDataSource.getRepository(Account); + this.accountTypeRepository = AppDataSource.getRepository(AccountType); + } + + /** + * Get all account types (catalog) + */ + async findAllAccountTypes(): Promise { + return this.accountTypeRepository.find({ + order: { code: 'ASC' }, + }); + } + + /** + * Get account type by ID + */ + async findAccountTypeById(id: string): Promise { + const accountType = await this.accountTypeRepository.findOne({ + where: { id }, + }); + + if (!accountType) { + throw new NotFoundError('Tipo de cuenta no encontrado'); + } + + return accountType; + } + + /** + * Get all accounts with filters and pagination + */ + async findAll( + tenantId: string, + filters: AccountFilters = {} + ): Promise<{ data: AccountWithRelations[]; total: number }> { + try { + const { + companyId, + accountTypeId, + parentId, + isDeprecated, + search, + page = 1, + limit = 50 + } = filters; + const skip = (page - 1) * limit; + + const queryBuilder = this.accountRepository + .createQueryBuilder('account') + .leftJoin('account.accountType', 'accountType') + .addSelect(['accountType.name', 'accountType.code']) + .leftJoin('account.parent', 'parent') + .addSelect(['parent.name']) + .where('account.tenantId = :tenantId', { tenantId }) + .andWhere('account.deletedAt IS NULL'); + + // Apply filters + if (companyId) { + queryBuilder.andWhere('account.companyId = :companyId', { companyId }); + } + + if (accountTypeId) { + queryBuilder.andWhere('account.accountTypeId = :accountTypeId', { accountTypeId }); + } + + if (parentId !== undefined) { + if (parentId === null || parentId === 'null') { + queryBuilder.andWhere('account.parentId IS NULL'); + } else { + queryBuilder.andWhere('account.parentId = :parentId', { parentId }); + } + } + + if (isDeprecated !== undefined) { + queryBuilder.andWhere('account.isDeprecated = :isDeprecated', { isDeprecated }); + } + + if (search) { + queryBuilder.andWhere( + '(account.code ILIKE :search OR account.name ILIKE :search)', + { search: `%${search}%` } + ); + } + + // Get total count + const total = await queryBuilder.getCount(); + + // Get paginated results + const accounts = await queryBuilder + .orderBy('account.code', 'ASC') + .skip(skip) + .take(limit) + .getMany(); + + // Map to include relation names + const data: AccountWithRelations[] = accounts.map(account => ({ + ...account, + accountTypeName: account.accountType?.name, + accountTypeCode: account.accountType?.code, + parentName: account.parent?.name, + })); + + logger.debug('Accounts retrieved', { tenantId, count: data.length, total }); + + return { data, total }; + } catch (error) { + logger.error('Error retrieving accounts', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get account by ID + */ + async findById(id: string, tenantId: string): Promise { + try { + const account = await this.accountRepository + .createQueryBuilder('account') + .leftJoin('account.accountType', 'accountType') + .addSelect(['accountType.name', 'accountType.code']) + .leftJoin('account.parent', 'parent') + .addSelect(['parent.name']) + .where('account.id = :id', { id }) + .andWhere('account.tenantId = :tenantId', { tenantId }) + .andWhere('account.deletedAt IS NULL') + .getOne(); + + if (!account) { + throw new NotFoundError('Cuenta no encontrada'); + } + + return { + ...account, + accountTypeName: account.accountType?.name, + accountTypeCode: account.accountType?.code, + parentName: account.parent?.name, + }; + } catch (error) { + logger.error('Error finding account', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Create a new account + */ + async create( + dto: CreateAccountDto, + tenantId: string, + userId: string + ): Promise { + try { + // Validate unique code within company + const existing = await this.accountRepository.findOne({ + where: { + companyId: dto.companyId, + code: dto.code, + deletedAt: IsNull(), + }, + }); + + if (existing) { + throw new ValidationError(`Ya existe una cuenta con código ${dto.code}`); + } + + // Validate account type exists + await this.findAccountTypeById(dto.accountTypeId); + + // Validate parent account if specified + if (dto.parentId) { + const parent = await this.accountRepository.findOne({ + where: { + id: dto.parentId, + companyId: dto.companyId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Cuenta padre no encontrada'); + } + } + + // Create account + const account = this.accountRepository.create({ + tenantId, + companyId: dto.companyId, + code: dto.code, + name: dto.name, + accountTypeId: dto.accountTypeId, + parentId: dto.parentId || null, + currencyId: dto.currencyId || null, + isReconcilable: dto.isReconcilable || false, + notes: dto.notes || null, + createdBy: userId, + }); + + await this.accountRepository.save(account); + + logger.info('Account created', { + accountId: account.id, + tenantId, + code: account.code, + createdBy: userId, + }); + + return account; + } catch (error) { + logger.error('Error creating account', { + error: (error as Error).message, + tenantId, + dto, + }); + throw error; + } + } + + /** + * Update an account + */ + async update( + id: string, + dto: UpdateAccountDto, + tenantId: string, + userId: string + ): Promise { + try { + const existing = await this.findById(id, tenantId); + + // Validate parent (prevent self-reference and cycles) + if (dto.parentId !== undefined && dto.parentId) { + if (dto.parentId === id) { + throw new ValidationError('Una cuenta no puede ser su propia cuenta padre'); + } + + const parent = await this.accountRepository.findOne({ + where: { + id: dto.parentId, + companyId: existing.companyId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Cuenta padre no encontrada'); + } + + // Check for circular reference + if (await this.wouldCreateCycle(id, dto.parentId, tenantId)) { + throw new ValidationError('La asignación crearía una referencia circular'); + } + } + + // Update allowed fields + if (dto.name !== undefined) existing.name = dto.name; + if (dto.parentId !== undefined) existing.parentId = dto.parentId; + if (dto.currencyId !== undefined) existing.currencyId = dto.currencyId; + if (dto.isReconcilable !== undefined) existing.isReconcilable = dto.isReconcilable; + if (dto.isDeprecated !== undefined) existing.isDeprecated = dto.isDeprecated; + if (dto.notes !== undefined) existing.notes = dto.notes; + + existing.updatedBy = userId; + existing.updatedAt = new Date(); + + await this.accountRepository.save(existing); + + logger.info('Account updated', { + accountId: id, + tenantId, + updatedBy: userId, + }); + + return await this.findById(id, tenantId); + } catch (error) { + logger.error('Error updating account', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Soft delete an account + */ + async delete(id: string, tenantId: string, userId: string): Promise { + try { + await this.findById(id, tenantId); + + // Check if account has children + const childrenCount = await this.accountRepository.count({ + where: { + parentId: id, + deletedAt: IsNull(), + }, + }); + + if (childrenCount > 0) { + throw new ForbiddenError('No se puede eliminar una cuenta que tiene subcuentas'); + } + + // Check if account has journal entry lines (use raw query for this check) + const entryLinesCheck = await this.accountRepository.query( + `SELECT COUNT(*) as count FROM financial.journal_entry_lines WHERE account_id = $1`, + [id] + ); + + if (parseInt(entryLinesCheck[0]?.count || '0', 10) > 0) { + throw new ForbiddenError('No se puede eliminar una cuenta que tiene movimientos contables'); + } + + // Soft delete + await this.accountRepository.update( + { id, tenantId }, + { + deletedAt: new Date(), + deletedBy: userId, + } + ); + + logger.info('Account deleted', { + accountId: id, + tenantId, + deletedBy: userId, + }); + } catch (error) { + logger.error('Error deleting account', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Get account balance + */ + async getBalance( + accountId: string, + tenantId: string + ): Promise<{ debit: number; credit: number; balance: number }> { + try { + await this.findById(accountId, tenantId); + + const result = await this.accountRepository.query( + `SELECT COALESCE(SUM(jel.debit), 0) as total_debit, + COALESCE(SUM(jel.credit), 0) as total_credit + FROM financial.journal_entry_lines jel + INNER JOIN financial.journal_entries je ON jel.entry_id = je.id + WHERE jel.account_id = $1 AND je.status = 'posted'`, + [accountId] + ); + + const debit = parseFloat(result[0]?.total_debit || '0'); + const credit = parseFloat(result[0]?.total_credit || '0'); + + return { + debit, + credit, + balance: debit - credit, + }; + } catch (error) { + logger.error('Error getting account balance', { + error: (error as Error).message, + accountId, + tenantId, + }); + throw error; + } + } + + /** + * Check if assigning a parent would create a circular reference + */ + private async wouldCreateCycle( + accountId: string, + newParentId: string, + tenantId: string + ): Promise { + let currentId: string | null = newParentId; + const visited = new Set(); + + while (currentId) { + if (visited.has(currentId)) { + return true; // Found a cycle + } + if (currentId === accountId) { + return true; // Would create a cycle + } + + visited.add(currentId); + + const parent = await this.accountRepository.findOne({ + where: { id: currentId, tenantId, deletedAt: IsNull() }, + select: ['parentId'], + }); + + currentId = parent?.parentId || null; + } + + return false; + } +} + +// ===== Export Singleton Instance ===== + +export const accountsService = new AccountsService(); diff --git a/backend/src/modules/financial/entities/account-type.entity.ts b/backend/src/modules/financial/entities/account-type.entity.ts new file mode 100644 index 0000000..a4fe1d0 --- /dev/null +++ b/backend/src/modules/financial/entities/account-type.entity.ts @@ -0,0 +1,38 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + Index, +} from 'typeorm'; + +export enum AccountTypeEnum { + ASSET = 'asset', + LIABILITY = 'liability', + EQUITY = 'equity', + INCOME = 'income', + EXPENSE = 'expense', +} + +@Entity({ schema: 'financial', name: 'account_types' }) +@Index('idx_account_types_code', ['code'], { unique: true }) +export class AccountType { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 20, nullable: false, unique: true }) + code: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ + type: 'enum', + enum: AccountTypeEnum, + nullable: false, + name: 'account_type', + }) + accountType: AccountTypeEnum; + + @Column({ type: 'text', nullable: true }) + description: string | null; +} diff --git a/backend/src/modules/financial/entities/account.entity.ts b/backend/src/modules/financial/entities/account.entity.ts new file mode 100644 index 0000000..5db7d67 --- /dev/null +++ b/backend/src/modules/financial/entities/account.entity.ts @@ -0,0 +1,93 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + OneToMany, +} from 'typeorm'; +import { AccountType } from './account-type.entity.js'; +import { Company } from '../../auth/entities/company.entity.js'; + +@Entity({ schema: 'financial', name: 'accounts' }) +@Index('idx_accounts_tenant_id', ['tenantId']) +@Index('idx_accounts_company_id', ['companyId']) +@Index('idx_accounts_code', ['companyId', 'code'], { unique: true, where: 'deleted_at IS NULL' }) +@Index('idx_accounts_parent_id', ['parentId']) +@Index('idx_accounts_account_type_id', ['accountTypeId']) +export class Account { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 50, nullable: false }) + code: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'uuid', nullable: false, name: 'account_type_id' }) + accountTypeId: string; + + @Column({ type: 'uuid', nullable: true, name: 'parent_id' }) + parentId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'currency_id' }) + currencyId: string | null; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_reconcilable' }) + isReconcilable: boolean; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_deprecated' }) + isDeprecated: boolean; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => AccountType) + @JoinColumn({ name: 'account_type_id' }) + accountType: AccountType; + + @ManyToOne(() => Account, (account) => account.children) + @JoinColumn({ name: 'parent_id' }) + parent: Account | null; + + @OneToMany(() => Account, (account) => account.parent) + children: Account[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/financial/entities/fiscal-period.entity.ts b/backend/src/modules/financial/entities/fiscal-period.entity.ts new file mode 100644 index 0000000..b3f92a3 --- /dev/null +++ b/backend/src/modules/financial/entities/fiscal-period.entity.ts @@ -0,0 +1,64 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { FiscalYear, FiscalPeriodStatus } from './fiscal-year.entity.js'; + +@Entity({ schema: 'financial', name: 'fiscal_periods' }) +@Index('idx_fiscal_periods_tenant_id', ['tenantId']) +@Index('idx_fiscal_periods_fiscal_year_id', ['fiscalYearId']) +@Index('idx_fiscal_periods_dates', ['dateFrom', 'dateTo']) +@Index('idx_fiscal_periods_status', ['status']) +export class FiscalPeriod { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'fiscal_year_id' }) + fiscalYearId: string; + + @Column({ type: 'varchar', length: 20, nullable: false }) + code: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'date', nullable: false, name: 'date_from' }) + dateFrom: Date; + + @Column({ type: 'date', nullable: false, name: 'date_to' }) + dateTo: Date; + + @Column({ + type: 'enum', + enum: FiscalPeriodStatus, + default: FiscalPeriodStatus.OPEN, + nullable: false, + }) + status: FiscalPeriodStatus; + + @Column({ type: 'timestamp', nullable: true, name: 'closed_at' }) + closedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'closed_by' }) + closedBy: string | null; + + // Relations + @ManyToOne(() => FiscalYear, (year) => year.periods) + @JoinColumn({ name: 'fiscal_year_id' }) + fiscalYear: FiscalYear; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; +} diff --git a/backend/src/modules/financial/entities/fiscal-year.entity.ts b/backend/src/modules/financial/entities/fiscal-year.entity.ts new file mode 100644 index 0000000..7a7866e --- /dev/null +++ b/backend/src/modules/financial/entities/fiscal-year.entity.ts @@ -0,0 +1,67 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, + OneToMany, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { FiscalPeriod } from './fiscal-period.entity.js'; + +export enum FiscalPeriodStatus { + OPEN = 'open', + CLOSED = 'closed', +} + +@Entity({ schema: 'financial', name: 'fiscal_years' }) +@Index('idx_fiscal_years_tenant_id', ['tenantId']) +@Index('idx_fiscal_years_company_id', ['companyId']) +@Index('idx_fiscal_years_dates', ['dateFrom', 'dateTo']) +export class FiscalYear { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 20, nullable: false }) + code: string; + + @Column({ type: 'date', nullable: false, name: 'date_from' }) + dateFrom: Date; + + @Column({ type: 'date', nullable: false, name: 'date_to' }) + dateTo: Date; + + @Column({ + type: 'enum', + enum: FiscalPeriodStatus, + default: FiscalPeriodStatus.OPEN, + nullable: false, + }) + status: FiscalPeriodStatus; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @OneToMany(() => FiscalPeriod, (period) => period.fiscalYear) + periods: FiscalPeriod[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; +} diff --git a/backend/src/modules/financial/entities/index.ts b/backend/src/modules/financial/entities/index.ts new file mode 100644 index 0000000..a142e49 --- /dev/null +++ b/backend/src/modules/financial/entities/index.ts @@ -0,0 +1,22 @@ +// Account entities +export { AccountType, AccountTypeEnum } from './account-type.entity.js'; +export { Account } from './account.entity.js'; + +// Journal entities +export { Journal, JournalType } from './journal.entity.js'; +export { JournalEntry, EntryStatus } from './journal-entry.entity.js'; +export { JournalEntryLine } from './journal-entry-line.entity.js'; + +// Invoice entities +export { Invoice, InvoiceType, InvoiceStatus } from './invoice.entity.js'; +export { InvoiceLine } from './invoice-line.entity.js'; + +// Payment entities +export { Payment, PaymentType, PaymentMethod, PaymentStatus } from './payment.entity.js'; + +// Tax entities +export { Tax, TaxType } from './tax.entity.js'; + +// Fiscal period entities +export { FiscalYear, FiscalPeriodStatus } from './fiscal-year.entity.js'; +export { FiscalPeriod } from './fiscal-period.entity.js'; diff --git a/backend/src/modules/financial/entities/invoice-line.entity.ts b/backend/src/modules/financial/entities/invoice-line.entity.ts new file mode 100644 index 0000000..33f875f --- /dev/null +++ b/backend/src/modules/financial/entities/invoice-line.entity.ts @@ -0,0 +1,79 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Invoice } from './invoice.entity.js'; +import { Account } from './account.entity.js'; + +@Entity({ schema: 'financial', name: 'invoice_lines' }) +@Index('idx_invoice_lines_invoice_id', ['invoiceId']) +@Index('idx_invoice_lines_tenant_id', ['tenantId']) +@Index('idx_invoice_lines_product_id', ['productId']) +export class InvoiceLine { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'invoice_id' }) + invoiceId: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: true, name: 'product_id' }) + productId: string | null; + + @Column({ type: 'text', nullable: false }) + description: string; + + @Column({ type: 'decimal', precision: 15, scale: 4, nullable: false }) + quantity: number; + + @Column({ type: 'uuid', nullable: true, name: 'uom_id' }) + uomId: string | null; + + @Column({ type: 'decimal', precision: 15, scale: 2, nullable: false, name: 'price_unit' }) + priceUnit: number; + + @Column({ type: 'uuid', array: true, default: '{}', name: 'tax_ids' }) + taxIds: string[]; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_untaxed' }) + amountUntaxed: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_tax' }) + amountTax: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_total' }) + amountTotal: number; + + @Column({ type: 'uuid', nullable: true, name: 'account_id' }) + accountId: string | null; + + // Relations + @ManyToOne(() => Invoice, (invoice) => invoice.lines, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'invoice_id' }) + invoice: Invoice; + + @ManyToOne(() => Account) + @JoinColumn({ name: 'account_id' }) + account: Account | null; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; +} diff --git a/backend/src/modules/financial/entities/invoice.entity.ts b/backend/src/modules/financial/entities/invoice.entity.ts new file mode 100644 index 0000000..3f98a19 --- /dev/null +++ b/backend/src/modules/financial/entities/invoice.entity.ts @@ -0,0 +1,152 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + OneToMany, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Journal } from './journal.entity.js'; +import { JournalEntry } from './journal-entry.entity.js'; +import { InvoiceLine } from './invoice-line.entity.js'; + +export enum InvoiceType { + CUSTOMER = 'customer', + SUPPLIER = 'supplier', +} + +export enum InvoiceStatus { + DRAFT = 'draft', + OPEN = 'open', + PAID = 'paid', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'financial', name: 'invoices' }) +@Index('idx_invoices_tenant_id', ['tenantId']) +@Index('idx_invoices_company_id', ['companyId']) +@Index('idx_invoices_partner_id', ['partnerId']) +@Index('idx_invoices_number', ['number']) +@Index('idx_invoices_date', ['invoiceDate']) +@Index('idx_invoices_status', ['status']) +@Index('idx_invoices_type', ['invoiceType']) +export class Invoice { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'uuid', nullable: false, name: 'partner_id' }) + partnerId: string; + + @Column({ + type: 'enum', + enum: InvoiceType, + nullable: false, + name: 'invoice_type', + }) + invoiceType: InvoiceType; + + @Column({ type: 'varchar', length: 100, nullable: true }) + number: string | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + ref: string | null; + + @Column({ type: 'date', nullable: false, name: 'invoice_date' }) + invoiceDate: Date; + + @Column({ type: 'date', nullable: true, name: 'due_date' }) + dueDate: Date | null; + + @Column({ type: 'uuid', nullable: false, name: 'currency_id' }) + currencyId: string; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_untaxed' }) + amountUntaxed: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_tax' }) + amountTax: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_total' }) + amountTotal: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_paid' }) + amountPaid: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false, name: 'amount_residual' }) + amountResidual: number; + + @Column({ + type: 'enum', + enum: InvoiceStatus, + default: InvoiceStatus.DRAFT, + nullable: false, + }) + status: InvoiceStatus; + + @Column({ type: 'uuid', nullable: true, name: 'payment_term_id' }) + paymentTermId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'journal_id' }) + journalId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'journal_entry_id' }) + journalEntryId: string | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Journal) + @JoinColumn({ name: 'journal_id' }) + journal: Journal | null; + + @ManyToOne(() => JournalEntry) + @JoinColumn({ name: 'journal_entry_id' }) + journalEntry: JournalEntry | null; + + @OneToMany(() => InvoiceLine, (line) => line.invoice, { cascade: true }) + lines: InvoiceLine[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'validated_at' }) + validatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'validated_by' }) + validatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'cancelled_at' }) + cancelledAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'cancelled_by' }) + cancelledBy: string | null; +} diff --git a/backend/src/modules/financial/entities/journal-entry-line.entity.ts b/backend/src/modules/financial/entities/journal-entry-line.entity.ts new file mode 100644 index 0000000..7fd8fd1 --- /dev/null +++ b/backend/src/modules/financial/entities/journal-entry-line.entity.ts @@ -0,0 +1,59 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { JournalEntry } from './journal-entry.entity.js'; +import { Account } from './account.entity.js'; + +@Entity({ schema: 'financial', name: 'journal_entry_lines' }) +@Index('idx_journal_entry_lines_entry_id', ['entryId']) +@Index('idx_journal_entry_lines_account_id', ['accountId']) +@Index('idx_journal_entry_lines_tenant_id', ['tenantId']) +export class JournalEntryLine { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'entry_id' }) + entryId: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'account_id' }) + accountId: string; + + @Column({ type: 'uuid', nullable: true, name: 'partner_id' }) + partnerId: string | null; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false }) + debit: number; + + @Column({ type: 'decimal', precision: 15, scale: 2, default: 0, nullable: false }) + credit: number; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + ref: string | null; + + // Relations + @ManyToOne(() => JournalEntry, (entry) => entry.lines, { + onDelete: 'CASCADE', + }) + @JoinColumn({ name: 'entry_id' }) + entry: JournalEntry; + + @ManyToOne(() => Account) + @JoinColumn({ name: 'account_id' }) + account: Account; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/financial/entities/journal-entry.entity.ts b/backend/src/modules/financial/entities/journal-entry.entity.ts new file mode 100644 index 0000000..4513a1d --- /dev/null +++ b/backend/src/modules/financial/entities/journal-entry.entity.ts @@ -0,0 +1,104 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + OneToMany, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Journal } from './journal.entity.js'; +import { JournalEntryLine } from './journal-entry-line.entity.js'; + +export enum EntryStatus { + DRAFT = 'draft', + POSTED = 'posted', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'financial', name: 'journal_entries' }) +@Index('idx_journal_entries_tenant_id', ['tenantId']) +@Index('idx_journal_entries_company_id', ['companyId']) +@Index('idx_journal_entries_journal_id', ['journalId']) +@Index('idx_journal_entries_date', ['date']) +@Index('idx_journal_entries_status', ['status']) +export class JournalEntry { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'uuid', nullable: false, name: 'journal_id' }) + journalId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 255, nullable: true }) + ref: string | null; + + @Column({ type: 'date', nullable: false }) + date: Date; + + @Column({ + type: 'enum', + enum: EntryStatus, + default: EntryStatus.DRAFT, + nullable: false, + }) + status: EntryStatus; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'fiscal_period_id' }) + fiscalPeriodId: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Journal) + @JoinColumn({ name: 'journal_id' }) + journal: Journal; + + @OneToMany(() => JournalEntryLine, (line) => line.entry, { cascade: true }) + lines: JournalEntryLine[]; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'posted_at' }) + postedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'posted_by' }) + postedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'cancelled_at' }) + cancelledAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'cancelled_by' }) + cancelledBy: string | null; +} diff --git a/backend/src/modules/financial/entities/journal.entity.ts b/backend/src/modules/financial/entities/journal.entity.ts new file mode 100644 index 0000000..6a09088 --- /dev/null +++ b/backend/src/modules/financial/entities/journal.entity.ts @@ -0,0 +1,94 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Account } from './account.entity.js'; + +export enum JournalType { + SALE = 'sale', + PURCHASE = 'purchase', + CASH = 'cash', + BANK = 'bank', + GENERAL = 'general', +} + +@Entity({ schema: 'financial', name: 'journals' }) +@Index('idx_journals_tenant_id', ['tenantId']) +@Index('idx_journals_company_id', ['companyId']) +@Index('idx_journals_code', ['companyId', 'code'], { unique: true, where: 'deleted_at IS NULL' }) +@Index('idx_journals_type', ['journalType']) +export class Journal { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 20, nullable: false }) + code: string; + + @Column({ + type: 'enum', + enum: JournalType, + nullable: false, + name: 'journal_type', + }) + journalType: JournalType; + + @Column({ type: 'uuid', nullable: true, name: 'default_account_id' }) + defaultAccountId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'sequence_id' }) + sequenceId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'currency_id' }) + currencyId: string | null; + + @Column({ type: 'boolean', default: true, nullable: false }) + active: boolean; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Account) + @JoinColumn({ name: 'default_account_id' }) + defaultAccount: Account | null; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/financial/entities/payment.entity.ts b/backend/src/modules/financial/entities/payment.entity.ts new file mode 100644 index 0000000..e1ca757 --- /dev/null +++ b/backend/src/modules/financial/entities/payment.entity.ts @@ -0,0 +1,135 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Journal } from './journal.entity.js'; +import { JournalEntry } from './journal-entry.entity.js'; + +export enum PaymentType { + INBOUND = 'inbound', + OUTBOUND = 'outbound', +} + +export enum PaymentMethod { + CASH = 'cash', + BANK_TRANSFER = 'bank_transfer', + CHECK = 'check', + CARD = 'card', + OTHER = 'other', +} + +export enum PaymentStatus { + DRAFT = 'draft', + POSTED = 'posted', + RECONCILED = 'reconciled', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'financial', name: 'payments' }) +@Index('idx_payments_tenant_id', ['tenantId']) +@Index('idx_payments_company_id', ['companyId']) +@Index('idx_payments_partner_id', ['partnerId']) +@Index('idx_payments_date', ['paymentDate']) +@Index('idx_payments_status', ['status']) +@Index('idx_payments_type', ['paymentType']) +export class Payment { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'uuid', nullable: false, name: 'partner_id' }) + partnerId: string; + + @Column({ + type: 'enum', + enum: PaymentType, + nullable: false, + name: 'payment_type', + }) + paymentType: PaymentType; + + @Column({ + type: 'enum', + enum: PaymentMethod, + nullable: false, + name: 'payment_method', + }) + paymentMethod: PaymentMethod; + + @Column({ type: 'decimal', precision: 15, scale: 2, nullable: false }) + amount: number; + + @Column({ type: 'uuid', nullable: false, name: 'currency_id' }) + currencyId: string; + + @Column({ type: 'date', nullable: false, name: 'payment_date' }) + paymentDate: Date; + + @Column({ type: 'varchar', length: 255, nullable: true }) + ref: string | null; + + @Column({ + type: 'enum', + enum: PaymentStatus, + default: PaymentStatus.DRAFT, + nullable: false, + }) + status: PaymentStatus; + + @Column({ type: 'uuid', nullable: false, name: 'journal_id' }) + journalId: string; + + @Column({ type: 'uuid', nullable: true, name: 'journal_entry_id' }) + journalEntryId: string | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Journal) + @JoinColumn({ name: 'journal_id' }) + journal: Journal; + + @ManyToOne(() => JournalEntry) + @JoinColumn({ name: 'journal_entry_id' }) + journalEntry: JournalEntry | null; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'posted_at' }) + postedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'posted_by' }) + postedBy: string | null; +} diff --git a/backend/src/modules/financial/entities/tax.entity.ts b/backend/src/modules/financial/entities/tax.entity.ts new file mode 100644 index 0000000..ca490a5 --- /dev/null +++ b/backend/src/modules/financial/entities/tax.entity.ts @@ -0,0 +1,78 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; + +export enum TaxType { + SALES = 'sales', + PURCHASE = 'purchase', + ALL = 'all', +} + +@Entity({ schema: 'financial', name: 'taxes' }) +@Index('idx_taxes_tenant_id', ['tenantId']) +@Index('idx_taxes_company_id', ['companyId']) +@Index('idx_taxes_code', ['tenantId', 'code'], { unique: true }) +@Index('idx_taxes_type', ['taxType']) +export class Tax { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 20, nullable: false }) + code: string; + + @Column({ + type: 'enum', + enum: TaxType, + nullable: false, + name: 'tax_type', + }) + taxType: TaxType; + + @Column({ type: 'decimal', precision: 5, scale: 2, nullable: false }) + amount: number; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'included_in_price' }) + includedInPrice: boolean; + + @Column({ type: 'boolean', default: true, nullable: false }) + active: boolean; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + // Audit fields + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/financial/financial.controller.ts b/backend/src/modules/financial/financial.controller.ts new file mode 100644 index 0000000..b2d7822 --- /dev/null +++ b/backend/src/modules/financial/financial.controller.ts @@ -0,0 +1,753 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { accountsService, CreateAccountDto, UpdateAccountDto, AccountFilters } from './accounts.service.js'; +import { journalsService, CreateJournalDto, UpdateJournalDto, JournalFilters } from './journals.service.js'; +import { journalEntriesService, CreateJournalEntryDto, UpdateJournalEntryDto, JournalEntryFilters } from './journal-entries.service.js'; +import { invoicesService, CreateInvoiceDto, UpdateInvoiceDto, CreateInvoiceLineDto, UpdateInvoiceLineDto, InvoiceFilters } from './invoices.service.js'; +import { paymentsService, CreatePaymentDto, UpdatePaymentDto, ReconcileDto, PaymentFilters } from './payments.service.js'; +import { taxesService, CreateTaxDto, UpdateTaxDto, TaxFilters } from './taxes.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Schemas +const createAccountSchema = z.object({ + company_id: z.string().uuid(), + code: z.string().min(1).max(50), + name: z.string().min(1).max(255), + account_type_id: z.string().uuid(), + parent_id: z.string().uuid().optional(), + currency_id: z.string().uuid().optional(), + is_reconcilable: z.boolean().default(false), + notes: z.string().optional(), +}); + +const updateAccountSchema = z.object({ + name: z.string().min(1).max(255).optional(), + parent_id: z.string().uuid().optional().nullable(), + currency_id: z.string().uuid().optional().nullable(), + is_reconcilable: z.boolean().optional(), + is_deprecated: z.boolean().optional(), + notes: z.string().optional().nullable(), +}); + +const accountQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + account_type_id: z.string().uuid().optional(), + parent_id: z.string().optional(), + is_deprecated: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +const createJournalSchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(255), + code: z.string().min(1).max(20), + journal_type: z.enum(['sale', 'purchase', 'cash', 'bank', 'general']), + default_account_id: z.string().uuid().optional(), + sequence_id: z.string().uuid().optional(), + currency_id: z.string().uuid().optional(), +}); + +const updateJournalSchema = z.object({ + name: z.string().min(1).max(255).optional(), + default_account_id: z.string().uuid().optional().nullable(), + sequence_id: z.string().uuid().optional().nullable(), + currency_id: z.string().uuid().optional().nullable(), + active: z.boolean().optional(), +}); + +const journalQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + journal_type: z.enum(['sale', 'purchase', 'cash', 'bank', 'general']).optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +const journalEntryLineSchema = z.object({ + account_id: z.string().uuid(), + partner_id: z.string().uuid().optional(), + debit: z.number().min(0).default(0), + credit: z.number().min(0).default(0), + description: z.string().optional(), + ref: z.string().optional(), +}); + +const createJournalEntrySchema = z.object({ + company_id: z.string().uuid(), + journal_id: z.string().uuid(), + name: z.string().min(1).max(100), + ref: z.string().max(255).optional(), + date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + notes: z.string().optional(), + lines: z.array(journalEntryLineSchema).min(2), +}); + +const updateJournalEntrySchema = z.object({ + ref: z.string().max(255).optional().nullable(), + date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + notes: z.string().optional().nullable(), + lines: z.array(journalEntryLineSchema).min(2).optional(), +}); + +const journalEntryQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + journal_id: z.string().uuid().optional(), + status: z.enum(['draft', 'posted', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// ========== INVOICE SCHEMAS ========== +const createInvoiceSchema = z.object({ + company_id: z.string().uuid(), + partner_id: z.string().uuid(), + invoice_type: z.enum(['customer', 'supplier']), + currency_id: z.string().uuid(), + invoice_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + due_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + payment_term_id: z.string().uuid().optional(), + journal_id: z.string().uuid().optional(), + ref: z.string().optional(), + notes: z.string().optional(), +}); + +const updateInvoiceSchema = z.object({ + partner_id: z.string().uuid().optional(), + currency_id: z.string().uuid().optional(), + invoice_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + due_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + payment_term_id: z.string().uuid().optional().nullable(), + journal_id: z.string().uuid().optional().nullable(), + ref: z.string().optional().nullable(), + notes: z.string().optional().nullable(), +}); + +const invoiceQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + invoice_type: z.enum(['customer', 'supplier']).optional(), + status: z.enum(['draft', 'open', 'paid', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +const createInvoiceLineSchema = z.object({ + product_id: z.string().uuid().optional(), + description: z.string().min(1), + quantity: z.number().positive(), + uom_id: z.string().uuid().optional(), + price_unit: z.number().min(0), + tax_ids: z.array(z.string().uuid()).optional(), + account_id: z.string().uuid().optional(), +}); + +const updateInvoiceLineSchema = z.object({ + product_id: z.string().uuid().optional().nullable(), + description: z.string().min(1).optional(), + quantity: z.number().positive().optional(), + uom_id: z.string().uuid().optional().nullable(), + price_unit: z.number().min(0).optional(), + tax_ids: z.array(z.string().uuid()).optional(), + account_id: z.string().uuid().optional().nullable(), +}); + +// ========== PAYMENT SCHEMAS ========== +const createPaymentSchema = z.object({ + company_id: z.string().uuid(), + partner_id: z.string().uuid(), + payment_type: z.enum(['inbound', 'outbound']), + payment_method: z.enum(['cash', 'bank_transfer', 'check', 'card', 'other']), + amount: z.number().positive(), + currency_id: z.string().uuid(), + payment_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + ref: z.string().optional(), + journal_id: z.string().uuid(), + notes: z.string().optional(), +}); + +const updatePaymentSchema = z.object({ + partner_id: z.string().uuid().optional(), + payment_method: z.enum(['cash', 'bank_transfer', 'check', 'card', 'other']).optional(), + amount: z.number().positive().optional(), + currency_id: z.string().uuid().optional(), + payment_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + ref: z.string().optional().nullable(), + journal_id: z.string().uuid().optional(), + notes: z.string().optional().nullable(), +}); + +const reconcilePaymentSchema = z.object({ + invoices: z.array(z.object({ + invoice_id: z.string().uuid(), + amount: z.number().positive(), + })).min(1), +}); + +const paymentQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + payment_type: z.enum(['inbound', 'outbound']).optional(), + payment_method: z.enum(['cash', 'bank_transfer', 'check', 'card', 'other']).optional(), + status: z.enum(['draft', 'posted', 'reconciled', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// ========== TAX SCHEMAS ========== +const createTaxSchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(100), + code: z.string().min(1).max(20), + tax_type: z.enum(['sales', 'purchase', 'all']), + amount: z.number().min(0).max(100), + included_in_price: z.boolean().default(false), +}); + +const updateTaxSchema = z.object({ + name: z.string().min(1).max(100).optional(), + code: z.string().min(1).max(20).optional(), + tax_type: z.enum(['sales', 'purchase', 'all']).optional(), + amount: z.number().min(0).max(100).optional(), + included_in_price: z.boolean().optional(), + active: z.boolean().optional(), +}); + +const taxQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + tax_type: z.enum(['sales', 'purchase', 'all']).optional(), + active: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class FinancialController { + // ========== ACCOUNT TYPES ========== + async getAccountTypes(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const accountTypes = await accountsService.findAllAccountTypes(); + res.json({ success: true, data: accountTypes }); + } catch (error) { + next(error); + } + } + + // ========== ACCOUNTS ========== + async getAccounts(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = accountQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: AccountFilters = queryResult.data; + const result = await accountsService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getAccount(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const account = await accountsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: account }); + } catch (error) { + next(error); + } + } + + async createAccount(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createAccountSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de cuenta inválidos', parseResult.error.errors); + } + const dto: CreateAccountDto = parseResult.data; + const account = await accountsService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: account, message: 'Cuenta creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateAccount(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateAccountSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de cuenta inválidos', parseResult.error.errors); + } + const dto: UpdateAccountDto = parseResult.data; + const account = await accountsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: account, message: 'Cuenta actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteAccount(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await accountsService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Cuenta eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async getAccountBalance(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const balance = await accountsService.getBalance(req.params.id, req.tenantId!); + res.json({ success: true, data: balance }); + } catch (error) { + next(error); + } + } + + // ========== JOURNALS ========== + async getJournals(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = journalQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: JournalFilters = queryResult.data; + const result = await journalsService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getJournal(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const journal = await journalsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: journal }); + } catch (error) { + next(error); + } + } + + async createJournal(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createJournalSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de diario inválidos', parseResult.error.errors); + } + const dto: CreateJournalDto = parseResult.data; + const journal = await journalsService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: journal, message: 'Diario creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateJournal(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateJournalSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de diario inválidos', parseResult.error.errors); + } + const dto: UpdateJournalDto = parseResult.data; + const journal = await journalsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: journal, message: 'Diario actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteJournal(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await journalsService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Diario eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== JOURNAL ENTRIES ========== + async getJournalEntries(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = journalEntryQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: JournalEntryFilters = queryResult.data; + const result = await journalEntriesService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const entry = await journalEntriesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: entry }); + } catch (error) { + next(error); + } + } + + async createJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createJournalEntrySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de póliza inválidos', parseResult.error.errors); + } + const dto: CreateJournalEntryDto = parseResult.data; + const entry = await journalEntriesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: entry, message: 'Póliza creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateJournalEntrySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de póliza inválidos', parseResult.error.errors); + } + const dto: UpdateJournalEntryDto = parseResult.data; + const entry = await journalEntriesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: entry, message: 'Póliza actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async postJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const entry = await journalEntriesService.post(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: entry, message: 'Póliza publicada exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const entry = await journalEntriesService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: entry, message: 'Póliza cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteJournalEntry(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await journalEntriesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Póliza eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== INVOICES ========== + async getInvoices(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = invoiceQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: InvoiceFilters = queryResult.data; + const result = await invoicesService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const invoice = await invoicesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: invoice }); + } catch (error) { + next(error); + } + } + + async createInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createInvoiceSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de factura inválidos', parseResult.error.errors); + } + const dto: CreateInvoiceDto = parseResult.data; + const invoice = await invoicesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: invoice, message: 'Factura creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateInvoiceSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de factura inválidos', parseResult.error.errors); + } + const dto: UpdateInvoiceDto = parseResult.data; + const invoice = await invoicesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: invoice, message: 'Factura actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async validateInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const invoice = await invoicesService.validate(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: invoice, message: 'Factura validada exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const invoice = await invoicesService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: invoice, message: 'Factura cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await invoicesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Factura eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== INVOICE LINES ========== + async addInvoiceLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createInvoiceLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + const dto: CreateInvoiceLineDto = parseResult.data; + const line = await invoicesService.addLine(req.params.id, dto, req.tenantId!); + res.status(201).json({ success: true, data: line, message: 'Línea agregada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateInvoiceLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateInvoiceLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + const dto: UpdateInvoiceLineDto = parseResult.data; + const line = await invoicesService.updateLine(req.params.id, req.params.lineId, dto, req.tenantId!); + res.json({ success: true, data: line, message: 'Línea actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async removeInvoiceLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await invoicesService.removeLine(req.params.id, req.params.lineId, req.tenantId!); + res.json({ success: true, message: 'Línea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== PAYMENTS ========== + async getPayments(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = paymentQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: PaymentFilters = queryResult.data; + const result = await paymentsService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getPayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const payment = await paymentsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: payment }); + } catch (error) { + next(error); + } + } + + async createPayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createPaymentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de pago inválidos', parseResult.error.errors); + } + const dto: CreatePaymentDto = parseResult.data; + const payment = await paymentsService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: payment, message: 'Pago creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updatePayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updatePaymentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de pago inválidos', parseResult.error.errors); + } + const dto: UpdatePaymentDto = parseResult.data; + const payment = await paymentsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: payment, message: 'Pago actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async postPayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const payment = await paymentsService.post(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: payment, message: 'Pago publicado exitosamente' }); + } catch (error) { + next(error); + } + } + + async reconcilePayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = reconcilePaymentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de conciliación inválidos', parseResult.error.errors); + } + const dto: ReconcileDto = parseResult.data; + const payment = await paymentsService.reconcile(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: payment, message: 'Pago conciliado exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelPayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const payment = await paymentsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: payment, message: 'Pago cancelado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deletePayment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await paymentsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Pago eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== TAXES ========== + async getTaxes(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = taxQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: TaxFilters = queryResult.data; + const result = await taxesService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getTax(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tax = await taxesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: tax }); + } catch (error) { + next(error); + } + } + + async createTax(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createTaxSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de impuesto inválidos', parseResult.error.errors); + } + const dto: CreateTaxDto = parseResult.data; + const tax = await taxesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: tax, message: 'Impuesto creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateTax(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateTaxSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de impuesto inválidos', parseResult.error.errors); + } + const dto: UpdateTaxDto = parseResult.data; + const tax = await taxesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: tax, message: 'Impuesto actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteTax(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await taxesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Impuesto eliminado exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const financialController = new FinancialController(); diff --git a/backend/src/modules/financial/financial.routes.ts b/backend/src/modules/financial/financial.routes.ts new file mode 100644 index 0000000..8a18e65 --- /dev/null +++ b/backend/src/modules/financial/financial.routes.ts @@ -0,0 +1,150 @@ +import { Router } from 'express'; +import { financialController } from './financial.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== ACCOUNT TYPES ========== +router.get('/account-types', (req, res, next) => financialController.getAccountTypes(req, res, next)); + +// ========== ACCOUNTS ========== +router.get('/accounts', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getAccounts(req, res, next) +); +router.get('/accounts/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getAccount(req, res, next) +); +router.get('/accounts/:id/balance', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getAccountBalance(req, res, next) +); +router.post('/accounts', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.createAccount(req, res, next) +); +router.put('/accounts/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.updateAccount(req, res, next) +); +router.delete('/accounts/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deleteAccount(req, res, next) +); + +// ========== JOURNALS ========== +router.get('/journals', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getJournals(req, res, next) +); +router.get('/journals/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getJournal(req, res, next) +); +router.post('/journals', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.createJournal(req, res, next) +); +router.put('/journals/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.updateJournal(req, res, next) +); +router.delete('/journals/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deleteJournal(req, res, next) +); + +// ========== JOURNAL ENTRIES ========== +router.get('/entries', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getJournalEntries(req, res, next) +); +router.get('/entries/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getJournalEntry(req, res, next) +); +router.post('/entries', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.createJournalEntry(req, res, next) +); +router.put('/entries/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.updateJournalEntry(req, res, next) +); +router.post('/entries/:id/post', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.postJournalEntry(req, res, next) +); +router.post('/entries/:id/cancel', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.cancelJournalEntry(req, res, next) +); +router.delete('/entries/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deleteJournalEntry(req, res, next) +); + +// ========== INVOICES ========== +router.get('/invoices', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) => + financialController.getInvoices(req, res, next) +); +router.get('/invoices/:id', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) => + financialController.getInvoice(req, res, next) +); +router.post('/invoices', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) => + financialController.createInvoice(req, res, next) +); +router.put('/invoices/:id', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) => + financialController.updateInvoice(req, res, next) +); +router.post('/invoices/:id/validate', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.validateInvoice(req, res, next) +); +router.post('/invoices/:id/cancel', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.cancelInvoice(req, res, next) +); +router.delete('/invoices/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deleteInvoice(req, res, next) +); + +// Invoice lines +router.post('/invoices/:id/lines', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) => + financialController.addInvoiceLine(req, res, next) +); +router.put('/invoices/:id/lines/:lineId', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) => + financialController.updateInvoiceLine(req, res, next) +); +router.delete('/invoices/:id/lines/:lineId', requireRoles('admin', 'accountant', 'sales', 'super_admin'), (req, res, next) => + financialController.removeInvoiceLine(req, res, next) +); + +// ========== PAYMENTS ========== +router.get('/payments', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getPayments(req, res, next) +); +router.get('/payments/:id', requireRoles('admin', 'accountant', 'manager', 'super_admin'), (req, res, next) => + financialController.getPayment(req, res, next) +); +router.post('/payments', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.createPayment(req, res, next) +); +router.put('/payments/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.updatePayment(req, res, next) +); +router.post('/payments/:id/post', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.postPayment(req, res, next) +); +router.post('/payments/:id/reconcile', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.reconcilePayment(req, res, next) +); +router.post('/payments/:id/cancel', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.cancelPayment(req, res, next) +); +router.delete('/payments/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deletePayment(req, res, next) +); + +// ========== TAXES ========== +router.get('/taxes', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) => + financialController.getTaxes(req, res, next) +); +router.get('/taxes/:id', requireRoles('admin', 'accountant', 'manager', 'sales', 'super_admin'), (req, res, next) => + financialController.getTax(req, res, next) +); +router.post('/taxes', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.createTax(req, res, next) +); +router.put('/taxes/:id', requireRoles('admin', 'accountant', 'super_admin'), (req, res, next) => + financialController.updateTax(req, res, next) +); +router.delete('/taxes/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + financialController.deleteTax(req, res, next) +); + +export default router; diff --git a/backend/src/modules/financial/fiscalPeriods.service.ts b/backend/src/modules/financial/fiscalPeriods.service.ts new file mode 100644 index 0000000..f286cba --- /dev/null +++ b/backend/src/modules/financial/fiscalPeriods.service.ts @@ -0,0 +1,369 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export type FiscalPeriodStatus = 'open' | 'closed'; + +export interface FiscalYear { + id: string; + tenant_id: string; + company_id: string; + name: string; + code: string; + date_from: Date; + date_to: Date; + status: FiscalPeriodStatus; + created_at: Date; +} + +export interface FiscalPeriod { + id: string; + tenant_id: string; + fiscal_year_id: string; + fiscal_year_name?: string; + code: string; + name: string; + date_from: Date; + date_to: Date; + status: FiscalPeriodStatus; + closed_at: Date | null; + closed_by: string | null; + closed_by_name?: string; + created_at: Date; +} + +export interface CreateFiscalYearDto { + company_id: string; + name: string; + code: string; + date_from: string; + date_to: string; +} + +export interface CreateFiscalPeriodDto { + fiscal_year_id: string; + code: string; + name: string; + date_from: string; + date_to: string; +} + +export interface FiscalPeriodFilters { + company_id?: string; + fiscal_year_id?: string; + status?: FiscalPeriodStatus; + date_from?: string; + date_to?: string; +} + +// ============================================================================ +// SERVICE +// ============================================================================ + +class FiscalPeriodsService { + // ==================== FISCAL YEARS ==================== + + async findAllYears(tenantId: string, companyId?: string): Promise { + let sql = ` + SELECT * FROM financial.fiscal_years + WHERE tenant_id = $1 + `; + const params: any[] = [tenantId]; + + if (companyId) { + sql += ` AND company_id = $2`; + params.push(companyId); + } + + sql += ` ORDER BY date_from DESC`; + + return query(sql, params); + } + + async findYearById(id: string, tenantId: string): Promise { + const year = await queryOne( + `SELECT * FROM financial.fiscal_years WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!year) { + throw new NotFoundError('Año fiscal no encontrado'); + } + + return year; + } + + async createYear(dto: CreateFiscalYearDto, tenantId: string, userId: string): Promise { + // Check for overlapping years + const overlapping = await queryOne<{ id: string }>( + `SELECT id FROM financial.fiscal_years + WHERE tenant_id = $1 AND company_id = $2 + AND (date_from, date_to) OVERLAPS ($3::date, $4::date)`, + [tenantId, dto.company_id, dto.date_from, dto.date_to] + ); + + if (overlapping) { + throw new ConflictError('Ya existe un año fiscal que se superpone con estas fechas'); + } + + const year = await queryOne( + `INSERT INTO financial.fiscal_years ( + tenant_id, company_id, name, code, date_from, date_to, created_by + ) VALUES ($1, $2, $3, $4, $5, $6, $7) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.code, dto.date_from, dto.date_to, userId] + ); + + logger.info('Fiscal year created', { yearId: year?.id, name: dto.name }); + + return year!; + } + + // ==================== FISCAL PERIODS ==================== + + async findAllPeriods(tenantId: string, filters: FiscalPeriodFilters = {}): Promise { + const conditions: string[] = ['fp.tenant_id = $1']; + const params: any[] = [tenantId]; + let idx = 2; + + if (filters.fiscal_year_id) { + conditions.push(`fp.fiscal_year_id = $${idx++}`); + params.push(filters.fiscal_year_id); + } + + if (filters.company_id) { + conditions.push(`fy.company_id = $${idx++}`); + params.push(filters.company_id); + } + + if (filters.status) { + conditions.push(`fp.status = $${idx++}`); + params.push(filters.status); + } + + if (filters.date_from) { + conditions.push(`fp.date_from >= $${idx++}`); + params.push(filters.date_from); + } + + if (filters.date_to) { + conditions.push(`fp.date_to <= $${idx++}`); + params.push(filters.date_to); + } + + return query( + `SELECT fp.*, + fy.name as fiscal_year_name, + u.full_name as closed_by_name + FROM financial.fiscal_periods fp + JOIN financial.fiscal_years fy ON fp.fiscal_year_id = fy.id + LEFT JOIN auth.users u ON fp.closed_by = u.id + WHERE ${conditions.join(' AND ')} + ORDER BY fp.date_from DESC`, + params + ); + } + + async findPeriodById(id: string, tenantId: string): Promise { + const period = await queryOne( + `SELECT fp.*, + fy.name as fiscal_year_name, + u.full_name as closed_by_name + FROM financial.fiscal_periods fp + JOIN financial.fiscal_years fy ON fp.fiscal_year_id = fy.id + LEFT JOIN auth.users u ON fp.closed_by = u.id + WHERE fp.id = $1 AND fp.tenant_id = $2`, + [id, tenantId] + ); + + if (!period) { + throw new NotFoundError('Período fiscal no encontrado'); + } + + return period; + } + + async findPeriodByDate(date: Date, companyId: string, tenantId: string): Promise { + return queryOne( + `SELECT fp.* + FROM financial.fiscal_periods fp + JOIN financial.fiscal_years fy ON fp.fiscal_year_id = fy.id + WHERE fp.tenant_id = $1 + AND fy.company_id = $2 + AND $3::date BETWEEN fp.date_from AND fp.date_to`, + [tenantId, companyId, date] + ); + } + + async createPeriod(dto: CreateFiscalPeriodDto, tenantId: string, userId: string): Promise { + // Verify fiscal year exists + await this.findYearById(dto.fiscal_year_id, tenantId); + + // Check for overlapping periods in the same year + const overlapping = await queryOne<{ id: string }>( + `SELECT id FROM financial.fiscal_periods + WHERE tenant_id = $1 AND fiscal_year_id = $2 + AND (date_from, date_to) OVERLAPS ($3::date, $4::date)`, + [tenantId, dto.fiscal_year_id, dto.date_from, dto.date_to] + ); + + if (overlapping) { + throw new ConflictError('Ya existe un período que se superpone con estas fechas'); + } + + const period = await queryOne( + `INSERT INTO financial.fiscal_periods ( + tenant_id, fiscal_year_id, code, name, date_from, date_to, created_by + ) VALUES ($1, $2, $3, $4, $5, $6, $7) + RETURNING *`, + [tenantId, dto.fiscal_year_id, dto.code, dto.name, dto.date_from, dto.date_to, userId] + ); + + logger.info('Fiscal period created', { periodId: period?.id, name: dto.name }); + + return period!; + } + + // ==================== PERIOD OPERATIONS ==================== + + /** + * Close a fiscal period + * Uses database function for validation + */ + async closePeriod(periodId: string, tenantId: string, userId: string): Promise { + // Verify period exists and belongs to tenant + await this.findPeriodById(periodId, tenantId); + + // Use database function for atomic close with validations + const result = await queryOne( + `SELECT * FROM financial.close_fiscal_period($1, $2)`, + [periodId, userId] + ); + + if (!result) { + throw new Error('Error al cerrar período'); + } + + logger.info('Fiscal period closed', { periodId, userId }); + + return result; + } + + /** + * Reopen a fiscal period (admin only) + */ + async reopenPeriod(periodId: string, tenantId: string, userId: string, reason?: string): Promise { + // Verify period exists and belongs to tenant + await this.findPeriodById(periodId, tenantId); + + // Use database function for atomic reopen with audit + const result = await queryOne( + `SELECT * FROM financial.reopen_fiscal_period($1, $2, $3)`, + [periodId, userId, reason] + ); + + if (!result) { + throw new Error('Error al reabrir período'); + } + + logger.warn('Fiscal period reopened', { periodId, userId, reason }); + + return result; + } + + /** + * Get statistics for a period + */ + async getPeriodStats(periodId: string, tenantId: string): Promise<{ + total_entries: number; + draft_entries: number; + posted_entries: number; + total_debit: number; + total_credit: number; + }> { + const stats = await queryOne<{ + total_entries: string; + draft_entries: string; + posted_entries: string; + total_debit: string; + total_credit: string; + }>( + `SELECT + COUNT(*) as total_entries, + COUNT(*) FILTER (WHERE status = 'draft') as draft_entries, + COUNT(*) FILTER (WHERE status = 'posted') as posted_entries, + COALESCE(SUM(total_debit), 0) as total_debit, + COALESCE(SUM(total_credit), 0) as total_credit + FROM financial.journal_entries + WHERE fiscal_period_id = $1 AND tenant_id = $2`, + [periodId, tenantId] + ); + + return { + total_entries: parseInt(stats?.total_entries || '0', 10), + draft_entries: parseInt(stats?.draft_entries || '0', 10), + posted_entries: parseInt(stats?.posted_entries || '0', 10), + total_debit: parseFloat(stats?.total_debit || '0'), + total_credit: parseFloat(stats?.total_credit || '0'), + }; + } + + /** + * Generate monthly periods for a fiscal year + */ + async generateMonthlyPeriods(fiscalYearId: string, tenantId: string, userId: string): Promise { + const year = await this.findYearById(fiscalYearId, tenantId); + + const startDate = new Date(year.date_from); + const endDate = new Date(year.date_to); + const periods: FiscalPeriod[] = []; + + let currentDate = new Date(startDate); + let periodNum = 1; + + while (currentDate <= endDate) { + const periodStart = new Date(currentDate); + const periodEnd = new Date(currentDate.getFullYear(), currentDate.getMonth() + 1, 0); + + // Don't exceed the fiscal year end + if (periodEnd > endDate) { + periodEnd.setTime(endDate.getTime()); + } + + const monthNames = [ + 'Enero', 'Febrero', 'Marzo', 'Abril', 'Mayo', 'Junio', + 'Julio', 'Agosto', 'Septiembre', 'Octubre', 'Noviembre', 'Diciembre' + ]; + + try { + const period = await this.createPeriod({ + fiscal_year_id: fiscalYearId, + code: String(periodNum).padStart(2, '0'), + name: `${monthNames[periodStart.getMonth()]} ${periodStart.getFullYear()}`, + date_from: periodStart.toISOString().split('T')[0], + date_to: periodEnd.toISOString().split('T')[0], + }, tenantId, userId); + + periods.push(period); + } catch (error) { + // Skip if period already exists (overlapping check will fail) + logger.debug('Period creation skipped', { periodNum, error }); + } + + // Move to next month + currentDate.setMonth(currentDate.getMonth() + 1); + currentDate.setDate(1); + periodNum++; + } + + logger.info('Generated monthly periods', { fiscalYearId, count: periods.length }); + + return periods; + } +} + +export const fiscalPeriodsService = new FiscalPeriodsService(); diff --git a/backend/src/modules/financial/index.ts b/backend/src/modules/financial/index.ts new file mode 100644 index 0000000..3cb9206 --- /dev/null +++ b/backend/src/modules/financial/index.ts @@ -0,0 +1,8 @@ +export * from './accounts.service.js'; +export * from './journals.service.js'; +export * from './journal-entries.service.js'; +export * from './invoices.service.js'; +export * from './payments.service.js'; +export * from './taxes.service.js'; +export * from './financial.controller.js'; +export { default as financialRoutes } from './financial.routes.js'; diff --git a/backend/src/modules/financial/invoices.service.ts b/backend/src/modules/financial/invoices.service.ts new file mode 100644 index 0000000..cace96a --- /dev/null +++ b/backend/src/modules/financial/invoices.service.ts @@ -0,0 +1,547 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; +import { taxesService } from './taxes.service.js'; + +export interface InvoiceLine { + id: string; + invoice_id: string; + product_id?: string; + product_name?: string; + description: string; + quantity: number; + uom_id?: string; + uom_name?: string; + price_unit: number; + tax_ids: string[]; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + account_id?: string; + account_name?: string; +} + +export interface Invoice { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + partner_id: string; + partner_name?: string; + invoice_type: 'customer' | 'supplier'; + number?: string; + ref?: string; + invoice_date: Date; + due_date?: Date; + currency_id: string; + currency_code?: string; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + amount_paid: number; + amount_residual: number; + status: 'draft' | 'open' | 'paid' | 'cancelled'; + payment_term_id?: string; + journal_id?: string; + journal_entry_id?: string; + notes?: string; + lines?: InvoiceLine[]; + created_at: Date; + validated_at?: Date; +} + +export interface CreateInvoiceDto { + company_id: string; + partner_id: string; + invoice_type: 'customer' | 'supplier'; + ref?: string; + invoice_date?: string; + due_date?: string; + currency_id: string; + payment_term_id?: string; + journal_id?: string; + notes?: string; +} + +export interface UpdateInvoiceDto { + partner_id?: string; + ref?: string | null; + invoice_date?: string; + due_date?: string | null; + currency_id?: string; + payment_term_id?: string | null; + journal_id?: string | null; + notes?: string | null; +} + +export interface CreateInvoiceLineDto { + product_id?: string; + description: string; + quantity: number; + uom_id?: string; + price_unit: number; + tax_ids?: string[]; + account_id?: string; +} + +export interface UpdateInvoiceLineDto { + product_id?: string | null; + description?: string; + quantity?: number; + uom_id?: string | null; + price_unit?: number; + tax_ids?: string[]; + account_id?: string | null; +} + +export interface InvoiceFilters { + company_id?: string; + partner_id?: string; + invoice_type?: string; + status?: string; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class InvoicesService { + async findAll(tenantId: string, filters: InvoiceFilters = {}): Promise<{ data: Invoice[]; total: number }> { + const { company_id, partner_id, invoice_type, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE i.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND i.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (partner_id) { + whereClause += ` AND i.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (invoice_type) { + whereClause += ` AND i.invoice_type = $${paramIndex++}`; + params.push(invoice_type); + } + + if (status) { + whereClause += ` AND i.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND i.invoice_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND i.invoice_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (i.number ILIKE $${paramIndex} OR i.ref ILIKE $${paramIndex} OR p.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM financial.invoices i + LEFT JOIN core.partners p ON i.partner_id = p.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT i.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code + FROM financial.invoices i + LEFT JOIN auth.companies c ON i.company_id = c.id + LEFT JOIN core.partners p ON i.partner_id = p.id + LEFT JOIN core.currencies cu ON i.currency_id = cu.id + ${whereClause} + ORDER BY i.invoice_date DESC, i.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const invoice = await queryOne( + `SELECT i.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code + FROM financial.invoices i + LEFT JOIN auth.companies c ON i.company_id = c.id + LEFT JOIN core.partners p ON i.partner_id = p.id + LEFT JOIN core.currencies cu ON i.currency_id = cu.id + WHERE i.id = $1 AND i.tenant_id = $2`, + [id, tenantId] + ); + + if (!invoice) { + throw new NotFoundError('Factura no encontrada'); + } + + // Get lines + const lines = await query( + `SELECT il.*, + pr.name as product_name, + um.name as uom_name, + a.name as account_name + FROM financial.invoice_lines il + LEFT JOIN inventory.products pr ON il.product_id = pr.id + LEFT JOIN core.uom um ON il.uom_id = um.id + LEFT JOIN financial.accounts a ON il.account_id = a.id + WHERE il.invoice_id = $1 + ORDER BY il.created_at`, + [id] + ); + + invoice.lines = lines; + + return invoice; + } + + async create(dto: CreateInvoiceDto, tenantId: string, userId: string): Promise { + const invoiceDate = dto.invoice_date || new Date().toISOString().split('T')[0]; + + const invoice = await queryOne( + `INSERT INTO financial.invoices ( + tenant_id, company_id, partner_id, invoice_type, ref, invoice_date, + due_date, currency_id, payment_term_id, journal_id, notes, + amount_untaxed, amount_tax, amount_total, amount_paid, amount_residual, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, 0, 0, 0, 0, 0, $12) + RETURNING *`, + [ + tenantId, dto.company_id, dto.partner_id, dto.invoice_type, dto.ref, + invoiceDate, dto.due_date, dto.currency_id, dto.payment_term_id, + dto.journal_id, dto.notes, userId + ] + ); + + return invoice!; + } + + async update(id: string, dto: UpdateInvoiceDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar facturas en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.ref !== undefined) { + updateFields.push(`ref = $${paramIndex++}`); + values.push(dto.ref); + } + if (dto.invoice_date !== undefined) { + updateFields.push(`invoice_date = $${paramIndex++}`); + values.push(dto.invoice_date); + } + if (dto.due_date !== undefined) { + updateFields.push(`due_date = $${paramIndex++}`); + values.push(dto.due_date); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.payment_term_id !== undefined) { + updateFields.push(`payment_term_id = $${paramIndex++}`); + values.push(dto.payment_term_id); + } + if (dto.journal_id !== undefined) { + updateFields.push(`journal_id = $${paramIndex++}`); + values.push(dto.journal_id); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE financial.invoices SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar facturas en estado borrador'); + } + + await query( + `DELETE FROM financial.invoices WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async addLine(invoiceId: string, dto: CreateInvoiceLineDto, tenantId: string): Promise { + const invoice = await this.findById(invoiceId, tenantId); + + if (invoice.status !== 'draft') { + throw new ValidationError('Solo se pueden agregar líneas a facturas en estado borrador'); + } + + // Calculate amounts with taxes using taxesService + // Determine transaction type based on invoice type + const transactionType = invoice.invoice_type === 'customer' + ? 'sales' + : 'purchase'; + + const taxResult = await taxesService.calculateTaxes( + { + quantity: dto.quantity, + priceUnit: dto.price_unit, + discount: 0, // Invoices don't have line discounts by default + taxIds: dto.tax_ids || [], + }, + tenantId, + transactionType + ); + const amountUntaxed = taxResult.amountUntaxed; + const amountTax = taxResult.amountTax; + const amountTotal = taxResult.amountTotal; + + const line = await queryOne( + `INSERT INTO financial.invoice_lines ( + invoice_id, tenant_id, product_id, description, quantity, uom_id, + price_unit, tax_ids, amount_untaxed, amount_tax, amount_total, account_id + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) + RETURNING *`, + [ + invoiceId, tenantId, dto.product_id, dto.description, dto.quantity, dto.uom_id, + dto.price_unit, dto.tax_ids || [], amountUntaxed, amountTax, amountTotal, dto.account_id + ] + ); + + // Update invoice totals + await this.updateTotals(invoiceId); + + return line!; + } + + async updateLine(invoiceId: string, lineId: string, dto: UpdateInvoiceLineDto, tenantId: string): Promise { + const invoice = await this.findById(invoiceId, tenantId); + + if (invoice.status !== 'draft') { + throw new ValidationError('Solo se pueden editar líneas de facturas en estado borrador'); + } + + const existingLine = invoice.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea de factura no encontrada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const quantity = dto.quantity ?? existingLine.quantity; + const priceUnit = dto.price_unit ?? existingLine.price_unit; + + if (dto.product_id !== undefined) { + updateFields.push(`product_id = $${paramIndex++}`); + values.push(dto.product_id); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.quantity !== undefined) { + updateFields.push(`quantity = $${paramIndex++}`); + values.push(dto.quantity); + } + if (dto.uom_id !== undefined) { + updateFields.push(`uom_id = $${paramIndex++}`); + values.push(dto.uom_id); + } + if (dto.price_unit !== undefined) { + updateFields.push(`price_unit = $${paramIndex++}`); + values.push(dto.price_unit); + } + if (dto.tax_ids !== undefined) { + updateFields.push(`tax_ids = $${paramIndex++}`); + values.push(dto.tax_ids); + } + if (dto.account_id !== undefined) { + updateFields.push(`account_id = $${paramIndex++}`); + values.push(dto.account_id); + } + + // Recalculate amounts + const amountUntaxed = quantity * priceUnit; + const amountTax = 0; // TODO: Calculate taxes + const amountTotal = amountUntaxed + amountTax; + + updateFields.push(`amount_untaxed = $${paramIndex++}`); + values.push(amountUntaxed); + updateFields.push(`amount_tax = $${paramIndex++}`); + values.push(amountTax); + updateFields.push(`amount_total = $${paramIndex++}`); + values.push(amountTotal); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(lineId, invoiceId); + + await query( + `UPDATE financial.invoice_lines SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND invoice_id = $${paramIndex}`, + values + ); + + // Update invoice totals + await this.updateTotals(invoiceId); + + const updated = await queryOne( + `SELECT * FROM financial.invoice_lines WHERE id = $1`, + [lineId] + ); + + return updated!; + } + + async removeLine(invoiceId: string, lineId: string, tenantId: string): Promise { + const invoice = await this.findById(invoiceId, tenantId); + + if (invoice.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar líneas de facturas en estado borrador'); + } + + await query( + `DELETE FROM financial.invoice_lines WHERE id = $1 AND invoice_id = $2`, + [lineId, invoiceId] + ); + + // Update invoice totals + await this.updateTotals(invoiceId); + } + + async validate(id: string, tenantId: string, userId: string): Promise { + const invoice = await this.findById(id, tenantId); + + if (invoice.status !== 'draft') { + throw new ValidationError('Solo se pueden validar facturas en estado borrador'); + } + + if (!invoice.lines || invoice.lines.length === 0) { + throw new ValidationError('La factura debe tener al menos una línea'); + } + + // Generate invoice number + const prefix = invoice.invoice_type === 'customer' ? 'INV' : 'BILL'; + const seqResult = await queryOne<{ next_num: number }>( + `SELECT COALESCE(MAX(CAST(SUBSTRING(number FROM 5) AS INTEGER)), 0) + 1 as next_num + FROM financial.invoices WHERE tenant_id = $1 AND number LIKE '${prefix}-%'`, + [tenantId] + ); + const invoiceNumber = `${prefix}-${String(seqResult?.next_num || 1).padStart(6, '0')}`; + + await query( + `UPDATE financial.invoices SET + number = $1, + status = 'open', + amount_residual = amount_total, + validated_at = CURRENT_TIMESTAMP, + validated_by = $2, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [invoiceNumber, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const invoice = await this.findById(id, tenantId); + + if (invoice.status === 'paid') { + throw new ValidationError('No se pueden cancelar facturas pagadas'); + } + + if (invoice.status === 'cancelled') { + throw new ValidationError('La factura ya está cancelada'); + } + + if (invoice.amount_paid > 0) { + throw new ValidationError('No se puede cancelar: la factura tiene pagos asociados'); + } + + await query( + `UPDATE financial.invoices SET + status = 'cancelled', + cancelled_at = CURRENT_TIMESTAMP, + cancelled_by = $1, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + private async updateTotals(invoiceId: string): Promise { + const totals = await queryOne<{ amount_untaxed: number; amount_tax: number; amount_total: number }>( + `SELECT + COALESCE(SUM(amount_untaxed), 0) as amount_untaxed, + COALESCE(SUM(amount_tax), 0) as amount_tax, + COALESCE(SUM(amount_total), 0) as amount_total + FROM financial.invoice_lines WHERE invoice_id = $1`, + [invoiceId] + ); + + await query( + `UPDATE financial.invoices SET + amount_untaxed = $1, + amount_tax = $2, + amount_total = $3, + amount_residual = $3 - amount_paid + WHERE id = $4`, + [totals?.amount_untaxed || 0, totals?.amount_tax || 0, totals?.amount_total || 0, invoiceId] + ); + } +} + +export const invoicesService = new InvoicesService(); diff --git a/backend/src/modules/financial/journal-entries.service.ts b/backend/src/modules/financial/journal-entries.service.ts new file mode 100644 index 0000000..1469e05 --- /dev/null +++ b/backend/src/modules/financial/journal-entries.service.ts @@ -0,0 +1,343 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export type EntryStatus = 'draft' | 'posted' | 'cancelled'; + +export interface JournalEntryLine { + id?: string; + account_id: string; + account_name?: string; + account_code?: string; + partner_id?: string; + partner_name?: string; + debit: number; + credit: number; + description?: string; + ref?: string; +} + +export interface JournalEntry { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + journal_id: string; + journal_name?: string; + name: string; + ref?: string; + date: Date; + status: EntryStatus; + notes?: string; + lines?: JournalEntryLine[]; + total_debit?: number; + total_credit?: number; + created_at: Date; + posted_at?: Date; +} + +export interface CreateJournalEntryDto { + company_id: string; + journal_id: string; + name: string; + ref?: string; + date: string; + notes?: string; + lines: Omit[]; +} + +export interface UpdateJournalEntryDto { + ref?: string | null; + date?: string; + notes?: string | null; + lines?: Omit[]; +} + +export interface JournalEntryFilters { + company_id?: string; + journal_id?: string; + status?: EntryStatus; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class JournalEntriesService { + async findAll(tenantId: string, filters: JournalEntryFilters = {}): Promise<{ data: JournalEntry[]; total: number }> { + const { company_id, journal_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE je.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND je.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (journal_id) { + whereClause += ` AND je.journal_id = $${paramIndex++}`; + params.push(journal_id); + } + + if (status) { + whereClause += ` AND je.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND je.date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND je.date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (je.name ILIKE $${paramIndex} OR je.ref ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journal_entries je ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT je.*, + c.name as company_name, + j.name as journal_name, + (SELECT COALESCE(SUM(debit), 0) FROM financial.journal_entry_lines WHERE entry_id = je.id) as total_debit, + (SELECT COALESCE(SUM(credit), 0) FROM financial.journal_entry_lines WHERE entry_id = je.id) as total_credit + FROM financial.journal_entries je + LEFT JOIN auth.companies c ON je.company_id = c.id + LEFT JOIN financial.journals j ON je.journal_id = j.id + ${whereClause} + ORDER BY je.date DESC, je.name DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const entry = await queryOne( + `SELECT je.*, + c.name as company_name, + j.name as journal_name + FROM financial.journal_entries je + LEFT JOIN auth.companies c ON je.company_id = c.id + LEFT JOIN financial.journals j ON je.journal_id = j.id + WHERE je.id = $1 AND je.tenant_id = $2`, + [id, tenantId] + ); + + if (!entry) { + throw new NotFoundError('Póliza no encontrada'); + } + + // Get lines + const lines = await query( + `SELECT jel.*, + a.name as account_name, + a.code as account_code, + p.name as partner_name + FROM financial.journal_entry_lines jel + LEFT JOIN financial.accounts a ON jel.account_id = a.id + LEFT JOIN core.partners p ON jel.partner_id = p.id + WHERE jel.entry_id = $1 + ORDER BY jel.created_at`, + [id] + ); + + entry.lines = lines; + entry.total_debit = lines.reduce((sum, l) => sum + Number(l.debit), 0); + entry.total_credit = lines.reduce((sum, l) => sum + Number(l.credit), 0); + + return entry; + } + + async create(dto: CreateJournalEntryDto, tenantId: string, userId: string): Promise { + // Validate lines balance + const totalDebit = dto.lines.reduce((sum, l) => sum + l.debit, 0); + const totalCredit = dto.lines.reduce((sum, l) => sum + l.credit, 0); + + if (Math.abs(totalDebit - totalCredit) > 0.01) { + throw new ValidationError('La póliza no está balanceada. Débitos y créditos deben ser iguales.'); + } + + if (dto.lines.length < 2) { + throw new ValidationError('La póliza debe tener al menos 2 líneas.'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Create entry + const entryResult = await client.query( + `INSERT INTO financial.journal_entries (tenant_id, company_id, journal_id, name, ref, date, notes, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [tenantId, dto.company_id, dto.journal_id, dto.name, dto.ref, dto.date, dto.notes, userId] + ); + const entry = entryResult.rows[0] as JournalEntry; + + // Create lines (include tenant_id for multi-tenant security) + for (const line of dto.lines) { + await client.query( + `INSERT INTO financial.journal_entry_lines (entry_id, tenant_id, account_id, partner_id, debit, credit, description, ref) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`, + [entry.id, tenantId, line.account_id, line.partner_id, line.debit, line.credit, line.description, line.ref] + ); + } + + await client.query('COMMIT'); + + return this.findById(entry.id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async update(id: string, dto: UpdateJournalEntryDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ConflictError('Solo se pueden modificar pólizas en estado borrador'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Update entry header + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.ref !== undefined) { + updateFields.push(`ref = $${paramIndex++}`); + values.push(dto.ref); + } + if (dto.date !== undefined) { + updateFields.push(`date = $${paramIndex++}`); + values.push(dto.date); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id); + + if (updateFields.length > 2) { + await client.query( + `UPDATE financial.journal_entries SET ${updateFields.join(', ')} WHERE id = $${paramIndex}`, + values + ); + } + + // Update lines if provided + if (dto.lines) { + const totalDebit = dto.lines.reduce((sum, l) => sum + l.debit, 0); + const totalCredit = dto.lines.reduce((sum, l) => sum + l.credit, 0); + + if (Math.abs(totalDebit - totalCredit) > 0.01) { + throw new ValidationError('La póliza no está balanceada'); + } + + // Delete existing lines + await client.query(`DELETE FROM financial.journal_entry_lines WHERE entry_id = $1`, [id]); + + // Insert new lines (include tenant_id for multi-tenant security) + for (const line of dto.lines) { + await client.query( + `INSERT INTO financial.journal_entry_lines (entry_id, tenant_id, account_id, partner_id, debit, credit, description, ref) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`, + [id, tenantId, line.account_id, line.partner_id, line.debit, line.credit, line.description, line.ref] + ); + } + } + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async post(id: string, tenantId: string, userId: string): Promise { + const entry = await this.findById(id, tenantId); + + if (entry.status !== 'draft') { + throw new ConflictError('Solo se pueden publicar pólizas en estado borrador'); + } + + // Validate balance + if (Math.abs((entry.total_debit || 0) - (entry.total_credit || 0)) > 0.01) { + throw new ValidationError('La póliza no está balanceada'); + } + + await query( + `UPDATE financial.journal_entries + SET status = 'posted', posted_at = CURRENT_TIMESTAMP, posted_by = $1, updated_at = CURRENT_TIMESTAMP, updated_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const entry = await this.findById(id, tenantId); + + if (entry.status === 'cancelled') { + throw new ConflictError('La póliza ya está cancelada'); + } + + await query( + `UPDATE financial.journal_entries + SET status = 'cancelled', cancelled_at = CURRENT_TIMESTAMP, cancelled_by = $1, updated_at = CURRENT_TIMESTAMP, updated_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const entry = await this.findById(id, tenantId); + + if (entry.status !== 'draft') { + throw new ConflictError('Solo se pueden eliminar pólizas en estado borrador'); + } + + await query(`DELETE FROM financial.journal_entries WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const journalEntriesService = new JournalEntriesService(); diff --git a/backend/src/modules/financial/journals.service.old.ts b/backend/src/modules/financial/journals.service.old.ts new file mode 100644 index 0000000..8061b68 --- /dev/null +++ b/backend/src/modules/financial/journals.service.old.ts @@ -0,0 +1,216 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export type JournalType = 'sale' | 'purchase' | 'cash' | 'bank' | 'general'; + +export interface Journal { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code: string; + journal_type: JournalType; + default_account_id?: string; + default_account_name?: string; + sequence_id?: string; + currency_id?: string; + currency_code?: string; + active: boolean; + created_at: Date; +} + +export interface CreateJournalDto { + company_id: string; + name: string; + code: string; + journal_type: JournalType; + default_account_id?: string; + sequence_id?: string; + currency_id?: string; +} + +export interface UpdateJournalDto { + name?: string; + default_account_id?: string | null; + sequence_id?: string | null; + currency_id?: string | null; + active?: boolean; +} + +export interface JournalFilters { + company_id?: string; + journal_type?: JournalType; + active?: boolean; + page?: number; + limit?: number; +} + +class JournalsService { + async findAll(tenantId: string, filters: JournalFilters = {}): Promise<{ data: Journal[]; total: number }> { + const { company_id, journal_type, active, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE j.tenant_id = $1 AND j.deleted_at IS NULL'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND j.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (journal_type) { + whereClause += ` AND j.journal_type = $${paramIndex++}`; + params.push(journal_type); + } + + if (active !== undefined) { + whereClause += ` AND j.active = $${paramIndex++}`; + params.push(active); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journals j ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT j.*, + c.name as company_name, + a.name as default_account_name, + cur.code as currency_code + FROM financial.journals j + LEFT JOIN auth.companies c ON j.company_id = c.id + LEFT JOIN financial.accounts a ON j.default_account_id = a.id + LEFT JOIN core.currencies cur ON j.currency_id = cur.id + ${whereClause} + ORDER BY j.code + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const journal = await queryOne( + `SELECT j.*, + c.name as company_name, + a.name as default_account_name, + cur.code as currency_code + FROM financial.journals j + LEFT JOIN auth.companies c ON j.company_id = c.id + LEFT JOIN financial.accounts a ON j.default_account_id = a.id + LEFT JOIN core.currencies cur ON j.currency_id = cur.id + WHERE j.id = $1 AND j.tenant_id = $2 AND j.deleted_at IS NULL`, + [id, tenantId] + ); + + if (!journal) { + throw new NotFoundError('Diario no encontrado'); + } + + return journal; + } + + async create(dto: CreateJournalDto, tenantId: string, userId: string): Promise { + // Validate unique code within company + const existing = await queryOne( + `SELECT id FROM financial.journals WHERE company_id = $1 AND code = $2 AND deleted_at IS NULL`, + [dto.company_id, dto.code] + ); + if (existing) { + throw new ConflictError(`Ya existe un diario con código ${dto.code}`); + } + + const journal = await queryOne( + `INSERT INTO financial.journals (tenant_id, company_id, name, code, journal_type, default_account_id, sequence_id, currency_id, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) + RETURNING *`, + [ + tenantId, + dto.company_id, + dto.name, + dto.code, + dto.journal_type, + dto.default_account_id, + dto.sequence_id, + dto.currency_id, + userId, + ] + ); + + return journal!; + } + + async update(id: string, dto: UpdateJournalDto, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.default_account_id !== undefined) { + updateFields.push(`default_account_id = $${paramIndex++}`); + values.push(dto.default_account_id); + } + if (dto.sequence_id !== undefined) { + updateFields.push(`sequence_id = $${paramIndex++}`); + values.push(dto.sequence_id); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + const journal = await queryOne( + `UPDATE financial.journals + SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} AND deleted_at IS NULL + RETURNING *`, + values + ); + + return journal!; + } + + async delete(id: string, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Check if journal has entries + const entries = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journal_entries WHERE journal_id = $1`, + [id] + ); + if (parseInt(entries?.count || '0', 10) > 0) { + throw new ConflictError('No se puede eliminar un diario que tiene pólizas'); + } + + // Soft delete + await query( + `UPDATE financial.journals SET deleted_at = CURRENT_TIMESTAMP, deleted_by = $1 WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + } +} + +export const journalsService = new JournalsService(); diff --git a/backend/src/modules/financial/journals.service.ts b/backend/src/modules/financial/journals.service.ts new file mode 100644 index 0000000..8061b68 --- /dev/null +++ b/backend/src/modules/financial/journals.service.ts @@ -0,0 +1,216 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export type JournalType = 'sale' | 'purchase' | 'cash' | 'bank' | 'general'; + +export interface Journal { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code: string; + journal_type: JournalType; + default_account_id?: string; + default_account_name?: string; + sequence_id?: string; + currency_id?: string; + currency_code?: string; + active: boolean; + created_at: Date; +} + +export interface CreateJournalDto { + company_id: string; + name: string; + code: string; + journal_type: JournalType; + default_account_id?: string; + sequence_id?: string; + currency_id?: string; +} + +export interface UpdateJournalDto { + name?: string; + default_account_id?: string | null; + sequence_id?: string | null; + currency_id?: string | null; + active?: boolean; +} + +export interface JournalFilters { + company_id?: string; + journal_type?: JournalType; + active?: boolean; + page?: number; + limit?: number; +} + +class JournalsService { + async findAll(tenantId: string, filters: JournalFilters = {}): Promise<{ data: Journal[]; total: number }> { + const { company_id, journal_type, active, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE j.tenant_id = $1 AND j.deleted_at IS NULL'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND j.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (journal_type) { + whereClause += ` AND j.journal_type = $${paramIndex++}`; + params.push(journal_type); + } + + if (active !== undefined) { + whereClause += ` AND j.active = $${paramIndex++}`; + params.push(active); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journals j ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT j.*, + c.name as company_name, + a.name as default_account_name, + cur.code as currency_code + FROM financial.journals j + LEFT JOIN auth.companies c ON j.company_id = c.id + LEFT JOIN financial.accounts a ON j.default_account_id = a.id + LEFT JOIN core.currencies cur ON j.currency_id = cur.id + ${whereClause} + ORDER BY j.code + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const journal = await queryOne( + `SELECT j.*, + c.name as company_name, + a.name as default_account_name, + cur.code as currency_code + FROM financial.journals j + LEFT JOIN auth.companies c ON j.company_id = c.id + LEFT JOIN financial.accounts a ON j.default_account_id = a.id + LEFT JOIN core.currencies cur ON j.currency_id = cur.id + WHERE j.id = $1 AND j.tenant_id = $2 AND j.deleted_at IS NULL`, + [id, tenantId] + ); + + if (!journal) { + throw new NotFoundError('Diario no encontrado'); + } + + return journal; + } + + async create(dto: CreateJournalDto, tenantId: string, userId: string): Promise { + // Validate unique code within company + const existing = await queryOne( + `SELECT id FROM financial.journals WHERE company_id = $1 AND code = $2 AND deleted_at IS NULL`, + [dto.company_id, dto.code] + ); + if (existing) { + throw new ConflictError(`Ya existe un diario con código ${dto.code}`); + } + + const journal = await queryOne( + `INSERT INTO financial.journals (tenant_id, company_id, name, code, journal_type, default_account_id, sequence_id, currency_id, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) + RETURNING *`, + [ + tenantId, + dto.company_id, + dto.name, + dto.code, + dto.journal_type, + dto.default_account_id, + dto.sequence_id, + dto.currency_id, + userId, + ] + ); + + return journal!; + } + + async update(id: string, dto: UpdateJournalDto, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.default_account_id !== undefined) { + updateFields.push(`default_account_id = $${paramIndex++}`); + values.push(dto.default_account_id); + } + if (dto.sequence_id !== undefined) { + updateFields.push(`sequence_id = $${paramIndex++}`); + values.push(dto.sequence_id); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + const journal = await queryOne( + `UPDATE financial.journals + SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} AND deleted_at IS NULL + RETURNING *`, + values + ); + + return journal!; + } + + async delete(id: string, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Check if journal has entries + const entries = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.journal_entries WHERE journal_id = $1`, + [id] + ); + if (parseInt(entries?.count || '0', 10) > 0) { + throw new ConflictError('No se puede eliminar un diario que tiene pólizas'); + } + + // Soft delete + await query( + `UPDATE financial.journals SET deleted_at = CURRENT_TIMESTAMP, deleted_by = $1 WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + } +} + +export const journalsService = new JournalsService(); diff --git a/backend/src/modules/financial/payments.service.ts b/backend/src/modules/financial/payments.service.ts new file mode 100644 index 0000000..531103c --- /dev/null +++ b/backend/src/modules/financial/payments.service.ts @@ -0,0 +1,456 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export interface PaymentInvoice { + invoice_id: string; + invoice_number?: string; + amount: number; +} + +export interface Payment { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + partner_id: string; + partner_name?: string; + payment_type: 'inbound' | 'outbound'; + payment_method: 'cash' | 'bank_transfer' | 'check' | 'card' | 'other'; + amount: number; + currency_id: string; + currency_code?: string; + payment_date: Date; + ref?: string; + status: 'draft' | 'posted' | 'reconciled' | 'cancelled'; + journal_id: string; + journal_name?: string; + journal_entry_id?: string; + notes?: string; + invoices?: PaymentInvoice[]; + created_at: Date; + posted_at?: Date; +} + +export interface CreatePaymentDto { + company_id: string; + partner_id: string; + payment_type: 'inbound' | 'outbound'; + payment_method: 'cash' | 'bank_transfer' | 'check' | 'card' | 'other'; + amount: number; + currency_id: string; + payment_date?: string; + ref?: string; + journal_id: string; + notes?: string; +} + +export interface UpdatePaymentDto { + partner_id?: string; + payment_method?: 'cash' | 'bank_transfer' | 'check' | 'card' | 'other'; + amount?: number; + currency_id?: string; + payment_date?: string; + ref?: string | null; + journal_id?: string; + notes?: string | null; +} + +export interface ReconcileDto { + invoices: { invoice_id: string; amount: number }[]; +} + +export interface PaymentFilters { + company_id?: string; + partner_id?: string; + payment_type?: string; + payment_method?: string; + status?: string; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class PaymentsService { + async findAll(tenantId: string, filters: PaymentFilters = {}): Promise<{ data: Payment[]; total: number }> { + const { company_id, partner_id, payment_type, payment_method, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE p.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND p.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (partner_id) { + whereClause += ` AND p.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (payment_type) { + whereClause += ` AND p.payment_type = $${paramIndex++}`; + params.push(payment_type); + } + + if (payment_method) { + whereClause += ` AND p.payment_method = $${paramIndex++}`; + params.push(payment_method); + } + + if (status) { + whereClause += ` AND p.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND p.payment_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND p.payment_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (p.ref ILIKE $${paramIndex} OR pr.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM financial.payments p + LEFT JOIN core.partners pr ON p.partner_id = pr.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT p.*, + c.name as company_name, + pr.name as partner_name, + cu.code as currency_code, + j.name as journal_name + FROM financial.payments p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN core.partners pr ON p.partner_id = pr.id + LEFT JOIN core.currencies cu ON p.currency_id = cu.id + LEFT JOIN financial.journals j ON p.journal_id = j.id + ${whereClause} + ORDER BY p.payment_date DESC, p.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const payment = await queryOne( + `SELECT p.*, + c.name as company_name, + pr.name as partner_name, + cu.code as currency_code, + j.name as journal_name + FROM financial.payments p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN core.partners pr ON p.partner_id = pr.id + LEFT JOIN core.currencies cu ON p.currency_id = cu.id + LEFT JOIN financial.journals j ON p.journal_id = j.id + WHERE p.id = $1 AND p.tenant_id = $2`, + [id, tenantId] + ); + + if (!payment) { + throw new NotFoundError('Pago no encontrado'); + } + + // Get reconciled invoices + const invoices = await query( + `SELECT pi.invoice_id, pi.amount, i.number as invoice_number + FROM financial.payment_invoice pi + LEFT JOIN financial.invoices i ON pi.invoice_id = i.id + WHERE pi.payment_id = $1`, + [id] + ); + + payment.invoices = invoices; + + return payment; + } + + async create(dto: CreatePaymentDto, tenantId: string, userId: string): Promise { + if (dto.amount <= 0) { + throw new ValidationError('El monto debe ser mayor a 0'); + } + + const paymentDate = dto.payment_date || new Date().toISOString().split('T')[0]; + + const payment = await queryOne( + `INSERT INTO financial.payments ( + tenant_id, company_id, partner_id, payment_type, payment_method, + amount, currency_id, payment_date, ref, journal_id, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) + RETURNING *`, + [ + tenantId, dto.company_id, dto.partner_id, dto.payment_type, dto.payment_method, + dto.amount, dto.currency_id, paymentDate, dto.ref, dto.journal_id, dto.notes, userId + ] + ); + + return payment!; + } + + async update(id: string, dto: UpdatePaymentDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar pagos en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.payment_method !== undefined) { + updateFields.push(`payment_method = $${paramIndex++}`); + values.push(dto.payment_method); + } + if (dto.amount !== undefined) { + if (dto.amount <= 0) { + throw new ValidationError('El monto debe ser mayor a 0'); + } + updateFields.push(`amount = $${paramIndex++}`); + values.push(dto.amount); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.payment_date !== undefined) { + updateFields.push(`payment_date = $${paramIndex++}`); + values.push(dto.payment_date); + } + if (dto.ref !== undefined) { + updateFields.push(`ref = $${paramIndex++}`); + values.push(dto.ref); + } + if (dto.journal_id !== undefined) { + updateFields.push(`journal_id = $${paramIndex++}`); + values.push(dto.journal_id); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE financial.payments SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar pagos en estado borrador'); + } + + await query( + `DELETE FROM financial.payments WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async post(id: string, tenantId: string, userId: string): Promise { + const payment = await this.findById(id, tenantId); + + if (payment.status !== 'draft') { + throw new ValidationError('Solo se pueden publicar pagos en estado borrador'); + } + + await query( + `UPDATE financial.payments SET + status = 'posted', + posted_at = CURRENT_TIMESTAMP, + posted_by = $1, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async reconcile(id: string, dto: ReconcileDto, tenantId: string, userId: string): Promise { + const payment = await this.findById(id, tenantId); + + if (payment.status === 'draft') { + throw new ValidationError('Debe publicar el pago antes de conciliar'); + } + + if (payment.status === 'cancelled') { + throw new ValidationError('No se puede conciliar un pago cancelado'); + } + + // Validate total amount matches + const totalReconciled = dto.invoices.reduce((sum, inv) => sum + inv.amount, 0); + if (totalReconciled > payment.amount) { + throw new ValidationError('El monto total conciliado excede el monto del pago'); + } + + const client = await getClient(); + try { + await client.query('BEGIN'); + + // Remove existing reconciliations + await client.query( + `DELETE FROM financial.payment_invoice WHERE payment_id = $1`, + [id] + ); + + // Add new reconciliations + for (const inv of dto.invoices) { + // Validate invoice exists and belongs to same partner + const invoice = await client.query( + `SELECT id, partner_id, amount_residual, status FROM financial.invoices + WHERE id = $1 AND tenant_id = $2`, + [inv.invoice_id, tenantId] + ); + + if (invoice.rows.length === 0) { + throw new ValidationError(`Factura ${inv.invoice_id} no encontrada`); + } + + if (invoice.rows[0].partner_id !== payment.partner_id) { + throw new ValidationError('La factura debe pertenecer al mismo cliente/proveedor'); + } + + if (invoice.rows[0].status !== 'open') { + throw new ValidationError('Solo se pueden conciliar facturas abiertas'); + } + + if (inv.amount > invoice.rows[0].amount_residual) { + throw new ValidationError(`El monto excede el saldo pendiente de la factura`); + } + + await client.query( + `INSERT INTO financial.payment_invoice (payment_id, invoice_id, amount) + VALUES ($1, $2, $3)`, + [id, inv.invoice_id, inv.amount] + ); + + // Update invoice amounts + await client.query( + `UPDATE financial.invoices SET + amount_paid = amount_paid + $1, + amount_residual = amount_residual - $1, + status = CASE WHEN amount_residual - $1 <= 0 THEN 'paid'::financial.invoice_status ELSE status END + WHERE id = $2`, + [inv.amount, inv.invoice_id] + ); + } + + // Update payment status + await client.query( + `UPDATE financial.payments SET + status = 'reconciled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2`, + [userId, id] + ); + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const payment = await this.findById(id, tenantId); + + if (payment.status === 'cancelled') { + throw new ValidationError('El pago ya está cancelado'); + } + + const client = await getClient(); + try { + await client.query('BEGIN'); + + // Reverse reconciliations if any + if (payment.invoices && payment.invoices.length > 0) { + for (const inv of payment.invoices) { + await client.query( + `UPDATE financial.invoices SET + amount_paid = amount_paid - $1, + amount_residual = amount_residual + $1, + status = 'open'::financial.invoice_status + WHERE id = $2`, + [inv.amount, inv.invoice_id] + ); + } + + await client.query( + `DELETE FROM financial.payment_invoice WHERE payment_id = $1`, + [id] + ); + } + + // Cancel payment + await client.query( + `UPDATE financial.payments SET + status = 'cancelled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2`, + [userId, id] + ); + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } +} + +export const paymentsService = new PaymentsService(); diff --git a/backend/src/modules/financial/taxes.service.old.ts b/backend/src/modules/financial/taxes.service.old.ts new file mode 100644 index 0000000..d856ca3 --- /dev/null +++ b/backend/src/modules/financial/taxes.service.old.ts @@ -0,0 +1,382 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface Tax { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code: string; + tax_type: 'sales' | 'purchase' | 'all'; + amount: number; + included_in_price: boolean; + active: boolean; + created_at: Date; +} + +export interface CreateTaxDto { + company_id: string; + name: string; + code: string; + tax_type: 'sales' | 'purchase' | 'all'; + amount: number; + included_in_price?: boolean; +} + +export interface UpdateTaxDto { + name?: string; + code?: string; + tax_type?: 'sales' | 'purchase' | 'all'; + amount?: number; + included_in_price?: boolean; + active?: boolean; +} + +export interface TaxFilters { + company_id?: string; + tax_type?: string; + active?: boolean; + search?: string; + page?: number; + limit?: number; +} + +class TaxesService { + async findAll(tenantId: string, filters: TaxFilters = {}): Promise<{ data: Tax[]; total: number }> { + const { company_id, tax_type, active, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE t.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND t.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (tax_type) { + whereClause += ` AND t.tax_type = $${paramIndex++}`; + params.push(tax_type); + } + + if (active !== undefined) { + whereClause += ` AND t.active = $${paramIndex++}`; + params.push(active); + } + + if (search) { + whereClause += ` AND (t.name ILIKE $${paramIndex} OR t.code ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.taxes t ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT t.*, + c.name as company_name + FROM financial.taxes t + LEFT JOIN auth.companies c ON t.company_id = c.id + ${whereClause} + ORDER BY t.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const tax = await queryOne( + `SELECT t.*, + c.name as company_name + FROM financial.taxes t + LEFT JOIN auth.companies c ON t.company_id = c.id + WHERE t.id = $1 AND t.tenant_id = $2`, + [id, tenantId] + ); + + if (!tax) { + throw new NotFoundError('Impuesto no encontrado'); + } + + return tax; + } + + async create(dto: CreateTaxDto, tenantId: string, userId: string): Promise { + // Check unique code + const existing = await queryOne( + `SELECT id FROM financial.taxes WHERE tenant_id = $1 AND code = $2`, + [tenantId, dto.code] + ); + + if (existing) { + throw new ConflictError('Ya existe un impuesto con ese código'); + } + + const tax = await queryOne( + `INSERT INTO financial.taxes ( + tenant_id, company_id, name, code, tax_type, amount, included_in_price, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [ + tenantId, dto.company_id, dto.name, dto.code, dto.tax_type, + dto.amount, dto.included_in_price ?? false, userId + ] + ); + + return tax!; + } + + async update(id: string, dto: UpdateTaxDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.code !== undefined) { + // Check unique code + const existingCode = await queryOne( + `SELECT id FROM financial.taxes WHERE tenant_id = $1 AND code = $2 AND id != $3`, + [tenantId, dto.code, id] + ); + if (existingCode) { + throw new ConflictError('Ya existe un impuesto con ese código'); + } + updateFields.push(`code = $${paramIndex++}`); + values.push(dto.code); + } + if (dto.tax_type !== undefined) { + updateFields.push(`tax_type = $${paramIndex++}`); + values.push(dto.tax_type); + } + if (dto.amount !== undefined) { + updateFields.push(`amount = $${paramIndex++}`); + values.push(dto.amount); + } + if (dto.included_in_price !== undefined) { + updateFields.push(`included_in_price = $${paramIndex++}`); + values.push(dto.included_in_price); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE financial.taxes SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + // Check if tax is used in any invoice lines + const usageCheck = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.invoice_lines + WHERE $1 = ANY(tax_ids)`, + [id] + ); + + if (parseInt(usageCheck?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar: el impuesto está siendo usado en facturas'); + } + + await query( + `DELETE FROM financial.taxes WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + /** + * Calcula impuestos para una linea de documento + * Sigue la logica de Odoo para calculos de IVA + */ + async calculateTaxes( + lineData: TaxCalculationInput, + tenantId: string, + transactionType: 'sales' | 'purchase' = 'sales' + ): Promise { + // Validar inputs + if (lineData.quantity <= 0 || lineData.priceUnit < 0) { + return { + amountUntaxed: 0, + amountTax: 0, + amountTotal: 0, + taxBreakdown: [], + }; + } + + // Calcular subtotal antes de impuestos + const subtotal = lineData.quantity * lineData.priceUnit; + const discountAmount = subtotal * (lineData.discount || 0) / 100; + const amountUntaxed = subtotal - discountAmount; + + // Si no hay impuestos, retornar solo el monto sin impuestos + if (!lineData.taxIds || lineData.taxIds.length === 0) { + return { + amountUntaxed, + amountTax: 0, + amountTotal: amountUntaxed, + taxBreakdown: [], + }; + } + + // Obtener impuestos de la BD + const taxResults = await query( + `SELECT * FROM financial.taxes + WHERE id = ANY($1) AND tenant_id = $2 AND active = true + AND (tax_type = $3 OR tax_type = 'all')`, + [lineData.taxIds, tenantId, transactionType] + ); + + if (taxResults.length === 0) { + return { + amountUntaxed, + amountTax: 0, + amountTotal: amountUntaxed, + taxBreakdown: [], + }; + } + + // Calcular impuestos + const taxBreakdown: TaxBreakdownItem[] = []; + let totalTax = 0; + + for (const tax of taxResults) { + let taxBase = amountUntaxed; + let taxAmount: number; + + if (tax.included_in_price) { + // Precio incluye impuesto (IVA incluido) + // Base = Precio / (1 + tasa) + // Impuesto = Precio - Base + taxBase = amountUntaxed / (1 + tax.amount / 100); + taxAmount = amountUntaxed - taxBase; + } else { + // Precio sin impuesto (IVA añadido) + // Impuesto = Base * tasa + taxAmount = amountUntaxed * tax.amount / 100; + } + + taxBreakdown.push({ + taxId: tax.id, + taxName: tax.name, + taxCode: tax.code, + taxRate: tax.amount, + includedInPrice: tax.included_in_price, + base: Math.round(taxBase * 100) / 100, + taxAmount: Math.round(taxAmount * 100) / 100, + }); + + totalTax += taxAmount; + } + + // Redondear a 2 decimales + const finalAmountTax = Math.round(totalTax * 100) / 100; + const finalAmountUntaxed = Math.round(amountUntaxed * 100) / 100; + const finalAmountTotal = Math.round((amountUntaxed + finalAmountTax) * 100) / 100; + + return { + amountUntaxed: finalAmountUntaxed, + amountTax: finalAmountTax, + amountTotal: finalAmountTotal, + taxBreakdown, + }; + } + + /** + * Calcula impuestos para multiples lineas (ej: para totales de documento) + */ + async calculateDocumentTaxes( + lines: TaxCalculationInput[], + tenantId: string, + transactionType: 'sales' | 'purchase' = 'sales' + ): Promise { + let totalUntaxed = 0; + let totalTax = 0; + const allBreakdown: TaxBreakdownItem[] = []; + + for (const line of lines) { + const result = await this.calculateTaxes(line, tenantId, transactionType); + totalUntaxed += result.amountUntaxed; + totalTax += result.amountTax; + allBreakdown.push(...result.taxBreakdown); + } + + // Consolidar breakdown por impuesto + const consolidatedBreakdown = new Map(); + for (const item of allBreakdown) { + const existing = consolidatedBreakdown.get(item.taxId); + if (existing) { + existing.base += item.base; + existing.taxAmount += item.taxAmount; + } else { + consolidatedBreakdown.set(item.taxId, { ...item }); + } + } + + return { + amountUntaxed: Math.round(totalUntaxed * 100) / 100, + amountTax: Math.round(totalTax * 100) / 100, + amountTotal: Math.round((totalUntaxed + totalTax) * 100) / 100, + taxBreakdown: Array.from(consolidatedBreakdown.values()), + }; + } +} + +// Interfaces para calculo de impuestos +export interface TaxCalculationInput { + quantity: number; + priceUnit: number; + discount: number; + taxIds: string[]; +} + +export interface TaxBreakdownItem { + taxId: string; + taxName: string; + taxCode: string; + taxRate: number; + includedInPrice: boolean; + base: number; + taxAmount: number; +} + +export interface TaxCalculationResult { + amountUntaxed: number; + amountTax: number; + amountTotal: number; + taxBreakdown: TaxBreakdownItem[]; +} + +export const taxesService = new TaxesService(); diff --git a/backend/src/modules/financial/taxes.service.ts b/backend/src/modules/financial/taxes.service.ts new file mode 100644 index 0000000..d856ca3 --- /dev/null +++ b/backend/src/modules/financial/taxes.service.ts @@ -0,0 +1,382 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface Tax { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code: string; + tax_type: 'sales' | 'purchase' | 'all'; + amount: number; + included_in_price: boolean; + active: boolean; + created_at: Date; +} + +export interface CreateTaxDto { + company_id: string; + name: string; + code: string; + tax_type: 'sales' | 'purchase' | 'all'; + amount: number; + included_in_price?: boolean; +} + +export interface UpdateTaxDto { + name?: string; + code?: string; + tax_type?: 'sales' | 'purchase' | 'all'; + amount?: number; + included_in_price?: boolean; + active?: boolean; +} + +export interface TaxFilters { + company_id?: string; + tax_type?: string; + active?: boolean; + search?: string; + page?: number; + limit?: number; +} + +class TaxesService { + async findAll(tenantId: string, filters: TaxFilters = {}): Promise<{ data: Tax[]; total: number }> { + const { company_id, tax_type, active, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE t.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND t.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (tax_type) { + whereClause += ` AND t.tax_type = $${paramIndex++}`; + params.push(tax_type); + } + + if (active !== undefined) { + whereClause += ` AND t.active = $${paramIndex++}`; + params.push(active); + } + + if (search) { + whereClause += ` AND (t.name ILIKE $${paramIndex} OR t.code ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.taxes t ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT t.*, + c.name as company_name + FROM financial.taxes t + LEFT JOIN auth.companies c ON t.company_id = c.id + ${whereClause} + ORDER BY t.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const tax = await queryOne( + `SELECT t.*, + c.name as company_name + FROM financial.taxes t + LEFT JOIN auth.companies c ON t.company_id = c.id + WHERE t.id = $1 AND t.tenant_id = $2`, + [id, tenantId] + ); + + if (!tax) { + throw new NotFoundError('Impuesto no encontrado'); + } + + return tax; + } + + async create(dto: CreateTaxDto, tenantId: string, userId: string): Promise { + // Check unique code + const existing = await queryOne( + `SELECT id FROM financial.taxes WHERE tenant_id = $1 AND code = $2`, + [tenantId, dto.code] + ); + + if (existing) { + throw new ConflictError('Ya existe un impuesto con ese código'); + } + + const tax = await queryOne( + `INSERT INTO financial.taxes ( + tenant_id, company_id, name, code, tax_type, amount, included_in_price, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [ + tenantId, dto.company_id, dto.name, dto.code, dto.tax_type, + dto.amount, dto.included_in_price ?? false, userId + ] + ); + + return tax!; + } + + async update(id: string, dto: UpdateTaxDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.code !== undefined) { + // Check unique code + const existingCode = await queryOne( + `SELECT id FROM financial.taxes WHERE tenant_id = $1 AND code = $2 AND id != $3`, + [tenantId, dto.code, id] + ); + if (existingCode) { + throw new ConflictError('Ya existe un impuesto con ese código'); + } + updateFields.push(`code = $${paramIndex++}`); + values.push(dto.code); + } + if (dto.tax_type !== undefined) { + updateFields.push(`tax_type = $${paramIndex++}`); + values.push(dto.tax_type); + } + if (dto.amount !== undefined) { + updateFields.push(`amount = $${paramIndex++}`); + values.push(dto.amount); + } + if (dto.included_in_price !== undefined) { + updateFields.push(`included_in_price = $${paramIndex++}`); + values.push(dto.included_in_price); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE financial.taxes SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + // Check if tax is used in any invoice lines + const usageCheck = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM financial.invoice_lines + WHERE $1 = ANY(tax_ids)`, + [id] + ); + + if (parseInt(usageCheck?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar: el impuesto está siendo usado en facturas'); + } + + await query( + `DELETE FROM financial.taxes WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + /** + * Calcula impuestos para una linea de documento + * Sigue la logica de Odoo para calculos de IVA + */ + async calculateTaxes( + lineData: TaxCalculationInput, + tenantId: string, + transactionType: 'sales' | 'purchase' = 'sales' + ): Promise { + // Validar inputs + if (lineData.quantity <= 0 || lineData.priceUnit < 0) { + return { + amountUntaxed: 0, + amountTax: 0, + amountTotal: 0, + taxBreakdown: [], + }; + } + + // Calcular subtotal antes de impuestos + const subtotal = lineData.quantity * lineData.priceUnit; + const discountAmount = subtotal * (lineData.discount || 0) / 100; + const amountUntaxed = subtotal - discountAmount; + + // Si no hay impuestos, retornar solo el monto sin impuestos + if (!lineData.taxIds || lineData.taxIds.length === 0) { + return { + amountUntaxed, + amountTax: 0, + amountTotal: amountUntaxed, + taxBreakdown: [], + }; + } + + // Obtener impuestos de la BD + const taxResults = await query( + `SELECT * FROM financial.taxes + WHERE id = ANY($1) AND tenant_id = $2 AND active = true + AND (tax_type = $3 OR tax_type = 'all')`, + [lineData.taxIds, tenantId, transactionType] + ); + + if (taxResults.length === 0) { + return { + amountUntaxed, + amountTax: 0, + amountTotal: amountUntaxed, + taxBreakdown: [], + }; + } + + // Calcular impuestos + const taxBreakdown: TaxBreakdownItem[] = []; + let totalTax = 0; + + for (const tax of taxResults) { + let taxBase = amountUntaxed; + let taxAmount: number; + + if (tax.included_in_price) { + // Precio incluye impuesto (IVA incluido) + // Base = Precio / (1 + tasa) + // Impuesto = Precio - Base + taxBase = amountUntaxed / (1 + tax.amount / 100); + taxAmount = amountUntaxed - taxBase; + } else { + // Precio sin impuesto (IVA añadido) + // Impuesto = Base * tasa + taxAmount = amountUntaxed * tax.amount / 100; + } + + taxBreakdown.push({ + taxId: tax.id, + taxName: tax.name, + taxCode: tax.code, + taxRate: tax.amount, + includedInPrice: tax.included_in_price, + base: Math.round(taxBase * 100) / 100, + taxAmount: Math.round(taxAmount * 100) / 100, + }); + + totalTax += taxAmount; + } + + // Redondear a 2 decimales + const finalAmountTax = Math.round(totalTax * 100) / 100; + const finalAmountUntaxed = Math.round(amountUntaxed * 100) / 100; + const finalAmountTotal = Math.round((amountUntaxed + finalAmountTax) * 100) / 100; + + return { + amountUntaxed: finalAmountUntaxed, + amountTax: finalAmountTax, + amountTotal: finalAmountTotal, + taxBreakdown, + }; + } + + /** + * Calcula impuestos para multiples lineas (ej: para totales de documento) + */ + async calculateDocumentTaxes( + lines: TaxCalculationInput[], + tenantId: string, + transactionType: 'sales' | 'purchase' = 'sales' + ): Promise { + let totalUntaxed = 0; + let totalTax = 0; + const allBreakdown: TaxBreakdownItem[] = []; + + for (const line of lines) { + const result = await this.calculateTaxes(line, tenantId, transactionType); + totalUntaxed += result.amountUntaxed; + totalTax += result.amountTax; + allBreakdown.push(...result.taxBreakdown); + } + + // Consolidar breakdown por impuesto + const consolidatedBreakdown = new Map(); + for (const item of allBreakdown) { + const existing = consolidatedBreakdown.get(item.taxId); + if (existing) { + existing.base += item.base; + existing.taxAmount += item.taxAmount; + } else { + consolidatedBreakdown.set(item.taxId, { ...item }); + } + } + + return { + amountUntaxed: Math.round(totalUntaxed * 100) / 100, + amountTax: Math.round(totalTax * 100) / 100, + amountTotal: Math.round((totalUntaxed + totalTax) * 100) / 100, + taxBreakdown: Array.from(consolidatedBreakdown.values()), + }; + } +} + +// Interfaces para calculo de impuestos +export interface TaxCalculationInput { + quantity: number; + priceUnit: number; + discount: number; + taxIds: string[]; +} + +export interface TaxBreakdownItem { + taxId: string; + taxName: string; + taxCode: string; + taxRate: number; + includedInPrice: boolean; + base: number; + taxAmount: number; +} + +export interface TaxCalculationResult { + amountUntaxed: number; + amountTax: number; + amountTotal: number; + taxBreakdown: TaxBreakdownItem[]; +} + +export const taxesService = new TaxesService(); diff --git a/backend/src/modules/hr/contracts.service.ts b/backend/src/modules/hr/contracts.service.ts new file mode 100644 index 0000000..1ea40b5 --- /dev/null +++ b/backend/src/modules/hr/contracts.service.ts @@ -0,0 +1,346 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export type ContractStatus = 'draft' | 'active' | 'expired' | 'terminated' | 'cancelled'; +export type ContractType = 'permanent' | 'temporary' | 'contractor' | 'internship' | 'part_time'; + +export interface Contract { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + employee_id: string; + employee_name?: string; + employee_number?: string; + name: string; + reference?: string; + contract_type: ContractType; + status: ContractStatus; + job_position_id?: string; + job_position_name?: string; + department_id?: string; + department_name?: string; + date_start: Date; + date_end?: Date; + trial_date_end?: Date; + wage: number; + wage_type: string; + currency_id?: string; + currency_code?: string; + hours_per_week: number; + vacation_days: number; + christmas_bonus_days: number; + document_url?: string; + notes?: string; + created_at: Date; +} + +export interface CreateContractDto { + company_id: string; + employee_id: string; + name: string; + reference?: string; + contract_type: ContractType; + job_position_id?: string; + department_id?: string; + date_start: string; + date_end?: string; + trial_date_end?: string; + wage: number; + wage_type?: string; + currency_id?: string; + hours_per_week?: number; + vacation_days?: number; + christmas_bonus_days?: number; + document_url?: string; + notes?: string; +} + +export interface UpdateContractDto { + reference?: string | null; + job_position_id?: string | null; + department_id?: string | null; + date_end?: string | null; + trial_date_end?: string | null; + wage?: number; + wage_type?: string; + currency_id?: string | null; + hours_per_week?: number; + vacation_days?: number; + christmas_bonus_days?: number; + document_url?: string | null; + notes?: string | null; +} + +export interface ContractFilters { + company_id?: string; + employee_id?: string; + status?: ContractStatus; + contract_type?: ContractType; + search?: string; + page?: number; + limit?: number; +} + +class ContractsService { + async findAll(tenantId: string, filters: ContractFilters = {}): Promise<{ data: Contract[]; total: number }> { + const { company_id, employee_id, status, contract_type, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE c.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND c.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (employee_id) { + whereClause += ` AND c.employee_id = $${paramIndex++}`; + params.push(employee_id); + } + + if (status) { + whereClause += ` AND c.status = $${paramIndex++}`; + params.push(status); + } + + if (contract_type) { + whereClause += ` AND c.contract_type = $${paramIndex++}`; + params.push(contract_type); + } + + if (search) { + whereClause += ` AND (c.name ILIKE $${paramIndex} OR c.reference ILIKE $${paramIndex} OR e.first_name ILIKE $${paramIndex} OR e.last_name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM hr.contracts c + LEFT JOIN hr.employees e ON c.employee_id = e.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT c.*, + co.name as company_name, + CONCAT(e.first_name, ' ', e.last_name) as employee_name, + e.employee_number, + j.name as job_position_name, + d.name as department_name, + cu.code as currency_code + FROM hr.contracts c + LEFT JOIN auth.companies co ON c.company_id = co.id + LEFT JOIN hr.employees e ON c.employee_id = e.id + LEFT JOIN hr.job_positions j ON c.job_position_id = j.id + LEFT JOIN hr.departments d ON c.department_id = d.id + LEFT JOIN core.currencies cu ON c.currency_id = cu.id + ${whereClause} + ORDER BY c.date_start DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const contract = await queryOne( + `SELECT c.*, + co.name as company_name, + CONCAT(e.first_name, ' ', e.last_name) as employee_name, + e.employee_number, + j.name as job_position_name, + d.name as department_name, + cu.code as currency_code + FROM hr.contracts c + LEFT JOIN auth.companies co ON c.company_id = co.id + LEFT JOIN hr.employees e ON c.employee_id = e.id + LEFT JOIN hr.job_positions j ON c.job_position_id = j.id + LEFT JOIN hr.departments d ON c.department_id = d.id + LEFT JOIN core.currencies cu ON c.currency_id = cu.id + WHERE c.id = $1 AND c.tenant_id = $2`, + [id, tenantId] + ); + + if (!contract) { + throw new NotFoundError('Contrato no encontrado'); + } + + return contract; + } + + async create(dto: CreateContractDto, tenantId: string, userId: string): Promise { + // Check if employee has an active contract + const activeContract = await queryOne( + `SELECT id FROM hr.contracts WHERE employee_id = $1 AND status = 'active'`, + [dto.employee_id] + ); + + if (activeContract) { + throw new ValidationError('El empleado ya tiene un contrato activo'); + } + + const contract = await queryOne( + `INSERT INTO hr.contracts ( + tenant_id, company_id, employee_id, name, reference, contract_type, + job_position_id, department_id, date_start, date_end, trial_date_end, + wage, wage_type, currency_id, hours_per_week, vacation_days, christmas_bonus_days, + document_url, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20) + RETURNING *`, + [ + tenantId, dto.company_id, dto.employee_id, dto.name, dto.reference, dto.contract_type, + dto.job_position_id, dto.department_id, dto.date_start, dto.date_end, dto.trial_date_end, + dto.wage, dto.wage_type || 'monthly', dto.currency_id, dto.hours_per_week || 40, + dto.vacation_days || 6, dto.christmas_bonus_days || 15, dto.document_url, dto.notes, userId + ] + ); + + return this.findById(contract!.id, tenantId); + } + + async update(id: string, dto: UpdateContractDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar contratos en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = [ + 'reference', 'job_position_id', 'department_id', 'date_end', 'trial_date_end', + 'wage', 'wage_type', 'currency_id', 'hours_per_week', 'vacation_days', + 'christmas_bonus_days', 'document_url', 'notes' + ]; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + + values.push(id, tenantId); + + await query( + `UPDATE hr.contracts SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async activate(id: string, tenantId: string, userId: string): Promise { + const contract = await this.findById(id, tenantId); + + if (contract.status !== 'draft') { + throw new ValidationError('Solo se pueden activar contratos en estado borrador'); + } + + // Check if employee has another active contract + const activeContract = await queryOne( + `SELECT id FROM hr.contracts WHERE employee_id = $1 AND status = 'active' AND id != $2`, + [contract.employee_id, id] + ); + + if (activeContract) { + throw new ValidationError('El empleado ya tiene otro contrato activo'); + } + + await query( + `UPDATE hr.contracts SET + status = 'active', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + // Update employee department and position if specified + if (contract.department_id || contract.job_position_id) { + await query( + `UPDATE hr.employees SET + department_id = COALESCE($1, department_id), + job_position_id = COALESCE($2, job_position_id), + updated_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $4`, + [contract.department_id, contract.job_position_id, userId, contract.employee_id] + ); + } + + return this.findById(id, tenantId); + } + + async terminate(id: string, terminationDate: string, tenantId: string, userId: string): Promise { + const contract = await this.findById(id, tenantId); + + if (contract.status !== 'active') { + throw new ValidationError('Solo se pueden terminar contratos activos'); + } + + await query( + `UPDATE hr.contracts SET + status = 'terminated', + date_end = $1, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [terminationDate, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const contract = await this.findById(id, tenantId); + + if (contract.status === 'active' || contract.status === 'terminated') { + throw new ValidationError('No se puede cancelar un contrato activo o terminado'); + } + + await query( + `UPDATE hr.contracts SET + status = 'cancelled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const contract = await this.findById(id, tenantId); + + if (contract.status !== 'draft' && contract.status !== 'cancelled') { + throw new ValidationError('Solo se pueden eliminar contratos en borrador o cancelados'); + } + + await query(`DELETE FROM hr.contracts WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const contractsService = new ContractsService(); diff --git a/backend/src/modules/hr/departments.service.ts b/backend/src/modules/hr/departments.service.ts new file mode 100644 index 0000000..5d676e8 --- /dev/null +++ b/backend/src/modules/hr/departments.service.ts @@ -0,0 +1,393 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface Department { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code?: string; + parent_id?: string; + parent_name?: string; + manager_id?: string; + manager_name?: string; + description?: string; + color?: string; + active: boolean; + employee_count?: number; + created_at: Date; +} + +export interface CreateDepartmentDto { + company_id: string; + name: string; + code?: string; + parent_id?: string; + manager_id?: string; + description?: string; + color?: string; +} + +export interface UpdateDepartmentDto { + name?: string; + code?: string | null; + parent_id?: string | null; + manager_id?: string | null; + description?: string | null; + color?: string | null; + active?: boolean; +} + +export interface DepartmentFilters { + company_id?: string; + active?: boolean; + search?: string; + page?: number; + limit?: number; +} + +// Job Position interfaces +export interface JobPosition { + id: string; + tenant_id: string; + name: string; + department_id?: string; + department_name?: string; + description?: string; + requirements?: string; + responsibilities?: string; + min_salary?: number; + max_salary?: number; + active: boolean; + employee_count?: number; + created_at: Date; +} + +export interface CreateJobPositionDto { + name: string; + department_id?: string; + description?: string; + requirements?: string; + responsibilities?: string; + min_salary?: number; + max_salary?: number; +} + +export interface UpdateJobPositionDto { + name?: string; + department_id?: string | null; + description?: string | null; + requirements?: string | null; + responsibilities?: string | null; + min_salary?: number | null; + max_salary?: number | null; + active?: boolean; +} + +class DepartmentsService { + // ========== DEPARTMENTS ========== + + async findAll(tenantId: string, filters: DepartmentFilters = {}): Promise<{ data: Department[]; total: number }> { + const { company_id, active, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE d.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND d.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (active !== undefined) { + whereClause += ` AND d.active = $${paramIndex++}`; + params.push(active); + } + + if (search) { + whereClause += ` AND (d.name ILIKE $${paramIndex} OR d.code ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.departments d ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT d.*, + c.name as company_name, + p.name as parent_name, + CONCAT(m.first_name, ' ', m.last_name) as manager_name, + COALESCE(ec.employee_count, 0) as employee_count + FROM hr.departments d + LEFT JOIN auth.companies c ON d.company_id = c.id + LEFT JOIN hr.departments p ON d.parent_id = p.id + LEFT JOIN hr.employees m ON d.manager_id = m.id + LEFT JOIN ( + SELECT department_id, COUNT(*) as employee_count + FROM hr.employees + WHERE status = 'active' + GROUP BY department_id + ) ec ON d.id = ec.department_id + ${whereClause} + ORDER BY d.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const department = await queryOne( + `SELECT d.*, + c.name as company_name, + p.name as parent_name, + CONCAT(m.first_name, ' ', m.last_name) as manager_name, + COALESCE(ec.employee_count, 0) as employee_count + FROM hr.departments d + LEFT JOIN auth.companies c ON d.company_id = c.id + LEFT JOIN hr.departments p ON d.parent_id = p.id + LEFT JOIN hr.employees m ON d.manager_id = m.id + LEFT JOIN ( + SELECT department_id, COUNT(*) as employee_count + FROM hr.employees + WHERE status = 'active' + GROUP BY department_id + ) ec ON d.id = ec.department_id + WHERE d.id = $1 AND d.tenant_id = $2`, + [id, tenantId] + ); + + if (!department) { + throw new NotFoundError('Departamento no encontrado'); + } + + return department; + } + + async create(dto: CreateDepartmentDto, tenantId: string, userId: string): Promise { + // Check unique name within company + const existing = await queryOne( + `SELECT id FROM hr.departments WHERE name = $1 AND company_id = $2 AND tenant_id = $3`, + [dto.name, dto.company_id, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe un departamento con ese nombre en esta empresa'); + } + + const department = await queryOne( + `INSERT INTO hr.departments (tenant_id, company_id, name, code, parent_id, manager_id, description, color, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.code, dto.parent_id, dto.manager_id, dto.description, dto.color, userId] + ); + + return this.findById(department!.id, tenantId); + } + + async update(id: string, dto: UpdateDepartmentDto, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + // Check unique name if changing + if (dto.name && dto.name !== existing.name) { + const nameExists = await queryOne( + `SELECT id FROM hr.departments WHERE name = $1 AND company_id = $2 AND tenant_id = $3 AND id != $4`, + [dto.name, existing.company_id, tenantId, id] + ); + if (nameExists) { + throw new ConflictError('Ya existe un departamento con ese nombre en esta empresa'); + } + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = ['name', 'code', 'parent_id', 'manager_id', 'description', 'color', 'active']; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + values.push(id, tenantId); + + await query( + `UPDATE hr.departments SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + // Check if department has employees + const hasEmployees = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.employees WHERE department_id = $1`, + [id] + ); + + if (parseInt(hasEmployees?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un departamento con empleados asociados'); + } + + // Check if department has children + const hasChildren = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.departments WHERE parent_id = $1`, + [id] + ); + + if (parseInt(hasChildren?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un departamento con subdepartamentos'); + } + + await query(`DELETE FROM hr.departments WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // ========== JOB POSITIONS ========== + + async getJobPositions(tenantId: string, includeInactive = false): Promise { + let whereClause = 'WHERE j.tenant_id = $1'; + if (!includeInactive) { + whereClause += ' AND j.active = TRUE'; + } + + return query( + `SELECT j.*, + d.name as department_name, + COALESCE(ec.employee_count, 0) as employee_count + FROM hr.job_positions j + LEFT JOIN hr.departments d ON j.department_id = d.id + LEFT JOIN ( + SELECT job_position_id, COUNT(*) as employee_count + FROM hr.employees + WHERE status = 'active' + GROUP BY job_position_id + ) ec ON j.id = ec.job_position_id + ${whereClause} + ORDER BY j.name`, + [tenantId] + ); + } + + async getJobPositionById(id: string, tenantId: string): Promise { + const position = await queryOne( + `SELECT j.*, + d.name as department_name, + COALESCE(ec.employee_count, 0) as employee_count + FROM hr.job_positions j + LEFT JOIN hr.departments d ON j.department_id = d.id + LEFT JOIN ( + SELECT job_position_id, COUNT(*) as employee_count + FROM hr.employees + WHERE status = 'active' + GROUP BY job_position_id + ) ec ON j.id = ec.job_position_id + WHERE j.id = $1 AND j.tenant_id = $2`, + [id, tenantId] + ); + + if (!position) { + throw new NotFoundError('Puesto no encontrado'); + } + + return position; + } + + async createJobPosition(dto: CreateJobPositionDto, tenantId: string): Promise { + const existing = await queryOne( + `SELECT id FROM hr.job_positions WHERE name = $1 AND tenant_id = $2`, + [dto.name, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe un puesto con ese nombre'); + } + + const position = await queryOne( + `INSERT INTO hr.job_positions (tenant_id, name, department_id, description, requirements, responsibilities, min_salary, max_salary) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [tenantId, dto.name, dto.department_id, dto.description, dto.requirements, dto.responsibilities, dto.min_salary, dto.max_salary] + ); + + return position!; + } + + async updateJobPosition(id: string, dto: UpdateJobPositionDto, tenantId: string): Promise { + const existing = await this.getJobPositionById(id, tenantId); + + if (dto.name && dto.name !== existing.name) { + const nameExists = await queryOne( + `SELECT id FROM hr.job_positions WHERE name = $1 AND tenant_id = $2 AND id != $3`, + [dto.name, tenantId, id] + ); + if (nameExists) { + throw new ConflictError('Ya existe un puesto con ese nombre'); + } + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = ['name', 'department_id', 'description', 'requirements', 'responsibilities', 'min_salary', 'max_salary', 'active']; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + values.push(id, tenantId); + + await query( + `UPDATE hr.job_positions SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.getJobPositionById(id, tenantId); + } + + async deleteJobPosition(id: string, tenantId: string): Promise { + await this.getJobPositionById(id, tenantId); + + const hasEmployees = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.employees WHERE job_position_id = $1`, + [id] + ); + + if (parseInt(hasEmployees?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un puesto con empleados asociados'); + } + + await query(`DELETE FROM hr.job_positions WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const departmentsService = new DepartmentsService(); diff --git a/backend/src/modules/hr/employees.service.ts b/backend/src/modules/hr/employees.service.ts new file mode 100644 index 0000000..7138b94 --- /dev/null +++ b/backend/src/modules/hr/employees.service.ts @@ -0,0 +1,402 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export type EmployeeStatus = 'active' | 'inactive' | 'on_leave' | 'terminated'; + +export interface Employee { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + employee_number: string; + first_name: string; + last_name: string; + middle_name?: string; + full_name?: string; + user_id?: string; + birth_date?: Date; + gender?: string; + marital_status?: string; + nationality?: string; + identification_id?: string; + identification_type?: string; + social_security_number?: string; + tax_id?: string; + email?: string; + work_email?: string; + phone?: string; + work_phone?: string; + mobile?: string; + emergency_contact?: string; + emergency_phone?: string; + street?: string; + city?: string; + state?: string; + zip?: string; + country?: string; + department_id?: string; + department_name?: string; + job_position_id?: string; + job_position_name?: string; + manager_id?: string; + manager_name?: string; + hire_date: Date; + termination_date?: Date; + status: EmployeeStatus; + bank_name?: string; + bank_account?: string; + bank_clabe?: string; + photo_url?: string; + notes?: string; + created_at: Date; +} + +export interface CreateEmployeeDto { + company_id: string; + employee_number: string; + first_name: string; + last_name: string; + middle_name?: string; + user_id?: string; + birth_date?: string; + gender?: string; + marital_status?: string; + nationality?: string; + identification_id?: string; + identification_type?: string; + social_security_number?: string; + tax_id?: string; + email?: string; + work_email?: string; + phone?: string; + work_phone?: string; + mobile?: string; + emergency_contact?: string; + emergency_phone?: string; + street?: string; + city?: string; + state?: string; + zip?: string; + country?: string; + department_id?: string; + job_position_id?: string; + manager_id?: string; + hire_date: string; + bank_name?: string; + bank_account?: string; + bank_clabe?: string; + photo_url?: string; + notes?: string; +} + +export interface UpdateEmployeeDto { + first_name?: string; + last_name?: string; + middle_name?: string | null; + user_id?: string | null; + birth_date?: string | null; + gender?: string | null; + marital_status?: string | null; + nationality?: string | null; + identification_id?: string | null; + identification_type?: string | null; + social_security_number?: string | null; + tax_id?: string | null; + email?: string | null; + work_email?: string | null; + phone?: string | null; + work_phone?: string | null; + mobile?: string | null; + emergency_contact?: string | null; + emergency_phone?: string | null; + street?: string | null; + city?: string | null; + state?: string | null; + zip?: string | null; + country?: string | null; + department_id?: string | null; + job_position_id?: string | null; + manager_id?: string | null; + bank_name?: string | null; + bank_account?: string | null; + bank_clabe?: string | null; + photo_url?: string | null; + notes?: string | null; +} + +export interface EmployeeFilters { + company_id?: string; + department_id?: string; + status?: EmployeeStatus; + manager_id?: string; + search?: string; + page?: number; + limit?: number; +} + +class EmployeesService { + async findAll(tenantId: string, filters: EmployeeFilters = {}): Promise<{ data: Employee[]; total: number }> { + const { company_id, department_id, status, manager_id, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE e.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND e.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (department_id) { + whereClause += ` AND e.department_id = $${paramIndex++}`; + params.push(department_id); + } + + if (status) { + whereClause += ` AND e.status = $${paramIndex++}`; + params.push(status); + } + + if (manager_id) { + whereClause += ` AND e.manager_id = $${paramIndex++}`; + params.push(manager_id); + } + + if (search) { + whereClause += ` AND (e.first_name ILIKE $${paramIndex} OR e.last_name ILIKE $${paramIndex} OR e.employee_number ILIKE $${paramIndex} OR e.email ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.employees e ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT e.*, + CONCAT(e.first_name, ' ', COALESCE(e.middle_name || ' ', ''), e.last_name) as full_name, + c.name as company_name, + d.name as department_name, + j.name as job_position_name, + CONCAT(m.first_name, ' ', m.last_name) as manager_name + FROM hr.employees e + LEFT JOIN auth.companies c ON e.company_id = c.id + LEFT JOIN hr.departments d ON e.department_id = d.id + LEFT JOIN hr.job_positions j ON e.job_position_id = j.id + LEFT JOIN hr.employees m ON e.manager_id = m.id + ${whereClause} + ORDER BY e.last_name, e.first_name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const employee = await queryOne( + `SELECT e.*, + CONCAT(e.first_name, ' ', COALESCE(e.middle_name || ' ', ''), e.last_name) as full_name, + c.name as company_name, + d.name as department_name, + j.name as job_position_name, + CONCAT(m.first_name, ' ', m.last_name) as manager_name + FROM hr.employees e + LEFT JOIN auth.companies c ON e.company_id = c.id + LEFT JOIN hr.departments d ON e.department_id = d.id + LEFT JOIN hr.job_positions j ON e.job_position_id = j.id + LEFT JOIN hr.employees m ON e.manager_id = m.id + WHERE e.id = $1 AND e.tenant_id = $2`, + [id, tenantId] + ); + + if (!employee) { + throw new NotFoundError('Empleado no encontrado'); + } + + return employee; + } + + async create(dto: CreateEmployeeDto, tenantId: string, userId: string): Promise { + // Check unique employee number + const existing = await queryOne( + `SELECT id FROM hr.employees WHERE employee_number = $1 AND tenant_id = $2`, + [dto.employee_number, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe un empleado con ese numero'); + } + + const employee = await queryOne( + `INSERT INTO hr.employees ( + tenant_id, company_id, employee_number, first_name, last_name, middle_name, + user_id, birth_date, gender, marital_status, nationality, identification_id, + identification_type, social_security_number, tax_id, email, work_email, + phone, work_phone, mobile, emergency_contact, emergency_phone, street, city, + state, zip, country, department_id, job_position_id, manager_id, hire_date, + bank_name, bank_account, bank_clabe, photo_url, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, + $17, $18, $19, $20, $21, $22, $23, $24, $25, $26, $27, $28, $29, $30, + $31, $32, $33, $34, $35, $36, $37) + RETURNING *`, + [ + tenantId, dto.company_id, dto.employee_number, dto.first_name, dto.last_name, + dto.middle_name, dto.user_id, dto.birth_date, dto.gender, dto.marital_status, + dto.nationality, dto.identification_id, dto.identification_type, + dto.social_security_number, dto.tax_id, dto.email, dto.work_email, dto.phone, + dto.work_phone, dto.mobile, dto.emergency_contact, dto.emergency_phone, + dto.street, dto.city, dto.state, dto.zip, dto.country, dto.department_id, + dto.job_position_id, dto.manager_id, dto.hire_date, dto.bank_name, + dto.bank_account, dto.bank_clabe, dto.photo_url, dto.notes, userId + ] + ); + + return this.findById(employee!.id, tenantId); + } + + async update(id: string, dto: UpdateEmployeeDto, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = [ + 'first_name', 'last_name', 'middle_name', 'user_id', 'birth_date', 'gender', + 'marital_status', 'nationality', 'identification_id', 'identification_type', + 'social_security_number', 'tax_id', 'email', 'work_email', 'phone', 'work_phone', + 'mobile', 'emergency_contact', 'emergency_phone', 'street', 'city', 'state', + 'zip', 'country', 'department_id', 'job_position_id', 'manager_id', + 'bank_name', 'bank_account', 'bank_clabe', 'photo_url', 'notes' + ]; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return this.findById(id, tenantId); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + + values.push(id, tenantId); + + await query( + `UPDATE hr.employees SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async terminate(id: string, terminationDate: string, tenantId: string, userId: string): Promise { + const employee = await this.findById(id, tenantId); + + if (employee.status === 'terminated') { + throw new ValidationError('El empleado ya esta dado de baja'); + } + + await query( + `UPDATE hr.employees SET + status = 'terminated', + termination_date = $1, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [terminationDate, userId, id, tenantId] + ); + + // Also terminate active contracts + await query( + `UPDATE hr.contracts SET + status = 'terminated', + date_end = $1, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE employee_id = $3 AND status = 'active'`, + [terminationDate, userId, id] + ); + + return this.findById(id, tenantId); + } + + async reactivate(id: string, tenantId: string, userId: string): Promise { + const employee = await this.findById(id, tenantId); + + if (employee.status !== 'terminated' && employee.status !== 'inactive') { + throw new ValidationError('Solo se pueden reactivar empleados inactivos o dados de baja'); + } + + await query( + `UPDATE hr.employees SET + status = 'active', + termination_date = NULL, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const employee = await this.findById(id, tenantId); + + // Check if employee has contracts + const hasContracts = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.contracts WHERE employee_id = $1`, + [id] + ); + + if (parseInt(hasContracts?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un empleado con contratos asociados'); + } + + // Check if employee is a manager + const isManager = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.employees WHERE manager_id = $1`, + [id] + ); + + if (parseInt(isManager?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un empleado que es manager de otros'); + } + + await query(`DELETE FROM hr.employees WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // Get subordinates + async getSubordinates(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + return query( + `SELECT e.*, + CONCAT(e.first_name, ' ', COALESCE(e.middle_name || ' ', ''), e.last_name) as full_name, + d.name as department_name, + j.name as job_position_name + FROM hr.employees e + LEFT JOIN hr.departments d ON e.department_id = d.id + LEFT JOIN hr.job_positions j ON e.job_position_id = j.id + WHERE e.manager_id = $1 AND e.tenant_id = $2 + ORDER BY e.last_name, e.first_name`, + [id, tenantId] + ); + } +} + +export const employeesService = new EmployeesService(); diff --git a/backend/src/modules/hr/hr.controller.ts b/backend/src/modules/hr/hr.controller.ts new file mode 100644 index 0000000..382c30d --- /dev/null +++ b/backend/src/modules/hr/hr.controller.ts @@ -0,0 +1,721 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { employeesService, CreateEmployeeDto, UpdateEmployeeDto, EmployeeFilters } from './employees.service.js'; +import { departmentsService, CreateDepartmentDto, UpdateDepartmentDto, DepartmentFilters, CreateJobPositionDto, UpdateJobPositionDto } from './departments.service.js'; +import { contractsService, CreateContractDto, UpdateContractDto, ContractFilters } from './contracts.service.js'; +import { leavesService, CreateLeaveDto, UpdateLeaveDto, LeaveFilters, CreateLeaveTypeDto, UpdateLeaveTypeDto } from './leaves.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Employee schemas +const createEmployeeSchema = z.object({ + company_id: z.string().uuid(), + employee_number: z.string().min(1).max(50), + first_name: z.string().min(1).max(100), + last_name: z.string().min(1).max(100), + middle_name: z.string().max(100).optional(), + user_id: z.string().uuid().optional(), + birth_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + gender: z.string().max(20).optional(), + marital_status: z.string().max(20).optional(), + nationality: z.string().max(100).optional(), + identification_id: z.string().max(50).optional(), + identification_type: z.string().max(50).optional(), + social_security_number: z.string().max(50).optional(), + tax_id: z.string().max(50).optional(), + email: z.string().email().max(255).optional(), + work_email: z.string().email().max(255).optional(), + phone: z.string().max(50).optional(), + work_phone: z.string().max(50).optional(), + mobile: z.string().max(50).optional(), + emergency_contact: z.string().max(255).optional(), + emergency_phone: z.string().max(50).optional(), + street: z.string().max(255).optional(), + city: z.string().max(100).optional(), + state: z.string().max(100).optional(), + zip: z.string().max(20).optional(), + country: z.string().max(100).optional(), + department_id: z.string().uuid().optional(), + job_position_id: z.string().uuid().optional(), + manager_id: z.string().uuid().optional(), + hire_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + bank_name: z.string().max(100).optional(), + bank_account: z.string().max(50).optional(), + bank_clabe: z.string().max(20).optional(), + photo_url: z.string().url().max(500).optional(), + notes: z.string().optional(), +}); + +const updateEmployeeSchema = createEmployeeSchema.partial().omit({ company_id: true, employee_number: true, hire_date: true }); + +const employeeQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + department_id: z.string().uuid().optional(), + status: z.enum(['active', 'inactive', 'on_leave', 'terminated']).optional(), + manager_id: z.string().uuid().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Department schemas +const createDepartmentSchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(100), + code: z.string().max(20).optional(), + parent_id: z.string().uuid().optional(), + manager_id: z.string().uuid().optional(), + description: z.string().optional(), + color: z.string().max(20).optional(), +}); + +const updateDepartmentSchema = z.object({ + name: z.string().min(1).max(100).optional(), + code: z.string().max(20).optional().nullable(), + parent_id: z.string().uuid().optional().nullable(), + manager_id: z.string().uuid().optional().nullable(), + description: z.string().optional().nullable(), + color: z.string().max(20).optional().nullable(), + active: z.boolean().optional(), +}); + +const departmentQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + active: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +// Job Position schemas +const createJobPositionSchema = z.object({ + name: z.string().min(1).max(100), + department_id: z.string().uuid().optional(), + description: z.string().optional(), + requirements: z.string().optional(), + responsibilities: z.string().optional(), + min_salary: z.number().min(0).optional(), + max_salary: z.number().min(0).optional(), +}); + +const updateJobPositionSchema = z.object({ + name: z.string().min(1).max(100).optional(), + department_id: z.string().uuid().optional().nullable(), + description: z.string().optional().nullable(), + requirements: z.string().optional().nullable(), + responsibilities: z.string().optional().nullable(), + min_salary: z.number().min(0).optional().nullable(), + max_salary: z.number().min(0).optional().nullable(), + active: z.boolean().optional(), +}); + +// Contract schemas +const createContractSchema = z.object({ + company_id: z.string().uuid(), + employee_id: z.string().uuid(), + name: z.string().min(1).max(100), + reference: z.string().max(100).optional(), + contract_type: z.enum(['permanent', 'temporary', 'contractor', 'internship', 'part_time']), + job_position_id: z.string().uuid().optional(), + department_id: z.string().uuid().optional(), + date_start: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + date_end: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + trial_date_end: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + wage: z.number().min(0), + wage_type: z.string().max(20).optional(), + currency_id: z.string().uuid().optional(), + hours_per_week: z.number().min(0).max(168).optional(), + vacation_days: z.number().int().min(0).optional(), + christmas_bonus_days: z.number().int().min(0).optional(), + document_url: z.string().url().max(500).optional(), + notes: z.string().optional(), +}); + +const updateContractSchema = z.object({ + reference: z.string().max(100).optional().nullable(), + job_position_id: z.string().uuid().optional().nullable(), + department_id: z.string().uuid().optional().nullable(), + date_end: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + trial_date_end: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + wage: z.number().min(0).optional(), + wage_type: z.string().max(20).optional(), + currency_id: z.string().uuid().optional().nullable(), + hours_per_week: z.number().min(0).max(168).optional(), + vacation_days: z.number().int().min(0).optional(), + christmas_bonus_days: z.number().int().min(0).optional(), + document_url: z.string().url().max(500).optional().nullable(), + notes: z.string().optional().nullable(), +}); + +const contractQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + employee_id: z.string().uuid().optional(), + status: z.enum(['draft', 'active', 'expired', 'terminated', 'cancelled']).optional(), + contract_type: z.enum(['permanent', 'temporary', 'contractor', 'internship', 'part_time']).optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Leave Type schemas +const createLeaveTypeSchema = z.object({ + name: z.string().min(1).max(100), + code: z.string().max(20).optional(), + leave_type: z.enum(['vacation', 'sick', 'personal', 'maternity', 'paternity', 'bereavement', 'unpaid', 'other']), + requires_approval: z.boolean().optional(), + max_days: z.number().int().min(1).optional(), + is_paid: z.boolean().optional(), + color: z.string().max(20).optional(), +}); + +const updateLeaveTypeSchema = z.object({ + name: z.string().min(1).max(100).optional(), + code: z.string().max(20).optional().nullable(), + requires_approval: z.boolean().optional(), + max_days: z.number().int().min(1).optional().nullable(), + is_paid: z.boolean().optional(), + color: z.string().max(20).optional().nullable(), + active: z.boolean().optional(), +}); + +// Leave schemas +const createLeaveSchema = z.object({ + company_id: z.string().uuid(), + employee_id: z.string().uuid(), + leave_type_id: z.string().uuid(), + name: z.string().max(255).optional(), + date_from: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + date_to: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + description: z.string().optional(), +}); + +const updateLeaveSchema = z.object({ + leave_type_id: z.string().uuid().optional(), + name: z.string().max(255).optional().nullable(), + date_from: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + date_to: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + description: z.string().optional().nullable(), +}); + +const leaveQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + employee_id: z.string().uuid().optional(), + leave_type_id: z.string().uuid().optional(), + status: z.enum(['draft', 'submitted', 'approved', 'rejected', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +const terminateSchema = z.object({ + termination_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), +}); + +const rejectSchema = z.object({ + reason: z.string().min(1), +}); + +class HrController { + // ========== EMPLOYEES ========== + + async getEmployees(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = employeeQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: EmployeeFilters = queryResult.data; + const result = await employeesService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const employee = await employeesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: employee }); + } catch (error) { + next(error); + } + } + + async createEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createEmployeeSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de empleado invalidos', parseResult.error.errors); + } + + const dto: CreateEmployeeDto = parseResult.data; + const employee = await employeesService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ success: true, data: employee, message: 'Empleado creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateEmployeeSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de empleado invalidos', parseResult.error.errors); + } + + const dto: UpdateEmployeeDto = parseResult.data; + const employee = await employeesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ success: true, data: employee, message: 'Empleado actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async terminateEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = terminateSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const employee = await employeesService.terminate(req.params.id, parseResult.data.termination_date, req.tenantId!, req.user!.userId); + res.json({ success: true, data: employee, message: 'Empleado dado de baja exitosamente' }); + } catch (error) { + next(error); + } + } + + async reactivateEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const employee = await employeesService.reactivate(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: employee, message: 'Empleado reactivado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteEmployee(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await employeesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Empleado eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async getSubordinates(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const subordinates = await employeesService.getSubordinates(req.params.id, req.tenantId!); + res.json({ success: true, data: subordinates }); + } catch (error) { + next(error); + } + } + + // ========== DEPARTMENTS ========== + + async getDepartments(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = departmentQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: DepartmentFilters = queryResult.data; + const result = await departmentsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getDepartment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const department = await departmentsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: department }); + } catch (error) { + next(error); + } + } + + async createDepartment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createDepartmentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de departamento invalidos', parseResult.error.errors); + } + + const dto: CreateDepartmentDto = parseResult.data; + const department = await departmentsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ success: true, data: department, message: 'Departamento creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateDepartment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateDepartmentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de departamento invalidos', parseResult.error.errors); + } + + const dto: UpdateDepartmentDto = parseResult.data; + const department = await departmentsService.update(req.params.id, dto, req.tenantId!); + + res.json({ success: true, data: department, message: 'Departamento actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteDepartment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await departmentsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Departamento eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== JOB POSITIONS ========== + + async getJobPositions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const includeInactive = req.query.include_inactive === 'true'; + const positions = await departmentsService.getJobPositions(req.tenantId!, includeInactive); + res.json({ success: true, data: positions }); + } catch (error) { + next(error); + } + } + + async createJobPosition(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createJobPositionSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de puesto invalidos', parseResult.error.errors); + } + + const dto: CreateJobPositionDto = parseResult.data; + const position = await departmentsService.createJobPosition(dto, req.tenantId!); + + res.status(201).json({ success: true, data: position, message: 'Puesto creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateJobPosition(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateJobPositionSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de puesto invalidos', parseResult.error.errors); + } + + const dto: UpdateJobPositionDto = parseResult.data; + const position = await departmentsService.updateJobPosition(req.params.id, dto, req.tenantId!); + + res.json({ success: true, data: position, message: 'Puesto actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteJobPosition(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await departmentsService.deleteJobPosition(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Puesto eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== CONTRACTS ========== + + async getContracts(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = contractQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: ContractFilters = queryResult.data; + const result = await contractsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const contract = await contractsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: contract }); + } catch (error) { + next(error); + } + } + + async createContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createContractSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de contrato invalidos', parseResult.error.errors); + } + + const dto: CreateContractDto = parseResult.data; + const contract = await contractsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ success: true, data: contract, message: 'Contrato creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateContractSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de contrato invalidos', parseResult.error.errors); + } + + const dto: UpdateContractDto = parseResult.data; + const contract = await contractsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ success: true, data: contract, message: 'Contrato actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async activateContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const contract = await contractsService.activate(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: contract, message: 'Contrato activado exitosamente' }); + } catch (error) { + next(error); + } + } + + async terminateContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = terminateSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const contract = await contractsService.terminate(req.params.id, parseResult.data.termination_date, req.tenantId!, req.user!.userId); + res.json({ success: true, data: contract, message: 'Contrato terminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const contract = await contractsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: contract, message: 'Contrato cancelado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteContract(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await contractsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Contrato eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== LEAVE TYPES ========== + + async getLeaveTypes(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const includeInactive = req.query.include_inactive === 'true'; + const leaveTypes = await leavesService.getLeaveTypes(req.tenantId!, includeInactive); + res.json({ success: true, data: leaveTypes }); + } catch (error) { + next(error); + } + } + + async createLeaveType(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLeaveTypeSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de tipo de ausencia invalidos', parseResult.error.errors); + } + + const dto: CreateLeaveTypeDto = parseResult.data; + const leaveType = await leavesService.createLeaveType(dto, req.tenantId!); + + res.status(201).json({ success: true, data: leaveType, message: 'Tipo de ausencia creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateLeaveType(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLeaveTypeSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de tipo de ausencia invalidos', parseResult.error.errors); + } + + const dto: UpdateLeaveTypeDto = parseResult.data; + const leaveType = await leavesService.updateLeaveType(req.params.id, dto, req.tenantId!); + + res.json({ success: true, data: leaveType, message: 'Tipo de ausencia actualizado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteLeaveType(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await leavesService.deleteLeaveType(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Tipo de ausencia eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== LEAVES ========== + + async getLeaves(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = leaveQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parametros de consulta invalidos', queryResult.error.errors); + } + + const filters: LeaveFilters = queryResult.data; + const result = await leavesService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const leave = await leavesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: leave }); + } catch (error) { + next(error); + } + } + + async createLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLeaveSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ausencia invalidos', parseResult.error.errors); + } + + const dto: CreateLeaveDto = parseResult.data; + const leave = await leavesService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ success: true, data: leave, message: 'Solicitud de ausencia creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLeaveSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ausencia invalidos', parseResult.error.errors); + } + + const dto: UpdateLeaveDto = parseResult.data; + const leave = await leavesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ success: true, data: leave, message: 'Solicitud de ausencia actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async submitLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const leave = await leavesService.submit(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: leave, message: 'Solicitud enviada exitosamente' }); + } catch (error) { + next(error); + } + } + + async approveLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const leave = await leavesService.approve(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: leave, message: 'Solicitud aprobada exitosamente' }); + } catch (error) { + next(error); + } + } + + async rejectLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = rejectSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos invalidos', parseResult.error.errors); + } + + const leave = await leavesService.reject(req.params.id, parseResult.data.reason, req.tenantId!, req.user!.userId); + res.json({ success: true, data: leave, message: 'Solicitud rechazada' }); + } catch (error) { + next(error); + } + } + + async cancelLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const leave = await leavesService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: leave, message: 'Solicitud cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteLeave(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await leavesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Solicitud eliminada exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const hrController = new HrController(); diff --git a/backend/src/modules/hr/hr.routes.ts b/backend/src/modules/hr/hr.routes.ts new file mode 100644 index 0000000..68a78ed --- /dev/null +++ b/backend/src/modules/hr/hr.routes.ts @@ -0,0 +1,152 @@ +import { Router } from 'express'; +import { hrController } from './hr.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== EMPLOYEES ========== + +router.get('/employees', (req, res, next) => hrController.getEmployees(req, res, next)); + +router.get('/employees/:id', (req, res, next) => hrController.getEmployee(req, res, next)); + +router.get('/employees/:id/subordinates', (req, res, next) => hrController.getSubordinates(req, res, next)); + +router.post('/employees', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.createEmployee(req, res, next) +); + +router.put('/employees/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.updateEmployee(req, res, next) +); + +router.post('/employees/:id/terminate', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.terminateEmployee(req, res, next) +); + +router.post('/employees/:id/reactivate', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.reactivateEmployee(req, res, next) +); + +router.delete('/employees/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteEmployee(req, res, next) +); + +// ========== DEPARTMENTS ========== + +router.get('/departments', (req, res, next) => hrController.getDepartments(req, res, next)); + +router.get('/departments/:id', (req, res, next) => hrController.getDepartment(req, res, next)); + +router.post('/departments', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.createDepartment(req, res, next) +); + +router.put('/departments/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.updateDepartment(req, res, next) +); + +router.delete('/departments/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteDepartment(req, res, next) +); + +// ========== JOB POSITIONS ========== + +router.get('/positions', (req, res, next) => hrController.getJobPositions(req, res, next)); + +router.post('/positions', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.createJobPosition(req, res, next) +); + +router.put('/positions/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.updateJobPosition(req, res, next) +); + +router.delete('/positions/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteJobPosition(req, res, next) +); + +// ========== CONTRACTS ========== + +router.get('/contracts', (req, res, next) => hrController.getContracts(req, res, next)); + +router.get('/contracts/:id', (req, res, next) => hrController.getContract(req, res, next)); + +router.post('/contracts', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.createContract(req, res, next) +); + +router.put('/contracts/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.updateContract(req, res, next) +); + +router.post('/contracts/:id/activate', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.activateContract(req, res, next) +); + +router.post('/contracts/:id/terminate', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.terminateContract(req, res, next) +); + +router.post('/contracts/:id/cancel', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.cancelContract(req, res, next) +); + +router.delete('/contracts/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteContract(req, res, next) +); + +// ========== LEAVE TYPES ========== + +router.get('/leave-types', (req, res, next) => hrController.getLeaveTypes(req, res, next)); + +router.post('/leave-types', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.createLeaveType(req, res, next) +); + +router.put('/leave-types/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.updateLeaveType(req, res, next) +); + +router.delete('/leave-types/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteLeaveType(req, res, next) +); + +// ========== LEAVES ========== + +router.get('/leaves', (req, res, next) => hrController.getLeaves(req, res, next)); + +router.get('/leaves/:id', (req, res, next) => hrController.getLeave(req, res, next)); + +router.post('/leaves', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.createLeave(req, res, next) +); + +router.put('/leaves/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.updateLeave(req, res, next) +); + +router.post('/leaves/:id/submit', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.submitLeave(req, res, next) +); + +router.post('/leaves/:id/approve', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.approveLeave(req, res, next) +); + +router.post('/leaves/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.rejectLeave(req, res, next) +); + +router.post('/leaves/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + hrController.cancelLeave(req, res, next) +); + +router.delete('/leaves/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + hrController.deleteLeave(req, res, next) +); + +export default router; diff --git a/backend/src/modules/hr/index.ts b/backend/src/modules/hr/index.ts new file mode 100644 index 0000000..1a5223b --- /dev/null +++ b/backend/src/modules/hr/index.ts @@ -0,0 +1,6 @@ +export * from './employees.service.js'; +export * from './departments.service.js'; +export * from './contracts.service.js'; +export * from './leaves.service.js'; +export * from './hr.controller.js'; +export { default as hrRoutes } from './hr.routes.js'; diff --git a/backend/src/modules/hr/leaves.service.ts b/backend/src/modules/hr/leaves.service.ts new file mode 100644 index 0000000..957dd24 --- /dev/null +++ b/backend/src/modules/hr/leaves.service.ts @@ -0,0 +1,517 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/errors/index.js'; + +export type LeaveStatus = 'draft' | 'submitted' | 'approved' | 'rejected' | 'cancelled'; +export type LeaveType = 'vacation' | 'sick' | 'personal' | 'maternity' | 'paternity' | 'bereavement' | 'unpaid' | 'other'; + +export interface LeaveTypeConfig { + id: string; + tenant_id: string; + name: string; + code?: string; + leave_type: LeaveType; + requires_approval: boolean; + max_days?: number; + is_paid: boolean; + color?: string; + active: boolean; + created_at: Date; +} + +export interface Leave { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + employee_id: string; + employee_name?: string; + employee_number?: string; + leave_type_id: string; + leave_type_name?: string; + name?: string; + date_from: Date; + date_to: Date; + number_of_days: number; + status: LeaveStatus; + description?: string; + approved_by?: string; + approved_by_name?: string; + approved_at?: Date; + rejection_reason?: string; + created_at: Date; +} + +export interface CreateLeaveTypeDto { + name: string; + code?: string; + leave_type: LeaveType; + requires_approval?: boolean; + max_days?: number; + is_paid?: boolean; + color?: string; +} + +export interface UpdateLeaveTypeDto { + name?: string; + code?: string | null; + requires_approval?: boolean; + max_days?: number | null; + is_paid?: boolean; + color?: string | null; + active?: boolean; +} + +export interface CreateLeaveDto { + company_id: string; + employee_id: string; + leave_type_id: string; + name?: string; + date_from: string; + date_to: string; + description?: string; +} + +export interface UpdateLeaveDto { + leave_type_id?: string; + name?: string | null; + date_from?: string; + date_to?: string; + description?: string | null; +} + +export interface LeaveFilters { + company_id?: string; + employee_id?: string; + leave_type_id?: string; + status?: LeaveStatus; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class LeavesService { + // ========== LEAVE TYPES ========== + + async getLeaveTypes(tenantId: string, includeInactive = false): Promise { + let whereClause = 'WHERE tenant_id = $1'; + if (!includeInactive) { + whereClause += ' AND active = TRUE'; + } + + return query( + `SELECT * FROM hr.leave_types ${whereClause} ORDER BY name`, + [tenantId] + ); + } + + async getLeaveTypeById(id: string, tenantId: string): Promise { + const leaveType = await queryOne( + `SELECT * FROM hr.leave_types WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!leaveType) { + throw new NotFoundError('Tipo de ausencia no encontrado'); + } + + return leaveType; + } + + async createLeaveType(dto: CreateLeaveTypeDto, tenantId: string): Promise { + const existing = await queryOne( + `SELECT id FROM hr.leave_types WHERE name = $1 AND tenant_id = $2`, + [dto.name, tenantId] + ); + + if (existing) { + throw new ConflictError('Ya existe un tipo de ausencia con ese nombre'); + } + + const leaveType = await queryOne( + `INSERT INTO hr.leave_types (tenant_id, name, code, leave_type, requires_approval, max_days, is_paid, color) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [ + tenantId, dto.name, dto.code, dto.leave_type, + dto.requires_approval ?? true, dto.max_days, dto.is_paid ?? true, dto.color + ] + ); + + return leaveType!; + } + + async updateLeaveType(id: string, dto: UpdateLeaveTypeDto, tenantId: string): Promise { + const existing = await this.getLeaveTypeById(id, tenantId); + + if (dto.name && dto.name !== existing.name) { + const nameExists = await queryOne( + `SELECT id FROM hr.leave_types WHERE name = $1 AND tenant_id = $2 AND id != $3`, + [dto.name, tenantId, id] + ); + if (nameExists) { + throw new ConflictError('Ya existe un tipo de ausencia con ese nombre'); + } + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const fieldsToUpdate = ['name', 'code', 'requires_approval', 'max_days', 'is_paid', 'color', 'active']; + + for (const field of fieldsToUpdate) { + if ((dto as any)[field] !== undefined) { + updateFields.push(`${field} = $${paramIndex++}`); + values.push((dto as any)[field]); + } + } + + if (updateFields.length === 0) { + return existing; + } + + values.push(id, tenantId); + + await query( + `UPDATE hr.leave_types SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.getLeaveTypeById(id, tenantId); + } + + async deleteLeaveType(id: string, tenantId: string): Promise { + await this.getLeaveTypeById(id, tenantId); + + const inUse = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.leaves WHERE leave_type_id = $1`, + [id] + ); + + if (parseInt(inUse?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar un tipo de ausencia que esta en uso'); + } + + await query(`DELETE FROM hr.leave_types WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + // ========== LEAVES ========== + + async findAll(tenantId: string, filters: LeaveFilters = {}): Promise<{ data: Leave[]; total: number }> { + const { company_id, employee_id, leave_type_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE l.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND l.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (employee_id) { + whereClause += ` AND l.employee_id = $${paramIndex++}`; + params.push(employee_id); + } + + if (leave_type_id) { + whereClause += ` AND l.leave_type_id = $${paramIndex++}`; + params.push(leave_type_id); + } + + if (status) { + whereClause += ` AND l.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND l.date_from >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND l.date_to <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (l.name ILIKE $${paramIndex} OR e.first_name ILIKE $${paramIndex} OR e.last_name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM hr.leaves l + LEFT JOIN hr.employees e ON l.employee_id = e.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT l.*, + c.name as company_name, + CONCAT(e.first_name, ' ', e.last_name) as employee_name, + e.employee_number, + lt.name as leave_type_name, + CONCAT(a.first_name, ' ', a.last_name) as approved_by_name + FROM hr.leaves l + LEFT JOIN auth.companies c ON l.company_id = c.id + LEFT JOIN hr.employees e ON l.employee_id = e.id + LEFT JOIN hr.leave_types lt ON l.leave_type_id = lt.id + LEFT JOIN hr.employees a ON l.approved_by = a.user_id + ${whereClause} + ORDER BY l.date_from DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const leave = await queryOne( + `SELECT l.*, + c.name as company_name, + CONCAT(e.first_name, ' ', e.last_name) as employee_name, + e.employee_number, + lt.name as leave_type_name, + CONCAT(a.first_name, ' ', a.last_name) as approved_by_name + FROM hr.leaves l + LEFT JOIN auth.companies c ON l.company_id = c.id + LEFT JOIN hr.employees e ON l.employee_id = e.id + LEFT JOIN hr.leave_types lt ON l.leave_type_id = lt.id + LEFT JOIN hr.employees a ON l.approved_by = a.user_id + WHERE l.id = $1 AND l.tenant_id = $2`, + [id, tenantId] + ); + + if (!leave) { + throw new NotFoundError('Solicitud de ausencia no encontrada'); + } + + return leave; + } + + async create(dto: CreateLeaveDto, tenantId: string, userId: string): Promise { + // Calculate number of days + const startDate = new Date(dto.date_from); + const endDate = new Date(dto.date_to); + const diffTime = Math.abs(endDate.getTime() - startDate.getTime()); + const numberOfDays = Math.ceil(diffTime / (1000 * 60 * 60 * 24)) + 1; + + if (numberOfDays <= 0) { + throw new ValidationError('La fecha de fin debe ser igual o posterior a la fecha de inicio'); + } + + // Check leave type max days + const leaveType = await this.getLeaveTypeById(dto.leave_type_id, tenantId); + if (leaveType.max_days && numberOfDays > leaveType.max_days) { + throw new ValidationError(`Este tipo de ausencia tiene un maximo de ${leaveType.max_days} dias`); + } + + // Check for overlapping leaves + const overlap = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM hr.leaves + WHERE employee_id = $1 AND status IN ('submitted', 'approved') + AND ((date_from <= $2 AND date_to >= $2) OR (date_from <= $3 AND date_to >= $3) + OR (date_from >= $2 AND date_to <= $3))`, + [dto.employee_id, dto.date_from, dto.date_to] + ); + + if (parseInt(overlap?.count || '0') > 0) { + throw new ValidationError('Ya existe una solicitud de ausencia para estas fechas'); + } + + const leave = await queryOne( + `INSERT INTO hr.leaves ( + tenant_id, company_id, employee_id, leave_type_id, name, date_from, date_to, + number_of_days, description, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, dto.company_id, dto.employee_id, dto.leave_type_id, dto.name, + dto.date_from, dto.date_to, numberOfDays, dto.description, userId + ] + ); + + return this.findById(leave!.id, tenantId); + } + + async update(id: string, dto: UpdateLeaveDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar solicitudes en borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.leave_type_id !== undefined) { + updateFields.push(`leave_type_id = $${paramIndex++}`); + values.push(dto.leave_type_id); + } + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + + // Recalculate days if dates changed + let newDateFrom = existing.date_from; + let newDateTo = existing.date_to; + + if (dto.date_from !== undefined) { + updateFields.push(`date_from = $${paramIndex++}`); + values.push(dto.date_from); + newDateFrom = new Date(dto.date_from); + } + if (dto.date_to !== undefined) { + updateFields.push(`date_to = $${paramIndex++}`); + values.push(dto.date_to); + newDateTo = new Date(dto.date_to); + } + + if (dto.date_from !== undefined || dto.date_to !== undefined) { + const diffTime = Math.abs(newDateTo.getTime() - newDateFrom.getTime()); + const numberOfDays = Math.ceil(diffTime / (1000 * 60 * 60 * 24)) + 1; + updateFields.push(`number_of_days = $${paramIndex++}`); + values.push(numberOfDays); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + + values.push(id, tenantId); + + await query( + `UPDATE hr.leaves SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async submit(id: string, tenantId: string, userId: string): Promise { + const leave = await this.findById(id, tenantId); + + if (leave.status !== 'draft') { + throw new ValidationError('Solo se pueden enviar solicitudes en borrador'); + } + + await query( + `UPDATE hr.leaves SET + status = 'submitted', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async approve(id: string, tenantId: string, userId: string): Promise { + const leave = await this.findById(id, tenantId); + + if (leave.status !== 'submitted') { + throw new ValidationError('Solo se pueden aprobar solicitudes enviadas'); + } + + await query( + `UPDATE hr.leaves SET + status = 'approved', + approved_by = $1, + approved_at = CURRENT_TIMESTAMP, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + // Update employee status if leave starts today or earlier + const today = new Date().toISOString().split('T')[0]; + if (leave.date_from.toISOString().split('T')[0] <= today && leave.date_to.toISOString().split('T')[0] >= today) { + await query( + `UPDATE hr.employees SET status = 'on_leave' WHERE id = $1`, + [leave.employee_id] + ); + } + + return this.findById(id, tenantId); + } + + async reject(id: string, reason: string, tenantId: string, userId: string): Promise { + const leave = await this.findById(id, tenantId); + + if (leave.status !== 'submitted') { + throw new ValidationError('Solo se pueden rechazar solicitudes enviadas'); + } + + await query( + `UPDATE hr.leaves SET + status = 'rejected', + rejection_reason = $1, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [reason, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const leave = await this.findById(id, tenantId); + + if (leave.status === 'cancelled') { + throw new ValidationError('La solicitud ya esta cancelada'); + } + + if (leave.status === 'rejected') { + throw new ValidationError('No se puede cancelar una solicitud rechazada'); + } + + await query( + `UPDATE hr.leaves SET + status = 'cancelled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const leave = await this.findById(id, tenantId); + + if (leave.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar solicitudes en borrador'); + } + + await query(`DELETE FROM hr.leaves WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const leavesService = new LeavesService(); diff --git a/backend/src/modules/inventory/MIGRATION_STATUS.md b/backend/src/modules/inventory/MIGRATION_STATUS.md new file mode 100644 index 0000000..90f2310 --- /dev/null +++ b/backend/src/modules/inventory/MIGRATION_STATUS.md @@ -0,0 +1,177 @@ +# Inventory Module TypeORM Migration Status + +## Completed Tasks + +### 1. Entity Creation (100% Complete) +All entity files have been successfully created in `/src/modules/inventory/entities/`: + +- ✅ `product.entity.ts` - Product entity with types, tracking, and valuation methods +- ✅ `warehouse.entity.ts` - Warehouse entity with company relation +- ✅ `location.entity.ts` - Location entity with hierarchy support +- ✅ `stock-quant.entity.ts` - Stock quantities per location +- ✅ `lot.entity.ts` - Lot/batch tracking +- ✅ `picking.entity.ts` - Picking/fulfillment operations +- ✅ `stock-move.entity.ts` - Stock movement lines +- ✅ `inventory-adjustment.entity.ts` - Stock adjustments header +- ✅ `inventory-adjustment-line.entity.ts` - Stock adjustment lines +- ✅ `stock-valuation-layer.entity.ts` - FIFO/Average cost valuation + +All entities include: +- Proper schema specification (`schema: 'inventory'`) +- Indexes on key fields +- Relations using TypeORM decorators +- Audit fields (created_at, created_by, updated_at, updated_by, deleted_at, deleted_by) +- Enums for type-safe status fields + +### 2. Service Refactoring (Partial - 2/8 Complete) + +#### ✅ Completed Services: +1. **products.service.ts** - Fully migrated to TypeORM + - Uses Repository pattern + - All CRUD operations converted + - Proper error handling and logging + - Stock validation before deletion + +2. **warehouses.service.ts** - Fully migrated to TypeORM + - Company relations properly loaded + - Default warehouse handling + - Stock validation + - Location and stock retrieval + +#### ⏳ Remaining Services to Migrate: +3. **locations.service.ts** - Needs TypeORM migration + - Current: Uses raw SQL queries + - Todo: Convert to Repository pattern with QueryBuilder + - Key features: Hierarchical locations, parent-child relationships + +4. **lots.service.ts** - Needs TypeORM migration + - Current: Uses raw SQL queries + - Todo: Convert to Repository pattern + - Key features: Expiration tracking, stock quantity aggregation + +5. **pickings.service.ts** - Needs TypeORM migration (COMPLEX) + - Current: Uses raw SQL with transactions + - Todo: Convert to TypeORM with QueryRunner for transactions + - Key features: Multi-line operations, status workflows, stock updates + +6. **adjustments.service.ts** - Needs TypeORM migration (COMPLEX) + - Current: Uses raw SQL with transactions + - Todo: Convert to TypeORM with QueryRunner + - Key features: Multi-line operations, theoretical vs counted quantities + +7. **valuation.service.ts** - Needs TypeORM migration (COMPLEX) + - Current: Uses raw SQL with client transactions + - Todo: Convert to TypeORM while maintaining FIFO logic + - Key features: Valuation layer management, FIFO consumption + +8. **stock-quants.service.ts** - NEW SERVICE NEEDED + - Currently no dedicated service (operations are in other services) + - Should handle: Stock queries, reservations, availability checks + +### 3. TypeORM Configuration +- ✅ Entities imported in `/src/config/typeorm.ts` +- ⚠️ **ACTION REQUIRED**: Add entities to the `entities` array in AppDataSource configuration + +Add these lines after `FiscalPeriod,` in the entities array: +```typescript + // Inventory Entities + Product, + Warehouse, + Location, + StockQuant, + Lot, + Picking, + StockMove, + InventoryAdjustment, + InventoryAdjustmentLine, + StockValuationLayer, +``` + +### 4. Controller Updates +- ⏳ **inventory.controller.ts** - Needs snake_case/camelCase handling + - Current: Only accepts snake_case from frontend + - Todo: Add transformers or accept both formats + - Pattern: Use class-transformer decorators or manual mapping + +### 5. Index File +- ✅ Created `/src/modules/inventory/entities/index.ts` - Exports all entities + +## Migration Patterns Used + +### Repository Pattern +```typescript +class ProductsService { + private productRepository: Repository; + + constructor() { + this.productRepository = AppDataSource.getRepository(Product); + } +} +``` + +### QueryBuilder for Complex Queries +```typescript +const products = await this.productRepository + .createQueryBuilder('product') + .where('product.tenantId = :tenantId', { tenantId }) + .andWhere('product.deletedAt IS NULL') + .getMany(); +``` + +### Relations Loading +```typescript +.leftJoinAndSelect('warehouse.company', 'company') +``` + +### Error Handling +```typescript +try { + // operations +} catch (error) { + logger.error('Error message', { error, context }); + throw error; +} +``` + +## Remaining Work + +### High Priority +1. **Add entities to typeorm.ts entities array** (Manual edit required) +2. **Migrate locations.service.ts** - Simple, good next step +3. **Migrate lots.service.ts** - Simple, includes aggregations + +### Medium Priority +4. **Create stock-quants.service.ts** - New service for stock operations +5. **Migrate pickings.service.ts** - Complex transactions +6. **Migrate adjustments.service.ts** - Complex transactions + +### Lower Priority +7. **Migrate valuation.service.ts** - Most complex, FIFO logic +8. **Update controller for case handling** - Nice to have +9. **Add integration tests** - Verify TypeORM migration works correctly + +## Testing Checklist + +After completing migration: +- [ ] Test product CRUD operations +- [ ] Test warehouse operations with company relations +- [ ] Test stock queries with filters +- [ ] Test multi-level location hierarchies +- [ ] Test lot expiration tracking +- [ ] Test picking workflows (draft → confirmed → done) +- [ ] Test inventory adjustments with stock updates +- [ ] Test FIFO valuation consumption +- [ ] Test transaction rollbacks on errors +- [ ] Performance test: Compare query performance vs raw SQL + +## Notes + +- All entities use the `inventory` schema +- Soft deletes are implemented for products (deletedAt field) +- Hard deletes are used for other entities where appropriate +- Audit trails are maintained (created_by, updated_by, etc.) +- Foreign keys properly set up with @JoinColumn decorators +- Indexes added on frequently queried fields + +## Breaking Changes +None - The migration maintains API compatibility. All DTOs use camelCase internally but accept snake_case from the original queries. diff --git a/backend/src/modules/inventory/adjustments.service.ts b/backend/src/modules/inventory/adjustments.service.ts new file mode 100644 index 0000000..d6286f7 --- /dev/null +++ b/backend/src/modules/inventory/adjustments.service.ts @@ -0,0 +1,512 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/errors/index.js'; + +export type AdjustmentStatus = 'draft' | 'confirmed' | 'done' | 'cancelled'; + +export interface AdjustmentLine { + id: string; + adjustment_id: string; + product_id: string; + product_name?: string; + product_code?: string; + location_id: string; + location_name?: string; + lot_id?: string; + lot_name?: string; + theoretical_qty: number; + counted_qty: number; + difference_qty: number; + uom_id: string; + uom_name?: string; + notes?: string; + created_at: Date; +} + +export interface Adjustment { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + location_id: string; + location_name?: string; + date: Date; + status: AdjustmentStatus; + notes?: string; + lines?: AdjustmentLine[]; + created_at: Date; +} + +export interface CreateAdjustmentLineDto { + product_id: string; + location_id: string; + lot_id?: string; + counted_qty: number; + uom_id: string; + notes?: string; +} + +export interface CreateAdjustmentDto { + company_id: string; + location_id: string; + date?: string; + notes?: string; + lines: CreateAdjustmentLineDto[]; +} + +export interface UpdateAdjustmentDto { + location_id?: string; + date?: string; + notes?: string | null; +} + +export interface UpdateAdjustmentLineDto { + counted_qty?: number; + notes?: string | null; +} + +export interface AdjustmentFilters { + company_id?: string; + location_id?: string; + status?: AdjustmentStatus; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class AdjustmentsService { + async findAll(tenantId: string, filters: AdjustmentFilters = {}): Promise<{ data: Adjustment[]; total: number }> { + const { company_id, location_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE a.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND a.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (location_id) { + whereClause += ` AND a.location_id = $${paramIndex++}`; + params.push(location_id); + } + + if (status) { + whereClause += ` AND a.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND a.date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND a.date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (a.name ILIKE $${paramIndex} OR a.notes ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM inventory.inventory_adjustments a ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT a.*, + c.name as company_name, + l.name as location_name + FROM inventory.inventory_adjustments a + LEFT JOIN auth.companies c ON a.company_id = c.id + LEFT JOIN inventory.locations l ON a.location_id = l.id + ${whereClause} + ORDER BY a.date DESC, a.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const adjustment = await queryOne( + `SELECT a.*, + c.name as company_name, + l.name as location_name + FROM inventory.inventory_adjustments a + LEFT JOIN auth.companies c ON a.company_id = c.id + LEFT JOIN inventory.locations l ON a.location_id = l.id + WHERE a.id = $1 AND a.tenant_id = $2`, + [id, tenantId] + ); + + if (!adjustment) { + throw new NotFoundError('Ajuste de inventario no encontrado'); + } + + // Get lines + const lines = await query( + `SELECT al.*, + p.name as product_name, + p.code as product_code, + l.name as location_name, + lot.name as lot_name, + u.name as uom_name + FROM inventory.inventory_adjustment_lines al + LEFT JOIN inventory.products p ON al.product_id = p.id + LEFT JOIN inventory.locations l ON al.location_id = l.id + LEFT JOIN inventory.lots lot ON al.lot_id = lot.id + LEFT JOIN core.uom u ON al.uom_id = u.id + WHERE al.adjustment_id = $1 + ORDER BY al.created_at`, + [id] + ); + + adjustment.lines = lines; + + return adjustment; + } + + async create(dto: CreateAdjustmentDto, tenantId: string, userId: string): Promise { + if (dto.lines.length === 0) { + throw new ValidationError('El ajuste debe tener al menos una línea'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Generate adjustment name + const seqResult = await client.query( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 5) AS INTEGER)), 0) + 1 as next_num + FROM inventory.inventory_adjustments WHERE tenant_id = $1 AND name LIKE 'ADJ-%'`, + [tenantId] + ); + const nextNum = seqResult.rows[0]?.next_num || 1; + const adjustmentName = `ADJ-${String(nextNum).padStart(6, '0')}`; + + const adjustmentDate = dto.date || new Date().toISOString().split('T')[0]; + + // Create adjustment + const adjustmentResult = await client.query( + `INSERT INTO inventory.inventory_adjustments ( + tenant_id, company_id, name, location_id, date, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7) + RETURNING *`, + [tenantId, dto.company_id, adjustmentName, dto.location_id, adjustmentDate, dto.notes, userId] + ); + const adjustment = adjustmentResult.rows[0]; + + // Create lines with theoretical qty from stock_quants + for (const line of dto.lines) { + // Get theoretical quantity from stock_quants + const stockResult = await client.query( + `SELECT COALESCE(SUM(quantity), 0) as qty + FROM inventory.stock_quants + WHERE product_id = $1 AND location_id = $2 + AND ($3::uuid IS NULL OR lot_id = $3)`, + [line.product_id, line.location_id, line.lot_id || null] + ); + const theoreticalQty = parseFloat(stockResult.rows[0]?.qty || '0'); + + await client.query( + `INSERT INTO inventory.inventory_adjustment_lines ( + adjustment_id, tenant_id, product_id, location_id, lot_id, theoretical_qty, + counted_qty + ) + VALUES ($1, $2, $3, $4, $5, $6, $7)`, + [ + adjustment.id, tenantId, line.product_id, line.location_id, line.lot_id, + theoreticalQty, line.counted_qty + ] + ); + } + + await client.query('COMMIT'); + + return this.findById(adjustment.id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async update(id: string, dto: UpdateAdjustmentDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar ajustes en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.location_id !== undefined) { + updateFields.push(`location_id = $${paramIndex++}`); + values.push(dto.location_id); + } + if (dto.date !== undefined) { + updateFields.push(`date = $${paramIndex++}`); + values.push(dto.date); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE inventory.inventory_adjustments SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async addLine(adjustmentId: string, dto: CreateAdjustmentLineDto, tenantId: string): Promise { + const adjustment = await this.findById(adjustmentId, tenantId); + + if (adjustment.status !== 'draft') { + throw new ValidationError('Solo se pueden agregar líneas a ajustes en estado borrador'); + } + + // Get theoretical quantity + const stockResult = await queryOne<{ qty: string }>( + `SELECT COALESCE(SUM(quantity), 0) as qty + FROM inventory.stock_quants + WHERE product_id = $1 AND location_id = $2 + AND ($3::uuid IS NULL OR lot_id = $3)`, + [dto.product_id, dto.location_id, dto.lot_id || null] + ); + const theoreticalQty = parseFloat(stockResult?.qty || '0'); + + const line = await queryOne( + `INSERT INTO inventory.inventory_adjustment_lines ( + adjustment_id, tenant_id, product_id, location_id, lot_id, theoretical_qty, + counted_qty + ) + VALUES ($1, $2, $3, $4, $5, $6, $7) + RETURNING *`, + [ + adjustmentId, tenantId, dto.product_id, dto.location_id, dto.lot_id, + theoreticalQty, dto.counted_qty + ] + ); + + return line!; + } + + async updateLine(adjustmentId: string, lineId: string, dto: UpdateAdjustmentLineDto, tenantId: string): Promise { + const adjustment = await this.findById(adjustmentId, tenantId); + + if (adjustment.status !== 'draft') { + throw new ValidationError('Solo se pueden editar líneas en ajustes en estado borrador'); + } + + const existingLine = adjustment.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea no encontrada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.counted_qty !== undefined) { + updateFields.push(`counted_qty = $${paramIndex++}`); + values.push(dto.counted_qty); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return existingLine; + } + + values.push(lineId); + + const line = await queryOne( + `UPDATE inventory.inventory_adjustment_lines SET ${updateFields.join(', ')} + WHERE id = $${paramIndex} + RETURNING *`, + values + ); + + return line!; + } + + async removeLine(adjustmentId: string, lineId: string, tenantId: string): Promise { + const adjustment = await this.findById(adjustmentId, tenantId); + + if (adjustment.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar líneas en ajustes en estado borrador'); + } + + const existingLine = adjustment.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea no encontrada'); + } + + if (adjustment.lines && adjustment.lines.length <= 1) { + throw new ValidationError('El ajuste debe tener al menos una línea'); + } + + await query(`DELETE FROM inventory.inventory_adjustment_lines WHERE id = $1`, [lineId]); + } + + async confirm(id: string, tenantId: string, userId: string): Promise { + const adjustment = await this.findById(id, tenantId); + + if (adjustment.status !== 'draft') { + throw new ValidationError('Solo se pueden confirmar ajustes en estado borrador'); + } + + if (!adjustment.lines || adjustment.lines.length === 0) { + throw new ValidationError('El ajuste debe tener al menos una línea'); + } + + await query( + `UPDATE inventory.inventory_adjustments SET + status = 'confirmed', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async validate(id: string, tenantId: string, userId: string): Promise { + const adjustment = await this.findById(id, tenantId); + + if (adjustment.status !== 'confirmed') { + throw new ValidationError('Solo se pueden validar ajustes confirmados'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Update status to done + await client.query( + `UPDATE inventory.inventory_adjustments SET + status = 'done', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + // Apply stock adjustments + for (const line of adjustment.lines!) { + const difference = line.counted_qty - line.theoretical_qty; + + if (difference !== 0) { + // Check if quant exists + const existingQuant = await client.query( + `SELECT id, quantity FROM inventory.stock_quants + WHERE product_id = $1 AND location_id = $2 + AND ($3::uuid IS NULL OR lot_id = $3)`, + [line.product_id, line.location_id, line.lot_id || null] + ); + + if (existingQuant.rows.length > 0) { + // Update existing quant + await client.query( + `UPDATE inventory.stock_quants SET + quantity = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2`, + [line.counted_qty, existingQuant.rows[0].id] + ); + } else if (line.counted_qty > 0) { + // Create new quant if counted > 0 + await client.query( + `INSERT INTO inventory.stock_quants ( + tenant_id, product_id, location_id, lot_id, quantity + ) + VALUES ($1, $2, $3, $4, $5)`, + [tenantId, line.product_id, line.location_id, line.lot_id, line.counted_qty] + ); + } + } + } + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const adjustment = await this.findById(id, tenantId); + + if (adjustment.status === 'done') { + throw new ValidationError('No se puede cancelar un ajuste validado'); + } + + if (adjustment.status === 'cancelled') { + throw new ValidationError('El ajuste ya está cancelado'); + } + + await query( + `UPDATE inventory.inventory_adjustments SET + status = 'cancelled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const adjustment = await this.findById(id, tenantId); + + if (adjustment.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar ajustes en estado borrador'); + } + + await query(`DELETE FROM inventory.inventory_adjustments WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const adjustmentsService = new AdjustmentsService(); diff --git a/backend/src/modules/inventory/entities/index.ts b/backend/src/modules/inventory/entities/index.ts new file mode 100644 index 0000000..5a7df30 --- /dev/null +++ b/backend/src/modules/inventory/entities/index.ts @@ -0,0 +1,11 @@ +// Export all inventory entities +export * from './product.entity.js'; +export * from './warehouse.entity.js'; +export * from './location.entity.js'; +export * from './stock-quant.entity.js'; +export * from './lot.entity.js'; +export * from './picking.entity.js'; +export * from './stock-move.entity.js'; +export * from './inventory-adjustment.entity.js'; +export * from './inventory-adjustment-line.entity.js'; +export * from './stock-valuation-layer.entity.js'; diff --git a/backend/src/modules/inventory/entities/inventory-adjustment-line.entity.ts b/backend/src/modules/inventory/entities/inventory-adjustment-line.entity.ts new file mode 100644 index 0000000..0ccd386 --- /dev/null +++ b/backend/src/modules/inventory/entities/inventory-adjustment-line.entity.ts @@ -0,0 +1,80 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { InventoryAdjustment } from './inventory-adjustment.entity.js'; +import { Product } from './product.entity.js'; +import { Location } from './location.entity.js'; +import { Lot } from './lot.entity.js'; + +@Entity({ schema: 'inventory', name: 'inventory_adjustment_lines' }) +@Index('idx_adjustment_lines_adjustment_id', ['adjustmentId']) +@Index('idx_adjustment_lines_product_id', ['productId']) +export class InventoryAdjustmentLine { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'adjustment_id' }) + adjustmentId: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_id' }) + productId: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_id' }) + locationId: string; + + @Column({ type: 'uuid', nullable: true, name: 'lot_id' }) + lotId: string | null; + + @Column({ type: 'decimal', precision: 16, scale: 4, default: 0, name: 'theoretical_qty' }) + theoreticalQty: number; + + @Column({ type: 'decimal', precision: 16, scale: 4, default: 0, name: 'counted_qty' }) + countedQty: number; + + @Column({ + type: 'decimal', + precision: 16, + scale: 4, + nullable: false, + name: 'difference_qty', + generated: 'STORED', + asExpression: 'counted_qty - theoretical_qty', + }) + differenceQty: number; + + @Column({ type: 'uuid', nullable: true, name: 'uom_id' }) + uomId: string | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => InventoryAdjustment, (adjustment) => adjustment.lines, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'adjustment_id' }) + adjustment: InventoryAdjustment; + + @ManyToOne(() => Product) + @JoinColumn({ name: 'product_id' }) + product: Product; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_id' }) + location: Location; + + @ManyToOne(() => Lot, { nullable: true }) + @JoinColumn({ name: 'lot_id' }) + lot: Lot | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; +} diff --git a/backend/src/modules/inventory/entities/inventory-adjustment.entity.ts b/backend/src/modules/inventory/entities/inventory-adjustment.entity.ts new file mode 100644 index 0000000..2ad84a9 --- /dev/null +++ b/backend/src/modules/inventory/entities/inventory-adjustment.entity.ts @@ -0,0 +1,86 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + OneToMany, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Location } from './location.entity.js'; +import { InventoryAdjustmentLine } from './inventory-adjustment-line.entity.js'; + +export enum AdjustmentStatus { + DRAFT = 'draft', + CONFIRMED = 'confirmed', + DONE = 'done', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'inventory', name: 'inventory_adjustments' }) +@Index('idx_adjustments_tenant_id', ['tenantId']) +@Index('idx_adjustments_company_id', ['companyId']) +@Index('idx_adjustments_status', ['status']) +@Index('idx_adjustments_date', ['date']) +export class InventoryAdjustment { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_id' }) + locationId: string; + + @Column({ type: 'date', nullable: false }) + date: Date; + + @Column({ + type: 'enum', + enum: AdjustmentStatus, + default: AdjustmentStatus.DRAFT, + nullable: false, + }) + status: AdjustmentStatus; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_id' }) + location: Location; + + @OneToMany(() => InventoryAdjustmentLine, (line) => line.adjustment) + lines: InventoryAdjustmentLine[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/location.entity.ts b/backend/src/modules/inventory/entities/location.entity.ts new file mode 100644 index 0000000..9622b72 --- /dev/null +++ b/backend/src/modules/inventory/entities/location.entity.ts @@ -0,0 +1,96 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + OneToMany, + JoinColumn, +} from 'typeorm'; +import { Warehouse } from './warehouse.entity.js'; +import { StockQuant } from './stock-quant.entity.js'; + +export enum LocationType { + INTERNAL = 'internal', + SUPPLIER = 'supplier', + CUSTOMER = 'customer', + INVENTORY = 'inventory', + PRODUCTION = 'production', + TRANSIT = 'transit', +} + +@Entity({ schema: 'inventory', name: 'locations' }) +@Index('idx_locations_tenant_id', ['tenantId']) +@Index('idx_locations_warehouse_id', ['warehouseId']) +@Index('idx_locations_parent_id', ['parentId']) +@Index('idx_locations_type', ['locationType']) +export class Location { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: true, name: 'warehouse_id' }) + warehouseId: string | null; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'complete_name' }) + completeName: string | null; + + @Column({ + type: 'enum', + enum: LocationType, + nullable: false, + name: 'location_type', + }) + locationType: LocationType; + + @Column({ type: 'uuid', nullable: true, name: 'parent_id' }) + parentId: string | null; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_scrap_location' }) + isScrapLocation: boolean; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_return_location' }) + isReturnLocation: boolean; + + @Column({ type: 'boolean', default: true, nullable: false }) + active: boolean; + + // Relations + @ManyToOne(() => Warehouse, (warehouse) => warehouse.locations) + @JoinColumn({ name: 'warehouse_id' }) + warehouse: Warehouse; + + @ManyToOne(() => Location, (location) => location.children) + @JoinColumn({ name: 'parent_id' }) + parent: Location; + + @OneToMany(() => Location, (location) => location.parent) + children: Location[]; + + @OneToMany(() => StockQuant, (stockQuant) => stockQuant.location) + stockQuants: StockQuant[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/lot.entity.ts b/backend/src/modules/inventory/entities/lot.entity.ts new file mode 100644 index 0000000..aaed4be --- /dev/null +++ b/backend/src/modules/inventory/entities/lot.entity.ts @@ -0,0 +1,64 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + Index, + ManyToOne, + OneToMany, + JoinColumn, +} from 'typeorm'; +import { Product } from './product.entity.js'; +import { StockQuant } from './stock-quant.entity.js'; + +@Entity({ schema: 'inventory', name: 'lots' }) +@Index('idx_lots_tenant_id', ['tenantId']) +@Index('idx_lots_product_id', ['productId']) +@Index('idx_lots_name_product', ['productId', 'name'], { unique: true }) +@Index('idx_lots_expiration_date', ['expirationDate']) +export class Lot { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_id' }) + productId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 100, nullable: true }) + ref: string | null; + + @Column({ type: 'date', nullable: true, name: 'manufacture_date' }) + manufactureDate: Date | null; + + @Column({ type: 'date', nullable: true, name: 'expiration_date' }) + expirationDate: Date | null; + + @Column({ type: 'date', nullable: true, name: 'removal_date' }) + removalDate: Date | null; + + @Column({ type: 'date', nullable: true, name: 'alert_date' }) + alertDate: Date | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + // Relations + @ManyToOne(() => Product, (product) => product.lots) + @JoinColumn({ name: 'product_id' }) + product: Product; + + @OneToMany(() => StockQuant, (stockQuant) => stockQuant.lot) + stockQuants: StockQuant[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/picking.entity.ts b/backend/src/modules/inventory/entities/picking.entity.ts new file mode 100644 index 0000000..9254b6a --- /dev/null +++ b/backend/src/modules/inventory/entities/picking.entity.ts @@ -0,0 +1,125 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + OneToMany, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Location } from './location.entity.js'; +import { StockMove } from './stock-move.entity.js'; + +export enum PickingType { + INCOMING = 'incoming', + OUTGOING = 'outgoing', + INTERNAL = 'internal', +} + +export enum MoveStatus { + DRAFT = 'draft', + WAITING = 'waiting', + CONFIRMED = 'confirmed', + ASSIGNED = 'assigned', + DONE = 'done', + CANCELLED = 'cancelled', +} + +@Entity({ schema: 'inventory', name: 'pickings' }) +@Index('idx_pickings_tenant_id', ['tenantId']) +@Index('idx_pickings_company_id', ['companyId']) +@Index('idx_pickings_status', ['status']) +@Index('idx_pickings_partner_id', ['partnerId']) +@Index('idx_pickings_scheduled_date', ['scheduledDate']) +export class Picking { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 100, nullable: false }) + name: string; + + @Column({ + type: 'enum', + enum: PickingType, + nullable: false, + name: 'picking_type', + }) + pickingType: PickingType; + + @Column({ type: 'uuid', nullable: false, name: 'location_id' }) + locationId: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_dest_id' }) + locationDestId: string; + + @Column({ type: 'uuid', nullable: true, name: 'partner_id' }) + partnerId: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'scheduled_date' }) + scheduledDate: Date | null; + + @Column({ type: 'timestamp', nullable: true, name: 'date_done' }) + dateDone: Date | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + origin: string | null; + + @Column({ + type: 'enum', + enum: MoveStatus, + default: MoveStatus.DRAFT, + nullable: false, + }) + status: MoveStatus; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'validated_at' }) + validatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'validated_by' }) + validatedBy: string | null; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_id' }) + location: Location; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_dest_id' }) + locationDest: Location; + + @OneToMany(() => StockMove, (stockMove) => stockMove.picking) + moves: StockMove[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/product.entity.ts b/backend/src/modules/inventory/entities/product.entity.ts new file mode 100644 index 0000000..4a74807 --- /dev/null +++ b/backend/src/modules/inventory/entities/product.entity.ts @@ -0,0 +1,154 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + OneToMany, +} from 'typeorm'; +import { StockQuant } from './stock-quant.entity.js'; +import { Lot } from './lot.entity.js'; + +export enum ProductType { + STORABLE = 'storable', + CONSUMABLE = 'consumable', + SERVICE = 'service', +} + +export enum TrackingType { + NONE = 'none', + LOT = 'lot', + SERIAL = 'serial', +} + +export enum ValuationMethod { + STANDARD = 'standard', + FIFO = 'fifo', + AVERAGE = 'average', +} + +@Entity({ schema: 'inventory', name: 'products' }) +@Index('idx_products_tenant_id', ['tenantId']) +@Index('idx_products_code', ['code'], { where: 'deleted_at IS NULL' }) +@Index('idx_products_barcode', ['barcode'], { where: 'deleted_at IS NULL' }) +@Index('idx_products_category_id', ['categoryId']) +@Index('idx_products_active', ['active'], { where: 'deleted_at IS NULL' }) +export class Product { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 100, nullable: true, unique: true }) + code: string | null; + + @Column({ type: 'varchar', length: 100, nullable: true }) + barcode: string | null; + + @Column({ type: 'text', nullable: true }) + description: string | null; + + @Column({ + type: 'enum', + enum: ProductType, + default: ProductType.STORABLE, + nullable: false, + name: 'product_type', + }) + productType: ProductType; + + @Column({ + type: 'enum', + enum: TrackingType, + default: TrackingType.NONE, + nullable: false, + }) + tracking: TrackingType; + + @Column({ type: 'uuid', nullable: true, name: 'category_id' }) + categoryId: string | null; + + @Column({ type: 'uuid', nullable: false, name: 'uom_id' }) + uomId: string; + + @Column({ type: 'uuid', nullable: true, name: 'purchase_uom_id' }) + purchaseUomId: string | null; + + @Column({ type: 'decimal', precision: 12, scale: 2, default: 0, name: 'cost_price' }) + costPrice: number; + + @Column({ type: 'decimal', precision: 12, scale: 2, default: 0, name: 'list_price' }) + listPrice: number; + + @Column({ + type: 'enum', + enum: ValuationMethod, + default: ValuationMethod.FIFO, + nullable: false, + name: 'valuation_method', + }) + valuationMethod: ValuationMethod; + + @Column({ + type: 'boolean', + default: true, + nullable: false, + name: 'is_storable', + generated: 'STORED', + asExpression: "product_type = 'storable'", + }) + isStorable: boolean; + + @Column({ type: 'decimal', precision: 12, scale: 4, nullable: true }) + weight: number | null; + + @Column({ type: 'decimal', precision: 12, scale: 4, nullable: true }) + volume: number | null; + + @Column({ type: 'boolean', default: true, nullable: false, name: 'can_be_sold' }) + canBeSold: boolean; + + @Column({ type: 'boolean', default: true, nullable: false, name: 'can_be_purchased' }) + canBePurchased: boolean; + + @Column({ type: 'varchar', length: 500, nullable: true, name: 'image_url' }) + imageUrl: string | null; + + @Column({ type: 'boolean', default: true, nullable: false }) + active: boolean; + + // Relations + @OneToMany(() => StockQuant, (stockQuant) => stockQuant.product) + stockQuants: StockQuant[]; + + @OneToMany(() => Lot, (lot) => lot.product) + lots: Lot[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/stock-move.entity.ts b/backend/src/modules/inventory/entities/stock-move.entity.ts new file mode 100644 index 0000000..c6c8988 --- /dev/null +++ b/backend/src/modules/inventory/entities/stock-move.entity.ts @@ -0,0 +1,104 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Picking, MoveStatus } from './picking.entity.js'; +import { Product } from './product.entity.js'; +import { Location } from './location.entity.js'; +import { Lot } from './lot.entity.js'; + +@Entity({ schema: 'inventory', name: 'stock_moves' }) +@Index('idx_stock_moves_tenant_id', ['tenantId']) +@Index('idx_stock_moves_picking_id', ['pickingId']) +@Index('idx_stock_moves_product_id', ['productId']) +@Index('idx_stock_moves_status', ['status']) +@Index('idx_stock_moves_date', ['date']) +export class StockMove { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'picking_id' }) + pickingId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_id' }) + productId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_uom_id' }) + productUomId: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_id' }) + locationId: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_dest_id' }) + locationDestId: string; + + @Column({ type: 'decimal', precision: 16, scale: 4, nullable: false, name: 'product_qty' }) + productQty: number; + + @Column({ type: 'decimal', precision: 16, scale: 4, default: 0, name: 'quantity_done' }) + quantityDone: number; + + @Column({ type: 'uuid', nullable: true, name: 'lot_id' }) + lotId: string | null; + + @Column({ + type: 'enum', + enum: MoveStatus, + default: MoveStatus.DRAFT, + nullable: false, + }) + status: MoveStatus; + + @Column({ type: 'timestamp', nullable: true }) + date: Date | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + origin: string | null; + + // Relations + @ManyToOne(() => Picking, (picking) => picking.moves, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'picking_id' }) + picking: Picking; + + @ManyToOne(() => Product) + @JoinColumn({ name: 'product_id' }) + product: Product; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_id' }) + location: Location; + + @ManyToOne(() => Location) + @JoinColumn({ name: 'location_dest_id' }) + locationDest: Location; + + @ManyToOne(() => Lot, { nullable: true }) + @JoinColumn({ name: 'lot_id' }) + lot: Lot | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/stock-quant.entity.ts b/backend/src/modules/inventory/entities/stock-quant.entity.ts new file mode 100644 index 0000000..3111644 --- /dev/null +++ b/backend/src/modules/inventory/entities/stock-quant.entity.ts @@ -0,0 +1,66 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, + Unique, +} from 'typeorm'; +import { Product } from './product.entity.js'; +import { Location } from './location.entity.js'; +import { Lot } from './lot.entity.js'; + +@Entity({ schema: 'inventory', name: 'stock_quants' }) +@Index('idx_stock_quants_product_id', ['productId']) +@Index('idx_stock_quants_location_id', ['locationId']) +@Index('idx_stock_quants_lot_id', ['lotId']) +@Unique('uq_stock_quants_product_location_lot', ['productId', 'locationId', 'lotId']) +export class StockQuant { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_id' }) + productId: string; + + @Column({ type: 'uuid', nullable: false, name: 'location_id' }) + locationId: string; + + @Column({ type: 'uuid', nullable: true, name: 'lot_id' }) + lotId: string | null; + + @Column({ type: 'decimal', precision: 16, scale: 4, default: 0 }) + quantity: number; + + @Column({ type: 'decimal', precision: 16, scale: 4, default: 0, name: 'reserved_quantity' }) + reservedQuantity: number; + + // Relations + @ManyToOne(() => Product, (product) => product.stockQuants) + @JoinColumn({ name: 'product_id' }) + product: Product; + + @ManyToOne(() => Location, (location) => location.stockQuants) + @JoinColumn({ name: 'location_id' }) + location: Location; + + @ManyToOne(() => Lot, (lot) => lot.stockQuants, { nullable: true }) + @JoinColumn({ name: 'lot_id' }) + lot: Lot | null; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; +} diff --git a/backend/src/modules/inventory/entities/stock-valuation-layer.entity.ts b/backend/src/modules/inventory/entities/stock-valuation-layer.entity.ts new file mode 100644 index 0000000..25712d0 --- /dev/null +++ b/backend/src/modules/inventory/entities/stock-valuation-layer.entity.ts @@ -0,0 +1,85 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Product } from './product.entity.js'; +import { Company } from '../../auth/entities/company.entity.js'; + +@Entity({ schema: 'inventory', name: 'stock_valuation_layers' }) +@Index('idx_valuation_layers_tenant_id', ['tenantId']) +@Index('idx_valuation_layers_product_id', ['productId']) +@Index('idx_valuation_layers_company_id', ['companyId']) +@Index('idx_valuation_layers_stock_move_id', ['stockMoveId']) +@Index('idx_valuation_layers_remaining_qty', ['remainingQty']) +export class StockValuationLayer { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'product_id' }) + productId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'decimal', precision: 16, scale: 4, nullable: false }) + quantity: number; + + @Column({ type: 'decimal', precision: 12, scale: 2, nullable: false, name: 'unit_cost' }) + unitCost: number; + + @Column({ type: 'decimal', precision: 16, scale: 2, nullable: false }) + value: number; + + @Column({ type: 'decimal', precision: 16, scale: 4, nullable: false, name: 'remaining_qty' }) + remainingQty: number; + + @Column({ type: 'decimal', precision: 16, scale: 2, nullable: false, name: 'remaining_value' }) + remainingValue: number; + + @Column({ type: 'uuid', nullable: true, name: 'stock_move_id' }) + stockMoveId: string | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + description: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'account_move_id' }) + accountMoveId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'journal_entry_id' }) + journalEntryId: string | null; + + // Relations + @ManyToOne(() => Product) + @JoinColumn({ name: 'product_id' }) + product: Product; + + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/entities/warehouse.entity.ts b/backend/src/modules/inventory/entities/warehouse.entity.ts new file mode 100644 index 0000000..c31af0a --- /dev/null +++ b/backend/src/modules/inventory/entities/warehouse.entity.ts @@ -0,0 +1,68 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + OneToMany, + JoinColumn, +} from 'typeorm'; +import { Company } from '../../auth/entities/company.entity.js'; +import { Location } from './location.entity.js'; + +@Entity({ schema: 'inventory', name: 'warehouses' }) +@Index('idx_warehouses_tenant_id', ['tenantId']) +@Index('idx_warehouses_company_id', ['companyId']) +@Index('idx_warehouses_code_company', ['companyId', 'code'], { unique: true }) +export class Warehouse { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'uuid', nullable: false, name: 'company_id' }) + companyId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 20, nullable: false }) + code: string; + + @Column({ type: 'uuid', nullable: true, name: 'address_id' }) + addressId: string | null; + + @Column({ type: 'boolean', default: false, nullable: false, name: 'is_default' }) + isDefault: boolean; + + @Column({ type: 'boolean', default: true, nullable: false }) + active: boolean; + + // Relations + @ManyToOne(() => Company) + @JoinColumn({ name: 'company_id' }) + company: Company; + + @OneToMany(() => Location, (location) => location.warehouse) + locations: Location[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; +} diff --git a/backend/src/modules/inventory/index.ts b/backend/src/modules/inventory/index.ts new file mode 100644 index 0000000..40c84f5 --- /dev/null +++ b/backend/src/modules/inventory/index.ts @@ -0,0 +1,16 @@ +export * from './products.service.js'; +export * from './warehouses.service.js'; +export { + locationsService, + Location as InventoryLocation, + CreateLocationDto, + UpdateLocationDto, + LocationFilters +} from './locations.service.js'; +export * from './pickings.service.js'; +export * from './lots.service.js'; +export * from './adjustments.service.js'; +export * from './valuation.service.js'; +export * from './inventory.controller.js'; +export * from './valuation.controller.js'; +export { default as inventoryRoutes } from './inventory.routes.js'; diff --git a/backend/src/modules/inventory/inventory.controller.ts b/backend/src/modules/inventory/inventory.controller.ts new file mode 100644 index 0000000..de2891a --- /dev/null +++ b/backend/src/modules/inventory/inventory.controller.ts @@ -0,0 +1,875 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { productsService, CreateProductDto, UpdateProductDto, ProductFilters } from './products.service.js'; +import { warehousesService, CreateWarehouseDto, UpdateWarehouseDto, WarehouseFilters } from './warehouses.service.js'; +import { locationsService, CreateLocationDto, UpdateLocationDto, LocationFilters } from './locations.service.js'; +import { pickingsService, CreatePickingDto, PickingFilters } from './pickings.service.js'; +import { lotsService, CreateLotDto, UpdateLotDto, LotFilters } from './lots.service.js'; +import { adjustmentsService, CreateAdjustmentDto, UpdateAdjustmentDto, CreateAdjustmentLineDto, UpdateAdjustmentLineDto, AdjustmentFilters } from './adjustments.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Product schemas +const createProductSchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(255), + code: z.string().max(100).optional(), + barcode: z.string().max(100).optional(), + description: z.string().optional(), + product_type: z.enum(['storable', 'consumable', 'service']).default('storable'), + tracking: z.enum(['none', 'lot', 'serial']).default('none'), + category_id: z.string().uuid().optional(), + uom_id: z.string().uuid({ message: 'La unidad de medida es requerida' }), + purchase_uom_id: z.string().uuid().optional(), + cost_price: z.number().min(0).default(0), + list_price: z.number().min(0).default(0), + valuation_method: z.enum(['standard', 'fifo', 'average']).default('fifo'), + weight: z.number().min(0).optional(), + volume: z.number().min(0).optional(), + can_be_sold: z.boolean().default(true), + can_be_purchased: z.boolean().default(true), + image_url: z.string().url().max(500).optional(), +}); + +const updateProductSchema = z.object({ + name: z.string().min(1).max(255).optional(), + barcode: z.string().max(100).optional().nullable(), + description: z.string().optional().nullable(), + tracking: z.enum(['none', 'lot', 'serial']).optional(), + category_id: z.string().uuid().optional().nullable(), + uom_id: z.string().uuid().optional(), + purchase_uom_id: z.string().uuid().optional().nullable(), + cost_price: z.number().min(0).optional(), + list_price: z.number().min(0).optional(), + valuation_method: z.enum(['standard', 'fifo', 'average']).optional(), + weight: z.number().min(0).optional().nullable(), + volume: z.number().min(0).optional().nullable(), + can_be_sold: z.boolean().optional(), + can_be_purchased: z.boolean().optional(), + image_url: z.string().url().max(500).optional().nullable(), + active: z.boolean().optional(), +}); + +const productQuerySchema = z.object({ + search: z.string().optional(), + category_id: z.string().uuid().optional(), + product_type: z.enum(['storable', 'consumable', 'service']).optional(), + can_be_sold: z.coerce.boolean().optional(), + can_be_purchased: z.coerce.boolean().optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Warehouse schemas +const createWarehouseSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + name: z.string().min(1, 'El nombre es requerido').max(255), + code: z.string().min(1).max(20), + address_id: z.string().uuid().optional(), + is_default: z.boolean().default(false), +}); + +const updateWarehouseSchema = z.object({ + name: z.string().min(1).max(255).optional(), + address_id: z.string().uuid().optional().nullable(), + is_default: z.boolean().optional(), + active: z.boolean().optional(), +}); + +const warehouseQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +// Location schemas +const createLocationSchema = z.object({ + warehouse_id: z.string().uuid().optional(), + name: z.string().min(1, 'El nombre es requerido').max(255), + location_type: z.enum(['internal', 'supplier', 'customer', 'inventory', 'production', 'transit']), + parent_id: z.string().uuid().optional(), + is_scrap_location: z.boolean().default(false), + is_return_location: z.boolean().default(false), +}); + +const updateLocationSchema = z.object({ + name: z.string().min(1).max(255).optional(), + parent_id: z.string().uuid().optional().nullable(), + is_scrap_location: z.boolean().optional(), + is_return_location: z.boolean().optional(), + active: z.boolean().optional(), +}); + +const locationQuerySchema = z.object({ + warehouse_id: z.string().uuid().optional(), + location_type: z.enum(['internal', 'supplier', 'customer', 'inventory', 'production', 'transit']).optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +// Picking schemas +const stockMoveLineSchema = z.object({ + product_id: z.string().uuid({ message: 'El producto es requerido' }), + product_uom_id: z.string().uuid({ message: 'La UdM es requerida' }), + product_qty: z.number().positive({ message: 'La cantidad debe ser mayor a 0' }), + lot_id: z.string().uuid().optional(), + location_id: z.string().uuid({ message: 'La ubicación origen es requerida' }), + location_dest_id: z.string().uuid({ message: 'La ubicación destino es requerida' }), +}); + +const createPickingSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + name: z.string().min(1, 'El nombre es requerido').max(100), + picking_type: z.enum(['incoming', 'outgoing', 'internal']), + location_id: z.string().uuid({ message: 'La ubicación origen es requerida' }), + location_dest_id: z.string().uuid({ message: 'La ubicación destino es requerida' }), + partner_id: z.string().uuid().optional(), + scheduled_date: z.string().optional(), + origin: z.string().max(255).optional(), + notes: z.string().optional(), + moves: z.array(stockMoveLineSchema).min(1, 'Debe incluir al menos un movimiento'), +}); + +const pickingQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + picking_type: z.enum(['incoming', 'outgoing', 'internal']).optional(), + status: z.enum(['draft', 'waiting', 'confirmed', 'assigned', 'done', 'cancelled']).optional(), + partner_id: z.string().uuid().optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Lot schemas +const createLotSchema = z.object({ + product_id: z.string().uuid({ message: 'El producto es requerido' }), + name: z.string().min(1, 'El nombre del lote es requerido').max(100), + ref: z.string().max(100).optional(), + manufacture_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + expiration_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + removal_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + alert_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + notes: z.string().optional(), +}); + +const updateLotSchema = z.object({ + ref: z.string().max(100).optional().nullable(), + manufacture_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + expiration_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + removal_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + alert_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + notes: z.string().optional().nullable(), +}); + +const lotQuerySchema = z.object({ + product_id: z.string().uuid().optional(), + expiring_soon: z.coerce.boolean().optional(), + expired: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +// Adjustment schemas +const adjustmentLineSchema = z.object({ + product_id: z.string().uuid({ message: 'El producto es requerido' }), + location_id: z.string().uuid({ message: 'La ubicación es requerida' }), + lot_id: z.string().uuid().optional(), + counted_qty: z.number().min(0), + uom_id: z.string().uuid({ message: 'La UdM es requerida' }), + notes: z.string().optional(), +}); + +const createAdjustmentSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + location_id: z.string().uuid({ message: 'La ubicación es requerida' }), + date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + notes: z.string().optional(), + lines: z.array(adjustmentLineSchema).min(1, 'Debe incluir al menos una línea'), +}); + +const updateAdjustmentSchema = z.object({ + location_id: z.string().uuid().optional(), + date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + notes: z.string().optional().nullable(), +}); + +const createAdjustmentLineSchema = z.object({ + product_id: z.string().uuid({ message: 'El producto es requerido' }), + location_id: z.string().uuid({ message: 'La ubicación es requerida' }), + lot_id: z.string().uuid().optional(), + counted_qty: z.number().min(0), + uom_id: z.string().uuid({ message: 'La UdM es requerida' }), + notes: z.string().optional(), +}); + +const updateAdjustmentLineSchema = z.object({ + counted_qty: z.number().min(0).optional(), + notes: z.string().optional().nullable(), +}); + +const adjustmentQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + location_id: z.string().uuid().optional(), + status: z.enum(['draft', 'confirmed', 'done', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class InventoryController { + // ========== PRODUCTS ========== + async getProducts(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = productQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: ProductFilters = queryResult.data; + const result = await productsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getProduct(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const product = await productsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: product }); + } catch (error) { + next(error); + } + } + + async createProduct(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createProductSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de producto inválidos', parseResult.error.errors); + } + + const dto: CreateProductDto = parseResult.data; + const product = await productsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: product, + message: 'Producto creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateProduct(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateProductSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de producto inválidos', parseResult.error.errors); + } + + const dto: UpdateProductDto = parseResult.data; + const product = await productsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: product, + message: 'Producto actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteProduct(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await productsService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Producto eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async getProductStock(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const stock = await productsService.getStock(req.params.id, req.tenantId!); + res.json({ success: true, data: stock }); + } catch (error) { + next(error); + } + } + + // ========== WAREHOUSES ========== + async getWarehouses(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = warehouseQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: WarehouseFilters = queryResult.data; + const result = await warehousesService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 50)), + }, + }); + } catch (error) { + next(error); + } + } + + async getWarehouse(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const warehouse = await warehousesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: warehouse }); + } catch (error) { + next(error); + } + } + + async createWarehouse(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createWarehouseSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de almacén inválidos', parseResult.error.errors); + } + + const dto: CreateWarehouseDto = parseResult.data; + const warehouse = await warehousesService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: warehouse, + message: 'Almacén creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateWarehouse(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateWarehouseSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de almacén inválidos', parseResult.error.errors); + } + + const dto: UpdateWarehouseDto = parseResult.data; + const warehouse = await warehousesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: warehouse, + message: 'Almacén actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteWarehouse(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await warehousesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Almacén eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async getWarehouseLocations(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const locations = await warehousesService.getLocations(req.params.id, req.tenantId!); + res.json({ success: true, data: locations }); + } catch (error) { + next(error); + } + } + + async getWarehouseStock(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const stock = await warehousesService.getStock(req.params.id, req.tenantId!); + res.json({ success: true, data: stock }); + } catch (error) { + next(error); + } + } + + // ========== LOCATIONS ========== + async getLocations(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = locationQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: LocationFilters = queryResult.data; + const result = await locationsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 50)), + }, + }); + } catch (error) { + next(error); + } + } + + async getLocation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const location = await locationsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: location }); + } catch (error) { + next(error); + } + } + + async createLocation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLocationSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ubicación inválidos', parseResult.error.errors); + } + + const dto: CreateLocationDto = parseResult.data; + const location = await locationsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: location, + message: 'Ubicación creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateLocation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLocationSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ubicación inválidos', parseResult.error.errors); + } + + const dto: UpdateLocationDto = parseResult.data; + const location = await locationsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: location, + message: 'Ubicación actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async getLocationStock(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const stock = await locationsService.getStock(req.params.id, req.tenantId!); + res.json({ success: true, data: stock }); + } catch (error) { + next(error); + } + } + + // ========== PICKINGS ========== + async getPickings(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = pickingQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: PickingFilters = queryResult.data; + const result = await pickingsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getPicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const picking = await pickingsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: picking }); + } catch (error) { + next(error); + } + } + + async createPicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createPickingSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de picking inválidos', parseResult.error.errors); + } + + const dto: CreatePickingDto = parseResult.data; + const picking = await pickingsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: picking, + message: 'Picking creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async confirmPicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const picking = await pickingsService.confirm(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: picking, + message: 'Picking confirmado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async validatePicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const picking = await pickingsService.validate(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: picking, + message: 'Picking validado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async cancelPicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const picking = await pickingsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: picking, + message: 'Picking cancelado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deletePicking(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await pickingsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Picking eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== LOTS ========== + async getLots(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = lotQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: LotFilters = queryResult.data; + const result = await lotsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 50)), + }, + }); + } catch (error) { + next(error); + } + } + + async getLot(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const lot = await lotsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: lot }); + } catch (error) { + next(error); + } + } + + async createLot(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createLotSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lote inválidos', parseResult.error.errors); + } + + const dto: CreateLotDto = parseResult.data; + const lot = await lotsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: lot, + message: 'Lote creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateLot(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateLotSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lote inválidos', parseResult.error.errors); + } + + const dto: UpdateLotDto = parseResult.data; + const lot = await lotsService.update(req.params.id, dto, req.tenantId!); + + res.json({ + success: true, + data: lot, + message: 'Lote actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async getLotMovements(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const movements = await lotsService.getMovements(req.params.id, req.tenantId!); + res.json({ success: true, data: movements }); + } catch (error) { + next(error); + } + } + + async deleteLot(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await lotsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Lote eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== ADJUSTMENTS ========== + async getAdjustments(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = adjustmentQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: AdjustmentFilters = queryResult.data; + const result = await adjustmentsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const adjustment = await adjustmentsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: adjustment }); + } catch (error) { + next(error); + } + } + + async createAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createAdjustmentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ajuste inválidos', parseResult.error.errors); + } + + const dto: CreateAdjustmentDto = parseResult.data; + const adjustment = await adjustmentsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: adjustment, + message: 'Ajuste de inventario creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateAdjustmentSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de ajuste inválidos', parseResult.error.errors); + } + + const dto: UpdateAdjustmentDto = parseResult.data; + const adjustment = await adjustmentsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: adjustment, + message: 'Ajuste de inventario actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async addAdjustmentLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createAdjustmentLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: CreateAdjustmentLineDto = parseResult.data; + const line = await adjustmentsService.addLine(req.params.id, dto, req.tenantId!); + + res.status(201).json({ + success: true, + data: line, + message: 'Línea agregada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateAdjustmentLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateAdjustmentLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: UpdateAdjustmentLineDto = parseResult.data; + const line = await adjustmentsService.updateLine(req.params.id, req.params.lineId, dto, req.tenantId!); + + res.json({ + success: true, + data: line, + message: 'Línea actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removeAdjustmentLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await adjustmentsService.removeLine(req.params.id, req.params.lineId, req.tenantId!); + res.json({ success: true, message: 'Línea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async confirmAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const adjustment = await adjustmentsService.confirm(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: adjustment, + message: 'Ajuste confirmado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async validateAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const adjustment = await adjustmentsService.validate(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: adjustment, + message: 'Ajuste validado exitosamente. Stock actualizado.', + }); + } catch (error) { + next(error); + } + } + + async cancelAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const adjustment = await adjustmentsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: adjustment, + message: 'Ajuste cancelado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteAdjustment(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await adjustmentsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Ajuste eliminado exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const inventoryController = new InventoryController(); diff --git a/backend/src/modules/inventory/inventory.routes.ts b/backend/src/modules/inventory/inventory.routes.ts new file mode 100644 index 0000000..6f45bf6 --- /dev/null +++ b/backend/src/modules/inventory/inventory.routes.ts @@ -0,0 +1,174 @@ +import { Router } from 'express'; +import { inventoryController } from './inventory.controller.js'; +import { valuationController } from './valuation.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== PRODUCTS ========== +router.get('/products', (req, res, next) => inventoryController.getProducts(req, res, next)); + +router.get('/products/:id', (req, res, next) => inventoryController.getProduct(req, res, next)); + +router.get('/products/:id/stock', (req, res, next) => inventoryController.getProductStock(req, res, next)); + +router.post('/products', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.createProduct(req, res, next) +); + +router.put('/products/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.updateProduct(req, res, next) +); + +router.delete('/products/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.deleteProduct(req, res, next) +); + +// ========== WAREHOUSES ========== +router.get('/warehouses', (req, res, next) => inventoryController.getWarehouses(req, res, next)); + +router.get('/warehouses/:id', (req, res, next) => inventoryController.getWarehouse(req, res, next)); + +router.get('/warehouses/:id/locations', (req, res, next) => inventoryController.getWarehouseLocations(req, res, next)); + +router.get('/warehouses/:id/stock', (req, res, next) => inventoryController.getWarehouseStock(req, res, next)); + +router.post('/warehouses', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.createWarehouse(req, res, next) +); + +router.put('/warehouses/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.updateWarehouse(req, res, next) +); + +router.delete('/warehouses/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.deleteWarehouse(req, res, next) +); + +// ========== LOCATIONS ========== +router.get('/locations', (req, res, next) => inventoryController.getLocations(req, res, next)); + +router.get('/locations/:id', (req, res, next) => inventoryController.getLocation(req, res, next)); + +router.get('/locations/:id/stock', (req, res, next) => inventoryController.getLocationStock(req, res, next)); + +router.post('/locations', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.createLocation(req, res, next) +); + +router.put('/locations/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.updateLocation(req, res, next) +); + +// ========== PICKINGS ========== +router.get('/pickings', (req, res, next) => inventoryController.getPickings(req, res, next)); + +router.get('/pickings/:id', (req, res, next) => inventoryController.getPicking(req, res, next)); + +router.post('/pickings', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.createPicking(req, res, next) +); + +router.post('/pickings/:id/confirm', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.confirmPicking(req, res, next) +); + +router.post('/pickings/:id/validate', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.validatePicking(req, res, next) +); + +router.post('/pickings/:id/cancel', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.cancelPicking(req, res, next) +); + +router.delete('/pickings/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.deletePicking(req, res, next) +); + +// ========== LOTS ========== +router.get('/lots', (req, res, next) => inventoryController.getLots(req, res, next)); + +router.get('/lots/:id', (req, res, next) => inventoryController.getLot(req, res, next)); + +router.get('/lots/:id/movements', (req, res, next) => inventoryController.getLotMovements(req, res, next)); + +router.post('/lots', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.createLot(req, res, next) +); + +router.put('/lots/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.updateLot(req, res, next) +); + +router.delete('/lots/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.deleteLot(req, res, next) +); + +// ========== ADJUSTMENTS ========== +router.get('/adjustments', (req, res, next) => inventoryController.getAdjustments(req, res, next)); + +router.get('/adjustments/:id', (req, res, next) => inventoryController.getAdjustment(req, res, next)); + +router.post('/adjustments', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.createAdjustment(req, res, next) +); + +router.put('/adjustments/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.updateAdjustment(req, res, next) +); + +// Adjustment lines +router.post('/adjustments/:id/lines', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.addAdjustmentLine(req, res, next) +); + +router.put('/adjustments/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.updateAdjustmentLine(req, res, next) +); + +router.delete('/adjustments/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.removeAdjustmentLine(req, res, next) +); + +// Adjustment workflow +router.post('/adjustments/:id/confirm', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + inventoryController.confirmAdjustment(req, res, next) +); + +router.post('/adjustments/:id/validate', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + inventoryController.validateAdjustment(req, res, next) +); + +router.post('/adjustments/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + inventoryController.cancelAdjustment(req, res, next) +); + +router.delete('/adjustments/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + inventoryController.deleteAdjustment(req, res, next) +); + +// ========== VALUATION ========== +router.get('/valuation/cost', (req, res, next) => valuationController.getProductCost(req, res, next)); + +router.get('/valuation/report', (req, res, next) => valuationController.getCompanyReport(req, res, next)); + +router.get('/valuation/products/:productId/summary', (req, res, next) => + valuationController.getProductSummary(req, res, next) +); + +router.get('/valuation/products/:productId/layers', (req, res, next) => + valuationController.getProductLayers(req, res, next) +); + +router.post('/valuation/layers', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + valuationController.createLayer(req, res, next) +); + +router.post('/valuation/consume', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + valuationController.consumeFifo(req, res, next) +); + +export default router; diff --git a/backend/src/modules/inventory/locations.service.ts b/backend/src/modules/inventory/locations.service.ts new file mode 100644 index 0000000..c55aba4 --- /dev/null +++ b/backend/src/modules/inventory/locations.service.ts @@ -0,0 +1,212 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export type LocationType = 'internal' | 'supplier' | 'customer' | 'inventory' | 'production' | 'transit'; + +export interface Location { + id: string; + tenant_id: string; + warehouse_id?: string; + warehouse_name?: string; + name: string; + complete_name?: string; + location_type: LocationType; + parent_id?: string; + parent_name?: string; + is_scrap_location: boolean; + is_return_location: boolean; + active: boolean; + created_at: Date; +} + +export interface CreateLocationDto { + warehouse_id?: string; + name: string; + location_type: LocationType; + parent_id?: string; + is_scrap_location?: boolean; + is_return_location?: boolean; +} + +export interface UpdateLocationDto { + name?: string; + parent_id?: string | null; + is_scrap_location?: boolean; + is_return_location?: boolean; + active?: boolean; +} + +export interface LocationFilters { + warehouse_id?: string; + location_type?: LocationType; + active?: boolean; + page?: number; + limit?: number; +} + +class LocationsService { + async findAll(tenantId: string, filters: LocationFilters = {}): Promise<{ data: Location[]; total: number }> { + const { warehouse_id, location_type, active, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE l.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (warehouse_id) { + whereClause += ` AND l.warehouse_id = $${paramIndex++}`; + params.push(warehouse_id); + } + + if (location_type) { + whereClause += ` AND l.location_type = $${paramIndex++}`; + params.push(location_type); + } + + if (active !== undefined) { + whereClause += ` AND l.active = $${paramIndex++}`; + params.push(active); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM inventory.locations l ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT l.*, + w.name as warehouse_name, + lp.name as parent_name + FROM inventory.locations l + LEFT JOIN inventory.warehouses w ON l.warehouse_id = w.id + LEFT JOIN inventory.locations lp ON l.parent_id = lp.id + ${whereClause} + ORDER BY l.complete_name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const location = await queryOne( + `SELECT l.*, + w.name as warehouse_name, + lp.name as parent_name + FROM inventory.locations l + LEFT JOIN inventory.warehouses w ON l.warehouse_id = w.id + LEFT JOIN inventory.locations lp ON l.parent_id = lp.id + WHERE l.id = $1 AND l.tenant_id = $2`, + [id, tenantId] + ); + + if (!location) { + throw new NotFoundError('Ubicación no encontrada'); + } + + return location; + } + + async create(dto: CreateLocationDto, tenantId: string, userId: string): Promise { + // Validate parent location if specified + if (dto.parent_id) { + const parent = await queryOne( + `SELECT id FROM inventory.locations WHERE id = $1 AND tenant_id = $2`, + [dto.parent_id, tenantId] + ); + if (!parent) { + throw new NotFoundError('Ubicación padre no encontrada'); + } + } + + const location = await queryOne( + `INSERT INTO inventory.locations (tenant_id, warehouse_id, name, location_type, parent_id, is_scrap_location, is_return_location, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [ + tenantId, + dto.warehouse_id, + dto.name, + dto.location_type, + dto.parent_id, + dto.is_scrap_location || false, + dto.is_return_location || false, + userId, + ] + ); + + return location!; + } + + async update(id: string, dto: UpdateLocationDto, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Validate parent (prevent self-reference) + if (dto.parent_id) { + if (dto.parent_id === id) { + throw new ConflictError('Una ubicación no puede ser su propia ubicación padre'); + } + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.parent_id !== undefined) { + updateFields.push(`parent_id = $${paramIndex++}`); + values.push(dto.parent_id); + } + if (dto.is_scrap_location !== undefined) { + updateFields.push(`is_scrap_location = $${paramIndex++}`); + values.push(dto.is_scrap_location); + } + if (dto.is_return_location !== undefined) { + updateFields.push(`is_return_location = $${paramIndex++}`); + values.push(dto.is_return_location); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + const location = await queryOne( + `UPDATE inventory.locations SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} + RETURNING *`, + values + ); + + return location!; + } + + async getStock(locationId: string, tenantId: string): Promise { + await this.findById(locationId, tenantId); + + return query( + `SELECT sq.*, p.name as product_name, p.code as product_code, u.name as uom_name + FROM inventory.stock_quants sq + INNER JOIN inventory.products p ON sq.product_id = p.id + LEFT JOIN core.uom u ON p.uom_id = u.id + WHERE sq.location_id = $1 AND sq.quantity > 0 + ORDER BY p.name`, + [locationId] + ); + } +} + +export const locationsService = new LocationsService(); diff --git a/backend/src/modules/inventory/lots.service.ts b/backend/src/modules/inventory/lots.service.ts new file mode 100644 index 0000000..2a9d5e8 --- /dev/null +++ b/backend/src/modules/inventory/lots.service.ts @@ -0,0 +1,263 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface Lot { + id: string; + tenant_id: string; + product_id: string; + product_name?: string; + product_code?: string; + name: string; + ref?: string; + manufacture_date?: Date; + expiration_date?: Date; + removal_date?: Date; + alert_date?: Date; + notes?: string; + created_at: Date; + quantity_on_hand?: number; +} + +export interface CreateLotDto { + product_id: string; + name: string; + ref?: string; + manufacture_date?: string; + expiration_date?: string; + removal_date?: string; + alert_date?: string; + notes?: string; +} + +export interface UpdateLotDto { + ref?: string | null; + manufacture_date?: string | null; + expiration_date?: string | null; + removal_date?: string | null; + alert_date?: string | null; + notes?: string | null; +} + +export interface LotFilters { + product_id?: string; + expiring_soon?: boolean; + expired?: boolean; + search?: string; + page?: number; + limit?: number; +} + +export interface LotMovement { + id: string; + date: Date; + origin: string; + location_from: string; + location_to: string; + quantity: number; + status: string; +} + +class LotsService { + async findAll(tenantId: string, filters: LotFilters = {}): Promise<{ data: Lot[]; total: number }> { + const { product_id, expiring_soon, expired, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE l.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (product_id) { + whereClause += ` AND l.product_id = $${paramIndex++}`; + params.push(product_id); + } + + if (expiring_soon) { + whereClause += ` AND l.expiration_date IS NOT NULL AND l.expiration_date <= CURRENT_DATE + INTERVAL '30 days' AND l.expiration_date > CURRENT_DATE`; + } + + if (expired) { + whereClause += ` AND l.expiration_date IS NOT NULL AND l.expiration_date < CURRENT_DATE`; + } + + if (search) { + whereClause += ` AND (l.name ILIKE $${paramIndex} OR l.ref ILIKE $${paramIndex} OR p.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM inventory.lots l + LEFT JOIN inventory.products p ON l.product_id = p.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT l.*, + p.name as product_name, + p.code as product_code, + COALESCE(sq.total_qty, 0) as quantity_on_hand + FROM inventory.lots l + LEFT JOIN inventory.products p ON l.product_id = p.id + LEFT JOIN ( + SELECT lot_id, SUM(quantity) as total_qty + FROM inventory.stock_quants + GROUP BY lot_id + ) sq ON l.id = sq.lot_id + ${whereClause} + ORDER BY l.expiration_date ASC NULLS LAST, l.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const lot = await queryOne( + `SELECT l.*, + p.name as product_name, + p.code as product_code, + COALESCE(sq.total_qty, 0) as quantity_on_hand + FROM inventory.lots l + LEFT JOIN inventory.products p ON l.product_id = p.id + LEFT JOIN ( + SELECT lot_id, SUM(quantity) as total_qty + FROM inventory.stock_quants + GROUP BY lot_id + ) sq ON l.id = sq.lot_id + WHERE l.id = $1 AND l.tenant_id = $2`, + [id, tenantId] + ); + + if (!lot) { + throw new NotFoundError('Lote no encontrado'); + } + + return lot; + } + + async create(dto: CreateLotDto, tenantId: string, userId: string): Promise { + // Check for unique lot name for product + const existing = await queryOne( + `SELECT id FROM inventory.lots WHERE product_id = $1 AND name = $2`, + [dto.product_id, dto.name] + ); + + if (existing) { + throw new ConflictError('Ya existe un lote con ese nombre para este producto'); + } + + const lot = await queryOne( + `INSERT INTO inventory.lots ( + tenant_id, product_id, name, ref, manufacture_date, expiration_date, + removal_date, alert_date, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, dto.product_id, dto.name, dto.ref, dto.manufacture_date, + dto.expiration_date, dto.removal_date, dto.alert_date, dto.notes, userId + ] + ); + + return this.findById(lot!.id, tenantId); + } + + async update(id: string, dto: UpdateLotDto, tenantId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.ref !== undefined) { + updateFields.push(`ref = $${paramIndex++}`); + values.push(dto.ref); + } + if (dto.manufacture_date !== undefined) { + updateFields.push(`manufacture_date = $${paramIndex++}`); + values.push(dto.manufacture_date); + } + if (dto.expiration_date !== undefined) { + updateFields.push(`expiration_date = $${paramIndex++}`); + values.push(dto.expiration_date); + } + if (dto.removal_date !== undefined) { + updateFields.push(`removal_date = $${paramIndex++}`); + values.push(dto.removal_date); + } + if (dto.alert_date !== undefined) { + updateFields.push(`alert_date = $${paramIndex++}`); + values.push(dto.alert_date); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return this.findById(id, tenantId); + } + + values.push(id, tenantId); + + await query( + `UPDATE inventory.lots SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async getMovements(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + const movements = await query( + `SELECT sm.id, + sm.date, + sm.origin, + lo.name as location_from, + ld.name as location_to, + sm.quantity_done as quantity, + sm.status + FROM inventory.stock_moves sm + LEFT JOIN inventory.locations lo ON sm.location_id = lo.id + LEFT JOIN inventory.locations ld ON sm.location_dest_id = ld.id + WHERE sm.lot_id = $1 AND sm.status = 'done' + ORDER BY sm.date DESC`, + [id] + ); + + return movements; + } + + async delete(id: string, tenantId: string): Promise { + const lot = await this.findById(id, tenantId); + + // Check if lot has stock + if (lot.quantity_on_hand && lot.quantity_on_hand > 0) { + throw new ConflictError('No se puede eliminar un lote con stock'); + } + + // Check if lot is used in moves + const movesCheck = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM inventory.stock_moves WHERE lot_id = $1`, + [id] + ); + + if (parseInt(movesCheck?.count || '0') > 0) { + throw new ConflictError('No se puede eliminar: el lote tiene movimientos asociados'); + } + + await query(`DELETE FROM inventory.lots WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const lotsService = new LotsService(); diff --git a/backend/src/modules/inventory/pickings.service.ts b/backend/src/modules/inventory/pickings.service.ts new file mode 100644 index 0000000..6c66c18 --- /dev/null +++ b/backend/src/modules/inventory/pickings.service.ts @@ -0,0 +1,357 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export type PickingType = 'incoming' | 'outgoing' | 'internal'; +export type MoveStatus = 'draft' | 'waiting' | 'confirmed' | 'assigned' | 'done' | 'cancelled'; + +export interface StockMoveLine { + id?: string; + product_id: string; + product_name?: string; + product_code?: string; + product_uom_id: string; + uom_name?: string; + product_qty: number; + quantity_done?: number; + lot_id?: string; + location_id: string; + location_name?: string; + location_dest_id: string; + location_dest_name?: string; + status?: MoveStatus; +} + +export interface Picking { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + picking_type: PickingType; + location_id: string; + location_name?: string; + location_dest_id: string; + location_dest_name?: string; + partner_id?: string; + partner_name?: string; + scheduled_date?: Date; + date_done?: Date; + origin?: string; + status: MoveStatus; + notes?: string; + moves?: StockMoveLine[]; + created_at: Date; + validated_at?: Date; +} + +export interface CreatePickingDto { + company_id: string; + name: string; + picking_type: PickingType; + location_id: string; + location_dest_id: string; + partner_id?: string; + scheduled_date?: string; + origin?: string; + notes?: string; + moves: Omit[]; +} + +export interface UpdatePickingDto { + partner_id?: string | null; + scheduled_date?: string | null; + origin?: string | null; + notes?: string | null; + moves?: Omit[]; +} + +export interface PickingFilters { + company_id?: string; + picking_type?: PickingType; + status?: MoveStatus; + partner_id?: string; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class PickingsService { + async findAll(tenantId: string, filters: PickingFilters = {}): Promise<{ data: Picking[]; total: number }> { + const { company_id, picking_type, status, partner_id, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE p.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND p.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (picking_type) { + whereClause += ` AND p.picking_type = $${paramIndex++}`; + params.push(picking_type); + } + + if (status) { + whereClause += ` AND p.status = $${paramIndex++}`; + params.push(status); + } + + if (partner_id) { + whereClause += ` AND p.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (date_from) { + whereClause += ` AND p.scheduled_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND p.scheduled_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (p.name ILIKE $${paramIndex} OR p.origin ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM inventory.pickings p ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT p.*, + c.name as company_name, + l.name as location_name, + ld.name as location_dest_name, + pa.name as partner_name + FROM inventory.pickings p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN inventory.locations l ON p.location_id = l.id + LEFT JOIN inventory.locations ld ON p.location_dest_id = ld.id + LEFT JOIN core.partners pa ON p.partner_id = pa.id + ${whereClause} + ORDER BY p.scheduled_date DESC NULLS LAST, p.name DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const picking = await queryOne( + `SELECT p.*, + c.name as company_name, + l.name as location_name, + ld.name as location_dest_name, + pa.name as partner_name + FROM inventory.pickings p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN inventory.locations l ON p.location_id = l.id + LEFT JOIN inventory.locations ld ON p.location_dest_id = ld.id + LEFT JOIN core.partners pa ON p.partner_id = pa.id + WHERE p.id = $1 AND p.tenant_id = $2`, + [id, tenantId] + ); + + if (!picking) { + throw new NotFoundError('Picking no encontrado'); + } + + // Get moves + const moves = await query( + `SELECT sm.*, + pr.name as product_name, + pr.code as product_code, + u.name as uom_name, + l.name as location_name, + ld.name as location_dest_name + FROM inventory.stock_moves sm + LEFT JOIN inventory.products pr ON sm.product_id = pr.id + LEFT JOIN core.uom u ON sm.product_uom_id = u.id + LEFT JOIN inventory.locations l ON sm.location_id = l.id + LEFT JOIN inventory.locations ld ON sm.location_dest_id = ld.id + WHERE sm.picking_id = $1 + ORDER BY sm.created_at`, + [id] + ); + + picking.moves = moves; + + return picking; + } + + async create(dto: CreatePickingDto, tenantId: string, userId: string): Promise { + if (dto.moves.length === 0) { + throw new ValidationError('El picking debe tener al menos un movimiento'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Create picking + const pickingResult = await client.query( + `INSERT INTO inventory.pickings (tenant_id, company_id, name, picking_type, location_id, location_dest_id, partner_id, scheduled_date, origin, notes, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.picking_type, dto.location_id, dto.location_dest_id, dto.partner_id, dto.scheduled_date, dto.origin, dto.notes, userId] + ); + const picking = pickingResult.rows[0] as Picking; + + // Create moves + for (const move of dto.moves) { + await client.query( + `INSERT INTO inventory.stock_moves (tenant_id, picking_id, product_id, product_uom_id, location_id, location_dest_id, product_qty, lot_id, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)`, + [tenantId, picking.id, move.product_id, move.product_uom_id, move.location_id, move.location_dest_id, move.product_qty, move.lot_id, userId] + ); + } + + await client.query('COMMIT'); + + return this.findById(picking.id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async confirm(id: string, tenantId: string, userId: string): Promise { + const picking = await this.findById(id, tenantId); + + if (picking.status !== 'draft') { + throw new ConflictError('Solo se pueden confirmar pickings en estado borrador'); + } + + await query( + `UPDATE inventory.pickings SET status = 'confirmed', updated_at = CURRENT_TIMESTAMP, updated_by = $1 WHERE id = $2`, + [userId, id] + ); + + await query( + `UPDATE inventory.stock_moves SET status = 'confirmed', updated_at = CURRENT_TIMESTAMP, updated_by = $1 WHERE picking_id = $2`, + [userId, id] + ); + + return this.findById(id, tenantId); + } + + async validate(id: string, tenantId: string, userId: string): Promise { + const picking = await this.findById(id, tenantId); + + if (picking.status === 'done') { + throw new ConflictError('El picking ya está validado'); + } + + if (picking.status === 'cancelled') { + throw new ConflictError('No se puede validar un picking cancelado'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Update stock quants for each move + for (const move of picking.moves || []) { + const qty = move.product_qty; + + // Decrease from source location + await client.query( + `INSERT INTO inventory.stock_quants (product_id, location_id, quantity) + VALUES ($1, $2, -$3) + ON CONFLICT (product_id, location_id, COALESCE(lot_id, '00000000-0000-0000-0000-000000000000')) + DO UPDATE SET quantity = stock_quants.quantity - $3, updated_at = CURRENT_TIMESTAMP`, + [move.product_id, move.location_id, qty] + ); + + // Increase in destination location + await client.query( + `INSERT INTO inventory.stock_quants (product_id, location_id, quantity) + VALUES ($1, $2, $3) + ON CONFLICT (product_id, location_id, COALESCE(lot_id, '00000000-0000-0000-0000-000000000000')) + DO UPDATE SET quantity = stock_quants.quantity + $3, updated_at = CURRENT_TIMESTAMP`, + [move.product_id, move.location_dest_id, qty] + ); + + // Update move + await client.query( + `UPDATE inventory.stock_moves + SET quantity_done = $1, status = 'done', date = CURRENT_TIMESTAMP, updated_at = CURRENT_TIMESTAMP, updated_by = $2 + WHERE id = $3`, + [qty, userId, move.id] + ); + } + + // Update picking + await client.query( + `UPDATE inventory.pickings + SET status = 'done', date_done = CURRENT_TIMESTAMP, validated_at = CURRENT_TIMESTAMP, validated_by = $1, updated_at = CURRENT_TIMESTAMP, updated_by = $1 + WHERE id = $2`, + [userId, id] + ); + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const picking = await this.findById(id, tenantId); + + if (picking.status === 'done') { + throw new ConflictError('No se puede cancelar un picking ya validado'); + } + + if (picking.status === 'cancelled') { + throw new ConflictError('El picking ya está cancelado'); + } + + await query( + `UPDATE inventory.pickings SET status = 'cancelled', updated_at = CURRENT_TIMESTAMP, updated_by = $1 WHERE id = $2`, + [userId, id] + ); + + await query( + `UPDATE inventory.stock_moves SET status = 'cancelled', updated_at = CURRENT_TIMESTAMP, updated_by = $1 WHERE picking_id = $2`, + [userId, id] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const picking = await this.findById(id, tenantId); + + if (picking.status !== 'draft') { + throw new ConflictError('Solo se pueden eliminar pickings en estado borrador'); + } + + await query(`DELETE FROM inventory.pickings WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const pickingsService = new PickingsService(); diff --git a/backend/src/modules/inventory/products.service.ts b/backend/src/modules/inventory/products.service.ts new file mode 100644 index 0000000..29334c3 --- /dev/null +++ b/backend/src/modules/inventory/products.service.ts @@ -0,0 +1,410 @@ +import { Repository, IsNull, ILike } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Product, ProductType, TrackingType, ValuationMethod } from './entities/product.entity.js'; +import { StockQuant } from './entities/stock-quant.entity.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateProductDto { + name: string; + code?: string; + barcode?: string; + description?: string; + productType?: ProductType; + tracking?: TrackingType; + categoryId?: string; + uomId: string; + purchaseUomId?: string; + costPrice?: number; + listPrice?: number; + valuationMethod?: ValuationMethod; + weight?: number; + volume?: number; + canBeSold?: boolean; + canBePurchased?: boolean; + imageUrl?: string; +} + +export interface UpdateProductDto { + name?: string; + barcode?: string | null; + description?: string | null; + tracking?: TrackingType; + categoryId?: string | null; + uomId?: string; + purchaseUomId?: string | null; + costPrice?: number; + listPrice?: number; + valuationMethod?: ValuationMethod; + weight?: number | null; + volume?: number | null; + canBeSold?: boolean; + canBePurchased?: boolean; + imageUrl?: string | null; + active?: boolean; +} + +export interface ProductFilters { + search?: string; + categoryId?: string; + productType?: ProductType; + canBeSold?: boolean; + canBePurchased?: boolean; + active?: boolean; + page?: number; + limit?: number; +} + +export interface ProductWithRelations extends Product { + categoryName?: string; + uomName?: string; + purchaseUomName?: string; +} + +// ===== Service Class ===== + +class ProductsService { + private productRepository: Repository; + private stockQuantRepository: Repository; + + constructor() { + this.productRepository = AppDataSource.getRepository(Product); + this.stockQuantRepository = AppDataSource.getRepository(StockQuant); + } + + /** + * Get all products with filters and pagination + */ + async findAll( + tenantId: string, + filters: ProductFilters = {} + ): Promise<{ data: ProductWithRelations[]; total: number }> { + try { + const { search, categoryId, productType, canBeSold, canBePurchased, active, page = 1, limit = 20 } = filters; + const skip = (page - 1) * limit; + + const queryBuilder = this.productRepository + .createQueryBuilder('product') + .where('product.tenantId = :tenantId', { tenantId }) + .andWhere('product.deletedAt IS NULL'); + + // Apply search filter + if (search) { + queryBuilder.andWhere( + '(product.name ILIKE :search OR product.code ILIKE :search OR product.barcode ILIKE :search)', + { search: `%${search}%` } + ); + } + + // Filter by category + if (categoryId) { + queryBuilder.andWhere('product.categoryId = :categoryId', { categoryId }); + } + + // Filter by product type + if (productType) { + queryBuilder.andWhere('product.productType = :productType', { productType }); + } + + // Filter by can be sold + if (canBeSold !== undefined) { + queryBuilder.andWhere('product.canBeSold = :canBeSold', { canBeSold }); + } + + // Filter by can be purchased + if (canBePurchased !== undefined) { + queryBuilder.andWhere('product.canBePurchased = :canBePurchased', { canBePurchased }); + } + + // Filter by active status + if (active !== undefined) { + queryBuilder.andWhere('product.active = :active', { active }); + } + + // Get total count + const total = await queryBuilder.getCount(); + + // Get paginated results + const products = await queryBuilder + .orderBy('product.name', 'ASC') + .skip(skip) + .take(limit) + .getMany(); + + // Note: categoryName, uomName, purchaseUomName would need joins to core schema tables + // For now, we return the products as-is. If needed, these can be fetched with raw queries. + const data: ProductWithRelations[] = products; + + logger.debug('Products retrieved', { tenantId, count: data.length, total }); + + return { data, total }; + } catch (error) { + logger.error('Error retrieving products', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get product by ID + */ + async findById(id: string, tenantId: string): Promise { + try { + const product = await this.productRepository.findOne({ + where: { + id, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!product) { + throw new NotFoundError('Producto no encontrado'); + } + + return product; + } catch (error) { + logger.error('Error finding product', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Get product by code + */ + async findByCode(code: string, tenantId: string): Promise { + return this.productRepository.findOne({ + where: { + code, + tenantId, + deletedAt: IsNull(), + }, + }); + } + + /** + * Create a new product + */ + async create(dto: CreateProductDto, tenantId: string, userId: string): Promise { + try { + // Check unique code + if (dto.code) { + const existing = await this.findByCode(dto.code, tenantId); + if (existing) { + throw new ConflictError(`Ya existe un producto con código ${dto.code}`); + } + } + + // Check unique barcode + if (dto.barcode) { + const existingBarcode = await this.productRepository.findOne({ + where: { + barcode: dto.barcode, + deletedAt: IsNull(), + }, + }); + if (existingBarcode) { + throw new ConflictError(`Ya existe un producto con código de barras ${dto.barcode}`); + } + } + + // Create product + const product = this.productRepository.create({ + tenantId, + name: dto.name, + code: dto.code || null, + barcode: dto.barcode || null, + description: dto.description || null, + productType: dto.productType || ProductType.STORABLE, + tracking: dto.tracking || TrackingType.NONE, + categoryId: dto.categoryId || null, + uomId: dto.uomId, + purchaseUomId: dto.purchaseUomId || null, + costPrice: dto.costPrice || 0, + listPrice: dto.listPrice || 0, + valuationMethod: dto.valuationMethod || ValuationMethod.FIFO, + weight: dto.weight || null, + volume: dto.volume || null, + canBeSold: dto.canBeSold !== false, + canBePurchased: dto.canBePurchased !== false, + imageUrl: dto.imageUrl || null, + createdBy: userId, + }); + + await this.productRepository.save(product); + + logger.info('Product created', { + productId: product.id, + tenantId, + name: product.name, + createdBy: userId, + }); + + return product; + } catch (error) { + logger.error('Error creating product', { + error: (error as Error).message, + tenantId, + dto, + }); + throw error; + } + } + + /** + * Update a product + */ + async update(id: string, dto: UpdateProductDto, tenantId: string, userId: string): Promise { + try { + const existing = await this.findById(id, tenantId); + + // Check unique barcode if changing + if (dto.barcode !== undefined && dto.barcode !== existing.barcode) { + if (dto.barcode) { + const duplicate = await this.productRepository.findOne({ + where: { + barcode: dto.barcode, + deletedAt: IsNull(), + }, + }); + + if (duplicate && duplicate.id !== id) { + throw new ConflictError(`Ya existe un producto con código de barras ${dto.barcode}`); + } + } + } + + // Update allowed fields + if (dto.name !== undefined) existing.name = dto.name; + if (dto.barcode !== undefined) existing.barcode = dto.barcode; + if (dto.description !== undefined) existing.description = dto.description; + if (dto.tracking !== undefined) existing.tracking = dto.tracking; + if (dto.categoryId !== undefined) existing.categoryId = dto.categoryId; + if (dto.uomId !== undefined) existing.uomId = dto.uomId; + if (dto.purchaseUomId !== undefined) existing.purchaseUomId = dto.purchaseUomId; + if (dto.costPrice !== undefined) existing.costPrice = dto.costPrice; + if (dto.listPrice !== undefined) existing.listPrice = dto.listPrice; + if (dto.valuationMethod !== undefined) existing.valuationMethod = dto.valuationMethod; + if (dto.weight !== undefined) existing.weight = dto.weight; + if (dto.volume !== undefined) existing.volume = dto.volume; + if (dto.canBeSold !== undefined) existing.canBeSold = dto.canBeSold; + if (dto.canBePurchased !== undefined) existing.canBePurchased = dto.canBePurchased; + if (dto.imageUrl !== undefined) existing.imageUrl = dto.imageUrl; + if (dto.active !== undefined) existing.active = dto.active; + + existing.updatedBy = userId; + existing.updatedAt = new Date(); + + await this.productRepository.save(existing); + + logger.info('Product updated', { + productId: id, + tenantId, + updatedBy: userId, + }); + + return await this.findById(id, tenantId); + } catch (error) { + logger.error('Error updating product', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Soft delete a product + */ + async delete(id: string, tenantId: string, userId: string): Promise { + try { + await this.findById(id, tenantId); + + // Check if product has stock + const stockQuantCount = await this.stockQuantRepository + .createQueryBuilder('sq') + .where('sq.productId = :productId', { productId: id }) + .andWhere('sq.quantity > 0') + .getCount(); + + if (stockQuantCount > 0) { + throw new ConflictError('No se puede eliminar un producto que tiene stock'); + } + + // Soft delete + await this.productRepository.update( + { id, tenantId }, + { + deletedAt: new Date(), + deletedBy: userId, + active: false, + } + ); + + logger.info('Product deleted', { + productId: id, + tenantId, + deletedBy: userId, + }); + } catch (error) { + logger.error('Error deleting product', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Get stock for a product + */ + async getStock(productId: string, tenantId: string): Promise { + try { + await this.findById(productId, tenantId); + + const stock = await this.stockQuantRepository + .createQueryBuilder('sq') + .leftJoinAndSelect('sq.location', 'location') + .leftJoinAndSelect('location.warehouse', 'warehouse') + .where('sq.productId = :productId', { productId }) + .orderBy('warehouse.name', 'ASC') + .addOrderBy('location.name', 'ASC') + .getMany(); + + // Map to include relation names + return stock.map((sq) => ({ + id: sq.id, + productId: sq.productId, + locationId: sq.locationId, + locationName: sq.location?.name, + warehouseName: sq.location?.warehouse?.name, + lotId: sq.lotId, + quantity: sq.quantity, + reservedQuantity: sq.reservedQuantity, + createdAt: sq.createdAt, + updatedAt: sq.updatedAt, + })); + } catch (error) { + logger.error('Error getting product stock', { + error: (error as Error).message, + productId, + tenantId, + }); + throw error; + } + } +} + +// ===== Export Singleton Instance ===== + +export const productsService = new ProductsService(); diff --git a/backend/src/modules/inventory/valuation.controller.ts b/backend/src/modules/inventory/valuation.controller.ts new file mode 100644 index 0000000..01a9c7d --- /dev/null +++ b/backend/src/modules/inventory/valuation.controller.ts @@ -0,0 +1,230 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { valuationService, CreateValuationLayerDto } from './valuation.service.js'; +import { AuthenticatedRequest, ValidationError, ApiResponse } from '../../shared/types/index.js'; + +// ============================================================================ +// VALIDATION SCHEMAS +// ============================================================================ + +const getProductCostSchema = z.object({ + product_id: z.string().uuid(), + company_id: z.string().uuid(), +}); + +const createLayerSchema = z.object({ + product_id: z.string().uuid(), + company_id: z.string().uuid(), + quantity: z.number().positive(), + unit_cost: z.number().nonnegative(), + stock_move_id: z.string().uuid().optional(), + description: z.string().max(255).optional(), +}); + +const consumeFifoSchema = z.object({ + product_id: z.string().uuid(), + company_id: z.string().uuid(), + quantity: z.number().positive(), +}); + +const productLayersSchema = z.object({ + company_id: z.string().uuid(), + include_empty: z.enum(['true', 'false']).optional(), +}); + +// ============================================================================ +// CONTROLLER +// ============================================================================ + +class ValuationController { + /** + * Get cost for a product based on its valuation method + * GET /api/inventory/valuation/cost + */ + async getProductCost(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = getProductCostSchema.safeParse(req.query); + if (!validation.success) { + throw new ValidationError('Parámetros inválidos', validation.error.errors); + } + + const { product_id, company_id } = validation.data; + const result = await valuationService.getProductCost( + product_id, + company_id, + req.user!.tenantId + ); + + const response: ApiResponse = { + success: true, + data: result, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Get valuation summary for a product + * GET /api/inventory/valuation/products/:productId/summary + */ + async getProductSummary(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { productId } = req.params; + const { company_id } = req.query; + + if (!company_id || typeof company_id !== 'string') { + throw new ValidationError('company_id es requerido'); + } + + const result = await valuationService.getProductValuationSummary( + productId, + company_id, + req.user!.tenantId + ); + + const response: ApiResponse = { + success: true, + data: result, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Get valuation layers for a product + * GET /api/inventory/valuation/products/:productId/layers + */ + async getProductLayers(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { productId } = req.params; + const validation = productLayersSchema.safeParse(req.query); + + if (!validation.success) { + throw new ValidationError('Parámetros inválidos', validation.error.errors); + } + + const { company_id, include_empty } = validation.data; + const includeEmpty = include_empty === 'true'; + + const result = await valuationService.getProductLayers( + productId, + company_id, + req.user!.tenantId, + includeEmpty + ); + + const response: ApiResponse = { + success: true, + data: result, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Get company-wide valuation report + * GET /api/inventory/valuation/report + */ + async getCompanyReport(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { company_id } = req.query; + + if (!company_id || typeof company_id !== 'string') { + throw new ValidationError('company_id es requerido'); + } + + const result = await valuationService.getCompanyValuationReport( + company_id, + req.user!.tenantId + ); + + const response: ApiResponse = { + success: true, + data: result, + meta: { + total: result.length, + totalValue: result.reduce((sum, p) => sum + Number(p.total_value), 0), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * Create a valuation layer manually (for adjustments) + * POST /api/inventory/valuation/layers + */ + async createLayer(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = createLayerSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const dto: CreateValuationLayerDto = validation.data; + + const result = await valuationService.createLayer( + dto, + req.user!.tenantId, + req.user!.userId + ); + + const response: ApiResponse = { + success: true, + data: result, + message: 'Capa de valoración creada', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + /** + * Consume stock using FIFO (for testing/manual adjustments) + * POST /api/inventory/valuation/consume + */ + async consumeFifo(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = consumeFifoSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const { product_id, company_id, quantity } = validation.data; + + const result = await valuationService.consumeFifo( + product_id, + company_id, + quantity, + req.user!.tenantId, + req.user!.userId + ); + + const response: ApiResponse = { + success: true, + data: result, + message: `Consumidas ${result.layers_consumed.length} capas FIFO`, + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const valuationController = new ValuationController(); diff --git a/backend/src/modules/inventory/valuation.service.ts b/backend/src/modules/inventory/valuation.service.ts new file mode 100644 index 0000000..a4909a7 --- /dev/null +++ b/backend/src/modules/inventory/valuation.service.ts @@ -0,0 +1,522 @@ +import { query, queryOne, getClient, PoolClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export type ValuationMethod = 'standard' | 'fifo' | 'average'; + +export interface StockValuationLayer { + id: string; + tenant_id: string; + product_id: string; + company_id: string; + quantity: number; + unit_cost: number; + value: number; + remaining_qty: number; + remaining_value: number; + stock_move_id?: string; + description?: string; + account_move_id?: string; + journal_entry_id?: string; + created_at: Date; +} + +export interface CreateValuationLayerDto { + product_id: string; + company_id: string; + quantity: number; + unit_cost: number; + stock_move_id?: string; + description?: string; +} + +export interface ValuationSummary { + product_id: string; + product_name: string; + product_code?: string; + total_quantity: number; + total_value: number; + average_cost: number; + valuation_method: ValuationMethod; + layer_count: number; +} + +export interface FifoConsumptionResult { + layers_consumed: { + layer_id: string; + quantity_consumed: number; + unit_cost: number; + value_consumed: number; + }[]; + total_cost: number; + weighted_average_cost: number; +} + +export interface ProductCostResult { + product_id: string; + valuation_method: ValuationMethod; + standard_cost: number; + fifo_cost?: number; + average_cost: number; + recommended_cost: number; +} + +// ============================================================================ +// SERVICE +// ============================================================================ + +class ValuationService { + /** + * Create a new valuation layer (for incoming stock) + * Used when receiving products via purchase orders or inventory adjustments + */ + async createLayer( + dto: CreateValuationLayerDto, + tenantId: string, + userId: string, + client?: PoolClient + ): Promise { + const executeQuery = client + ? (sql: string, params: any[]) => client.query(sql, params).then(r => r.rows[0]) + : queryOne; + + const value = dto.quantity * dto.unit_cost; + + const layer = await executeQuery( + `INSERT INTO inventory.stock_valuation_layers ( + tenant_id, product_id, company_id, quantity, unit_cost, value, + remaining_qty, remaining_value, stock_move_id, description, created_by + ) VALUES ($1, $2, $3, $4, $5, $6, $4, $6, $7, $8, $9) + RETURNING *`, + [ + tenantId, + dto.product_id, + dto.company_id, + dto.quantity, + dto.unit_cost, + value, + dto.stock_move_id, + dto.description, + userId, + ] + ); + + logger.info('Valuation layer created', { + layerId: layer?.id, + productId: dto.product_id, + quantity: dto.quantity, + unitCost: dto.unit_cost, + }); + + return layer as StockValuationLayer; + } + + /** + * Consume stock using FIFO method + * Returns the layers consumed and total cost + */ + async consumeFifo( + productId: string, + companyId: string, + quantity: number, + tenantId: string, + userId: string, + client?: PoolClient + ): Promise { + const dbClient = client || await getClient(); + const shouldReleaseClient = !client; + + try { + if (!client) { + await dbClient.query('BEGIN'); + } + + // Get available layers ordered by creation date (FIFO) + const layersResult = await dbClient.query( + `SELECT * FROM inventory.stock_valuation_layers + WHERE product_id = $1 AND company_id = $2 AND tenant_id = $3 + AND remaining_qty > 0 + ORDER BY created_at ASC + FOR UPDATE`, + [productId, companyId, tenantId] + ); + + const layers = layersResult.rows as StockValuationLayer[]; + let remainingToConsume = quantity; + const consumedLayers: FifoConsumptionResult['layers_consumed'] = []; + let totalCost = 0; + + for (const layer of layers) { + if (remainingToConsume <= 0) break; + + const consumeFromLayer = Math.min(remainingToConsume, Number(layer.remaining_qty)); + const valueConsumed = consumeFromLayer * Number(layer.unit_cost); + + // Update layer + await dbClient.query( + `UPDATE inventory.stock_valuation_layers + SET remaining_qty = remaining_qty - $1, + remaining_value = remaining_value - $2, + updated_at = NOW(), + updated_by = $3 + WHERE id = $4`, + [consumeFromLayer, valueConsumed, userId, layer.id] + ); + + consumedLayers.push({ + layer_id: layer.id, + quantity_consumed: consumeFromLayer, + unit_cost: Number(layer.unit_cost), + value_consumed: valueConsumed, + }); + + totalCost += valueConsumed; + remainingToConsume -= consumeFromLayer; + } + + if (remainingToConsume > 0) { + // Not enough stock in layers - this is a warning, not an error + // The stock might exist without valuation layers (e.g., initial data) + logger.warn('Insufficient valuation layers for FIFO consumption', { + productId, + requestedQty: quantity, + availableQty: quantity - remainingToConsume, + }); + } + + if (!client) { + await dbClient.query('COMMIT'); + } + + const weightedAvgCost = quantity > 0 ? totalCost / (quantity - remainingToConsume) : 0; + + return { + layers_consumed: consumedLayers, + total_cost: totalCost, + weighted_average_cost: weightedAvgCost, + }; + } catch (error) { + if (!client) { + await dbClient.query('ROLLBACK'); + } + throw error; + } finally { + if (shouldReleaseClient) { + dbClient.release(); + } + } + } + + /** + * Calculate the current cost of a product based on its valuation method + */ + async getProductCost( + productId: string, + companyId: string, + tenantId: string + ): Promise { + // Get product with its valuation method and standard cost + const product = await queryOne<{ + id: string; + valuation_method: ValuationMethod; + cost_price: number; + }>( + `SELECT id, valuation_method, cost_price + FROM inventory.products + WHERE id = $1 AND tenant_id = $2`, + [productId, tenantId] + ); + + if (!product) { + throw new NotFoundError('Producto no encontrado'); + } + + // Get FIFO cost (oldest layer's unit cost) + const oldestLayer = await queryOne<{ unit_cost: number }>( + `SELECT unit_cost FROM inventory.stock_valuation_layers + WHERE product_id = $1 AND company_id = $2 AND tenant_id = $3 + AND remaining_qty > 0 + ORDER BY created_at ASC + LIMIT 1`, + [productId, companyId, tenantId] + ); + + // Get average cost from all layers + const avgResult = await queryOne<{ avg_cost: number; total_qty: number }>( + `SELECT + CASE WHEN SUM(remaining_qty) > 0 + THEN SUM(remaining_value) / SUM(remaining_qty) + ELSE 0 + END as avg_cost, + SUM(remaining_qty) as total_qty + FROM inventory.stock_valuation_layers + WHERE product_id = $1 AND company_id = $2 AND tenant_id = $3 + AND remaining_qty > 0`, + [productId, companyId, tenantId] + ); + + const standardCost = Number(product.cost_price) || 0; + const fifoCost = oldestLayer ? Number(oldestLayer.unit_cost) : undefined; + const averageCost = Number(avgResult?.avg_cost) || 0; + + // Determine recommended cost based on valuation method + let recommendedCost: number; + switch (product.valuation_method) { + case 'fifo': + recommendedCost = fifoCost ?? standardCost; + break; + case 'average': + recommendedCost = averageCost > 0 ? averageCost : standardCost; + break; + case 'standard': + default: + recommendedCost = standardCost; + break; + } + + return { + product_id: productId, + valuation_method: product.valuation_method, + standard_cost: standardCost, + fifo_cost: fifoCost, + average_cost: averageCost, + recommended_cost: recommendedCost, + }; + } + + /** + * Get valuation summary for a product + */ + async getProductValuationSummary( + productId: string, + companyId: string, + tenantId: string + ): Promise { + const result = await queryOne( + `SELECT + p.id as product_id, + p.name as product_name, + p.code as product_code, + p.valuation_method, + COALESCE(SUM(svl.remaining_qty), 0) as total_quantity, + COALESCE(SUM(svl.remaining_value), 0) as total_value, + CASE WHEN COALESCE(SUM(svl.remaining_qty), 0) > 0 + THEN COALESCE(SUM(svl.remaining_value), 0) / SUM(svl.remaining_qty) + ELSE p.cost_price + END as average_cost, + COUNT(CASE WHEN svl.remaining_qty > 0 THEN 1 END) as layer_count + FROM inventory.products p + LEFT JOIN inventory.stock_valuation_layers svl + ON p.id = svl.product_id + AND svl.company_id = $2 + AND svl.tenant_id = $3 + WHERE p.id = $1 AND p.tenant_id = $3 + GROUP BY p.id, p.name, p.code, p.valuation_method, p.cost_price`, + [productId, companyId, tenantId] + ); + + return result; + } + + /** + * Get all valuation layers for a product + */ + async getProductLayers( + productId: string, + companyId: string, + tenantId: string, + includeEmpty: boolean = false + ): Promise { + const whereClause = includeEmpty + ? '' + : 'AND remaining_qty > 0'; + + return query( + `SELECT * FROM inventory.stock_valuation_layers + WHERE product_id = $1 AND company_id = $2 AND tenant_id = $3 + ${whereClause} + ORDER BY created_at ASC`, + [productId, companyId, tenantId] + ); + } + + /** + * Get inventory valuation report for a company + */ + async getCompanyValuationReport( + companyId: string, + tenantId: string + ): Promise { + return query( + `SELECT + p.id as product_id, + p.name as product_name, + p.code as product_code, + p.valuation_method, + COALESCE(SUM(svl.remaining_qty), 0) as total_quantity, + COALESCE(SUM(svl.remaining_value), 0) as total_value, + CASE WHEN COALESCE(SUM(svl.remaining_qty), 0) > 0 + THEN COALESCE(SUM(svl.remaining_value), 0) / SUM(svl.remaining_qty) + ELSE p.cost_price + END as average_cost, + COUNT(CASE WHEN svl.remaining_qty > 0 THEN 1 END) as layer_count + FROM inventory.products p + LEFT JOIN inventory.stock_valuation_layers svl + ON p.id = svl.product_id + AND svl.company_id = $1 + AND svl.tenant_id = $2 + WHERE p.tenant_id = $2 + AND p.product_type = 'storable' + AND p.active = true + GROUP BY p.id, p.name, p.code, p.valuation_method, p.cost_price + HAVING COALESCE(SUM(svl.remaining_qty), 0) > 0 + ORDER BY p.name`, + [companyId, tenantId] + ); + } + + /** + * Update average cost on product after valuation changes + * Call this after creating layers or consuming stock + */ + async updateProductAverageCost( + productId: string, + companyId: string, + tenantId: string, + client?: PoolClient + ): Promise { + const executeQuery = client + ? (sql: string, params: any[]) => client.query(sql, params) + : query; + + // Only update products using average cost method + await executeQuery( + `UPDATE inventory.products p + SET cost_price = ( + SELECT CASE WHEN SUM(svl.remaining_qty) > 0 + THEN SUM(svl.remaining_value) / SUM(svl.remaining_qty) + ELSE p.cost_price + END + FROM inventory.stock_valuation_layers svl + WHERE svl.product_id = p.id + AND svl.company_id = $2 + AND svl.tenant_id = $3 + AND svl.remaining_qty > 0 + ), + updated_at = NOW() + WHERE p.id = $1 + AND p.tenant_id = $3 + AND p.valuation_method = 'average'`, + [productId, companyId, tenantId] + ); + } + + /** + * Process stock move for valuation + * Creates or consumes valuation layers based on move direction + */ + async processStockMoveValuation( + moveId: string, + tenantId: string, + userId: string + ): Promise { + const move = await queryOne<{ + id: string; + product_id: string; + product_qty: number; + location_id: string; + location_dest_id: string; + company_id: string; + }>( + `SELECT sm.id, sm.product_id, sm.product_qty, + sm.location_id, sm.location_dest_id, + p.company_id + FROM inventory.stock_moves sm + JOIN inventory.pickings p ON sm.picking_id = p.id + WHERE sm.id = $1 AND sm.tenant_id = $2`, + [moveId, tenantId] + ); + + if (!move) { + throw new NotFoundError('Movimiento no encontrado'); + } + + // Get location types + const [srcLoc, destLoc] = await Promise.all([ + queryOne<{ location_type: string }>( + 'SELECT location_type FROM inventory.locations WHERE id = $1', + [move.location_id] + ), + queryOne<{ location_type: string }>( + 'SELECT location_type FROM inventory.locations WHERE id = $1', + [move.location_dest_id] + ), + ]); + + const srcIsInternal = srcLoc?.location_type === 'internal'; + const destIsInternal = destLoc?.location_type === 'internal'; + + // Get product cost for new layers + const product = await queryOne<{ cost_price: number; valuation_method: string }>( + 'SELECT cost_price, valuation_method FROM inventory.products WHERE id = $1', + [move.product_id] + ); + + if (!product) return; + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Incoming to internal location (create layer) + if (!srcIsInternal && destIsInternal) { + await this.createLayer({ + product_id: move.product_id, + company_id: move.company_id, + quantity: Number(move.product_qty), + unit_cost: Number(product.cost_price), + stock_move_id: move.id, + description: `Recepción - Move ${move.id}`, + }, tenantId, userId, client); + } + + // Outgoing from internal location (consume layer with FIFO) + if (srcIsInternal && !destIsInternal) { + if (product.valuation_method === 'fifo' || product.valuation_method === 'average') { + await this.consumeFifo( + move.product_id, + move.company_id, + Number(move.product_qty), + tenantId, + userId, + client + ); + } + } + + // Update average cost if using that method + if (product.valuation_method === 'average') { + await this.updateProductAverageCost( + move.product_id, + move.company_id, + tenantId, + client + ); + } + + await client.query('COMMIT'); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } +} + +export const valuationService = new ValuationService(); diff --git a/backend/src/modules/inventory/warehouses.service.ts b/backend/src/modules/inventory/warehouses.service.ts new file mode 100644 index 0000000..f000c57 --- /dev/null +++ b/backend/src/modules/inventory/warehouses.service.ts @@ -0,0 +1,283 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Warehouse } from './entities/warehouse.entity.js'; +import { Location } from './entities/location.entity.js'; +import { StockQuant } from './entities/stock-quant.entity.js'; +import { NotFoundError, ValidationError, ConflictError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateWarehouseDto { + companyId: string; + name: string; + code: string; + addressId?: string; + isDefault?: boolean; +} + +export interface UpdateWarehouseDto { + name?: string; + addressId?: string | null; + isDefault?: boolean; + active?: boolean; +} + +export interface WarehouseFilters { + companyId?: string; + active?: boolean; + page?: number; + limit?: number; +} + +export interface WarehouseWithRelations extends Warehouse { + companyName?: string; +} + +// ===== Service Class ===== + +class WarehousesService { + private warehouseRepository: Repository; + private locationRepository: Repository; + private stockQuantRepository: Repository; + + constructor() { + this.warehouseRepository = AppDataSource.getRepository(Warehouse); + this.locationRepository = AppDataSource.getRepository(Location); + this.stockQuantRepository = AppDataSource.getRepository(StockQuant); + } + + async findAll( + tenantId: string, + filters: WarehouseFilters = {} + ): Promise<{ data: WarehouseWithRelations[]; total: number }> { + try { + const { companyId, active, page = 1, limit = 50 } = filters; + const skip = (page - 1) * limit; + + const queryBuilder = this.warehouseRepository + .createQueryBuilder('warehouse') + .leftJoinAndSelect('warehouse.company', 'company') + .where('warehouse.tenantId = :tenantId', { tenantId }); + + if (companyId) { + queryBuilder.andWhere('warehouse.companyId = :companyId', { companyId }); + } + + if (active !== undefined) { + queryBuilder.andWhere('warehouse.active = :active', { active }); + } + + const total = await queryBuilder.getCount(); + + const warehouses = await queryBuilder + .orderBy('warehouse.name', 'ASC') + .skip(skip) + .take(limit) + .getMany(); + + const data: WarehouseWithRelations[] = warehouses.map(w => ({ + ...w, + companyName: w.company?.name, + })); + + logger.debug('Warehouses retrieved', { tenantId, count: data.length, total }); + + return { data, total }; + } catch (error) { + logger.error('Error retrieving warehouses', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + async findById(id: string, tenantId: string): Promise { + try { + const warehouse = await this.warehouseRepository + .createQueryBuilder('warehouse') + .leftJoinAndSelect('warehouse.company', 'company') + .where('warehouse.id = :id', { id }) + .andWhere('warehouse.tenantId = :tenantId', { tenantId }) + .getOne(); + + if (!warehouse) { + throw new NotFoundError('Almacén no encontrado'); + } + + return { + ...warehouse, + companyName: warehouse.company?.name, + }; + } catch (error) { + logger.error('Error finding warehouse', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + async create(dto: CreateWarehouseDto, tenantId: string, userId: string): Promise { + try { + // Check unique code within company + const existing = await this.warehouseRepository.findOne({ + where: { + companyId: dto.companyId, + code: dto.code, + }, + }); + + if (existing) { + throw new ConflictError(`Ya existe un almacén con código ${dto.code} en esta empresa`); + } + + // If is_default, clear other defaults for company + if (dto.isDefault) { + await this.warehouseRepository.update( + { companyId: dto.companyId, tenantId }, + { isDefault: false } + ); + } + + const warehouse = this.warehouseRepository.create({ + tenantId, + companyId: dto.companyId, + name: dto.name, + code: dto.code, + addressId: dto.addressId || null, + isDefault: dto.isDefault || false, + createdBy: userId, + }); + + await this.warehouseRepository.save(warehouse); + + logger.info('Warehouse created', { + warehouseId: warehouse.id, + tenantId, + name: warehouse.name, + createdBy: userId, + }); + + return warehouse; + } catch (error) { + logger.error('Error creating warehouse', { + error: (error as Error).message, + tenantId, + dto, + }); + throw error; + } + } + + async update(id: string, dto: UpdateWarehouseDto, tenantId: string, userId: string): Promise { + try { + const existing = await this.findById(id, tenantId); + + // If setting as default, clear other defaults + if (dto.isDefault) { + await this.warehouseRepository + .createQueryBuilder() + .update(Warehouse) + .set({ isDefault: false }) + .where('companyId = :companyId', { companyId: existing.companyId }) + .andWhere('tenantId = :tenantId', { tenantId }) + .andWhere('id != :id', { id }) + .execute(); + } + + if (dto.name !== undefined) existing.name = dto.name; + if (dto.addressId !== undefined) existing.addressId = dto.addressId; + if (dto.isDefault !== undefined) existing.isDefault = dto.isDefault; + if (dto.active !== undefined) existing.active = dto.active; + + existing.updatedBy = userId; + existing.updatedAt = new Date(); + + await this.warehouseRepository.save(existing); + + logger.info('Warehouse updated', { + warehouseId: id, + tenantId, + updatedBy: userId, + }); + + return await this.findById(id, tenantId); + } catch (error) { + logger.error('Error updating warehouse', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + async delete(id: string, tenantId: string): Promise { + try { + await this.findById(id, tenantId); + + // Check if warehouse has locations with stock + const hasStock = await this.stockQuantRepository + .createQueryBuilder('sq') + .innerJoin('sq.location', 'location') + .where('location.warehouseId = :warehouseId', { warehouseId: id }) + .andWhere('sq.quantity > 0') + .getCount(); + + if (hasStock > 0) { + throw new ConflictError('No se puede eliminar un almacén que tiene stock'); + } + + await this.warehouseRepository.delete({ id, tenantId }); + + logger.info('Warehouse deleted', { + warehouseId: id, + tenantId, + }); + } catch (error) { + logger.error('Error deleting warehouse', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + async getLocations(warehouseId: string, tenantId: string): Promise { + await this.findById(warehouseId, tenantId); + + return this.locationRepository.find({ + where: { + warehouseId, + tenantId, + }, + order: { name: 'ASC' }, + }); + } + + async getStock(warehouseId: string, tenantId: string): Promise { + await this.findById(warehouseId, tenantId); + + const stock = await this.stockQuantRepository + .createQueryBuilder('sq') + .innerJoinAndSelect('sq.product', 'product') + .innerJoinAndSelect('sq.location', 'location') + .where('location.warehouseId = :warehouseId', { warehouseId }) + .orderBy('product.name', 'ASC') + .addOrderBy('location.name', 'ASC') + .getMany(); + + return stock.map(sq => ({ + ...sq, + productName: sq.product?.name, + productCode: sq.product?.code, + locationName: sq.location?.name, + })); + } +} + +export const warehousesService = new WarehousesService(); diff --git a/backend/src/modules/partners/entities/index.ts b/backend/src/modules/partners/entities/index.ts new file mode 100644 index 0000000..d64c144 --- /dev/null +++ b/backend/src/modules/partners/entities/index.ts @@ -0,0 +1 @@ +export { Partner, PartnerType } from './partner.entity.js'; diff --git a/backend/src/modules/partners/entities/partner.entity.ts b/backend/src/modules/partners/entities/partner.entity.ts new file mode 100644 index 0000000..5f59f9d --- /dev/null +++ b/backend/src/modules/partners/entities/partner.entity.ts @@ -0,0 +1,132 @@ +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + Index, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Tenant } from '../../auth/entities/tenant.entity.js'; +import { Company } from '../../auth/entities/company.entity.js'; + +export type PartnerType = 'person' | 'company'; + +@Entity({ schema: 'core', name: 'partners' }) +@Index('idx_partners_tenant_id', ['tenantId']) +@Index('idx_partners_company_id', ['companyId']) +@Index('idx_partners_parent_id', ['parentId']) +@Index('idx_partners_active', ['tenantId', 'active'], { where: 'deleted_at IS NULL' }) +@Index('idx_partners_is_customer', ['tenantId', 'isCustomer'], { where: 'deleted_at IS NULL AND is_customer = true' }) +@Index('idx_partners_is_supplier', ['tenantId', 'isSupplier'], { where: 'deleted_at IS NULL AND is_supplier = true' }) +@Index('idx_partners_is_employee', ['tenantId', 'isEmployee'], { where: 'deleted_at IS NULL AND is_employee = true' }) +@Index('idx_partners_tax_id', ['taxId']) +@Index('idx_partners_email', ['email']) +export class Partner { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'uuid', nullable: false, name: 'tenant_id' }) + tenantId: string; + + @Column({ type: 'varchar', length: 255, nullable: false }) + name: string; + + @Column({ type: 'varchar', length: 255, nullable: true, name: 'legal_name' }) + legalName: string | null; + + @Column({ + type: 'varchar', + length: 20, + nullable: false, + default: 'person', + name: 'partner_type', + }) + partnerType: PartnerType; + + @Column({ type: 'boolean', default: false, name: 'is_customer' }) + isCustomer: boolean; + + @Column({ type: 'boolean', default: false, name: 'is_supplier' }) + isSupplier: boolean; + + @Column({ type: 'boolean', default: false, name: 'is_employee' }) + isEmployee: boolean; + + @Column({ type: 'boolean', default: false, name: 'is_company' }) + isCompany: boolean; + + @Column({ type: 'varchar', length: 255, nullable: true }) + email: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true }) + phone: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true }) + mobile: string | null; + + @Column({ type: 'varchar', length: 255, nullable: true }) + website: string | null; + + @Column({ type: 'varchar', length: 50, nullable: true, name: 'tax_id' }) + taxId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'company_id' }) + companyId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'parent_id' }) + parentId: string | null; + + @Column({ type: 'uuid', nullable: true, name: 'currency_id' }) + currencyId: string | null; + + @Column({ type: 'text', nullable: true }) + notes: string | null; + + @Column({ type: 'boolean', default: true }) + active: boolean; + + // Relaciones + @ManyToOne(() => Tenant, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => Company, { nullable: true }) + @JoinColumn({ name: 'company_id' }) + company: Company | null; + + @ManyToOne(() => Partner, (partner) => partner.children, { nullable: true }) + @JoinColumn({ name: 'parent_id' }) + parentPartner: Partner | null; + + children: Partner[]; + + // Auditoría + @CreateDateColumn({ name: 'created_at', type: 'timestamp' }) + createdAt: Date; + + @Column({ type: 'uuid', nullable: true, name: 'created_by' }) + createdBy: string | null; + + @UpdateDateColumn({ + name: 'updated_at', + type: 'timestamp', + nullable: true, + }) + updatedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'updated_by' }) + updatedBy: string | null; + + @Column({ type: 'timestamp', nullable: true, name: 'deleted_at' }) + deletedAt: Date | null; + + @Column({ type: 'uuid', nullable: true, name: 'deleted_by' }) + deletedBy: string | null; + + // Virtual fields for joined data + companyName?: string; + currencyCode?: string; + parentName?: string; +} diff --git a/backend/src/modules/partners/index.ts b/backend/src/modules/partners/index.ts new file mode 100644 index 0000000..4a0be6c --- /dev/null +++ b/backend/src/modules/partners/index.ts @@ -0,0 +1,6 @@ +export * from './entities/index.js'; +export * from './partners.service.js'; +export * from './partners.controller.js'; +export * from './ranking.service.js'; +export * from './ranking.controller.js'; +export { default as partnersRoutes } from './partners.routes.js'; diff --git a/backend/src/modules/partners/partners.controller.ts b/backend/src/modules/partners/partners.controller.ts new file mode 100644 index 0000000..30825ac --- /dev/null +++ b/backend/src/modules/partners/partners.controller.ts @@ -0,0 +1,333 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { partnersService, CreatePartnerDto, UpdatePartnerDto, PartnerFilters } from './partners.service.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError } from '../../shared/types/index.js'; + +// Validation schemas (accept both snake_case and camelCase from frontend) +const createPartnerSchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(255), + legal_name: z.string().max(255).optional(), + legalName: z.string().max(255).optional(), + partner_type: z.enum(['person', 'company']).default('person'), + partnerType: z.enum(['person', 'company']).default('person'), + is_customer: z.boolean().default(false), + isCustomer: z.boolean().default(false), + is_supplier: z.boolean().default(false), + isSupplier: z.boolean().default(false), + is_employee: z.boolean().default(false), + isEmployee: z.boolean().default(false), + is_company: z.boolean().default(false), + isCompany: z.boolean().default(false), + email: z.string().email('Email inválido').max(255).optional(), + phone: z.string().max(50).optional(), + mobile: z.string().max(50).optional(), + website: z.string().url('URL inválida').max(255).optional(), + tax_id: z.string().max(50).optional(), + taxId: z.string().max(50).optional(), + company_id: z.string().uuid().optional(), + companyId: z.string().uuid().optional(), + parent_id: z.string().uuid().optional(), + parentId: z.string().uuid().optional(), + currency_id: z.string().uuid().optional(), + currencyId: z.string().uuid().optional(), + notes: z.string().optional(), +}); + +const updatePartnerSchema = z.object({ + name: z.string().min(1).max(255).optional(), + legal_name: z.string().max(255).optional().nullable(), + legalName: z.string().max(255).optional().nullable(), + is_customer: z.boolean().optional(), + isCustomer: z.boolean().optional(), + is_supplier: z.boolean().optional(), + isSupplier: z.boolean().optional(), + is_employee: z.boolean().optional(), + isEmployee: z.boolean().optional(), + email: z.string().email('Email inválido').max(255).optional().nullable(), + phone: z.string().max(50).optional().nullable(), + mobile: z.string().max(50).optional().nullable(), + website: z.string().url('URL inválida').max(255).optional().nullable(), + tax_id: z.string().max(50).optional().nullable(), + taxId: z.string().max(50).optional().nullable(), + company_id: z.string().uuid().optional().nullable(), + companyId: z.string().uuid().optional().nullable(), + parent_id: z.string().uuid().optional().nullable(), + parentId: z.string().uuid().optional().nullable(), + currency_id: z.string().uuid().optional().nullable(), + currencyId: z.string().uuid().optional().nullable(), + notes: z.string().optional().nullable(), + active: z.boolean().optional(), +}); + +const querySchema = z.object({ + search: z.string().optional(), + is_customer: z.coerce.boolean().optional(), + isCustomer: z.coerce.boolean().optional(), + is_supplier: z.coerce.boolean().optional(), + isSupplier: z.coerce.boolean().optional(), + is_employee: z.coerce.boolean().optional(), + isEmployee: z.coerce.boolean().optional(), + company_id: z.string().uuid().optional(), + companyId: z.string().uuid().optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class PartnersController { + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = querySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const data = queryResult.data; + const tenantId = req.user!.tenantId; + const filters: PartnerFilters = { + search: data.search, + isCustomer: data.isCustomer ?? data.is_customer, + isSupplier: data.isSupplier ?? data.is_supplier, + isEmployee: data.isEmployee ?? data.is_employee, + companyId: data.companyId || data.company_id, + active: data.active, + page: data.page, + limit: data.limit, + }; + + const result = await partnersService.findAll(tenantId, filters); + + const response: ApiResponse = { + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page || 1, + limit: filters.limit || 20, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findCustomers(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = querySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const data = queryResult.data; + const tenantId = req.user!.tenantId; + const filters = { + search: data.search, + isEmployee: data.isEmployee ?? data.is_employee, + companyId: data.companyId || data.company_id, + active: data.active, + page: data.page, + limit: data.limit, + }; + + const result = await partnersService.findCustomers(tenantId, filters); + + const response: ApiResponse = { + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page || 1, + limit: filters.limit || 20, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findSuppliers(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = querySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const data = queryResult.data; + const tenantId = req.user!.tenantId; + const filters = { + search: data.search, + isEmployee: data.isEmployee ?? data.is_employee, + companyId: data.companyId || data.company_id, + active: data.active, + page: data.page, + limit: data.limit, + }; + + const result = await partnersService.findSuppliers(tenantId, filters); + + const response: ApiResponse = { + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page || 1, + limit: filters.limit || 20, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const partner = await partnersService.findById(id, tenantId); + + const response: ApiResponse = { + success: true, + data: partner, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createPartnerSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de contacto inválidos', parseResult.error.errors); + } + + const data = parseResult.data; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + // Transform to camelCase DTO + const dto: CreatePartnerDto = { + name: data.name, + legalName: data.legalName || data.legal_name, + partnerType: data.partnerType || data.partner_type, + isCustomer: data.isCustomer ?? data.is_customer, + isSupplier: data.isSupplier ?? data.is_supplier, + isEmployee: data.isEmployee ?? data.is_employee, + isCompany: data.isCompany ?? data.is_company, + email: data.email, + phone: data.phone, + mobile: data.mobile, + website: data.website, + taxId: data.taxId || data.tax_id, + companyId: data.companyId || data.company_id, + parentId: data.parentId || data.parent_id, + currencyId: data.currencyId || data.currency_id, + notes: data.notes, + }; + + const partner = await partnersService.create(dto, tenantId, userId); + + const response: ApiResponse = { + success: true, + data: partner, + message: 'Contacto creado exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const parseResult = updatePartnerSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de contacto inválidos', parseResult.error.errors); + } + + const data = parseResult.data; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + // Transform to camelCase DTO + const dto: UpdatePartnerDto = {}; + if (data.name !== undefined) dto.name = data.name; + if (data.legalName !== undefined || data.legal_name !== undefined) { + dto.legalName = data.legalName ?? data.legal_name; + } + if (data.isCustomer !== undefined || data.is_customer !== undefined) { + dto.isCustomer = data.isCustomer ?? data.is_customer; + } + if (data.isSupplier !== undefined || data.is_supplier !== undefined) { + dto.isSupplier = data.isSupplier ?? data.is_supplier; + } + if (data.isEmployee !== undefined || data.is_employee !== undefined) { + dto.isEmployee = data.isEmployee ?? data.is_employee; + } + if (data.email !== undefined) dto.email = data.email; + if (data.phone !== undefined) dto.phone = data.phone; + if (data.mobile !== undefined) dto.mobile = data.mobile; + if (data.website !== undefined) dto.website = data.website; + if (data.taxId !== undefined || data.tax_id !== undefined) { + dto.taxId = data.taxId ?? data.tax_id; + } + if (data.companyId !== undefined || data.company_id !== undefined) { + dto.companyId = data.companyId ?? data.company_id; + } + if (data.parentId !== undefined || data.parent_id !== undefined) { + dto.parentId = data.parentId ?? data.parent_id; + } + if (data.currencyId !== undefined || data.currency_id !== undefined) { + dto.currencyId = data.currencyId ?? data.currency_id; + } + if (data.notes !== undefined) dto.notes = data.notes; + if (data.active !== undefined) dto.active = data.active; + + const partner = await partnersService.update(id, dto, tenantId, userId); + + const response: ApiResponse = { + success: true, + data: partner, + message: 'Contacto actualizado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + await partnersService.delete(id, tenantId, userId); + + const response: ApiResponse = { + success: true, + message: 'Contacto eliminado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const partnersController = new PartnersController(); diff --git a/backend/src/modules/partners/partners.routes.ts b/backend/src/modules/partners/partners.routes.ts new file mode 100644 index 0000000..d4c65f7 --- /dev/null +++ b/backend/src/modules/partners/partners.routes.ts @@ -0,0 +1,90 @@ +import { Router } from 'express'; +import { partnersController } from './partners.controller.js'; +import { rankingController } from './ranking.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ============================================================================ +// RANKING ROUTES (must be before /:id routes to avoid conflicts) +// ============================================================================ + +// Calculate rankings (admin, manager) +router.post('/rankings/calculate', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + rankingController.calculateRankings(req, res, next) +); + +// Get all rankings +router.get('/rankings', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.findRankings(req, res, next) +); + +// Top partners +router.get('/rankings/top/customers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getTopCustomers(req, res, next) +); +router.get('/rankings/top/suppliers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getTopSuppliers(req, res, next) +); + +// ABC distribution +router.get('/rankings/abc/customers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getCustomerABCDistribution(req, res, next) +); +router.get('/rankings/abc/suppliers', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getSupplierABCDistribution(req, res, next) +); + +// Partners by ABC +router.get('/rankings/abc/customers/:abc', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getCustomersByABC(req, res, next) +); +router.get('/rankings/abc/suppliers/:abc', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getSuppliersByABC(req, res, next) +); + +// Partner-specific ranking +router.get('/rankings/partner/:partnerId', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.findPartnerRanking(req, res, next) +); +router.get('/rankings/partner/:partnerId/history', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + rankingController.getPartnerHistory(req, res, next) +); + +// ============================================================================ +// PARTNER ROUTES +// ============================================================================ + +// Convenience endpoints for customers and suppliers +router.get('/customers', (req, res, next) => partnersController.findCustomers(req, res, next)); +router.get('/suppliers', (req, res, next) => partnersController.findSuppliers(req, res, next)); + +// List all partners (admin, manager, sales, accountant) +router.get('/', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + partnersController.findAll(req, res, next) +); + +// Get partner by ID +router.get('/:id', requireRoles('admin', 'manager', 'sales', 'accountant', 'super_admin'), (req, res, next) => + partnersController.findById(req, res, next) +); + +// Create partner (admin, manager, sales) +router.post('/', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + partnersController.create(req, res, next) +); + +// Update partner (admin, manager, sales) +router.put('/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + partnersController.update(req, res, next) +); + +// Delete partner (admin only) +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + partnersController.delete(req, res, next) +); + +export default router; diff --git a/backend/src/modules/partners/partners.service.ts b/backend/src/modules/partners/partners.service.ts new file mode 100644 index 0000000..6f6d552 --- /dev/null +++ b/backend/src/modules/partners/partners.service.ts @@ -0,0 +1,395 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Partner, PartnerType } from './entities/index.js'; +import { NotFoundError, ValidationError, ForbiddenError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreatePartnerDto { + name: string; + legalName?: string; + partnerType?: PartnerType; + isCustomer?: boolean; + isSupplier?: boolean; + isEmployee?: boolean; + isCompany?: boolean; + email?: string; + phone?: string; + mobile?: string; + website?: string; + taxId?: string; + companyId?: string; + parentId?: string; + currencyId?: string; + notes?: string; +} + +export interface UpdatePartnerDto { + name?: string; + legalName?: string | null; + isCustomer?: boolean; + isSupplier?: boolean; + isEmployee?: boolean; + email?: string | null; + phone?: string | null; + mobile?: string | null; + website?: string | null; + taxId?: string | null; + companyId?: string | null; + parentId?: string | null; + currencyId?: string | null; + notes?: string | null; + active?: boolean; +} + +export interface PartnerFilters { + search?: string; + isCustomer?: boolean; + isSupplier?: boolean; + isEmployee?: boolean; + companyId?: string; + active?: boolean; + page?: number; + limit?: number; +} + +export interface PartnerWithRelations extends Partner { + companyName?: string; + currencyCode?: string; + parentName?: string; +} + +// ===== PartnersService Class ===== + +class PartnersService { + private partnerRepository: Repository; + + constructor() { + this.partnerRepository = AppDataSource.getRepository(Partner); + } + + /** + * Get all partners for a tenant with filters and pagination + */ + async findAll( + tenantId: string, + filters: PartnerFilters = {} + ): Promise<{ data: PartnerWithRelations[]; total: number }> { + try { + const { search, isCustomer, isSupplier, isEmployee, companyId, active, page = 1, limit = 20 } = filters; + const skip = (page - 1) * limit; + + const queryBuilder = this.partnerRepository + .createQueryBuilder('partner') + .leftJoin('partner.company', 'company') + .addSelect(['company.name']) + .leftJoin('partner.parentPartner', 'parentPartner') + .addSelect(['parentPartner.name']) + .where('partner.tenantId = :tenantId', { tenantId }) + .andWhere('partner.deletedAt IS NULL'); + + // Apply search filter + if (search) { + queryBuilder.andWhere( + '(partner.name ILIKE :search OR partner.legalName ILIKE :search OR partner.email ILIKE :search OR partner.taxId ILIKE :search)', + { search: `%${search}%` } + ); + } + + // Filter by customer + if (isCustomer !== undefined) { + queryBuilder.andWhere('partner.isCustomer = :isCustomer', { isCustomer }); + } + + // Filter by supplier + if (isSupplier !== undefined) { + queryBuilder.andWhere('partner.isSupplier = :isSupplier', { isSupplier }); + } + + // Filter by employee + if (isEmployee !== undefined) { + queryBuilder.andWhere('partner.isEmployee = :isEmployee', { isEmployee }); + } + + // Filter by company + if (companyId) { + queryBuilder.andWhere('partner.companyId = :companyId', { companyId }); + } + + // Filter by active status + if (active !== undefined) { + queryBuilder.andWhere('partner.active = :active', { active }); + } + + // Get total count + const total = await queryBuilder.getCount(); + + // Get paginated results + const partners = await queryBuilder + .orderBy('partner.name', 'ASC') + .skip(skip) + .take(limit) + .getMany(); + + // Map to include relation names + const data: PartnerWithRelations[] = partners.map(partner => ({ + ...partner, + companyName: partner.company?.name, + parentName: partner.parentPartner?.name, + })); + + logger.debug('Partners retrieved', { tenantId, count: data.length, total }); + + return { data, total }; + } catch (error) { + logger.error('Error retrieving partners', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get partner by ID + */ + async findById(id: string, tenantId: string): Promise { + try { + const partner = await this.partnerRepository + .createQueryBuilder('partner') + .leftJoin('partner.company', 'company') + .addSelect(['company.name']) + .leftJoin('partner.parentPartner', 'parentPartner') + .addSelect(['parentPartner.name']) + .where('partner.id = :id', { id }) + .andWhere('partner.tenantId = :tenantId', { tenantId }) + .andWhere('partner.deletedAt IS NULL') + .getOne(); + + if (!partner) { + throw new NotFoundError('Contacto no encontrado'); + } + + return { + ...partner, + companyName: partner.company?.name, + parentName: partner.parentPartner?.name, + }; + } catch (error) { + logger.error('Error finding partner', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Create a new partner + */ + async create( + dto: CreatePartnerDto, + tenantId: string, + userId: string + ): Promise { + try { + // Validate parent partner exists + if (dto.parentId) { + const parent = await this.partnerRepository.findOne({ + where: { + id: dto.parentId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Contacto padre no encontrado'); + } + } + + // Create partner + const partner = this.partnerRepository.create({ + tenantId, + name: dto.name, + legalName: dto.legalName || null, + partnerType: dto.partnerType || 'person', + isCustomer: dto.isCustomer || false, + isSupplier: dto.isSupplier || false, + isEmployee: dto.isEmployee || false, + isCompany: dto.isCompany || false, + email: dto.email?.toLowerCase() || null, + phone: dto.phone || null, + mobile: dto.mobile || null, + website: dto.website || null, + taxId: dto.taxId || null, + companyId: dto.companyId || null, + parentId: dto.parentId || null, + currencyId: dto.currencyId || null, + notes: dto.notes || null, + createdBy: userId, + }); + + await this.partnerRepository.save(partner); + + logger.info('Partner created', { + partnerId: partner.id, + tenantId, + name: partner.name, + createdBy: userId, + }); + + return partner; + } catch (error) { + logger.error('Error creating partner', { + error: (error as Error).message, + tenantId, + dto, + }); + throw error; + } + } + + /** + * Update a partner + */ + async update( + id: string, + dto: UpdatePartnerDto, + tenantId: string, + userId: string + ): Promise { + try { + const existing = await this.findById(id, tenantId); + + // Validate parent partner (prevent self-reference) + if (dto.parentId !== undefined && dto.parentId) { + if (dto.parentId === id) { + throw new ValidationError('Un contacto no puede ser su propio padre'); + } + + const parent = await this.partnerRepository.findOne({ + where: { + id: dto.parentId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!parent) { + throw new NotFoundError('Contacto padre no encontrado'); + } + } + + // Update allowed fields + if (dto.name !== undefined) existing.name = dto.name; + if (dto.legalName !== undefined) existing.legalName = dto.legalName; + if (dto.isCustomer !== undefined) existing.isCustomer = dto.isCustomer; + if (dto.isSupplier !== undefined) existing.isSupplier = dto.isSupplier; + if (dto.isEmployee !== undefined) existing.isEmployee = dto.isEmployee; + if (dto.email !== undefined) existing.email = dto.email?.toLowerCase() || null; + if (dto.phone !== undefined) existing.phone = dto.phone; + if (dto.mobile !== undefined) existing.mobile = dto.mobile; + if (dto.website !== undefined) existing.website = dto.website; + if (dto.taxId !== undefined) existing.taxId = dto.taxId; + if (dto.companyId !== undefined) existing.companyId = dto.companyId; + if (dto.parentId !== undefined) existing.parentId = dto.parentId; + if (dto.currencyId !== undefined) existing.currencyId = dto.currencyId; + if (dto.notes !== undefined) existing.notes = dto.notes; + if (dto.active !== undefined) existing.active = dto.active; + + existing.updatedBy = userId; + existing.updatedAt = new Date(); + + await this.partnerRepository.save(existing); + + logger.info('Partner updated', { + partnerId: id, + tenantId, + updatedBy: userId, + }); + + return await this.findById(id, tenantId); + } catch (error) { + logger.error('Error updating partner', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Soft delete a partner + */ + async delete(id: string, tenantId: string, userId: string): Promise { + try { + await this.findById(id, tenantId); + + // Check if has child partners + const childrenCount = await this.partnerRepository.count({ + where: { + parentId: id, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (childrenCount > 0) { + throw new ForbiddenError( + 'No se puede eliminar un contacto que tiene contactos relacionados' + ); + } + + // Soft delete + await this.partnerRepository.update( + { id, tenantId }, + { + deletedAt: new Date(), + deletedBy: userId, + active: false, + } + ); + + logger.info('Partner deleted', { + partnerId: id, + tenantId, + deletedBy: userId, + }); + } catch (error) { + logger.error('Error deleting partner', { + error: (error as Error).message, + id, + tenantId, + }); + throw error; + } + } + + /** + * Get customers only + */ + async findCustomers( + tenantId: string, + filters: Omit + ): Promise<{ data: PartnerWithRelations[]; total: number }> { + return this.findAll(tenantId, { ...filters, isCustomer: true }); + } + + /** + * Get suppliers only + */ + async findSuppliers( + tenantId: string, + filters: Omit + ): Promise<{ data: PartnerWithRelations[]; total: number }> { + return this.findAll(tenantId, { ...filters, isSupplier: true }); + } +} + +// ===== Export Singleton Instance ===== + +export const partnersService = new PartnersService(); diff --git a/backend/src/modules/partners/ranking.controller.ts b/backend/src/modules/partners/ranking.controller.ts new file mode 100644 index 0000000..95e15c1 --- /dev/null +++ b/backend/src/modules/partners/ranking.controller.ts @@ -0,0 +1,368 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { AuthenticatedRequest } from '../../shared/types/index.js'; +import { rankingService, ABCClassification } from './ranking.service.js'; + +// ============================================================================ +// VALIDATION SCHEMAS +// ============================================================================ + +const calculateRankingsSchema = z.object({ + company_id: z.string().uuid().optional(), + period_start: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + period_end: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), +}); + +const rankingFiltersSchema = z.object({ + company_id: z.string().uuid().optional(), + period_start: z.string().optional(), + period_end: z.string().optional(), + customer_abc: z.enum(['A', 'B', 'C']).optional(), + supplier_abc: z.enum(['A', 'B', 'C']).optional(), + min_sales: z.coerce.number().min(0).optional(), + min_purchases: z.coerce.number().min(0).optional(), + page: z.coerce.number().min(1).default(1), + limit: z.coerce.number().min(1).max(100).default(20), +}); + +// ============================================================================ +// CONTROLLER +// ============================================================================ + +class RankingController { + /** + * POST /rankings/calculate + * Calculate partner rankings + */ + async calculateRankings( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { company_id, period_start, period_end } = calculateRankingsSchema.parse(req.body); + const tenantId = req.user!.tenantId; + + const result = await rankingService.calculateRankings( + tenantId, + company_id, + period_start, + period_end + ); + + res.json({ + success: true, + message: 'Rankings calculados exitosamente', + data: result, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings + * List all rankings with filters + */ + async findRankings( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const filters = rankingFiltersSchema.parse(req.query); + const tenantId = req.user!.tenantId; + + const { data, total } = await rankingService.findRankings(tenantId, filters); + + res.json({ + success: true, + data, + pagination: { + page: filters.page, + limit: filters.limit, + total, + totalPages: Math.ceil(total / filters.limit), + }, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/partner/:partnerId + * Get ranking for a specific partner + */ + async findPartnerRanking( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { partnerId } = req.params; + const { period_start, period_end } = req.query as { + period_start?: string; + period_end?: string; + }; + const tenantId = req.user!.tenantId; + + const ranking = await rankingService.findPartnerRanking( + partnerId, + tenantId, + period_start, + period_end + ); + + if (!ranking) { + res.status(404).json({ + success: false, + error: 'No se encontró ranking para este contacto', + }); + return; + } + + res.json({ + success: true, + data: ranking, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/partner/:partnerId/history + * Get ranking history for a partner + */ + async getPartnerHistory( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { partnerId } = req.params; + const limit = parseInt(req.query.limit as string) || 12; + const tenantId = req.user!.tenantId; + + const history = await rankingService.getPartnerRankingHistory( + partnerId, + tenantId, + Math.min(limit, 24) + ); + + res.json({ + success: true, + data: history, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/top/customers + * Get top customers + */ + async getTopCustomers( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const limit = parseInt(req.query.limit as string) || 10; + const tenantId = req.user!.tenantId; + + const data = await rankingService.getTopPartners( + tenantId, + 'customers', + Math.min(limit, 50) + ); + + res.json({ + success: true, + data, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/top/suppliers + * Get top suppliers + */ + async getTopSuppliers( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const limit = parseInt(req.query.limit as string) || 10; + const tenantId = req.user!.tenantId; + + const data = await rankingService.getTopPartners( + tenantId, + 'suppliers', + Math.min(limit, 50) + ); + + res.json({ + success: true, + data, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/abc/customers + * Get ABC distribution for customers + */ + async getCustomerABCDistribution( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { company_id } = req.query as { company_id?: string }; + const tenantId = req.user!.tenantId; + + const distribution = await rankingService.getABCDistribution( + tenantId, + 'customers', + company_id + ); + + res.json({ + success: true, + data: distribution, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/abc/suppliers + * Get ABC distribution for suppliers + */ + async getSupplierABCDistribution( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { company_id } = req.query as { company_id?: string }; + const tenantId = req.user!.tenantId; + + const distribution = await rankingService.getABCDistribution( + tenantId, + 'suppliers', + company_id + ); + + res.json({ + success: true, + data: distribution, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/abc/customers/:abc + * Get customers by ABC classification + */ + async getCustomersByABC( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const abc = req.params.abc.toUpperCase() as ABCClassification; + const page = parseInt(req.query.page as string) || 1; + const limit = parseInt(req.query.limit as string) || 20; + const tenantId = req.user!.tenantId; + + if (!['A', 'B', 'C'].includes(abc || '')) { + res.status(400).json({ + success: false, + error: 'Clasificación ABC inválida. Use A, B o C.', + }); + return; + } + + const { data, total } = await rankingService.findPartnersByABC( + tenantId, + abc, + 'customers', + page, + Math.min(limit, 100) + ); + + res.json({ + success: true, + data, + pagination: { + page, + limit, + total, + totalPages: Math.ceil(total / limit), + }, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /rankings/abc/suppliers/:abc + * Get suppliers by ABC classification + */ + async getSuppliersByABC( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const abc = req.params.abc.toUpperCase() as ABCClassification; + const page = parseInt(req.query.page as string) || 1; + const limit = parseInt(req.query.limit as string) || 20; + const tenantId = req.user!.tenantId; + + if (!['A', 'B', 'C'].includes(abc || '')) { + res.status(400).json({ + success: false, + error: 'Clasificación ABC inválida. Use A, B o C.', + }); + return; + } + + const { data, total } = await rankingService.findPartnersByABC( + tenantId, + abc, + 'suppliers', + page, + Math.min(limit, 100) + ); + + res.json({ + success: true, + data, + pagination: { + page, + limit, + total, + totalPages: Math.ceil(total / limit), + }, + }); + } catch (error) { + next(error); + } + } +} + +export const rankingController = new RankingController(); diff --git a/backend/src/modules/partners/ranking.service.ts b/backend/src/modules/partners/ranking.service.ts new file mode 100644 index 0000000..2647315 --- /dev/null +++ b/backend/src/modules/partners/ranking.service.ts @@ -0,0 +1,431 @@ +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Partner } from './entities/index.js'; +import { NotFoundError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export type ABCClassification = 'A' | 'B' | 'C' | null; + +export interface PartnerRanking { + id: string; + tenant_id: string; + partner_id: string; + partner_name?: string; + company_id: string | null; + period_start: Date; + period_end: Date; + total_sales: number; + sales_order_count: number; + avg_order_value: number; + total_purchases: number; + purchase_order_count: number; + avg_purchase_value: number; + avg_payment_days: number | null; + on_time_payment_rate: number | null; + sales_rank: number | null; + purchase_rank: number | null; + customer_abc: ABCClassification; + supplier_abc: ABCClassification; + customer_score: number | null; + supplier_score: number | null; + overall_score: number | null; + sales_trend: number | null; + purchase_trend: number | null; + calculated_at: Date; +} + +export interface RankingCalculationResult { + partners_processed: number; + customers_ranked: number; + suppliers_ranked: number; +} + +export interface RankingFilters { + company_id?: string; + period_start?: string; + period_end?: string; + customer_abc?: ABCClassification; + supplier_abc?: ABCClassification; + min_sales?: number; + min_purchases?: number; + page?: number; + limit?: number; +} + +export interface TopPartner { + id: string; + tenant_id: string; + name: string; + email: string | null; + is_customer: boolean; + is_supplier: boolean; + customer_rank: number | null; + supplier_rank: number | null; + customer_abc: ABCClassification; + supplier_abc: ABCClassification; + total_sales_ytd: number; + total_purchases_ytd: number; + last_ranking_date: Date | null; + customer_category: string | null; + supplier_category: string | null; +} + +// ============================================================================ +// SERVICE +// ============================================================================ + +class RankingService { + private partnerRepository: Repository; + + constructor() { + this.partnerRepository = AppDataSource.getRepository(Partner); + } + + /** + * Calculate rankings for all partners in a tenant + * Uses the database function for atomic calculation + */ + async calculateRankings( + tenantId: string, + companyId?: string, + periodStart?: string, + periodEnd?: string + ): Promise { + try { + const result = await this.partnerRepository.query( + `SELECT * FROM core.calculate_partner_rankings($1, $2, $3, $4)`, + [tenantId, companyId || null, periodStart || null, periodEnd || null] + ); + + const data = result[0]; + if (!data) { + throw new Error('Error calculando rankings'); + } + + logger.info('Partner rankings calculated', { + tenantId, + companyId, + periodStart, + periodEnd, + result: data, + }); + + return { + partners_processed: parseInt(data.partners_processed, 10), + customers_ranked: parseInt(data.customers_ranked, 10), + suppliers_ranked: parseInt(data.suppliers_ranked, 10), + }; + } catch (error) { + logger.error('Error calculating partner rankings', { + error: (error as Error).message, + tenantId, + companyId, + }); + throw error; + } + } + + /** + * Get rankings for a specific period + */ + async findRankings( + tenantId: string, + filters: RankingFilters = {} + ): Promise<{ data: PartnerRanking[]; total: number }> { + try { + const { + company_id, + period_start, + period_end, + customer_abc, + supplier_abc, + min_sales, + min_purchases, + page = 1, + limit = 20, + } = filters; + + const conditions: string[] = ['pr.tenant_id = $1']; + const params: any[] = [tenantId]; + let idx = 2; + + if (company_id) { + conditions.push(`pr.company_id = $${idx++}`); + params.push(company_id); + } + + if (period_start) { + conditions.push(`pr.period_start >= $${idx++}`); + params.push(period_start); + } + + if (period_end) { + conditions.push(`pr.period_end <= $${idx++}`); + params.push(period_end); + } + + if (customer_abc) { + conditions.push(`pr.customer_abc = $${idx++}`); + params.push(customer_abc); + } + + if (supplier_abc) { + conditions.push(`pr.supplier_abc = $${idx++}`); + params.push(supplier_abc); + } + + if (min_sales !== undefined) { + conditions.push(`pr.total_sales >= $${idx++}`); + params.push(min_sales); + } + + if (min_purchases !== undefined) { + conditions.push(`pr.total_purchases >= $${idx++}`); + params.push(min_purchases); + } + + const whereClause = conditions.join(' AND '); + + // Count total + const countResult = await this.partnerRepository.query( + `SELECT COUNT(*) as count FROM core.partner_rankings pr WHERE ${whereClause}`, + params + ); + + // Get data with pagination + const offset = (page - 1) * limit; + params.push(limit, offset); + + const data = await this.partnerRepository.query( + `SELECT pr.*, + p.name as partner_name + FROM core.partner_rankings pr + JOIN core.partners p ON pr.partner_id = p.id + WHERE ${whereClause} + ORDER BY pr.overall_score DESC NULLS LAST, pr.total_sales DESC + LIMIT $${idx} OFFSET $${idx + 1}`, + params + ); + + return { + data, + total: parseInt(countResult[0]?.count || '0', 10), + }; + } catch (error) { + logger.error('Error retrieving partner rankings', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get ranking for a specific partner + */ + async findPartnerRanking( + partnerId: string, + tenantId: string, + periodStart?: string, + periodEnd?: string + ): Promise { + try { + let sql = ` + SELECT pr.*, p.name as partner_name + FROM core.partner_rankings pr + JOIN core.partners p ON pr.partner_id = p.id + WHERE pr.partner_id = $1 AND pr.tenant_id = $2 + `; + const params: any[] = [partnerId, tenantId]; + + if (periodStart && periodEnd) { + sql += ` AND pr.period_start = $3 AND pr.period_end = $4`; + params.push(periodStart, periodEnd); + } else { + // Get most recent ranking + sql += ` ORDER BY pr.calculated_at DESC LIMIT 1`; + } + + const result = await this.partnerRepository.query(sql, params); + return result[0] || null; + } catch (error) { + logger.error('Error finding partner ranking', { + error: (error as Error).message, + partnerId, + tenantId, + }); + throw error; + } + } + + /** + * Get top partners (customers or suppliers) + */ + async getTopPartners( + tenantId: string, + type: 'customers' | 'suppliers', + limit: number = 10 + ): Promise { + try { + const orderColumn = type === 'customers' ? 'customer_rank' : 'supplier_rank'; + + const result = await this.partnerRepository.query( + `SELECT * FROM core.top_partners_view + WHERE tenant_id = $1 AND ${orderColumn} IS NOT NULL + ORDER BY ${orderColumn} ASC + LIMIT $2`, + [tenantId, limit] + ); + + return result; + } catch (error) { + logger.error('Error getting top partners', { + error: (error as Error).message, + tenantId, + type, + }); + throw error; + } + } + + /** + * Get ABC distribution summary + */ + async getABCDistribution( + tenantId: string, + type: 'customers' | 'suppliers', + companyId?: string + ): Promise<{ + A: { count: number; total_value: number; percentage: number }; + B: { count: number; total_value: number; percentage: number }; + C: { count: number; total_value: number; percentage: number }; + }> { + try { + const abcColumn = type === 'customers' ? 'customer_abc' : 'supplier_abc'; + const valueColumn = type === 'customers' ? 'total_sales_ytd' : 'total_purchases_ytd'; + + const whereClause = `tenant_id = $1 AND ${abcColumn} IS NOT NULL`; + const params: any[] = [tenantId]; + + const result = await this.partnerRepository.query( + `SELECT + ${abcColumn} as abc, + COUNT(*) as count, + COALESCE(SUM(${valueColumn}), 0) as total_value + FROM core.partners + WHERE ${whereClause} AND deleted_at IS NULL + GROUP BY ${abcColumn} + ORDER BY ${abcColumn}`, + params + ); + + // Calculate totals + const grandTotal = result.reduce((sum: number, r: any) => sum + parseFloat(r.total_value), 0); + + const distribution = { + A: { count: 0, total_value: 0, percentage: 0 }, + B: { count: 0, total_value: 0, percentage: 0 }, + C: { count: 0, total_value: 0, percentage: 0 }, + }; + + for (const row of result) { + const abc = row.abc as 'A' | 'B' | 'C'; + if (abc in distribution) { + distribution[abc] = { + count: parseInt(row.count, 10), + total_value: parseFloat(row.total_value), + percentage: grandTotal > 0 ? (parseFloat(row.total_value) / grandTotal) * 100 : 0, + }; + } + } + + return distribution; + } catch (error) { + logger.error('Error getting ABC distribution', { + error: (error as Error).message, + tenantId, + type, + }); + throw error; + } + } + + /** + * Get ranking history for a partner + */ + async getPartnerRankingHistory( + partnerId: string, + tenantId: string, + limit: number = 12 + ): Promise { + try { + const result = await this.partnerRepository.query( + `SELECT pr.*, p.name as partner_name + FROM core.partner_rankings pr + JOIN core.partners p ON pr.partner_id = p.id + WHERE pr.partner_id = $1 AND pr.tenant_id = $2 + ORDER BY pr.period_end DESC + LIMIT $3`, + [partnerId, tenantId, limit] + ); + + return result; + } catch (error) { + logger.error('Error getting partner ranking history', { + error: (error as Error).message, + partnerId, + tenantId, + }); + throw error; + } + } + + /** + * Get partners by ABC classification + */ + async findPartnersByABC( + tenantId: string, + abc: ABCClassification, + type: 'customers' | 'suppliers', + page: number = 1, + limit: number = 20 + ): Promise<{ data: TopPartner[]; total: number }> { + try { + const abcColumn = type === 'customers' ? 'customer_abc' : 'supplier_abc'; + const offset = (page - 1) * limit; + + const countResult = await this.partnerRepository.query( + `SELECT COUNT(*) as count FROM core.partners + WHERE tenant_id = $1 AND ${abcColumn} = $2 AND deleted_at IS NULL`, + [tenantId, abc] + ); + + const data = await this.partnerRepository.query( + `SELECT * FROM core.top_partners_view + WHERE tenant_id = $1 AND ${abcColumn} = $2 + ORDER BY ${type === 'customers' ? 'total_sales_ytd' : 'total_purchases_ytd'} DESC + LIMIT $3 OFFSET $4`, + [tenantId, abc, limit, offset] + ); + + return { + data, + total: parseInt(countResult[0]?.count || '0', 10), + }; + } catch (error) { + logger.error('Error finding partners by ABC', { + error: (error as Error).message, + tenantId, + abc, + type, + }); + throw error; + } + } +} + +export const rankingService = new RankingService(); diff --git a/backend/src/modules/projects/index.ts b/backend/src/modules/projects/index.ts new file mode 100644 index 0000000..8b83332 --- /dev/null +++ b/backend/src/modules/projects/index.ts @@ -0,0 +1,5 @@ +export * from './projects.service.js'; +export * from './tasks.service.js'; +export * from './timesheets.service.js'; +export * from './projects.controller.js'; +export { default as projectsRoutes } from './projects.routes.js'; diff --git a/backend/src/modules/projects/projects.controller.ts b/backend/src/modules/projects/projects.controller.ts new file mode 100644 index 0000000..403ee8d --- /dev/null +++ b/backend/src/modules/projects/projects.controller.ts @@ -0,0 +1,569 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { projectsService, CreateProjectDto, UpdateProjectDto, ProjectFilters } from './projects.service.js'; +import { tasksService, CreateTaskDto, UpdateTaskDto, TaskFilters } from './tasks.service.js'; +import { timesheetsService, CreateTimesheetDto, UpdateTimesheetDto, TimesheetFilters } from './timesheets.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Project schemas +const createProjectSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + name: z.string().min(1, 'El nombre es requerido').max(255), + code: z.string().max(50).optional(), + description: z.string().optional(), + manager_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + date_start: z.string().optional(), + date_end: z.string().optional(), + privacy: z.enum(['public', 'private', 'followers']).default('public'), + allow_timesheets: z.boolean().default(true), + color: z.string().max(20).optional(), +}); + +const updateProjectSchema = z.object({ + name: z.string().min(1).max(255).optional(), + code: z.string().max(50).optional().nullable(), + description: z.string().optional().nullable(), + manager_id: z.string().uuid().optional().nullable(), + partner_id: z.string().uuid().optional().nullable(), + date_start: z.string().optional().nullable(), + date_end: z.string().optional().nullable(), + status: z.enum(['draft', 'active', 'completed', 'cancelled', 'on_hold']).optional(), + privacy: z.enum(['public', 'private', 'followers']).optional(), + allow_timesheets: z.boolean().optional(), + color: z.string().max(20).optional().nullable(), +}); + +const projectQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + manager_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + status: z.enum(['draft', 'active', 'completed', 'cancelled', 'on_hold']).optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Task schemas +const createTaskSchema = z.object({ + project_id: z.string().uuid({ message: 'El proyecto es requerido' }), + stage_id: z.string().uuid().optional(), + name: z.string().min(1, 'El nombre es requerido').max(255), + description: z.string().optional(), + assigned_to: z.string().uuid().optional(), + parent_id: z.string().uuid().optional(), + date_deadline: z.string().optional(), + estimated_hours: z.number().positive().optional(), + priority: z.enum(['low', 'normal', 'high', 'urgent']).default('normal'), + color: z.string().max(20).optional(), +}); + +const updateTaskSchema = z.object({ + stage_id: z.string().uuid().optional().nullable(), + name: z.string().min(1).max(255).optional(), + description: z.string().optional().nullable(), + assigned_to: z.string().uuid().optional().nullable(), + parent_id: z.string().uuid().optional().nullable(), + date_deadline: z.string().optional().nullable(), + estimated_hours: z.number().positive().optional().nullable(), + priority: z.enum(['low', 'normal', 'high', 'urgent']).optional(), + status: z.enum(['todo', 'in_progress', 'review', 'done', 'cancelled']).optional(), + sequence: z.number().int().positive().optional(), + color: z.string().max(20).optional().nullable(), +}); + +const taskQuerySchema = z.object({ + project_id: z.string().uuid().optional(), + stage_id: z.string().uuid().optional(), + assigned_to: z.string().uuid().optional(), + status: z.enum(['todo', 'in_progress', 'review', 'done', 'cancelled']).optional(), + priority: z.enum(['low', 'normal', 'high', 'urgent']).optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +const moveTaskSchema = z.object({ + stage_id: z.string().uuid().nullable(), + sequence: z.number().int().positive(), +}); + +const assignTaskSchema = z.object({ + user_id: z.string().uuid({ message: 'El usuario es requerido' }), +}); + +// Timesheet schemas +const createTimesheetSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + project_id: z.string().uuid({ message: 'El proyecto es requerido' }), + task_id: z.string().uuid().optional(), + date: z.string({ message: 'La fecha es requerida' }), + hours: z.number().positive('Las horas deben ser positivas').max(24), + description: z.string().optional(), + billable: z.boolean().default(true), +}); + +const updateTimesheetSchema = z.object({ + task_id: z.string().uuid().optional().nullable(), + date: z.string().optional(), + hours: z.number().positive().max(24).optional(), + description: z.string().optional().nullable(), + billable: z.boolean().optional(), +}); + +const timesheetQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + project_id: z.string().uuid().optional(), + task_id: z.string().uuid().optional(), + user_id: z.string().uuid().optional(), + status: z.enum(['draft', 'submitted', 'approved', 'rejected']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class ProjectsController { + // ========== PROJECTS ========== + async getProjects(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = projectQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: ProjectFilters = queryResult.data; + const result = await projectsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getProject(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const project = await projectsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: project }); + } catch (error) { + next(error); + } + } + + async createProject(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createProjectSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de proyecto inválidos', parseResult.error.errors); + } + + const dto: CreateProjectDto = parseResult.data; + const project = await projectsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: project, + message: 'Proyecto creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateProject(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateProjectSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de proyecto inválidos', parseResult.error.errors); + } + + const dto: UpdateProjectDto = parseResult.data; + const project = await projectsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: project, + message: 'Proyecto actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteProject(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await projectsService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Proyecto eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async getProjectStats(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const stats = await projectsService.getStats(req.params.id, req.tenantId!); + res.json({ success: true, data: stats }); + } catch (error) { + next(error); + } + } + + async getProjectTasks(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = taskQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TaskFilters = { ...queryResult.data, project_id: req.params.id }; + const result = await tasksService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getProjectTimesheets(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = timesheetQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TimesheetFilters = { ...queryResult.data, project_id: req.params.id }; + const result = await timesheetsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + // ========== TASKS ========== + async getTasks(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = taskQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TaskFilters = queryResult.data; + const result = await tasksService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const task = await tasksService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: task }); + } catch (error) { + next(error); + } + } + + async createTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createTaskSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de tarea inválidos', parseResult.error.errors); + } + + const dto: CreateTaskDto = parseResult.data; + const task = await tasksService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: task, + message: 'Tarea creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateTaskSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de tarea inválidos', parseResult.error.errors); + } + + const dto: UpdateTaskDto = parseResult.data; + const task = await tasksService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: task, + message: 'Tarea actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await tasksService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Tarea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async moveTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = moveTaskSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de movimiento inválidos', parseResult.error.errors); + } + + const { stage_id, sequence } = parseResult.data; + const task = await tasksService.move(req.params.id, stage_id, sequence, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: task, + message: 'Tarea movida exitosamente', + }); + } catch (error) { + next(error); + } + } + + async assignTask(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = assignTaskSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de asignación inválidos', parseResult.error.errors); + } + + const { user_id } = parseResult.data; + const task = await tasksService.assign(req.params.id, user_id, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: task, + message: 'Tarea asignada exitosamente', + }); + } catch (error) { + next(error); + } + } + + // ========== TIMESHEETS ========== + async getTimesheets(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = timesheetQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TimesheetFilters = queryResult.data; + const result = await timesheetsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const timesheet = await timesheetsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: timesheet }); + } catch (error) { + next(error); + } + } + + async createTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createTimesheetSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de timesheet inválidos', parseResult.error.errors); + } + + const dto: CreateTimesheetDto = parseResult.data; + const timesheet = await timesheetsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: timesheet, + message: 'Tiempo registrado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateTimesheetSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de timesheet inválidos', parseResult.error.errors); + } + + const dto: UpdateTimesheetDto = parseResult.data; + const timesheet = await timesheetsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: timesheet, + message: 'Timesheet actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await timesheetsService.delete(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, message: 'Timesheet eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async submitTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const timesheet = await timesheetsService.submit(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: timesheet, + message: 'Timesheet enviado para aprobación', + }); + } catch (error) { + next(error); + } + } + + async approveTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const timesheet = await timesheetsService.approve(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: timesheet, + message: 'Timesheet aprobado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async rejectTimesheet(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const timesheet = await timesheetsService.reject(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: timesheet, + message: 'Timesheet rechazado', + }); + } catch (error) { + next(error); + } + } + + async getMyTimesheets(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = timesheetQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TimesheetFilters = queryResult.data; + const result = await timesheetsService.getMyTimesheets(req.tenantId!, req.user!.userId, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getPendingApprovals(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = timesheetQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: TimesheetFilters = queryResult.data; + const result = await timesheetsService.getPendingApprovals(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } +} + +export const projectsController = new ProjectsController(); diff --git a/backend/src/modules/projects/projects.routes.ts b/backend/src/modules/projects/projects.routes.ts new file mode 100644 index 0000000..e5e9f2a --- /dev/null +++ b/backend/src/modules/projects/projects.routes.ts @@ -0,0 +1,75 @@ +import { Router } from 'express'; +import { projectsController } from './projects.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== PROJECTS ========== +router.get('/', (req, res, next) => projectsController.getProjects(req, res, next)); + +router.get('/:id', (req, res, next) => projectsController.getProject(req, res, next)); + +router.post('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + projectsController.createProject(req, res, next) +); + +router.put('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + projectsController.updateProject(req, res, next) +); + +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + projectsController.deleteProject(req, res, next) +); + +router.get('/:id/stats', (req, res, next) => projectsController.getProjectStats(req, res, next)); + +router.get('/:id/tasks', (req, res, next) => projectsController.getProjectTasks(req, res, next)); + +router.get('/:id/timesheets', (req, res, next) => projectsController.getProjectTimesheets(req, res, next)); + +// ========== TASKS ========== +router.get('/tasks/all', (req, res, next) => projectsController.getTasks(req, res, next)); + +router.get('/tasks/:id', (req, res, next) => projectsController.getTask(req, res, next)); + +router.post('/tasks', (req, res, next) => projectsController.createTask(req, res, next)); + +router.put('/tasks/:id', (req, res, next) => projectsController.updateTask(req, res, next)); + +router.delete('/tasks/:id', (req, res, next) => projectsController.deleteTask(req, res, next)); + +router.post('/tasks/:id/move', (req, res, next) => projectsController.moveTask(req, res, next)); + +router.post('/tasks/:id/assign', (req, res, next) => projectsController.assignTask(req, res, next)); + +// ========== TIMESHEETS ========== +router.get('/timesheets/all', (req, res, next) => projectsController.getTimesheets(req, res, next)); + +router.get('/timesheets/me', (req, res, next) => projectsController.getMyTimesheets(req, res, next)); + +router.get('/timesheets/pending', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + projectsController.getPendingApprovals(req, res, next) +); + +router.get('/timesheets/:id', (req, res, next) => projectsController.getTimesheet(req, res, next)); + +router.post('/timesheets', (req, res, next) => projectsController.createTimesheet(req, res, next)); + +router.put('/timesheets/:id', (req, res, next) => projectsController.updateTimesheet(req, res, next)); + +router.delete('/timesheets/:id', (req, res, next) => projectsController.deleteTimesheet(req, res, next)); + +router.post('/timesheets/:id/submit', (req, res, next) => projectsController.submitTimesheet(req, res, next)); + +router.post('/timesheets/:id/approve', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + projectsController.approveTimesheet(req, res, next) +); + +router.post('/timesheets/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + projectsController.rejectTimesheet(req, res, next) +); + +export default router; diff --git a/backend/src/modules/projects/projects.service.ts b/backend/src/modules/projects/projects.service.ts new file mode 100644 index 0000000..136c8c0 --- /dev/null +++ b/backend/src/modules/projects/projects.service.ts @@ -0,0 +1,309 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export interface Project { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code?: string; + description?: string; + manager_id?: string; + manager_name?: string; + partner_id?: string; + partner_name?: string; + analytic_account_id?: string; + date_start?: Date; + date_end?: Date; + status: 'draft' | 'active' | 'completed' | 'cancelled' | 'on_hold'; + privacy: 'public' | 'private' | 'followers'; + allow_timesheets: boolean; + color?: string; + task_count?: number; + completed_task_count?: number; + created_at: Date; +} + +export interface CreateProjectDto { + company_id: string; + name: string; + code?: string; + description?: string; + manager_id?: string; + partner_id?: string; + date_start?: string; + date_end?: string; + privacy?: 'public' | 'private' | 'followers'; + allow_timesheets?: boolean; + color?: string; +} + +export interface UpdateProjectDto { + name?: string; + code?: string | null; + description?: string | null; + manager_id?: string | null; + partner_id?: string | null; + date_start?: string | null; + date_end?: string | null; + status?: 'draft' | 'active' | 'completed' | 'cancelled' | 'on_hold'; + privacy?: 'public' | 'private' | 'followers'; + allow_timesheets?: boolean; + color?: string | null; +} + +export interface ProjectFilters { + company_id?: string; + manager_id?: string; + partner_id?: string; + status?: string; + search?: string; + page?: number; + limit?: number; +} + +class ProjectsService { + async findAll(tenantId: string, filters: ProjectFilters = {}): Promise<{ data: Project[]; total: number }> { + const { company_id, manager_id, partner_id, status, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE p.tenant_id = $1 AND p.deleted_at IS NULL'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND p.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (manager_id) { + whereClause += ` AND p.manager_id = $${paramIndex++}`; + params.push(manager_id); + } + + if (partner_id) { + whereClause += ` AND p.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (status) { + whereClause += ` AND p.status = $${paramIndex++}`; + params.push(status); + } + + if (search) { + whereClause += ` AND (p.name ILIKE $${paramIndex} OR p.code ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM projects.projects p ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT p.*, + c.name as company_name, + u.name as manager_name, + pr.name as partner_name, + (SELECT COUNT(*) FROM projects.tasks t WHERE t.project_id = p.id AND t.deleted_at IS NULL) as task_count, + (SELECT COUNT(*) FROM projects.tasks t WHERE t.project_id = p.id AND t.status = 'done' AND t.deleted_at IS NULL) as completed_task_count + FROM projects.projects p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN auth.users u ON p.manager_id = u.id + LEFT JOIN core.partners pr ON p.partner_id = pr.id + ${whereClause} + ORDER BY p.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const project = await queryOne( + `SELECT p.*, + c.name as company_name, + u.name as manager_name, + pr.name as partner_name, + (SELECT COUNT(*) FROM projects.tasks t WHERE t.project_id = p.id AND t.deleted_at IS NULL) as task_count, + (SELECT COUNT(*) FROM projects.tasks t WHERE t.project_id = p.id AND t.status = 'done' AND t.deleted_at IS NULL) as completed_task_count + FROM projects.projects p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN auth.users u ON p.manager_id = u.id + LEFT JOIN core.partners pr ON p.partner_id = pr.id + WHERE p.id = $1 AND p.tenant_id = $2 AND p.deleted_at IS NULL`, + [id, tenantId] + ); + + if (!project) { + throw new NotFoundError('Proyecto no encontrado'); + } + + return project; + } + + async create(dto: CreateProjectDto, tenantId: string, userId: string): Promise { + // Check unique code if provided + if (dto.code) { + const existing = await queryOne( + `SELECT id FROM projects.projects WHERE company_id = $1 AND code = $2 AND deleted_at IS NULL`, + [dto.company_id, dto.code] + ); + + if (existing) { + throw new ConflictError('Ya existe un proyecto con ese código'); + } + } + + const project = await queryOne( + `INSERT INTO projects.projects ( + tenant_id, company_id, name, code, description, manager_id, partner_id, + date_start, date_end, privacy, allow_timesheets, color, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [ + tenantId, dto.company_id, dto.name, dto.code, dto.description, + dto.manager_id, dto.partner_id, dto.date_start, dto.date_end, + dto.privacy || 'public', dto.allow_timesheets ?? true, dto.color, userId + ] + ); + + return project!; + } + + async update(id: string, dto: UpdateProjectDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.code !== undefined) { + if (dto.code) { + const existingCode = await queryOne( + `SELECT id FROM projects.projects WHERE company_id = $1 AND code = $2 AND id != $3 AND deleted_at IS NULL`, + [existing.company_id, dto.code, id] + ); + if (existingCode) { + throw new ConflictError('Ya existe un proyecto con ese código'); + } + } + updateFields.push(`code = $${paramIndex++}`); + values.push(dto.code); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.manager_id !== undefined) { + updateFields.push(`manager_id = $${paramIndex++}`); + values.push(dto.manager_id); + } + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.date_start !== undefined) { + updateFields.push(`date_start = $${paramIndex++}`); + values.push(dto.date_start); + } + if (dto.date_end !== undefined) { + updateFields.push(`date_end = $${paramIndex++}`); + values.push(dto.date_end); + } + if (dto.status !== undefined) { + updateFields.push(`status = $${paramIndex++}`); + values.push(dto.status); + } + if (dto.privacy !== undefined) { + updateFields.push(`privacy = $${paramIndex++}`); + values.push(dto.privacy); + } + if (dto.allow_timesheets !== undefined) { + updateFields.push(`allow_timesheets = $${paramIndex++}`); + values.push(dto.allow_timesheets); + } + if (dto.color !== undefined) { + updateFields.push(`color = $${paramIndex++}`); + values.push(dto.color); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE projects.projects SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} AND deleted_at IS NULL`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Soft delete + await query( + `UPDATE projects.projects SET deleted_at = CURRENT_TIMESTAMP, deleted_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + } + + async getStats(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + const stats = await queryOne<{ + total_tasks: number; + completed_tasks: number; + in_progress_tasks: number; + total_hours: number; + total_milestones: number; + completed_milestones: number; + }>( + `SELECT + (SELECT COUNT(*) FROM projects.tasks WHERE project_id = $1 AND deleted_at IS NULL) as total_tasks, + (SELECT COUNT(*) FROM projects.tasks WHERE project_id = $1 AND status = 'done' AND deleted_at IS NULL) as completed_tasks, + (SELECT COUNT(*) FROM projects.tasks WHERE project_id = $1 AND status = 'in_progress' AND deleted_at IS NULL) as in_progress_tasks, + (SELECT COALESCE(SUM(hours), 0) FROM projects.timesheets WHERE project_id = $1) as total_hours, + (SELECT COUNT(*) FROM projects.milestones WHERE project_id = $1) as total_milestones, + (SELECT COUNT(*) FROM projects.milestones WHERE project_id = $1 AND status = 'completed') as completed_milestones`, + [id] + ); + + return { + total_tasks: parseInt(String(stats?.total_tasks || 0)), + completed_tasks: parseInt(String(stats?.completed_tasks || 0)), + in_progress_tasks: parseInt(String(stats?.in_progress_tasks || 0)), + completion_percentage: stats?.total_tasks + ? Math.round((parseInt(String(stats.completed_tasks)) / parseInt(String(stats.total_tasks))) * 100) + : 0, + total_hours: parseFloat(String(stats?.total_hours || 0)), + total_milestones: parseInt(String(stats?.total_milestones || 0)), + completed_milestones: parseInt(String(stats?.completed_milestones || 0)), + }; + } +} + +export const projectsService = new ProjectsService(); diff --git a/backend/src/modules/projects/tasks.service.ts b/backend/src/modules/projects/tasks.service.ts new file mode 100644 index 0000000..fc47bed --- /dev/null +++ b/backend/src/modules/projects/tasks.service.ts @@ -0,0 +1,293 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export interface Task { + id: string; + tenant_id: string; + project_id: string; + project_name?: string; + stage_id?: string; + stage_name?: string; + name: string; + description?: string; + assigned_to?: string; + assigned_name?: string; + parent_id?: string; + parent_name?: string; + date_deadline?: Date; + estimated_hours?: number; + spent_hours?: number; + priority: 'low' | 'normal' | 'high' | 'urgent'; + status: 'todo' | 'in_progress' | 'review' | 'done' | 'cancelled'; + sequence: number; + color?: string; + created_at: Date; +} + +export interface CreateTaskDto { + project_id: string; + stage_id?: string; + name: string; + description?: string; + assigned_to?: string; + parent_id?: string; + date_deadline?: string; + estimated_hours?: number; + priority?: 'low' | 'normal' | 'high' | 'urgent'; + color?: string; +} + +export interface UpdateTaskDto { + stage_id?: string | null; + name?: string; + description?: string | null; + assigned_to?: string | null; + parent_id?: string | null; + date_deadline?: string | null; + estimated_hours?: number | null; + priority?: 'low' | 'normal' | 'high' | 'urgent'; + status?: 'todo' | 'in_progress' | 'review' | 'done' | 'cancelled'; + sequence?: number; + color?: string | null; +} + +export interface TaskFilters { + project_id?: string; + stage_id?: string; + assigned_to?: string; + status?: string; + priority?: string; + search?: string; + page?: number; + limit?: number; +} + +class TasksService { + async findAll(tenantId: string, filters: TaskFilters = {}): Promise<{ data: Task[]; total: number }> { + const { project_id, stage_id, assigned_to, status, priority, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE t.tenant_id = $1 AND t.deleted_at IS NULL'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (project_id) { + whereClause += ` AND t.project_id = $${paramIndex++}`; + params.push(project_id); + } + + if (stage_id) { + whereClause += ` AND t.stage_id = $${paramIndex++}`; + params.push(stage_id); + } + + if (assigned_to) { + whereClause += ` AND t.assigned_to = $${paramIndex++}`; + params.push(assigned_to); + } + + if (status) { + whereClause += ` AND t.status = $${paramIndex++}`; + params.push(status); + } + + if (priority) { + whereClause += ` AND t.priority = $${paramIndex++}`; + params.push(priority); + } + + if (search) { + whereClause += ` AND t.name ILIKE $${paramIndex}`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM projects.tasks t ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT t.*, + p.name as project_name, + ps.name as stage_name, + u.name as assigned_name, + pt.name as parent_name, + COALESCE((SELECT SUM(hours) FROM projects.timesheets WHERE task_id = t.id), 0) as spent_hours + FROM projects.tasks t + LEFT JOIN projects.projects p ON t.project_id = p.id + LEFT JOIN projects.project_stages ps ON t.stage_id = ps.id + LEFT JOIN auth.users u ON t.assigned_to = u.id + LEFT JOIN projects.tasks pt ON t.parent_id = pt.id + ${whereClause} + ORDER BY t.sequence, t.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const task = await queryOne( + `SELECT t.*, + p.name as project_name, + ps.name as stage_name, + u.name as assigned_name, + pt.name as parent_name, + COALESCE((SELECT SUM(hours) FROM projects.timesheets WHERE task_id = t.id), 0) as spent_hours + FROM projects.tasks t + LEFT JOIN projects.projects p ON t.project_id = p.id + LEFT JOIN projects.project_stages ps ON t.stage_id = ps.id + LEFT JOIN auth.users u ON t.assigned_to = u.id + LEFT JOIN projects.tasks pt ON t.parent_id = pt.id + WHERE t.id = $1 AND t.tenant_id = $2 AND t.deleted_at IS NULL`, + [id, tenantId] + ); + + if (!task) { + throw new NotFoundError('Tarea no encontrada'); + } + + return task; + } + + async create(dto: CreateTaskDto, tenantId: string, userId: string): Promise { + // Get next sequence for project + const seqResult = await queryOne<{ max_seq: number }>( + `SELECT COALESCE(MAX(sequence), 0) + 1 as max_seq FROM projects.tasks WHERE project_id = $1 AND deleted_at IS NULL`, + [dto.project_id] + ); + + const task = await queryOne( + `INSERT INTO projects.tasks ( + tenant_id, project_id, stage_id, name, description, assigned_to, parent_id, + date_deadline, estimated_hours, priority, sequence, color, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [ + tenantId, dto.project_id, dto.stage_id, dto.name, dto.description, + dto.assigned_to, dto.parent_id, dto.date_deadline, dto.estimated_hours, + dto.priority || 'normal', seqResult?.max_seq || 1, dto.color, userId + ] + ); + + return task!; + } + + async update(id: string, dto: UpdateTaskDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.stage_id !== undefined) { + updateFields.push(`stage_id = $${paramIndex++}`); + values.push(dto.stage_id); + } + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.assigned_to !== undefined) { + updateFields.push(`assigned_to = $${paramIndex++}`); + values.push(dto.assigned_to); + } + if (dto.parent_id !== undefined) { + if (dto.parent_id === id) { + throw new ValidationError('Una tarea no puede ser su propio padre'); + } + updateFields.push(`parent_id = $${paramIndex++}`); + values.push(dto.parent_id); + } + if (dto.date_deadline !== undefined) { + updateFields.push(`date_deadline = $${paramIndex++}`); + values.push(dto.date_deadline); + } + if (dto.estimated_hours !== undefined) { + updateFields.push(`estimated_hours = $${paramIndex++}`); + values.push(dto.estimated_hours); + } + if (dto.priority !== undefined) { + updateFields.push(`priority = $${paramIndex++}`); + values.push(dto.priority); + } + if (dto.status !== undefined) { + updateFields.push(`status = $${paramIndex++}`); + values.push(dto.status); + } + if (dto.sequence !== undefined) { + updateFields.push(`sequence = $${paramIndex++}`); + values.push(dto.sequence); + } + if (dto.color !== undefined) { + updateFields.push(`color = $${paramIndex++}`); + values.push(dto.color); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE projects.tasks SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex} AND deleted_at IS NULL`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + // Soft delete + await query( + `UPDATE projects.tasks SET deleted_at = CURRENT_TIMESTAMP, deleted_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + } + + async move(id: string, stageId: string | null, sequence: number, tenantId: string, userId: string): Promise { + const task = await this.findById(id, tenantId); + + await query( + `UPDATE projects.tasks SET stage_id = $1, sequence = $2, updated_by = $3, updated_at = CURRENT_TIMESTAMP + WHERE id = $4 AND tenant_id = $5`, + [stageId, sequence, userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async assign(id: string, userId: string, tenantId: string, currentUserId: string): Promise { + await this.findById(id, tenantId); + + await query( + `UPDATE projects.tasks SET assigned_to = $1, updated_by = $2, updated_at = CURRENT_TIMESTAMP + WHERE id = $3 AND tenant_id = $4`, + [userId, currentUserId, id, tenantId] + ); + + return this.findById(id, tenantId); + } +} + +export const tasksService = new TasksService(); diff --git a/backend/src/modules/projects/timesheets.service.ts b/backend/src/modules/projects/timesheets.service.ts new file mode 100644 index 0000000..7a7fe9a --- /dev/null +++ b/backend/src/modules/projects/timesheets.service.ts @@ -0,0 +1,302 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export interface Timesheet { + id: string; + tenant_id: string; + company_id: string; + project_id: string; + project_name?: string; + task_id?: string; + task_name?: string; + user_id: string; + user_name?: string; + date: Date; + hours: number; + description?: string; + billable: boolean; + status: 'draft' | 'submitted' | 'approved' | 'rejected'; + created_at: Date; +} + +export interface CreateTimesheetDto { + company_id: string; + project_id: string; + task_id?: string; + date: string; + hours: number; + description?: string; + billable?: boolean; +} + +export interface UpdateTimesheetDto { + task_id?: string | null; + date?: string; + hours?: number; + description?: string | null; + billable?: boolean; +} + +export interface TimesheetFilters { + company_id?: string; + project_id?: string; + task_id?: string; + user_id?: string; + status?: string; + date_from?: string; + date_to?: string; + page?: number; + limit?: number; +} + +class TimesheetsService { + async findAll(tenantId: string, filters: TimesheetFilters = {}): Promise<{ data: Timesheet[]; total: number }> { + const { company_id, project_id, task_id, user_id, status, date_from, date_to, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE ts.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND ts.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (project_id) { + whereClause += ` AND ts.project_id = $${paramIndex++}`; + params.push(project_id); + } + + if (task_id) { + whereClause += ` AND ts.task_id = $${paramIndex++}`; + params.push(task_id); + } + + if (user_id) { + whereClause += ` AND ts.user_id = $${paramIndex++}`; + params.push(user_id); + } + + if (status) { + whereClause += ` AND ts.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND ts.date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND ts.date <= $${paramIndex++}`; + params.push(date_to); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM projects.timesheets ts ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT ts.*, + p.name as project_name, + t.name as task_name, + u.name as user_name + FROM projects.timesheets ts + LEFT JOIN projects.projects p ON ts.project_id = p.id + LEFT JOIN projects.tasks t ON ts.task_id = t.id + LEFT JOIN auth.users u ON ts.user_id = u.id + ${whereClause} + ORDER BY ts.date DESC, ts.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const timesheet = await queryOne( + `SELECT ts.*, + p.name as project_name, + t.name as task_name, + u.name as user_name + FROM projects.timesheets ts + LEFT JOIN projects.projects p ON ts.project_id = p.id + LEFT JOIN projects.tasks t ON ts.task_id = t.id + LEFT JOIN auth.users u ON ts.user_id = u.id + WHERE ts.id = $1 AND ts.tenant_id = $2`, + [id, tenantId] + ); + + if (!timesheet) { + throw new NotFoundError('Timesheet no encontrado'); + } + + return timesheet; + } + + async create(dto: CreateTimesheetDto, tenantId: string, userId: string): Promise { + if (dto.hours <= 0 || dto.hours > 24) { + throw new ValidationError('Las horas deben estar entre 0 y 24'); + } + + const timesheet = await queryOne( + `INSERT INTO projects.timesheets ( + tenant_id, company_id, project_id, task_id, user_id, date, + hours, description, billable, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, dto.company_id, dto.project_id, dto.task_id, userId, + dto.date, dto.hours, dto.description, dto.billable ?? true, userId + ] + ); + + return timesheet!; + } + + async update(id: string, dto: UpdateTimesheetDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar timesheets en estado borrador'); + } + + if (existing.user_id !== userId) { + throw new ValidationError('Solo puedes editar tus propios timesheets'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.task_id !== undefined) { + updateFields.push(`task_id = $${paramIndex++}`); + values.push(dto.task_id); + } + if (dto.date !== undefined) { + updateFields.push(`date = $${paramIndex++}`); + values.push(dto.date); + } + if (dto.hours !== undefined) { + if (dto.hours <= 0 || dto.hours > 24) { + throw new ValidationError('Las horas deben estar entre 0 y 24'); + } + updateFields.push(`hours = $${paramIndex++}`); + values.push(dto.hours); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.billable !== undefined) { + updateFields.push(`billable = $${paramIndex++}`); + values.push(dto.billable); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE projects.timesheets SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar timesheets en estado borrador'); + } + + if (existing.user_id !== userId) { + throw new ValidationError('Solo puedes eliminar tus propios timesheets'); + } + + await query( + `DELETE FROM projects.timesheets WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async submit(id: string, tenantId: string, userId: string): Promise { + const timesheet = await this.findById(id, tenantId); + + if (timesheet.status !== 'draft') { + throw new ValidationError('Solo se pueden enviar timesheets en estado borrador'); + } + + if (timesheet.user_id !== userId) { + throw new ValidationError('Solo puedes enviar tus propios timesheets'); + } + + await query( + `UPDATE projects.timesheets SET status = 'submitted', updated_by = $1, updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async approve(id: string, tenantId: string, userId: string): Promise { + const timesheet = await this.findById(id, tenantId); + + if (timesheet.status !== 'submitted') { + throw new ValidationError('Solo se pueden aprobar timesheets enviados'); + } + + await query( + `UPDATE projects.timesheets SET status = 'approved', approved_by = $1, approved_at = CURRENT_TIMESTAMP, + updated_by = $1, updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async reject(id: string, tenantId: string, userId: string): Promise { + const timesheet = await this.findById(id, tenantId); + + if (timesheet.status !== 'submitted') { + throw new ValidationError('Solo se pueden rechazar timesheets enviados'); + } + + await query( + `UPDATE projects.timesheets SET status = 'rejected', updated_by = $1, updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async getMyTimesheets(tenantId: string, userId: string, filters: TimesheetFilters = {}): Promise<{ data: Timesheet[]; total: number }> { + return this.findAll(tenantId, { ...filters, user_id: userId }); + } + + async getPendingApprovals(tenantId: string, filters: TimesheetFilters = {}): Promise<{ data: Timesheet[]; total: number }> { + return this.findAll(tenantId, { ...filters, status: 'submitted' }); + } +} + +export const timesheetsService = new TimesheetsService(); diff --git a/backend/src/modules/purchases/index.ts b/backend/src/modules/purchases/index.ts new file mode 100644 index 0000000..2d12553 --- /dev/null +++ b/backend/src/modules/purchases/index.ts @@ -0,0 +1,4 @@ +export * from './purchases.service.js'; +export * from './rfqs.service.js'; +export * from './purchases.controller.js'; +export { default as purchasesRoutes } from './purchases.routes.js'; diff --git a/backend/src/modules/purchases/purchases.controller.ts b/backend/src/modules/purchases/purchases.controller.ts new file mode 100644 index 0000000..ff3283c --- /dev/null +++ b/backend/src/modules/purchases/purchases.controller.ts @@ -0,0 +1,352 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { purchasesService, CreatePurchaseOrderDto, UpdatePurchaseOrderDto, PurchaseOrderFilters } from './purchases.service.js'; +import { rfqsService, CreateRfqDto, UpdateRfqDto, CreateRfqLineDto, UpdateRfqLineDto, RfqFilters } from './rfqs.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +const orderLineSchema = z.object({ + product_id: z.string().uuid(), + description: z.string().min(1), + quantity: z.number().positive(), + uom_id: z.string().uuid(), + price_unit: z.number().min(0), + discount: z.number().min(0).max(100).default(0), + amount_untaxed: z.number().min(0), +}); + +const createOrderSchema = z.object({ + company_id: z.string().uuid(), + name: z.string().min(1).max(100), + ref: z.string().max(100).optional(), + partner_id: z.string().uuid(), + order_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + expected_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + currency_id: z.string().uuid(), + payment_term_id: z.string().uuid().optional(), + notes: z.string().optional(), + lines: z.array(orderLineSchema).min(1), +}); + +const updateOrderSchema = z.object({ + ref: z.string().max(100).optional().nullable(), + partner_id: z.string().uuid().optional(), + order_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + expected_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + currency_id: z.string().uuid().optional(), + payment_term_id: z.string().uuid().optional().nullable(), + notes: z.string().optional().nullable(), + lines: z.array(orderLineSchema).min(1).optional(), +}); + +const querySchema = z.object({ + company_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + status: z.enum(['draft', 'sent', 'confirmed', 'done', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// ========== RFQ SCHEMAS ========== +const rfqLineSchema = z.object({ + product_id: z.string().uuid().optional(), + description: z.string().min(1), + quantity: z.number().positive(), + uom_id: z.string().uuid(), +}); + +const createRfqSchema = z.object({ + company_id: z.string().uuid(), + partner_ids: z.array(z.string().uuid()).min(1), + request_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + deadline_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + description: z.string().optional(), + notes: z.string().optional(), + lines: z.array(rfqLineSchema).min(1), +}); + +const updateRfqSchema = z.object({ + partner_ids: z.array(z.string().uuid()).min(1).optional(), + deadline_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional().nullable(), + description: z.string().optional().nullable(), + notes: z.string().optional().nullable(), +}); + +const createRfqLineSchema = z.object({ + product_id: z.string().uuid().optional(), + description: z.string().min(1), + quantity: z.number().positive(), + uom_id: z.string().uuid(), +}); + +const updateRfqLineSchema = z.object({ + product_id: z.string().uuid().optional().nullable(), + description: z.string().min(1).optional(), + quantity: z.number().positive().optional(), + uom_id: z.string().uuid().optional(), +}); + +const rfqQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + status: z.enum(['draft', 'sent', 'responded', 'accepted', 'rejected', 'cancelled']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class PurchasesController { + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = querySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: PurchaseOrderFilters = queryResult.data; + const result = await purchasesService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await purchasesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: order }); + } catch (error) { + next(error); + } + } + + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createOrderSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de orden inválidos', parseResult.error.errors); + } + + const dto: CreatePurchaseOrderDto = parseResult.data; + const order = await purchasesService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: order, + message: 'Orden de compra creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateOrderSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de orden inválidos', parseResult.error.errors); + } + + const dto: UpdatePurchaseOrderDto = parseResult.data; + const order = await purchasesService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: order, + message: 'Orden de compra actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async confirm(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await purchasesService.confirm(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: order, message: 'Orden de compra confirmada exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancel(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await purchasesService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: order, message: 'Orden de compra cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await purchasesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Orden de compra eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== RFQs ========== + async getRfqs(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = rfqQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: RfqFilters = queryResult.data; + const result = await rfqsService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 20)) }, + }); + } catch (error) { + next(error); + } + } + + async getRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: rfq }); + } catch (error) { + next(error); + } + } + + async createRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createRfqSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de RFQ inválidos', parseResult.error.errors); + } + const dto: CreateRfqDto = parseResult.data; + const rfq = await rfqsService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: rfq, message: 'Solicitud de cotización creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateRfqSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de RFQ inválidos', parseResult.error.errors); + } + const dto: UpdateRfqDto = parseResult.data; + const rfq = await rfqsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud de cotización actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async addRfqLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createRfqLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + const dto: CreateRfqLineDto = parseResult.data; + const line = await rfqsService.addLine(req.params.id, dto, req.tenantId!); + res.status(201).json({ success: true, data: line, message: 'Línea agregada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateRfqLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateRfqLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + const dto: UpdateRfqLineDto = parseResult.data; + const line = await rfqsService.updateLine(req.params.id, req.params.lineId, dto, req.tenantId!); + res.json({ success: true, data: line, message: 'Línea actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async removeRfqLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await rfqsService.removeLine(req.params.id, req.params.lineId, req.tenantId!); + res.json({ success: true, message: 'Línea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async sendRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.send(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud enviada exitosamente' }); + } catch (error) { + next(error); + } + } + + async markRfqResponded(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.markResponded(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud marcada como respondida' }); + } catch (error) { + next(error); + } + } + + async acceptRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.accept(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud aceptada exitosamente' }); + } catch (error) { + next(error); + } + } + + async rejectRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.reject(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud rechazada exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const rfq = await rfqsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: rfq, message: 'Solicitud cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteRfq(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await rfqsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Solicitud eliminada exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const purchasesController = new PurchasesController(); diff --git a/backend/src/modules/purchases/purchases.routes.ts b/backend/src/modules/purchases/purchases.routes.ts new file mode 100644 index 0000000..64e25df --- /dev/null +++ b/backend/src/modules/purchases/purchases.routes.ts @@ -0,0 +1,90 @@ +import { Router } from 'express'; +import { purchasesController } from './purchases.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// List purchase orders +router.get('/', requireRoles('admin', 'manager', 'warehouse', 'accountant', 'super_admin'), (req, res, next) => + purchasesController.findAll(req, res, next) +); + +// Get purchase order by ID +router.get('/:id', requireRoles('admin', 'manager', 'warehouse', 'accountant', 'super_admin'), (req, res, next) => + purchasesController.findById(req, res, next) +); + +// Create purchase order +router.post('/', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.create(req, res, next) +); + +// Update purchase order +router.put('/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.update(req, res, next) +); + +// Confirm purchase order +router.post('/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.confirm(req, res, next) +); + +// Cancel purchase order +router.post('/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.cancel(req, res, next) +); + +// Delete purchase order +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + purchasesController.delete(req, res, next) +); + +// ========== RFQs (Request for Quotation) ========== +router.get('/rfqs', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.getRfqs(req, res, next) +); +router.get('/rfqs/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.getRfq(req, res, next) +); +router.post('/rfqs', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.createRfq(req, res, next) +); +router.put('/rfqs/:id', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.updateRfq(req, res, next) +); +router.delete('/rfqs/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + purchasesController.deleteRfq(req, res, next) +); + +// RFQ Lines +router.post('/rfqs/:id/lines', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.addRfqLine(req, res, next) +); +router.put('/rfqs/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.updateRfqLine(req, res, next) +); +router.delete('/rfqs/:id/lines/:lineId', requireRoles('admin', 'manager', 'warehouse', 'super_admin'), (req, res, next) => + purchasesController.removeRfqLine(req, res, next) +); + +// RFQ Workflow +router.post('/rfqs/:id/send', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.sendRfq(req, res, next) +); +router.post('/rfqs/:id/responded', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.markRfqResponded(req, res, next) +); +router.post('/rfqs/:id/accept', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.acceptRfq(req, res, next) +); +router.post('/rfqs/:id/reject', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.rejectRfq(req, res, next) +); +router.post('/rfqs/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + purchasesController.cancelRfq(req, res, next) +); + +export default router; diff --git a/backend/src/modules/purchases/purchases.service.ts b/backend/src/modules/purchases/purchases.service.ts new file mode 100644 index 0000000..4a59f70 --- /dev/null +++ b/backend/src/modules/purchases/purchases.service.ts @@ -0,0 +1,386 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export type OrderStatus = 'draft' | 'sent' | 'confirmed' | 'done' | 'cancelled'; + +export interface PurchaseOrderLine { + id?: string; + product_id: string; + product_name?: string; + product_code?: string; + description: string; + quantity: number; + qty_received?: number; + qty_invoiced?: number; + uom_id: string; + uom_name?: string; + price_unit: number; + discount?: number; + amount_untaxed: number; + amount_tax?: number; + amount_total: number; + expected_date?: string; +} + +export interface PurchaseOrder { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + ref?: string; + partner_id: string; + partner_name?: string; + order_date: Date; + expected_date?: Date; + effective_date?: Date; + currency_id: string; + currency_code?: string; + payment_term_id?: string; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + status: OrderStatus; + receipt_status?: string; + invoice_status?: string; + notes?: string; + lines?: PurchaseOrderLine[]; + created_at: Date; + confirmed_at?: Date; +} + +export interface CreatePurchaseOrderDto { + company_id: string; + name: string; + ref?: string; + partner_id: string; + order_date: string; + expected_date?: string; + currency_id: string; + payment_term_id?: string; + notes?: string; + lines: Omit[]; +} + +export interface UpdatePurchaseOrderDto { + ref?: string | null; + partner_id?: string; + order_date?: string; + expected_date?: string | null; + currency_id?: string; + payment_term_id?: string | null; + notes?: string | null; + lines?: Omit[]; +} + +export interface PurchaseOrderFilters { + company_id?: string; + partner_id?: string; + status?: OrderStatus; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class PurchasesService { + async findAll(tenantId: string, filters: PurchaseOrderFilters = {}): Promise<{ data: PurchaseOrder[]; total: number }> { + const { company_id, partner_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE po.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND po.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (partner_id) { + whereClause += ` AND po.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (status) { + whereClause += ` AND po.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND po.order_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND po.order_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (po.name ILIKE $${paramIndex} OR po.ref ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM purchase.purchase_orders po ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT po.*, + c.name as company_name, + p.name as partner_name, + cur.code as currency_code + FROM purchase.purchase_orders po + LEFT JOIN auth.companies c ON po.company_id = c.id + LEFT JOIN core.partners p ON po.partner_id = p.id + LEFT JOIN core.currencies cur ON po.currency_id = cur.id + ${whereClause} + ORDER BY po.order_date DESC, po.name DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const order = await queryOne( + `SELECT po.*, + c.name as company_name, + p.name as partner_name, + cur.code as currency_code + FROM purchase.purchase_orders po + LEFT JOIN auth.companies c ON po.company_id = c.id + LEFT JOIN core.partners p ON po.partner_id = p.id + LEFT JOIN core.currencies cur ON po.currency_id = cur.id + WHERE po.id = $1 AND po.tenant_id = $2`, + [id, tenantId] + ); + + if (!order) { + throw new NotFoundError('Orden de compra no encontrada'); + } + + // Get lines + const lines = await query( + `SELECT pol.*, + pr.name as product_name, + pr.code as product_code, + u.name as uom_name + FROM purchase.purchase_order_lines pol + LEFT JOIN inventory.products pr ON pol.product_id = pr.id + LEFT JOIN core.uom u ON pol.uom_id = u.id + WHERE pol.order_id = $1 + ORDER BY pol.created_at`, + [id] + ); + + order.lines = lines; + + return order; + } + + async create(dto: CreatePurchaseOrderDto, tenantId: string, userId: string): Promise { + if (dto.lines.length === 0) { + throw new ValidationError('La orden de compra debe tener al menos una línea'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Calculate totals + let amountUntaxed = 0; + for (const line of dto.lines) { + const lineTotal = line.quantity * line.price_unit * (1 - (line.discount || 0) / 100); + amountUntaxed += lineTotal; + } + + // Create order + const orderResult = await client.query( + `INSERT INTO purchase.purchase_orders (tenant_id, company_id, name, ref, partner_id, order_date, expected_date, currency_id, payment_term_id, amount_untaxed, amount_total, notes, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.ref, dto.partner_id, dto.order_date, dto.expected_date, dto.currency_id, dto.payment_term_id, amountUntaxed, amountUntaxed, dto.notes, userId] + ); + const order = orderResult.rows[0] as PurchaseOrder; + + // Create lines (include tenant_id for multi-tenant security) + for (const line of dto.lines) { + const lineUntaxed = line.quantity * line.price_unit * (1 - (line.discount || 0) / 100); + await client.query( + `INSERT INTO purchase.purchase_order_lines (order_id, tenant_id, product_id, description, quantity, uom_id, price_unit, discount, amount_untaxed, amount_tax, amount_total, expected_date) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 0, $10, $11)`, + [order.id, tenantId, line.product_id, line.description, line.quantity, line.uom_id, line.price_unit, line.discount || 0, lineUntaxed, lineUntaxed, dto.expected_date] + ); + } + + await client.query('COMMIT'); + + return this.findById(order.id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async update(id: string, dto: UpdatePurchaseOrderDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ConflictError('Solo se pueden modificar órdenes en estado borrador'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Update order header + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.ref !== undefined) { + updateFields.push(`ref = $${paramIndex++}`); + values.push(dto.ref); + } + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.order_date !== undefined) { + updateFields.push(`order_date = $${paramIndex++}`); + values.push(dto.order_date); + } + if (dto.expected_date !== undefined) { + updateFields.push(`expected_date = $${paramIndex++}`); + values.push(dto.expected_date); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.payment_term_id !== undefined) { + updateFields.push(`payment_term_id = $${paramIndex++}`); + values.push(dto.payment_term_id); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id); + + if (updateFields.length > 2) { + await client.query( + `UPDATE purchase.purchase_orders SET ${updateFields.join(', ')} WHERE id = $${paramIndex}`, + values + ); + } + + // Update lines if provided + if (dto.lines) { + // Delete existing lines + await client.query(`DELETE FROM purchase.purchase_order_lines WHERE order_id = $1`, [id]); + + // Calculate totals and insert new lines + let amountUntaxed = 0; + for (const line of dto.lines) { + const lineUntaxed = line.quantity * line.price_unit * (1 - (line.discount || 0) / 100); + amountUntaxed += lineUntaxed; + + await client.query( + `INSERT INTO purchase.purchase_order_lines (order_id, tenant_id, product_id, description, quantity, uom_id, price_unit, discount, amount_untaxed, amount_tax, amount_total) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 0, $10)`, + [id, tenantId, line.product_id, line.description, line.quantity, line.uom_id, line.price_unit, line.discount || 0, lineUntaxed, lineUntaxed] + ); + } + + // Update order totals + await client.query( + `UPDATE purchase.purchase_orders SET amount_untaxed = $1, amount_total = $2 WHERE id = $3`, + [amountUntaxed, amountUntaxed, id] + ); + } + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async confirm(id: string, tenantId: string, userId: string): Promise { + const order = await this.findById(id, tenantId); + + if (order.status !== 'draft') { + throw new ConflictError('Solo se pueden confirmar órdenes en estado borrador'); + } + + if (!order.lines || order.lines.length === 0) { + throw new ValidationError('La orden debe tener al menos una línea para confirmar'); + } + + await query( + `UPDATE purchase.purchase_orders + SET status = 'confirmed', confirmed_at = CURRENT_TIMESTAMP, confirmed_by = $1, updated_at = CURRENT_TIMESTAMP, updated_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const order = await this.findById(id, tenantId); + + if (order.status === 'cancelled') { + throw new ConflictError('La orden ya está cancelada'); + } + + if (order.status === 'done') { + throw new ConflictError('No se puede cancelar una orden completada'); + } + + await query( + `UPDATE purchase.purchase_orders + SET status = 'cancelled', cancelled_at = CURRENT_TIMESTAMP, cancelled_by = $1, updated_at = CURRENT_TIMESTAMP, updated_by = $1 + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const order = await this.findById(id, tenantId); + + if (order.status !== 'draft') { + throw new ConflictError('Solo se pueden eliminar órdenes en estado borrador'); + } + + await query(`DELETE FROM purchase.purchase_orders WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const purchasesService = new PurchasesService(); diff --git a/backend/src/modules/purchases/rfqs.service.ts b/backend/src/modules/purchases/rfqs.service.ts new file mode 100644 index 0000000..8c2e72d --- /dev/null +++ b/backend/src/modules/purchases/rfqs.service.ts @@ -0,0 +1,485 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export type RfqStatus = 'draft' | 'sent' | 'responded' | 'accepted' | 'rejected' | 'cancelled'; + +export interface RfqLine { + id: string; + rfq_id: string; + product_id?: string; + product_name?: string; + product_code?: string; + description: string; + quantity: number; + uom_id: string; + uom_name?: string; + created_at: Date; +} + +export interface Rfq { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + partner_ids: string[]; + partner_names?: string[]; + request_date: Date; + deadline_date?: Date; + response_date?: Date; + status: RfqStatus; + description?: string; + notes?: string; + lines?: RfqLine[]; + created_at: Date; +} + +export interface CreateRfqLineDto { + product_id?: string; + description: string; + quantity: number; + uom_id: string; +} + +export interface CreateRfqDto { + company_id: string; + partner_ids: string[]; + request_date?: string; + deadline_date?: string; + description?: string; + notes?: string; + lines: CreateRfqLineDto[]; +} + +export interface UpdateRfqDto { + partner_ids?: string[]; + deadline_date?: string | null; + description?: string | null; + notes?: string | null; +} + +export interface UpdateRfqLineDto { + product_id?: string | null; + description?: string; + quantity?: number; + uom_id?: string; +} + +export interface RfqFilters { + company_id?: string; + status?: RfqStatus; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class RfqsService { + async findAll(tenantId: string, filters: RfqFilters = {}): Promise<{ data: Rfq[]; total: number }> { + const { company_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE r.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND r.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (status) { + whereClause += ` AND r.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND r.request_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND r.request_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (r.name ILIKE $${paramIndex} OR r.description ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM purchase.rfqs r ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT r.*, + c.name as company_name + FROM purchase.rfqs r + LEFT JOIN auth.companies c ON r.company_id = c.id + ${whereClause} + ORDER BY r.request_date DESC, r.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const rfq = await queryOne( + `SELECT r.*, + c.name as company_name + FROM purchase.rfqs r + LEFT JOIN auth.companies c ON r.company_id = c.id + WHERE r.id = $1 AND r.tenant_id = $2`, + [id, tenantId] + ); + + if (!rfq) { + throw new NotFoundError('Solicitud de cotización no encontrada'); + } + + // Get partner names + if (rfq.partner_ids && rfq.partner_ids.length > 0) { + const partners = await query<{ id: string; name: string }>( + `SELECT id, name FROM core.partners WHERE id = ANY($1)`, + [rfq.partner_ids] + ); + rfq.partner_names = partners.map(p => p.name); + } + + // Get lines + const lines = await query( + `SELECT rl.*, + pr.name as product_name, + pr.code as product_code, + u.name as uom_name + FROM purchase.rfq_lines rl + LEFT JOIN inventory.products pr ON rl.product_id = pr.id + LEFT JOIN core.uom u ON rl.uom_id = u.id + WHERE rl.rfq_id = $1 + ORDER BY rl.created_at`, + [id] + ); + + rfq.lines = lines; + + return rfq; + } + + async create(dto: CreateRfqDto, tenantId: string, userId: string): Promise { + if (dto.lines.length === 0) { + throw new ValidationError('La solicitud debe tener al menos una línea'); + } + + if (dto.partner_ids.length === 0) { + throw new ValidationError('Debe especificar al menos un proveedor'); + } + + const client = await getClient(); + + try { + await client.query('BEGIN'); + + // Generate RFQ name + const seqResult = await client.query( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 5) AS INTEGER)), 0) + 1 as next_num + FROM purchase.rfqs WHERE tenant_id = $1 AND name LIKE 'RFQ-%'`, + [tenantId] + ); + const nextNum = seqResult.rows[0]?.next_num || 1; + const rfqName = `RFQ-${String(nextNum).padStart(6, '0')}`; + + const requestDate = dto.request_date || new Date().toISOString().split('T')[0]; + + // Create RFQ + const rfqResult = await client.query( + `INSERT INTO purchase.rfqs ( + tenant_id, company_id, name, partner_ids, request_date, deadline_date, + description, notes, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) + RETURNING *`, + [ + tenantId, dto.company_id, rfqName, dto.partner_ids, requestDate, + dto.deadline_date, dto.description, dto.notes, userId + ] + ); + const rfq = rfqResult.rows[0]; + + // Create lines + for (const line of dto.lines) { + await client.query( + `INSERT INTO purchase.rfq_lines (rfq_id, tenant_id, product_id, description, quantity, uom_id) + VALUES ($1, $2, $3, $4, $5, $6)`, + [rfq.id, tenantId, line.product_id, line.description, line.quantity, line.uom_id] + ); + } + + await client.query('COMMIT'); + + return this.findById(rfq.id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async update(id: string, dto: UpdateRfqDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar solicitudes en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.partner_ids !== undefined) { + updateFields.push(`partner_ids = $${paramIndex++}`); + values.push(dto.partner_ids); + } + if (dto.deadline_date !== undefined) { + updateFields.push(`deadline_date = $${paramIndex++}`); + values.push(dto.deadline_date); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE purchase.rfqs SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async addLine(rfqId: string, dto: CreateRfqLineDto, tenantId: string): Promise { + const rfq = await this.findById(rfqId, tenantId); + + if (rfq.status !== 'draft') { + throw new ValidationError('Solo se pueden agregar líneas a solicitudes en estado borrador'); + } + + const line = await queryOne( + `INSERT INTO purchase.rfq_lines (rfq_id, tenant_id, product_id, description, quantity, uom_id) + VALUES ($1, $2, $3, $4, $5, $6) + RETURNING *`, + [rfqId, tenantId, dto.product_id, dto.description, dto.quantity, dto.uom_id] + ); + + return line!; + } + + async updateLine(rfqId: string, lineId: string, dto: UpdateRfqLineDto, tenantId: string): Promise { + const rfq = await this.findById(rfqId, tenantId); + + if (rfq.status !== 'draft') { + throw new ValidationError('Solo se pueden editar líneas en solicitudes en estado borrador'); + } + + const existingLine = rfq.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea no encontrada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.product_id !== undefined) { + updateFields.push(`product_id = $${paramIndex++}`); + values.push(dto.product_id); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.quantity !== undefined) { + updateFields.push(`quantity = $${paramIndex++}`); + values.push(dto.quantity); + } + if (dto.uom_id !== undefined) { + updateFields.push(`uom_id = $${paramIndex++}`); + values.push(dto.uom_id); + } + + if (updateFields.length === 0) { + return existingLine; + } + + values.push(lineId); + + const line = await queryOne( + `UPDATE purchase.rfq_lines SET ${updateFields.join(', ')} + WHERE id = $${paramIndex} + RETURNING *`, + values + ); + + return line!; + } + + async removeLine(rfqId: string, lineId: string, tenantId: string): Promise { + const rfq = await this.findById(rfqId, tenantId); + + if (rfq.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar líneas en solicitudes en estado borrador'); + } + + const existingLine = rfq.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea no encontrada'); + } + + if (rfq.lines && rfq.lines.length <= 1) { + throw new ValidationError('La solicitud debe tener al menos una línea'); + } + + await query(`DELETE FROM purchase.rfq_lines WHERE id = $1`, [lineId]); + } + + async send(id: string, tenantId: string, userId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status !== 'draft') { + throw new ValidationError('Solo se pueden enviar solicitudes en estado borrador'); + } + + if (!rfq.lines || rfq.lines.length === 0) { + throw new ValidationError('La solicitud debe tener al menos una línea'); + } + + await query( + `UPDATE purchase.rfqs SET + status = 'sent', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async markResponded(id: string, tenantId: string, userId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status !== 'sent') { + throw new ValidationError('Solo se pueden marcar como respondidas solicitudes enviadas'); + } + + await query( + `UPDATE purchase.rfqs SET + status = 'responded', + response_date = CURRENT_DATE, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async accept(id: string, tenantId: string, userId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status !== 'responded' && rfq.status !== 'sent') { + throw new ValidationError('Solo se pueden aceptar solicitudes enviadas o respondidas'); + } + + await query( + `UPDATE purchase.rfqs SET + status = 'accepted', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async reject(id: string, tenantId: string, userId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status !== 'responded' && rfq.status !== 'sent') { + throw new ValidationError('Solo se pueden rechazar solicitudes enviadas o respondidas'); + } + + await query( + `UPDATE purchase.rfqs SET + status = 'rejected', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status === 'cancelled') { + throw new ValidationError('La solicitud ya está cancelada'); + } + + if (rfq.status === 'accepted') { + throw new ValidationError('No se puede cancelar una solicitud aceptada'); + } + + await query( + `UPDATE purchase.rfqs SET + status = 'cancelled', + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const rfq = await this.findById(id, tenantId); + + if (rfq.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar solicitudes en estado borrador'); + } + + await query(`DELETE FROM purchase.rfqs WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } +} + +export const rfqsService = new RfqsService(); diff --git a/backend/src/modules/reports/index.ts b/backend/src/modules/reports/index.ts new file mode 100644 index 0000000..b5d3f41 --- /dev/null +++ b/backend/src/modules/reports/index.ts @@ -0,0 +1,3 @@ +export * from './reports.service.js'; +export * from './reports.controller.js'; +export { default as reportsRoutes } from './reports.routes.js'; diff --git a/backend/src/modules/reports/reports.controller.ts b/backend/src/modules/reports/reports.controller.ts new file mode 100644 index 0000000..42e0286 --- /dev/null +++ b/backend/src/modules/reports/reports.controller.ts @@ -0,0 +1,434 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { AuthenticatedRequest } from '../../shared/types/index.js'; +import { reportsService } from './reports.service.js'; + +// ============================================================================ +// VALIDATION SCHEMAS +// ============================================================================ + +const reportFiltersSchema = z.object({ + report_type: z.enum(['financial', 'accounting', 'tax', 'management', 'custom']).optional(), + category: z.string().optional(), + is_system: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().min(1).default(1), + limit: z.coerce.number().min(1).max(100).default(20), +}); + +const createDefinitionSchema = z.object({ + code: z.string().min(1).max(50), + name: z.string().min(1).max(255), + description: z.string().optional(), + report_type: z.enum(['financial', 'accounting', 'tax', 'management', 'custom']).optional(), + category: z.string().optional(), + base_query: z.string().optional(), + query_function: z.string().optional(), + parameters_schema: z.record(z.any()).optional(), + columns_config: z.array(z.any()).optional(), + export_formats: z.array(z.string()).optional(), + required_permissions: z.array(z.string()).optional(), +}); + +const executeReportSchema = z.object({ + definition_id: z.string().uuid(), + parameters: z.record(z.any()), +}); + +const createScheduleSchema = z.object({ + definition_id: z.string().uuid(), + name: z.string().min(1).max(255), + cron_expression: z.string().min(1), + default_parameters: z.record(z.any()).optional(), + company_id: z.string().uuid().optional(), + timezone: z.string().optional(), + delivery_method: z.enum(['none', 'email', 'storage', 'webhook']).optional(), + delivery_config: z.record(z.any()).optional(), +}); + +const trialBalanceSchema = z.object({ + company_id: z.string().uuid().optional(), + date_from: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + date_to: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + include_zero: z.coerce.boolean().optional(), +}); + +const generalLedgerSchema = z.object({ + company_id: z.string().uuid().optional(), + account_id: z.string().uuid(), + date_from: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + date_to: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), +}); + +// ============================================================================ +// CONTROLLER +// ============================================================================ + +class ReportsController { + // ==================== DEFINITIONS ==================== + + /** + * GET /reports/definitions + * List all report definitions + */ + async findAllDefinitions( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const filters = reportFiltersSchema.parse(req.query); + const tenantId = req.user!.tenantId; + + const { data, total } = await reportsService.findAllDefinitions(tenantId, filters); + + res.json({ + success: true, + data, + pagination: { + page: filters.page, + limit: filters.limit, + total, + totalPages: Math.ceil(total / filters.limit), + }, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /reports/definitions/:id + * Get a specific report definition + */ + async findDefinitionById( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + + const definition = await reportsService.findDefinitionById(id, tenantId); + + res.json({ + success: true, + data: definition, + }); + } catch (error) { + next(error); + } + } + + /** + * POST /reports/definitions + * Create a custom report definition + */ + async createDefinition( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const dto = createDefinitionSchema.parse(req.body); + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const definition = await reportsService.createDefinition(dto, tenantId, userId); + + res.status(201).json({ + success: true, + message: 'Definición de reporte creada exitosamente', + data: definition, + }); + } catch (error) { + next(error); + } + } + + // ==================== EXECUTIONS ==================== + + /** + * POST /reports/execute + * Execute a report + */ + async executeReport( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const dto = executeReportSchema.parse(req.body); + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const execution = await reportsService.executeReport(dto, tenantId, userId); + + res.status(202).json({ + success: true, + message: 'Reporte en ejecución', + data: execution, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /reports/executions/:id + * Get execution details and results + */ + async findExecutionById( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + + const execution = await reportsService.findExecutionById(id, tenantId); + + res.json({ + success: true, + data: execution, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /reports/executions + * Get recent executions + */ + async findRecentExecutions( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { definition_id, limit } = req.query; + const tenantId = req.user!.tenantId; + + const executions = await reportsService.findRecentExecutions( + tenantId, + definition_id as string, + parseInt(limit as string) || 20 + ); + + res.json({ + success: true, + data: executions, + }); + } catch (error) { + next(error); + } + } + + // ==================== SCHEDULES ==================== + + /** + * GET /reports/schedules + * List all schedules + */ + async findAllSchedules( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const tenantId = req.user!.tenantId; + const schedules = await reportsService.findAllSchedules(tenantId); + + res.json({ + success: true, + data: schedules, + }); + } catch (error) { + next(error); + } + } + + /** + * POST /reports/schedules + * Create a schedule + */ + async createSchedule( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const dto = createScheduleSchema.parse(req.body); + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const schedule = await reportsService.createSchedule(dto, tenantId, userId); + + res.status(201).json({ + success: true, + message: 'Programación creada exitosamente', + data: schedule, + }); + } catch (error) { + next(error); + } + } + + /** + * PATCH /reports/schedules/:id/toggle + * Enable/disable a schedule + */ + async toggleSchedule( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { id } = req.params; + const { is_active } = req.body; + const tenantId = req.user!.tenantId; + + const schedule = await reportsService.toggleSchedule(id, tenantId, is_active); + + res.json({ + success: true, + message: is_active ? 'Programación activada' : 'Programación desactivada', + data: schedule, + }); + } catch (error) { + next(error); + } + } + + /** + * DELETE /reports/schedules/:id + * Delete a schedule + */ + async deleteSchedule( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const { id } = req.params; + const tenantId = req.user!.tenantId; + + await reportsService.deleteSchedule(id, tenantId); + + res.json({ + success: true, + message: 'Programación eliminada', + }); + } catch (error) { + next(error); + } + } + + // ==================== QUICK REPORTS ==================== + + /** + * GET /reports/quick/trial-balance + * Generate trial balance directly + */ + async getTrialBalance( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const params = trialBalanceSchema.parse(req.query); + const tenantId = req.user!.tenantId; + + const data = await reportsService.generateTrialBalance( + tenantId, + params.company_id || null, + params.date_from, + params.date_to, + params.include_zero || false + ); + + // Calculate totals + const totals = { + initial_debit: 0, + initial_credit: 0, + period_debit: 0, + period_credit: 0, + final_debit: 0, + final_credit: 0, + }; + + for (const row of data) { + totals.initial_debit += parseFloat(row.initial_debit) || 0; + totals.initial_credit += parseFloat(row.initial_credit) || 0; + totals.period_debit += parseFloat(row.period_debit) || 0; + totals.period_credit += parseFloat(row.period_credit) || 0; + totals.final_debit += parseFloat(row.final_debit) || 0; + totals.final_credit += parseFloat(row.final_credit) || 0; + } + + res.json({ + success: true, + data, + summary: { + row_count: data.length, + totals, + }, + parameters: params, + }); + } catch (error) { + next(error); + } + } + + /** + * GET /reports/quick/general-ledger + * Generate general ledger directly + */ + async getGeneralLedger( + req: AuthenticatedRequest, + res: Response, + next: NextFunction + ): Promise { + try { + const params = generalLedgerSchema.parse(req.query); + const tenantId = req.user!.tenantId; + + const data = await reportsService.generateGeneralLedger( + tenantId, + params.company_id || null, + params.account_id, + params.date_from, + params.date_to + ); + + // Calculate totals + const totals = { + debit: 0, + credit: 0, + }; + + for (const row of data) { + totals.debit += parseFloat(row.debit) || 0; + totals.credit += parseFloat(row.credit) || 0; + } + + res.json({ + success: true, + data, + summary: { + row_count: data.length, + totals, + final_balance: data.length > 0 ? data[data.length - 1].running_balance : 0, + }, + parameters: params, + }); + } catch (error) { + next(error); + } + } +} + +export const reportsController = new ReportsController(); diff --git a/backend/src/modules/reports/reports.routes.ts b/backend/src/modules/reports/reports.routes.ts new file mode 100644 index 0000000..fa3c71e --- /dev/null +++ b/backend/src/modules/reports/reports.routes.ts @@ -0,0 +1,96 @@ +import { Router } from 'express'; +import { reportsController } from './reports.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ============================================================================ +// QUICK REPORTS (direct access without execution record) +// ============================================================================ + +router.get('/quick/trial-balance', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.getTrialBalance(req, res, next) +); + +router.get('/quick/general-ledger', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.getGeneralLedger(req, res, next) +); + +// ============================================================================ +// DEFINITIONS +// ============================================================================ + +// List all report definitions +router.get('/definitions', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.findAllDefinitions(req, res, next) +); + +// Get specific definition +router.get('/definitions/:id', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.findDefinitionById(req, res, next) +); + +// Create custom definition (admin only) +router.post('/definitions', + requireRoles('admin', 'super_admin'), + (req, res, next) => reportsController.createDefinition(req, res, next) +); + +// ============================================================================ +// EXECUTIONS +// ============================================================================ + +// Execute a report +router.post('/execute', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.executeReport(req, res, next) +); + +// Get recent executions +router.get('/executions', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.findRecentExecutions(req, res, next) +); + +// Get specific execution +router.get('/executions/:id', + requireRoles('admin', 'manager', 'accountant', 'super_admin'), + (req, res, next) => reportsController.findExecutionById(req, res, next) +); + +// ============================================================================ +// SCHEDULES +// ============================================================================ + +// List schedules +router.get('/schedules', + requireRoles('admin', 'manager', 'super_admin'), + (req, res, next) => reportsController.findAllSchedules(req, res, next) +); + +// Create schedule +router.post('/schedules', + requireRoles('admin', 'super_admin'), + (req, res, next) => reportsController.createSchedule(req, res, next) +); + +// Toggle schedule +router.patch('/schedules/:id/toggle', + requireRoles('admin', 'super_admin'), + (req, res, next) => reportsController.toggleSchedule(req, res, next) +); + +// Delete schedule +router.delete('/schedules/:id', + requireRoles('admin', 'super_admin'), + (req, res, next) => reportsController.deleteSchedule(req, res, next) +); + +export default router; diff --git a/backend/src/modules/reports/reports.service.ts b/backend/src/modules/reports/reports.service.ts new file mode 100644 index 0000000..717af87 --- /dev/null +++ b/backend/src/modules/reports/reports.service.ts @@ -0,0 +1,580 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export type ReportType = 'financial' | 'accounting' | 'tax' | 'management' | 'custom'; +export type ExecutionStatus = 'pending' | 'running' | 'completed' | 'failed' | 'cancelled'; +export type DeliveryMethod = 'none' | 'email' | 'storage' | 'webhook'; + +export interface ReportDefinition { + id: string; + tenant_id: string; + code: string; + name: string; + description: string | null; + report_type: ReportType; + category: string | null; + base_query: string | null; + query_function: string | null; + parameters_schema: Record; + columns_config: any[]; + grouping_options: string[]; + totals_config: Record; + export_formats: string[]; + pdf_template: string | null; + xlsx_template: string | null; + is_system: boolean; + is_active: boolean; + required_permissions: string[]; + version: number; + created_at: Date; +} + +export interface ReportExecution { + id: string; + tenant_id: string; + definition_id: string; + definition_name?: string; + definition_code?: string; + parameters: Record; + status: ExecutionStatus; + started_at: Date | null; + completed_at: Date | null; + execution_time_ms: number | null; + row_count: number | null; + result_data: any; + result_summary: Record | null; + output_files: any[]; + error_message: string | null; + error_details: Record | null; + requested_by: string; + requested_by_name?: string; + created_at: Date; +} + +export interface ReportSchedule { + id: string; + tenant_id: string; + definition_id: string; + definition_name?: string; + company_id: string | null; + name: string; + default_parameters: Record; + cron_expression: string; + timezone: string; + is_active: boolean; + last_execution_id: string | null; + last_run_at: Date | null; + next_run_at: Date | null; + delivery_method: DeliveryMethod; + delivery_config: Record; + created_at: Date; +} + +export interface CreateReportDefinitionDto { + code: string; + name: string; + description?: string; + report_type?: ReportType; + category?: string; + base_query?: string; + query_function?: string; + parameters_schema?: Record; + columns_config?: any[]; + export_formats?: string[]; + required_permissions?: string[]; +} + +export interface ExecuteReportDto { + definition_id: string; + parameters: Record; +} + +export interface ReportFilters { + report_type?: ReportType; + category?: string; + is_system?: boolean; + search?: string; + page?: number; + limit?: number; +} + +// ============================================================================ +// SERVICE +// ============================================================================ + +class ReportsService { + // ==================== DEFINITIONS ==================== + + async findAllDefinitions( + tenantId: string, + filters: ReportFilters = {} + ): Promise<{ data: ReportDefinition[]; total: number }> { + const { report_type, category, is_system, search, page = 1, limit = 20 } = filters; + const conditions: string[] = ['tenant_id = $1', 'is_active = true']; + const params: any[] = [tenantId]; + let idx = 2; + + if (report_type) { + conditions.push(`report_type = $${idx++}`); + params.push(report_type); + } + + if (category) { + conditions.push(`category = $${idx++}`); + params.push(category); + } + + if (is_system !== undefined) { + conditions.push(`is_system = $${idx++}`); + params.push(is_system); + } + + if (search) { + conditions.push(`(name ILIKE $${idx} OR code ILIKE $${idx} OR description ILIKE $${idx})`); + params.push(`%${search}%`); + idx++; + } + + const whereClause = conditions.join(' AND '); + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM reports.report_definitions WHERE ${whereClause}`, + params + ); + + const offset = (page - 1) * limit; + params.push(limit, offset); + + const data = await query( + `SELECT * FROM reports.report_definitions + WHERE ${whereClause} + ORDER BY is_system DESC, name ASC + LIMIT $${idx} OFFSET $${idx + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findDefinitionById(id: string, tenantId: string): Promise { + const definition = await queryOne( + `SELECT * FROM reports.report_definitions WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + if (!definition) { + throw new NotFoundError('Definición de reporte no encontrada'); + } + + return definition; + } + + async findDefinitionByCode(code: string, tenantId: string): Promise { + return queryOne( + `SELECT * FROM reports.report_definitions WHERE code = $1 AND tenant_id = $2`, + [code, tenantId] + ); + } + + async createDefinition( + dto: CreateReportDefinitionDto, + tenantId: string, + userId: string + ): Promise { + const definition = await queryOne( + `INSERT INTO reports.report_definitions ( + tenant_id, code, name, description, report_type, category, + base_query, query_function, parameters_schema, columns_config, + export_formats, required_permissions, created_by + ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [ + tenantId, + dto.code, + dto.name, + dto.description || null, + dto.report_type || 'custom', + dto.category || null, + dto.base_query || null, + dto.query_function || null, + JSON.stringify(dto.parameters_schema || {}), + JSON.stringify(dto.columns_config || []), + JSON.stringify(dto.export_formats || ['pdf', 'xlsx', 'csv']), + JSON.stringify(dto.required_permissions || []), + userId, + ] + ); + + logger.info('Report definition created', { definitionId: definition?.id, code: dto.code }); + + return definition!; + } + + // ==================== EXECUTIONS ==================== + + async executeReport( + dto: ExecuteReportDto, + tenantId: string, + userId: string + ): Promise { + const definition = await this.findDefinitionById(dto.definition_id, tenantId); + + // Validar parámetros contra el schema + this.validateParameters(dto.parameters, definition.parameters_schema); + + // Crear registro de ejecución + const execution = await queryOne( + `INSERT INTO reports.report_executions ( + tenant_id, definition_id, parameters, status, requested_by + ) VALUES ($1, $2, $3, 'pending', $4) + RETURNING *`, + [tenantId, dto.definition_id, JSON.stringify(dto.parameters), userId] + ); + + // Ejecutar el reporte de forma asíncrona + this.runReportExecution(execution!.id, definition, dto.parameters, tenantId) + .catch(err => logger.error('Report execution failed', { executionId: execution!.id, error: err })); + + return execution!; + } + + private async runReportExecution( + executionId: string, + definition: ReportDefinition, + parameters: Record, + tenantId: string + ): Promise { + const startTime = Date.now(); + + try { + // Marcar como ejecutando + await query( + `UPDATE reports.report_executions SET status = 'running', started_at = NOW() WHERE id = $1`, + [executionId] + ); + + let resultData: any; + let rowCount = 0; + + if (definition.query_function) { + // Ejecutar función PostgreSQL + const funcParams = this.buildFunctionParams(definition.query_function, parameters, tenantId); + resultData = await query( + `SELECT * FROM ${definition.query_function}(${funcParams.placeholders})`, + funcParams.values + ); + rowCount = resultData.length; + } else if (definition.base_query) { + // Ejecutar query base con parámetros sustituidos + // IMPORTANTE: Sanitizar los parámetros para evitar SQL injection + const sanitizedQuery = this.buildSafeQuery(definition.base_query, parameters, tenantId); + resultData = await query(sanitizedQuery.sql, sanitizedQuery.values); + rowCount = resultData.length; + } else { + throw new Error('La definición del reporte no tiene query ni función definida'); + } + + const executionTime = Date.now() - startTime; + + // Calcular resumen si hay config de totales + const resultSummary = this.calculateSummary(resultData, definition.totals_config); + + // Actualizar con resultados + await query( + `UPDATE reports.report_executions + SET status = 'completed', + completed_at = NOW(), + execution_time_ms = $2, + row_count = $3, + result_data = $4, + result_summary = $5 + WHERE id = $1`, + [executionId, executionTime, rowCount, JSON.stringify(resultData), JSON.stringify(resultSummary)] + ); + + logger.info('Report execution completed', { executionId, rowCount, executionTime }); + + } catch (error: any) { + const executionTime = Date.now() - startTime; + + await query( + `UPDATE reports.report_executions + SET status = 'failed', + completed_at = NOW(), + execution_time_ms = $2, + error_message = $3, + error_details = $4 + WHERE id = $1`, + [ + executionId, + executionTime, + error.message, + JSON.stringify({ stack: error.stack }), + ] + ); + + logger.error('Report execution failed', { executionId, error: error.message }); + } + } + + private buildFunctionParams( + functionName: string, + parameters: Record, + tenantId: string + ): { placeholders: string; values: any[] } { + // Construir parámetros para funciones conocidas + const values: any[] = [tenantId]; + let idx = 2; + + if (functionName.includes('trial_balance')) { + values.push( + parameters.company_id || null, + parameters.date_from, + parameters.date_to, + parameters.include_zero || false + ); + return { placeholders: '$1, $2, $3, $4, $5', values }; + } + + if (functionName.includes('general_ledger')) { + values.push( + parameters.company_id || null, + parameters.account_id, + parameters.date_from, + parameters.date_to + ); + return { placeholders: '$1, $2, $3, $4, $5', values }; + } + + // Default: solo tenant_id + return { placeholders: '$1', values }; + } + + private buildSafeQuery( + baseQuery: string, + parameters: Record, + tenantId: string + ): { sql: string; values: any[] } { + // Reemplazar placeholders de forma segura + let sql = baseQuery; + const values: any[] = [tenantId]; + let idx = 2; + + // Reemplazar {{tenant_id}} con $1 + sql = sql.replace(/\{\{tenant_id\}\}/g, '$1'); + + // Reemplazar otros parámetros + for (const [key, value] of Object.entries(parameters)) { + const placeholder = `{{${key}}}`; + if (sql.includes(placeholder)) { + sql = sql.replace(new RegExp(placeholder, 'g'), `$${idx}`); + values.push(value); + idx++; + } + } + + return { sql, values }; + } + + private calculateSummary(data: any[], totalsConfig: Record): Record { + if (!totalsConfig.show_totals || !totalsConfig.total_columns) { + return {}; + } + + const summary: Record = {}; + + for (const column of totalsConfig.total_columns) { + summary[column] = data.reduce((sum, row) => sum + (parseFloat(row[column]) || 0), 0); + } + + return summary; + } + + private validateParameters(params: Record, schema: Record): void { + for (const [key, config] of Object.entries(schema)) { + const paramConfig = config as { required?: boolean; type?: string }; + + if (paramConfig.required && (params[key] === undefined || params[key] === null)) { + throw new ValidationError(`Parámetro requerido: ${key}`); + } + } + } + + async findExecutionById(id: string, tenantId: string): Promise { + const execution = await queryOne( + `SELECT re.*, + rd.name as definition_name, + rd.code as definition_code, + u.full_name as requested_by_name + FROM reports.report_executions re + JOIN reports.report_definitions rd ON re.definition_id = rd.id + JOIN auth.users u ON re.requested_by = u.id + WHERE re.id = $1 AND re.tenant_id = $2`, + [id, tenantId] + ); + + if (!execution) { + throw new NotFoundError('Ejecución de reporte no encontrada'); + } + + return execution; + } + + async findRecentExecutions( + tenantId: string, + definitionId?: string, + limit: number = 20 + ): Promise { + let sql = ` + SELECT re.*, + rd.name as definition_name, + rd.code as definition_code, + u.full_name as requested_by_name + FROM reports.report_executions re + JOIN reports.report_definitions rd ON re.definition_id = rd.id + JOIN auth.users u ON re.requested_by = u.id + WHERE re.tenant_id = $1 + `; + const params: any[] = [tenantId]; + + if (definitionId) { + sql += ` AND re.definition_id = $2`; + params.push(definitionId); + } + + sql += ` ORDER BY re.created_at DESC LIMIT $${params.length + 1}`; + params.push(limit); + + return query(sql, params); + } + + // ==================== SCHEDULES ==================== + + async findAllSchedules(tenantId: string): Promise { + return query( + `SELECT rs.*, + rd.name as definition_name + FROM reports.report_schedules rs + JOIN reports.report_definitions rd ON rs.definition_id = rd.id + WHERE rs.tenant_id = $1 + ORDER BY rs.name`, + [tenantId] + ); + } + + async createSchedule( + data: { + definition_id: string; + name: string; + cron_expression: string; + default_parameters?: Record; + company_id?: string; + timezone?: string; + delivery_method?: DeliveryMethod; + delivery_config?: Record; + }, + tenantId: string, + userId: string + ): Promise { + // Verificar que la definición existe + await this.findDefinitionById(data.definition_id, tenantId); + + const schedule = await queryOne( + `INSERT INTO reports.report_schedules ( + tenant_id, definition_id, name, cron_expression, + default_parameters, company_id, timezone, + delivery_method, delivery_config, created_by + ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, + data.definition_id, + data.name, + data.cron_expression, + JSON.stringify(data.default_parameters || {}), + data.company_id || null, + data.timezone || 'America/Mexico_City', + data.delivery_method || 'none', + JSON.stringify(data.delivery_config || {}), + userId, + ] + ); + + logger.info('Report schedule created', { scheduleId: schedule?.id, name: data.name }); + + return schedule!; + } + + async toggleSchedule(id: string, tenantId: string, isActive: boolean): Promise { + const schedule = await queryOne( + `UPDATE reports.report_schedules + SET is_active = $3, updated_at = NOW() + WHERE id = $1 AND tenant_id = $2 + RETURNING *`, + [id, tenantId, isActive] + ); + + if (!schedule) { + throw new NotFoundError('Programación no encontrada'); + } + + return schedule; + } + + async deleteSchedule(id: string, tenantId: string): Promise { + const result = await query( + `DELETE FROM reports.report_schedules WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + + // Check if any row was deleted + if (!result || result.length === 0) { + // Try to verify it existed + const exists = await queryOne<{ id: string }>( + `SELECT id FROM reports.report_schedules WHERE id = $1`, + [id] + ); + if (!exists) { + throw new NotFoundError('Programación no encontrada'); + } + } + } + + // ==================== QUICK REPORTS ==================== + + async generateTrialBalance( + tenantId: string, + companyId: string | null, + dateFrom: string, + dateTo: string, + includeZero: boolean = false + ): Promise { + return query( + `SELECT * FROM reports.generate_trial_balance($1, $2, $3, $4, $5)`, + [tenantId, companyId, dateFrom, dateTo, includeZero] + ); + } + + async generateGeneralLedger( + tenantId: string, + companyId: string | null, + accountId: string, + dateFrom: string, + dateTo: string + ): Promise { + return query( + `SELECT * FROM reports.generate_general_ledger($1, $2, $3, $4, $5)`, + [tenantId, companyId, accountId, dateFrom, dateTo] + ); + } +} + +export const reportsService = new ReportsService(); diff --git a/backend/src/modules/roles/index.ts b/backend/src/modules/roles/index.ts new file mode 100644 index 0000000..1bf9c73 --- /dev/null +++ b/backend/src/modules/roles/index.ts @@ -0,0 +1,13 @@ +// Roles module exports +export { rolesService } from './roles.service.js'; +export { permissionsService } from './permissions.service.js'; +export { rolesController } from './roles.controller.js'; +export { permissionsController } from './permissions.controller.js'; + +// Routes +export { default as rolesRoutes } from './roles.routes.js'; +export { default as permissionsRoutes } from './permissions.routes.js'; + +// Types +export type { CreateRoleDto, UpdateRoleDto, RoleWithPermissions } from './roles.service.js'; +export type { PermissionFilter, EffectivePermission } from './permissions.service.js'; diff --git a/backend/src/modules/roles/permissions.controller.ts b/backend/src/modules/roles/permissions.controller.ts new file mode 100644 index 0000000..b91c808 --- /dev/null +++ b/backend/src/modules/roles/permissions.controller.ts @@ -0,0 +1,218 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { permissionsService } from './permissions.service.js'; +import { PermissionAction } from '../auth/entities/index.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError, PaginationParams } from '../../shared/types/index.js'; + +// Validation schemas +const checkPermissionsSchema = z.object({ + permissions: z.array(z.object({ + resource: z.string(), + action: z.string(), + })).min(1, 'Se requiere al menos un permiso para verificar'), +}); + +export class PermissionsController { + /** + * GET /permissions - List all permissions with optional filters + */ + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const page = parseInt(req.query.page as string) || 1; + const limit = Math.min(parseInt(req.query.limit as string) || 50, 200); + const sortBy = req.query.sortBy as string || 'resource'; + const sortOrder = (req.query.sortOrder as 'asc' | 'desc') || 'asc'; + + const params: PaginationParams = { page, limit, sortBy, sortOrder }; + + // Build filter + const filter: { module?: string; resource?: string; action?: PermissionAction } = {}; + if (req.query.module) filter.module = req.query.module as string; + if (req.query.resource) filter.resource = req.query.resource as string; + if (req.query.action) filter.action = req.query.action as PermissionAction; + + const result = await permissionsService.findAll(params, filter); + + const response: ApiResponse = { + success: true, + data: result.permissions, + meta: { + page, + limit, + total: result.total, + totalPages: Math.ceil(result.total / limit), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/modules - Get list of all modules + */ + async getModules(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const modules = await permissionsService.getModules(); + + const response: ApiResponse = { + success: true, + data: modules, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/resources - Get list of all resources + */ + async getResources(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const resources = await permissionsService.getResources(); + + const response: ApiResponse = { + success: true, + data: resources, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/grouped - Get permissions grouped by module + */ + async getGrouped(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const grouped = await permissionsService.getGroupedByModule(); + + const response: ApiResponse = { + success: true, + data: grouped, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/by-module/:module - Get all permissions for a module + */ + async getByModule(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const module = req.params.module; + const permissions = await permissionsService.getByModule(module); + + const response: ApiResponse = { + success: true, + data: permissions, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/matrix - Get permission matrix for admin UI + */ + async getMatrix(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const matrix = await permissionsService.getPermissionMatrix(tenantId); + + const response: ApiResponse = { + success: true, + data: matrix, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/me - Get current user's effective permissions + */ + async getMyPermissions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const permissions = await permissionsService.getEffectivePermissions(tenantId, userId); + + const response: ApiResponse = { + success: true, + data: permissions, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /permissions/check - Check if current user has specific permissions + */ + async checkPermissions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = checkPermissionsSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const results = await permissionsService.checkPermissions( + tenantId, + userId, + validation.data.permissions + ); + + const response: ApiResponse = { + success: true, + data: results, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /permissions/user/:userId - Get effective permissions for a specific user (admin) + */ + async getUserPermissions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.params.userId; + + const permissions = await permissionsService.getEffectivePermissions(tenantId, userId); + + const response: ApiResponse = { + success: true, + data: permissions, + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const permissionsController = new PermissionsController(); diff --git a/backend/src/modules/roles/permissions.routes.ts b/backend/src/modules/roles/permissions.routes.ts new file mode 100644 index 0000000..8e12e3b --- /dev/null +++ b/backend/src/modules/roles/permissions.routes.ts @@ -0,0 +1,55 @@ +import { Router } from 'express'; +import { permissionsController } from './permissions.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// Get current user's permissions (any authenticated user) +router.get('/me', (req, res, next) => + permissionsController.getMyPermissions(req, res, next) +); + +// Check permissions for current user (any authenticated user) +router.post('/check', (req, res, next) => + permissionsController.checkPermissions(req, res, next) +); + +// List all permissions (admin, manager) +router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + permissionsController.findAll(req, res, next) +); + +// Get available modules (admin, manager) +router.get('/modules', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + permissionsController.getModules(req, res, next) +); + +// Get available resources (admin, manager) +router.get('/resources', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + permissionsController.getResources(req, res, next) +); + +// Get permissions grouped by module (admin, manager) +router.get('/grouped', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + permissionsController.getGrouped(req, res, next) +); + +// Get permissions by module (admin, manager) +router.get('/by-module/:module', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + permissionsController.getByModule(req, res, next) +); + +// Get permission matrix for admin UI (admin only) +router.get('/matrix', requireRoles('admin', 'super_admin'), (req, res, next) => + permissionsController.getMatrix(req, res, next) +); + +// Get effective permissions for a specific user (admin only) +router.get('/user/:userId', requireRoles('admin', 'super_admin'), (req, res, next) => + permissionsController.getUserPermissions(req, res, next) +); + +export default router; diff --git a/backend/src/modules/roles/permissions.service.ts b/backend/src/modules/roles/permissions.service.ts new file mode 100644 index 0000000..5d5a314 --- /dev/null +++ b/backend/src/modules/roles/permissions.service.ts @@ -0,0 +1,342 @@ +import { Repository, In } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Permission, PermissionAction, Role, User } from '../auth/entities/index.js'; +import { PaginationParams } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface PermissionFilter { + module?: string; + resource?: string; + action?: PermissionAction; +} + +export interface EffectivePermission { + resource: string; + action: string; + module: string | null; + fromRoles: string[]; +} + +// ===== PermissionsService Class ===== + +class PermissionsService { + private permissionRepository: Repository; + private roleRepository: Repository; + private userRepository: Repository; + + constructor() { + this.permissionRepository = AppDataSource.getRepository(Permission); + this.roleRepository = AppDataSource.getRepository(Role); + this.userRepository = AppDataSource.getRepository(User); + } + + /** + * Get all permissions with optional filtering and pagination + */ + async findAll( + params: PaginationParams, + filter?: PermissionFilter + ): Promise<{ permissions: Permission[]; total: number }> { + try { + const { page, limit, sortBy = 'resource', sortOrder = 'asc' } = params; + const skip = (page - 1) * limit; + + const queryBuilder = this.permissionRepository + .createQueryBuilder('permission') + .orderBy(`permission.${sortBy}`, sortOrder.toUpperCase() as 'ASC' | 'DESC') + .skip(skip) + .take(limit); + + // Apply filters + if (filter?.module) { + queryBuilder.andWhere('permission.module = :module', { module: filter.module }); + } + if (filter?.resource) { + queryBuilder.andWhere('permission.resource LIKE :resource', { + resource: `%${filter.resource}%`, + }); + } + if (filter?.action) { + queryBuilder.andWhere('permission.action = :action', { action: filter.action }); + } + + const [permissions, total] = await queryBuilder.getManyAndCount(); + + logger.debug('Permissions retrieved', { count: permissions.length, total, filter }); + + return { permissions, total }; + } catch (error) { + logger.error('Error retrieving permissions', { + error: (error as Error).message, + }); + throw error; + } + } + + /** + * Get permission by ID + */ + async findById(permissionId: string): Promise { + return await this.permissionRepository.findOne({ + where: { id: permissionId }, + }); + } + + /** + * Get permissions by IDs + */ + async findByIds(permissionIds: string[]): Promise { + return await this.permissionRepository.find({ + where: { id: In(permissionIds) }, + }); + } + + /** + * Get all unique modules + */ + async getModules(): Promise { + const result = await this.permissionRepository + .createQueryBuilder('permission') + .select('DISTINCT permission.module', 'module') + .where('permission.module IS NOT NULL') + .orderBy('permission.module', 'ASC') + .getRawMany(); + + return result.map(r => r.module); + } + + /** + * Get all permissions for a specific module + */ + async getByModule(module: string): Promise { + return await this.permissionRepository.find({ + where: { module }, + order: { resource: 'ASC', action: 'ASC' }, + }); + } + + /** + * Get all unique resources + */ + async getResources(): Promise { + const result = await this.permissionRepository + .createQueryBuilder('permission') + .select('DISTINCT permission.resource', 'resource') + .orderBy('permission.resource', 'ASC') + .getRawMany(); + + return result.map(r => r.resource); + } + + /** + * Get permissions grouped by module + */ + async getGroupedByModule(): Promise> { + const permissions = await this.permissionRepository.find({ + order: { module: 'ASC', resource: 'ASC', action: 'ASC' }, + }); + + const grouped: Record = {}; + + for (const permission of permissions) { + const module = permission.module || 'other'; + if (!grouped[module]) { + grouped[module] = []; + } + grouped[module].push(permission); + } + + return grouped; + } + + /** + * Get effective permissions for a user (combining all role permissions) + */ + async getEffectivePermissions( + tenantId: string, + userId: string + ): Promise { + try { + const user = await this.userRepository.findOne({ + where: { id: userId, tenantId, deletedAt: undefined }, + relations: ['roles', 'roles.permissions'], + }); + + if (!user || !user.roles) { + return []; + } + + // Map to collect permissions with their source roles + const permissionMap = new Map(); + + for (const role of user.roles) { + if (role.deletedAt) continue; + + for (const permission of role.permissions || []) { + const key = `${permission.resource}:${permission.action}`; + + if (permissionMap.has(key)) { + // Add role to existing permission + const existing = permissionMap.get(key)!; + if (!existing.fromRoles.includes(role.name)) { + existing.fromRoles.push(role.name); + } + } else { + // Create new permission entry + permissionMap.set(key, { + resource: permission.resource, + action: permission.action, + module: permission.module, + fromRoles: [role.name], + }); + } + } + } + + const effectivePermissions = Array.from(permissionMap.values()); + + logger.debug('Effective permissions calculated', { + userId, + tenantId, + permissionCount: effectivePermissions.length, + }); + + return effectivePermissions; + } catch (error) { + logger.error('Error calculating effective permissions', { + error: (error as Error).message, + userId, + tenantId, + }); + throw error; + } + } + + /** + * Check if a user has a specific permission + */ + async hasPermission( + tenantId: string, + userId: string, + resource: string, + action: string + ): Promise { + try { + const user = await this.userRepository.findOne({ + where: { id: userId, tenantId, deletedAt: undefined }, + relations: ['roles', 'roles.permissions'], + }); + + if (!user || !user.roles) { + return false; + } + + // Check if user is superuser (has all permissions) + if (user.isSuperuser) { + return true; + } + + // Check through all roles + for (const role of user.roles) { + if (role.deletedAt) continue; + + // Super admin role has all permissions + if (role.code === 'super_admin') { + return true; + } + + for (const permission of role.permissions || []) { + if (permission.resource === resource && permission.action === action) { + return true; + } + } + } + + return false; + } catch (error) { + logger.error('Error checking permission', { + error: (error as Error).message, + userId, + tenantId, + resource, + action, + }); + return false; + } + } + + /** + * Check multiple permissions at once (returns all that user has) + */ + async checkPermissions( + tenantId: string, + userId: string, + permissionChecks: Array<{ resource: string; action: string }> + ): Promise> { + const effectivePermissions = await this.getEffectivePermissions(tenantId, userId); + const permissionSet = new Set( + effectivePermissions.map(p => `${p.resource}:${p.action}`) + ); + + // Check if user is superuser + const user = await this.userRepository.findOne({ + where: { id: userId, tenantId }, + }); + const isSuperuser = user?.isSuperuser || false; + + return permissionChecks.map(check => ({ + resource: check.resource, + action: check.action, + granted: isSuperuser || permissionSet.has(`${check.resource}:${check.action}`), + })); + } + + /** + * Get permission matrix for UI display (roles vs permissions) + */ + async getPermissionMatrix( + tenantId: string + ): Promise<{ + roles: Array<{ id: string; name: string; code: string }>; + permissions: Permission[]; + matrix: Record; + }> { + try { + // Get all roles for tenant + const roles = await this.roleRepository.find({ + where: { tenantId, deletedAt: undefined }, + relations: ['permissions'], + order: { name: 'ASC' }, + }); + + // Get all permissions + const permissions = await this.permissionRepository.find({ + order: { module: 'ASC', resource: 'ASC', action: 'ASC' }, + }); + + // Build matrix: roleId -> [permissionIds] + const matrix: Record = {}; + for (const role of roles) { + matrix[role.id] = (role.permissions || []).map(p => p.id); + } + + return { + roles: roles.map(r => ({ id: r.id, name: r.name, code: r.code })), + permissions, + matrix, + }; + } catch (error) { + logger.error('Error building permission matrix', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } +} + +// ===== Export Singleton Instance ===== + +export const permissionsService = new PermissionsService(); diff --git a/backend/src/modules/roles/roles.controller.ts b/backend/src/modules/roles/roles.controller.ts new file mode 100644 index 0000000..578ce5c --- /dev/null +++ b/backend/src/modules/roles/roles.controller.ts @@ -0,0 +1,292 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { rolesService } from './roles.service.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError, PaginationParams } from '../../shared/types/index.js'; + +// Validation schemas +const createRoleSchema = z.object({ + name: z.string().min(2, 'El nombre debe tener al menos 2 caracteres'), + code: z.string() + .min(2, 'El código debe tener al menos 2 caracteres') + .regex(/^[a-z_]+$/, 'El código debe contener solo letras minúsculas y guiones bajos'), + description: z.string().optional(), + color: z.string().regex(/^#[0-9A-Fa-f]{6}$/, 'Color debe ser formato hexadecimal (#RRGGBB)').optional(), + permissionIds: z.array(z.string().uuid()).optional(), +}); + +const updateRoleSchema = z.object({ + name: z.string().min(2).optional(), + description: z.string().optional(), + color: z.string().regex(/^#[0-9A-Fa-f]{6}$/).optional(), +}); + +const assignPermissionsSchema = z.object({ + permissionIds: z.array(z.string().uuid('ID de permiso inválido')), +}); + +const addPermissionSchema = z.object({ + permissionId: z.string().uuid('ID de permiso inválido'), +}); + +export class RolesController { + /** + * GET /roles - List all roles for tenant + */ + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const page = parseInt(req.query.page as string) || 1; + const limit = Math.min(parseInt(req.query.limit as string) || 20, 100); + const sortBy = req.query.sortBy as string || 'name'; + const sortOrder = (req.query.sortOrder as 'asc' | 'desc') || 'asc'; + + const params: PaginationParams = { page, limit, sortBy, sortOrder }; + const result = await rolesService.findAll(tenantId, params); + + const response: ApiResponse = { + success: true, + data: result.roles, + meta: { + page, + limit, + total: result.total, + totalPages: Math.ceil(result.total / limit), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /roles/system - Get system roles + */ + async getSystemRoles(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const roles = await rolesService.getSystemRoles(tenantId); + + const response: ApiResponse = { + success: true, + data: roles, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /roles/:id - Get role by ID + */ + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + + const role = await rolesService.findById(tenantId, roleId); + + const response: ApiResponse = { + success: true, + data: role, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /roles - Create new role + */ + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = createRoleSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const createdBy = req.user!.userId; + + const role = await rolesService.create(tenantId, validation.data, createdBy); + + const response: ApiResponse = { + success: true, + data: role, + message: 'Rol creado exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + /** + * PUT /roles/:id - Update role + */ + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = updateRoleSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + const updatedBy = req.user!.userId; + + const role = await rolesService.update(tenantId, roleId, validation.data, updatedBy); + + const response: ApiResponse = { + success: true, + data: role, + message: 'Rol actualizado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * DELETE /roles/:id - Soft delete role + */ + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + const deletedBy = req.user!.userId; + + await rolesService.delete(tenantId, roleId, deletedBy); + + const response: ApiResponse = { + success: true, + message: 'Rol eliminado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /roles/:id/permissions - Get role permissions + */ + async getPermissions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + + const permissions = await rolesService.getRolePermissions(tenantId, roleId); + + const response: ApiResponse = { + success: true, + data: permissions, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * PUT /roles/:id/permissions - Replace all permissions for a role + */ + async assignPermissions(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = assignPermissionsSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + const updatedBy = req.user!.userId; + + const role = await rolesService.assignPermissions( + tenantId, + roleId, + validation.data.permissionIds, + updatedBy + ); + + const response: ApiResponse = { + success: true, + data: role, + message: 'Permisos actualizados exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /roles/:id/permissions - Add single permission to role + */ + async addPermission(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = addPermissionSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + const updatedBy = req.user!.userId; + + const role = await rolesService.addPermission( + tenantId, + roleId, + validation.data.permissionId, + updatedBy + ); + + const response: ApiResponse = { + success: true, + data: role, + message: 'Permiso agregado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * DELETE /roles/:id/permissions/:permissionId - Remove permission from role + */ + async removePermission(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const roleId = req.params.id; + const permissionId = req.params.permissionId; + const updatedBy = req.user!.userId; + + const role = await rolesService.removePermission(tenantId, roleId, permissionId, updatedBy); + + const response: ApiResponse = { + success: true, + data: role, + message: 'Permiso removido exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const rolesController = new RolesController(); diff --git a/backend/src/modules/roles/roles.routes.ts b/backend/src/modules/roles/roles.routes.ts new file mode 100644 index 0000000..a04920f --- /dev/null +++ b/backend/src/modules/roles/roles.routes.ts @@ -0,0 +1,57 @@ +import { Router } from 'express'; +import { rolesController } from './roles.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// List roles (admin, manager) +router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + rolesController.findAll(req, res, next) +); + +// Get system roles (admin) +router.get('/system', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.getSystemRoles(req, res, next) +); + +// Get role by ID (admin, manager) +router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + rolesController.findById(req, res, next) +); + +// Create role (admin only) +router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.create(req, res, next) +); + +// Update role (admin only) +router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.update(req, res, next) +); + +// Delete role (admin only) +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.delete(req, res, next) +); + +// Role permissions management +router.get('/:id/permissions', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + rolesController.getPermissions(req, res, next) +); + +router.put('/:id/permissions', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.assignPermissions(req, res, next) +); + +router.post('/:id/permissions', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.addPermission(req, res, next) +); + +router.delete('/:id/permissions/:permissionId', requireRoles('admin', 'super_admin'), (req, res, next) => + rolesController.removePermission(req, res, next) +); + +export default router; diff --git a/backend/src/modules/roles/roles.service.ts b/backend/src/modules/roles/roles.service.ts new file mode 100644 index 0000000..5d24572 --- /dev/null +++ b/backend/src/modules/roles/roles.service.ts @@ -0,0 +1,454 @@ +import { Repository, In } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Role, Permission } from '../auth/entities/index.js'; +import { PaginationParams, NotFoundError, ValidationError, ForbiddenError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateRoleDto { + name: string; + code: string; + description?: string; + color?: string; + permissionIds?: string[]; +} + +export interface UpdateRoleDto { + name?: string; + description?: string; + color?: string; +} + +export interface RoleWithPermissions extends Role { + permissions: Permission[]; +} + +// ===== RolesService Class ===== + +class RolesService { + private roleRepository: Repository; + private permissionRepository: Repository; + + constructor() { + this.roleRepository = AppDataSource.getRepository(Role); + this.permissionRepository = AppDataSource.getRepository(Permission); + } + + /** + * Get all roles for a tenant with pagination + */ + async findAll( + tenantId: string, + params: PaginationParams + ): Promise<{ roles: Role[]; total: number }> { + try { + const { page, limit, sortBy = 'name', sortOrder = 'asc' } = params; + const skip = (page - 1) * limit; + + const queryBuilder = this.roleRepository + .createQueryBuilder('role') + .leftJoinAndSelect('role.permissions', 'permissions') + .where('role.tenantId = :tenantId', { tenantId }) + .andWhere('role.deletedAt IS NULL') + .orderBy(`role.${sortBy}`, sortOrder.toUpperCase() as 'ASC' | 'DESC') + .skip(skip) + .take(limit); + + const [roles, total] = await queryBuilder.getManyAndCount(); + + logger.debug('Roles retrieved', { tenantId, count: roles.length, total }); + + return { roles, total }; + } catch (error) { + logger.error('Error retrieving roles', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get a specific role by ID + */ + async findById(tenantId: string, roleId: string): Promise { + try { + const role = await this.roleRepository.findOne({ + where: { + id: roleId, + tenantId, + deletedAt: undefined, + }, + relations: ['permissions'], + }); + + if (!role) { + throw new NotFoundError('Rol no encontrado'); + } + + return role as RoleWithPermissions; + } catch (error) { + logger.error('Error finding role', { + error: (error as Error).message, + tenantId, + roleId, + }); + throw error; + } + } + + /** + * Get a role by code + */ + async findByCode(tenantId: string, code: string): Promise { + try { + return await this.roleRepository.findOne({ + where: { + code, + tenantId, + deletedAt: undefined, + }, + relations: ['permissions'], + }); + } catch (error) { + logger.error('Error finding role by code', { + error: (error as Error).message, + tenantId, + code, + }); + throw error; + } + } + + /** + * Create a new role + */ + async create( + tenantId: string, + data: CreateRoleDto, + createdBy: string + ): Promise { + try { + // Validate code uniqueness within tenant + const existing = await this.findByCode(tenantId, data.code); + if (existing) { + throw new ValidationError('Ya existe un rol con este código'); + } + + // Validate code format + if (!/^[a-z_]+$/.test(data.code)) { + throw new ValidationError('El código debe contener solo letras minúsculas y guiones bajos'); + } + + // Create role + const role = this.roleRepository.create({ + tenantId, + name: data.name, + code: data.code, + description: data.description || null, + color: data.color || null, + isSystem: false, + createdBy, + }); + + await this.roleRepository.save(role); + + // Assign initial permissions if provided + if (data.permissionIds && data.permissionIds.length > 0) { + await this.assignPermissions(tenantId, role.id, data.permissionIds, createdBy); + } + + // Reload with permissions + const savedRole = await this.findById(tenantId, role.id); + + logger.info('Role created', { + roleId: role.id, + tenantId, + code: role.code, + createdBy, + }); + + return savedRole; + } catch (error) { + logger.error('Error creating role', { + error: (error as Error).message, + tenantId, + data, + }); + throw error; + } + } + + /** + * Update a role + */ + async update( + tenantId: string, + roleId: string, + data: UpdateRoleDto, + updatedBy: string + ): Promise { + try { + const role = await this.findById(tenantId, roleId); + + // Prevent modification of system roles + if (role.isSystem) { + throw new ForbiddenError('No se pueden modificar roles del sistema'); + } + + // Update allowed fields + if (data.name !== undefined) role.name = data.name; + if (data.description !== undefined) role.description = data.description; + if (data.color !== undefined) role.color = data.color; + role.updatedBy = updatedBy; + role.updatedAt = new Date(); + + await this.roleRepository.save(role); + + logger.info('Role updated', { + roleId, + tenantId, + updatedBy, + }); + + return await this.findById(tenantId, roleId); + } catch (error) { + logger.error('Error updating role', { + error: (error as Error).message, + tenantId, + roleId, + }); + throw error; + } + } + + /** + * Soft delete a role + */ + async delete(tenantId: string, roleId: string, deletedBy: string): Promise { + try { + const role = await this.findById(tenantId, roleId); + + // Prevent deletion of system roles + if (role.isSystem) { + throw new ForbiddenError('No se pueden eliminar roles del sistema'); + } + + // Check if role has users assigned + const usersCount = await this.roleRepository + .createQueryBuilder('role') + .leftJoin('role.users', 'user') + .where('role.id = :roleId', { roleId }) + .andWhere('user.deletedAt IS NULL') + .getCount(); + + if (usersCount > 0) { + throw new ValidationError( + `No se puede eliminar el rol porque tiene ${usersCount} usuario(s) asignado(s)` + ); + } + + // Soft delete + role.deletedAt = new Date(); + role.deletedBy = deletedBy; + + await this.roleRepository.save(role); + + logger.info('Role deleted', { + roleId, + tenantId, + deletedBy, + }); + } catch (error) { + logger.error('Error deleting role', { + error: (error as Error).message, + tenantId, + roleId, + }); + throw error; + } + } + + /** + * Assign permissions to a role + */ + async assignPermissions( + tenantId: string, + roleId: string, + permissionIds: string[], + updatedBy: string + ): Promise { + try { + const role = await this.findById(tenantId, roleId); + + // Prevent modification of system roles + if (role.isSystem) { + throw new ForbiddenError('No se pueden modificar permisos de roles del sistema'); + } + + // Validate all permissions exist + const permissions = await this.permissionRepository.find({ + where: { id: In(permissionIds) }, + }); + + if (permissions.length !== permissionIds.length) { + throw new ValidationError('Uno o más permisos no existen'); + } + + // Replace permissions + role.permissions = permissions; + role.updatedBy = updatedBy; + role.updatedAt = new Date(); + + await this.roleRepository.save(role); + + logger.info('Role permissions updated', { + roleId, + tenantId, + permissionCount: permissions.length, + updatedBy, + }); + + return await this.findById(tenantId, roleId); + } catch (error) { + logger.error('Error assigning permissions', { + error: (error as Error).message, + tenantId, + roleId, + }); + throw error; + } + } + + /** + * Add a single permission to a role + */ + async addPermission( + tenantId: string, + roleId: string, + permissionId: string, + updatedBy: string + ): Promise { + try { + const role = await this.findById(tenantId, roleId); + + if (role.isSystem) { + throw new ForbiddenError('No se pueden modificar permisos de roles del sistema'); + } + + // Check if permission exists + const permission = await this.permissionRepository.findOne({ + where: { id: permissionId }, + }); + + if (!permission) { + throw new NotFoundError('Permiso no encontrado'); + } + + // Check if already assigned + const hasPermission = role.permissions.some(p => p.id === permissionId); + if (hasPermission) { + throw new ValidationError('El permiso ya está asignado a este rol'); + } + + // Add permission + role.permissions.push(permission); + role.updatedBy = updatedBy; + role.updatedAt = new Date(); + + await this.roleRepository.save(role); + + logger.info('Permission added to role', { + roleId, + permissionId, + tenantId, + updatedBy, + }); + + return await this.findById(tenantId, roleId); + } catch (error) { + logger.error('Error adding permission', { + error: (error as Error).message, + tenantId, + roleId, + permissionId, + }); + throw error; + } + } + + /** + * Remove a permission from a role + */ + async removePermission( + tenantId: string, + roleId: string, + permissionId: string, + updatedBy: string + ): Promise { + try { + const role = await this.findById(tenantId, roleId); + + if (role.isSystem) { + throw new ForbiddenError('No se pueden modificar permisos de roles del sistema'); + } + + // Filter out the permission + const initialLength = role.permissions.length; + role.permissions = role.permissions.filter(p => p.id !== permissionId); + + if (role.permissions.length === initialLength) { + throw new NotFoundError('El permiso no está asignado a este rol'); + } + + role.updatedBy = updatedBy; + role.updatedAt = new Date(); + + await this.roleRepository.save(role); + + logger.info('Permission removed from role', { + roleId, + permissionId, + tenantId, + updatedBy, + }); + + return await this.findById(tenantId, roleId); + } catch (error) { + logger.error('Error removing permission', { + error: (error as Error).message, + tenantId, + roleId, + permissionId, + }); + throw error; + } + } + + /** + * Get all permissions for a role + */ + async getRolePermissions(tenantId: string, roleId: string): Promise { + const role = await this.findById(tenantId, roleId); + return role.permissions; + } + + /** + * Get system roles (super_admin, admin, etc.) + */ + async getSystemRoles(tenantId: string): Promise { + return await this.roleRepository.find({ + where: { + tenantId, + isSystem: true, + deletedAt: undefined, + }, + relations: ['permissions'], + }); + } +} + +// ===== Export Singleton Instance ===== + +export const rolesService = new RolesService(); diff --git a/backend/src/modules/sales/customer-groups.service.ts b/backend/src/modules/sales/customer-groups.service.ts new file mode 100644 index 0000000..5a16503 --- /dev/null +++ b/backend/src/modules/sales/customer-groups.service.ts @@ -0,0 +1,209 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface CustomerGroupMember { + id: string; + customer_group_id: string; + partner_id: string; + partner_name?: string; + joined_at: Date; +} + +export interface CustomerGroup { + id: string; + tenant_id: string; + name: string; + description?: string; + discount_percentage: number; + members?: CustomerGroupMember[]; + member_count?: number; + created_at: Date; +} + +export interface CreateCustomerGroupDto { + name: string; + description?: string; + discount_percentage?: number; +} + +export interface UpdateCustomerGroupDto { + name?: string; + description?: string | null; + discount_percentage?: number; +} + +export interface CustomerGroupFilters { + search?: string; + page?: number; + limit?: number; +} + +class CustomerGroupsService { + async findAll(tenantId: string, filters: CustomerGroupFilters = {}): Promise<{ data: CustomerGroup[]; total: number }> { + const { search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE cg.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (search) { + whereClause += ` AND (cg.name ILIKE $${paramIndex} OR cg.description ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM sales.customer_groups cg ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT cg.*, + (SELECT COUNT(*) FROM sales.customer_group_members cgm WHERE cgm.customer_group_id = cg.id) as member_count + FROM sales.customer_groups cg + ${whereClause} + ORDER BY cg.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const group = await queryOne( + `SELECT cg.*, + (SELECT COUNT(*) FROM sales.customer_group_members cgm WHERE cgm.customer_group_id = cg.id) as member_count + FROM sales.customer_groups cg + WHERE cg.id = $1 AND cg.tenant_id = $2`, + [id, tenantId] + ); + + if (!group) { + throw new NotFoundError('Grupo de clientes no encontrado'); + } + + // Get members + const members = await query( + `SELECT cgm.*, + p.name as partner_name + FROM sales.customer_group_members cgm + LEFT JOIN core.partners p ON cgm.partner_id = p.id + WHERE cgm.customer_group_id = $1 + ORDER BY p.name`, + [id] + ); + + group.members = members; + + return group; + } + + async create(dto: CreateCustomerGroupDto, tenantId: string, userId: string): Promise { + // Check unique name + const existing = await queryOne( + `SELECT id FROM sales.customer_groups WHERE tenant_id = $1 AND name = $2`, + [tenantId, dto.name] + ); + + if (existing) { + throw new ConflictError('Ya existe un grupo de clientes con ese nombre'); + } + + const group = await queryOne( + `INSERT INTO sales.customer_groups (tenant_id, name, description, discount_percentage, created_by) + VALUES ($1, $2, $3, $4, $5) + RETURNING *`, + [tenantId, dto.name, dto.description, dto.discount_percentage || 0, userId] + ); + + return group!; + } + + async update(id: string, dto: UpdateCustomerGroupDto, tenantId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + // Check unique name + const existing = await queryOne( + `SELECT id FROM sales.customer_groups WHERE tenant_id = $1 AND name = $2 AND id != $3`, + [tenantId, dto.name, id] + ); + if (existing) { + throw new ConflictError('Ya existe un grupo de clientes con ese nombre'); + } + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.discount_percentage !== undefined) { + updateFields.push(`discount_percentage = $${paramIndex++}`); + values.push(dto.discount_percentage); + } + + values.push(id, tenantId); + + await query( + `UPDATE sales.customer_groups SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const group = await this.findById(id, tenantId); + + if (group.member_count && group.member_count > 0) { + throw new ConflictError('No se puede eliminar un grupo con miembros'); + } + + await query(`DELETE FROM sales.customer_groups WHERE id = $1 AND tenant_id = $2`, [id, tenantId]); + } + + async addMember(groupId: string, partnerId: string, tenantId: string): Promise { + await this.findById(groupId, tenantId); + + // Check if already member + const existing = await queryOne( + `SELECT id FROM sales.customer_group_members WHERE customer_group_id = $1 AND partner_id = $2`, + [groupId, partnerId] + ); + if (existing) { + throw new ConflictError('El cliente ya es miembro de este grupo'); + } + + const member = await queryOne( + `INSERT INTO sales.customer_group_members (customer_group_id, partner_id) + VALUES ($1, $2) + RETURNING *`, + [groupId, partnerId] + ); + + return member!; + } + + async removeMember(groupId: string, memberId: string, tenantId: string): Promise { + await this.findById(groupId, tenantId); + + await query( + `DELETE FROM sales.customer_group_members WHERE id = $1 AND customer_group_id = $2`, + [memberId, groupId] + ); + } +} + +export const customerGroupsService = new CustomerGroupsService(); diff --git a/backend/src/modules/sales/index.ts b/backend/src/modules/sales/index.ts new file mode 100644 index 0000000..31f7ef6 --- /dev/null +++ b/backend/src/modules/sales/index.ts @@ -0,0 +1,7 @@ +export * from './pricelists.service.js'; +export * from './sales-teams.service.js'; +export * from './customer-groups.service.js'; +export * from './quotations.service.js'; +export * from './orders.service.js'; +export * from './sales.controller.js'; +export { default as salesRoutes } from './sales.routes.js'; diff --git a/backend/src/modules/sales/orders.service.ts b/backend/src/modules/sales/orders.service.ts new file mode 100644 index 0000000..cca04fc --- /dev/null +++ b/backend/src/modules/sales/orders.service.ts @@ -0,0 +1,707 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; +import { taxesService } from '../financial/taxes.service.js'; +import { sequencesService, SEQUENCE_CODES } from '../core/sequences.service.js'; + +export interface SalesOrderLine { + id: string; + order_id: string; + product_id: string; + product_name?: string; + description: string; + quantity: number; + qty_delivered: number; + qty_invoiced: number; + uom_id: string; + uom_name?: string; + price_unit: number; + discount: number; + tax_ids: string[]; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + analytic_account_id?: string; +} + +export interface SalesOrder { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + client_order_ref?: string; + partner_id: string; + partner_name?: string; + order_date: Date; + validity_date?: Date; + commitment_date?: Date; + currency_id: string; + currency_code?: string; + pricelist_id?: string; + pricelist_name?: string; + payment_term_id?: string; + user_id?: string; + user_name?: string; + sales_team_id?: string; + sales_team_name?: string; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + status: 'draft' | 'sent' | 'sale' | 'done' | 'cancelled'; + invoice_status: 'pending' | 'partial' | 'invoiced'; + delivery_status: 'pending' | 'partial' | 'delivered'; + invoice_policy: 'order' | 'delivery'; + picking_id?: string; + notes?: string; + terms_conditions?: string; + lines?: SalesOrderLine[]; + created_at: Date; + confirmed_at?: Date; +} + +export interface CreateSalesOrderDto { + company_id: string; + partner_id: string; + client_order_ref?: string; + order_date?: string; + validity_date?: string; + commitment_date?: string; + currency_id: string; + pricelist_id?: string; + payment_term_id?: string; + sales_team_id?: string; + invoice_policy?: 'order' | 'delivery'; + notes?: string; + terms_conditions?: string; +} + +export interface UpdateSalesOrderDto { + partner_id?: string; + client_order_ref?: string | null; + order_date?: string; + validity_date?: string | null; + commitment_date?: string | null; + currency_id?: string; + pricelist_id?: string | null; + payment_term_id?: string | null; + sales_team_id?: string | null; + invoice_policy?: 'order' | 'delivery'; + notes?: string | null; + terms_conditions?: string | null; +} + +export interface CreateSalesOrderLineDto { + product_id: string; + description: string; + quantity: number; + uom_id: string; + price_unit: number; + discount?: number; + tax_ids?: string[]; + analytic_account_id?: string; +} + +export interface UpdateSalesOrderLineDto { + description?: string; + quantity?: number; + uom_id?: string; + price_unit?: number; + discount?: number; + tax_ids?: string[]; + analytic_account_id?: string | null; +} + +export interface SalesOrderFilters { + company_id?: string; + partner_id?: string; + status?: string; + invoice_status?: string; + delivery_status?: string; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class OrdersService { + async findAll(tenantId: string, filters: SalesOrderFilters = {}): Promise<{ data: SalesOrder[]; total: number }> { + const { company_id, partner_id, status, invoice_status, delivery_status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE so.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND so.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (partner_id) { + whereClause += ` AND so.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (status) { + whereClause += ` AND so.status = $${paramIndex++}`; + params.push(status); + } + + if (invoice_status) { + whereClause += ` AND so.invoice_status = $${paramIndex++}`; + params.push(invoice_status); + } + + if (delivery_status) { + whereClause += ` AND so.delivery_status = $${paramIndex++}`; + params.push(delivery_status); + } + + if (date_from) { + whereClause += ` AND so.order_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND so.order_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (so.name ILIKE $${paramIndex} OR so.client_order_ref ILIKE $${paramIndex} OR p.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM sales.sales_orders so + LEFT JOIN core.partners p ON so.partner_id = p.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT so.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code, + pl.name as pricelist_name, + u.name as user_name, + st.name as sales_team_name + FROM sales.sales_orders so + LEFT JOIN auth.companies c ON so.company_id = c.id + LEFT JOIN core.partners p ON so.partner_id = p.id + LEFT JOIN core.currencies cu ON so.currency_id = cu.id + LEFT JOIN sales.pricelists pl ON so.pricelist_id = pl.id + LEFT JOIN auth.users u ON so.user_id = u.id + LEFT JOIN sales.sales_teams st ON so.sales_team_id = st.id + ${whereClause} + ORDER BY so.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const order = await queryOne( + `SELECT so.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code, + pl.name as pricelist_name, + u.name as user_name, + st.name as sales_team_name + FROM sales.sales_orders so + LEFT JOIN auth.companies c ON so.company_id = c.id + LEFT JOIN core.partners p ON so.partner_id = p.id + LEFT JOIN core.currencies cu ON so.currency_id = cu.id + LEFT JOIN sales.pricelists pl ON so.pricelist_id = pl.id + LEFT JOIN auth.users u ON so.user_id = u.id + LEFT JOIN sales.sales_teams st ON so.sales_team_id = st.id + WHERE so.id = $1 AND so.tenant_id = $2`, + [id, tenantId] + ); + + if (!order) { + throw new NotFoundError('Orden de venta no encontrada'); + } + + // Get lines + const lines = await query( + `SELECT sol.*, + pr.name as product_name, + um.name as uom_name + FROM sales.sales_order_lines sol + LEFT JOIN inventory.products pr ON sol.product_id = pr.id + LEFT JOIN core.uom um ON sol.uom_id = um.id + WHERE sol.order_id = $1 + ORDER BY sol.created_at`, + [id] + ); + + order.lines = lines; + + return order; + } + + async create(dto: CreateSalesOrderDto, tenantId: string, userId: string): Promise { + // Generate sequence number using atomic database function + const orderNumber = await sequencesService.getNextNumber(SEQUENCE_CODES.SALES_ORDER, tenantId); + + const orderDate = dto.order_date || new Date().toISOString().split('T')[0]; + + const order = await queryOne( + `INSERT INTO sales.sales_orders ( + tenant_id, company_id, name, client_order_ref, partner_id, order_date, + validity_date, commitment_date, currency_id, pricelist_id, payment_term_id, + user_id, sales_team_id, invoice_policy, notes, terms_conditions, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17) + RETURNING *`, + [ + tenantId, dto.company_id, orderNumber, dto.client_order_ref, dto.partner_id, + orderDate, dto.validity_date, dto.commitment_date, dto.currency_id, + dto.pricelist_id, dto.payment_term_id, userId, dto.sales_team_id, + dto.invoice_policy || 'order', dto.notes, dto.terms_conditions, userId + ] + ); + + return order!; + } + + async update(id: string, dto: UpdateSalesOrderDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar órdenes en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.client_order_ref !== undefined) { + updateFields.push(`client_order_ref = $${paramIndex++}`); + values.push(dto.client_order_ref); + } + if (dto.order_date !== undefined) { + updateFields.push(`order_date = $${paramIndex++}`); + values.push(dto.order_date); + } + if (dto.validity_date !== undefined) { + updateFields.push(`validity_date = $${paramIndex++}`); + values.push(dto.validity_date); + } + if (dto.commitment_date !== undefined) { + updateFields.push(`commitment_date = $${paramIndex++}`); + values.push(dto.commitment_date); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.pricelist_id !== undefined) { + updateFields.push(`pricelist_id = $${paramIndex++}`); + values.push(dto.pricelist_id); + } + if (dto.payment_term_id !== undefined) { + updateFields.push(`payment_term_id = $${paramIndex++}`); + values.push(dto.payment_term_id); + } + if (dto.sales_team_id !== undefined) { + updateFields.push(`sales_team_id = $${paramIndex++}`); + values.push(dto.sales_team_id); + } + if (dto.invoice_policy !== undefined) { + updateFields.push(`invoice_policy = $${paramIndex++}`); + values.push(dto.invoice_policy); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + if (dto.terms_conditions !== undefined) { + updateFields.push(`terms_conditions = $${paramIndex++}`); + values.push(dto.terms_conditions); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE sales.sales_orders SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar órdenes en estado borrador'); + } + + await query( + `DELETE FROM sales.sales_orders WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async addLine(orderId: string, dto: CreateSalesOrderLineDto, tenantId: string, userId: string): Promise { + const order = await this.findById(orderId, tenantId); + + if (order.status !== 'draft') { + throw new ValidationError('Solo se pueden agregar líneas a órdenes en estado borrador'); + } + + // Calculate amounts with taxes using taxesService + const taxResult = await taxesService.calculateTaxes( + { + quantity: dto.quantity, + priceUnit: dto.price_unit, + discount: dto.discount || 0, + taxIds: dto.tax_ids || [], + }, + tenantId, + 'sales' + ); + const amountUntaxed = taxResult.amountUntaxed; + const amountTax = taxResult.amountTax; + const amountTotal = taxResult.amountTotal; + + const line = await queryOne( + `INSERT INTO sales.sales_order_lines ( + order_id, tenant_id, product_id, description, quantity, uom_id, + price_unit, discount, tax_ids, amount_untaxed, amount_tax, amount_total, analytic_account_id + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [ + orderId, tenantId, dto.product_id, dto.description, dto.quantity, dto.uom_id, + dto.price_unit, dto.discount || 0, dto.tax_ids || [], amountUntaxed, amountTax, amountTotal, dto.analytic_account_id + ] + ); + + // Update order totals + await this.updateTotals(orderId); + + return line!; + } + + async updateLine(orderId: string, lineId: string, dto: UpdateSalesOrderLineDto, tenantId: string): Promise { + const order = await this.findById(orderId, tenantId); + + if (order.status !== 'draft') { + throw new ValidationError('Solo se pueden editar líneas de órdenes en estado borrador'); + } + + const existingLine = order.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea de orden no encontrada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const quantity = dto.quantity ?? existingLine.quantity; + const priceUnit = dto.price_unit ?? existingLine.price_unit; + const discount = dto.discount ?? existingLine.discount; + + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.quantity !== undefined) { + updateFields.push(`quantity = $${paramIndex++}`); + values.push(dto.quantity); + } + if (dto.uom_id !== undefined) { + updateFields.push(`uom_id = $${paramIndex++}`); + values.push(dto.uom_id); + } + if (dto.price_unit !== undefined) { + updateFields.push(`price_unit = $${paramIndex++}`); + values.push(dto.price_unit); + } + if (dto.discount !== undefined) { + updateFields.push(`discount = $${paramIndex++}`); + values.push(dto.discount); + } + if (dto.tax_ids !== undefined) { + updateFields.push(`tax_ids = $${paramIndex++}`); + values.push(dto.tax_ids); + } + if (dto.analytic_account_id !== undefined) { + updateFields.push(`analytic_account_id = $${paramIndex++}`); + values.push(dto.analytic_account_id); + } + + // Recalculate amounts + const subtotal = quantity * priceUnit; + const discountAmount = subtotal * discount / 100; + const amountUntaxed = subtotal - discountAmount; + const amountTax = 0; // TODO: Calculate taxes + const amountTotal = amountUntaxed + amountTax; + + updateFields.push(`amount_untaxed = $${paramIndex++}`); + values.push(amountUntaxed); + updateFields.push(`amount_tax = $${paramIndex++}`); + values.push(amountTax); + updateFields.push(`amount_total = $${paramIndex++}`); + values.push(amountTotal); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(lineId, orderId); + + await query( + `UPDATE sales.sales_order_lines SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND order_id = $${paramIndex}`, + values + ); + + // Update order totals + await this.updateTotals(orderId); + + const updated = await queryOne( + `SELECT * FROM sales.sales_order_lines WHERE id = $1`, + [lineId] + ); + + return updated!; + } + + async removeLine(orderId: string, lineId: string, tenantId: string): Promise { + const order = await this.findById(orderId, tenantId); + + if (order.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar líneas de órdenes en estado borrador'); + } + + await query( + `DELETE FROM sales.sales_order_lines WHERE id = $1 AND order_id = $2`, + [lineId, orderId] + ); + + // Update order totals + await this.updateTotals(orderId); + } + + async confirm(id: string, tenantId: string, userId: string): Promise { + const order = await this.findById(id, tenantId); + + if (order.status !== 'draft') { + throw new ValidationError('Solo se pueden confirmar órdenes en estado borrador'); + } + + if (!order.lines || order.lines.length === 0) { + throw new ValidationError('La orden debe tener al menos una línea'); + } + + const client = await getClient(); + try { + await client.query('BEGIN'); + + // Update order status to 'sent' (Odoo-compatible: quotation sent to customer) + await client.query( + `UPDATE sales.sales_orders SET + status = 'sent', + confirmed_at = CURRENT_TIMESTAMP, + confirmed_by = $1, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2`, + [userId, id] + ); + + // Create delivery picking (optional - depends on business logic) + // This would create an inventory.pickings record for delivery + + await client.query('COMMIT'); + + return this.findById(id, tenantId); + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const order = await this.findById(id, tenantId); + + if (order.status === 'done') { + throw new ValidationError('No se pueden cancelar órdenes completadas'); + } + + if (order.status === 'cancelled') { + throw new ValidationError('La orden ya está cancelada'); + } + + // Check if there are any deliveries or invoices + if (order.delivery_status !== 'pending') { + throw new ValidationError('No se puede cancelar: ya hay entregas asociadas'); + } + + if (order.invoice_status !== 'pending') { + throw new ValidationError('No se puede cancelar: ya hay facturas asociadas'); + } + + await query( + `UPDATE sales.sales_orders SET + status = 'cancelled', + cancelled_at = CURRENT_TIMESTAMP, + cancelled_by = $1, + updated_by = $1, + updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + async createInvoice(id: string, tenantId: string, userId: string): Promise<{ orderId: string; invoiceId: string }> { + const order = await this.findById(id, tenantId); + + if (order.status !== 'sent' && order.status !== 'sale' && order.status !== 'done') { + throw new ValidationError('Solo se pueden facturar órdenes confirmadas (sent/sale)'); + } + + if (order.invoice_status === 'invoiced') { + throw new ValidationError('La orden ya está completamente facturada'); + } + + // Check if there are quantities to invoice + const linesToInvoice = order.lines?.filter(l => { + if (order.invoice_policy === 'order') { + return l.quantity > l.qty_invoiced; + } else { + return l.qty_delivered > l.qty_invoiced; + } + }); + + if (!linesToInvoice || linesToInvoice.length === 0) { + throw new ValidationError('No hay líneas para facturar'); + } + + const client = await getClient(); + try { + await client.query('BEGIN'); + + // Generate invoice number + const seqResult = await client.query( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 5) AS INTEGER)), 0) + 1 as next_num + FROM financial.invoices WHERE tenant_id = $1 AND name LIKE 'INV-%'`, + [tenantId] + ); + const invoiceNumber = `INV-${String(seqResult.rows[0]?.next_num || 1).padStart(6, '0')}`; + + // Create invoice + const invoiceResult = await client.query( + `INSERT INTO financial.invoices ( + tenant_id, company_id, name, partner_id, invoice_date, due_date, + currency_id, invoice_type, amount_untaxed, amount_tax, amount_total, + source_document, created_by + ) + VALUES ($1, $2, $3, $4, CURRENT_DATE, CURRENT_DATE + INTERVAL '30 days', + $5, 'customer', 0, 0, 0, $6, $7) + RETURNING id`, + [tenantId, order.company_id, invoiceNumber, order.partner_id, order.currency_id, order.name, userId] + ); + const invoiceId = invoiceResult.rows[0].id; + + // Create invoice lines and update qty_invoiced + for (const line of linesToInvoice) { + const qtyToInvoice = order.invoice_policy === 'order' + ? line.quantity - line.qty_invoiced + : line.qty_delivered - line.qty_invoiced; + + const lineAmount = qtyToInvoice * line.price_unit * (1 - line.discount / 100); + + await client.query( + `INSERT INTO financial.invoice_lines ( + invoice_id, tenant_id, product_id, description, quantity, uom_id, + price_unit, discount, amount_untaxed, amount_tax, amount_total + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, 0, $9)`, + [invoiceId, tenantId, line.product_id, line.description, qtyToInvoice, line.uom_id, line.price_unit, line.discount, lineAmount] + ); + + await client.query( + `UPDATE sales.sales_order_lines SET qty_invoiced = qty_invoiced + $1 WHERE id = $2`, + [qtyToInvoice, line.id] + ); + } + + // Update invoice totals + await client.query( + `UPDATE financial.invoices SET + amount_untaxed = (SELECT COALESCE(SUM(amount_untaxed), 0) FROM financial.invoice_lines WHERE invoice_id = $1), + amount_total = (SELECT COALESCE(SUM(amount_total), 0) FROM financial.invoice_lines WHERE invoice_id = $1) + WHERE id = $1`, + [invoiceId] + ); + + // Update order invoice_status + await client.query( + `UPDATE sales.sales_orders SET + invoice_status = CASE + WHEN (SELECT SUM(qty_invoiced) FROM sales.sales_order_lines WHERE order_id = $1) >= + (SELECT SUM(quantity) FROM sales.sales_order_lines WHERE order_id = $1) + THEN 'invoiced'::sales.invoice_status + ELSE 'partial'::sales.invoice_status + END, + updated_by = $2, + updated_at = CURRENT_TIMESTAMP + WHERE id = $1`, + [id, userId] + ); + + await client.query('COMMIT'); + + return { orderId: id, invoiceId }; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + private async updateTotals(orderId: string): Promise { + await query( + `UPDATE sales.sales_orders SET + amount_untaxed = COALESCE((SELECT SUM(amount_untaxed) FROM sales.sales_order_lines WHERE order_id = $1), 0), + amount_tax = COALESCE((SELECT SUM(amount_tax) FROM sales.sales_order_lines WHERE order_id = $1), 0), + amount_total = COALESCE((SELECT SUM(amount_total) FROM sales.sales_order_lines WHERE order_id = $1), 0) + WHERE id = $1`, + [orderId] + ); + } +} + +export const ordersService = new OrdersService(); diff --git a/backend/src/modules/sales/pricelists.service.ts b/backend/src/modules/sales/pricelists.service.ts new file mode 100644 index 0000000..edbe75f --- /dev/null +++ b/backend/src/modules/sales/pricelists.service.ts @@ -0,0 +1,249 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; + +export interface PricelistItem { + id: string; + pricelist_id: string; + product_id?: string; + product_name?: string; + product_category_id?: string; + category_name?: string; + price: number; + min_quantity: number; + valid_from?: Date; + valid_to?: Date; + active: boolean; +} + +export interface Pricelist { + id: string; + tenant_id: string; + company_id?: string; + company_name?: string; + name: string; + currency_id: string; + currency_code?: string; + active: boolean; + items?: PricelistItem[]; + created_at: Date; +} + +export interface CreatePricelistDto { + company_id?: string; + name: string; + currency_id: string; +} + +export interface UpdatePricelistDto { + name?: string; + currency_id?: string; + active?: boolean; +} + +export interface CreatePricelistItemDto { + product_id?: string; + product_category_id?: string; + price: number; + min_quantity?: number; + valid_from?: string; + valid_to?: string; +} + +export interface PricelistFilters { + company_id?: string; + active?: boolean; + page?: number; + limit?: number; +} + +class PricelistsService { + async findAll(tenantId: string, filters: PricelistFilters = {}): Promise<{ data: Pricelist[]; total: number }> { + const { company_id, active, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE p.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND p.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (active !== undefined) { + whereClause += ` AND p.active = $${paramIndex++}`; + params.push(active); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM sales.pricelists p ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT p.*, + c.name as company_name, + cu.code as currency_code + FROM sales.pricelists p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN core.currencies cu ON p.currency_id = cu.id + ${whereClause} + ORDER BY p.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const pricelist = await queryOne( + `SELECT p.*, + c.name as company_name, + cu.code as currency_code + FROM sales.pricelists p + LEFT JOIN auth.companies c ON p.company_id = c.id + LEFT JOIN core.currencies cu ON p.currency_id = cu.id + WHERE p.id = $1 AND p.tenant_id = $2`, + [id, tenantId] + ); + + if (!pricelist) { + throw new NotFoundError('Lista de precios no encontrada'); + } + + // Get items + const items = await query( + `SELECT pi.*, + pr.name as product_name, + pc.name as category_name + FROM sales.pricelist_items pi + LEFT JOIN inventory.products pr ON pi.product_id = pr.id + LEFT JOIN core.product_categories pc ON pi.product_category_id = pc.id + WHERE pi.pricelist_id = $1 + ORDER BY pi.min_quantity, pr.name`, + [id] + ); + + pricelist.items = items; + + return pricelist; + } + + async create(dto: CreatePricelistDto, tenantId: string, userId: string): Promise { + // Check unique name + const existing = await queryOne( + `SELECT id FROM sales.pricelists WHERE tenant_id = $1 AND name = $2`, + [tenantId, dto.name] + ); + + if (existing) { + throw new ConflictError('Ya existe una lista de precios con ese nombre'); + } + + const pricelist = await queryOne( + `INSERT INTO sales.pricelists (tenant_id, company_id, name, currency_id, created_by) + VALUES ($1, $2, $3, $4, $5) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.currency_id, userId] + ); + + return pricelist!; + } + + async update(id: string, dto: UpdatePricelistDto, tenantId: string, userId: string): Promise { + await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + // Check unique name + const existing = await queryOne( + `SELECT id FROM sales.pricelists WHERE tenant_id = $1 AND name = $2 AND id != $3`, + [tenantId, dto.name, id] + ); + if (existing) { + throw new ConflictError('Ya existe una lista de precios con ese nombre'); + } + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE sales.pricelists SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async addItem(pricelistId: string, dto: CreatePricelistItemDto, tenantId: string, userId: string): Promise { + await this.findById(pricelistId, tenantId); + + if (!dto.product_id && !dto.product_category_id) { + throw new ValidationError('Debe especificar un producto o una categoría'); + } + + if (dto.product_id && dto.product_category_id) { + throw new ValidationError('Debe especificar solo un producto o solo una categoría, no ambos'); + } + + const item = await queryOne( + `INSERT INTO sales.pricelist_items (pricelist_id, product_id, product_category_id, price, min_quantity, valid_from, valid_to, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [pricelistId, dto.product_id, dto.product_category_id, dto.price, dto.min_quantity || 1, dto.valid_from, dto.valid_to, userId] + ); + + return item!; + } + + async removeItem(pricelistId: string, itemId: string, tenantId: string): Promise { + await this.findById(pricelistId, tenantId); + + const result = await query( + `DELETE FROM sales.pricelist_items WHERE id = $1 AND pricelist_id = $2`, + [itemId, pricelistId] + ); + } + + async getProductPrice(productId: string, pricelistId: string, quantity: number = 1): Promise { + const item = await queryOne<{ price: number }>( + `SELECT price FROM sales.pricelist_items + WHERE pricelist_id = $1 + AND (product_id = $2 OR product_category_id = (SELECT category_id FROM inventory.products WHERE id = $2)) + AND active = true + AND min_quantity <= $3 + AND (valid_from IS NULL OR valid_from <= CURRENT_DATE) + AND (valid_to IS NULL OR valid_to >= CURRENT_DATE) + ORDER BY product_id NULLS LAST, min_quantity DESC + LIMIT 1`, + [pricelistId, productId, quantity] + ); + + return item?.price || null; + } +} + +export const pricelistsService = new PricelistsService(); diff --git a/backend/src/modules/sales/quotations.service.ts b/backend/src/modules/sales/quotations.service.ts new file mode 100644 index 0000000..9485e14 --- /dev/null +++ b/backend/src/modules/sales/quotations.service.ts @@ -0,0 +1,588 @@ +import { query, queryOne, getClient } from '../../config/database.js'; +import { NotFoundError, ConflictError, ValidationError } from '../../shared/errors/index.js'; +import { taxesService } from '../financial/taxes.service.js'; + +export interface QuotationLine { + id: string; + quotation_id: string; + product_id?: string; + product_name?: string; + description: string; + quantity: number; + uom_id: string; + uom_name?: string; + price_unit: number; + discount: number; + tax_ids: string[]; + amount_untaxed: number; + amount_tax: number; + amount_total: number; +} + +export interface Quotation { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + partner_id: string; + partner_name?: string; + quotation_date: Date; + validity_date: Date; + currency_id: string; + currency_code?: string; + pricelist_id?: string; + pricelist_name?: string; + user_id?: string; + user_name?: string; + sales_team_id?: string; + sales_team_name?: string; + amount_untaxed: number; + amount_tax: number; + amount_total: number; + status: 'draft' | 'sent' | 'confirmed' | 'cancelled' | 'expired'; + sale_order_id?: string; + notes?: string; + terms_conditions?: string; + lines?: QuotationLine[]; + created_at: Date; +} + +export interface CreateQuotationDto { + company_id: string; + partner_id: string; + quotation_date?: string; + validity_date: string; + currency_id: string; + pricelist_id?: string; + sales_team_id?: string; + notes?: string; + terms_conditions?: string; +} + +export interface UpdateQuotationDto { + partner_id?: string; + quotation_date?: string; + validity_date?: string; + currency_id?: string; + pricelist_id?: string | null; + sales_team_id?: string | null; + notes?: string | null; + terms_conditions?: string | null; +} + +export interface CreateQuotationLineDto { + product_id?: string; + description: string; + quantity: number; + uom_id: string; + price_unit: number; + discount?: number; + tax_ids?: string[]; +} + +export interface UpdateQuotationLineDto { + description?: string; + quantity?: number; + uom_id?: string; + price_unit?: number; + discount?: number; + tax_ids?: string[]; +} + +export interface QuotationFilters { + company_id?: string; + partner_id?: string; + status?: string; + date_from?: string; + date_to?: string; + search?: string; + page?: number; + limit?: number; +} + +class QuotationsService { + async findAll(tenantId: string, filters: QuotationFilters = {}): Promise<{ data: Quotation[]; total: number }> { + const { company_id, partner_id, status, date_from, date_to, search, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE q.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND q.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (partner_id) { + whereClause += ` AND q.partner_id = $${paramIndex++}`; + params.push(partner_id); + } + + if (status) { + whereClause += ` AND q.status = $${paramIndex++}`; + params.push(status); + } + + if (date_from) { + whereClause += ` AND q.quotation_date >= $${paramIndex++}`; + params.push(date_from); + } + + if (date_to) { + whereClause += ` AND q.quotation_date <= $${paramIndex++}`; + params.push(date_to); + } + + if (search) { + whereClause += ` AND (q.name ILIKE $${paramIndex} OR p.name ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM sales.quotations q + LEFT JOIN core.partners p ON q.partner_id = p.id + ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT q.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code, + pl.name as pricelist_name, + u.name as user_name, + st.name as sales_team_name + FROM sales.quotations q + LEFT JOIN auth.companies c ON q.company_id = c.id + LEFT JOIN core.partners p ON q.partner_id = p.id + LEFT JOIN core.currencies cu ON q.currency_id = cu.id + LEFT JOIN sales.pricelists pl ON q.pricelist_id = pl.id + LEFT JOIN auth.users u ON q.user_id = u.id + LEFT JOIN sales.sales_teams st ON q.sales_team_id = st.id + ${whereClause} + ORDER BY q.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const quotation = await queryOne( + `SELECT q.*, + c.name as company_name, + p.name as partner_name, + cu.code as currency_code, + pl.name as pricelist_name, + u.name as user_name, + st.name as sales_team_name + FROM sales.quotations q + LEFT JOIN auth.companies c ON q.company_id = c.id + LEFT JOIN core.partners p ON q.partner_id = p.id + LEFT JOIN core.currencies cu ON q.currency_id = cu.id + LEFT JOIN sales.pricelists pl ON q.pricelist_id = pl.id + LEFT JOIN auth.users u ON q.user_id = u.id + LEFT JOIN sales.sales_teams st ON q.sales_team_id = st.id + WHERE q.id = $1 AND q.tenant_id = $2`, + [id, tenantId] + ); + + if (!quotation) { + throw new NotFoundError('Cotización no encontrada'); + } + + // Get lines + const lines = await query( + `SELECT ql.*, + pr.name as product_name, + um.name as uom_name + FROM sales.quotation_lines ql + LEFT JOIN inventory.products pr ON ql.product_id = pr.id + LEFT JOIN core.uom um ON ql.uom_id = um.id + WHERE ql.quotation_id = $1 + ORDER BY ql.created_at`, + [id] + ); + + quotation.lines = lines; + + return quotation; + } + + async create(dto: CreateQuotationDto, tenantId: string, userId: string): Promise { + // Generate sequence number + const seqResult = await queryOne<{ next_num: number }>( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 5) AS INTEGER)), 0) + 1 as next_num + FROM sales.quotations WHERE tenant_id = $1 AND name LIKE 'QUO-%'`, + [tenantId] + ); + const quotationNumber = `QUO-${String(seqResult?.next_num || 1).padStart(6, '0')}`; + + const quotationDate = dto.quotation_date || new Date().toISOString().split('T')[0]; + + const quotation = await queryOne( + `INSERT INTO sales.quotations ( + tenant_id, company_id, name, partner_id, quotation_date, validity_date, + currency_id, pricelist_id, user_id, sales_team_id, notes, terms_conditions, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13) + RETURNING *`, + [ + tenantId, dto.company_id, quotationNumber, dto.partner_id, + quotationDate, dto.validity_date, dto.currency_id, dto.pricelist_id, + userId, dto.sales_team_id, dto.notes, dto.terms_conditions, userId + ] + ); + + return quotation!; + } + + async update(id: string, dto: UpdateQuotationDto, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden editar cotizaciones en estado borrador'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.partner_id !== undefined) { + updateFields.push(`partner_id = $${paramIndex++}`); + values.push(dto.partner_id); + } + if (dto.quotation_date !== undefined) { + updateFields.push(`quotation_date = $${paramIndex++}`); + values.push(dto.quotation_date); + } + if (dto.validity_date !== undefined) { + updateFields.push(`validity_date = $${paramIndex++}`); + values.push(dto.validity_date); + } + if (dto.currency_id !== undefined) { + updateFields.push(`currency_id = $${paramIndex++}`); + values.push(dto.currency_id); + } + if (dto.pricelist_id !== undefined) { + updateFields.push(`pricelist_id = $${paramIndex++}`); + values.push(dto.pricelist_id); + } + if (dto.sales_team_id !== undefined) { + updateFields.push(`sales_team_id = $${paramIndex++}`); + values.push(dto.sales_team_id); + } + if (dto.notes !== undefined) { + updateFields.push(`notes = $${paramIndex++}`); + values.push(dto.notes); + } + if (dto.terms_conditions !== undefined) { + updateFields.push(`terms_conditions = $${paramIndex++}`); + values.push(dto.terms_conditions); + } + + if (updateFields.length === 0) { + return existing; + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE sales.quotations SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async delete(id: string, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar cotizaciones en estado borrador'); + } + + await query( + `DELETE FROM sales.quotations WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async addLine(quotationId: string, dto: CreateQuotationLineDto, tenantId: string, userId: string): Promise { + const quotation = await this.findById(quotationId, tenantId); + + if (quotation.status !== 'draft') { + throw new ValidationError('Solo se pueden agregar líneas a cotizaciones en estado borrador'); + } + + // Calculate amounts with taxes using taxesService + const taxResult = await taxesService.calculateTaxes( + { + quantity: dto.quantity, + priceUnit: dto.price_unit, + discount: dto.discount || 0, + taxIds: dto.tax_ids || [], + }, + tenantId, + 'sales' + ); + const amountUntaxed = taxResult.amountUntaxed; + const amountTax = taxResult.amountTax; + const amountTotal = taxResult.amountTotal; + + const line = await queryOne( + `INSERT INTO sales.quotation_lines ( + quotation_id, tenant_id, product_id, description, quantity, uom_id, + price_unit, discount, tax_ids, amount_untaxed, amount_tax, amount_total + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12) + RETURNING *`, + [ + quotationId, tenantId, dto.product_id, dto.description, dto.quantity, dto.uom_id, + dto.price_unit, dto.discount || 0, dto.tax_ids || [], amountUntaxed, amountTax, amountTotal + ] + ); + + // Update quotation totals + await this.updateTotals(quotationId); + + return line!; + } + + async updateLine(quotationId: string, lineId: string, dto: UpdateQuotationLineDto, tenantId: string): Promise { + const quotation = await this.findById(quotationId, tenantId); + + if (quotation.status !== 'draft') { + throw new ValidationError('Solo se pueden editar líneas de cotizaciones en estado borrador'); + } + + const existingLine = quotation.lines?.find(l => l.id === lineId); + if (!existingLine) { + throw new NotFoundError('Línea de cotización no encontrada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + const quantity = dto.quantity ?? existingLine.quantity; + const priceUnit = dto.price_unit ?? existingLine.price_unit; + const discount = dto.discount ?? existingLine.discount; + + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.quantity !== undefined) { + updateFields.push(`quantity = $${paramIndex++}`); + values.push(dto.quantity); + } + if (dto.uom_id !== undefined) { + updateFields.push(`uom_id = $${paramIndex++}`); + values.push(dto.uom_id); + } + if (dto.price_unit !== undefined) { + updateFields.push(`price_unit = $${paramIndex++}`); + values.push(dto.price_unit); + } + if (dto.discount !== undefined) { + updateFields.push(`discount = $${paramIndex++}`); + values.push(dto.discount); + } + if (dto.tax_ids !== undefined) { + updateFields.push(`tax_ids = $${paramIndex++}`); + values.push(dto.tax_ids); + } + + // Recalculate amounts + const subtotal = quantity * priceUnit; + const discountAmount = subtotal * discount / 100; + const amountUntaxed = subtotal - discountAmount; + const amountTax = 0; // TODO: Calculate taxes + const amountTotal = amountUntaxed + amountTax; + + updateFields.push(`amount_untaxed = $${paramIndex++}`); + values.push(amountUntaxed); + updateFields.push(`amount_tax = $${paramIndex++}`); + values.push(amountTax); + updateFields.push(`amount_total = $${paramIndex++}`); + values.push(amountTotal); + + values.push(lineId, quotationId); + + await query( + `UPDATE sales.quotation_lines SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND quotation_id = $${paramIndex}`, + values + ); + + // Update quotation totals + await this.updateTotals(quotationId); + + const updated = await queryOne( + `SELECT * FROM sales.quotation_lines WHERE id = $1`, + [lineId] + ); + + return updated!; + } + + async removeLine(quotationId: string, lineId: string, tenantId: string): Promise { + const quotation = await this.findById(quotationId, tenantId); + + if (quotation.status !== 'draft') { + throw new ValidationError('Solo se pueden eliminar líneas de cotizaciones en estado borrador'); + } + + await query( + `DELETE FROM sales.quotation_lines WHERE id = $1 AND quotation_id = $2`, + [lineId, quotationId] + ); + + // Update quotation totals + await this.updateTotals(quotationId); + } + + async send(id: string, tenantId: string, userId: string): Promise { + const quotation = await this.findById(id, tenantId); + + if (quotation.status !== 'draft') { + throw new ValidationError('Solo se pueden enviar cotizaciones en estado borrador'); + } + + if (!quotation.lines || quotation.lines.length === 0) { + throw new ValidationError('La cotización debe tener al menos una línea'); + } + + await query( + `UPDATE sales.quotations SET status = 'sent', updated_by = $1, updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + // TODO: Send email notification + + return this.findById(id, tenantId); + } + + async confirm(id: string, tenantId: string, userId: string): Promise<{ quotation: Quotation; orderId: string }> { + const quotation = await this.findById(id, tenantId); + + if (!['draft', 'sent'].includes(quotation.status)) { + throw new ValidationError('Solo se pueden confirmar cotizaciones en estado borrador o enviado'); + } + + if (!quotation.lines || quotation.lines.length === 0) { + throw new ValidationError('La cotización debe tener al menos una línea'); + } + + const client = await getClient(); + try { + await client.query('BEGIN'); + + // Generate order sequence number + const seqResult = await client.query( + `SELECT COALESCE(MAX(CAST(SUBSTRING(name FROM 4) AS INTEGER)), 0) + 1 as next_num + FROM sales.sales_orders WHERE tenant_id = $1 AND name LIKE 'SO-%'`, + [tenantId] + ); + const orderNumber = `SO-${String(seqResult.rows[0]?.next_num || 1).padStart(6, '0')}`; + + // Create sales order + const orderResult = await client.query( + `INSERT INTO sales.sales_orders ( + tenant_id, company_id, name, partner_id, order_date, currency_id, + pricelist_id, user_id, sales_team_id, amount_untaxed, amount_tax, + amount_total, notes, terms_conditions, created_by + ) + SELECT tenant_id, company_id, $1, partner_id, CURRENT_DATE, currency_id, + pricelist_id, user_id, sales_team_id, amount_untaxed, amount_tax, + amount_total, notes, terms_conditions, $2 + FROM sales.quotations WHERE id = $3 + RETURNING id`, + [orderNumber, userId, id] + ); + const orderId = orderResult.rows[0].id; + + // Copy lines to order (include tenant_id for multi-tenant security) + await client.query( + `INSERT INTO sales.sales_order_lines ( + order_id, tenant_id, product_id, description, quantity, uom_id, price_unit, + discount, tax_ids, amount_untaxed, amount_tax, amount_total + ) + SELECT $1, $3, product_id, description, quantity, uom_id, price_unit, + discount, tax_ids, amount_untaxed, amount_tax, amount_total + FROM sales.quotation_lines WHERE quotation_id = $2 AND tenant_id = $3`, + [orderId, id, tenantId] + ); + + // Update quotation status + await client.query( + `UPDATE sales.quotations SET status = 'confirmed', sale_order_id = $1, + updated_by = $2, updated_at = CURRENT_TIMESTAMP + WHERE id = $3`, + [orderId, userId, id] + ); + + await client.query('COMMIT'); + + return { + quotation: await this.findById(id, tenantId), + orderId + }; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + async cancel(id: string, tenantId: string, userId: string): Promise { + const quotation = await this.findById(id, tenantId); + + if (quotation.status === 'confirmed') { + throw new ValidationError('No se pueden cancelar cotizaciones confirmadas'); + } + + if (quotation.status === 'cancelled') { + throw new ValidationError('La cotización ya está cancelada'); + } + + await query( + `UPDATE sales.quotations SET status = 'cancelled', updated_by = $1, updated_at = CURRENT_TIMESTAMP + WHERE id = $2 AND tenant_id = $3`, + [userId, id, tenantId] + ); + + return this.findById(id, tenantId); + } + + private async updateTotals(quotationId: string): Promise { + await query( + `UPDATE sales.quotations SET + amount_untaxed = COALESCE((SELECT SUM(amount_untaxed) FROM sales.quotation_lines WHERE quotation_id = $1), 0), + amount_tax = COALESCE((SELECT SUM(amount_tax) FROM sales.quotation_lines WHERE quotation_id = $1), 0), + amount_total = COALESCE((SELECT SUM(amount_total) FROM sales.quotation_lines WHERE quotation_id = $1), 0) + WHERE id = $1`, + [quotationId] + ); + } +} + +export const quotationsService = new QuotationsService(); diff --git a/backend/src/modules/sales/sales-teams.service.ts b/backend/src/modules/sales/sales-teams.service.ts new file mode 100644 index 0000000..b9185b5 --- /dev/null +++ b/backend/src/modules/sales/sales-teams.service.ts @@ -0,0 +1,241 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ConflictError } from '../../shared/errors/index.js'; + +export interface SalesTeamMember { + id: string; + sales_team_id: string; + user_id: string; + user_name?: string; + user_email?: string; + role?: string; + joined_at: Date; +} + +export interface SalesTeam { + id: string; + tenant_id: string; + company_id: string; + company_name?: string; + name: string; + code?: string; + team_leader_id?: string; + team_leader_name?: string; + target_monthly?: number; + target_annual?: number; + active: boolean; + members?: SalesTeamMember[]; + created_at: Date; +} + +export interface CreateSalesTeamDto { + company_id: string; + name: string; + code?: string; + team_leader_id?: string; + target_monthly?: number; + target_annual?: number; +} + +export interface UpdateSalesTeamDto { + name?: string; + code?: string; + team_leader_id?: string | null; + target_monthly?: number | null; + target_annual?: number | null; + active?: boolean; +} + +export interface SalesTeamFilters { + company_id?: string; + active?: boolean; + page?: number; + limit?: number; +} + +class SalesTeamsService { + async findAll(tenantId: string, filters: SalesTeamFilters = {}): Promise<{ data: SalesTeam[]; total: number }> { + const { company_id, active, page = 1, limit = 20 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE st.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (company_id) { + whereClause += ` AND st.company_id = $${paramIndex++}`; + params.push(company_id); + } + + if (active !== undefined) { + whereClause += ` AND st.active = $${paramIndex++}`; + params.push(active); + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM sales.sales_teams st ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT st.*, + c.name as company_name, + u.full_name as team_leader_name + FROM sales.sales_teams st + LEFT JOIN auth.companies c ON st.company_id = c.id + LEFT JOIN auth.users u ON st.team_leader_id = u.id + ${whereClause} + ORDER BY st.name + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findById(id: string, tenantId: string): Promise { + const team = await queryOne( + `SELECT st.*, + c.name as company_name, + u.full_name as team_leader_name + FROM sales.sales_teams st + LEFT JOIN auth.companies c ON st.company_id = c.id + LEFT JOIN auth.users u ON st.team_leader_id = u.id + WHERE st.id = $1 AND st.tenant_id = $2`, + [id, tenantId] + ); + + if (!team) { + throw new NotFoundError('Equipo de ventas no encontrado'); + } + + // Get members + const members = await query( + `SELECT stm.*, + u.full_name as user_name, + u.email as user_email + FROM sales.sales_team_members stm + LEFT JOIN auth.users u ON stm.user_id = u.id + WHERE stm.sales_team_id = $1 + ORDER BY stm.joined_at`, + [id] + ); + + team.members = members; + + return team; + } + + async create(dto: CreateSalesTeamDto, tenantId: string, userId: string): Promise { + // Check unique code in company + if (dto.code) { + const existing = await queryOne( + `SELECT id FROM sales.sales_teams WHERE company_id = $1 AND code = $2`, + [dto.company_id, dto.code] + ); + if (existing) { + throw new ConflictError('Ya existe un equipo con ese código en esta empresa'); + } + } + + const team = await queryOne( + `INSERT INTO sales.sales_teams (tenant_id, company_id, name, code, team_leader_id, target_monthly, target_annual, created_by) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8) + RETURNING *`, + [tenantId, dto.company_id, dto.name, dto.code, dto.team_leader_id, dto.target_monthly, dto.target_annual, userId] + ); + + return team!; + } + + async update(id: string, dto: UpdateSalesTeamDto, tenantId: string, userId: string): Promise { + const team = await this.findById(id, tenantId); + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.name !== undefined) { + updateFields.push(`name = $${paramIndex++}`); + values.push(dto.name); + } + if (dto.code !== undefined) { + // Check unique code + const existing = await queryOne( + `SELECT id FROM sales.sales_teams WHERE company_id = $1 AND code = $2 AND id != $3`, + [team.company_id, dto.code, id] + ); + if (existing) { + throw new ConflictError('Ya existe un equipo con ese código en esta empresa'); + } + updateFields.push(`code = $${paramIndex++}`); + values.push(dto.code); + } + if (dto.team_leader_id !== undefined) { + updateFields.push(`team_leader_id = $${paramIndex++}`); + values.push(dto.team_leader_id); + } + if (dto.target_monthly !== undefined) { + updateFields.push(`target_monthly = $${paramIndex++}`); + values.push(dto.target_monthly); + } + if (dto.target_annual !== undefined) { + updateFields.push(`target_annual = $${paramIndex++}`); + values.push(dto.target_annual); + } + if (dto.active !== undefined) { + updateFields.push(`active = $${paramIndex++}`); + values.push(dto.active); + } + + updateFields.push(`updated_by = $${paramIndex++}`); + values.push(userId); + updateFields.push(`updated_at = CURRENT_TIMESTAMP`); + + values.push(id, tenantId); + + await query( + `UPDATE sales.sales_teams SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async addMember(teamId: string, userId: string, role: string, tenantId: string): Promise { + await this.findById(teamId, tenantId); + + // Check if already member + const existing = await queryOne( + `SELECT id FROM sales.sales_team_members WHERE sales_team_id = $1 AND user_id = $2`, + [teamId, userId] + ); + if (existing) { + throw new ConflictError('El usuario ya es miembro de este equipo'); + } + + const member = await queryOne( + `INSERT INTO sales.sales_team_members (sales_team_id, user_id, role) + VALUES ($1, $2, $3) + RETURNING *`, + [teamId, userId, role] + ); + + return member!; + } + + async removeMember(teamId: string, memberId: string, tenantId: string): Promise { + await this.findById(teamId, tenantId); + + await query( + `DELETE FROM sales.sales_team_members WHERE id = $1 AND sales_team_id = $2`, + [memberId, teamId] + ); + } +} + +export const salesTeamsService = new SalesTeamsService(); diff --git a/backend/src/modules/sales/sales.controller.ts b/backend/src/modules/sales/sales.controller.ts new file mode 100644 index 0000000..efd8a83 --- /dev/null +++ b/backend/src/modules/sales/sales.controller.ts @@ -0,0 +1,889 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { pricelistsService, CreatePricelistDto, UpdatePricelistDto, CreatePricelistItemDto, PricelistFilters } from './pricelists.service.js'; +import { salesTeamsService, CreateSalesTeamDto, UpdateSalesTeamDto, SalesTeamFilters } from './sales-teams.service.js'; +import { customerGroupsService, CreateCustomerGroupDto, UpdateCustomerGroupDto, CustomerGroupFilters } from './customer-groups.service.js'; +import { quotationsService, CreateQuotationDto, UpdateQuotationDto, CreateQuotationLineDto, UpdateQuotationLineDto, QuotationFilters } from './quotations.service.js'; +import { ordersService, CreateSalesOrderDto, UpdateSalesOrderDto, CreateSalesOrderLineDto, UpdateSalesOrderLineDto, SalesOrderFilters } from './orders.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// Pricelist schemas +const createPricelistSchema = z.object({ + company_id: z.string().uuid().optional(), + name: z.string().min(1, 'El nombre es requerido').max(255), + currency_id: z.string().uuid({ message: 'La moneda es requerida' }), +}); + +const updatePricelistSchema = z.object({ + name: z.string().min(1).max(255).optional(), + currency_id: z.string().uuid().optional(), + active: z.boolean().optional(), +}); + +const createPricelistItemSchema = z.object({ + product_id: z.string().uuid().optional(), + product_category_id: z.string().uuid().optional(), + price: z.number().min(0, 'El precio debe ser positivo'), + min_quantity: z.number().positive().default(1), + valid_from: z.string().optional(), + valid_to: z.string().optional(), +}); + +const pricelistQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Sales Team schemas +const createSalesTeamSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + name: z.string().min(1, 'El nombre es requerido').max(255), + code: z.string().max(50).optional(), + team_leader_id: z.string().uuid().optional(), + target_monthly: z.number().positive().optional(), + target_annual: z.number().positive().optional(), +}); + +const updateSalesTeamSchema = z.object({ + name: z.string().min(1).max(255).optional(), + code: z.string().max(50).optional(), + team_leader_id: z.string().uuid().optional().nullable(), + target_monthly: z.number().positive().optional().nullable(), + target_annual: z.number().positive().optional().nullable(), + active: z.boolean().optional(), +}); + +const addTeamMemberSchema = z.object({ + user_id: z.string().uuid({ message: 'El usuario es requerido' }), + role: z.string().max(100).default('member'), +}); + +const salesTeamQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + active: z.coerce.boolean().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Customer Group schemas +const createCustomerGroupSchema = z.object({ + name: z.string().min(1, 'El nombre es requerido').max(255), + description: z.string().optional(), + discount_percentage: z.number().min(0).max(100).default(0), +}); + +const updateCustomerGroupSchema = z.object({ + name: z.string().min(1).max(255).optional(), + description: z.string().optional().nullable(), + discount_percentage: z.number().min(0).max(100).optional(), +}); + +const addGroupMemberSchema = z.object({ + partner_id: z.string().uuid({ message: 'El cliente es requerido' }), +}); + +const customerGroupQuerySchema = z.object({ + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Quotation schemas +const createQuotationSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + partner_id: z.string().uuid({ message: 'El cliente es requerido' }), + quotation_date: z.string().optional(), + validity_date: z.string({ message: 'La fecha de validez es requerida' }), + currency_id: z.string().uuid({ message: 'La moneda es requerida' }), + pricelist_id: z.string().uuid().optional(), + sales_team_id: z.string().uuid().optional(), + notes: z.string().optional(), + terms_conditions: z.string().optional(), +}); + +const updateQuotationSchema = z.object({ + partner_id: z.string().uuid().optional(), + quotation_date: z.string().optional(), + validity_date: z.string().optional(), + currency_id: z.string().uuid().optional(), + pricelist_id: z.string().uuid().optional().nullable(), + sales_team_id: z.string().uuid().optional().nullable(), + notes: z.string().optional().nullable(), + terms_conditions: z.string().optional().nullable(), +}); + +const createQuotationLineSchema = z.object({ + product_id: z.string().uuid().optional(), + description: z.string().min(1, 'La descripción es requerida'), + quantity: z.number().positive('La cantidad debe ser positiva'), + uom_id: z.string().uuid({ message: 'La unidad de medida es requerida' }), + price_unit: z.number().min(0, 'El precio debe ser positivo'), + discount: z.number().min(0).max(100).default(0), + tax_ids: z.array(z.string().uuid()).optional(), +}); + +const updateQuotationLineSchema = z.object({ + description: z.string().min(1).optional(), + quantity: z.number().positive().optional(), + uom_id: z.string().uuid().optional(), + price_unit: z.number().min(0).optional(), + discount: z.number().min(0).max(100).optional(), + tax_ids: z.array(z.string().uuid()).optional(), +}); + +const quotationQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + status: z.enum(['draft', 'sent', 'confirmed', 'cancelled', 'expired']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +// Sales Order schemas +const createSalesOrderSchema = z.object({ + company_id: z.string().uuid({ message: 'La empresa es requerida' }), + partner_id: z.string().uuid({ message: 'El cliente es requerido' }), + client_order_ref: z.string().max(100).optional(), + order_date: z.string().optional(), + validity_date: z.string().optional(), + commitment_date: z.string().optional(), + currency_id: z.string().uuid({ message: 'La moneda es requerida' }), + pricelist_id: z.string().uuid().optional(), + payment_term_id: z.string().uuid().optional(), + sales_team_id: z.string().uuid().optional(), + invoice_policy: z.enum(['order', 'delivery']).default('order'), + notes: z.string().optional(), + terms_conditions: z.string().optional(), +}); + +const updateSalesOrderSchema = z.object({ + partner_id: z.string().uuid().optional(), + client_order_ref: z.string().max(100).optional().nullable(), + order_date: z.string().optional(), + validity_date: z.string().optional().nullable(), + commitment_date: z.string().optional().nullable(), + currency_id: z.string().uuid().optional(), + pricelist_id: z.string().uuid().optional().nullable(), + payment_term_id: z.string().uuid().optional().nullable(), + sales_team_id: z.string().uuid().optional().nullable(), + invoice_policy: z.enum(['order', 'delivery']).optional(), + notes: z.string().optional().nullable(), + terms_conditions: z.string().optional().nullable(), +}); + +const createSalesOrderLineSchema = z.object({ + product_id: z.string().uuid({ message: 'El producto es requerido' }), + description: z.string().min(1, 'La descripción es requerida'), + quantity: z.number().positive('La cantidad debe ser positiva'), + uom_id: z.string().uuid({ message: 'La unidad de medida es requerida' }), + price_unit: z.number().min(0, 'El precio debe ser positivo'), + discount: z.number().min(0).max(100).default(0), + tax_ids: z.array(z.string().uuid()).optional(), + analytic_account_id: z.string().uuid().optional(), +}); + +const updateSalesOrderLineSchema = z.object({ + description: z.string().min(1).optional(), + quantity: z.number().positive().optional(), + uom_id: z.string().uuid().optional(), + price_unit: z.number().min(0).optional(), + discount: z.number().min(0).max(100).optional(), + tax_ids: z.array(z.string().uuid()).optional(), + analytic_account_id: z.string().uuid().optional().nullable(), +}); + +const salesOrderQuerySchema = z.object({ + company_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + status: z.enum(['draft', 'sent', 'sale', 'done', 'cancelled']).optional(), + invoice_status: z.enum(['pending', 'partial', 'invoiced']).optional(), + delivery_status: z.enum(['pending', 'partial', 'delivered']).optional(), + date_from: z.string().optional(), + date_to: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(20), +}); + +class SalesController { + // ========== PRICELISTS ========== + async getPricelists(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = pricelistQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: PricelistFilters = queryResult.data; + const result = await pricelistsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getPricelist(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const pricelist = await pricelistsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: pricelist }); + } catch (error) { + next(error); + } + } + + async createPricelist(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createPricelistSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lista de precios inválidos', parseResult.error.errors); + } + + const dto: CreatePricelistDto = parseResult.data; + const pricelist = await pricelistsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: pricelist, + message: 'Lista de precios creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updatePricelist(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updatePricelistSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de lista de precios inválidos', parseResult.error.errors); + } + + const dto: UpdatePricelistDto = parseResult.data; + const pricelist = await pricelistsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: pricelist, + message: 'Lista de precios actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async addPricelistItem(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createPricelistItemSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de item inválidos', parseResult.error.errors); + } + + const dto: CreatePricelistItemDto = parseResult.data; + const item = await pricelistsService.addItem(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: item, + message: 'Item agregado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removePricelistItem(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await pricelistsService.removeItem(req.params.id, req.params.itemId, req.tenantId!); + res.json({ success: true, message: 'Item eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== SALES TEAMS ========== + async getSalesTeams(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = salesTeamQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: SalesTeamFilters = queryResult.data; + const result = await salesTeamsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getSalesTeam(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const team = await salesTeamsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: team }); + } catch (error) { + next(error); + } + } + + async createSalesTeam(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createSalesTeamSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de equipo de ventas inválidos', parseResult.error.errors); + } + + const dto: CreateSalesTeamDto = parseResult.data; + const team = await salesTeamsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: team, + message: 'Equipo de ventas creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateSalesTeam(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateSalesTeamSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de equipo de ventas inválidos', parseResult.error.errors); + } + + const dto: UpdateSalesTeamDto = parseResult.data; + const team = await salesTeamsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: team, + message: 'Equipo de ventas actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async addSalesTeamMember(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = addTeamMemberSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos inválidos', parseResult.error.errors); + } + + const member = await salesTeamsService.addMember( + req.params.id, + parseResult.data.user_id, + parseResult.data.role, + req.tenantId! + ); + + res.status(201).json({ + success: true, + data: member, + message: 'Miembro agregado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removeSalesTeamMember(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await salesTeamsService.removeMember(req.params.id, req.params.memberId, req.tenantId!); + res.json({ success: true, message: 'Miembro eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== CUSTOMER GROUPS ========== + async getCustomerGroups(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = customerGroupQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: CustomerGroupFilters = queryResult.data; + const result = await customerGroupsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getCustomerGroup(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const group = await customerGroupsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: group }); + } catch (error) { + next(error); + } + } + + async createCustomerGroup(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createCustomerGroupSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de grupo de clientes inválidos', parseResult.error.errors); + } + + const dto: CreateCustomerGroupDto = parseResult.data; + const group = await customerGroupsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: group, + message: 'Grupo de clientes creado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateCustomerGroup(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateCustomerGroupSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de grupo de clientes inválidos', parseResult.error.errors); + } + + const dto: UpdateCustomerGroupDto = parseResult.data; + const group = await customerGroupsService.update(req.params.id, dto, req.tenantId!); + + res.json({ + success: true, + data: group, + message: 'Grupo de clientes actualizado exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteCustomerGroup(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await customerGroupsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Grupo de clientes eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + async addCustomerGroupMember(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = addGroupMemberSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos inválidos', parseResult.error.errors); + } + + const member = await customerGroupsService.addMember( + req.params.id, + parseResult.data.partner_id, + req.tenantId! + ); + + res.status(201).json({ + success: true, + data: member, + message: 'Cliente agregado al grupo exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removeCustomerGroupMember(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await customerGroupsService.removeMember(req.params.id, req.params.memberId, req.tenantId!); + res.json({ success: true, message: 'Cliente eliminado del grupo exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== QUOTATIONS ========== + async getQuotations(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = quotationQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: QuotationFilters = queryResult.data; + const result = await quotationsService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const quotation = await quotationsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: quotation }); + } catch (error) { + next(error); + } + } + + async createQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createQuotationSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de cotización inválidos', parseResult.error.errors); + } + + const dto: CreateQuotationDto = parseResult.data; + const quotation = await quotationsService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: quotation, + message: 'Cotización creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateQuotationSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de cotización inválidos', parseResult.error.errors); + } + + const dto: UpdateQuotationDto = parseResult.data; + const quotation = await quotationsService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: quotation, + message: 'Cotización actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await quotationsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Cotización eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async addQuotationLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createQuotationLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: CreateQuotationLineDto = parseResult.data; + const line = await quotationsService.addLine(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: line, + message: 'Línea agregada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateQuotationLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateQuotationLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: UpdateQuotationLineDto = parseResult.data; + const line = await quotationsService.updateLine(req.params.id, req.params.lineId, dto, req.tenantId!); + + res.json({ + success: true, + data: line, + message: 'Línea actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removeQuotationLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await quotationsService.removeLine(req.params.id, req.params.lineId, req.tenantId!); + res.json({ success: true, message: 'Línea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async sendQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const quotation = await quotationsService.send(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: quotation, + message: 'Cotización enviada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async confirmQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const result = await quotationsService.confirm(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: result.quotation, + orderId: result.orderId, + message: 'Cotización confirmada y orden de venta creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async cancelQuotation(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const quotation = await quotationsService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: quotation, + message: 'Cotización cancelada exitosamente', + }); + } catch (error) { + next(error); + } + } + + // ========== SALES ORDERS ========== + async getOrders(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = salesOrderQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + + const filters: SalesOrderFilters = queryResult.data; + const result = await ordersService.findAll(req.tenantId!, filters); + + res.json({ + success: true, + data: result.data, + meta: { + total: result.total, + page: filters.page, + limit: filters.limit, + totalPages: Math.ceil(result.total / (filters.limit || 20)), + }, + }); + } catch (error) { + next(error); + } + } + + async getOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await ordersService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: order }); + } catch (error) { + next(error); + } + } + + async createOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createSalesOrderSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de orden inválidos', parseResult.error.errors); + } + + const dto: CreateSalesOrderDto = parseResult.data; + const order = await ordersService.create(dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: order, + message: 'Orden de venta creada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateSalesOrderSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de orden inválidos', parseResult.error.errors); + } + + const dto: UpdateSalesOrderDto = parseResult.data; + const order = await ordersService.update(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.json({ + success: true, + data: order, + message: 'Orden de venta actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async deleteOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await ordersService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Orden de venta eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async addOrderLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createSalesOrderLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: CreateSalesOrderLineDto = parseResult.data; + const line = await ordersService.addLine(req.params.id, dto, req.tenantId!, req.user!.userId); + + res.status(201).json({ + success: true, + data: line, + message: 'Línea agregada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async updateOrderLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateSalesOrderLineSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de línea inválidos', parseResult.error.errors); + } + + const dto: UpdateSalesOrderLineDto = parseResult.data; + const line = await ordersService.updateLine(req.params.id, req.params.lineId, dto, req.tenantId!); + + res.json({ + success: true, + data: line, + message: 'Línea actualizada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async removeOrderLine(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await ordersService.removeLine(req.params.id, req.params.lineId, req.tenantId!); + res.json({ success: true, message: 'Línea eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + async confirmOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await ordersService.confirm(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: order, + message: 'Orden de venta confirmada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async cancelOrder(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const order = await ordersService.cancel(req.params.id, req.tenantId!, req.user!.userId); + res.json({ + success: true, + data: order, + message: 'Orden de venta cancelada exitosamente', + }); + } catch (error) { + next(error); + } + } + + async createOrderInvoice(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const result = await ordersService.createInvoice(req.params.id, req.tenantId!, req.user!.userId); + res.status(201).json({ + success: true, + data: result, + message: 'Factura creada exitosamente', + }); + } catch (error) { + next(error); + } + } +} + +export const salesController = new SalesController(); diff --git a/backend/src/modules/sales/sales.routes.ts b/backend/src/modules/sales/sales.routes.ts new file mode 100644 index 0000000..6da9632 --- /dev/null +++ b/backend/src/modules/sales/sales.routes.ts @@ -0,0 +1,159 @@ +import { Router } from 'express'; +import { salesController } from './sales.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== PRICELISTS ========== +router.get('/pricelists', (req, res, next) => salesController.getPricelists(req, res, next)); + +router.get('/pricelists/:id', (req, res, next) => salesController.getPricelist(req, res, next)); + +router.post('/pricelists', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.createPricelist(req, res, next) +); + +router.put('/pricelists/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.updatePricelist(req, res, next) +); + +router.post('/pricelists/:id/items', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.addPricelistItem(req, res, next) +); + +router.delete('/pricelists/:id/items/:itemId', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.removePricelistItem(req, res, next) +); + +// ========== SALES TEAMS ========== +router.get('/teams', (req, res, next) => salesController.getSalesTeams(req, res, next)); + +router.get('/teams/:id', (req, res, next) => salesController.getSalesTeam(req, res, next)); + +router.post('/teams', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.createSalesTeam(req, res, next) +); + +router.put('/teams/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.updateSalesTeam(req, res, next) +); + +router.post('/teams/:id/members', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.addSalesTeamMember(req, res, next) +); + +router.delete('/teams/:id/members/:memberId', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.removeSalesTeamMember(req, res, next) +); + +// ========== CUSTOMER GROUPS ========== +router.get('/customer-groups', (req, res, next) => salesController.getCustomerGroups(req, res, next)); + +router.get('/customer-groups/:id', (req, res, next) => salesController.getCustomerGroup(req, res, next)); + +router.post('/customer-groups', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.createCustomerGroup(req, res, next) +); + +router.put('/customer-groups/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.updateCustomerGroup(req, res, next) +); + +router.delete('/customer-groups/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + salesController.deleteCustomerGroup(req, res, next) +); + +router.post('/customer-groups/:id/members', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.addCustomerGroupMember(req, res, next) +); + +router.delete('/customer-groups/:id/members/:memberId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.removeCustomerGroupMember(req, res, next) +); + +// ========== QUOTATIONS ========== +router.get('/quotations', (req, res, next) => salesController.getQuotations(req, res, next)); + +router.get('/quotations/:id', (req, res, next) => salesController.getQuotation(req, res, next)); + +router.post('/quotations', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.createQuotation(req, res, next) +); + +router.put('/quotations/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.updateQuotation(req, res, next) +); + +router.delete('/quotations/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.deleteQuotation(req, res, next) +); + +router.post('/quotations/:id/lines', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.addQuotationLine(req, res, next) +); + +router.put('/quotations/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.updateQuotationLine(req, res, next) +); + +router.delete('/quotations/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.removeQuotationLine(req, res, next) +); + +router.post('/quotations/:id/send', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.sendQuotation(req, res, next) +); + +router.post('/quotations/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.confirmQuotation(req, res, next) +); + +router.post('/quotations/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.cancelQuotation(req, res, next) +); + +// ========== SALES ORDERS ========== +router.get('/orders', (req, res, next) => salesController.getOrders(req, res, next)); + +router.get('/orders/:id', (req, res, next) => salesController.getOrder(req, res, next)); + +router.post('/orders', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.createOrder(req, res, next) +); + +router.put('/orders/:id', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.updateOrder(req, res, next) +); + +router.delete('/orders/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.deleteOrder(req, res, next) +); + +router.post('/orders/:id/lines', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.addOrderLine(req, res, next) +); + +router.put('/orders/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.updateOrderLine(req, res, next) +); + +router.delete('/orders/:id/lines/:lineId', requireRoles('admin', 'manager', 'sales', 'super_admin'), (req, res, next) => + salesController.removeOrderLine(req, res, next) +); + +router.post('/orders/:id/confirm', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.confirmOrder(req, res, next) +); + +router.post('/orders/:id/cancel', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + salesController.cancelOrder(req, res, next) +); + +router.post('/orders/:id/invoice', requireRoles('admin', 'manager', 'accountant', 'super_admin'), (req, res, next) => + salesController.createOrderInvoice(req, res, next) +); + +export default router; diff --git a/backend/src/modules/system/activities.service.ts b/backend/src/modules/system/activities.service.ts new file mode 100644 index 0000000..abdce3e --- /dev/null +++ b/backend/src/modules/system/activities.service.ts @@ -0,0 +1,350 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../../shared/errors/index.js'; + +export interface Activity { + id: string; + tenant_id: string; + model: string; + record_id: string; + activity_type: 'call' | 'meeting' | 'email' | 'todo' | 'follow_up' | 'custom'; + summary: string; + description?: string; + assigned_to?: string; + assigned_to_name?: string; + assigned_by?: string; + assigned_by_name?: string; + due_date: Date; + due_time?: string; + status: 'planned' | 'done' | 'cancelled' | 'overdue'; + created_at: Date; + created_by?: string; + completed_at?: Date; + completed_by?: string; +} + +export interface CreateActivityDto { + model: string; + record_id: string; + activity_type: 'call' | 'meeting' | 'email' | 'todo' | 'follow_up' | 'custom'; + summary: string; + description?: string; + assigned_to?: string; + due_date: string; + due_time?: string; +} + +export interface UpdateActivityDto { + activity_type?: 'call' | 'meeting' | 'email' | 'todo' | 'follow_up' | 'custom'; + summary?: string; + description?: string | null; + assigned_to?: string | null; + due_date?: string; + due_time?: string | null; +} + +export interface ActivityFilters { + model?: string; + record_id?: string; + activity_type?: string; + assigned_to?: string; + status?: string; + due_from?: string; + due_to?: string; + overdue_only?: boolean; + search?: string; + page?: number; + limit?: number; +} + +class ActivitiesService { + async findAll(tenantId: string, filters: ActivityFilters = {}): Promise<{ data: Activity[]; total: number }> { + const { model, record_id, activity_type, assigned_to, status, due_from, due_to, overdue_only, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE a.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (model) { + whereClause += ` AND a.model = $${paramIndex++}`; + params.push(model); + } + + if (record_id) { + whereClause += ` AND a.record_id = $${paramIndex++}`; + params.push(record_id); + } + + if (activity_type) { + whereClause += ` AND a.activity_type = $${paramIndex++}`; + params.push(activity_type); + } + + if (assigned_to) { + whereClause += ` AND a.assigned_to = $${paramIndex++}`; + params.push(assigned_to); + } + + if (status) { + whereClause += ` AND a.status = $${paramIndex++}`; + params.push(status); + } + + if (due_from) { + whereClause += ` AND a.due_date >= $${paramIndex++}`; + params.push(due_from); + } + + if (due_to) { + whereClause += ` AND a.due_date <= $${paramIndex++}`; + params.push(due_to); + } + + if (overdue_only) { + whereClause += ` AND a.status = 'planned' AND a.due_date < CURRENT_DATE`; + } + + if (search) { + whereClause += ` AND (a.summary ILIKE $${paramIndex} OR a.description ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM system.activities a ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT a.*, + uto.first_name || ' ' || uto.last_name as assigned_to_name, + uby.first_name || ' ' || uby.last_name as assigned_by_name + FROM system.activities a + LEFT JOIN auth.users uto ON a.assigned_to = uto.id + LEFT JOIN auth.users uby ON a.assigned_by = uby.id + ${whereClause} + ORDER BY a.due_date ASC, a.due_time ASC NULLS LAST, a.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findByRecord(model: string, recordId: string, tenantId: string): Promise { + const activities = await query( + `SELECT a.*, + uto.first_name || ' ' || uto.last_name as assigned_to_name, + uby.first_name || ' ' || uby.last_name as assigned_by_name + FROM system.activities a + LEFT JOIN auth.users uto ON a.assigned_to = uto.id + LEFT JOIN auth.users uby ON a.assigned_by = uby.id + WHERE a.model = $1 AND a.record_id = $2 AND a.tenant_id = $3 + ORDER BY a.due_date ASC, a.due_time ASC NULLS LAST`, + [model, recordId, tenantId] + ); + + return activities; + } + + async findByUser(userId: string, tenantId: string, status?: string): Promise { + let whereClause = 'WHERE a.assigned_to = $1 AND a.tenant_id = $2'; + const params: any[] = [userId, tenantId]; + + if (status) { + whereClause += ' AND a.status = $3'; + params.push(status); + } + + const activities = await query( + `SELECT a.*, + uto.first_name || ' ' || uto.last_name as assigned_to_name, + uby.first_name || ' ' || uby.last_name as assigned_by_name + FROM system.activities a + LEFT JOIN auth.users uto ON a.assigned_to = uto.id + LEFT JOIN auth.users uby ON a.assigned_by = uby.id + ${whereClause} + ORDER BY a.due_date ASC, a.due_time ASC NULLS LAST`, + params + ); + + return activities; + } + + async findById(id: string, tenantId: string): Promise { + const activity = await queryOne( + `SELECT a.*, + uto.first_name || ' ' || uto.last_name as assigned_to_name, + uby.first_name || ' ' || uby.last_name as assigned_by_name + FROM system.activities a + LEFT JOIN auth.users uto ON a.assigned_to = uto.id + LEFT JOIN auth.users uby ON a.assigned_by = uby.id + WHERE a.id = $1 AND a.tenant_id = $2`, + [id, tenantId] + ); + + if (!activity) { + throw new NotFoundError('Actividad no encontrada'); + } + + return activity; + } + + async create(dto: CreateActivityDto, tenantId: string, userId: string): Promise { + const activity = await queryOne( + `INSERT INTO system.activities ( + tenant_id, model, record_id, activity_type, summary, description, + assigned_to, assigned_by, due_date, due_time, created_by + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $8) + RETURNING *`, + [ + tenantId, dto.model, dto.record_id, dto.activity_type, + dto.summary, dto.description, dto.assigned_to || userId, + userId, dto.due_date, dto.due_time + ] + ); + + return activity!; + } + + async update(id: string, dto: UpdateActivityDto, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status === 'done' || existing.status === 'cancelled') { + throw new ValidationError('No se puede editar una actividad completada o cancelada'); + } + + const updateFields: string[] = []; + const values: any[] = []; + let paramIndex = 1; + + if (dto.activity_type !== undefined) { + updateFields.push(`activity_type = $${paramIndex++}`); + values.push(dto.activity_type); + } + if (dto.summary !== undefined) { + updateFields.push(`summary = $${paramIndex++}`); + values.push(dto.summary); + } + if (dto.description !== undefined) { + updateFields.push(`description = $${paramIndex++}`); + values.push(dto.description); + } + if (dto.assigned_to !== undefined) { + updateFields.push(`assigned_to = $${paramIndex++}`); + values.push(dto.assigned_to); + } + if (dto.due_date !== undefined) { + updateFields.push(`due_date = $${paramIndex++}`); + values.push(dto.due_date); + } + if (dto.due_time !== undefined) { + updateFields.push(`due_time = $${paramIndex++}`); + values.push(dto.due_time); + } + + if (updateFields.length === 0) { + return existing; + } + + values.push(id, tenantId); + + await query( + `UPDATE system.activities SET ${updateFields.join(', ')} + WHERE id = $${paramIndex++} AND tenant_id = $${paramIndex}`, + values + ); + + return this.findById(id, tenantId); + } + + async markDone(id: string, tenantId: string, userId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status !== 'planned' && existing.status !== 'overdue') { + throw new ValidationError('Solo se pueden completar actividades planificadas o vencidas'); + } + + const activity = await queryOne( + `UPDATE system.activities SET + status = 'done', + completed_at = CURRENT_TIMESTAMP, + completed_by = $1 + WHERE id = $2 AND tenant_id = $3 + RETURNING *`, + [userId, id, tenantId] + ); + + return activity!; + } + + async cancel(id: string, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status === 'done') { + throw new ValidationError('No se puede cancelar una actividad completada'); + } + + const activity = await queryOne( + `UPDATE system.activities SET status = 'cancelled' + WHERE id = $1 AND tenant_id = $2 + RETURNING *`, + [id, tenantId] + ); + + return activity!; + } + + async reschedule(id: string, dueDate: string, dueTime: string | null, tenantId: string): Promise { + const existing = await this.findById(id, tenantId); + + if (existing.status === 'done' || existing.status === 'cancelled') { + throw new ValidationError('No se puede reprogramar una actividad completada o cancelada'); + } + + const activity = await queryOne( + `UPDATE system.activities SET + due_date = $1, + due_time = $2, + status = 'planned' + WHERE id = $3 AND tenant_id = $4 + RETURNING *`, + [dueDate, dueTime, id, tenantId] + ); + + return activity!; + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + await query( + `DELETE FROM system.activities WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async markOverdueActivities(tenantId?: string): Promise { + let whereClause = `WHERE status = 'planned' AND due_date < CURRENT_DATE`; + const params: any[] = []; + + if (tenantId) { + whereClause += ' AND tenant_id = $1'; + params.push(tenantId); + } + + const result = await query( + `UPDATE system.activities SET status = 'overdue' ${whereClause}`, + params + ); + + return result.length; + } +} + +export const activitiesService = new ActivitiesService(); diff --git a/backend/src/modules/system/index.ts b/backend/src/modules/system/index.ts new file mode 100644 index 0000000..7a4c7a1 --- /dev/null +++ b/backend/src/modules/system/index.ts @@ -0,0 +1,5 @@ +export * from './messages.service.js'; +export * from './notifications.service.js'; +export * from './activities.service.js'; +export * from './system.controller.js'; +export { default as systemRoutes } from './system.routes.js'; diff --git a/backend/src/modules/system/messages.service.ts b/backend/src/modules/system/messages.service.ts new file mode 100644 index 0000000..d0a64f3 --- /dev/null +++ b/backend/src/modules/system/messages.service.ts @@ -0,0 +1,234 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError } from '../../shared/errors/index.js'; + +export interface Message { + id: string; + tenant_id: string; + model: string; + record_id: string; + message_type: 'comment' | 'note' | 'email' | 'notification' | 'system'; + subject?: string; + body: string; + author_id?: string; + author_name?: string; + author_email?: string; + parent_id?: string; + attachment_ids: string[]; + created_at: Date; +} + +export interface CreateMessageDto { + model: string; + record_id: string; + message_type?: 'comment' | 'note' | 'email' | 'notification' | 'system'; + subject?: string; + body: string; + parent_id?: string; +} + +export interface MessageFilters { + model?: string; + record_id?: string; + message_type?: string; + author_id?: string; + search?: string; + page?: number; + limit?: number; +} + +export interface Follower { + id: string; + model: string; + record_id: string; + partner_id?: string; + user_id?: string; + user_name?: string; + partner_name?: string; + email_notifications: boolean; + created_at: Date; +} + +export interface AddFollowerDto { + model: string; + record_id: string; + user_id?: string; + partner_id?: string; + email_notifications?: boolean; +} + +class MessagesService { + async findAll(tenantId: string, filters: MessageFilters = {}): Promise<{ data: Message[]; total: number }> { + const { model, record_id, message_type, author_id, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE m.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (model) { + whereClause += ` AND m.model = $${paramIndex++}`; + params.push(model); + } + + if (record_id) { + whereClause += ` AND m.record_id = $${paramIndex++}`; + params.push(record_id); + } + + if (message_type) { + whereClause += ` AND m.message_type = $${paramIndex++}`; + params.push(message_type); + } + + if (author_id) { + whereClause += ` AND m.author_id = $${paramIndex++}`; + params.push(author_id); + } + + if (search) { + whereClause += ` AND (m.subject ILIKE $${paramIndex} OR m.body ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM system.messages m ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT m.*, + u.first_name || ' ' || u.last_name as author_name, + u.email as author_email + FROM system.messages m + LEFT JOIN auth.users u ON m.author_id = u.id + ${whereClause} + ORDER BY m.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findByRecord(model: string, recordId: string, tenantId: string): Promise { + const messages = await query( + `SELECT m.*, + u.first_name || ' ' || u.last_name as author_name, + u.email as author_email + FROM system.messages m + LEFT JOIN auth.users u ON m.author_id = u.id + WHERE m.model = $1 AND m.record_id = $2 AND m.tenant_id = $3 + ORDER BY m.created_at DESC`, + [model, recordId, tenantId] + ); + + return messages; + } + + async findById(id: string, tenantId: string): Promise { + const message = await queryOne( + `SELECT m.*, + u.first_name || ' ' || u.last_name as author_name, + u.email as author_email + FROM system.messages m + LEFT JOIN auth.users u ON m.author_id = u.id + WHERE m.id = $1 AND m.tenant_id = $2`, + [id, tenantId] + ); + + if (!message) { + throw new NotFoundError('Mensaje no encontrado'); + } + + return message; + } + + async create(dto: CreateMessageDto, tenantId: string, userId: string): Promise { + // Get user info for author fields + const user = await queryOne<{ first_name: string; last_name: string; email: string }>( + `SELECT first_name, last_name, email FROM auth.users WHERE id = $1`, + [userId] + ); + + const message = await queryOne( + `INSERT INTO system.messages ( + tenant_id, model, record_id, message_type, subject, body, + author_id, author_name, author_email, parent_id + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + RETURNING *`, + [ + tenantId, dto.model, dto.record_id, + dto.message_type || 'comment', dto.subject, dto.body, + userId, user ? `${user.first_name} ${user.last_name}` : null, + user?.email, dto.parent_id + ] + ); + + return message!; + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + await query( + `DELETE FROM system.messages WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + // ========== FOLLOWERS ========== + async getFollowers(model: string, recordId: string): Promise { + const followers = await query( + `SELECT mf.*, + u.first_name || ' ' || u.last_name as user_name, + p.name as partner_name + FROM system.message_followers mf + LEFT JOIN auth.users u ON mf.user_id = u.id + LEFT JOIN core.partners p ON mf.partner_id = p.id + WHERE mf.model = $1 AND mf.record_id = $2 + ORDER BY mf.created_at DESC`, + [model, recordId] + ); + + return followers; + } + + async addFollower(dto: AddFollowerDto): Promise { + const follower = await queryOne( + `INSERT INTO system.message_followers ( + model, record_id, user_id, partner_id, email_notifications + ) + VALUES ($1, $2, $3, $4, $5) + ON CONFLICT (model, record_id, COALESCE(user_id, partner_id)) DO UPDATE + SET email_notifications = EXCLUDED.email_notifications + RETURNING *`, + [dto.model, dto.record_id, dto.user_id, dto.partner_id, dto.email_notifications ?? true] + ); + + return follower!; + } + + async removeFollower(model: string, recordId: string, userId?: string, partnerId?: string): Promise { + if (userId) { + await query( + `DELETE FROM system.message_followers + WHERE model = $1 AND record_id = $2 AND user_id = $3`, + [model, recordId, userId] + ); + } else if (partnerId) { + await query( + `DELETE FROM system.message_followers + WHERE model = $1 AND record_id = $2 AND partner_id = $3`, + [model, recordId, partnerId] + ); + } + } +} + +export const messagesService = new MessagesService(); diff --git a/backend/src/modules/system/notifications.service.ts b/backend/src/modules/system/notifications.service.ts new file mode 100644 index 0000000..1b023e8 --- /dev/null +++ b/backend/src/modules/system/notifications.service.ts @@ -0,0 +1,227 @@ +import { query, queryOne } from '../../config/database.js'; +import { NotFoundError } from '../../shared/errors/index.js'; + +export interface Notification { + id: string; + tenant_id: string; + user_id: string; + title: string; + message: string; + url?: string; + model?: string; + record_id?: string; + status: 'pending' | 'sent' | 'read' | 'failed'; + read_at?: Date; + created_at: Date; + sent_at?: Date; +} + +export interface CreateNotificationDto { + user_id: string; + title: string; + message: string; + url?: string; + model?: string; + record_id?: string; +} + +export interface NotificationFilters { + user_id?: string; + status?: string; + unread_only?: boolean; + model?: string; + search?: string; + page?: number; + limit?: number; +} + +class NotificationsService { + async findAll(tenantId: string, filters: NotificationFilters = {}): Promise<{ data: Notification[]; total: number }> { + const { user_id, status, unread_only, model, search, page = 1, limit = 50 } = filters; + const offset = (page - 1) * limit; + + let whereClause = 'WHERE n.tenant_id = $1'; + const params: any[] = [tenantId]; + let paramIndex = 2; + + if (user_id) { + whereClause += ` AND n.user_id = $${paramIndex++}`; + params.push(user_id); + } + + if (status) { + whereClause += ` AND n.status = $${paramIndex++}`; + params.push(status); + } + + if (unread_only) { + whereClause += ` AND n.read_at IS NULL`; + } + + if (model) { + whereClause += ` AND n.model = $${paramIndex++}`; + params.push(model); + } + + if (search) { + whereClause += ` AND (n.title ILIKE $${paramIndex} OR n.message ILIKE $${paramIndex})`; + params.push(`%${search}%`); + paramIndex++; + } + + const countResult = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count FROM system.notifications n ${whereClause}`, + params + ); + + params.push(limit, offset); + const data = await query( + `SELECT n.* + FROM system.notifications n + ${whereClause} + ORDER BY n.created_at DESC + LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`, + params + ); + + return { + data, + total: parseInt(countResult?.count || '0', 10), + }; + } + + async findByUser(userId: string, tenantId: string, unreadOnly: boolean = false): Promise { + let whereClause = 'WHERE n.user_id = $1 AND n.tenant_id = $2'; + if (unreadOnly) { + whereClause += ' AND n.read_at IS NULL'; + } + + const notifications = await query( + `SELECT n.* + FROM system.notifications n + ${whereClause} + ORDER BY n.created_at DESC + LIMIT 100`, + [userId, tenantId] + ); + + return notifications; + } + + async getUnreadCount(userId: string, tenantId: string): Promise { + const result = await queryOne<{ count: string }>( + `SELECT COUNT(*) as count + FROM system.notifications + WHERE user_id = $1 AND tenant_id = $2 AND read_at IS NULL`, + [userId, tenantId] + ); + + return parseInt(result?.count || '0', 10); + } + + async findById(id: string, tenantId: string): Promise { + const notification = await queryOne( + `SELECT n.* + FROM system.notifications n + WHERE n.id = $1 AND n.tenant_id = $2`, + [id, tenantId] + ); + + if (!notification) { + throw new NotFoundError('Notificación no encontrada'); + } + + return notification; + } + + async create(dto: CreateNotificationDto, tenantId: string): Promise { + const notification = await queryOne( + `INSERT INTO system.notifications ( + tenant_id, user_id, title, message, url, model, record_id, status, sent_at + ) + VALUES ($1, $2, $3, $4, $5, $6, $7, 'sent', CURRENT_TIMESTAMP) + RETURNING *`, + [tenantId, dto.user_id, dto.title, dto.message, dto.url, dto.model, dto.record_id] + ); + + return notification!; + } + + async createBulk(notifications: CreateNotificationDto[], tenantId: string): Promise { + if (notifications.length === 0) return 0; + + const values = notifications.map((n, i) => { + const base = i * 7; + return `($${base + 1}, $${base + 2}, $${base + 3}, $${base + 4}, $${base + 5}, $${base + 6}, $${base + 7}, 'sent', CURRENT_TIMESTAMP)`; + }).join(', '); + + const params = notifications.flatMap(n => [ + tenantId, n.user_id, n.title, n.message, n.url, n.model, n.record_id + ]); + + const result = await query( + `INSERT INTO system.notifications ( + tenant_id, user_id, title, message, url, model, record_id, status, sent_at + ) + VALUES ${values}`, + params + ); + + return notifications.length; + } + + async markAsRead(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + const notification = await queryOne( + `UPDATE system.notifications SET + status = 'read', + read_at = CURRENT_TIMESTAMP + WHERE id = $1 AND tenant_id = $2 + RETURNING *`, + [id, tenantId] + ); + + return notification!; + } + + async markAllAsRead(userId: string, tenantId: string): Promise { + const result = await query( + `UPDATE system.notifications SET + status = 'read', + read_at = CURRENT_TIMESTAMP + WHERE user_id = $1 AND tenant_id = $2 AND read_at IS NULL`, + [userId, tenantId] + ); + + return result.length; + } + + async delete(id: string, tenantId: string): Promise { + await this.findById(id, tenantId); + + await query( + `DELETE FROM system.notifications WHERE id = $1 AND tenant_id = $2`, + [id, tenantId] + ); + } + + async deleteOld(daysToKeep: number = 30, tenantId?: string): Promise { + let whereClause = `WHERE read_at IS NOT NULL AND created_at < CURRENT_TIMESTAMP - INTERVAL '${daysToKeep} days'`; + const params: any[] = []; + + if (tenantId) { + whereClause += ' AND tenant_id = $1'; + params.push(tenantId); + } + + const result = await query( + `DELETE FROM system.notifications ${whereClause}`, + params + ); + + return result.length; + } +} + +export const notificationsService = new NotificationsService(); diff --git a/backend/src/modules/system/system.controller.ts b/backend/src/modules/system/system.controller.ts new file mode 100644 index 0000000..5ee4413 --- /dev/null +++ b/backend/src/modules/system/system.controller.ts @@ -0,0 +1,404 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { messagesService, CreateMessageDto, MessageFilters, AddFollowerDto } from './messages.service.js'; +import { notificationsService, CreateNotificationDto, NotificationFilters } from './notifications.service.js'; +import { activitiesService, CreateActivityDto, UpdateActivityDto, ActivityFilters } from './activities.service.js'; +import { AuthenticatedRequest } from '../../shared/middleware/auth.middleware.js'; +import { ValidationError } from '../../shared/errors/index.js'; + +// ========== MESSAGE SCHEMAS ========== +const createMessageSchema = z.object({ + model: z.string().min(1).max(100), + record_id: z.string().uuid(), + message_type: z.enum(['comment', 'note', 'email', 'notification', 'system']).default('comment'), + subject: z.string().max(255).optional(), + body: z.string().min(1), + parent_id: z.string().uuid().optional(), +}); + +const messageQuerySchema = z.object({ + model: z.string().optional(), + record_id: z.string().uuid().optional(), + message_type: z.enum(['comment', 'note', 'email', 'notification', 'system']).optional(), + author_id: z.string().uuid().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +const addFollowerSchema = z.object({ + model: z.string().min(1).max(100), + record_id: z.string().uuid(), + user_id: z.string().uuid().optional(), + partner_id: z.string().uuid().optional(), + email_notifications: z.boolean().default(true), +}).refine(data => data.user_id || data.partner_id, { + message: 'Debe especificar user_id o partner_id', +}); + +// ========== NOTIFICATION SCHEMAS ========== +const createNotificationSchema = z.object({ + user_id: z.string().uuid(), + title: z.string().min(1).max(255), + message: z.string().min(1), + url: z.string().max(500).optional(), + model: z.string().max(100).optional(), + record_id: z.string().uuid().optional(), +}); + +const notificationQuerySchema = z.object({ + user_id: z.string().uuid().optional(), + status: z.enum(['pending', 'sent', 'read', 'failed']).optional(), + unread_only: z.coerce.boolean().optional(), + model: z.string().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +// ========== ACTIVITY SCHEMAS ========== +const createActivitySchema = z.object({ + model: z.string().min(1).max(100), + record_id: z.string().uuid(), + activity_type: z.enum(['call', 'meeting', 'email', 'todo', 'follow_up', 'custom']), + summary: z.string().min(1).max(255), + description: z.string().optional(), + assigned_to: z.string().uuid().optional(), + due_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + due_time: z.string().regex(/^\d{2}:\d{2}(:\d{2})?$/).optional(), +}); + +const updateActivitySchema = z.object({ + activity_type: z.enum(['call', 'meeting', 'email', 'todo', 'follow_up', 'custom']).optional(), + summary: z.string().min(1).max(255).optional(), + description: z.string().optional().nullable(), + assigned_to: z.string().uuid().optional().nullable(), + due_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/).optional(), + due_time: z.string().regex(/^\d{2}:\d{2}(:\d{2})?$/).optional().nullable(), +}); + +const rescheduleActivitySchema = z.object({ + due_date: z.string().regex(/^\d{4}-\d{2}-\d{2}$/), + due_time: z.string().regex(/^\d{2}:\d{2}(:\d{2})?$/).optional().nullable(), +}); + +const activityQuerySchema = z.object({ + model: z.string().optional(), + record_id: z.string().uuid().optional(), + activity_type: z.enum(['call', 'meeting', 'email', 'todo', 'follow_up', 'custom']).optional(), + assigned_to: z.string().uuid().optional(), + status: z.enum(['planned', 'done', 'cancelled', 'overdue']).optional(), + due_from: z.string().optional(), + due_to: z.string().optional(), + overdue_only: z.coerce.boolean().optional(), + search: z.string().optional(), + page: z.coerce.number().int().positive().default(1), + limit: z.coerce.number().int().positive().max(100).default(50), +}); + +class SystemController { + // ========== MESSAGES ========== + async getMessages(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = messageQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: MessageFilters = queryResult.data; + const result = await messagesService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getMessagesByRecord(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { model, recordId } = req.params; + const messages = await messagesService.findByRecord(model, recordId, req.tenantId!); + res.json({ success: true, data: messages }); + } catch (error) { + next(error); + } + } + + async getMessage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const message = await messagesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: message }); + } catch (error) { + next(error); + } + } + + async createMessage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createMessageSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de mensaje inválidos', parseResult.error.errors); + } + const dto: CreateMessageDto = parseResult.data; + const message = await messagesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: message, message: 'Mensaje creado exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteMessage(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await messagesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Mensaje eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== FOLLOWERS ========== + async getFollowers(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { model, recordId } = req.params; + const followers = await messagesService.getFollowers(model, recordId); + res.json({ success: true, data: followers }); + } catch (error) { + next(error); + } + } + + async addFollower(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = addFollowerSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de seguidor inválidos', parseResult.error.errors); + } + const dto: AddFollowerDto = parseResult.data; + const follower = await messagesService.addFollower(dto); + res.status(201).json({ success: true, data: follower, message: 'Seguidor agregado exitosamente' }); + } catch (error) { + next(error); + } + } + + async removeFollower(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { model, recordId } = req.params; + const { user_id, partner_id } = req.query; + await messagesService.removeFollower(model, recordId, user_id as string, partner_id as string); + res.json({ success: true, message: 'Seguidor eliminado exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== NOTIFICATIONS ========== + async getNotifications(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = notificationQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: NotificationFilters = queryResult.data; + const result = await notificationsService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getMyNotifications(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const unreadOnly = req.query.unread_only === 'true'; + const notifications = await notificationsService.findByUser(req.user!.userId, req.tenantId!, unreadOnly); + const unreadCount = await notificationsService.getUnreadCount(req.user!.userId, req.tenantId!); + res.json({ success: true, data: notifications, meta: { unread_count: unreadCount } }); + } catch (error) { + next(error); + } + } + + async getUnreadCount(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const count = await notificationsService.getUnreadCount(req.user!.userId, req.tenantId!); + res.json({ success: true, data: { count } }); + } catch (error) { + next(error); + } + } + + async getNotification(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const notification = await notificationsService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: notification }); + } catch (error) { + next(error); + } + } + + async createNotification(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createNotificationSchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de notificación inválidos', parseResult.error.errors); + } + const dto: CreateNotificationDto = parseResult.data; + const notification = await notificationsService.create(dto, req.tenantId!); + res.status(201).json({ success: true, data: notification, message: 'Notificación creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async markNotificationAsRead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const notification = await notificationsService.markAsRead(req.params.id, req.tenantId!); + res.json({ success: true, data: notification, message: 'Notificación marcada como leída' }); + } catch (error) { + next(error); + } + } + + async markAllNotificationsAsRead(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const count = await notificationsService.markAllAsRead(req.user!.userId, req.tenantId!); + res.json({ success: true, message: `${count} notificaciones marcadas como leídas` }); + } catch (error) { + next(error); + } + } + + async deleteNotification(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await notificationsService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Notificación eliminada exitosamente' }); + } catch (error) { + next(error); + } + } + + // ========== ACTIVITIES ========== + async getActivities(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const queryResult = activityQuerySchema.safeParse(req.query); + if (!queryResult.success) { + throw new ValidationError('Parámetros de consulta inválidos', queryResult.error.errors); + } + const filters: ActivityFilters = queryResult.data; + const result = await activitiesService.findAll(req.tenantId!, filters); + res.json({ + success: true, + data: result.data, + meta: { total: result.total, page: filters.page, limit: filters.limit, totalPages: Math.ceil(result.total / (filters.limit || 50)) }, + }); + } catch (error) { + next(error); + } + } + + async getActivitiesByRecord(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const { model, recordId } = req.params; + const activities = await activitiesService.findByRecord(model, recordId, req.tenantId!); + res.json({ success: true, data: activities }); + } catch (error) { + next(error); + } + } + + async getMyActivities(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const status = req.query.status as string | undefined; + const activities = await activitiesService.findByUser(req.user!.userId, req.tenantId!, status); + res.json({ success: true, data: activities }); + } catch (error) { + next(error); + } + } + + async getActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activity = await activitiesService.findById(req.params.id, req.tenantId!); + res.json({ success: true, data: activity }); + } catch (error) { + next(error); + } + } + + async createActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = createActivitySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de actividad inválidos', parseResult.error.errors); + } + const dto: CreateActivityDto = parseResult.data; + const activity = await activitiesService.create(dto, req.tenantId!, req.user!.userId); + res.status(201).json({ success: true, data: activity, message: 'Actividad creada exitosamente' }); + } catch (error) { + next(error); + } + } + + async updateActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = updateActivitySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de actividad inválidos', parseResult.error.errors); + } + const dto: UpdateActivityDto = parseResult.data; + const activity = await activitiesService.update(req.params.id, dto, req.tenantId!); + res.json({ success: true, data: activity, message: 'Actividad actualizada exitosamente' }); + } catch (error) { + next(error); + } + } + + async markActivityDone(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activity = await activitiesService.markDone(req.params.id, req.tenantId!, req.user!.userId); + res.json({ success: true, data: activity, message: 'Actividad completada exitosamente' }); + } catch (error) { + next(error); + } + } + + async cancelActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const activity = await activitiesService.cancel(req.params.id, req.tenantId!); + res.json({ success: true, data: activity, message: 'Actividad cancelada exitosamente' }); + } catch (error) { + next(error); + } + } + + async rescheduleActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const parseResult = rescheduleActivitySchema.safeParse(req.body); + if (!parseResult.success) { + throw new ValidationError('Datos de reprogramación inválidos', parseResult.error.errors); + } + const { due_date, due_time } = parseResult.data; + const activity = await activitiesService.reschedule(req.params.id, due_date, due_time ?? null, req.tenantId!); + res.json({ success: true, data: activity, message: 'Actividad reprogramada exitosamente' }); + } catch (error) { + next(error); + } + } + + async deleteActivity(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + await activitiesService.delete(req.params.id, req.tenantId!); + res.json({ success: true, message: 'Actividad eliminada exitosamente' }); + } catch (error) { + next(error); + } + } +} + +export const systemController = new SystemController(); diff --git a/backend/src/modules/system/system.routes.ts b/backend/src/modules/system/system.routes.ts new file mode 100644 index 0000000..6cd819c --- /dev/null +++ b/backend/src/modules/system/system.routes.ts @@ -0,0 +1,48 @@ +import { Router } from 'express'; +import { systemController } from './system.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// ========== MESSAGES (Chatter) ========== +router.get('/messages', (req, res, next) => systemController.getMessages(req, res, next)); +router.get('/messages/record/:model/:recordId', (req, res, next) => systemController.getMessagesByRecord(req, res, next)); +router.get('/messages/:id', (req, res, next) => systemController.getMessage(req, res, next)); +router.post('/messages', (req, res, next) => systemController.createMessage(req, res, next)); +router.delete('/messages/:id', (req, res, next) => systemController.deleteMessage(req, res, next)); + +// ========== FOLLOWERS ========== +router.get('/followers/:model/:recordId', (req, res, next) => systemController.getFollowers(req, res, next)); +router.post('/followers', (req, res, next) => systemController.addFollower(req, res, next)); +router.delete('/followers/:model/:recordId', (req, res, next) => systemController.removeFollower(req, res, next)); + +// ========== NOTIFICATIONS ========== +router.get('/notifications', requireRoles('admin', 'super_admin'), (req, res, next) => + systemController.getNotifications(req, res, next) +); +router.get('/notifications/me', (req, res, next) => systemController.getMyNotifications(req, res, next)); +router.get('/notifications/me/count', (req, res, next) => systemController.getUnreadCount(req, res, next)); +router.get('/notifications/:id', (req, res, next) => systemController.getNotification(req, res, next)); +router.post('/notifications', requireRoles('admin', 'super_admin'), (req, res, next) => + systemController.createNotification(req, res, next) +); +router.post('/notifications/:id/read', (req, res, next) => systemController.markNotificationAsRead(req, res, next)); +router.post('/notifications/read-all', (req, res, next) => systemController.markAllNotificationsAsRead(req, res, next)); +router.delete('/notifications/:id', (req, res, next) => systemController.deleteNotification(req, res, next)); + +// ========== ACTIVITIES ========== +router.get('/activities', (req, res, next) => systemController.getActivities(req, res, next)); +router.get('/activities/record/:model/:recordId', (req, res, next) => systemController.getActivitiesByRecord(req, res, next)); +router.get('/activities/me', (req, res, next) => systemController.getMyActivities(req, res, next)); +router.get('/activities/:id', (req, res, next) => systemController.getActivity(req, res, next)); +router.post('/activities', (req, res, next) => systemController.createActivity(req, res, next)); +router.put('/activities/:id', (req, res, next) => systemController.updateActivity(req, res, next)); +router.post('/activities/:id/done', (req, res, next) => systemController.markActivityDone(req, res, next)); +router.post('/activities/:id/cancel', (req, res, next) => systemController.cancelActivity(req, res, next)); +router.post('/activities/:id/reschedule', (req, res, next) => systemController.rescheduleActivity(req, res, next)); +router.delete('/activities/:id', (req, res, next) => systemController.deleteActivity(req, res, next)); + +export default router; diff --git a/backend/src/modules/tenants/index.ts b/backend/src/modules/tenants/index.ts new file mode 100644 index 0000000..de1b03d --- /dev/null +++ b/backend/src/modules/tenants/index.ts @@ -0,0 +1,7 @@ +// Tenants module exports +export { tenantsService } from './tenants.service.js'; +export { tenantsController } from './tenants.controller.js'; +export { default as tenantsRoutes } from './tenants.routes.js'; + +// Types +export type { CreateTenantDto, UpdateTenantDto, TenantStats, TenantWithStats } from './tenants.service.js'; diff --git a/backend/src/modules/tenants/tenants.controller.ts b/backend/src/modules/tenants/tenants.controller.ts new file mode 100644 index 0000000..6f02fb0 --- /dev/null +++ b/backend/src/modules/tenants/tenants.controller.ts @@ -0,0 +1,315 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { tenantsService } from './tenants.service.js'; +import { TenantStatus } from '../auth/entities/index.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError, PaginationParams } from '../../shared/types/index.js'; + +// Validation schemas +const createTenantSchema = z.object({ + name: z.string().min(2, 'El nombre debe tener al menos 2 caracteres'), + subdomain: z.string() + .min(3, 'El subdominio debe tener al menos 3 caracteres') + .max(50, 'El subdominio no puede exceder 50 caracteres') + .regex(/^[a-z0-9-]+$/, 'El subdominio solo puede contener letras minúsculas, números y guiones'), + plan: z.enum(['basic', 'standard', 'premium', 'enterprise']).optional(), + maxUsers: z.number().int().min(1).max(1000).optional(), + settings: z.record(z.any()).optional(), +}); + +const updateTenantSchema = z.object({ + name: z.string().min(2).optional(), + plan: z.enum(['basic', 'standard', 'premium', 'enterprise']).optional(), + maxUsers: z.number().int().min(1).max(1000).optional(), + settings: z.record(z.any()).optional(), +}); + +const updateSettingsSchema = z.object({ + settings: z.record(z.any()), +}); + +export class TenantsController { + /** + * GET /tenants - List all tenants (super_admin only) + */ + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const page = parseInt(req.query.page as string) || 1; + const limit = Math.min(parseInt(req.query.limit as string) || 20, 100); + const sortBy = req.query.sortBy as string || 'name'; + const sortOrder = (req.query.sortOrder as 'asc' | 'desc') || 'asc'; + + const params: PaginationParams = { page, limit, sortBy, sortOrder }; + + // Build filter + const filter: { status?: TenantStatus; search?: string } = {}; + if (req.query.status) { + filter.status = req.query.status as TenantStatus; + } + if (req.query.search) { + filter.search = req.query.search as string; + } + + const result = await tenantsService.findAll(params, filter); + + const response: ApiResponse = { + success: true, + data: result.tenants, + meta: { + page, + limit, + total: result.total, + totalPages: Math.ceil(result.total / limit), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /tenants/current - Get current user's tenant + */ + async getCurrent(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const tenant = await tenantsService.findById(tenantId); + + const response: ApiResponse = { + success: true, + data: tenant, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /tenants/:id - Get tenant by ID (super_admin only) + */ + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const tenant = await tenantsService.findById(tenantId); + + const response: ApiResponse = { + success: true, + data: tenant, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /tenants/:id/stats - Get tenant statistics + */ + async getStats(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const stats = await tenantsService.getTenantStats(tenantId); + + const response: ApiResponse = { + success: true, + data: stats, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /tenants - Create new tenant (super_admin only) + */ + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = createTenantSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const createdBy = req.user!.userId; + const tenant = await tenantsService.create(validation.data, createdBy); + + const response: ApiResponse = { + success: true, + data: tenant, + message: 'Tenant creado exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + /** + * PUT /tenants/:id - Update tenant + */ + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = updateTenantSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.params.id; + const updatedBy = req.user!.userId; + + const tenant = await tenantsService.update(tenantId, validation.data, updatedBy); + + const response: ApiResponse = { + success: true, + data: tenant, + message: 'Tenant actualizado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /tenants/:id/suspend - Suspend tenant (super_admin only) + */ + async suspend(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const updatedBy = req.user!.userId; + + const tenant = await tenantsService.suspend(tenantId, updatedBy); + + const response: ApiResponse = { + success: true, + data: tenant, + message: 'Tenant suspendido exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * POST /tenants/:id/activate - Activate tenant (super_admin only) + */ + async activate(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const updatedBy = req.user!.userId; + + const tenant = await tenantsService.activate(tenantId, updatedBy); + + const response: ApiResponse = { + success: true, + data: tenant, + message: 'Tenant activado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * DELETE /tenants/:id - Soft delete tenant (super_admin only) + */ + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const deletedBy = req.user!.userId; + + await tenantsService.delete(tenantId, deletedBy); + + const response: ApiResponse = { + success: true, + message: 'Tenant eliminado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /tenants/:id/settings - Get tenant settings + */ + async getSettings(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const settings = await tenantsService.getSettings(tenantId); + + const response: ApiResponse = { + success: true, + data: settings, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * PUT /tenants/:id/settings - Update tenant settings + */ + async updateSettings(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = updateSettingsSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.params.id; + const updatedBy = req.user!.userId; + + const settings = await tenantsService.updateSettings( + tenantId, + validation.data.settings, + updatedBy + ); + + const response: ApiResponse = { + success: true, + data: settings, + message: 'Configuración actualizada exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + /** + * GET /tenants/:id/can-add-user - Check if tenant can add more users + */ + async canAddUser(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.params.id; + const result = await tenantsService.canAddUser(tenantId); + + const response: ApiResponse = { + success: true, + data: result, + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const tenantsController = new TenantsController(); diff --git a/backend/src/modules/tenants/tenants.routes.ts b/backend/src/modules/tenants/tenants.routes.ts new file mode 100644 index 0000000..c47acf0 --- /dev/null +++ b/backend/src/modules/tenants/tenants.routes.ts @@ -0,0 +1,69 @@ +import { Router } from 'express'; +import { tenantsController } from './tenants.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// Get current user's tenant (any authenticated user) +router.get('/current', (req, res, next) => + tenantsController.getCurrent(req, res, next) +); + +// List all tenants (super_admin only) +router.get('/', requireRoles('super_admin'), (req, res, next) => + tenantsController.findAll(req, res, next) +); + +// Get tenant by ID (super_admin only) +router.get('/:id', requireRoles('super_admin'), (req, res, next) => + tenantsController.findById(req, res, next) +); + +// Get tenant statistics (super_admin only) +router.get('/:id/stats', requireRoles('super_admin'), (req, res, next) => + tenantsController.getStats(req, res, next) +); + +// Create tenant (super_admin only) +router.post('/', requireRoles('super_admin'), (req, res, next) => + tenantsController.create(req, res, next) +); + +// Update tenant (super_admin only) +router.put('/:id', requireRoles('super_admin'), (req, res, next) => + tenantsController.update(req, res, next) +); + +// Suspend tenant (super_admin only) +router.post('/:id/suspend', requireRoles('super_admin'), (req, res, next) => + tenantsController.suspend(req, res, next) +); + +// Activate tenant (super_admin only) +router.post('/:id/activate', requireRoles('super_admin'), (req, res, next) => + tenantsController.activate(req, res, next) +); + +// Delete tenant (super_admin only) +router.delete('/:id', requireRoles('super_admin'), (req, res, next) => + tenantsController.delete(req, res, next) +); + +// Tenant settings (admin and super_admin) +router.get('/:id/settings', requireRoles('admin', 'super_admin'), (req, res, next) => + tenantsController.getSettings(req, res, next) +); + +router.put('/:id/settings', requireRoles('admin', 'super_admin'), (req, res, next) => + tenantsController.updateSettings(req, res, next) +); + +// Check user limit (admin and super_admin) +router.get('/:id/can-add-user', requireRoles('admin', 'super_admin'), (req, res, next) => + tenantsController.canAddUser(req, res, next) +); + +export default router; diff --git a/backend/src/modules/tenants/tenants.service.ts b/backend/src/modules/tenants/tenants.service.ts new file mode 100644 index 0000000..ca2bbfa --- /dev/null +++ b/backend/src/modules/tenants/tenants.service.ts @@ -0,0 +1,449 @@ +import { Repository } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { Tenant, TenantStatus, User, UserStatus, Company, Role } from '../auth/entities/index.js'; +import { PaginationParams, NotFoundError, ValidationError, ForbiddenError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; + +// ===== Interfaces ===== + +export interface CreateTenantDto { + name: string; + subdomain: string; + plan?: string; + maxUsers?: number; + settings?: Record; +} + +export interface UpdateTenantDto { + name?: string; + plan?: string; + maxUsers?: number; + settings?: Record; +} + +export interface TenantStats { + usersCount: number; + companiesCount: number; + rolesCount: number; + activeUsersCount: number; +} + +export interface TenantWithStats extends Tenant { + stats?: TenantStats; +} + +// ===== TenantsService Class ===== + +class TenantsService { + private tenantRepository: Repository; + private userRepository: Repository; + private companyRepository: Repository; + private roleRepository: Repository; + + constructor() { + this.tenantRepository = AppDataSource.getRepository(Tenant); + this.userRepository = AppDataSource.getRepository(User); + this.companyRepository = AppDataSource.getRepository(Company); + this.roleRepository = AppDataSource.getRepository(Role); + } + + /** + * Get all tenants with pagination (super_admin only) + */ + async findAll( + params: PaginationParams, + filter?: { status?: TenantStatus; search?: string } + ): Promise<{ tenants: Tenant[]; total: number }> { + try { + const { page, limit, sortBy = 'name', sortOrder = 'asc' } = params; + const skip = (page - 1) * limit; + + const queryBuilder = this.tenantRepository + .createQueryBuilder('tenant') + .where('tenant.deletedAt IS NULL') + .orderBy(`tenant.${sortBy}`, sortOrder.toUpperCase() as 'ASC' | 'DESC') + .skip(skip) + .take(limit); + + // Apply filters + if (filter?.status) { + queryBuilder.andWhere('tenant.status = :status', { status: filter.status }); + } + if (filter?.search) { + queryBuilder.andWhere( + '(tenant.name ILIKE :search OR tenant.subdomain ILIKE :search)', + { search: `%${filter.search}%` } + ); + } + + const [tenants, total] = await queryBuilder.getManyAndCount(); + + logger.debug('Tenants retrieved', { count: tenants.length, total }); + + return { tenants, total }; + } catch (error) { + logger.error('Error retrieving tenants', { + error: (error as Error).message, + }); + throw error; + } + } + + /** + * Get tenant by ID + */ + async findById(tenantId: string): Promise { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + throw new NotFoundError('Tenant no encontrado'); + } + + // Get stats + const stats = await this.getTenantStats(tenantId); + + return { ...tenant, stats }; + } catch (error) { + logger.error('Error finding tenant', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get tenant by subdomain + */ + async findBySubdomain(subdomain: string): Promise { + try { + return await this.tenantRepository.findOne({ + where: { subdomain, deletedAt: undefined }, + }); + } catch (error) { + logger.error('Error finding tenant by subdomain', { + error: (error as Error).message, + subdomain, + }); + throw error; + } + } + + /** + * Get tenant statistics + */ + async getTenantStats(tenantId: string): Promise { + try { + const [usersCount, activeUsersCount, companiesCount, rolesCount] = await Promise.all([ + this.userRepository.count({ + where: { tenantId, deletedAt: undefined }, + }), + this.userRepository.count({ + where: { tenantId, status: UserStatus.ACTIVE, deletedAt: undefined }, + }), + this.companyRepository.count({ + where: { tenantId, deletedAt: undefined }, + }), + this.roleRepository.count({ + where: { tenantId, deletedAt: undefined }, + }), + ]); + + return { + usersCount, + activeUsersCount, + companiesCount, + rolesCount, + }; + } catch (error) { + logger.error('Error getting tenant stats', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Create a new tenant (super_admin only) + */ + async create(data: CreateTenantDto, createdBy: string): Promise { + try { + // Validate subdomain uniqueness + const existing = await this.findBySubdomain(data.subdomain); + if (existing) { + throw new ValidationError('Ya existe un tenant con este subdominio'); + } + + // Validate subdomain format (alphanumeric and hyphens only) + if (!/^[a-z0-9-]+$/.test(data.subdomain)) { + throw new ValidationError('El subdominio solo puede contener letras minúsculas, números y guiones'); + } + + // Generate schema name from subdomain + const schemaName = `tenant_${data.subdomain.replace(/-/g, '_')}`; + + // Create tenant + const tenant = this.tenantRepository.create({ + name: data.name, + subdomain: data.subdomain, + schemaName, + status: TenantStatus.ACTIVE, + plan: data.plan || 'basic', + maxUsers: data.maxUsers || 10, + settings: data.settings || {}, + createdBy, + }); + + await this.tenantRepository.save(tenant); + + logger.info('Tenant created', { + tenantId: tenant.id, + subdomain: tenant.subdomain, + createdBy, + }); + + return tenant; + } catch (error) { + logger.error('Error creating tenant', { + error: (error as Error).message, + data, + }); + throw error; + } + } + + /** + * Update a tenant + */ + async update( + tenantId: string, + data: UpdateTenantDto, + updatedBy: string + ): Promise { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + throw new NotFoundError('Tenant no encontrado'); + } + + // Update allowed fields + if (data.name !== undefined) tenant.name = data.name; + if (data.plan !== undefined) tenant.plan = data.plan; + if (data.maxUsers !== undefined) tenant.maxUsers = data.maxUsers; + if (data.settings !== undefined) { + tenant.settings = { ...tenant.settings, ...data.settings }; + } + + tenant.updatedBy = updatedBy; + tenant.updatedAt = new Date(); + + await this.tenantRepository.save(tenant); + + logger.info('Tenant updated', { + tenantId, + updatedBy, + }); + + return await this.findById(tenantId); + } catch (error) { + logger.error('Error updating tenant', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Change tenant status + */ + async changeStatus( + tenantId: string, + status: TenantStatus, + updatedBy: string + ): Promise { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + throw new NotFoundError('Tenant no encontrado'); + } + + tenant.status = status; + tenant.updatedBy = updatedBy; + tenant.updatedAt = new Date(); + + await this.tenantRepository.save(tenant); + + logger.info('Tenant status changed', { + tenantId, + status, + updatedBy, + }); + + return tenant; + } catch (error) { + logger.error('Error changing tenant status', { + error: (error as Error).message, + tenantId, + status, + }); + throw error; + } + } + + /** + * Suspend a tenant + */ + async suspend(tenantId: string, updatedBy: string): Promise { + return this.changeStatus(tenantId, TenantStatus.SUSPENDED, updatedBy); + } + + /** + * Activate a tenant + */ + async activate(tenantId: string, updatedBy: string): Promise { + return this.changeStatus(tenantId, TenantStatus.ACTIVE, updatedBy); + } + + /** + * Soft delete a tenant + */ + async delete(tenantId: string, deletedBy: string): Promise { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + throw new NotFoundError('Tenant no encontrado'); + } + + // Check if tenant has active users + const activeUsers = await this.userRepository.count({ + where: { tenantId, status: UserStatus.ACTIVE, deletedAt: undefined }, + }); + + if (activeUsers > 0) { + throw new ForbiddenError( + `No se puede eliminar el tenant porque tiene ${activeUsers} usuario(s) activo(s). Primero desactive todos los usuarios.` + ); + } + + // Soft delete + tenant.deletedAt = new Date(); + tenant.deletedBy = deletedBy; + tenant.status = TenantStatus.CANCELLED; + + await this.tenantRepository.save(tenant); + + logger.info('Tenant deleted', { + tenantId, + deletedBy, + }); + } catch (error) { + logger.error('Error deleting tenant', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Get tenant settings + */ + async getSettings(tenantId: string): Promise> { + const tenant = await this.findById(tenantId); + return tenant.settings || {}; + } + + /** + * Update tenant settings (merge) + */ + async updateSettings( + tenantId: string, + settings: Record, + updatedBy: string + ): Promise> { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + throw new NotFoundError('Tenant no encontrado'); + } + + tenant.settings = { ...tenant.settings, ...settings }; + tenant.updatedBy = updatedBy; + tenant.updatedAt = new Date(); + + await this.tenantRepository.save(tenant); + + logger.info('Tenant settings updated', { + tenantId, + updatedBy, + }); + + return tenant.settings; + } catch (error) { + logger.error('Error updating tenant settings', { + error: (error as Error).message, + tenantId, + }); + throw error; + } + } + + /** + * Check if tenant has reached user limit + */ + async canAddUser(tenantId: string): Promise<{ allowed: boolean; reason?: string }> { + try { + const tenant = await this.tenantRepository.findOne({ + where: { id: tenantId, deletedAt: undefined }, + }); + + if (!tenant) { + return { allowed: false, reason: 'Tenant no encontrado' }; + } + + if (tenant.status !== TenantStatus.ACTIVE) { + return { allowed: false, reason: 'Tenant no está activo' }; + } + + const currentUsers = await this.userRepository.count({ + where: { tenantId, deletedAt: undefined }, + }); + + if (currentUsers >= tenant.maxUsers) { + return { + allowed: false, + reason: `Se ha alcanzado el límite de usuarios (${tenant.maxUsers})`, + }; + } + + return { allowed: true }; + } catch (error) { + logger.error('Error checking user limit', { + error: (error as Error).message, + tenantId, + }); + return { allowed: false, reason: 'Error verificando límite de usuarios' }; + } + } +} + +// ===== Export Singleton Instance ===== + +export const tenantsService = new TenantsService(); diff --git a/backend/src/modules/users/index.ts b/backend/src/modules/users/index.ts new file mode 100644 index 0000000..e7fab79 --- /dev/null +++ b/backend/src/modules/users/index.ts @@ -0,0 +1,3 @@ +export * from './users.service.js'; +export * from './users.controller.js'; +export { default as usersRoutes } from './users.routes.js'; diff --git a/backend/src/modules/users/users.controller.ts b/backend/src/modules/users/users.controller.ts new file mode 100644 index 0000000..6c45d84 --- /dev/null +++ b/backend/src/modules/users/users.controller.ts @@ -0,0 +1,260 @@ +import { Response, NextFunction } from 'express'; +import { z } from 'zod'; +import { usersService } from './users.service.js'; +import { ApiResponse, AuthenticatedRequest, ValidationError, PaginationParams } from '../../shared/types/index.js'; + +const createUserSchema = z.object({ + email: z.string().email('Email inválido'), + password: z.string().min(8, 'La contraseña debe tener al menos 8 caracteres'), + // Soporta ambos formatos: full_name (legacy) o firstName+lastName (frontend) + full_name: z.string().min(2, 'El nombre debe tener al menos 2 caracteres').optional(), + firstName: z.string().min(2, 'Nombre debe tener al menos 2 caracteres').optional(), + lastName: z.string().min(2, 'Apellido debe tener al menos 2 caracteres').optional(), + status: z.enum(['active', 'inactive', 'pending']).optional(), + is_superuser: z.boolean().optional(), +}).refine( + (data) => data.full_name || (data.firstName && data.lastName), + { message: 'Se requiere full_name o firstName y lastName', path: ['full_name'] } +); + +const updateUserSchema = z.object({ + email: z.string().email('Email inválido').optional(), + full_name: z.string().min(2).optional(), + firstName: z.string().min(2).optional(), + lastName: z.string().min(2).optional(), + status: z.enum(['active', 'inactive', 'pending', 'suspended']).optional(), +}); + +const assignRoleSchema = z.object({ + role_id: z.string().uuid('Role ID inválido'), +}); + +export class UsersController { + async getMe(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.user!.userId; + + const user = await usersService.findById(tenantId, userId); + + const response: ApiResponse = { + success: true, + data: user, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findAll(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const page = parseInt(req.query.page as string) || 1; + const limit = Math.min(parseInt(req.query.limit as string) || 20, 100); + const sortBy = req.query.sortBy as string; + const sortOrder = req.query.sortOrder as 'asc' | 'desc'; + + const params: PaginationParams = { page, limit, sortBy, sortOrder }; + const result = await usersService.findAll(tenantId, params); + + const response: ApiResponse = { + success: true, + data: result.users, + meta: { + page, + limit, + total: result.total, + totalPages: Math.ceil(result.total / limit), + }, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async findById(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.params.id; + + const user = await usersService.findById(tenantId, userId); + + const response: ApiResponse = { + success: true, + data: user, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async create(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = createUserSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const user = await usersService.create({ + ...validation.data, + tenant_id: tenantId, + }); + + const response: ApiResponse = { + success: true, + data: user, + message: 'Usuario creado exitosamente', + }; + + res.status(201).json(response); + } catch (error) { + next(error); + } + } + + async update(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = updateUserSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const tenantId = req.user!.tenantId; + const userId = req.params.id; + + const user = await usersService.update(tenantId, userId, validation.data); + + const response: ApiResponse = { + success: true, + data: user, + message: 'Usuario actualizado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async delete(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.params.id; + + await usersService.delete(tenantId, userId); + + const response: ApiResponse = { + success: true, + message: 'Usuario eliminado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async getRoles(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const userId = req.params.id; + const roles = await usersService.getUserRoles(userId); + + const response: ApiResponse = { + success: true, + data: roles, + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async assignRole(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const validation = assignRoleSchema.safeParse(req.body); + if (!validation.success) { + throw new ValidationError('Datos inválidos', validation.error.errors); + } + + const userId = req.params.id; + await usersService.assignRole(userId, validation.data.role_id); + + const response: ApiResponse = { + success: true, + message: 'Rol asignado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async removeRole(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const userId = req.params.id; + const roleId = req.params.roleId; + + await usersService.removeRole(userId, roleId); + + const response: ApiResponse = { + success: true, + message: 'Rol removido exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async activate(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.params.id; + const currentUserId = req.user!.userId; + + const user = await usersService.activate(tenantId, userId, currentUserId); + + const response: ApiResponse = { + success: true, + data: user, + message: 'Usuario activado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } + + async deactivate(req: AuthenticatedRequest, res: Response, next: NextFunction): Promise { + try { + const tenantId = req.user!.tenantId; + const userId = req.params.id; + const currentUserId = req.user!.userId; + + const user = await usersService.deactivate(tenantId, userId, currentUserId); + + const response: ApiResponse = { + success: true, + data: user, + message: 'Usuario desactivado exitosamente', + }; + + res.json(response); + } catch (error) { + next(error); + } + } +} + +export const usersController = new UsersController(); diff --git a/backend/src/modules/users/users.routes.ts b/backend/src/modules/users/users.routes.ts new file mode 100644 index 0000000..1add501 --- /dev/null +++ b/backend/src/modules/users/users.routes.ts @@ -0,0 +1,60 @@ +import { Router } from 'express'; +import { usersController } from './users.controller.js'; +import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js'; + +const router = Router(); + +// All routes require authentication +router.use(authenticate); + +// Get current user profile +router.get('/me', (req, res, next) => usersController.getMe(req, res, next)); + +// List users (admin, manager) +router.get('/', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + usersController.findAll(req, res, next) +); + +// Get user by ID +router.get('/:id', requireRoles('admin', 'manager', 'super_admin'), (req, res, next) => + usersController.findById(req, res, next) +); + +// Create user (admin only) +router.post('/', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.create(req, res, next) +); + +// Update user (admin only) +router.put('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.update(req, res, next) +); + +// Delete user (admin only) +router.delete('/:id', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.delete(req, res, next) +); + +// Activate/Deactivate user (admin only) +router.post('/:id/activate', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.activate(req, res, next) +); + +router.post('/:id/deactivate', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.deactivate(req, res, next) +); + +// User roles +router.get('/:id/roles', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.getRoles(req, res, next) +); + +router.post('/:id/roles', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.assignRole(req, res, next) +); + +router.delete('/:id/roles/:roleId', requireRoles('admin', 'super_admin'), (req, res, next) => + usersController.removeRole(req, res, next) +); + +export default router; diff --git a/backend/src/modules/users/users.service.ts b/backend/src/modules/users/users.service.ts new file mode 100644 index 0000000..a2f63c9 --- /dev/null +++ b/backend/src/modules/users/users.service.ts @@ -0,0 +1,372 @@ +import bcrypt from 'bcryptjs'; +import { Repository, IsNull } from 'typeorm'; +import { AppDataSource } from '../../config/typeorm.js'; +import { User, UserStatus, Role } from '../auth/entities/index.js'; +import { NotFoundError, ValidationError } from '../../shared/types/index.js'; +import { logger } from '../../shared/utils/logger.js'; +import { splitFullName, buildFullName } from '../auth/auth.service.js'; + +export interface CreateUserDto { + tenant_id: string; + email: string; + password: string; + full_name?: string; + firstName?: string; + lastName?: string; + status?: UserStatus | 'active' | 'inactive' | 'pending'; + is_superuser?: boolean; +} + +export interface UpdateUserDto { + email?: string; + full_name?: string; + firstName?: string; + lastName?: string; + status?: UserStatus | 'active' | 'inactive' | 'pending' | 'suspended'; +} + +export interface UserListParams { + page: number; + limit: number; + search?: string; + status?: UserStatus | 'active' | 'inactive' | 'pending' | 'suspended'; + sortBy?: string; + sortOrder?: 'asc' | 'desc'; +} + +export interface UserResponse { + id: string; + tenantId: string; + email: string; + fullName: string; + firstName: string; + lastName: string; + avatarUrl: string | null; + status: UserStatus; + isSuperuser: boolean; + emailVerifiedAt: Date | null; + lastLoginAt: Date | null; + lastLoginIp: string | null; + loginCount: number; + language: string; + timezone: string; + settings: Record; + createdAt: Date; + updatedAt: Date | null; + roles?: Role[]; +} + +/** + * Transforma usuario de BD a formato frontend (con firstName/lastName) + */ +function transformUserResponse(user: User): UserResponse { + const { passwordHash, ...rest } = user; + const { firstName, lastName } = splitFullName(user.fullName || ''); + return { + ...rest, + firstName, + lastName, + roles: user.roles, + }; +} + +export interface UsersListResult { + users: UserResponse[]; + total: number; +} + +class UsersService { + private userRepository: Repository; + private roleRepository: Repository; + + constructor() { + this.userRepository = AppDataSource.getRepository(User); + this.roleRepository = AppDataSource.getRepository(Role); + } + + async findAll(tenantId: string, params: UserListParams): Promise { + const { + page, + limit, + search, + status, + sortBy = 'createdAt', + sortOrder = 'desc' + } = params; + + const skip = (page - 1) * limit; + + // Mapa de campos para ordenamiento (frontend -> entity) + const sortFieldMap: Record = { + createdAt: 'user.createdAt', + email: 'user.email', + fullName: 'user.fullName', + status: 'user.status', + }; + + const orderField = sortFieldMap[sortBy] || 'user.createdAt'; + const orderDirection = sortOrder.toUpperCase() as 'ASC' | 'DESC'; + + // Crear QueryBuilder + const queryBuilder = this.userRepository + .createQueryBuilder('user') + .where('user.tenantId = :tenantId', { tenantId }) + .andWhere('user.deletedAt IS NULL'); + + // Filtrar por búsqueda (email o fullName) + if (search) { + queryBuilder.andWhere( + '(user.email ILIKE :search OR user.fullName ILIKE :search)', + { search: `%${search}%` } + ); + } + + // Filtrar por status + if (status) { + queryBuilder.andWhere('user.status = :status', { status }); + } + + // Obtener total y usuarios con paginación + const [users, total] = await queryBuilder + .orderBy(orderField, orderDirection) + .skip(skip) + .take(limit) + .getManyAndCount(); + + return { + users: users.map(transformUserResponse), + total, + }; + } + + async findById(tenantId: string, userId: string): Promise { + const user = await this.userRepository.findOne({ + where: { + id: userId, + tenantId, + deletedAt: IsNull(), + }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + return transformUserResponse(user); + } + + async create(dto: CreateUserDto): Promise { + // Check if email already exists + const existingUser = await this.userRepository.findOne({ + where: { email: dto.email.toLowerCase() }, + }); + + if (existingUser) { + throw new ValidationError('El email ya está registrado'); + } + + // Transformar firstName/lastName a fullName para almacenar en BD + const fullName = buildFullName(dto.firstName, dto.lastName, dto.full_name); + + const passwordHash = await bcrypt.hash(dto.password, 10); + + // Crear usuario con repository + const user = this.userRepository.create({ + tenantId: dto.tenant_id, + email: dto.email.toLowerCase(), + passwordHash, + fullName, + status: dto.status as UserStatus || UserStatus.ACTIVE, + isSuperuser: dto.is_superuser || false, + }); + + const savedUser = await this.userRepository.save(user); + + logger.info('User created', { userId: savedUser.id, email: savedUser.email }); + return transformUserResponse(savedUser); + } + + async update(tenantId: string, userId: string, dto: UpdateUserDto): Promise { + // Obtener usuario existente + const user = await this.userRepository.findOne({ + where: { + id: userId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Check email uniqueness if changing + if (dto.email && dto.email.toLowerCase() !== user.email) { + const emailExists = await this.userRepository.findOne({ + where: { + email: dto.email.toLowerCase(), + }, + }); + if (emailExists && emailExists.id !== userId) { + throw new ValidationError('El email ya está en uso'); + } + } + + // Actualizar campos + if (dto.email !== undefined) { + user.email = dto.email.toLowerCase(); + } + + // Soportar firstName/lastName o full_name + const fullName = buildFullName(dto.firstName, dto.lastName, dto.full_name); + if (fullName) { + user.fullName = fullName; + } + + if (dto.status !== undefined) { + user.status = dto.status as UserStatus; + } + + const updatedUser = await this.userRepository.save(user); + + logger.info('User updated', { userId: updatedUser.id }); + return transformUserResponse(updatedUser); + } + + async delete(tenantId: string, userId: string, currentUserId?: string): Promise { + // Obtener usuario para soft delete + const user = await this.userRepository.findOne({ + where: { + id: userId, + tenantId, + deletedAt: IsNull(), + }, + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Soft delete real con deletedAt y deletedBy + user.deletedAt = new Date(); + if (currentUserId) { + user.deletedBy = currentUserId; + } + await this.userRepository.save(user); + + logger.info('User deleted (soft)', { userId, deletedBy: currentUserId || 'unknown' }); + } + + async activate(tenantId: string, userId: string, currentUserId: string): Promise { + const user = await this.userRepository.findOne({ + where: { + id: userId, + tenantId, + deletedAt: IsNull(), + }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + user.status = UserStatus.ACTIVE; + user.updatedBy = currentUserId; + const updatedUser = await this.userRepository.save(user); + + logger.info('User activated', { userId, activatedBy: currentUserId }); + return transformUserResponse(updatedUser); + } + + async deactivate(tenantId: string, userId: string, currentUserId: string): Promise { + const user = await this.userRepository.findOne({ + where: { + id: userId, + tenantId, + deletedAt: IsNull(), + }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + user.status = UserStatus.INACTIVE; + user.updatedBy = currentUserId; + const updatedUser = await this.userRepository.save(user); + + logger.info('User deactivated', { userId, deactivatedBy: currentUserId }); + return transformUserResponse(updatedUser); + } + + async assignRole(userId: string, roleId: string): Promise { + // Obtener usuario con roles + const user = await this.userRepository.findOne({ + where: { id: userId }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Obtener rol + const role = await this.roleRepository.findOne({ + where: { id: roleId }, + }); + + if (!role) { + throw new NotFoundError('Rol no encontrado'); + } + + // Verificar si ya tiene el rol + const hasRole = user.roles?.some(r => r.id === roleId); + if (!hasRole) { + if (!user.roles) { + user.roles = []; + } + user.roles.push(role); + await this.userRepository.save(user); + } + + logger.info('Role assigned to user', { userId, roleId }); + } + + async removeRole(userId: string, roleId: string): Promise { + // Obtener usuario con roles + const user = await this.userRepository.findOne({ + where: { id: userId }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + // Filtrar el rol a eliminar + if (user.roles) { + user.roles = user.roles.filter(r => r.id !== roleId); + await this.userRepository.save(user); + } + + logger.info('Role removed from user', { userId, roleId }); + } + + async getUserRoles(userId: string): Promise { + const user = await this.userRepository.findOne({ + where: { id: userId }, + relations: ['roles'], + }); + + if (!user) { + throw new NotFoundError('Usuario no encontrado'); + } + + return user.roles || []; + } +} + +export const usersService = new UsersService(); diff --git a/backend/src/shared/errors/index.ts b/backend/src/shared/errors/index.ts new file mode 100644 index 0000000..93cdde0 --- /dev/null +++ b/backend/src/shared/errors/index.ts @@ -0,0 +1,18 @@ +// Re-export all error classes from types +export { + AppError, + ValidationError, + UnauthorizedError, + ForbiddenError, + NotFoundError, +} from '../types/index.js'; + +// Additional error class not in types +import { AppError } from '../types/index.js'; + +export class ConflictError extends AppError { + constructor(message: string = 'Conflicto con el recurso existente') { + super(message, 409, 'CONFLICT'); + this.name = 'ConflictError'; + } +} diff --git a/backend/src/shared/middleware/apiKeyAuth.middleware.ts b/backend/src/shared/middleware/apiKeyAuth.middleware.ts new file mode 100644 index 0000000..db513da --- /dev/null +++ b/backend/src/shared/middleware/apiKeyAuth.middleware.ts @@ -0,0 +1,217 @@ +import { Response, NextFunction } from 'express'; +import { apiKeysService } from '../../modules/auth/apiKeys.service.js'; +import { AuthenticatedRequest, UnauthorizedError, ForbiddenError } from '../types/index.js'; +import { logger } from '../utils/logger.js'; + +// ============================================================================ +// API KEY AUTHENTICATION MIDDLEWARE +// ============================================================================ + +/** + * Header name for API Key authentication + * Supports both X-API-Key and Authorization: ApiKey xxx + */ +const API_KEY_HEADER = 'x-api-key'; +const API_KEY_AUTH_PREFIX = 'ApiKey '; + +/** + * Extract API key from request headers + */ +function extractApiKey(req: AuthenticatedRequest): string | null { + // Check X-API-Key header first + const xApiKey = req.headers[API_KEY_HEADER] as string; + if (xApiKey) { + return xApiKey; + } + + // Check Authorization header with ApiKey prefix + const authHeader = req.headers.authorization; + if (authHeader && authHeader.startsWith(API_KEY_AUTH_PREFIX)) { + return authHeader.substring(API_KEY_AUTH_PREFIX.length); + } + + return null; +} + +/** + * Get client IP address from request + */ +function getClientIp(req: AuthenticatedRequest): string | undefined { + // Check X-Forwarded-For header (for proxies/load balancers) + const forwardedFor = req.headers['x-forwarded-for']; + if (forwardedFor) { + const ips = (forwardedFor as string).split(','); + return ips[0].trim(); + } + + // Check X-Real-IP header + const realIp = req.headers['x-real-ip'] as string; + if (realIp) { + return realIp; + } + + // Fallback to socket remote address + return req.socket.remoteAddress; +} + +/** + * Authenticate request using API Key + * Use this middleware for API endpoints that should accept API Key authentication + */ +export function authenticateApiKey( + req: AuthenticatedRequest, + _res: Response, + next: NextFunction +): void { + (async () => { + try { + const apiKey = extractApiKey(req); + + if (!apiKey) { + throw new UnauthorizedError('API key requerida'); + } + + const clientIp = getClientIp(req); + const result = await apiKeysService.validate(apiKey, clientIp); + + if (!result.valid || !result.user) { + logger.warn('API key validation failed', { + error: result.error, + clientIp, + }); + throw new UnauthorizedError(result.error || 'API key inválida'); + } + + // Set user info on request (same format as JWT auth) + req.user = { + userId: result.user.id, + tenantId: result.user.tenant_id, + email: result.user.email, + roles: result.user.roles, + }; + req.tenantId = result.user.tenant_id; + + // Mark request as authenticated via API Key (for logging/audit) + (req as any).authMethod = 'api_key'; + (req as any).apiKeyId = result.apiKey?.id; + + next(); + } catch (error) { + next(error); + } + })(); +} + +/** + * Authenticate request using either JWT or API Key + * Use this for endpoints that should accept both authentication methods + */ +export function authenticateJwtOrApiKey( + req: AuthenticatedRequest, + res: Response, + next: NextFunction +): void { + const apiKey = extractApiKey(req); + const jwtToken = req.headers.authorization?.startsWith('Bearer '); + + if (apiKey) { + // Use API Key authentication + authenticateApiKey(req, res, next); + } else if (jwtToken) { + // Use JWT authentication - import dynamically to avoid circular deps + import('./auth.middleware.js').then(({ authenticate }) => { + authenticate(req, res, next); + }); + } else { + next(new UnauthorizedError('Autenticación requerida (JWT o API Key)')); + } +} + +/** + * Require specific API key scope + * Use after authenticateApiKey to enforce scope restrictions + */ +export function requireApiKeyScope(requiredScope: string) { + return (req: AuthenticatedRequest, _res: Response, next: NextFunction): void => { + try { + const apiKeyId = (req as any).apiKeyId; + const authMethod = (req as any).authMethod; + + // Only check scope for API Key auth + if (authMethod !== 'api_key') { + return next(); + } + + // Get API key scope from database (cached in validation result) + // For now, we'll re-validate - in production, cache this + (async () => { + const apiKey = extractApiKey(req); + if (!apiKey) { + throw new ForbiddenError('API key no encontrada'); + } + + const result = await apiKeysService.validate(apiKey); + if (!result.valid || !result.apiKey) { + throw new ForbiddenError('API key inválida'); + } + + // Null scope means full access + if (result.apiKey.scope === null) { + return next(); + } + + // Check if scope matches + if (result.apiKey.scope !== requiredScope) { + logger.warn('API key scope mismatch', { + apiKeyId, + requiredScope, + actualScope: result.apiKey.scope, + }); + throw new ForbiddenError(`API key no tiene el scope requerido: ${requiredScope}`); + } + + next(); + })(); + } catch (error) { + next(error); + } + }; +} + +/** + * Rate limiting for API Key requests + * Simple in-memory rate limiter - use Redis in production + */ +const rateLimitStore = new Map(); + +export function apiKeyRateLimit(maxRequests: number = 1000, windowMs: number = 60000) { + return (req: AuthenticatedRequest, _res: Response, next: NextFunction): void => { + try { + const apiKeyId = (req as any).apiKeyId; + if (!apiKeyId) { + return next(); + } + + const now = Date.now(); + const record = rateLimitStore.get(apiKeyId); + + if (!record || now > record.resetTime) { + rateLimitStore.set(apiKeyId, { + count: 1, + resetTime: now + windowMs, + }); + return next(); + } + + if (record.count >= maxRequests) { + logger.warn('API key rate limit exceeded', { apiKeyId, count: record.count }); + throw new ForbiddenError('Rate limit excedido. Intente más tarde.'); + } + + record.count++; + next(); + } catch (error) { + next(error); + } + }; +} diff --git a/backend/src/shared/middleware/auth.middleware.ts b/backend/src/shared/middleware/auth.middleware.ts new file mode 100644 index 0000000..a502890 --- /dev/null +++ b/backend/src/shared/middleware/auth.middleware.ts @@ -0,0 +1,119 @@ +import { Response, NextFunction } from 'express'; +import jwt from 'jsonwebtoken'; +import { config } from '../../config/index.js'; +import { AuthenticatedRequest, JwtPayload, UnauthorizedError, ForbiddenError } from '../types/index.js'; +import { logger } from '../utils/logger.js'; + +// Re-export AuthenticatedRequest for convenience +export { AuthenticatedRequest } from '../types/index.js'; + +export function authenticate( + req: AuthenticatedRequest, + _res: Response, + next: NextFunction +): void { + try { + const authHeader = req.headers.authorization; + + if (!authHeader || !authHeader.startsWith('Bearer ')) { + throw new UnauthorizedError('Token de acceso requerido'); + } + + const token = authHeader.substring(7); + + try { + const payload = jwt.verify(token, config.jwt.secret) as JwtPayload; + req.user = payload; + req.tenantId = payload.tenantId; + next(); + } catch (error) { + if (error instanceof jwt.TokenExpiredError) { + throw new UnauthorizedError('Token expirado'); + } + throw new UnauthorizedError('Token inválido'); + } + } catch (error) { + next(error); + } +} + +export function requireRoles(...roles: string[]) { + return (req: AuthenticatedRequest, _res: Response, next: NextFunction): void => { + try { + if (!req.user) { + throw new UnauthorizedError('Usuario no autenticado'); + } + + // Superusers bypass role checks + if (req.user.roles.includes('super_admin')) { + return next(); + } + + const hasRole = roles.some(role => req.user!.roles.includes(role)); + if (!hasRole) { + logger.warn('Access denied - insufficient roles', { + userId: req.user.userId, + requiredRoles: roles, + userRoles: req.user.roles, + }); + throw new ForbiddenError('No tiene permisos para esta acción'); + } + + next(); + } catch (error) { + next(error); + } + }; +} + +export function requirePermission(resource: string, action: string) { + return async (req: AuthenticatedRequest, _res: Response, next: NextFunction): Promise => { + try { + if (!req.user) { + throw new UnauthorizedError('Usuario no autenticado'); + } + + // Superusers bypass permission checks + if (req.user.roles.includes('super_admin')) { + return next(); + } + + // TODO: Check permission in database + // For now, we'll implement this when we have the permission checking service + logger.debug('Permission check', { + userId: req.user.userId, + resource, + action, + }); + + next(); + } catch (error) { + next(error); + } + }; +} + +export function optionalAuth( + req: AuthenticatedRequest, + _res: Response, + next: NextFunction +): void { + try { + const authHeader = req.headers.authorization; + + if (authHeader && authHeader.startsWith('Bearer ')) { + const token = authHeader.substring(7); + try { + const payload = jwt.verify(token, config.jwt.secret) as JwtPayload; + req.user = payload; + req.tenantId = payload.tenantId; + } catch { + // Token invalid, but that's okay for optional auth + } + } + + next(); + } catch (error) { + next(error); + } +} diff --git a/backend/src/shared/middleware/fieldPermissions.middleware.ts b/backend/src/shared/middleware/fieldPermissions.middleware.ts new file mode 100644 index 0000000..1658168 --- /dev/null +++ b/backend/src/shared/middleware/fieldPermissions.middleware.ts @@ -0,0 +1,343 @@ +import { Response, NextFunction } from 'express'; +import { query, queryOne } from '../../config/database.js'; +import { AuthenticatedRequest } from '../types/index.js'; +import { logger } from '../utils/logger.js'; + +// ============================================================================ +// TYPES +// ============================================================================ + +export interface FieldPermission { + field_name: string; + can_read: boolean; + can_write: boolean; +} + +export interface ModelFieldPermissions { + model_name: string; + fields: Map; +} + +// Cache for field permissions per user/model +const permissionsCache = new Map(); +const CACHE_TTL = 5 * 60 * 1000; // 5 minutes + +// ============================================================================ +// HELPER FUNCTIONS +// ============================================================================ + +/** + * Get cache key for user/model combination + */ +function getCacheKey(userId: string, tenantId: string, modelName: string): string { + return `${tenantId}:${userId}:${modelName}`; +} + +/** + * Load field permissions for a user on a specific model + */ +async function loadFieldPermissions( + userId: string, + tenantId: string, + modelName: string +): Promise { + // Check cache first + const cacheKey = getCacheKey(userId, tenantId, modelName); + const cached = permissionsCache.get(cacheKey); + + if (cached && cached.expires > Date.now()) { + return cached.permissions; + } + + // Load from database + const result = await query<{ + field_name: string; + can_read: boolean; + can_write: boolean; + }>( + `SELECT + mf.name as field_name, + COALESCE(fp.can_read, true) as can_read, + COALESCE(fp.can_write, true) as can_write + FROM auth.model_fields mf + JOIN auth.models m ON mf.model_id = m.id + LEFT JOIN auth.field_permissions fp ON mf.id = fp.field_id + LEFT JOIN auth.user_groups ug ON fp.group_id = ug.group_id + WHERE m.model = $1 + AND m.tenant_id = $2 + AND (ug.user_id = $3 OR fp.group_id IS NULL) + GROUP BY mf.name, fp.can_read, fp.can_write`, + [modelName, tenantId, userId] + ); + + if (result.length === 0) { + // No permissions defined = allow all + return null; + } + + const permissions: ModelFieldPermissions = { + model_name: modelName, + fields: new Map(), + }; + + for (const row of result) { + permissions.fields.set(row.field_name, { + field_name: row.field_name, + can_read: row.can_read, + can_write: row.can_write, + }); + } + + // Cache the result + permissionsCache.set(cacheKey, { + permissions, + expires: Date.now() + CACHE_TTL, + }); + + return permissions; +} + +/** + * Filter object fields based on read permissions + */ +function filterReadFields>( + data: T, + permissions: ModelFieldPermissions | null +): Partial { + // No permissions defined = return all fields + if (!permissions || permissions.fields.size === 0) { + return data; + } + + const filtered: Record = {}; + + for (const [key, value] of Object.entries(data)) { + const fieldPerm = permissions.fields.get(key); + + // If no permission defined for field, allow it + // If permission exists and can_read is true, allow it + if (!fieldPerm || fieldPerm.can_read) { + filtered[key] = value; + } + } + + return filtered as Partial; +} + +/** + * Filter array of objects + */ +function filterReadFieldsArray>( + data: T[], + permissions: ModelFieldPermissions | null +): Partial[] { + return data.map(item => filterReadFields(item, permissions)); +} + +/** + * Validate write permissions for incoming data + */ +function validateWriteFields>( + data: T, + permissions: ModelFieldPermissions | null +): { valid: boolean; forbiddenFields: string[] } { + // No permissions defined = allow all writes + if (!permissions || permissions.fields.size === 0) { + return { valid: true, forbiddenFields: [] }; + } + + const forbiddenFields: string[] = []; + + for (const key of Object.keys(data)) { + const fieldPerm = permissions.fields.get(key); + + // If permission exists and can_write is false, it's forbidden + if (fieldPerm && !fieldPerm.can_write) { + forbiddenFields.push(key); + } + } + + return { + valid: forbiddenFields.length === 0, + forbiddenFields, + }; +} + +// ============================================================================ +// MIDDLEWARE FACTORIES +// ============================================================================ + +/** + * Middleware to filter response fields based on read permissions + * Use this on GET endpoints + */ +export function filterResponseFields(modelName: string) { + return async (req: AuthenticatedRequest, res: Response, next: NextFunction): Promise => { + // Store original json method + const originalJson = res.json.bind(res); + + // Override json method to filter fields + res.json = function(body: any) { + (async () => { + try { + // Only filter for authenticated requests + if (!req.user) { + return originalJson(body); + } + + // Load permissions + const permissions = await loadFieldPermissions( + req.user.userId, + req.user.tenantId, + modelName + ); + + // If no permissions defined or super_admin, return original + if (!permissions || req.user.roles.includes('super_admin')) { + return originalJson(body); + } + + // Filter the response + if (body && typeof body === 'object') { + if (body.data) { + if (Array.isArray(body.data)) { + body.data = filterReadFieldsArray(body.data, permissions); + } else if (typeof body.data === 'object') { + body.data = filterReadFields(body.data, permissions); + } + } else if (Array.isArray(body)) { + body = filterReadFieldsArray(body, permissions); + } + } + + return originalJson(body); + } catch (error) { + logger.error('Error filtering response fields', { error, modelName }); + return originalJson(body); + } + })(); + } as typeof res.json; + + next(); + }; +} + +/** + * Middleware to validate write permissions on incoming data + * Use this on POST/PUT/PATCH endpoints + */ +export function validateWritePermissions(modelName: string) { + return async (req: AuthenticatedRequest, res: Response, next: NextFunction): Promise => { + try { + // Skip for unauthenticated requests (they'll fail auth anyway) + if (!req.user) { + return next(); + } + + // Super admins bypass field permission checks + if (req.user.roles.includes('super_admin')) { + return next(); + } + + // Load permissions + const permissions = await loadFieldPermissions( + req.user.userId, + req.user.tenantId, + modelName + ); + + // No permissions defined = allow all + if (!permissions) { + return next(); + } + + // Validate write fields in request body + if (req.body && typeof req.body === 'object') { + const { valid, forbiddenFields } = validateWriteFields(req.body, permissions); + + if (!valid) { + logger.warn('Write permission denied for fields', { + userId: req.user.userId, + modelName, + forbiddenFields, + }); + + res.status(403).json({ + success: false, + error: `No tiene permisos para modificar los campos: ${forbiddenFields.join(', ')}`, + forbiddenFields, + }); + return; + } + } + + next(); + } catch (error) { + logger.error('Error validating write permissions', { error, modelName }); + next(error); + } + }; +} + +/** + * Combined middleware for both read and write validation + */ +export function fieldPermissions(modelName: string) { + const readFilter = filterResponseFields(modelName); + const writeValidator = validateWritePermissions(modelName); + + return async (req: AuthenticatedRequest, res: Response, next: NextFunction): Promise => { + // For write operations, validate first + if (['POST', 'PUT', 'PATCH'].includes(req.method)) { + await writeValidator(req, res, () => { + // If write validation passed, apply read filter for response + readFilter(req, res, next); + }); + } else { + // For read operations, just apply read filter + await readFilter(req, res, next); + } + }; +} + +/** + * Clear permissions cache for a user (call after permission changes) + */ +export function clearPermissionsCache(userId?: string, tenantId?: string): void { + if (userId && tenantId) { + // Clear specific user's cache + const prefix = `${tenantId}:${userId}:`; + for (const key of permissionsCache.keys()) { + if (key.startsWith(prefix)) { + permissionsCache.delete(key); + } + } + } else { + // Clear all cache + permissionsCache.clear(); + } +} + +/** + * Get list of restricted fields for a user on a model + * Useful for frontend to know which fields to hide/disable + */ +export async function getRestrictedFields( + userId: string, + tenantId: string, + modelName: string +): Promise<{ readRestricted: string[]; writeRestricted: string[] }> { + const permissions = await loadFieldPermissions(userId, tenantId, modelName); + + const readRestricted: string[] = []; + const writeRestricted: string[] = []; + + if (permissions) { + for (const [fieldName, perm] of permissions.fields) { + if (!perm.can_read) readRestricted.push(fieldName); + if (!perm.can_write) writeRestricted.push(fieldName); + } + } + + return { readRestricted, writeRestricted }; +} diff --git a/backend/src/shared/services/base.service.ts b/backend/src/shared/services/base.service.ts new file mode 100644 index 0000000..73ea039 --- /dev/null +++ b/backend/src/shared/services/base.service.ts @@ -0,0 +1,429 @@ +import { query, queryOne, getClient, PoolClient } from '../../config/database.js'; +import { NotFoundError, ValidationError } from '../errors/index.js'; +import { PaginationMeta } from '../types/index.js'; + +/** + * Resultado paginado genérico + */ +export interface PaginatedResult { + data: T[]; + total: number; + page: number; + limit: number; + totalPages: number; +} + +/** + * Filtros de paginación base + */ +export interface BasePaginationFilters { + page?: number; + limit?: number; + sortBy?: string; + sortOrder?: 'asc' | 'desc'; + search?: string; +} + +/** + * Opciones para construcción de queries + */ +export interface QueryOptions { + client?: PoolClient; + includeDeleted?: boolean; +} + +/** + * Configuración del servicio base + */ +export interface BaseServiceConfig { + tableName: string; + schema: string; + selectFields: string; + searchFields?: string[]; + defaultSortField?: string; + softDelete?: boolean; +} + +/** + * Clase base abstracta para servicios CRUD con soporte multi-tenant + * + * Proporciona implementaciones reutilizables para: + * - Paginación con filtros + * - Búsqueda por texto + * - CRUD básico + * - Soft delete + * - Transacciones + * + * @example + * ```typescript + * class PartnersService extends BaseService { + * protected config: BaseServiceConfig = { + * tableName: 'partners', + * schema: 'core', + * selectFields: 'id, tenant_id, name, email, phone, created_at', + * searchFields: ['name', 'email', 'tax_id'], + * defaultSortField: 'name', + * softDelete: true, + * }; + * } + * ``` + */ +export abstract class BaseService { + protected abstract config: BaseServiceConfig; + + /** + * Nombre completo de la tabla (schema.table) + */ + protected get fullTableName(): string { + return `${this.config.schema}.${this.config.tableName}`; + } + + /** + * Obtiene todos los registros con paginación y filtros + */ + async findAll( + tenantId: string, + filters: BasePaginationFilters & Record = {}, + options: QueryOptions = {} + ): Promise> { + const { + page = 1, + limit = 20, + sortBy = this.config.defaultSortField || 'created_at', + sortOrder = 'desc', + search, + ...customFilters + } = filters; + + const offset = (page - 1) * limit; + const params: any[] = [tenantId]; + let paramIndex = 2; + + // Construir WHERE clause + let whereClause = 'WHERE tenant_id = $1'; + + // Soft delete + if (this.config.softDelete && !options.includeDeleted) { + whereClause += ' AND deleted_at IS NULL'; + } + + // Búsqueda por texto + if (search && this.config.searchFields?.length) { + const searchConditions = this.config.searchFields + .map(field => `${field} ILIKE $${paramIndex}`) + .join(' OR '); + whereClause += ` AND (${searchConditions})`; + params.push(`%${search}%`); + paramIndex++; + } + + // Filtros custom + for (const [key, value] of Object.entries(customFilters)) { + if (value !== undefined && value !== null && value !== '') { + whereClause += ` AND ${key} = $${paramIndex++}`; + params.push(value); + } + } + + // Validar sortBy para prevenir SQL injection + const safeSortBy = this.sanitizeFieldName(sortBy); + const safeSortOrder = sortOrder === 'asc' ? 'ASC' : 'DESC'; + + // Query de conteo + const countSql = ` + SELECT COUNT(*) as count + FROM ${this.fullTableName} + ${whereClause} + `; + + // Query de datos + const dataSql = ` + SELECT ${this.config.selectFields} + FROM ${this.fullTableName} + ${whereClause} + ORDER BY ${safeSortBy} ${safeSortOrder} + LIMIT $${paramIndex++} OFFSET $${paramIndex} + `; + + if (options.client) { + const [countResult, dataResult] = await Promise.all([ + options.client.query(countSql, params), + options.client.query(dataSql, [...params, limit, offset]), + ]); + + const total = parseInt(countResult.rows[0]?.count || '0', 10); + + return { + data: dataResult.rows as T[], + total, + page, + limit, + totalPages: Math.ceil(total / limit), + }; + } + + const [countRows, dataRows] = await Promise.all([ + query<{ count: string }>(countSql, params), + query(dataSql, [...params, limit, offset]), + ]); + + const total = parseInt(countRows[0]?.count || '0', 10); + + return { + data: dataRows, + total, + page, + limit, + totalPages: Math.ceil(total / limit), + }; + } + + /** + * Obtiene un registro por ID + */ + async findById( + id: string, + tenantId: string, + options: QueryOptions = {} + ): Promise { + let whereClause = 'WHERE id = $1 AND tenant_id = $2'; + + if (this.config.softDelete && !options.includeDeleted) { + whereClause += ' AND deleted_at IS NULL'; + } + + const sql = ` + SELECT ${this.config.selectFields} + FROM ${this.fullTableName} + ${whereClause} + `; + + if (options.client) { + const result = await options.client.query(sql, [id, tenantId]); + return result.rows[0] as T || null; + } + const rows = await query(sql, [id, tenantId]); + return rows[0] || null; + } + + /** + * Obtiene un registro por ID o lanza error si no existe + */ + async findByIdOrFail( + id: string, + tenantId: string, + options: QueryOptions = {} + ): Promise { + const entity = await this.findById(id, tenantId, options); + if (!entity) { + throw new NotFoundError(`${this.config.tableName} with id ${id} not found`); + } + return entity; + } + + /** + * Verifica si existe un registro + */ + async exists( + id: string, + tenantId: string, + options: QueryOptions = {} + ): Promise { + let whereClause = 'WHERE id = $1 AND tenant_id = $2'; + + if (this.config.softDelete && !options.includeDeleted) { + whereClause += ' AND deleted_at IS NULL'; + } + + const sql = ` + SELECT 1 FROM ${this.fullTableName} + ${whereClause} + LIMIT 1 + `; + + if (options.client) { + const result = await options.client.query(sql, [id, tenantId]); + return result.rows.length > 0; + } + const rows = await query(sql, [id, tenantId]); + return rows.length > 0; + } + + /** + * Soft delete de un registro + */ + async softDelete( + id: string, + tenantId: string, + userId: string, + options: QueryOptions = {} + ): Promise { + if (!this.config.softDelete) { + throw new ValidationError('Soft delete not enabled for this entity'); + } + + const sql = ` + UPDATE ${this.fullTableName} + SET deleted_at = CURRENT_TIMESTAMP, + deleted_by = $3, + updated_at = CURRENT_TIMESTAMP + WHERE id = $1 AND tenant_id = $2 AND deleted_at IS NULL + RETURNING id + `; + + if (options.client) { + const result = await options.client.query(sql, [id, tenantId, userId]); + return result.rows.length > 0; + } + const rows = await query(sql, [id, tenantId, userId]); + return rows.length > 0; + } + + /** + * Hard delete de un registro + */ + async hardDelete( + id: string, + tenantId: string, + options: QueryOptions = {} + ): Promise { + const sql = ` + DELETE FROM ${this.fullTableName} + WHERE id = $1 AND tenant_id = $2 + RETURNING id + `; + + if (options.client) { + const result = await options.client.query(sql, [id, tenantId]); + return result.rows.length > 0; + } + const rows = await query(sql, [id, tenantId]); + return rows.length > 0; + } + + /** + * Cuenta registros con filtros + */ + async count( + tenantId: string, + filters: Record = {}, + options: QueryOptions = {} + ): Promise { + const params: any[] = [tenantId]; + let paramIndex = 2; + let whereClause = 'WHERE tenant_id = $1'; + + if (this.config.softDelete && !options.includeDeleted) { + whereClause += ' AND deleted_at IS NULL'; + } + + for (const [key, value] of Object.entries(filters)) { + if (value !== undefined && value !== null) { + whereClause += ` AND ${key} = $${paramIndex++}`; + params.push(value); + } + } + + const sql = ` + SELECT COUNT(*) as count + FROM ${this.fullTableName} + ${whereClause} + `; + + if (options.client) { + const result = await options.client.query(sql, params); + return parseInt(result.rows[0]?.count || '0', 10); + } + const rows = await query<{ count: string }>(sql, params); + return parseInt(rows[0]?.count || '0', 10); + } + + /** + * Ejecuta una función dentro de una transacción + */ + protected async withTransaction( + fn: (client: PoolClient) => Promise + ): Promise { + const client = await getClient(); + try { + await client.query('BEGIN'); + const result = await fn(client); + await client.query('COMMIT'); + return result; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } + + /** + * Sanitiza nombre de campo para prevenir SQL injection + */ + protected sanitizeFieldName(field: string): string { + // Solo permite caracteres alfanuméricos y guiones bajos + if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(field)) { + return this.config.defaultSortField || 'created_at'; + } + return field; + } + + /** + * Construye un INSERT dinámico + */ + protected buildInsertQuery( + data: Record, + additionalFields: Record = {} + ): { sql: string; params: any[] } { + const allData = { ...data, ...additionalFields }; + const fields = Object.keys(allData); + const values = Object.values(allData); + const placeholders = fields.map((_, i) => `$${i + 1}`); + + const sql = ` + INSERT INTO ${this.fullTableName} (${fields.join(', ')}) + VALUES (${placeholders.join(', ')}) + RETURNING ${this.config.selectFields} + `; + + return { sql, params: values }; + } + + /** + * Construye un UPDATE dinámico + */ + protected buildUpdateQuery( + id: string, + tenantId: string, + data: Record + ): { sql: string; params: any[] } { + const fields = Object.keys(data).filter(k => data[k] !== undefined); + const setClauses = fields.map((f, i) => `${f} = $${i + 1}`); + const values = fields.map(f => data[f]); + + // Agregar updated_at automáticamente + setClauses.push(`updated_at = CURRENT_TIMESTAMP`); + + const paramIndex = fields.length + 1; + + const sql = ` + UPDATE ${this.fullTableName} + SET ${setClauses.join(', ')} + WHERE id = $${paramIndex} AND tenant_id = $${paramIndex + 1} + RETURNING ${this.config.selectFields} + `; + + return { sql, params: [...values, id, tenantId] }; + } + + /** + * Redondea a N decimales + */ + protected roundToDecimals(value: number, decimals: number = 2): number { + const factor = Math.pow(10, decimals); + return Math.round(value * factor) / factor; + } +} + +export default BaseService; diff --git a/backend/src/shared/services/index.ts b/backend/src/shared/services/index.ts new file mode 100644 index 0000000..ff03ec0 --- /dev/null +++ b/backend/src/shared/services/index.ts @@ -0,0 +1,7 @@ +export { + BaseService, + PaginatedResult, + BasePaginationFilters, + QueryOptions, + BaseServiceConfig, +} from './base.service.js'; diff --git a/backend/src/shared/types/index.ts b/backend/src/shared/types/index.ts new file mode 100644 index 0000000..f7a618e --- /dev/null +++ b/backend/src/shared/types/index.ts @@ -0,0 +1,144 @@ +import { Request } from 'express'; + +// API Response types +export interface ApiResponse { + success: boolean; + data?: T; + message?: string; + error?: string; + meta?: PaginationMeta; +} + +export interface PaginationMeta { + page: number; + limit: number; + total: number; + totalPages: number; +} + +export interface PaginationParams { + page: number; + limit: number; + sortBy?: string; + sortOrder?: 'asc' | 'desc'; +} + +// Auth types +export interface JwtPayload { + userId: string; + tenantId: string; + email: string; + roles: string[]; + sessionId?: string; + jti?: string; + iat?: number; + exp?: number; +} + +export interface AuthenticatedRequest extends Request { + user?: JwtPayload; + tenantId?: string; +} + +// User types (matching auth.users table) +export interface User { + id: string; + tenant_id: string; + email: string; + password_hash?: string; + full_name: string; + status: 'active' | 'inactive' | 'pending' | 'suspended'; + is_superuser: boolean; + email_verified_at?: Date; + last_login_at?: Date; + created_at: Date; + updated_at: Date; +} + +// Role types (matching auth.roles table) +export interface Role { + id: string; + tenant_id: string; + name: string; + code: string; + description?: string; + is_system: boolean; + color?: string; + created_at: Date; +} + +// Permission types (matching auth.permissions table) +export interface Permission { + id: string; + resource: string; + action: string; + description?: string; + module: string; +} + +// Tenant types (matching auth.tenants table) +export interface Tenant { + id: string; + name: string; + subdomain: string; + schema_name: string; + status: 'active' | 'inactive' | 'suspended'; + settings: Record; + plan: string; + max_users: number; + created_at: Date; +} + +// Company types (matching auth.companies table) +export interface Company { + id: string; + tenant_id: string; + parent_company_id?: string; + name: string; + legal_name?: string; + tax_id?: string; + currency_id?: string; + settings: Record; + created_at: Date; +} + +// Error types +export class AppError extends Error { + constructor( + public message: string, + public statusCode: number = 500, + public code?: string + ) { + super(message); + this.name = 'AppError'; + Error.captureStackTrace(this, this.constructor); + } +} + +export class ValidationError extends AppError { + constructor(message: string, public details?: any[]) { + super(message, 400, 'VALIDATION_ERROR'); + this.name = 'ValidationError'; + } +} + +export class UnauthorizedError extends AppError { + constructor(message: string = 'No autorizado') { + super(message, 401, 'UNAUTHORIZED'); + this.name = 'UnauthorizedError'; + } +} + +export class ForbiddenError extends AppError { + constructor(message: string = 'Acceso denegado') { + super(message, 403, 'FORBIDDEN'); + this.name = 'ForbiddenError'; + } +} + +export class NotFoundError extends AppError { + constructor(message: string = 'Recurso no encontrado') { + super(message, 404, 'NOT_FOUND'); + this.name = 'NotFoundError'; + } +} diff --git a/backend/src/shared/utils/logger.ts b/backend/src/shared/utils/logger.ts new file mode 100644 index 0000000..e415c4e --- /dev/null +++ b/backend/src/shared/utils/logger.ts @@ -0,0 +1,40 @@ +import winston from 'winston'; +import { config } from '../../config/index.js'; + +const { combine, timestamp, printf, colorize, errors } = winston.format; + +const logFormat = printf(({ level, message, timestamp, ...metadata }) => { + let msg = `${timestamp} [${level}]: ${message}`; + if (Object.keys(metadata).length > 0) { + msg += ` ${JSON.stringify(metadata)}`; + } + return msg; +}); + +export const logger = winston.createLogger({ + level: config.logging.level, + format: combine( + errors({ stack: true }), + timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), + logFormat + ), + transports: [ + new winston.transports.Console({ + format: combine( + colorize(), + timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), + logFormat + ), + }), + ], +}); + +// Add file transport in production +if (config.env === 'production') { + logger.add( + new winston.transports.File({ filename: 'logs/error.log', level: 'error' }) + ); + logger.add( + new winston.transports.File({ filename: 'logs/combined.log' }) + ); +} diff --git a/backend/tsconfig.json b/backend/tsconfig.json new file mode 100644 index 0000000..10327a5 --- /dev/null +++ b/backend/tsconfig.json @@ -0,0 +1,30 @@ +{ + "compilerOptions": { + "target": "ES2022", + "module": "NodeNext", + "moduleResolution": "NodeNext", + "lib": ["ES2022"], + "outDir": "./dist", + "rootDir": "./src", + "strict": true, + "strictPropertyInitialization": false, + "esModuleInterop": true, + "skipLibCheck": true, + "forceConsistentCasingInFileNames": true, + "resolveJsonModule": true, + "declaration": true, + "declarationMap": true, + "sourceMap": true, + "experimentalDecorators": true, + "emitDecoratorMetadata": true, + "baseUrl": "./src", + "paths": { + "@config/*": ["config/*"], + "@modules/*": ["modules/*"], + "@shared/*": ["shared/*"], + "@routes/*": ["routes/*"] + } + }, + "include": ["src/**/*"], + "exclude": ["node_modules", "dist", "**/*.test.ts"] +} diff --git a/database/README.md b/database/README.md new file mode 100644 index 0000000..2ce697f --- /dev/null +++ b/database/README.md @@ -0,0 +1,171 @@ +# Database - ERP Generic + +**Version:** 1.1.0 +**Database:** PostgreSQL 15+ +**Schemas:** 12 +**Tables:** 118 +**Last Updated:** 2025-12-06 + +## Quick Start + +### Prerequisites + +- Docker & Docker Compose +- PostgreSQL 15+ (or use Docker) +- psql CLI + +### Setup + +```bash +# 1. Start PostgreSQL with Docker +docker-compose up -d + +# 2. Create database and run migrations +./scripts/create-database.sh + +# 3. Load seed data (development) +./scripts/load-seeds.sh dev +``` + +## Directory Structure + +``` +database/ +├── ddl/ # Data Definition Language (SQL schemas) +│ ├── 00-prerequisites.sql # Extensions, common functions +│ ├── 01-auth.sql # Authentication, users, roles +│ ├── 02-core.sql # Partners, catalogs, master data +│ ├── 03-analytics.sql # Analytic accounting +│ ├── 04-financial.sql # Accounts, journals, invoices +│ ├── 05-inventory.sql # Products, stock, warehouses +│ ├── 06-purchase.sql # Purchase orders, vendors +│ ├── 07-sales.sql # Sales orders, customers +│ ├── 08-projects.sql # Projects, tasks, timesheets +│ ├── 09-system.sql # Messages, notifications, logs +│ ├── 10-billing.sql # SaaS subscriptions, plans, payments +│ ├── 11-crm.sql # Leads, opportunities, pipeline +│ └── 12-hr.sql # Employees, contracts, leaves +├── scripts/ # Shell scripts +│ ├── create-database.sh # Master creation script +│ ├── drop-database.sh # Drop database +│ ├── load-seeds.sh # Load seed data +│ └── reset-database.sh # Drop and recreate +├── seeds/ # Initial data +│ ├── dev/ # Development seeds +│ └── prod/ # Production seeds +├── migrations/ # Incremental changes (empty by design) +├── docker-compose.yml # PostgreSQL container +└── .env.example # Environment variables template +``` + +## Schemas + +| Schema | Module | Tables | Description | +|--------|--------|--------|-------------| +| `auth` | MGN-001 | 10 | Authentication, users, roles, permissions, multi-tenancy | +| `core` | MGN-002, MGN-003 | 12 | Partners, addresses, currencies, countries, UoM, categories | +| `analytics` | MGN-008 | 7 | Analytic plans, accounts, distributions, cost centers | +| `financial` | MGN-004 | 15 | Chart of accounts, journals, entries, invoices, payments | +| `inventory` | MGN-005 | 10 | Products, warehouses, locations, stock moves, pickings | +| `purchase` | MGN-006 | 8 | RFQs, purchase orders, vendor pricelists, agreements | +| `sales` | MGN-007 | 10 | Quotations, sales orders, pricelists, teams | +| `projects` | MGN-011 | 10 | Projects, tasks, milestones, timesheets | +| `system` | MGN-012, MGN-014 | 13 | Messages, notifications, activities, logs, reports | +| `billing` | MGN-015 | 11 | SaaS subscriptions, plans, payments, coupons | +| `crm` | MGN-009 | 6 | Leads, opportunities, pipeline, activities | +| `hr` | MGN-010 | 6 | Employees, departments, contracts, leaves | + +## Execution Order + +The DDL files must be executed in order due to dependencies: + +1. `00-prerequisites.sql` - Extensions, base functions +2. `01-auth.sql` - Base schema (no dependencies) +3. `02-core.sql` - Depends on auth +4. `03-analytics.sql` - Depends on auth, core +5. `04-financial.sql` - Depends on auth, core, analytics +6. `05-inventory.sql` - Depends on auth, core, analytics +7. `06-purchase.sql` - Depends on auth, core, inventory, analytics +8. `07-sales.sql` - Depends on auth, core, inventory, analytics +9. `08-projects.sql` - Depends on auth, core, analytics +10. `09-system.sql` - Depends on auth, core +11. `10-billing.sql` - Depends on auth, core +12. `11-crm.sql` - Depends on auth, core, sales +13. `12-hr.sql` - Depends on auth, core + +## Features + +### Multi-Tenancy (RLS) + +All transactional tables have: +- `tenant_id` column +- Row Level Security (RLS) policies +- Context functions: `get_current_tenant_id()`, `get_current_user_id()` + +### Audit Trail + +All tables include: +- `created_at`, `created_by` +- `updated_at`, `updated_by` +- `deleted_at`, `deleted_by` (soft delete) + +### Automatic Triggers + +- `updated_at` auto-update on all tables +- Balance validation for journal entries +- Invoice totals calculation +- Stock quantity updates + +## Environment Variables + +```bash +# Database connection +POSTGRES_HOST=localhost +POSTGRES_PORT=5432 +POSTGRES_DB=erp_generic +POSTGRES_USER=erp_admin +POSTGRES_PASSWORD=your_secure_password + +# Optional +POSTGRES_SCHEMA=public +``` + +## Commands + +```bash +# Create database from scratch (DDL only) +./scripts/create-database.sh + +# Drop database +./scripts/drop-database.sh + +# Reset (drop + create DDL + seeds dev) - RECOMENDADO +./scripts/reset-database.sh # Pide confirmación +./scripts/reset-database.sh --force # Sin confirmación (CI/CD) +./scripts/reset-database.sh --no-seeds # Solo DDL, sin seeds +./scripts/reset-database.sh --env prod # Seeds de producción + +# Load seeds manualmente +./scripts/load-seeds.sh dev # Development +./scripts/load-seeds.sh prod # Production +``` + +> **NOTA:** No se usan migrations. Ver `DIRECTIVA-POLITICA-CARGA-LIMPIA.md` para detalles. + +## Statistics + +- **Schemas:** 12 +- **Tables:** 144 (118 base + 26 extensiones) +- **DDL Files:** 15 +- **Functions:** 63 +- **Triggers:** 92 +- **Indexes:** 450+ +- **RLS Policies:** 85+ +- **ENUMs:** 64 +- **Lines of SQL:** ~10,000 + +## References + +- [ADR-007: Database Design](/docs/adr/ADR-007-database-design.md) +- [Gamilit Database Reference](/shared/reference/gamilit/database/) +- [Odoo Analysis](/docs/00-analisis-referencias/odoo/) diff --git a/database/ddl/00-prerequisites.sql b/database/ddl/00-prerequisites.sql new file mode 100644 index 0000000..7fc8d34 --- /dev/null +++ b/database/ddl/00-prerequisites.sql @@ -0,0 +1,207 @@ +-- ============================================================================ +-- ERP GENERIC - DATABASE PREREQUISITES +-- ============================================================================ +-- Version: 1.0.0 +-- Description: Extensions, common types, and utility functions +-- Execute: FIRST (before any schema) +-- ============================================================================ + +-- Enable required extensions +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- UUID generation +CREATE EXTENSION IF NOT EXISTS "pgcrypto"; -- Password hashing +CREATE EXTENSION IF NOT EXISTS "pg_trgm"; -- Trigram similarity (fuzzy search) +CREATE EXTENSION IF NOT EXISTS "unaccent"; -- Remove accents for search + +-- ============================================================================ +-- UTILITY FUNCTIONS +-- ============================================================================ + +-- Function: Update updated_at timestamp +CREATE OR REPLACE FUNCTION update_updated_at_column() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = CURRENT_TIMESTAMP; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION update_updated_at_column() IS +'Generic trigger function to auto-update updated_at timestamp on row modification'; + +-- Function: Normalize text for search (remove accents, lowercase) +CREATE OR REPLACE FUNCTION normalize_search_text(p_text TEXT) +RETURNS TEXT AS $$ +BEGIN + RETURN LOWER(unaccent(COALESCE(p_text, ''))); +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION normalize_search_text(TEXT) IS +'Normalize text for search by removing accents and converting to lowercase'; + +-- Function: Generate random alphanumeric code +CREATE OR REPLACE FUNCTION generate_random_code(p_length INTEGER DEFAULT 8) +RETURNS TEXT AS $$ +DECLARE + chars TEXT := 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + result TEXT := ''; + i INTEGER; +BEGIN + FOR i IN 1..p_length LOOP + result := result || substr(chars, floor(random() * length(chars) + 1)::INTEGER, 1); + END LOOP; + RETURN result; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION generate_random_code(INTEGER) IS +'Generate random alphanumeric code of specified length (default 8)'; + +-- Function: Validate email format +CREATE OR REPLACE FUNCTION is_valid_email(p_email TEXT) +RETURNS BOOLEAN AS $$ +BEGIN + RETURN p_email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION is_valid_email(TEXT) IS +'Validate email format using regex'; + +-- Function: Validate phone number format (basic) +CREATE OR REPLACE FUNCTION is_valid_phone(p_phone TEXT) +RETURNS BOOLEAN AS $$ +BEGIN + -- Basic validation: only digits, spaces, dashes, parentheses, plus sign + RETURN p_phone ~ '^[\d\s\-\(\)\+]+$' AND length(regexp_replace(p_phone, '[^\d]', '', 'g')) >= 7; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION is_valid_phone(TEXT) IS +'Validate phone number format (at least 7 digits)'; + +-- Function: Clean phone number (keep only digits) +CREATE OR REPLACE FUNCTION clean_phone(p_phone TEXT) +RETURNS TEXT AS $$ +BEGIN + RETURN regexp_replace(COALESCE(p_phone, ''), '[^\d]', '', 'g'); +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION clean_phone(TEXT) IS +'Remove non-numeric characters from phone number'; + +-- Function: Calculate age from date +CREATE OR REPLACE FUNCTION calculate_age(p_birthdate DATE) +RETURNS INTEGER AS $$ +BEGIN + IF p_birthdate IS NULL THEN + RETURN NULL; + END IF; + RETURN EXTRACT(YEAR FROM age(CURRENT_DATE, p_birthdate))::INTEGER; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION calculate_age(DATE) IS +'Calculate age in years from birthdate'; + +-- Function: Get current fiscal year start +CREATE OR REPLACE FUNCTION get_fiscal_year_start(p_date DATE DEFAULT CURRENT_DATE) +RETURNS DATE AS $$ +BEGIN + -- Assuming fiscal year starts January 1st + -- Modify if different fiscal year start is needed + RETURN DATE_TRUNC('year', p_date)::DATE; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION get_fiscal_year_start(DATE) IS +'Get the start date of fiscal year for a given date (default: January 1st)'; + +-- Function: Round to decimal places +CREATE OR REPLACE FUNCTION round_currency(p_amount NUMERIC, p_decimals INTEGER DEFAULT 2) +RETURNS NUMERIC AS $$ +BEGIN + RETURN ROUND(COALESCE(p_amount, 0), p_decimals); +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION round_currency(NUMERIC, INTEGER) IS +'Round numeric value to specified decimal places (default 2 for currency)'; + +-- ============================================================================ +-- COMMON TYPES +-- ============================================================================ + +-- Type: Money with currency (for multi-currency support) +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'money_amount') THEN + CREATE TYPE money_amount AS ( + amount NUMERIC(15, 2), + currency_code CHAR(3) + ); + END IF; +END $$; + +COMMENT ON TYPE money_amount IS +'Composite type for storing monetary values with currency code'; + +-- Type: Address components +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_type WHERE typname = 'address_components') THEN + CREATE TYPE address_components AS ( + street VARCHAR(255), + street2 VARCHAR(255), + city VARCHAR(100), + state VARCHAR(100), + zip VARCHAR(20), + country_code CHAR(2) + ); + END IF; +END $$; + +COMMENT ON TYPE address_components IS +'Composite type for address components (street, city, state, zip, country)'; + +-- ============================================================================ +-- SCHEMA CREATION +-- ============================================================================ + +-- Create all schemas upfront to avoid circular dependency issues +CREATE SCHEMA IF NOT EXISTS auth; +CREATE SCHEMA IF NOT EXISTS core; +CREATE SCHEMA IF NOT EXISTS analytics; +CREATE SCHEMA IF NOT EXISTS financial; +CREATE SCHEMA IF NOT EXISTS inventory; +CREATE SCHEMA IF NOT EXISTS purchase; +CREATE SCHEMA IF NOT EXISTS sales; +CREATE SCHEMA IF NOT EXISTS projects; +CREATE SCHEMA IF NOT EXISTS system; + +-- Set search path to include all schemas +ALTER DATABASE erp_generic SET search_path TO public, auth, core, analytics, financial, inventory, purchase, sales, projects, system; + +-- Grant usage on schemas to public role (will be refined per-user later) +GRANT USAGE ON SCHEMA auth TO PUBLIC; +GRANT USAGE ON SCHEMA core TO PUBLIC; +GRANT USAGE ON SCHEMA analytics TO PUBLIC; +GRANT USAGE ON SCHEMA financial TO PUBLIC; +GRANT USAGE ON SCHEMA inventory TO PUBLIC; +GRANT USAGE ON SCHEMA purchase TO PUBLIC; +GRANT USAGE ON SCHEMA sales TO PUBLIC; +GRANT USAGE ON SCHEMA projects TO PUBLIC; +GRANT USAGE ON SCHEMA system TO PUBLIC; + +-- ============================================================================ +-- PREREQUISITES COMPLETE +-- ============================================================================ + +DO $$ +BEGIN + RAISE NOTICE 'Prerequisites installed successfully!'; + RAISE NOTICE 'Extensions: uuid-ossp, pgcrypto, pg_trgm, unaccent'; + RAISE NOTICE 'Schemas created: auth, core, analytics, financial, inventory, purchase, sales, projects, system'; + RAISE NOTICE 'Utility functions: 9 functions installed'; +END $$; diff --git a/database/ddl/01-auth-extensions.sql b/database/ddl/01-auth-extensions.sql new file mode 100644 index 0000000..dc0a46c --- /dev/null +++ b/database/ddl/01-auth-extensions.sql @@ -0,0 +1,891 @@ +-- ===================================================== +-- SCHEMA: auth (Extensiones) +-- PROPÓSITO: 2FA, API Keys, OAuth2, Grupos, ACL, Record Rules +-- MÓDULOS: MGN-001 (Fundamentos), MGN-002 (Usuarios), MGN-003 (Roles) +-- FECHA: 2025-12-08 +-- VERSION: 1.0.0 +-- DEPENDENCIAS: 01-auth.sql +-- SPECS RELACIONADAS: +-- - SPEC-TWO-FACTOR-AUTHENTICATION.md +-- - SPEC-SEGURIDAD-API-KEYS-PERMISOS.md +-- - SPEC-OAUTH2-SOCIAL-LOGIN.md +-- ===================================================== + +-- ===================================================== +-- PARTE 1: GROUPS Y HERENCIA +-- ===================================================== + +-- Tabla: groups (Grupos de usuarios con herencia) +CREATE TABLE auth.groups ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + code VARCHAR(100) NOT NULL, + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Configuración + is_system BOOLEAN NOT NULL DEFAULT FALSE, -- Grupos del sistema no editables + category VARCHAR(100), -- Categoría para agrupación (ventas, compras, etc.) + color VARCHAR(20), + + -- API Keys + api_key_max_duration_days INTEGER DEFAULT 30 + CHECK (api_key_max_duration_days >= 0), -- 0 = sin expiración (solo grupos system) + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_groups_code_tenant UNIQUE (tenant_id, code) +); + +-- Tabla: group_implied (Herencia de grupos) +CREATE TABLE auth.group_implied ( + group_id UUID NOT NULL REFERENCES auth.groups(id) ON DELETE CASCADE, + implied_group_id UUID NOT NULL REFERENCES auth.groups(id) ON DELETE CASCADE, + + PRIMARY KEY (group_id, implied_group_id), + CONSTRAINT chk_group_no_self_imply CHECK (group_id != implied_group_id) +); + +-- Tabla: user_groups (Many-to-Many usuarios-grupos) +CREATE TABLE auth.user_groups ( + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + group_id UUID NOT NULL REFERENCES auth.groups(id) ON DELETE CASCADE, + assigned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + assigned_by UUID REFERENCES auth.users(id), + + PRIMARY KEY (user_id, group_id) +); + +-- Índices para groups +CREATE INDEX idx_groups_tenant_id ON auth.groups(tenant_id); +CREATE INDEX idx_groups_code ON auth.groups(code); +CREATE INDEX idx_groups_category ON auth.groups(category); +CREATE INDEX idx_groups_is_system ON auth.groups(is_system); + +-- Índices para user_groups +CREATE INDEX idx_user_groups_user_id ON auth.user_groups(user_id); +CREATE INDEX idx_user_groups_group_id ON auth.user_groups(group_id); + +-- ===================================================== +-- PARTE 2: MODELS Y ACL (Access Control Lists) +-- ===================================================== + +-- Tabla: models (Definición de modelos del sistema) +CREATE TABLE auth.models ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + name VARCHAR(128) NOT NULL, -- Nombre técnico (ej: 'sale.order') + description VARCHAR(255), -- Descripción legible + module VARCHAR(64), -- Módulo al que pertenece + is_transient BOOLEAN NOT NULL DEFAULT FALSE, -- Modelo temporal + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + CONSTRAINT uq_models_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: model_access (Permisos CRUD por modelo y grupo) +CREATE TABLE auth.model_access ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + name VARCHAR(255) NOT NULL, -- Identificador legible + + model_id UUID NOT NULL REFERENCES auth.models(id) ON DELETE CASCADE, + group_id UUID REFERENCES auth.groups(id) ON DELETE RESTRICT, -- NULL = global + + -- Permisos CRUD + perm_read BOOLEAN NOT NULL DEFAULT FALSE, + perm_create BOOLEAN NOT NULL DEFAULT FALSE, + perm_write BOOLEAN NOT NULL DEFAULT FALSE, + perm_delete BOOLEAN NOT NULL DEFAULT FALSE, + + is_active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + -- Un grupo solo puede tener un registro por modelo + CONSTRAINT uq_model_access_model_group UNIQUE (model_id, group_id, tenant_id) +); + +-- Índices para models +CREATE INDEX idx_models_name ON auth.models(name); +CREATE INDEX idx_models_tenant ON auth.models(tenant_id); +CREATE INDEX idx_models_module ON auth.models(module); + +-- Índices para model_access +CREATE INDEX idx_model_access_model ON auth.model_access(model_id); +CREATE INDEX idx_model_access_group ON auth.model_access(group_id); +CREATE INDEX idx_model_access_active ON auth.model_access(is_active) WHERE is_active = TRUE; + +-- ===================================================== +-- PARTE 3: RECORD RULES (Row-Level Security) +-- ===================================================== + +-- Tabla: record_rules (Reglas de acceso a nivel de registro) +CREATE TABLE auth.record_rules ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + name VARCHAR(255) NOT NULL, + + model_id UUID NOT NULL REFERENCES auth.models(id) ON DELETE CASCADE, + + -- Dominio como expresión JSON + domain_expression JSONB NOT NULL, -- [["company_id", "in", "user.company_ids"]] + + -- Permisos afectados + perm_read BOOLEAN NOT NULL DEFAULT TRUE, + perm_create BOOLEAN NOT NULL DEFAULT TRUE, + perm_write BOOLEAN NOT NULL DEFAULT TRUE, + perm_delete BOOLEAN NOT NULL DEFAULT TRUE, + + -- Regla global (sin grupos = aplica a todos) + is_global BOOLEAN NOT NULL DEFAULT FALSE, + + is_active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP +); + +-- Tabla: rule_groups (Relación M:N entre rules y groups) +CREATE TABLE auth.rule_groups ( + rule_id UUID NOT NULL REFERENCES auth.record_rules(id) ON DELETE CASCADE, + group_id UUID NOT NULL REFERENCES auth.groups(id) ON DELETE CASCADE, + + PRIMARY KEY (rule_id, group_id) +); + +-- Índices para record_rules +CREATE INDEX idx_record_rules_model ON auth.record_rules(model_id); +CREATE INDEX idx_record_rules_global ON auth.record_rules(is_global) WHERE is_global = TRUE; +CREATE INDEX idx_record_rules_active ON auth.record_rules(is_active) WHERE is_active = TRUE; + +-- Índices para rule_groups +CREATE INDEX idx_rule_groups_rule ON auth.rule_groups(rule_id); +CREATE INDEX idx_rule_groups_group ON auth.rule_groups(group_id); + +-- ===================================================== +-- PARTE 4: FIELD PERMISSIONS +-- ===================================================== + +-- Tabla: model_fields (Campos del modelo con metadatos de seguridad) +CREATE TABLE auth.model_fields ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + model_id UUID NOT NULL REFERENCES auth.models(id) ON DELETE CASCADE, + + name VARCHAR(128) NOT NULL, -- Nombre técnico del campo + field_type VARCHAR(64) NOT NULL, -- Tipo: char, int, many2one, etc. + description VARCHAR(255), -- Etiqueta legible + + -- Seguridad por defecto + is_readonly BOOLEAN NOT NULL DEFAULT FALSE, + is_required BOOLEAN NOT NULL DEFAULT FALSE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_model_field UNIQUE (model_id, name, tenant_id) +); + +-- Tabla: field_permissions (Permisos de campo por grupo) +CREATE TABLE auth.field_permissions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + field_id UUID NOT NULL REFERENCES auth.model_fields(id) ON DELETE CASCADE, + group_id UUID NOT NULL REFERENCES auth.groups(id) ON DELETE CASCADE, + + -- Permisos + can_read BOOLEAN NOT NULL DEFAULT TRUE, + can_write BOOLEAN NOT NULL DEFAULT FALSE, + + CONSTRAINT uq_field_permission UNIQUE (field_id, group_id, tenant_id) +); + +-- Índices para model_fields +CREATE INDEX idx_model_fields_model ON auth.model_fields(model_id); +CREATE INDEX idx_model_fields_name ON auth.model_fields(name); + +-- Índices para field_permissions +CREATE INDEX idx_field_permissions_field ON auth.field_permissions(field_id); +CREATE INDEX idx_field_permissions_group ON auth.field_permissions(group_id); + +-- ===================================================== +-- PARTE 5: API KEYS +-- ===================================================== + +-- Tabla: api_keys (Autenticación para integraciones) +CREATE TABLE auth.api_keys ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Descripción + name VARCHAR(255) NOT NULL, -- Descripción del propósito + + -- Seguridad + key_index VARCHAR(16) NOT NULL, -- Primeros 8 bytes del key (para lookup rápido) + key_hash VARCHAR(255) NOT NULL, -- Hash PBKDF2-SHA512 del key completo + + -- Scope y restricciones + scope VARCHAR(100), -- NULL = acceso completo, 'rpc' = solo API + allowed_ips INET[], -- IPs permitidas (opcional) + + -- Expiración + expiration_date TIMESTAMPTZ, -- NULL = sin expiración (solo system users) + last_used_at TIMESTAMPTZ, -- Último uso + + -- Estado + is_active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + revoked_at TIMESTAMPTZ, + revoked_by UUID REFERENCES auth.users(id), + + -- Constraints + CONSTRAINT chk_key_index_length CHECK (LENGTH(key_index) = 16) +); + +-- Índices para API Keys +CREATE INDEX idx_api_keys_lookup ON auth.api_keys (key_index, is_active) + WHERE is_active = TRUE; +CREATE INDEX idx_api_keys_expiration ON auth.api_keys (expiration_date) + WHERE expiration_date IS NOT NULL; +CREATE INDEX idx_api_keys_user ON auth.api_keys (user_id); +CREATE INDEX idx_api_keys_tenant ON auth.api_keys (tenant_id); + +-- ===================================================== +-- PARTE 6: TWO-FACTOR AUTHENTICATION (2FA) +-- ===================================================== + +-- Extensión de users para MFA +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + mfa_enabled BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + mfa_method VARCHAR(16) DEFAULT 'none' + CHECK (mfa_method IN ('none', 'totp', 'sms', 'email')); + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + mfa_secret BYTEA; -- Secreto TOTP encriptado con AES-256-GCM + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + backup_codes JSONB DEFAULT '[]'; -- Códigos de respaldo (array de hashes SHA-256) + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + backup_codes_count INTEGER NOT NULL DEFAULT 0; + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + mfa_setup_at TIMESTAMPTZ; + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + last_2fa_verification TIMESTAMPTZ; + +-- Constraint de consistencia MFA +ALTER TABLE auth.users ADD CONSTRAINT chk_mfa_consistency CHECK ( + (mfa_enabled = TRUE AND mfa_secret IS NOT NULL AND mfa_method != 'none') OR + (mfa_enabled = FALSE) +); + +-- Índice para usuarios con MFA +CREATE INDEX idx_users_mfa_enabled ON auth.users(mfa_enabled) WHERE mfa_enabled = TRUE; + +-- Tabla: trusted_devices (Dispositivos de confianza) +CREATE TABLE auth.trusted_devices ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Relación con usuario + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + + -- Identificación del dispositivo + device_fingerprint VARCHAR(128) NOT NULL, + device_name VARCHAR(128), -- "iPhone de Juan", "Chrome en MacBook" + device_type VARCHAR(32), -- 'mobile', 'desktop', 'tablet' + + -- Información del dispositivo + user_agent TEXT, + browser_name VARCHAR(64), + browser_version VARCHAR(32), + os_name VARCHAR(64), + os_version VARCHAR(32), + + -- Ubicación del registro + registered_ip INET NOT NULL, + registered_location JSONB, -- {country, city, lat, lng} + + -- Estado de confianza + is_active BOOLEAN NOT NULL DEFAULT TRUE, + trust_level VARCHAR(16) NOT NULL DEFAULT 'standard' + CHECK (trust_level IN ('standard', 'high', 'temporary')), + trust_expires_at TIMESTAMPTZ, -- NULL = no expira + + -- Uso + last_used_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + last_used_ip INET, + use_count INTEGER NOT NULL DEFAULT 1, + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + revoked_at TIMESTAMPTZ, + revoked_reason VARCHAR(128), + + -- Constraints + CONSTRAINT uk_trusted_device_user_fingerprint UNIQUE (user_id, device_fingerprint) +); + +-- Índices para trusted_devices +CREATE INDEX idx_trusted_devices_user ON auth.trusted_devices(user_id) WHERE is_active; +CREATE INDEX idx_trusted_devices_fingerprint ON auth.trusted_devices(device_fingerprint); +CREATE INDEX idx_trusted_devices_expires ON auth.trusted_devices(trust_expires_at) + WHERE trust_expires_at IS NOT NULL AND is_active; + +-- Tabla: verification_codes (Códigos de verificación temporales) +CREATE TABLE auth.verification_codes ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Relaciones + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + session_id UUID REFERENCES auth.sessions(id) ON DELETE CASCADE, + + -- Tipo de código + code_type VARCHAR(16) NOT NULL + CHECK (code_type IN ('totp_setup', 'sms', 'email', 'backup')), + + -- Código (hash SHA-256) + code_hash VARCHAR(64) NOT NULL, + code_length INTEGER NOT NULL DEFAULT 6, + + -- Destino (para SMS/Email) + destination VARCHAR(256), -- Teléfono o email + + -- Intentos + attempts INTEGER NOT NULL DEFAULT 0, + max_attempts INTEGER NOT NULL DEFAULT 5, + + -- Validez + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + expires_at TIMESTAMPTZ NOT NULL, + used_at TIMESTAMPTZ, + + -- Metadata + ip_address INET, + user_agent TEXT, + + -- Constraint + CONSTRAINT chk_code_not_expired CHECK (used_at IS NULL OR used_at <= expires_at) +); + +-- Índices para verification_codes +CREATE INDEX idx_verification_codes_user ON auth.verification_codes(user_id, code_type) + WHERE used_at IS NULL; +CREATE INDEX idx_verification_codes_expires ON auth.verification_codes(expires_at) + WHERE used_at IS NULL; + +-- Tabla: mfa_audit_log (Log de auditoría MFA) +CREATE TABLE auth.mfa_audit_log ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Usuario + user_id UUID NOT NULL REFERENCES auth.users(id), + + -- Evento + event_type VARCHAR(32) NOT NULL + CHECK (event_type IN ( + 'mfa_setup_initiated', + 'mfa_setup_completed', + 'mfa_disabled', + 'totp_verified', + 'totp_failed', + 'backup_code_used', + 'backup_codes_regenerated', + 'device_trusted', + 'device_revoked', + 'anomaly_detected', + 'account_locked', + 'account_unlocked' + )), + + -- Resultado + success BOOLEAN NOT NULL, + failure_reason VARCHAR(128), + + -- Contexto + ip_address INET, + user_agent TEXT, + device_fingerprint VARCHAR(128), + location JSONB, + + -- Metadata adicional + metadata JSONB DEFAULT '{}', + + -- Timestamp + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() +); + +-- Índices para mfa_audit_log +CREATE INDEX idx_mfa_audit_user ON auth.mfa_audit_log(user_id, created_at DESC); +CREATE INDEX idx_mfa_audit_event ON auth.mfa_audit_log(event_type, created_at DESC); +CREATE INDEX idx_mfa_audit_failures ON auth.mfa_audit_log(user_id, created_at DESC) + WHERE success = FALSE; + +-- ===================================================== +-- PARTE 7: OAUTH2 PROVIDERS +-- ===================================================== + +-- Tabla: oauth_providers (Proveedores OAuth2) +CREATE TABLE auth.oauth_providers ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID REFERENCES auth.tenants(id) ON DELETE CASCADE, -- NULL = global + + code VARCHAR(50) NOT NULL, + name VARCHAR(100) NOT NULL, + + -- Configuración OAuth2 + client_id VARCHAR(255) NOT NULL, + client_secret VARCHAR(500), -- Encriptado con AES-256 + + -- Endpoints OAuth2 + authorization_endpoint VARCHAR(500) NOT NULL, + token_endpoint VARCHAR(500) NOT NULL, + userinfo_endpoint VARCHAR(500) NOT NULL, + jwks_uri VARCHAR(500), -- Para validación de ID tokens + + -- Scopes y parámetros + scope VARCHAR(500) NOT NULL DEFAULT 'openid profile email', + response_type VARCHAR(50) NOT NULL DEFAULT 'code', + + -- PKCE Configuration + pkce_enabled BOOLEAN NOT NULL DEFAULT TRUE, + code_challenge_method VARCHAR(10) DEFAULT 'S256', + + -- Mapeo de claims + claim_mapping JSONB NOT NULL DEFAULT '{ + "sub": "oauth_uid", + "email": "email", + "name": "name", + "picture": "avatar_url" + }'::jsonb, + + -- UI + icon_class VARCHAR(100), -- fa-google, fa-microsoft, etc. + button_text VARCHAR(100), + button_color VARCHAR(20), + display_order INTEGER NOT NULL DEFAULT 10, + + -- Estado + is_enabled BOOLEAN NOT NULL DEFAULT FALSE, + is_visible BOOLEAN NOT NULL DEFAULT TRUE, + + -- Restricciones + allowed_domains TEXT[], -- NULL = todos permitidos + auto_create_users BOOLEAN NOT NULL DEFAULT FALSE, + default_role_id UUID REFERENCES auth.roles(id), + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + -- Constraints + CONSTRAINT uq_oauth_provider_code UNIQUE (code), + CONSTRAINT chk_response_type CHECK (response_type IN ('code', 'token')), + CONSTRAINT chk_pkce_method CHECK (code_challenge_method IN ('S256', 'plain')) +); + +-- Índices para oauth_providers +CREATE INDEX idx_oauth_providers_enabled ON auth.oauth_providers(is_enabled); +CREATE INDEX idx_oauth_providers_tenant ON auth.oauth_providers(tenant_id); +CREATE INDEX idx_oauth_providers_code ON auth.oauth_providers(code); + +-- Tabla: oauth_user_links (Vinculación usuario-proveedor) +CREATE TABLE auth.oauth_user_links ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + provider_id UUID NOT NULL REFERENCES auth.oauth_providers(id) ON DELETE CASCADE, + + -- Identificación OAuth + oauth_uid VARCHAR(255) NOT NULL, -- Subject ID del proveedor + oauth_email VARCHAR(255), + + -- Tokens (encriptados) + access_token TEXT, + refresh_token TEXT, + id_token TEXT, + token_expires_at TIMESTAMPTZ, + + -- Metadata + raw_userinfo JSONB, -- Datos completos del proveedor + last_login_at TIMESTAMPTZ, + login_count INTEGER NOT NULL DEFAULT 0, + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + + -- Constraints + CONSTRAINT uq_provider_oauth_uid UNIQUE (provider_id, oauth_uid), + CONSTRAINT uq_user_provider UNIQUE (user_id, provider_id) +); + +-- Índices para oauth_user_links +CREATE INDEX idx_oauth_links_user ON auth.oauth_user_links(user_id); +CREATE INDEX idx_oauth_links_provider ON auth.oauth_user_links(provider_id); +CREATE INDEX idx_oauth_links_oauth_uid ON auth.oauth_user_links(oauth_uid); + +-- Tabla: oauth_states (Estados OAuth2 temporales para CSRF) +CREATE TABLE auth.oauth_states ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + state VARCHAR(64) NOT NULL UNIQUE, + + -- PKCE + code_verifier VARCHAR(128), + + -- Contexto + provider_id UUID NOT NULL REFERENCES auth.oauth_providers(id), + redirect_uri VARCHAR(500) NOT NULL, + return_url VARCHAR(500), + + -- Vinculación con usuario existente (para linking) + link_user_id UUID REFERENCES auth.users(id), + + -- Metadata + ip_address INET, + user_agent TEXT, + + -- Tiempo de vida + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + expires_at TIMESTAMPTZ NOT NULL DEFAULT (CURRENT_TIMESTAMP + INTERVAL '10 minutes'), + used_at TIMESTAMPTZ, + + -- Constraints + CONSTRAINT chk_state_not_expired CHECK (expires_at > created_at) +); + +-- Índices para oauth_states +CREATE INDEX idx_oauth_states_state ON auth.oauth_states(state); +CREATE INDEX idx_oauth_states_expires ON auth.oauth_states(expires_at); + +-- Extensión de users para OAuth +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + oauth_only BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE auth.users ADD COLUMN IF NOT EXISTS + primary_oauth_provider_id UUID REFERENCES auth.oauth_providers(id); + +-- ===================================================== +-- PARTE 8: FUNCIONES DE UTILIDAD +-- ===================================================== + +-- Función: Obtener grupos efectivos de un usuario (incluyendo herencia) +CREATE OR REPLACE FUNCTION auth.get_user_effective_groups(p_user_id UUID) +RETURNS TABLE(group_id UUID) AS $$ +WITH RECURSIVE effective_groups AS ( + -- Grupos asignados directamente + SELECT ug.group_id + FROM auth.user_groups ug + WHERE ug.user_id = p_user_id + + UNION + + -- Grupos heredados + SELECT gi.implied_group_id + FROM auth.group_implied gi + JOIN effective_groups eg ON gi.group_id = eg.group_id +) +SELECT DISTINCT group_id FROM effective_groups; +$$ LANGUAGE SQL STABLE; + +COMMENT ON FUNCTION auth.get_user_effective_groups IS 'Obtiene todos los grupos de un usuario incluyendo herencia'; + +-- Función: Verificar permiso ACL +CREATE OR REPLACE FUNCTION auth.check_model_access( + p_user_id UUID, + p_model_name VARCHAR, + p_mode VARCHAR -- 'read', 'create', 'write', 'delete' +) +RETURNS BOOLEAN AS $$ +DECLARE + v_has_access BOOLEAN; +BEGIN + -- Superusers tienen todos los permisos + IF EXISTS ( + SELECT 1 FROM auth.users + WHERE id = p_user_id AND is_superuser = TRUE AND deleted_at IS NULL + ) THEN + RETURN TRUE; + END IF; + + -- Verificar ACL + SELECT EXISTS ( + SELECT 1 + FROM auth.model_access ma + JOIN auth.models m ON ma.model_id = m.id + WHERE m.name = p_model_name + AND ma.is_active = TRUE + AND ( + ma.group_id IS NULL -- Permiso global + OR ma.group_id IN (SELECT auth.get_user_effective_groups(p_user_id)) + ) + AND CASE p_mode + WHEN 'read' THEN ma.perm_read + WHEN 'create' THEN ma.perm_create + WHEN 'write' THEN ma.perm_write + WHEN 'delete' THEN ma.perm_delete + ELSE FALSE + END + ) INTO v_has_access; + + RETURN COALESCE(v_has_access, FALSE); +END; +$$ LANGUAGE plpgsql STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION auth.check_model_access IS 'Verifica si un usuario tiene permiso CRUD en un modelo'; + +-- Función: Limpiar estados OAuth expirados +CREATE OR REPLACE FUNCTION auth.cleanup_expired_oauth_states() +RETURNS INTEGER AS $$ +DECLARE + v_deleted INTEGER; +BEGIN + WITH deleted AS ( + DELETE FROM auth.oauth_states + WHERE expires_at < CURRENT_TIMESTAMP + OR used_at IS NOT NULL + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted FROM deleted; + + RETURN v_deleted; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION auth.cleanup_expired_oauth_states IS 'Limpia estados OAuth expirados (ejecutar periódicamente)'; + +-- Función: Limpiar códigos de verificación expirados +CREATE OR REPLACE FUNCTION auth.cleanup_expired_verification_codes() +RETURNS INTEGER AS $$ +DECLARE + v_deleted INTEGER; +BEGIN + WITH deleted AS ( + DELETE FROM auth.verification_codes + WHERE expires_at < NOW() - INTERVAL '1 day' + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted FROM deleted; + + RETURN v_deleted; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION auth.cleanup_expired_verification_codes IS 'Limpia códigos de verificación expirados'; + +-- Función: Limpiar dispositivos de confianza expirados +CREATE OR REPLACE FUNCTION auth.cleanup_expired_trusted_devices() +RETURNS INTEGER AS $$ +DECLARE + v_deleted INTEGER; +BEGIN + WITH updated AS ( + UPDATE auth.trusted_devices + SET is_active = FALSE, + revoked_at = NOW(), + revoked_reason = 'expired' + WHERE trust_expires_at < NOW() - INTERVAL '7 days' + AND trust_expires_at IS NOT NULL + AND is_active = TRUE + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted FROM updated; + + RETURN v_deleted; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION auth.cleanup_expired_trusted_devices IS 'Desactiva dispositivos de confianza expirados'; + +-- Función: Limpiar API keys expiradas +CREATE OR REPLACE FUNCTION auth.cleanup_expired_api_keys() +RETURNS INTEGER AS $$ +DECLARE + v_deleted INTEGER; +BEGIN + WITH deleted AS ( + DELETE FROM auth.api_keys + WHERE expiration_date IS NOT NULL + AND expiration_date < NOW() + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted FROM deleted; + + RETURN v_deleted; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION auth.cleanup_expired_api_keys IS 'Limpia API keys expiradas'; + +-- ===================================================== +-- PARTE 9: TRIGGERS +-- ===================================================== + +-- Trigger: Actualizar updated_at para grupos +CREATE TRIGGER trg_groups_updated_at + BEFORE UPDATE ON auth.groups + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar updated_at para oauth_providers +CREATE TRIGGER trg_oauth_providers_updated_at + BEFORE UPDATE ON auth.oauth_providers + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar updated_at para oauth_user_links +CREATE OR REPLACE FUNCTION auth.update_oauth_link_updated_at() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = CURRENT_TIMESTAMP; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_oauth_user_links_updated_at + BEFORE UPDATE ON auth.oauth_user_links + FOR EACH ROW + EXECUTE FUNCTION auth.update_oauth_link_updated_at(); + +-- ===================================================== +-- PARTE 10: VISTAS +-- ===================================================== + +-- Vista: Usuarios con sus proveedores OAuth vinculados +CREATE OR REPLACE VIEW auth.users_oauth_summary AS +SELECT + u.id, + u.email, + u.full_name, + u.oauth_only, + COUNT(ol.id) as linked_providers_count, + ARRAY_AGG(op.name) FILTER (WHERE op.id IS NOT NULL) as linked_provider_names, + MAX(ol.last_login_at) as last_oauth_login +FROM auth.users u +LEFT JOIN auth.oauth_user_links ol ON ol.user_id = u.id +LEFT JOIN auth.oauth_providers op ON op.id = ol.provider_id +WHERE u.deleted_at IS NULL +GROUP BY u.id; + +COMMENT ON VIEW auth.users_oauth_summary IS 'Vista de usuarios con sus proveedores OAuth vinculados'; + +-- Vista: Permisos efectivos por usuario y modelo +CREATE OR REPLACE VIEW auth.user_model_access_view AS +SELECT DISTINCT + u.id as user_id, + u.email, + m.name as model_name, + BOOL_OR(ma.perm_read) as can_read, + BOOL_OR(ma.perm_create) as can_create, + BOOL_OR(ma.perm_write) as can_write, + BOOL_OR(ma.perm_delete) as can_delete +FROM auth.users u +CROSS JOIN auth.models m +LEFT JOIN auth.user_groups ug ON ug.user_id = u.id +LEFT JOIN auth.model_access ma ON ma.model_id = m.id + AND (ma.group_id IS NULL OR ma.group_id = ug.group_id) + AND ma.is_active = TRUE +WHERE u.deleted_at IS NULL +GROUP BY u.id, u.email, m.name; + +COMMENT ON VIEW auth.user_model_access_view IS 'Vista de permisos ACL efectivos por usuario y modelo'; + +-- ===================================================== +-- PARTE 11: DATOS INICIALES +-- ===================================================== + +-- Proveedores OAuth2 preconfigurados (template) +-- NOTA: Solo se insertan como template, requieren client_id y client_secret +INSERT INTO auth.oauth_providers ( + code, name, + authorization_endpoint, token_endpoint, userinfo_endpoint, jwks_uri, + scope, icon_class, button_text, button_color, + claim_mapping, display_order, is_enabled, client_id +) VALUES +-- Google +( + 'google', 'Google', + 'https://accounts.google.com/o/oauth2/v2/auth', + 'https://oauth2.googleapis.com/token', + 'https://openidconnect.googleapis.com/v1/userinfo', + 'https://www.googleapis.com/oauth2/v3/certs', + 'openid profile email', + 'fa-google', 'Continuar con Google', '#4285F4', + '{"sub": "oauth_uid", "email": "email", "name": "name", "picture": "avatar_url"}', + 1, FALSE, 'CONFIGURE_ME' +), +-- Microsoft Azure AD +( + 'microsoft', 'Microsoft', + 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', + 'https://login.microsoftonline.com/common/oauth2/v2.0/token', + 'https://graph.microsoft.com/v1.0/me', + 'https://login.microsoftonline.com/common/discovery/v2.0/keys', + 'openid profile email User.Read', + 'fa-microsoft', 'Continuar con Microsoft', '#00A4EF', + '{"id": "oauth_uid", "mail": "email", "displayName": "name"}', + 2, FALSE, 'CONFIGURE_ME' +), +-- GitHub +( + 'github', 'GitHub', + 'https://github.com/login/oauth/authorize', + 'https://github.com/login/oauth/access_token', + 'https://api.github.com/user', + NULL, + 'read:user user:email', + 'fa-github', 'Continuar con GitHub', '#333333', + '{"id": "oauth_uid", "email": "email", "name": "name", "avatar_url": "avatar_url"}', + 3, FALSE, 'CONFIGURE_ME' +) +ON CONFLICT (code) DO NOTHING; + +-- ===================================================== +-- COMENTARIOS EN TABLAS +-- ===================================================== + +COMMENT ON TABLE auth.groups IS 'Grupos de usuarios con herencia para control de acceso'; +COMMENT ON TABLE auth.group_implied IS 'Herencia entre grupos (A implica B)'; +COMMENT ON TABLE auth.user_groups IS 'Asignación de usuarios a grupos (many-to-many)'; +COMMENT ON TABLE auth.models IS 'Definición de modelos del sistema para ACL'; +COMMENT ON TABLE auth.model_access IS 'Permisos CRUD a nivel de modelo por grupo (ACL)'; +COMMENT ON TABLE auth.record_rules IS 'Reglas de acceso a nivel de registro (row-level security)'; +COMMENT ON TABLE auth.rule_groups IS 'Relación entre record rules y grupos'; +COMMENT ON TABLE auth.model_fields IS 'Campos de modelo con metadatos de seguridad'; +COMMENT ON TABLE auth.field_permissions IS 'Permisos de lectura/escritura por campo y grupo'; +COMMENT ON TABLE auth.api_keys IS 'API Keys para autenticación de integraciones externas'; +COMMENT ON TABLE auth.trusted_devices IS 'Dispositivos de confianza para bypass de 2FA'; +COMMENT ON TABLE auth.verification_codes IS 'Códigos de verificación temporales para 2FA'; +COMMENT ON TABLE auth.mfa_audit_log IS 'Log de auditoría de eventos MFA'; +COMMENT ON TABLE auth.oauth_providers IS 'Proveedores OAuth2 configurados'; +COMMENT ON TABLE auth.oauth_user_links IS 'Vinculación de usuarios con proveedores OAuth'; +COMMENT ON TABLE auth.oauth_states IS 'Estados OAuth2 temporales para protección CSRF'; + +COMMENT ON COLUMN auth.api_keys.key_index IS 'Primeros 16 hex chars del key para lookup O(1)'; +COMMENT ON COLUMN auth.api_keys.key_hash IS 'Hash PBKDF2-SHA512 del key completo'; +COMMENT ON COLUMN auth.api_keys.scope IS 'Scope del API key (NULL=full, rpc=API only)'; +COMMENT ON COLUMN auth.groups.api_key_max_duration_days IS 'Máxima duración en días para API keys de usuarios de este grupo (0=ilimitado)'; + +-- ===================================================== +-- FIN DE EXTENSIONES AUTH +-- ===================================================== diff --git a/database/ddl/01-auth.sql b/database/ddl/01-auth.sql new file mode 100644 index 0000000..afa85b1 --- /dev/null +++ b/database/ddl/01-auth.sql @@ -0,0 +1,620 @@ +-- ===================================================== +-- SCHEMA: auth +-- PROPÓSITO: Autenticación, usuarios, roles, permisos +-- MÓDULOS: MGN-001 (Fundamentos), MGN-002 (Empresas) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS auth; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE auth.user_status AS ENUM ( + 'active', + 'inactive', + 'suspended', + 'pending_verification' +); + +CREATE TYPE auth.tenant_status AS ENUM ( + 'active', + 'suspended', + 'trial', + 'cancelled' +); + +CREATE TYPE auth.session_status AS ENUM ( + 'active', + 'expired', + 'revoked' +); + +CREATE TYPE auth.permission_action AS ENUM ( + 'create', + 'read', + 'update', + 'delete', + 'approve', + 'cancel', + 'export' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: tenants (Multi-Tenancy) +CREATE TABLE auth.tenants ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(255) NOT NULL, + subdomain VARCHAR(100) UNIQUE NOT NULL, + schema_name VARCHAR(100) UNIQUE NOT NULL, + status auth.tenant_status NOT NULL DEFAULT 'active', + settings JSONB DEFAULT '{}', + plan VARCHAR(50) DEFAULT 'basic', -- basic, pro, enterprise + max_users INTEGER DEFAULT 10, + + -- Auditoría (tenant no tiene tenant_id) + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, -- Puede ser NULL para primer tenant + updated_at TIMESTAMP, + updated_by UUID, + deleted_at TIMESTAMP, + deleted_by UUID, + + CONSTRAINT chk_tenants_subdomain_format CHECK (subdomain ~ '^[a-z0-9-]+$'), + CONSTRAINT chk_tenants_max_users CHECK (max_users > 0) +); + +-- Tabla: companies (Multi-Company dentro de tenant) +CREATE TABLE auth.companies ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + name VARCHAR(255) NOT NULL, + legal_name VARCHAR(255), + tax_id VARCHAR(50), + currency_id UUID, -- FK a core.currencies (se crea después) + parent_company_id UUID REFERENCES auth.companies(id), + partner_id UUID, -- FK a core.partners (se crea después) + settings JSONB DEFAULT '{}', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + updated_by UUID, + deleted_at TIMESTAMP, + deleted_by UUID, + + CONSTRAINT uq_companies_tax_id_tenant UNIQUE (tenant_id, tax_id), + CONSTRAINT chk_companies_no_self_parent CHECK (id != parent_company_id) +); + +-- Tabla: users +CREATE TABLE auth.users ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + email VARCHAR(255) NOT NULL, + password_hash VARCHAR(255) NOT NULL, + full_name VARCHAR(255) NOT NULL, + avatar_url VARCHAR(500), + status auth.user_status NOT NULL DEFAULT 'active', + is_superuser BOOLEAN NOT NULL DEFAULT FALSE, + email_verified_at TIMESTAMP, + last_login_at TIMESTAMP, + last_login_ip INET, + login_count INTEGER DEFAULT 0, + language VARCHAR(10) DEFAULT 'es', -- es, en + timezone VARCHAR(50) DEFAULT 'America/Mexico_City', + settings JSONB DEFAULT '{}', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + updated_by UUID, + deleted_at TIMESTAMP, + deleted_by UUID, + + CONSTRAINT uq_users_email_tenant UNIQUE (tenant_id, email), + CONSTRAINT chk_users_email_format CHECK (email ~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}$') +); + +-- Tabla: roles +CREATE TABLE auth.roles ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + name VARCHAR(100) NOT NULL, + code VARCHAR(50) NOT NULL, + description TEXT, + is_system BOOLEAN NOT NULL DEFAULT FALSE, -- Roles del sistema no editables + color VARCHAR(20), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_roles_code_tenant UNIQUE (tenant_id, code) +); + +-- Tabla: permissions +CREATE TABLE auth.permissions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + resource VARCHAR(100) NOT NULL, -- Tabla/endpoint + action auth.permission_action NOT NULL, + description TEXT, + module VARCHAR(50), -- MGN-001, MGN-004, etc. + + -- Sin tenant_id: permisos son globales + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_permissions_resource_action UNIQUE (resource, action) +); + +-- Tabla: user_roles (many-to-many) +CREATE TABLE auth.user_roles ( + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + role_id UUID NOT NULL REFERENCES auth.roles(id) ON DELETE CASCADE, + assigned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + assigned_by UUID REFERENCES auth.users(id), + + PRIMARY KEY (user_id, role_id) +); + +-- Tabla: role_permissions (many-to-many) +CREATE TABLE auth.role_permissions ( + role_id UUID NOT NULL REFERENCES auth.roles(id) ON DELETE CASCADE, + permission_id UUID NOT NULL REFERENCES auth.permissions(id) ON DELETE CASCADE, + granted_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + granted_by UUID REFERENCES auth.users(id), + + PRIMARY KEY (role_id, permission_id) +); + +-- Tabla: sessions +CREATE TABLE auth.sessions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + token VARCHAR(500) NOT NULL UNIQUE, + refresh_token VARCHAR(500) UNIQUE, + status auth.session_status NOT NULL DEFAULT 'active', + expires_at TIMESTAMP NOT NULL, + refresh_expires_at TIMESTAMP, + ip_address INET, + user_agent TEXT, + device_info JSONB, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + revoked_at TIMESTAMP, + revoked_reason VARCHAR(100), + + CONSTRAINT chk_sessions_expiration CHECK (expires_at > created_at), + CONSTRAINT chk_sessions_refresh_expiration CHECK ( + refresh_expires_at IS NULL OR refresh_expires_at > expires_at + ) +); + +-- Tabla: user_companies (many-to-many) +-- Usuario puede acceder a múltiples empresas +CREATE TABLE auth.user_companies ( + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + is_default BOOLEAN DEFAULT FALSE, + assigned_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (user_id, company_id) +); + +-- Tabla: password_resets +CREATE TABLE auth.password_resets ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + token VARCHAR(500) NOT NULL UNIQUE, + expires_at TIMESTAMP NOT NULL, + used_at TIMESTAMP, + ip_address INET, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_password_resets_expiration CHECK (expires_at > created_at) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Tenants +CREATE INDEX idx_tenants_subdomain ON auth.tenants(subdomain); +CREATE INDEX idx_tenants_status ON auth.tenants(status) WHERE deleted_at IS NULL; +CREATE INDEX idx_tenants_created_at ON auth.tenants(created_at); + +-- Companies +CREATE INDEX idx_companies_tenant_id ON auth.companies(tenant_id); +CREATE INDEX idx_companies_parent_company_id ON auth.companies(parent_company_id); +CREATE INDEX idx_companies_active ON auth.companies(tenant_id) WHERE deleted_at IS NULL; +CREATE INDEX idx_companies_tax_id ON auth.companies(tax_id); + +-- Users +CREATE INDEX idx_users_tenant_id ON auth.users(tenant_id); +CREATE INDEX idx_users_email ON auth.users(email); +CREATE INDEX idx_users_status ON auth.users(status) WHERE deleted_at IS NULL; +CREATE INDEX idx_users_email_tenant ON auth.users(tenant_id, email); +CREATE INDEX idx_users_created_at ON auth.users(created_at); + +-- Roles +CREATE INDEX idx_roles_tenant_id ON auth.roles(tenant_id); +CREATE INDEX idx_roles_code ON auth.roles(code); +CREATE INDEX idx_roles_is_system ON auth.roles(is_system); + +-- Permissions +CREATE INDEX idx_permissions_resource ON auth.permissions(resource); +CREATE INDEX idx_permissions_action ON auth.permissions(action); +CREATE INDEX idx_permissions_module ON auth.permissions(module); + +-- Sessions +CREATE INDEX idx_sessions_user_id ON auth.sessions(user_id); +CREATE INDEX idx_sessions_token ON auth.sessions(token); +CREATE INDEX idx_sessions_status ON auth.sessions(status); +CREATE INDEX idx_sessions_expires_at ON auth.sessions(expires_at); + +-- User Roles +CREATE INDEX idx_user_roles_user_id ON auth.user_roles(user_id); +CREATE INDEX idx_user_roles_role_id ON auth.user_roles(role_id); + +-- Role Permissions +CREATE INDEX idx_role_permissions_role_id ON auth.role_permissions(role_id); +CREATE INDEX idx_role_permissions_permission_id ON auth.role_permissions(permission_id); + +-- User Companies +CREATE INDEX idx_user_companies_user_id ON auth.user_companies(user_id); +CREATE INDEX idx_user_companies_company_id ON auth.user_companies(company_id); + +-- Password Resets +CREATE INDEX idx_password_resets_user_id ON auth.password_resets(user_id); +CREATE INDEX idx_password_resets_token ON auth.password_resets(token); +CREATE INDEX idx_password_resets_expires_at ON auth.password_resets(expires_at); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: get_current_tenant_id +CREATE OR REPLACE FUNCTION get_current_tenant_id() +RETURNS UUID AS $$ +BEGIN + RETURN current_setting('app.current_tenant_id', true)::UUID; +EXCEPTION + WHEN OTHERS THEN + RETURN NULL; +END; +$$ LANGUAGE plpgsql STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION get_current_tenant_id() IS 'Obtiene el tenant_id del contexto actual'; + +-- Función: get_current_user_id +CREATE OR REPLACE FUNCTION get_current_user_id() +RETURNS UUID AS $$ +BEGIN + RETURN current_setting('app.current_user_id', true)::UUID; +EXCEPTION + WHEN OTHERS THEN + RETURN NULL; +END; +$$ LANGUAGE plpgsql STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION get_current_user_id() IS 'Obtiene el user_id del contexto actual'; + +-- Función: get_current_company_id +CREATE OR REPLACE FUNCTION get_current_company_id() +RETURNS UUID AS $$ +BEGIN + RETURN current_setting('app.current_company_id', true)::UUID; +EXCEPTION + WHEN OTHERS THEN + RETURN NULL; +END; +$$ LANGUAGE plpgsql STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION get_current_company_id() IS 'Obtiene el company_id del contexto actual'; + +-- Función: user_has_permission +CREATE OR REPLACE FUNCTION auth.user_has_permission( + p_user_id UUID, + p_resource VARCHAR, + p_action auth.permission_action +) +RETURNS BOOLEAN AS $$ +DECLARE + v_has_permission BOOLEAN; +BEGIN + -- Superusers tienen todos los permisos + IF EXISTS ( + SELECT 1 FROM auth.users + WHERE id = p_user_id AND is_superuser = TRUE AND deleted_at IS NULL + ) THEN + RETURN TRUE; + END IF; + + -- Verificar si el usuario tiene el permiso a través de sus roles + SELECT EXISTS ( + SELECT 1 + FROM auth.user_roles ur + JOIN auth.role_permissions rp ON ur.role_id = rp.role_id + JOIN auth.permissions p ON rp.permission_id = p.id + WHERE ur.user_id = p_user_id + AND p.resource = p_resource + AND p.action = p_action + ) INTO v_has_permission; + + RETURN v_has_permission; +END; +$$ LANGUAGE plpgsql STABLE SECURITY DEFINER; + +COMMENT ON FUNCTION auth.user_has_permission IS 'Verifica si un usuario tiene un permiso específico'; + +-- Función: clean_expired_sessions +CREATE OR REPLACE FUNCTION auth.clean_expired_sessions() +RETURNS INTEGER AS $$ +DECLARE + v_deleted_count INTEGER; +BEGIN + WITH deleted AS ( + DELETE FROM auth.sessions + WHERE status = 'active' + AND expires_at < CURRENT_TIMESTAMP + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted_count FROM deleted; + + RETURN v_deleted_count; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION auth.clean_expired_sessions IS 'Limpia sesiones expiradas (ejecutar periódicamente)'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +-- Trigger: Actualizar updated_at automáticamente +CREATE OR REPLACE FUNCTION auth.update_updated_at_column() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = CURRENT_TIMESTAMP; + NEW.updated_by = get_current_user_id(); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_tenants_updated_at + BEFORE UPDATE ON auth.tenants + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_companies_updated_at + BEFORE UPDATE ON auth.companies + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_users_updated_at + BEFORE UPDATE ON auth.users + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_roles_updated_at + BEFORE UPDATE ON auth.roles + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Validar que tenant tenga al menos 1 admin +CREATE OR REPLACE FUNCTION auth.validate_tenant_has_admin() +RETURNS TRIGGER AS $$ +BEGIN + -- Al eliminar user_role, verificar que no sea el último admin + IF TG_OP = 'DELETE' THEN + IF EXISTS ( + SELECT 1 + FROM auth.users u + JOIN auth.roles r ON r.tenant_id = u.tenant_id + WHERE u.id = OLD.user_id + AND r.code = 'admin' + AND r.id = OLD.role_id + ) THEN + -- Contar admins restantes + IF NOT EXISTS ( + SELECT 1 + FROM auth.user_roles ur + JOIN auth.roles r ON r.id = ur.role_id + JOIN auth.users u ON u.id = ur.user_id + WHERE r.code = 'admin' + AND u.tenant_id = (SELECT tenant_id FROM auth.users WHERE id = OLD.user_id) + AND ur.user_id != OLD.user_id + ) THEN + RAISE EXCEPTION 'Cannot remove last admin from tenant'; + END IF; + END IF; + END IF; + + RETURN OLD; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_validate_tenant_has_admin + BEFORE DELETE ON auth.user_roles + FOR EACH ROW + EXECUTE FUNCTION auth.validate_tenant_has_admin(); + +-- Trigger: Auto-marcar sesión como expirada +CREATE OR REPLACE FUNCTION auth.auto_expire_session() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.expires_at < CURRENT_TIMESTAMP AND NEW.status = 'active' THEN + NEW.status = 'expired'; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_auto_expire_session + BEFORE UPDATE ON auth.sessions + FOR EACH ROW + EXECUTE FUNCTION auth.auto_expire_session(); + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +-- Habilitar RLS en tablas con tenant_id +ALTER TABLE auth.companies ENABLE ROW LEVEL SECURITY; +ALTER TABLE auth.users ENABLE ROW LEVEL SECURITY; +ALTER TABLE auth.roles ENABLE ROW LEVEL SECURITY; + +-- Policy: Tenant Isolation - Companies +CREATE POLICY tenant_isolation_companies +ON auth.companies +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Users +CREATE POLICY tenant_isolation_users +ON auth.users +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Roles +CREATE POLICY tenant_isolation_roles +ON auth.roles +USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- DATOS INICIALES (Seed Data) +-- ===================================================== + +-- Permisos estándar para recursos comunes +INSERT INTO auth.permissions (resource, action, description, module) VALUES +-- Auth +('users', 'create', 'Crear usuarios', 'MGN-001'), +('users', 'read', 'Ver usuarios', 'MGN-001'), +('users', 'update', 'Actualizar usuarios', 'MGN-001'), +('users', 'delete', 'Eliminar usuarios', 'MGN-001'), +('roles', 'create', 'Crear roles', 'MGN-001'), +('roles', 'read', 'Ver roles', 'MGN-001'), +('roles', 'update', 'Actualizar roles', 'MGN-001'), +('roles', 'delete', 'Eliminar roles', 'MGN-001'), + +-- Financial +('invoices', 'create', 'Crear facturas', 'MGN-004'), +('invoices', 'read', 'Ver facturas', 'MGN-004'), +('invoices', 'update', 'Actualizar facturas', 'MGN-004'), +('invoices', 'delete', 'Eliminar facturas', 'MGN-004'), +('invoices', 'approve', 'Aprobar facturas', 'MGN-004'), +('invoices', 'cancel', 'Cancelar facturas', 'MGN-004'), +('journal_entries', 'create', 'Crear asientos contables', 'MGN-004'), +('journal_entries', 'read', 'Ver asientos contables', 'MGN-004'), +('journal_entries', 'approve', 'Aprobar asientos contables', 'MGN-004'), + +-- Purchase +('purchase_orders', 'create', 'Crear órdenes de compra', 'MGN-006'), +('purchase_orders', 'read', 'Ver órdenes de compra', 'MGN-006'), +('purchase_orders', 'update', 'Actualizar órdenes de compra', 'MGN-006'), +('purchase_orders', 'delete', 'Eliminar órdenes de compra', 'MGN-006'), +('purchase_orders', 'approve', 'Aprobar órdenes de compra', 'MGN-006'), + +-- Sales +('sale_orders', 'create', 'Crear órdenes de venta', 'MGN-007'), +('sale_orders', 'read', 'Ver órdenes de venta', 'MGN-007'), +('sale_orders', 'update', 'Actualizar órdenes de venta', 'MGN-007'), +('sale_orders', 'delete', 'Eliminar órdenes de venta', 'MGN-007'), +('sale_orders', 'approve', 'Aprobar órdenes de venta', 'MGN-007'), + +-- Inventory +('products', 'create', 'Crear productos', 'MGN-005'), +('products', 'read', 'Ver productos', 'MGN-005'), +('products', 'update', 'Actualizar productos', 'MGN-005'), +('products', 'delete', 'Eliminar productos', 'MGN-005'), +('stock_moves', 'create', 'Crear movimientos de inventario', 'MGN-005'), +('stock_moves', 'read', 'Ver movimientos de inventario', 'MGN-005'), +('stock_moves', 'approve', 'Aprobar movimientos de inventario', 'MGN-005'), + +-- Projects +('projects', 'create', 'Crear proyectos', 'MGN-011'), +('projects', 'read', 'Ver proyectos', 'MGN-011'), +('projects', 'update', 'Actualizar proyectos', 'MGN-011'), +('projects', 'delete', 'Eliminar proyectos', 'MGN-011'), +('tasks', 'create', 'Crear tareas', 'MGN-011'), +('tasks', 'read', 'Ver tareas', 'MGN-011'), +('tasks', 'update', 'Actualizar tareas', 'MGN-011'), +('tasks', 'delete', 'Eliminar tareas', 'MGN-011'), + +-- Reports +('reports', 'read', 'Ver reportes', 'MGN-012'), +('reports', 'export', 'Exportar reportes', 'MGN-012'); + +-- ===================================================== +-- COMENTARIOS EN TABLAS +-- ===================================================== + +COMMENT ON SCHEMA auth IS 'Schema de autenticación, usuarios, roles y permisos'; +COMMENT ON TABLE auth.tenants IS 'Tenants (organizaciones raíz) con schema-level isolation'; +COMMENT ON TABLE auth.companies IS 'Empresas dentro de un tenant (multi-company)'; +COMMENT ON TABLE auth.users IS 'Usuarios del sistema con RBAC'; +COMMENT ON TABLE auth.roles IS 'Roles con permisos asignados'; +COMMENT ON TABLE auth.permissions IS 'Permisos granulares por recurso y acción'; +COMMENT ON TABLE auth.user_roles IS 'Asignación de roles a usuarios (many-to-many)'; +COMMENT ON TABLE auth.role_permissions IS 'Asignación de permisos a roles (many-to-many)'; +COMMENT ON TABLE auth.sessions IS 'Sesiones JWT activas de usuarios'; +COMMENT ON TABLE auth.user_companies IS 'Asignación de usuarios a empresas (multi-company)'; +COMMENT ON TABLE auth.password_resets IS 'Tokens de reset de contraseña'; + +-- ===================================================== +-- VISTAS ÚTILES +-- ===================================================== + +-- Vista: user_permissions (permisos efectivos de usuario) +CREATE OR REPLACE VIEW auth.user_permissions_view AS +SELECT DISTINCT + ur.user_id, + u.email, + u.full_name, + p.resource, + p.action, + p.description, + r.name as role_name, + r.code as role_code +FROM auth.user_roles ur +JOIN auth.users u ON ur.user_id = u.id +JOIN auth.roles r ON ur.role_id = r.id +JOIN auth.role_permissions rp ON r.id = rp.role_id +JOIN auth.permissions p ON rp.permission_id = p.id +WHERE u.deleted_at IS NULL + AND u.status = 'active'; + +COMMENT ON VIEW auth.user_permissions_view IS 'Vista de permisos efectivos por usuario'; + +-- Vista: active_sessions (sesiones activas) +CREATE OR REPLACE VIEW auth.active_sessions_view AS +SELECT + s.id, + s.user_id, + u.email, + u.full_name, + s.ip_address, + s.user_agent, + s.created_at as login_at, + s.expires_at, + EXTRACT(EPOCH FROM (s.expires_at - CURRENT_TIMESTAMP))/60 as minutes_until_expiry +FROM auth.sessions s +JOIN auth.users u ON s.user_id = u.id +WHERE s.status = 'active' + AND s.expires_at > CURRENT_TIMESTAMP; + +COMMENT ON VIEW auth.active_sessions_view IS 'Vista de sesiones activas con tiempo restante'; + +-- ===================================================== +-- FIN DEL SCHEMA AUTH +-- ===================================================== diff --git a/database/ddl/02-core.sql b/database/ddl/02-core.sql new file mode 100644 index 0000000..2d8e553 --- /dev/null +++ b/database/ddl/02-core.sql @@ -0,0 +1,755 @@ +-- ===================================================== +-- SCHEMA: core +-- PROPÓSITO: Catálogos maestros y entidades fundamentales +-- MÓDULOS: MGN-002 (Empresas), MGN-003 (Catálogos Maestros) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS core; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE core.partner_type AS ENUM ( + 'person', + 'company' +); + +CREATE TYPE core.partner_category AS ENUM ( + 'customer', + 'supplier', + 'employee', + 'contact', + 'other' +); + +CREATE TYPE core.address_type AS ENUM ( + 'billing', + 'shipping', + 'contact', + 'other' +); + +CREATE TYPE core.uom_type AS ENUM ( + 'reference', + 'bigger', + 'smaller' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: countries (Países - ISO 3166-1) +CREATE TABLE core.countries ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(2) NOT NULL UNIQUE, -- ISO 3166-1 alpha-2 + name VARCHAR(255) NOT NULL, + phone_code VARCHAR(10), + currency_code VARCHAR(3), -- ISO 4217 + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: currencies (Monedas - ISO 4217) +CREATE TABLE core.currencies ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(3) NOT NULL UNIQUE, -- ISO 4217 + name VARCHAR(100) NOT NULL, + symbol VARCHAR(10) NOT NULL, + decimals INTEGER NOT NULL DEFAULT 2, + rounding DECIMAL(12, 6) DEFAULT 0.01, + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: exchange_rates (Tasas de cambio) +CREATE TABLE core.exchange_rates ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + from_currency_id UUID NOT NULL REFERENCES core.currencies(id), + to_currency_id UUID NOT NULL REFERENCES core.currencies(id), + rate DECIMAL(12, 6) NOT NULL, + date DATE NOT NULL, + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_exchange_rates_currencies_date UNIQUE (from_currency_id, to_currency_id, date), + CONSTRAINT chk_exchange_rates_rate CHECK (rate > 0), + CONSTRAINT chk_exchange_rates_different_currencies CHECK (from_currency_id != to_currency_id) +); + +-- Tabla: uom_categories (Categorías de unidades de medida) +CREATE TABLE core.uom_categories ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(100) NOT NULL UNIQUE, + description TEXT, + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: uom (Unidades de medida) +CREATE TABLE core.uom ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + category_id UUID NOT NULL REFERENCES core.uom_categories(id), + name VARCHAR(100) NOT NULL, + code VARCHAR(20), + uom_type core.uom_type NOT NULL DEFAULT 'reference', + factor DECIMAL(12, 6) NOT NULL DEFAULT 1.0, + rounding DECIMAL(12, 6) DEFAULT 0.01, + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_uom_name_category UNIQUE (category_id, name), + CONSTRAINT chk_uom_factor CHECK (factor > 0) +); + +-- Tabla: partners (Partners universales - patrón Odoo) +CREATE TABLE core.partners ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Datos básicos + name VARCHAR(255) NOT NULL, + legal_name VARCHAR(255), + partner_type core.partner_type NOT NULL DEFAULT 'person', + + -- Categorización (multiple flags como Odoo) + is_customer BOOLEAN DEFAULT FALSE, + is_supplier BOOLEAN DEFAULT FALSE, + is_employee BOOLEAN DEFAULT FALSE, + is_company BOOLEAN DEFAULT FALSE, + + -- Contacto + email VARCHAR(255), + phone VARCHAR(50), + mobile VARCHAR(50), + website VARCHAR(255), + + -- Fiscal + tax_id VARCHAR(50), -- RFC en México + + -- Referencias + company_id UUID REFERENCES auth.companies(id), + parent_id UUID REFERENCES core.partners(id), -- Para jerarquía de contactos + user_id UUID REFERENCES auth.users(id), -- Usuario vinculado (si aplica) + + -- Comercial + payment_term_id UUID, -- FK a financial.payment_terms (se crea después) + pricelist_id UUID, -- FK a sales.pricelists (se crea después) + + -- Configuración + language VARCHAR(10) DEFAULT 'es', + currency_id UUID REFERENCES core.currencies(id), + + -- Notas + notes TEXT, + internal_notes TEXT, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_partners_email_format CHECK ( + email IS NULL OR email ~ '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}$' + ), + CONSTRAINT chk_partners_no_self_parent CHECK (id != parent_id) +); + +-- Tabla: addresses (Direcciones de partners) +CREATE TABLE core.addresses ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + partner_id UUID NOT NULL REFERENCES core.partners(id) ON DELETE CASCADE, + + -- Tipo de dirección + address_type core.address_type NOT NULL DEFAULT 'contact', + + -- Dirección + street VARCHAR(255), + street2 VARCHAR(255), + city VARCHAR(100), + state VARCHAR(100), + zip_code VARCHAR(20), + country_id UUID REFERENCES core.countries(id), + + -- Control + is_default BOOLEAN DEFAULT FALSE, + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id) +); + +-- Tabla: product_categories (Categorías de productos) +CREATE TABLE core.product_categories ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + parent_id UUID REFERENCES core.product_categories(id), + full_path TEXT, -- Generado automáticamente: "Electrónica / Computadoras / Laptops" + + -- Configuración + notes TEXT, + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_product_categories_code_tenant UNIQUE (tenant_id, code), + CONSTRAINT chk_product_categories_no_self_parent CHECK (id != parent_id) +); + +-- Tabla: tags (Etiquetas genéricas) +CREATE TABLE core.tags ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + color VARCHAR(20), -- Color hex: #FF5733 + model VARCHAR(100), -- Para qué se usa: 'products', 'partners', 'tasks', etc. + description TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_tags_name_model_tenant UNIQUE (tenant_id, name, model) +); + +-- Tabla: sequences (Generación de números secuenciales) +CREATE TABLE core.sequences ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id), + + code VARCHAR(100) NOT NULL, -- Código único: 'sale.order', 'purchase.order', etc. + name VARCHAR(255) NOT NULL, + prefix VARCHAR(50), -- Prefijo: "SO-", "PO-", etc. + suffix VARCHAR(50), -- Sufijo: "/2025" + next_number INTEGER NOT NULL DEFAULT 1, + padding INTEGER NOT NULL DEFAULT 4, -- 0001, 0002, etc. + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_sequences_code_tenant UNIQUE (tenant_id, code), + CONSTRAINT chk_sequences_next_number CHECK (next_number > 0), + CONSTRAINT chk_sequences_padding CHECK (padding >= 0) +); + +-- Tabla: attachments (Archivos adjuntos genéricos) +CREATE TABLE core.attachments ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Referencia polimórfica (a qué tabla/registro pertenece) + model VARCHAR(100) NOT NULL, -- 'partners', 'invoices', 'tasks', etc. + record_id UUID NOT NULL, + + -- Archivo + filename VARCHAR(255) NOT NULL, + mimetype VARCHAR(100), + size_bytes BIGINT, + url VARCHAR(1000), -- URL en S3, local storage, etc. + + -- Metadatos + description TEXT, + is_public BOOLEAN DEFAULT FALSE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_attachments_size CHECK (size_bytes >= 0) +); + +-- Tabla: notes (Notas genéricas) +CREATE TABLE core.notes ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Referencia polimórfica + model VARCHAR(100) NOT NULL, + record_id UUID NOT NULL, + + -- Nota + subject VARCHAR(255), + content TEXT NOT NULL, + + -- Control + is_pinned BOOLEAN DEFAULT FALSE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Countries +CREATE INDEX idx_countries_code ON core.countries(code); +CREATE INDEX idx_countries_name ON core.countries(name); + +-- Currencies +CREATE INDEX idx_currencies_code ON core.currencies(code); +CREATE INDEX idx_currencies_active ON core.currencies(active) WHERE active = TRUE; + +-- Exchange Rates +CREATE INDEX idx_exchange_rates_from_currency ON core.exchange_rates(from_currency_id); +CREATE INDEX idx_exchange_rates_to_currency ON core.exchange_rates(to_currency_id); +CREATE INDEX idx_exchange_rates_date ON core.exchange_rates(date DESC); + +-- UoM Categories +CREATE INDEX idx_uom_categories_name ON core.uom_categories(name); + +-- UoM +CREATE INDEX idx_uom_category_id ON core.uom(category_id); +CREATE INDEX idx_uom_active ON core.uom(active) WHERE active = TRUE; + +-- Partners +CREATE INDEX idx_partners_tenant_id ON core.partners(tenant_id); +CREATE INDEX idx_partners_name ON core.partners(name); +CREATE INDEX idx_partners_email ON core.partners(email); +CREATE INDEX idx_partners_tax_id ON core.partners(tax_id); +CREATE INDEX idx_partners_parent_id ON core.partners(parent_id); +CREATE INDEX idx_partners_user_id ON core.partners(user_id); +CREATE INDEX idx_partners_company_id ON core.partners(company_id); +CREATE INDEX idx_partners_currency_id ON core.partners(currency_id) WHERE currency_id IS NOT NULL; +CREATE INDEX idx_partners_payment_term_id ON core.partners(payment_term_id) WHERE payment_term_id IS NOT NULL; +CREATE INDEX idx_partners_pricelist_id ON core.partners(pricelist_id) WHERE pricelist_id IS NOT NULL; +CREATE INDEX idx_partners_is_customer ON core.partners(tenant_id, is_customer) WHERE is_customer = TRUE; +CREATE INDEX idx_partners_is_supplier ON core.partners(tenant_id, is_supplier) WHERE is_supplier = TRUE; +CREATE INDEX idx_partners_is_employee ON core.partners(tenant_id, is_employee) WHERE is_employee = TRUE; +CREATE INDEX idx_partners_active ON core.partners(tenant_id, active) WHERE active = TRUE; + +-- Addresses +CREATE INDEX idx_addresses_partner_id ON core.addresses(partner_id); +CREATE INDEX idx_addresses_country_id ON core.addresses(country_id); +CREATE INDEX idx_addresses_is_default ON core.addresses(partner_id, is_default) WHERE is_default = TRUE; + +-- Product Categories +CREATE INDEX idx_product_categories_tenant_id ON core.product_categories(tenant_id); +CREATE INDEX idx_product_categories_parent_id ON core.product_categories(parent_id); +CREATE INDEX idx_product_categories_code ON core.product_categories(code); + +-- Tags +CREATE INDEX idx_tags_tenant_id ON core.tags(tenant_id); +CREATE INDEX idx_tags_model ON core.tags(model); +CREATE INDEX idx_tags_name ON core.tags(name); + +-- Sequences +CREATE INDEX idx_sequences_tenant_id ON core.sequences(tenant_id); +CREATE INDEX idx_sequences_code ON core.sequences(code); + +-- Attachments +CREATE INDEX idx_attachments_tenant_id ON core.attachments(tenant_id); +CREATE INDEX idx_attachments_model_record ON core.attachments(model, record_id); +CREATE INDEX idx_attachments_created_by ON core.attachments(created_by); + +-- Notes +CREATE INDEX idx_notes_tenant_id ON core.notes(tenant_id); +CREATE INDEX idx_notes_model_record ON core.notes(model, record_id); +CREATE INDEX idx_notes_created_by ON core.notes(created_by); +CREATE INDEX idx_notes_is_pinned ON core.notes(is_pinned) WHERE is_pinned = TRUE; + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: generate_next_sequence +-- Genera el siguiente número de secuencia +CREATE OR REPLACE FUNCTION core.generate_next_sequence(p_sequence_code VARCHAR) +RETURNS VARCHAR AS $$ +DECLARE + v_sequence RECORD; + v_next_number INTEGER; + v_result VARCHAR; +BEGIN + -- Obtener secuencia y bloquear fila (SELECT FOR UPDATE) + SELECT * INTO v_sequence + FROM core.sequences + WHERE code = p_sequence_code + AND tenant_id = get_current_tenant_id() + FOR UPDATE; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Sequence % not found', p_sequence_code; + END IF; + + -- Generar número + v_next_number := v_sequence.next_number; + + -- Formatear resultado + v_result := COALESCE(v_sequence.prefix, '') || + LPAD(v_next_number::TEXT, v_sequence.padding, '0') || + COALESCE(v_sequence.suffix, ''); + + -- Incrementar contador + UPDATE core.sequences + SET next_number = next_number + 1, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = v_sequence.id; + + RETURN v_result; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core.generate_next_sequence IS 'Genera el siguiente número de secuencia para un código dado'; + +-- Función: update_product_category_path +-- Actualiza el full_path de una categoría de producto +CREATE OR REPLACE FUNCTION core.update_product_category_path() +RETURNS TRIGGER AS $$ +DECLARE + v_parent_path TEXT; +BEGIN + IF NEW.parent_id IS NULL THEN + NEW.full_path := NEW.name; + ELSE + SELECT full_path INTO v_parent_path + FROM core.product_categories + WHERE id = NEW.parent_id; + + NEW.full_path := v_parent_path || ' / ' || NEW.name; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core.update_product_category_path IS 'Actualiza el path completo de la categoría al crear/actualizar'; + +-- Función: get_exchange_rate +-- Obtiene la tasa de cambio entre dos monedas en una fecha +CREATE OR REPLACE FUNCTION core.get_exchange_rate( + p_from_currency_id UUID, + p_to_currency_id UUID, + p_date DATE DEFAULT CURRENT_DATE +) +RETURNS DECIMAL AS $$ +DECLARE + v_rate DECIMAL; +BEGIN + -- Si son la misma moneda, tasa = 1 + IF p_from_currency_id = p_to_currency_id THEN + RETURN 1.0; + END IF; + + -- Buscar tasa directa + SELECT rate INTO v_rate + FROM core.exchange_rates + WHERE from_currency_id = p_from_currency_id + AND to_currency_id = p_to_currency_id + AND date <= p_date + ORDER BY date DESC + LIMIT 1; + + IF FOUND THEN + RETURN v_rate; + END IF; + + -- Buscar tasa inversa + SELECT 1.0 / rate INTO v_rate + FROM core.exchange_rates + WHERE from_currency_id = p_to_currency_id + AND to_currency_id = p_from_currency_id + AND date <= p_date + ORDER BY date DESC + LIMIT 1; + + IF FOUND THEN + RETURN v_rate; + END IF; + + -- No se encontró tasa + RAISE EXCEPTION 'Exchange rate not found for currencies % to % on date %', + p_from_currency_id, p_to_currency_id, p_date; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core.get_exchange_rate IS 'Obtiene la tasa de cambio entre dos monedas en una fecha específica'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +-- Trigger: Actualizar updated_at en partners +CREATE TRIGGER trg_partners_updated_at + BEFORE UPDATE ON core.partners + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar updated_at en addresses +CREATE TRIGGER trg_addresses_updated_at + BEFORE UPDATE ON core.addresses + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar updated_at en product_categories +CREATE TRIGGER trg_product_categories_updated_at + BEFORE UPDATE ON core.product_categories + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar updated_at en notes +CREATE TRIGGER trg_notes_updated_at + BEFORE UPDATE ON core.notes + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar full_path en product_categories +CREATE TRIGGER trg_product_categories_update_path + BEFORE INSERT OR UPDATE OF name, parent_id ON core.product_categories + FOR EACH ROW + EXECUTE FUNCTION core.update_product_category_path(); + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +-- Habilitar RLS en tablas con tenant_id +ALTER TABLE core.partners ENABLE ROW LEVEL SECURITY; +ALTER TABLE core.product_categories ENABLE ROW LEVEL SECURITY; +ALTER TABLE core.tags ENABLE ROW LEVEL SECURITY; +ALTER TABLE core.sequences ENABLE ROW LEVEL SECURITY; +ALTER TABLE core.attachments ENABLE ROW LEVEL SECURITY; +ALTER TABLE core.notes ENABLE ROW LEVEL SECURITY; + +-- Policy: Tenant Isolation - Partners +CREATE POLICY tenant_isolation_partners +ON core.partners +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Product Categories +CREATE POLICY tenant_isolation_product_categories +ON core.product_categories +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Tags +CREATE POLICY tenant_isolation_tags +ON core.tags +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Sequences +CREATE POLICY tenant_isolation_sequences +ON core.sequences +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Attachments +CREATE POLICY tenant_isolation_attachments +ON core.attachments +USING (tenant_id = get_current_tenant_id()); + +-- Policy: Tenant Isolation - Notes +CREATE POLICY tenant_isolation_notes +ON core.notes +USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- SEED DATA +-- ===================================================== + +-- Monedas principales (ISO 4217) +INSERT INTO core.currencies (code, name, symbol, decimals) VALUES +('USD', 'US Dollar', '$', 2), +('MXN', 'Peso Mexicano', '$', 2), +('EUR', 'Euro', '€', 2), +('GBP', 'British Pound', '£', 2), +('CAD', 'Canadian Dollar', '$', 2), +('JPY', 'Japanese Yen', '¥', 0), +('CNY', 'Chinese Yuan', '¥', 2), +('BRL', 'Brazilian Real', 'R$', 2), +('ARS', 'Argentine Peso', '$', 2), +('COP', 'Colombian Peso', '$', 2) +ON CONFLICT (code) DO NOTHING; + +-- Países principales (ISO 3166-1) +INSERT INTO core.countries (code, name, phone_code, currency_code) VALUES +('MX', 'México', '52', 'MXN'), +('US', 'United States', '1', 'USD'), +('CA', 'Canada', '1', 'CAD'), +('GB', 'United Kingdom', '44', 'GBP'), +('FR', 'France', '33', 'EUR'), +('DE', 'Germany', '49', 'EUR'), +('ES', 'Spain', '34', 'EUR'), +('IT', 'Italy', '39', 'EUR'), +('BR', 'Brazil', '55', 'BRL'), +('AR', 'Argentina', '54', 'ARS'), +('CO', 'Colombia', '57', 'COP'), +('CL', 'Chile', '56', 'CLP'), +('PE', 'Peru', '51', 'PEN'), +('CN', 'China', '86', 'CNY'), +('JP', 'Japan', '81', 'JPY'), +('IN', 'India', '91', 'INR') +ON CONFLICT (code) DO NOTHING; + +-- Categorías de UoM +INSERT INTO core.uom_categories (name, description) VALUES +('Weight', 'Unidades de peso'), +('Volume', 'Unidades de volumen'), +('Length', 'Unidades de longitud'), +('Time', 'Unidades de tiempo'), +('Unit', 'Unidades (piezas, docenas, etc.)') +ON CONFLICT (name) DO NOTHING; + +-- Unidades de medida estándar +INSERT INTO core.uom (category_id, name, code, uom_type, factor) +SELECT + cat.id, + uom.name, + uom.code, + uom.uom_type::core.uom_type, + uom.factor +FROM ( + -- Weight + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Weight'), 'Kilogram', 'kg', 'reference', 1.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Weight'), 'Gram', 'g', 'smaller', 0.001 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Weight'), 'Ton', 't', 'bigger', 1000.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Weight'), 'Pound', 'lb', 'smaller', 0.453592 UNION ALL + + -- Volume + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Volume'), 'Liter', 'L', 'reference', 1.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Volume'), 'Milliliter', 'mL', 'smaller', 0.001 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Volume'), 'Cubic Meter', 'm³', 'bigger', 1000.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Volume'), 'Gallon', 'gal', 'bigger', 3.78541 UNION ALL + + -- Length + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Meter', 'm', 'reference', 1.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Centimeter', 'cm', 'smaller', 0.01 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Millimeter', 'mm', 'smaller', 0.001 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Kilometer', 'km', 'bigger', 1000.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Inch', 'in', 'smaller', 0.0254 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Length'), 'Foot', 'ft', 'smaller', 0.3048 UNION ALL + + -- Time + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Time'), 'Hour', 'h', 'reference', 1.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Time'), 'Day', 'd', 'bigger', 24.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Time'), 'Week', 'wk', 'bigger', 168.0 UNION ALL + + -- Unit + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Unit'), 'Unit', 'unit', 'reference', 1.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Unit'), 'Dozen', 'doz', 'bigger', 12.0 UNION ALL + SELECT (SELECT id FROM core.uom_categories WHERE name = 'Unit'), 'Pack', 'pack', 'bigger', 1.0 +) AS uom(category_id, name, code, uom_type, factor) +JOIN core.uom_categories cat ON cat.id = uom.category_id +ON CONFLICT DO NOTHING; + +-- ===================================================== +-- COMENTARIOS EN TABLAS +-- ===================================================== + +COMMENT ON SCHEMA core IS 'Schema de catálogos maestros y entidades fundamentales'; +COMMENT ON TABLE core.countries IS 'Catálogo de países (ISO 3166-1)'; +COMMENT ON TABLE core.currencies IS 'Catálogo de monedas (ISO 4217)'; +COMMENT ON TABLE core.exchange_rates IS 'Tasas de cambio históricas entre monedas'; +COMMENT ON TABLE core.uom_categories IS 'Categorías de unidades de medida'; +COMMENT ON TABLE core.uom IS 'Unidades de medida (peso, volumen, longitud, etc.)'; +COMMENT ON TABLE core.partners IS 'Partners universales (clientes, proveedores, empleados, contactos) - patrón Odoo'; +COMMENT ON TABLE core.addresses IS 'Direcciones de partners (facturación, envío, contacto)'; +COMMENT ON TABLE core.product_categories IS 'Categorías jerárquicas de productos'; +COMMENT ON TABLE core.tags IS 'Etiquetas genéricas para clasificar registros'; +COMMENT ON TABLE core.sequences IS 'Generadores de números secuenciales automáticos'; +COMMENT ON TABLE core.attachments IS 'Archivos adjuntos polimórficos (cualquier tabla/registro)'; +COMMENT ON TABLE core.notes IS 'Notas polimórficas (cualquier tabla/registro)'; + +-- ===================================================== +-- VISTAS ÚTILES +-- ===================================================== + +-- Vista: customers (solo partners que son clientes) +CREATE OR REPLACE VIEW core.customers_view AS +SELECT + id, + tenant_id, + name, + legal_name, + email, + phone, + mobile, + tax_id, + company_id, + active +FROM core.partners +WHERE is_customer = TRUE + AND deleted_at IS NULL; + +COMMENT ON VIEW core.customers_view IS 'Vista de partners que son clientes'; + +-- Vista: suppliers (solo partners que son proveedores) +CREATE OR REPLACE VIEW core.suppliers_view AS +SELECT + id, + tenant_id, + name, + legal_name, + email, + phone, + tax_id, + company_id, + active +FROM core.partners +WHERE is_supplier = TRUE + AND deleted_at IS NULL; + +COMMENT ON VIEW core.suppliers_view IS 'Vista de partners que son proveedores'; + +-- Vista: employees (solo partners que son empleados) +CREATE OR REPLACE VIEW core.employees_view AS +SELECT + p.id, + p.tenant_id, + p.name, + p.email, + p.phone, + p.user_id, + u.full_name as user_name, + p.active +FROM core.partners p +LEFT JOIN auth.users u ON p.user_id = u.id +WHERE p.is_employee = TRUE + AND p.deleted_at IS NULL; + +COMMENT ON VIEW core.employees_view IS 'Vista de partners que son empleados'; + +-- ===================================================== +-- FIN DEL SCHEMA CORE +-- ===================================================== diff --git a/database/ddl/03-analytics.sql b/database/ddl/03-analytics.sql new file mode 100644 index 0000000..faea1aa --- /dev/null +++ b/database/ddl/03-analytics.sql @@ -0,0 +1,510 @@ +-- ===================================================== +-- SCHEMA: analytics +-- PROPÓSITO: Contabilidad analítica, tracking de costos/ingresos +-- MÓDULOS: MGN-008 (Contabilidad Analítica) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS analytics; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE analytics.account_type AS ENUM ( + 'project', + 'department', + 'cost_center', + 'customer', + 'product', + 'other' +); + +CREATE TYPE analytics.line_type AS ENUM ( + 'expense', + 'income', + 'timesheet' +); + +CREATE TYPE analytics.account_status AS ENUM ( + 'active', + 'inactive', + 'closed' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: analytic_plans (Planes analíticos - multi-dimensional) +CREATE TABLE analytics.analytic_plans ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id), + + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_analytic_plans_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: analytic_accounts (Cuentas analíticas) +CREATE TABLE analytics.analytic_accounts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + plan_id UUID REFERENCES analytics.analytic_plans(id), + + -- Identificación + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + account_type analytics.account_type NOT NULL DEFAULT 'other', + + -- Jerarquía + parent_id UUID REFERENCES analytics.analytic_accounts(id), + full_path TEXT, -- Generado automáticamente + + -- Referencias + partner_id UUID REFERENCES core.partners(id), -- Cliente/proveedor asociado + + -- Presupuesto + budget DECIMAL(15, 2) DEFAULT 0, + + -- Estado + status analytics.account_status NOT NULL DEFAULT 'active', + + -- Fechas + date_start DATE, + date_end DATE, + + -- Notas + description TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_analytic_accounts_code_company UNIQUE (company_id, code), + CONSTRAINT chk_analytic_accounts_no_self_parent CHECK (id != parent_id), + CONSTRAINT chk_analytic_accounts_budget CHECK (budget >= 0), + CONSTRAINT chk_analytic_accounts_dates CHECK (date_end IS NULL OR date_end >= date_start) +); + +-- Tabla: analytic_tags (Etiquetas analíticas - clasificación cross-cutting) +CREATE TABLE analytics.analytic_tags ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + color VARCHAR(20), -- Color hex + description TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_analytic_tags_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: cost_centers (Centros de costo) +CREATE TABLE analytics.cost_centers ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + analytic_account_id UUID NOT NULL REFERENCES analytics.analytic_accounts(id), + + -- Responsable + manager_id UUID REFERENCES auth.users(id), + + -- Presupuesto + budget_monthly DECIMAL(15, 2) DEFAULT 0, + budget_annual DECIMAL(15, 2) DEFAULT 0, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_cost_centers_code_company UNIQUE (company_id, code) +); + +-- Tabla: analytic_lines (Líneas analíticas - registro de costos/ingresos) +CREATE TABLE analytics.analytic_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + analytic_account_id UUID NOT NULL REFERENCES analytics.analytic_accounts(id), + + -- Fecha + date DATE NOT NULL, + + -- Montos + amount DECIMAL(15, 2) NOT NULL, -- Negativo=costo, Positivo=ingreso + unit_amount DECIMAL(12, 4) DEFAULT 0, -- Horas para timesheet, cantidades para productos + + -- Tipo + line_type analytics.line_type NOT NULL, + + -- Referencias + product_id UUID REFERENCES inventory.products(id), + employee_id UUID, -- FK a hr.employees (se crea después) + partner_id UUID REFERENCES core.partners(id), + + -- Descripción + name VARCHAR(255), + description TEXT, + + -- Documento origen (polimórfico) + source_model VARCHAR(100), -- 'Invoice', 'PurchaseOrder', 'SaleOrder', 'Timesheet', etc. + source_id UUID, + source_document VARCHAR(255), -- "invoice/123", "purchase_order/456" + + -- Moneda + currency_id UUID REFERENCES core.currencies(id), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_analytic_lines_unit_amount CHECK (unit_amount >= 0) +); + +-- Tabla: analytic_line_tags (Many-to-many: líneas analíticas - tags) +CREATE TABLE analytics.analytic_line_tags ( + analytic_line_id UUID NOT NULL REFERENCES analytics.analytic_lines(id) ON DELETE CASCADE, + analytic_tag_id UUID NOT NULL REFERENCES analytics.analytic_tags(id) ON DELETE CASCADE, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (analytic_line_id, analytic_tag_id) +); + +-- Tabla: analytic_distributions (Distribución analítica multi-cuenta) +CREATE TABLE analytics.analytic_distributions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Línea origen (polimórfico) + source_model VARCHAR(100) NOT NULL, -- 'PurchaseOrderLine', 'InvoiceLine', etc. + source_id UUID NOT NULL, + + -- Cuenta analítica destino + analytic_account_id UUID NOT NULL REFERENCES analytics.analytic_accounts(id), + + -- Distribución + percentage DECIMAL(5, 2) NOT NULL, -- 0-100 + amount DECIMAL(15, 2), -- Calculado automáticamente + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_analytic_distributions_percentage CHECK (percentage >= 0 AND percentage <= 100) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Analytic Plans +CREATE INDEX idx_analytic_plans_tenant_id ON analytics.analytic_plans(tenant_id); +CREATE INDEX idx_analytic_plans_active ON analytics.analytic_plans(active) WHERE active = TRUE; + +-- Analytic Accounts +CREATE INDEX idx_analytic_accounts_tenant_id ON analytics.analytic_accounts(tenant_id); +CREATE INDEX idx_analytic_accounts_company_id ON analytics.analytic_accounts(company_id); +CREATE INDEX idx_analytic_accounts_plan_id ON analytics.analytic_accounts(plan_id); +CREATE INDEX idx_analytic_accounts_parent_id ON analytics.analytic_accounts(parent_id); +CREATE INDEX idx_analytic_accounts_partner_id ON analytics.analytic_accounts(partner_id); +CREATE INDEX idx_analytic_accounts_code ON analytics.analytic_accounts(code); +CREATE INDEX idx_analytic_accounts_type ON analytics.analytic_accounts(account_type); +CREATE INDEX idx_analytic_accounts_status ON analytics.analytic_accounts(status); + +-- Analytic Tags +CREATE INDEX idx_analytic_tags_tenant_id ON analytics.analytic_tags(tenant_id); +CREATE INDEX idx_analytic_tags_name ON analytics.analytic_tags(name); + +-- Cost Centers +CREATE INDEX idx_cost_centers_tenant_id ON analytics.cost_centers(tenant_id); +CREATE INDEX idx_cost_centers_company_id ON analytics.cost_centers(company_id); +CREATE INDEX idx_cost_centers_analytic_account_id ON analytics.cost_centers(analytic_account_id); +CREATE INDEX idx_cost_centers_manager_id ON analytics.cost_centers(manager_id); +CREATE INDEX idx_cost_centers_active ON analytics.cost_centers(active) WHERE active = TRUE; + +-- Analytic Lines +CREATE INDEX idx_analytic_lines_tenant_id ON analytics.analytic_lines(tenant_id); +CREATE INDEX idx_analytic_lines_company_id ON analytics.analytic_lines(company_id); +CREATE INDEX idx_analytic_lines_analytic_account_id ON analytics.analytic_lines(analytic_account_id); +CREATE INDEX idx_analytic_lines_date ON analytics.analytic_lines(date); +CREATE INDEX idx_analytic_lines_line_type ON analytics.analytic_lines(line_type); +CREATE INDEX idx_analytic_lines_product_id ON analytics.analytic_lines(product_id); +CREATE INDEX idx_analytic_lines_employee_id ON analytics.analytic_lines(employee_id); +CREATE INDEX idx_analytic_lines_source ON analytics.analytic_lines(source_model, source_id); + +-- Analytic Line Tags +CREATE INDEX idx_analytic_line_tags_line_id ON analytics.analytic_line_tags(analytic_line_id); +CREATE INDEX idx_analytic_line_tags_tag_id ON analytics.analytic_line_tags(analytic_tag_id); + +-- Analytic Distributions +CREATE INDEX idx_analytic_distributions_source ON analytics.analytic_distributions(source_model, source_id); +CREATE INDEX idx_analytic_distributions_analytic_account_id ON analytics.analytic_distributions(analytic_account_id); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: update_analytic_account_path +CREATE OR REPLACE FUNCTION analytics.update_analytic_account_path() +RETURNS TRIGGER AS $$ +DECLARE + v_parent_path TEXT; +BEGIN + IF NEW.parent_id IS NULL THEN + NEW.full_path := NEW.name; + ELSE + SELECT full_path INTO v_parent_path + FROM analytics.analytic_accounts + WHERE id = NEW.parent_id; + + NEW.full_path := v_parent_path || ' / ' || NEW.name; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION analytics.update_analytic_account_path IS 'Actualiza el path completo de la cuenta analítica'; + +-- Función: get_analytic_balance +CREATE OR REPLACE FUNCTION analytics.get_analytic_balance( + p_analytic_account_id UUID, + p_date_from DATE DEFAULT NULL, + p_date_to DATE DEFAULT NULL +) +RETURNS TABLE( + total_income DECIMAL, + total_expense DECIMAL, + balance DECIMAL +) AS $$ +BEGIN + RETURN QUERY + SELECT + COALESCE(SUM(CASE WHEN line_type = 'income' THEN amount ELSE 0 END), 0) AS total_income, + COALESCE(SUM(CASE WHEN line_type = 'expense' THEN ABS(amount) ELSE 0 END), 0) AS total_expense, + COALESCE(SUM(amount), 0) AS balance + FROM analytics.analytic_lines + WHERE analytic_account_id = p_analytic_account_id + AND (p_date_from IS NULL OR date >= p_date_from) + AND (p_date_to IS NULL OR date <= p_date_to); +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION analytics.get_analytic_balance IS 'Obtiene el balance de una cuenta analítica en un período'; + +-- Función: validate_distribution_100_percent +CREATE OR REPLACE FUNCTION analytics.validate_distribution_100_percent() +RETURNS TRIGGER AS $$ +DECLARE + v_total_percentage DECIMAL; +BEGIN + SELECT COALESCE(SUM(percentage), 0) + INTO v_total_percentage + FROM analytics.analytic_distributions + WHERE source_model = NEW.source_model + AND source_id = NEW.source_id; + + IF TG_OP = 'INSERT' OR TG_OP = 'UPDATE' THEN + v_total_percentage := v_total_percentage + NEW.percentage; + END IF; + + IF v_total_percentage > 100 THEN + RAISE EXCEPTION 'Total distribution percentage cannot exceed 100%% (currently: %%)', v_total_percentage; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION analytics.validate_distribution_100_percent IS 'Valida que la distribución analítica no exceda el 100%'; + +-- Función: create_analytic_line_from_invoice +CREATE OR REPLACE FUNCTION analytics.create_analytic_line_from_invoice(p_invoice_line_id UUID) +RETURNS UUID AS $$ +DECLARE + v_line RECORD; + v_invoice RECORD; + v_analytic_line_id UUID; + v_amount DECIMAL; +BEGIN + -- Obtener datos de la línea de factura + SELECT il.*, i.invoice_type, i.company_id, i.tenant_id, i.partner_id, i.invoice_date + INTO v_line + FROM financial.invoice_lines il + JOIN financial.invoices i ON il.invoice_id = i.id + WHERE il.id = p_invoice_line_id; + + IF NOT FOUND OR v_line.analytic_account_id IS NULL THEN + RETURN NULL; -- Sin cuenta analítica, no crear línea + END IF; + + -- Determinar monto (negativo para compras, positivo para ventas) + IF v_line.invoice_type = 'supplier' THEN + v_amount := -ABS(v_line.amount_total); + ELSE + v_amount := v_line.amount_total; + END IF; + + -- Crear línea analítica + INSERT INTO analytics.analytic_lines ( + tenant_id, + company_id, + analytic_account_id, + date, + amount, + unit_amount, + line_type, + product_id, + partner_id, + name, + description, + source_model, + source_id, + source_document + ) VALUES ( + v_line.tenant_id, + v_line.company_id, + v_line.analytic_account_id, + v_line.invoice_date, + v_amount, + v_line.quantity, + CASE WHEN v_line.invoice_type = 'supplier' THEN 'expense'::analytics.line_type ELSE 'income'::analytics.line_type END, + v_line.product_id, + v_line.partner_id, + v_line.description, + v_line.description, + 'InvoiceLine', + v_line.id, + 'invoice_line/' || v_line.id::TEXT + ) RETURNING id INTO v_analytic_line_id; + + RETURN v_analytic_line_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION analytics.create_analytic_line_from_invoice IS 'Crea una línea analítica a partir de una línea de factura'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER trg_analytic_plans_updated_at + BEFORE UPDATE ON analytics.analytic_plans + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_analytic_accounts_updated_at + BEFORE UPDATE ON analytics.analytic_accounts + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_cost_centers_updated_at + BEFORE UPDATE ON analytics.cost_centers + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar full_path de cuenta analítica +CREATE TRIGGER trg_analytic_accounts_update_path + BEFORE INSERT OR UPDATE OF name, parent_id ON analytics.analytic_accounts + FOR EACH ROW + EXECUTE FUNCTION analytics.update_analytic_account_path(); + +-- Trigger: Validar distribución 100% +CREATE TRIGGER trg_analytic_distributions_validate_100 + BEFORE INSERT OR UPDATE ON analytics.analytic_distributions + FOR EACH ROW + EXECUTE FUNCTION analytics.validate_distribution_100_percent(); + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE analytics.analytic_plans ENABLE ROW LEVEL SECURITY; +ALTER TABLE analytics.analytic_accounts ENABLE ROW LEVEL SECURITY; +ALTER TABLE analytics.analytic_tags ENABLE ROW LEVEL SECURITY; +ALTER TABLE analytics.cost_centers ENABLE ROW LEVEL SECURITY; +ALTER TABLE analytics.analytic_lines ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_analytic_plans ON analytics.analytic_plans + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_analytic_accounts ON analytics.analytic_accounts + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_analytic_tags ON analytics.analytic_tags + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_cost_centers ON analytics.cost_centers + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_analytic_lines ON analytics.analytic_lines + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA analytics IS 'Schema de contabilidad analítica y tracking de costos/ingresos'; +COMMENT ON TABLE analytics.analytic_plans IS 'Planes analíticos para análisis multi-dimensional'; +COMMENT ON TABLE analytics.analytic_accounts IS 'Cuentas analíticas (proyectos, departamentos, centros de costo)'; +COMMENT ON TABLE analytics.analytic_tags IS 'Etiquetas analíticas para clasificación cross-cutting'; +COMMENT ON TABLE analytics.cost_centers IS 'Centros de costo con presupuestos'; +COMMENT ON TABLE analytics.analytic_lines IS 'Líneas analíticas de costos e ingresos'; +COMMENT ON TABLE analytics.analytic_line_tags IS 'Relación many-to-many entre líneas y tags'; +COMMENT ON TABLE analytics.analytic_distributions IS 'Distribución de montos a múltiples cuentas analíticas'; + +-- ===================================================== +-- VISTAS ÚTILES +-- ===================================================== + +-- Vista: balance analítico por cuenta +CREATE OR REPLACE VIEW analytics.analytic_balance_view AS +SELECT + aa.id AS analytic_account_id, + aa.code, + aa.name, + aa.budget, + COALESCE(SUM(CASE WHEN al.line_type = 'income' THEN al.amount ELSE 0 END), 0) AS total_income, + COALESCE(SUM(CASE WHEN al.line_type = 'expense' THEN ABS(al.amount) ELSE 0 END), 0) AS total_expense, + COALESCE(SUM(al.amount), 0) AS balance, + aa.budget - COALESCE(SUM(CASE WHEN al.line_type = 'expense' THEN ABS(al.amount) ELSE 0 END), 0) AS budget_variance +FROM analytics.analytic_accounts aa +LEFT JOIN analytics.analytic_lines al ON aa.id = al.analytic_account_id +WHERE aa.deleted_at IS NULL +GROUP BY aa.id, aa.code, aa.name, aa.budget; + +COMMENT ON VIEW analytics.analytic_balance_view IS 'Vista de balance analítico por cuenta con presupuesto vs real'; + +-- ===================================================== +-- FIN DEL SCHEMA ANALYTICS +-- ===================================================== diff --git a/database/ddl/04-financial.sql b/database/ddl/04-financial.sql new file mode 100644 index 0000000..022a903 --- /dev/null +++ b/database/ddl/04-financial.sql @@ -0,0 +1,970 @@ +-- ===================================================== +-- SCHEMA: financial +-- PROPÓSITO: Contabilidad, facturas, pagos, finanzas +-- MÓDULOS: MGN-004 (Financiero Básico) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS financial; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE financial.account_type AS ENUM ( + 'asset', + 'liability', + 'equity', + 'revenue', + 'expense' +); + +CREATE TYPE financial.journal_type AS ENUM ( + 'sale', + 'purchase', + 'bank', + 'cash', + 'general' +); + +CREATE TYPE financial.entry_status AS ENUM ( + 'draft', + 'posted', + 'cancelled' +); + +CREATE TYPE financial.invoice_type AS ENUM ( + 'customer', + 'supplier' +); + +CREATE TYPE financial.invoice_status AS ENUM ( + 'draft', + 'open', + 'paid', + 'cancelled' +); + +CREATE TYPE financial.payment_type AS ENUM ( + 'inbound', + 'outbound' +); + +CREATE TYPE financial.payment_method AS ENUM ( + 'cash', + 'bank_transfer', + 'check', + 'card', + 'other' +); + +CREATE TYPE financial.payment_status AS ENUM ( + 'draft', + 'posted', + 'reconciled', + 'cancelled' +); + +CREATE TYPE financial.tax_type AS ENUM ( + 'sales', + 'purchase', + 'all' +); + +CREATE TYPE financial.fiscal_period_status AS ENUM ( + 'open', + 'closed' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: account_types (Tipos de cuenta contable) +CREATE TABLE financial.account_types ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(20) NOT NULL UNIQUE, + name VARCHAR(100) NOT NULL, + account_type financial.account_type NOT NULL, + description TEXT, + + -- Sin tenant_id: catálogo global + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: accounts (Plan de cuentas) +CREATE TABLE financial.accounts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + code VARCHAR(50) NOT NULL, + name VARCHAR(255) NOT NULL, + account_type_id UUID NOT NULL REFERENCES financial.account_types(id), + parent_id UUID REFERENCES financial.accounts(id), + + -- Configuración + currency_id UUID REFERENCES core.currencies(id), + is_reconcilable BOOLEAN DEFAULT FALSE, -- ¿Permite conciliación? + is_deprecated BOOLEAN DEFAULT FALSE, + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_accounts_code_company UNIQUE (company_id, code), + CONSTRAINT chk_accounts_no_self_parent CHECK (id != parent_id) +); + +-- Tabla: journals (Diarios contables) +CREATE TABLE financial.journals ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(20) NOT NULL, + journal_type financial.journal_type NOT NULL, + + -- Configuración + default_account_id UUID REFERENCES financial.accounts(id), + sequence_id UUID REFERENCES core.sequences(id), + currency_id UUID REFERENCES core.currencies(id), + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_journals_code_company UNIQUE (company_id, code) +); + +-- Tabla: fiscal_years (Años fiscales) +CREATE TABLE financial.fiscal_years ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20) NOT NULL, + start_date DATE NOT NULL, + end_date DATE NOT NULL, + status financial.fiscal_period_status NOT NULL DEFAULT 'open', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_fiscal_years_code_company UNIQUE (company_id, code), + CONSTRAINT chk_fiscal_years_dates CHECK (end_date > start_date) +); + +-- Tabla: fiscal_periods (Períodos fiscales - meses) +CREATE TABLE financial.fiscal_periods ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + fiscal_year_id UUID NOT NULL REFERENCES financial.fiscal_years(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20) NOT NULL, + start_date DATE NOT NULL, + end_date DATE NOT NULL, + status financial.fiscal_period_status NOT NULL DEFAULT 'open', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_fiscal_periods_code_year UNIQUE (fiscal_year_id, code), + CONSTRAINT chk_fiscal_periods_dates CHECK (end_date > start_date) +); + +-- Tabla: journal_entries (Asientos contables) +CREATE TABLE financial.journal_entries ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + journal_id UUID NOT NULL REFERENCES financial.journals(id), + name VARCHAR(100) NOT NULL, -- Número de asiento + ref VARCHAR(255), -- Referencia externa + date DATE NOT NULL, + status financial.entry_status NOT NULL DEFAULT 'draft', + + -- Metadatos + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + posted_at TIMESTAMP, + posted_by UUID REFERENCES auth.users(id), + cancelled_at TIMESTAMP, + cancelled_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_journal_entries_name_journal UNIQUE (journal_id, name) +); + +-- Tabla: journal_entry_lines (Líneas de asiento contable) +CREATE TABLE financial.journal_entry_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + entry_id UUID NOT NULL REFERENCES financial.journal_entries(id) ON DELETE CASCADE, + + account_id UUID NOT NULL REFERENCES financial.accounts(id), + partner_id UUID REFERENCES core.partners(id), + + -- Montos + debit DECIMAL(15, 2) NOT NULL DEFAULT 0, + credit DECIMAL(15, 2) NOT NULL DEFAULT 0, + + -- Analítica + analytic_account_id UUID, -- FK a analytics.analytic_accounts (se crea después) + + -- Descripción + description TEXT, + ref VARCHAR(255), + + -- Multi-moneda + currency_id UUID REFERENCES core.currencies(id), + amount_currency DECIMAL(15, 2), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_journal_lines_debit_positive CHECK (debit >= 0), + CONSTRAINT chk_journal_lines_credit_positive CHECK (credit >= 0), + CONSTRAINT chk_journal_lines_not_both CHECK ( + (debit > 0 AND credit = 0) OR (credit > 0 AND debit = 0) + ) +); + +-- Índices para journal_entry_lines +CREATE INDEX idx_journal_entry_lines_tenant_id ON financial.journal_entry_lines(tenant_id); +CREATE INDEX idx_journal_entry_lines_entry_id ON financial.journal_entry_lines(entry_id); +CREATE INDEX idx_journal_entry_lines_account_id ON financial.journal_entry_lines(account_id); + +-- RLS para journal_entry_lines +ALTER TABLE financial.journal_entry_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_journal_entry_lines ON financial.journal_entry_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: taxes (Impuestos) +CREATE TABLE financial.taxes ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20) NOT NULL, + rate DECIMAL(5, 4) NOT NULL, -- 0.1600 para 16% + tax_type financial.tax_type NOT NULL, + + -- Configuración contable + account_id UUID REFERENCES financial.accounts(id), + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_taxes_code_company UNIQUE (company_id, code), + CONSTRAINT chk_taxes_rate CHECK (rate >= 0 AND rate <= 1) +); + +-- Tabla: payment_terms (Términos de pago) +CREATE TABLE financial.payment_terms ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20) NOT NULL, + + -- Configuración de términos (JSON) + -- Ejemplo: [{"days": 0, "percent": 100}] = Pago inmediato + -- Ejemplo: [{"days": 30, "percent": 100}] = 30 días + -- Ejemplo: [{"days": 15, "percent": 50}, {"days": 30, "percent": 50}] = 50% a 15 días, 50% a 30 días + terms JSONB NOT NULL DEFAULT '[]', + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_payment_terms_code_company UNIQUE (company_id, code) +); + +-- Tabla: invoices (Facturas) +CREATE TABLE financial.invoices ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + partner_id UUID NOT NULL REFERENCES core.partners(id), + invoice_type financial.invoice_type NOT NULL, + + -- Numeración + number VARCHAR(100), -- Número de factura (generado al validar) + ref VARCHAR(100), -- Referencia del partner + + -- Fechas + invoice_date DATE NOT NULL, + due_date DATE, + + -- Montos + currency_id UUID NOT NULL REFERENCES core.currencies(id), + amount_untaxed DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_tax DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_total DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_paid DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_residual DECIMAL(15, 2) NOT NULL DEFAULT 0, + + -- Estado + status financial.invoice_status NOT NULL DEFAULT 'draft', + + -- Configuración + payment_term_id UUID REFERENCES financial.payment_terms(id), + journal_id UUID REFERENCES financial.journals(id), + + -- Asiento contable (generado al validar) + journal_entry_id UUID REFERENCES financial.journal_entries(id), + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + validated_at TIMESTAMP, + validated_by UUID REFERENCES auth.users(id), + cancelled_at TIMESTAMP, + cancelled_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_invoices_number_company UNIQUE (company_id, number), + CONSTRAINT chk_invoices_amounts CHECK ( + amount_total = amount_untaxed + amount_tax + ), + CONSTRAINT chk_invoices_residual CHECK ( + amount_residual = amount_total - amount_paid + ) +); + +-- Tabla: invoice_lines (Líneas de factura) +CREATE TABLE financial.invoice_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + invoice_id UUID NOT NULL REFERENCES financial.invoices(id) ON DELETE CASCADE, + + product_id UUID, -- FK a inventory.products (se crea después) + description TEXT NOT NULL, + + -- Cantidades y precios + quantity DECIMAL(12, 4) NOT NULL DEFAULT 1, + uom_id UUID REFERENCES core.uom(id), + price_unit DECIMAL(15, 4) NOT NULL, + + -- Impuestos (array de tax_ids) + tax_ids UUID[] DEFAULT '{}', + + -- Montos calculados + amount_untaxed DECIMAL(15, 2) NOT NULL, + amount_tax DECIMAL(15, 2) NOT NULL, + amount_total DECIMAL(15, 2) NOT NULL, + + -- Contabilidad + account_id UUID REFERENCES financial.accounts(id), + analytic_account_id UUID, -- FK a analytics.analytic_accounts + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + CONSTRAINT chk_invoice_lines_quantity CHECK (quantity > 0), + CONSTRAINT chk_invoice_lines_amounts CHECK ( + amount_total = amount_untaxed + amount_tax + ) +); + +-- Índices para invoice_lines +CREATE INDEX idx_invoice_lines_tenant_id ON financial.invoice_lines(tenant_id); +CREATE INDEX idx_invoice_lines_invoice_id ON financial.invoice_lines(invoice_id); +CREATE INDEX idx_invoice_lines_product_id ON financial.invoice_lines(product_id); + +-- RLS para invoice_lines +ALTER TABLE financial.invoice_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_invoice_lines ON financial.invoice_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: payments (Pagos) +CREATE TABLE financial.payments ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + partner_id UUID NOT NULL REFERENCES core.partners(id), + payment_type financial.payment_type NOT NULL, + payment_method financial.payment_method NOT NULL, + + -- Monto + amount DECIMAL(15, 2) NOT NULL, + currency_id UUID NOT NULL REFERENCES core.currencies(id), + + -- Fecha y referencia + payment_date DATE NOT NULL, + ref VARCHAR(255), + + -- Estado + status financial.payment_status NOT NULL DEFAULT 'draft', + + -- Configuración + journal_id UUID NOT NULL REFERENCES financial.journals(id), + + -- Asiento contable (generado al validar) + journal_entry_id UUID REFERENCES financial.journal_entries(id), + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + posted_at TIMESTAMP, + posted_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_payments_amount CHECK (amount > 0) +); + +-- Tabla: payment_invoice (Conciliación pagos-facturas) +CREATE TABLE financial.payment_invoice ( + payment_id UUID NOT NULL REFERENCES financial.payments(id) ON DELETE CASCADE, + invoice_id UUID NOT NULL REFERENCES financial.invoices(id) ON DELETE CASCADE, + amount DECIMAL(15, 2) NOT NULL, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (payment_id, invoice_id), + CONSTRAINT chk_payment_invoice_amount CHECK (amount > 0) +); + +-- Tabla: bank_accounts (Cuentas bancarias) +CREATE TABLE financial.bank_accounts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id), + + partner_id UUID REFERENCES core.partners(id), -- Puede ser de la empresa o de un partner + + bank_name VARCHAR(255) NOT NULL, + account_number VARCHAR(50) NOT NULL, + account_holder VARCHAR(255), + + -- Configuración + currency_id UUID REFERENCES core.currencies(id), + journal_id UUID REFERENCES financial.journals(id), -- Diario asociado (si es cuenta de la empresa) + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id) +); + +-- Tabla: reconciliations (Conciliaciones bancarias) +CREATE TABLE financial.reconciliations ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + bank_account_id UUID NOT NULL REFERENCES financial.bank_accounts(id), + + -- Período de conciliación + start_date DATE NOT NULL, + end_date DATE NOT NULL, + + -- Saldos + balance_start DECIMAL(15, 2) NOT NULL, + balance_end_real DECIMAL(15, 2) NOT NULL, -- Saldo real del banco + balance_end_computed DECIMAL(15, 2) NOT NULL, -- Saldo calculado + + -- Líneas conciliadas (array de journal_entry_line_ids) + reconciled_line_ids UUID[] DEFAULT '{}', + + -- Estado + status financial.entry_status NOT NULL DEFAULT 'draft', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + validated_at TIMESTAMP, + validated_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_reconciliations_dates CHECK (end_date >= start_date) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Account Types +CREATE INDEX idx_account_types_code ON financial.account_types(code); + +-- Accounts +CREATE INDEX idx_accounts_tenant_id ON financial.accounts(tenant_id); +CREATE INDEX idx_accounts_company_id ON financial.accounts(company_id); +CREATE INDEX idx_accounts_code ON financial.accounts(code); +CREATE INDEX idx_accounts_parent_id ON financial.accounts(parent_id); +CREATE INDEX idx_accounts_type_id ON financial.accounts(account_type_id); + +-- Journals +CREATE INDEX idx_journals_tenant_id ON financial.journals(tenant_id); +CREATE INDEX idx_journals_company_id ON financial.journals(company_id); +CREATE INDEX idx_journals_code ON financial.journals(code); +CREATE INDEX idx_journals_type ON financial.journals(journal_type); + +-- Fiscal Years +CREATE INDEX idx_fiscal_years_tenant_id ON financial.fiscal_years(tenant_id); +CREATE INDEX idx_fiscal_years_company_id ON financial.fiscal_years(company_id); +CREATE INDEX idx_fiscal_years_dates ON financial.fiscal_years(start_date, end_date); + +-- Fiscal Periods +CREATE INDEX idx_fiscal_periods_tenant_id ON financial.fiscal_periods(tenant_id); +CREATE INDEX idx_fiscal_periods_year_id ON financial.fiscal_periods(fiscal_year_id); +CREATE INDEX idx_fiscal_periods_dates ON financial.fiscal_periods(start_date, end_date); + +-- Journal Entries +CREATE INDEX idx_journal_entries_tenant_id ON financial.journal_entries(tenant_id); +CREATE INDEX idx_journal_entries_company_id ON financial.journal_entries(company_id); +CREATE INDEX idx_journal_entries_journal_id ON financial.journal_entries(journal_id); +CREATE INDEX idx_journal_entries_date ON financial.journal_entries(date); +CREATE INDEX idx_journal_entries_status ON financial.journal_entries(status); + +-- Journal Entry Lines +CREATE INDEX idx_journal_entry_lines_entry_id ON financial.journal_entry_lines(entry_id); +CREATE INDEX idx_journal_entry_lines_account_id ON financial.journal_entry_lines(account_id); +CREATE INDEX idx_journal_entry_lines_partner_id ON financial.journal_entry_lines(partner_id); +CREATE INDEX idx_journal_entry_lines_analytic ON financial.journal_entry_lines(analytic_account_id); + +-- Taxes +CREATE INDEX idx_taxes_tenant_id ON financial.taxes(tenant_id); +CREATE INDEX idx_taxes_company_id ON financial.taxes(company_id); +CREATE INDEX idx_taxes_code ON financial.taxes(code); +CREATE INDEX idx_taxes_type ON financial.taxes(tax_type); +CREATE INDEX idx_taxes_active ON financial.taxes(active) WHERE active = TRUE; + +-- Payment Terms +CREATE INDEX idx_payment_terms_tenant_id ON financial.payment_terms(tenant_id); +CREATE INDEX idx_payment_terms_company_id ON financial.payment_terms(company_id); + +-- Invoices +CREATE INDEX idx_invoices_tenant_id ON financial.invoices(tenant_id); +CREATE INDEX idx_invoices_company_id ON financial.invoices(company_id); +CREATE INDEX idx_invoices_partner_id ON financial.invoices(partner_id); +CREATE INDEX idx_invoices_type ON financial.invoices(invoice_type); +CREATE INDEX idx_invoices_status ON financial.invoices(status); +CREATE INDEX idx_invoices_number ON financial.invoices(number); +CREATE INDEX idx_invoices_date ON financial.invoices(invoice_date); +CREATE INDEX idx_invoices_due_date ON financial.invoices(due_date); + +-- Invoice Lines +CREATE INDEX idx_invoice_lines_invoice_id ON financial.invoice_lines(invoice_id); +CREATE INDEX idx_invoice_lines_product_id ON financial.invoice_lines(product_id); +CREATE INDEX idx_invoice_lines_account_id ON financial.invoice_lines(account_id); + +-- Payments +CREATE INDEX idx_payments_tenant_id ON financial.payments(tenant_id); +CREATE INDEX idx_payments_company_id ON financial.payments(company_id); +CREATE INDEX idx_payments_partner_id ON financial.payments(partner_id); +CREATE INDEX idx_payments_type ON financial.payments(payment_type); +CREATE INDEX idx_payments_status ON financial.payments(status); +CREATE INDEX idx_payments_date ON financial.payments(payment_date); + +-- Payment Invoice +CREATE INDEX idx_payment_invoice_payment_id ON financial.payment_invoice(payment_id); +CREATE INDEX idx_payment_invoice_invoice_id ON financial.payment_invoice(invoice_id); + +-- Bank Accounts +CREATE INDEX idx_bank_accounts_tenant_id ON financial.bank_accounts(tenant_id); +CREATE INDEX idx_bank_accounts_company_id ON financial.bank_accounts(company_id); +CREATE INDEX idx_bank_accounts_partner_id ON financial.bank_accounts(partner_id); + +-- Reconciliations +CREATE INDEX idx_reconciliations_tenant_id ON financial.reconciliations(tenant_id); +CREATE INDEX idx_reconciliations_company_id ON financial.reconciliations(company_id); +CREATE INDEX idx_reconciliations_bank_account_id ON financial.reconciliations(bank_account_id); +CREATE INDEX idx_reconciliations_dates ON financial.reconciliations(start_date, end_date); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: validate_entry_balance +-- Valida que un asiento esté balanceado (debit = credit) +CREATE OR REPLACE FUNCTION financial.validate_entry_balance(p_entry_id UUID) +RETURNS BOOLEAN AS $$ +DECLARE + v_total_debit DECIMAL; + v_total_credit DECIMAL; +BEGIN + SELECT + COALESCE(SUM(debit), 0), + COALESCE(SUM(credit), 0) + INTO v_total_debit, v_total_credit + FROM financial.journal_entry_lines + WHERE entry_id = p_entry_id; + + IF v_total_debit != v_total_credit THEN + RAISE EXCEPTION 'Journal entry % is not balanced: debit=% credit=%', + p_entry_id, v_total_debit, v_total_credit; + END IF; + + RETURN TRUE; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.validate_entry_balance IS 'Valida que un asiento contable esté balanceado (debit = credit)'; + +-- Función: post_journal_entry +-- Contabiliza un asiento (cambiar estado a posted) +CREATE OR REPLACE FUNCTION financial.post_journal_entry(p_entry_id UUID) +RETURNS VOID AS $$ +BEGIN + -- Validar balance + PERFORM financial.validate_entry_balance(p_entry_id); + + -- Actualizar estado + UPDATE financial.journal_entries + SET status = 'posted', + posted_at = CURRENT_TIMESTAMP, + posted_by = get_current_user_id() + WHERE id = p_entry_id + AND status = 'draft'; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Journal entry % not found or already posted', p_entry_id; + END IF; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.post_journal_entry IS 'Contabiliza un asiento contable después de validar su balance'; + +-- Función: calculate_invoice_totals +-- Calcula los totales de una factura a partir de sus líneas +CREATE OR REPLACE FUNCTION financial.calculate_invoice_totals(p_invoice_id UUID) +RETURNS VOID AS $$ +DECLARE + v_amount_untaxed DECIMAL; + v_amount_tax DECIMAL; + v_amount_total DECIMAL; +BEGIN + SELECT + COALESCE(SUM(amount_untaxed), 0), + COALESCE(SUM(amount_tax), 0), + COALESCE(SUM(amount_total), 0) + INTO v_amount_untaxed, v_amount_tax, v_amount_total + FROM financial.invoice_lines + WHERE invoice_id = p_invoice_id; + + UPDATE financial.invoices + SET amount_untaxed = v_amount_untaxed, + amount_tax = v_amount_tax, + amount_total = v_amount_total, + amount_residual = v_amount_total - amount_paid, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_invoice_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.calculate_invoice_totals IS 'Calcula los totales de una factura a partir de sus líneas'; + +-- Función: update_invoice_paid_amount +-- Actualiza el monto pagado de una factura +CREATE OR REPLACE FUNCTION financial.update_invoice_paid_amount(p_invoice_id UUID) +RETURNS VOID AS $$ +DECLARE + v_amount_paid DECIMAL; +BEGIN + SELECT COALESCE(SUM(amount), 0) + INTO v_amount_paid + FROM financial.payment_invoice + WHERE invoice_id = p_invoice_id; + + UPDATE financial.invoices + SET amount_paid = v_amount_paid, + amount_residual = amount_total - v_amount_paid, + status = CASE + WHEN v_amount_paid >= amount_total THEN 'paid'::financial.invoice_status + WHEN v_amount_paid > 0 THEN 'open'::financial.invoice_status + ELSE status + END + WHERE id = p_invoice_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.update_invoice_paid_amount IS 'Actualiza el monto pagado y estado de una factura'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +-- Trigger: Actualizar updated_at +CREATE TRIGGER trg_accounts_updated_at + BEFORE UPDATE ON financial.accounts + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_journals_updated_at + BEFORE UPDATE ON financial.journals + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_fiscal_years_updated_at + BEFORE UPDATE ON financial.fiscal_years + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_fiscal_periods_updated_at + BEFORE UPDATE ON financial.fiscal_periods + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_journal_entries_updated_at + BEFORE UPDATE ON financial.journal_entries + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_taxes_updated_at + BEFORE UPDATE ON financial.taxes + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_payment_terms_updated_at + BEFORE UPDATE ON financial.payment_terms + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_invoices_updated_at + BEFORE UPDATE ON financial.invoices + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_payments_updated_at + BEFORE UPDATE ON financial.payments + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_bank_accounts_updated_at + BEFORE UPDATE ON financial.bank_accounts + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_reconciliations_updated_at + BEFORE UPDATE ON financial.reconciliations + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Validar balance antes de contabilizar +CREATE OR REPLACE FUNCTION financial.trg_validate_entry_before_post() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.status = 'posted' AND OLD.status = 'draft' THEN + PERFORM financial.validate_entry_balance(NEW.id); + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_journal_entries_validate_balance + BEFORE UPDATE OF status ON financial.journal_entries + FOR EACH ROW + EXECUTE FUNCTION financial.trg_validate_entry_before_post(); + +-- Trigger: Actualizar totales de factura al cambiar líneas +CREATE OR REPLACE FUNCTION financial.trg_update_invoice_totals() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + PERFORM financial.calculate_invoice_totals(OLD.invoice_id); + ELSE + PERFORM financial.calculate_invoice_totals(NEW.invoice_id); + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_invoice_lines_update_totals + AFTER INSERT OR UPDATE OR DELETE ON financial.invoice_lines + FOR EACH ROW + EXECUTE FUNCTION financial.trg_update_invoice_totals(); + +-- Trigger: Actualizar monto pagado al conciliar +CREATE OR REPLACE FUNCTION financial.trg_update_invoice_paid() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + PERFORM financial.update_invoice_paid_amount(OLD.invoice_id); + ELSE + PERFORM financial.update_invoice_paid_amount(NEW.invoice_id); + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_payment_invoice_update_paid + AFTER INSERT OR UPDATE OR DELETE ON financial.payment_invoice + FOR EACH ROW + EXECUTE FUNCTION financial.trg_update_invoice_paid(); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern) +-- ===================================================== + +-- Trigger: Tracking automático para facturas +CREATE TRIGGER track_invoice_changes + AFTER INSERT OR UPDATE OR DELETE ON financial.invoices + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_invoice_changes ON financial.invoices IS +'Registra automáticamente cambios en facturas (estado, monto, cliente, fechas)'; + +-- Trigger: Tracking automático para asientos contables +CREATE TRIGGER track_journal_entry_changes + AFTER INSERT OR UPDATE OR DELETE ON financial.journal_entries + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_journal_entry_changes ON financial.journal_entries IS +'Registra automáticamente cambios en asientos contables (estado, fecha, diario)'; + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE financial.accounts ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.journals ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.fiscal_years ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.fiscal_periods ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.journal_entries ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.taxes ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.payment_terms ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.invoices ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.payments ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.bank_accounts ENABLE ROW LEVEL SECURITY; +ALTER TABLE financial.reconciliations ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_accounts ON financial.accounts + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_journals ON financial.journals + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_fiscal_years ON financial.fiscal_years + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_fiscal_periods ON financial.fiscal_periods + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_journal_entries ON financial.journal_entries + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_taxes ON financial.taxes + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_payment_terms ON financial.payment_terms + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_invoices ON financial.invoices + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_payments ON financial.payments + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_bank_accounts ON financial.bank_accounts + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_reconciliations ON financial.reconciliations + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- SEED DATA +-- ===================================================== + +-- Tipos de cuenta estándar +INSERT INTO financial.account_types (code, name, account_type, description) VALUES +('ASSET_CASH', 'Cash and Cash Equivalents', 'asset', 'Efectivo y equivalentes'), +('ASSET_RECEIVABLE', 'Accounts Receivable', 'asset', 'Cuentas por cobrar'), +('ASSET_CURRENT', 'Current Assets', 'asset', 'Activos circulantes'), +('ASSET_FIXED', 'Fixed Assets', 'asset', 'Activos fijos'), +('LIABILITY_PAYABLE', 'Accounts Payable', 'liability', 'Cuentas por pagar'), +('LIABILITY_CURRENT', 'Current Liabilities', 'liability', 'Pasivos circulantes'), +('LIABILITY_LONG', 'Long-term Liabilities', 'liability', 'Pasivos a largo plazo'), +('EQUITY_CAPITAL', 'Capital', 'equity', 'Capital social'), +('EQUITY_RETAINED', 'Retained Earnings', 'equity', 'Utilidades retenidas'), +('REVENUE_SALES', 'Sales Revenue', 'revenue', 'Ingresos por ventas'), +('REVENUE_OTHER', 'Other Revenue', 'revenue', 'Otros ingresos'), +('EXPENSE_COGS', 'Cost of Goods Sold', 'expense', 'Costo de ventas'), +('EXPENSE_OPERATING', 'Operating Expenses', 'expense', 'Gastos operativos'), +('EXPENSE_ADMIN', 'Administrative Expenses', 'expense', 'Gastos administrativos') +ON CONFLICT (code) DO NOTHING; + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA financial IS 'Schema de contabilidad, facturas, pagos y finanzas'; +COMMENT ON TABLE financial.account_types IS 'Tipos de cuentas contables (asset, liability, equity, revenue, expense)'; +COMMENT ON TABLE financial.accounts IS 'Plan de cuentas contables'; +COMMENT ON TABLE financial.journals IS 'Diarios contables (ventas, compras, bancos, etc.)'; +COMMENT ON TABLE financial.fiscal_years IS 'Años fiscales'; +COMMENT ON TABLE financial.fiscal_periods IS 'Períodos fiscales (meses)'; +COMMENT ON TABLE financial.journal_entries IS 'Asientos contables'; +COMMENT ON TABLE financial.journal_entry_lines IS 'Líneas de asientos contables (partida doble)'; +COMMENT ON TABLE financial.taxes IS 'Impuestos (IVA, retenciones, etc.)'; +COMMENT ON TABLE financial.payment_terms IS 'Términos de pago (inmediato, 30 días, etc.)'; +COMMENT ON TABLE financial.invoices IS 'Facturas de cliente y proveedor'; +COMMENT ON TABLE financial.invoice_lines IS 'Líneas de factura'; +COMMENT ON TABLE financial.payments IS 'Pagos y cobros'; +COMMENT ON TABLE financial.payment_invoice IS 'Conciliación de pagos con facturas'; +COMMENT ON TABLE financial.bank_accounts IS 'Cuentas bancarias de la empresa y partners'; +COMMENT ON TABLE financial.reconciliations IS 'Conciliaciones bancarias'; + +-- ===================================================== +-- FIN DEL SCHEMA FINANCIAL +-- ===================================================== diff --git a/database/ddl/05-inventory-extensions.sql b/database/ddl/05-inventory-extensions.sql new file mode 100644 index 0000000..f2b3a2f --- /dev/null +++ b/database/ddl/05-inventory-extensions.sql @@ -0,0 +1,966 @@ +-- ===================================================== +-- SCHEMA: inventory (Extensiones) +-- PROPÓSITO: Valoración de Inventario, Lotes/Series, Conteos Cíclicos +-- MÓDULO: MGN-005 (Inventario) +-- FECHA: 2025-12-08 +-- VERSION: 1.0.0 +-- DEPENDENCIAS: 05-inventory.sql +-- SPECS RELACIONADAS: +-- - SPEC-VALORACION-INVENTARIO.md +-- - SPEC-TRAZABILIDAD-LOTES-SERIES.md +-- - SPEC-INVENTARIOS-CICLICOS.md +-- ===================================================== + +-- ===================================================== +-- PARTE 1: VALORACIÓN DE INVENTARIO (SVL) +-- ===================================================== + +-- Tabla: stock_valuation_layers (Capas de valoración FIFO/AVCO) +CREATE TABLE inventory.stock_valuation_layers ( + -- Identificación + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Referencias + product_id UUID NOT NULL REFERENCES inventory.products(id), + stock_move_id UUID REFERENCES inventory.stock_moves(id), + lot_id UUID REFERENCES inventory.lots(id), + company_id UUID NOT NULL REFERENCES auth.companies(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + + -- Valores de la capa + quantity DECIMAL(16,4) NOT NULL, -- Cantidad (positiva=entrada, negativa=salida) + unit_cost DECIMAL(16,6) NOT NULL, -- Costo unitario + value DECIMAL(16,4) NOT NULL, -- Valor total + currency_id UUID REFERENCES core.currencies(id), + + -- Tracking FIFO (solo para entradas) + remaining_qty DECIMAL(16,4) NOT NULL DEFAULT 0, -- Cantidad restante por consumir + remaining_value DECIMAL(16,4) NOT NULL DEFAULT 0, -- Valor restante + + -- Diferencia de precio (facturas vs recepción) + price_diff_value DECIMAL(16,4) DEFAULT 0, + + -- Referencias contables (usando journal_entries del schema financial) + journal_entry_id UUID REFERENCES financial.journal_entries(id), + journal_entry_line_id UUID REFERENCES financial.journal_entry_lines(id), + + -- Corrección de vacío (link a capa corregida) + parent_svl_id UUID REFERENCES inventory.stock_valuation_layers(id), + + -- Metadata + description VARCHAR(500), + reference VARCHAR(255), + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID REFERENCES auth.users(id), + + -- Constraints + CONSTRAINT chk_svl_value CHECK ( + ABS(value - (quantity * unit_cost)) < 0.01 OR quantity = 0 + ) +); + +-- Índice principal para FIFO (crítico para performance) +CREATE INDEX idx_svl_fifo_candidates ON inventory.stock_valuation_layers ( + product_id, + remaining_qty, + stock_move_id, + company_id, + created_at +) WHERE remaining_qty > 0; + +-- Índice para agregación de valoración +CREATE INDEX idx_svl_valuation ON inventory.stock_valuation_layers ( + product_id, + company_id, + id, + value, + quantity +); + +-- Índice por lote +CREATE INDEX idx_svl_lot ON inventory.stock_valuation_layers (lot_id) + WHERE lot_id IS NOT NULL; + +-- Índice por movimiento +CREATE INDEX idx_svl_move ON inventory.stock_valuation_layers (stock_move_id); + +-- Índice por tenant +CREATE INDEX idx_svl_tenant ON inventory.stock_valuation_layers (tenant_id); + +-- Comentarios +COMMENT ON TABLE inventory.stock_valuation_layers IS 'Capas de valoración de inventario para costeo FIFO/AVCO'; +COMMENT ON COLUMN inventory.stock_valuation_layers.remaining_qty IS 'Cantidad aún no consumida por FIFO'; +COMMENT ON COLUMN inventory.stock_valuation_layers.parent_svl_id IS 'Referencia a capa padre cuando es corrección de vacío'; + +-- Vista materializada para valores agregados de SVL por producto +CREATE MATERIALIZED VIEW inventory.product_valuation_summary AS +SELECT + svl.product_id, + svl.company_id, + svl.tenant_id, + SUM(svl.quantity) AS quantity_svl, + SUM(svl.value) AS value_svl, + CASE + WHEN SUM(svl.quantity) > 0 THEN SUM(svl.value) / SUM(svl.quantity) + ELSE 0 + END AS avg_cost +FROM inventory.stock_valuation_layers svl +GROUP BY svl.product_id, svl.company_id, svl.tenant_id; + +CREATE UNIQUE INDEX idx_product_valuation_pk + ON inventory.product_valuation_summary (product_id, company_id, tenant_id); + +COMMENT ON MATERIALIZED VIEW inventory.product_valuation_summary IS + 'Resumen de valoración por producto - refrescar con REFRESH MATERIALIZED VIEW CONCURRENTLY'; + +-- Configuración de cuentas por categoría de producto +CREATE TABLE inventory.category_stock_accounts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + category_id UUID NOT NULL REFERENCES core.product_categories(id), + company_id UUID NOT NULL REFERENCES auth.companies(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + + -- Cuentas de valoración + stock_input_account_id UUID REFERENCES financial.accounts(id), -- Entrada de stock + stock_output_account_id UUID REFERENCES financial.accounts(id), -- Salida de stock + stock_valuation_account_id UUID REFERENCES financial.accounts(id), -- Valoración (activo) + expense_account_id UUID REFERENCES financial.accounts(id), -- Gasto/COGS + + -- Diario para asientos de stock + stock_journal_id UUID REFERENCES financial.journals(id), + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ, + + CONSTRAINT uq_category_stock_accounts + UNIQUE (category_id, company_id, tenant_id) +); + +COMMENT ON TABLE inventory.category_stock_accounts IS 'Cuentas contables para valoración de inventario por categoría'; + +-- Parámetros de valoración por tenant +CREATE TABLE inventory.valuation_settings ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + company_id UUID REFERENCES auth.companies(id), + + allow_negative_stock BOOLEAN NOT NULL DEFAULT FALSE, + default_cost_method VARCHAR(20) NOT NULL DEFAULT 'fifo' + CHECK (default_cost_method IN ('standard', 'average', 'fifo')), + default_valuation VARCHAR(20) NOT NULL DEFAULT 'real_time' + CHECK (default_valuation IN ('manual', 'real_time')), + auto_vacuum_enabled BOOLEAN NOT NULL DEFAULT TRUE, + vacuum_batch_size INTEGER NOT NULL DEFAULT 100, + + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT uq_valuation_settings_tenant_company UNIQUE (tenant_id, company_id) +); + +COMMENT ON TABLE inventory.valuation_settings IS 'Configuración de valoración de inventario por tenant/empresa'; + +-- Extensión de product_categories para costeo (tabla en schema core) +ALTER TABLE core.product_categories ADD COLUMN IF NOT EXISTS + cost_method VARCHAR(20) NOT NULL DEFAULT 'fifo' + CHECK (cost_method IN ('standard', 'average', 'fifo')); + +ALTER TABLE core.product_categories ADD COLUMN IF NOT EXISTS + valuation_method VARCHAR(20) NOT NULL DEFAULT 'real_time' + CHECK (valuation_method IN ('manual', 'real_time')); + +-- Extensión de products para costeo +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + standard_price DECIMAL(16,6) NOT NULL DEFAULT 0; + +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + lot_valuated BOOLEAN NOT NULL DEFAULT FALSE; + +-- ===================================================== +-- PARTE 2: TRAZABILIDAD DE LOTES Y SERIES +-- ===================================================== + +-- Extensión de products para tracking +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + tracking VARCHAR(16) NOT NULL DEFAULT 'none' + CHECK (tracking IN ('none', 'lot', 'serial')); + +-- Configuración de caducidad +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + use_expiration_date BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + expiration_time INTEGER; -- Días hasta caducidad desde recepción + +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + use_time INTEGER; -- Días antes de caducidad para "consumir preferentemente" + +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + removal_time INTEGER; -- Días antes de caducidad para remover de venta + +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + alert_time INTEGER; -- Días antes de caducidad para alertar + +-- Propiedades dinámicas por lote +ALTER TABLE inventory.products ADD COLUMN IF NOT EXISTS + lot_properties_definition JSONB DEFAULT '[]'; + +-- Constraint de consistencia +ALTER TABLE inventory.products ADD CONSTRAINT chk_expiration_config CHECK ( + use_expiration_date = FALSE OR ( + expiration_time IS NOT NULL AND + expiration_time > 0 + ) +); + +-- Índice para productos con tracking +CREATE INDEX idx_products_tracking ON inventory.products(tracking) + WHERE tracking != 'none'; + +-- Tabla: lots (Lotes y números de serie) +CREATE TABLE inventory.lots ( + -- Identificación + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(128) NOT NULL, + ref VARCHAR(256), -- Referencia interna/externa + + -- Relaciones + product_id UUID NOT NULL REFERENCES inventory.products(id), + company_id UUID NOT NULL REFERENCES auth.companies(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + + -- Fechas de caducidad + expiration_date TIMESTAMPTZ, + use_date TIMESTAMPTZ, -- Best-before + removal_date TIMESTAMPTZ, -- Fecha de retiro FEFO + alert_date TIMESTAMPTZ, -- Fecha de alerta + + -- Control de alertas + expiry_alerted BOOLEAN NOT NULL DEFAULT FALSE, + + -- Propiedades dinámicas (heredadas del producto) + lot_properties JSONB DEFAULT '{}', + + -- Ubicación (si solo hay una) + location_id UUID REFERENCES inventory.locations(id), + + -- Auditoría + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID REFERENCES auth.users(id), + + -- Constraints + CONSTRAINT uk_lot_product_company UNIQUE (product_id, name, company_id) +); + +-- Índices para lots +CREATE INDEX idx_lots_product ON inventory.lots(product_id); +CREATE INDEX idx_lots_tenant ON inventory.lots(tenant_id); +CREATE INDEX idx_lots_expiration ON inventory.lots(expiration_date) + WHERE expiration_date IS NOT NULL; +CREATE INDEX idx_lots_removal ON inventory.lots(removal_date) + WHERE removal_date IS NOT NULL; +CREATE INDEX idx_lots_alert ON inventory.lots(alert_date) + WHERE alert_date IS NOT NULL AND NOT expiry_alerted; + +-- Extensión para búsqueda por trigram (requiere pg_trgm) +-- CREATE INDEX idx_lots_name_trgm ON inventory.lots USING GIN (name gin_trgm_ops); + +COMMENT ON TABLE inventory.lots IS 'Lotes y números de serie para trazabilidad de productos'; + +-- Extensión de quants para lotes +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + lot_id UUID REFERENCES inventory.lots(id); + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + in_date TIMESTAMPTZ NOT NULL DEFAULT NOW(); + +-- Fecha de remoción para FEFO (heredada del lote) +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + removal_date TIMESTAMPTZ; + +-- Índices optimizados para quants +CREATE INDEX idx_quants_lot ON inventory.quants(lot_id) + WHERE lot_id IS NOT NULL; + +CREATE INDEX idx_quants_fefo ON inventory.quants(product_id, location_id, removal_date, in_date) + WHERE quantity > 0; + +CREATE INDEX idx_quants_fifo ON inventory.quants(product_id, location_id, in_date) + WHERE quantity > 0; + +-- Extensión de stock_moves para lotes (tracking de lotes en movimientos) +ALTER TABLE inventory.stock_moves ADD COLUMN IF NOT EXISTS + lot_id UUID REFERENCES inventory.lots(id); + +ALTER TABLE inventory.stock_moves ADD COLUMN IF NOT EXISTS + lot_name VARCHAR(128); -- Para creación on-the-fly + +ALTER TABLE inventory.stock_moves ADD COLUMN IF NOT EXISTS + tracking VARCHAR(16); -- Copia del producto (none, lot, serial) + +-- Índices para lotes en movimientos +CREATE INDEX IF NOT EXISTS idx_stock_moves_lot ON inventory.stock_moves(lot_id) + WHERE lot_id IS NOT NULL; +CREATE INDEX IF NOT EXISTS idx_stock_moves_lot_name ON inventory.stock_moves(lot_name) + WHERE lot_name IS NOT NULL; + +-- Tabla de relación para trazabilidad de manufactura (consume/produce) +CREATE TABLE inventory.stock_move_consume_rel ( + consume_move_id UUID NOT NULL REFERENCES inventory.stock_moves(id) ON DELETE CASCADE, + produce_move_id UUID NOT NULL REFERENCES inventory.stock_moves(id) ON DELETE CASCADE, + quantity DECIMAL(16,4) NOT NULL DEFAULT 0, -- Cantidad consumida/producida + PRIMARY KEY (consume_move_id, produce_move_id) +); + +CREATE INDEX idx_consume_rel_consume ON inventory.stock_move_consume_rel(consume_move_id); +CREATE INDEX idx_consume_rel_produce ON inventory.stock_move_consume_rel(produce_move_id); + +COMMENT ON TABLE inventory.stock_move_consume_rel IS 'Relación M:N para trazabilidad de consumo en manufactura'; + +-- Tabla: removal_strategies (Estrategias de salida) +CREATE TABLE inventory.removal_strategies ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(64) NOT NULL, + code VARCHAR(16) NOT NULL UNIQUE + CHECK (code IN ('fifo', 'lifo', 'fefo', 'closest')), + description TEXT, + is_active BOOLEAN NOT NULL DEFAULT TRUE +); + +-- Datos iniciales de estrategias +INSERT INTO inventory.removal_strategies (name, code, description) VALUES + ('First In, First Out', 'fifo', 'El stock más antiguo sale primero'), + ('Last In, First Out', 'lifo', 'El stock más reciente sale primero'), + ('First Expiry, First Out', 'fefo', 'El stock que caduca primero sale primero'), + ('Closest Location', 'closest', 'El stock de ubicación más cercana sale primero') +ON CONFLICT (code) DO NOTHING; + +COMMENT ON TABLE inventory.removal_strategies IS 'Estrategias de salida de inventario (FIFO, LIFO, FEFO)'; + +-- Agregar estrategia a categorías y ubicaciones +ALTER TABLE core.product_categories ADD COLUMN IF NOT EXISTS + removal_strategy_id UUID REFERENCES inventory.removal_strategies(id); + +ALTER TABLE inventory.locations ADD COLUMN IF NOT EXISTS + removal_strategy_id UUID REFERENCES inventory.removal_strategies(id); + +-- ===================================================== +-- PARTE 3: CONTEOS CÍCLICOS +-- ===================================================== + +-- Extensión de locations para conteo cíclico +ALTER TABLE inventory.locations ADD COLUMN IF NOT EXISTS + cyclic_inventory_frequency INTEGER DEFAULT 0; + +ALTER TABLE inventory.locations ADD COLUMN IF NOT EXISTS + last_inventory_date DATE; + +ALTER TABLE inventory.locations ADD COLUMN IF NOT EXISTS + abc_classification VARCHAR(1) DEFAULT 'C' + CHECK (abc_classification IN ('A', 'B', 'C')); + +COMMENT ON COLUMN inventory.locations.cyclic_inventory_frequency IS + 'Días entre conteos cíclicos. 0 = deshabilitado'; +COMMENT ON COLUMN inventory.locations.abc_classification IS + 'Clasificación ABC: A=Alta rotación, B=Media, C=Baja'; + +-- Índice para ubicaciones pendientes de conteo +CREATE INDEX idx_locations_cyclic_inventory + ON inventory.locations(last_inventory_date, cyclic_inventory_frequency) + WHERE cyclic_inventory_frequency > 0; + +-- Extensión de quants para inventario +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + inventory_quantity DECIMAL(18,4); + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + inventory_quantity_set BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + inventory_date DATE; + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + last_count_date DATE; + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + is_outdated BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + assigned_user_id UUID REFERENCES auth.users(id); + +ALTER TABLE inventory.quants ADD COLUMN IF NOT EXISTS + count_notes TEXT; + +COMMENT ON COLUMN inventory.quants.inventory_quantity IS + 'Cantidad contada por el usuario'; +COMMENT ON COLUMN inventory.quants.is_outdated IS + 'TRUE si quantity cambió después de establecer inventory_quantity'; + +-- Índices para conteo +CREATE INDEX idx_quants_inventory_date ON inventory.quants(inventory_date) + WHERE inventory_date IS NOT NULL; + +CREATE INDEX idx_quants_assigned_user ON inventory.quants(assigned_user_id) + WHERE assigned_user_id IS NOT NULL; + +-- Tabla: inventory_count_sessions (Sesiones de conteo) +CREATE TABLE inventory.inventory_count_sessions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(20) NOT NULL, + name VARCHAR(200), + + -- Alcance del conteo + location_ids UUID[] NOT NULL, -- Ubicaciones a contar + product_ids UUID[], -- NULL = todos los productos + category_ids UUID[], -- Filtrar por categorías + + -- Configuración + count_type VARCHAR(20) NOT NULL DEFAULT 'cycle' + CHECK (count_type IN ('cycle', 'full', 'spot')), + -- 'cycle': Conteo cíclico programado + -- 'full': Inventario físico completo + -- 'spot': Conteo puntual/aleatorio + + -- Estado + state VARCHAR(20) NOT NULL DEFAULT 'draft' + CHECK (state IN ('draft', 'in_progress', 'pending_review', 'done', 'cancelled')), + + -- Fechas + scheduled_date DATE, + started_at TIMESTAMPTZ, + completed_at TIMESTAMPTZ, + + -- Asignación + responsible_id UUID REFERENCES auth.users(id), + team_ids UUID[], -- Usuarios asignados al conteo + + -- Resultados + total_quants INTEGER DEFAULT 0, + counted_quants INTEGER DEFAULT 0, + discrepancy_quants INTEGER DEFAULT 0, + total_value_diff DECIMAL(18,2) DEFAULT 0, + + -- Auditoría + company_id UUID NOT NULL REFERENCES auth.companies(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + warehouse_id UUID REFERENCES inventory.warehouses(id), + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID NOT NULL REFERENCES auth.users(id), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() +); + +-- Índices para sesiones +CREATE INDEX idx_count_sessions_state ON inventory.inventory_count_sessions(state); +CREATE INDEX idx_count_sessions_scheduled ON inventory.inventory_count_sessions(scheduled_date); +CREATE INDEX idx_count_sessions_tenant ON inventory.inventory_count_sessions(tenant_id); + +-- Secuencia para código de sesión +CREATE SEQUENCE IF NOT EXISTS inventory.inventory_count_seq START 1; + +COMMENT ON TABLE inventory.inventory_count_sessions IS 'Sesiones de conteo cíclico de inventario'; + +-- Tabla: inventory_count_lines (Líneas de conteo detalladas) +CREATE TABLE inventory.inventory_count_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + session_id UUID NOT NULL REFERENCES inventory.inventory_count_sessions(id) ON DELETE CASCADE, + quant_id UUID REFERENCES inventory.quants(id), + + -- Producto + product_id UUID NOT NULL REFERENCES inventory.products(id), + location_id UUID NOT NULL REFERENCES inventory.locations(id), + lot_id UUID REFERENCES inventory.lots(id), + -- package_id: Reservado para futura extensión de empaquetado + -- package_id UUID REFERENCES inventory.packages(id), + + -- Cantidades + theoretical_qty DECIMAL(18,4) NOT NULL DEFAULT 0, -- Del sistema + counted_qty DECIMAL(18,4), -- Contada + + -- Valoración + unit_cost DECIMAL(18,6), + + -- Estado + state VARCHAR(20) NOT NULL DEFAULT 'pending' + CHECK (state IN ('pending', 'counted', 'conflict', 'applied')), + + -- Conteo + counted_by UUID REFERENCES auth.users(id), + counted_at TIMESTAMPTZ, + notes TEXT, + + -- Resolución de conflictos + conflict_reason VARCHAR(100), + resolution VARCHAR(20) + CHECK (resolution IS NULL OR resolution IN ('keep_counted', 'keep_system', 'recount')), + resolved_by UUID REFERENCES auth.users(id), + resolved_at TIMESTAMPTZ, + + -- Movimiento generado + stock_move_id UUID REFERENCES inventory.stock_moves(id) +); + +-- Índices para líneas de conteo +CREATE INDEX idx_count_lines_session ON inventory.inventory_count_lines(session_id); +CREATE INDEX idx_count_lines_state ON inventory.inventory_count_lines(state); +CREATE INDEX idx_count_lines_product ON inventory.inventory_count_lines(product_id); + +COMMENT ON TABLE inventory.inventory_count_lines IS 'Líneas detalladas de conteo de inventario'; + +-- Tabla: abc_classification_rules (Reglas de clasificación ABC) +CREATE TABLE inventory.abc_classification_rules ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(100) NOT NULL, + + -- Criterio de clasificación + classification_method VARCHAR(20) NOT NULL DEFAULT 'value' + CHECK (classification_method IN ('value', 'movement', 'revenue')), + -- 'value': Por valor de inventario + -- 'movement': Por frecuencia de movimiento + -- 'revenue': Por ingresos generados + + -- Umbrales (porcentaje acumulado) + threshold_a DECIMAL(5,2) NOT NULL DEFAULT 80.00, -- Top 80% + threshold_b DECIMAL(5,2) NOT NULL DEFAULT 95.00, -- 80-95% + -- Resto es C (95-100%) + + -- Frecuencias de conteo recomendadas (días) + frequency_a INTEGER NOT NULL DEFAULT 7, -- Clase A: semanal + frequency_b INTEGER NOT NULL DEFAULT 30, -- Clase B: mensual + frequency_c INTEGER NOT NULL DEFAULT 90, -- Clase C: trimestral + + -- Aplicación + warehouse_id UUID REFERENCES inventory.warehouses(id), + category_ids UUID[], -- Categorías a las que aplica + + -- Estado + is_active BOOLEAN NOT NULL DEFAULT TRUE, + last_calculation TIMESTAMPTZ, + + -- Auditoría + company_id UUID NOT NULL REFERENCES auth.companies(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID NOT NULL REFERENCES auth.users(id), + + CONSTRAINT chk_thresholds CHECK (threshold_a < threshold_b AND threshold_b <= 100) +); + +COMMENT ON TABLE inventory.abc_classification_rules IS 'Reglas de clasificación ABC para priorización de conteos'; + +-- Tabla: product_abc_classification (Clasificación ABC por producto) +CREATE TABLE inventory.product_abc_classification ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + product_id UUID NOT NULL REFERENCES inventory.products(id), + rule_id UUID NOT NULL REFERENCES inventory.abc_classification_rules(id), + + -- Clasificación + classification VARCHAR(1) NOT NULL + CHECK (classification IN ('A', 'B', 'C')), + + -- Métricas calculadas + metric_value DECIMAL(18,2) NOT NULL, -- Valor usado para clasificar + cumulative_percent DECIMAL(5,2) NOT NULL, -- % acumulado + rank_position INTEGER NOT NULL, -- Posición en ranking + + -- Período de cálculo + period_start DATE NOT NULL, + period_end DATE NOT NULL, + + -- Frecuencia asignada + assigned_frequency INTEGER NOT NULL, + + calculated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT uq_product_rule UNIQUE (product_id, rule_id) +); + +-- Índice para búsqueda de clasificación +CREATE INDEX idx_product_abc ON inventory.product_abc_classification(product_id, rule_id); + +COMMENT ON TABLE inventory.product_abc_classification IS 'Clasificación ABC calculada por producto'; + +-- Extensión de stock_moves para marcar movimientos de inventario +ALTER TABLE inventory.stock_moves ADD COLUMN IF NOT EXISTS + is_inventory BOOLEAN NOT NULL DEFAULT FALSE; + +ALTER TABLE inventory.stock_moves ADD COLUMN IF NOT EXISTS + inventory_session_id UUID REFERENCES inventory.inventory_count_sessions(id); + +CREATE INDEX idx_moves_is_inventory ON inventory.stock_moves(is_inventory) + WHERE is_inventory = TRUE; + +-- ===================================================== +-- PARTE 4: FUNCIONES DE UTILIDAD +-- ===================================================== + +-- Función: Ejecutar algoritmo FIFO para consumo de capas +CREATE OR REPLACE FUNCTION inventory.run_fifo( + p_product_id UUID, + p_quantity DECIMAL, + p_company_id UUID, + p_lot_id UUID DEFAULT NULL +) +RETURNS TABLE( + total_value DECIMAL, + unit_cost DECIMAL, + remaining_qty DECIMAL +) AS $$ +DECLARE + v_candidate RECORD; + v_qty_to_take DECIMAL; + v_qty_taken DECIMAL; + v_value_taken DECIMAL; + v_total_value DECIMAL := 0; + v_qty_pending DECIMAL := p_quantity; + v_last_unit_cost DECIMAL := 0; +BEGIN + -- Obtener candidatos FIFO ordenados + FOR v_candidate IN + SELECT id, remaining_qty as r_qty, remaining_value as r_val, unit_cost as u_cost + FROM inventory.stock_valuation_layers + WHERE product_id = p_product_id + AND remaining_qty > 0 + AND company_id = p_company_id + AND (p_lot_id IS NULL OR lot_id = p_lot_id) + ORDER BY created_at ASC, id ASC + FOR UPDATE + LOOP + EXIT WHEN v_qty_pending <= 0; + + v_qty_taken := LEAST(v_candidate.r_qty, v_qty_pending); + v_value_taken := ROUND(v_qty_taken * (v_candidate.r_val / v_candidate.r_qty), 4); + + -- Actualizar capa candidata + UPDATE inventory.stock_valuation_layers + SET remaining_qty = remaining_qty - v_qty_taken, + remaining_value = remaining_value - v_value_taken + WHERE id = v_candidate.id; + + v_qty_pending := v_qty_pending - v_qty_taken; + v_total_value := v_total_value + v_value_taken; + v_last_unit_cost := v_candidate.u_cost; + END LOOP; + + -- Si queda cantidad pendiente (stock negativo) + IF v_qty_pending > 0 THEN + v_total_value := v_total_value + (v_last_unit_cost * v_qty_pending); + RETURN QUERY SELECT + -v_total_value, + v_total_value / p_quantity, + -v_qty_pending; + ELSE + RETURN QUERY SELECT + -v_total_value, + v_total_value / p_quantity, + 0::DECIMAL; + END IF; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.run_fifo IS 'Ejecuta algoritmo FIFO y consume capas de valoración'; + +-- Función: Calcular clasificación ABC +CREATE OR REPLACE FUNCTION inventory.calculate_abc_classification( + p_rule_id UUID, + p_period_months INTEGER DEFAULT 12 +) +RETURNS TABLE ( + product_id UUID, + classification VARCHAR(1), + metric_value DECIMAL, + cumulative_percent DECIMAL, + rank_position INTEGER +) AS $$ +DECLARE + v_rule RECORD; + v_total_value DECIMAL; +BEGIN + -- Obtener regla + SELECT * INTO v_rule + FROM inventory.abc_classification_rules + WHERE id = p_rule_id; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Regla ABC no encontrada: %', p_rule_id; + END IF; + + -- Crear tabla temporal con métricas + CREATE TEMP TABLE tmp_abc_metrics AS + SELECT + q.product_id, + SUM(q.quantity * COALESCE(p.standard_price, 0)) as metric_value + FROM inventory.quants q + JOIN inventory.products p ON p.id = q.product_id + WHERE q.quantity > 0 + AND (v_rule.warehouse_id IS NULL OR q.warehouse_id = v_rule.warehouse_id) + GROUP BY q.product_id; + + -- Calcular total + SELECT COALESCE(SUM(metric_value), 0) INTO v_total_value FROM tmp_abc_metrics; + + -- Retornar clasificación + RETURN QUERY + WITH ranked AS ( + SELECT + tm.product_id, + tm.metric_value, + ROW_NUMBER() OVER (ORDER BY tm.metric_value DESC) as rank_pos, + SUM(tm.metric_value) OVER (ORDER BY tm.metric_value DESC) / + NULLIF(v_total_value, 0) * 100 as cum_pct + FROM tmp_abc_metrics tm + ) + SELECT + r.product_id, + CASE + WHEN r.cum_pct <= v_rule.threshold_a THEN 'A'::VARCHAR(1) + WHEN r.cum_pct <= v_rule.threshold_b THEN 'B'::VARCHAR(1) + ELSE 'C'::VARCHAR(1) + END as classification, + r.metric_value, + ROUND(r.cum_pct, 2), + r.rank_pos::INTEGER + FROM ranked r; + + DROP TABLE IF EXISTS tmp_abc_metrics; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.calculate_abc_classification IS 'Calcula clasificación ABC para productos según regla'; + +-- Función: Obtener próximos conteos programados +CREATE OR REPLACE FUNCTION inventory.get_pending_counts( + p_days_ahead INTEGER DEFAULT 7 +) +RETURNS TABLE ( + location_id UUID, + location_name VARCHAR, + next_inventory_date DATE, + days_overdue INTEGER, + quant_count INTEGER, + total_value DECIMAL +) AS $$ +BEGIN + RETURN QUERY + SELECT + l.id, + l.name, + (l.last_inventory_date + (l.cyclic_inventory_frequency || ' days')::INTERVAL)::DATE as next_inv_date, + (CURRENT_DATE - (l.last_inventory_date + (l.cyclic_inventory_frequency || ' days')::INTERVAL)::DATE)::INTEGER as days_over, + COUNT(q.id)::INTEGER as q_count, + COALESCE(SUM(q.quantity * COALESCE(p.standard_price, 0)), 0) as t_value + FROM inventory.locations l + LEFT JOIN inventory.quants q ON q.location_id = l.id + LEFT JOIN inventory.products p ON p.id = q.product_id + WHERE l.cyclic_inventory_frequency > 0 + AND (l.last_inventory_date + (l.cyclic_inventory_frequency || ' days')::INTERVAL)::DATE <= CURRENT_DATE + p_days_ahead + AND l.location_type = 'internal' + GROUP BY l.id, l.name, l.last_inventory_date, l.cyclic_inventory_frequency + ORDER BY next_inv_date; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.get_pending_counts IS 'Obtiene ubicaciones con conteos cíclicos pendientes'; + +-- Función: Marcar quants como desactualizados cuando cambia cantidad +CREATE OR REPLACE FUNCTION inventory.mark_quants_outdated() +RETURNS TRIGGER AS $$ +BEGIN + IF OLD.quantity != NEW.quantity AND OLD.inventory_quantity_set = TRUE THEN + NEW.is_outdated := TRUE; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_quant_outdated + BEFORE UPDATE OF quantity ON inventory.quants + FOR EACH ROW + EXECUTE FUNCTION inventory.mark_quants_outdated(); + +-- Función: Calcular fechas de caducidad al crear lote +CREATE OR REPLACE FUNCTION inventory.compute_lot_expiration_dates() +RETURNS TRIGGER AS $$ +DECLARE + v_product RECORD; +BEGIN + -- Obtener configuración del producto + SELECT + use_expiration_date, + expiration_time, + use_time, + removal_time, + alert_time + INTO v_product + FROM inventory.products + WHERE id = NEW.product_id; + + -- Si el producto usa fechas de caducidad y no se especificó expiration_date + IF v_product.use_expiration_date AND NEW.expiration_date IS NULL THEN + NEW.expiration_date := NOW() + (v_product.expiration_time || ' days')::INTERVAL; + + IF v_product.use_time IS NOT NULL THEN + NEW.use_date := NEW.expiration_date - (v_product.use_time || ' days')::INTERVAL; + END IF; + + IF v_product.removal_time IS NOT NULL THEN + NEW.removal_date := NEW.expiration_date - (v_product.removal_time || ' days')::INTERVAL; + END IF; + + IF v_product.alert_time IS NOT NULL THEN + NEW.alert_date := NEW.expiration_date - (v_product.alert_time || ' days')::INTERVAL; + END IF; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_lot_expiration_dates + BEFORE INSERT ON inventory.lots + FOR EACH ROW + EXECUTE FUNCTION inventory.compute_lot_expiration_dates(); + +-- Función: Limpiar valor de la vista materializada +CREATE OR REPLACE FUNCTION inventory.refresh_product_valuation_summary() +RETURNS void AS $$ +BEGIN + REFRESH MATERIALIZED VIEW CONCURRENTLY inventory.product_valuation_summary; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.refresh_product_valuation_summary IS 'Refresca la vista materializada de valoración de productos'; + +-- ===================================================== +-- PARTE 5: TRIGGERS DE ACTUALIZACIÓN +-- ===================================================== + +-- Trigger: Actualizar updated_at para lots +CREATE OR REPLACE FUNCTION inventory.update_lots_timestamp() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = NOW(); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_lots_updated_at + BEFORE UPDATE ON inventory.lots + FOR EACH ROW + EXECUTE FUNCTION inventory.update_lots_timestamp(); + +-- Trigger: Actualizar updated_at para count_sessions +CREATE TRIGGER trg_count_sessions_updated_at + BEFORE UPDATE ON inventory.inventory_count_sessions + FOR EACH ROW + EXECUTE FUNCTION inventory.update_lots_timestamp(); + +-- Trigger: Actualizar estadísticas de sesión al modificar líneas +CREATE OR REPLACE FUNCTION inventory.update_session_stats() +RETURNS TRIGGER AS $$ +BEGIN + UPDATE inventory.inventory_count_sessions + SET + counted_quants = ( + SELECT COUNT(*) FROM inventory.inventory_count_lines + WHERE session_id = COALESCE(NEW.session_id, OLD.session_id) + AND state IN ('counted', 'applied') + ), + discrepancy_quants = ( + SELECT COUNT(*) FROM inventory.inventory_count_lines + WHERE session_id = COALESCE(NEW.session_id, OLD.session_id) + AND state = 'counted' + AND (counted_qty - theoretical_qty) != 0 + ), + total_value_diff = ( + SELECT COALESCE(SUM(ABS((counted_qty - theoretical_qty) * COALESCE(unit_cost, 0))), 0) + FROM inventory.inventory_count_lines + WHERE session_id = COALESCE(NEW.session_id, OLD.session_id) + AND counted_qty IS NOT NULL + ), + updated_at = NOW() + WHERE id = COALESCE(NEW.session_id, OLD.session_id); + + RETURN COALESCE(NEW, OLD); +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_update_session_stats + AFTER INSERT OR UPDATE OR DELETE ON inventory.inventory_count_lines + FOR EACH ROW + EXECUTE FUNCTION inventory.update_session_stats(); + +-- ===================================================== +-- PARTE 6: VISTAS +-- ===================================================== + +-- Vista: Lotes próximos a caducar +CREATE OR REPLACE VIEW inventory.expiring_lots_view AS +SELECT + l.id, + l.name as lot_name, + l.product_id, + p.name as product_name, + p.default_code as sku, + l.expiration_date, + l.removal_date, + EXTRACT(DAY FROM l.expiration_date - NOW()) as days_until_expiry, + COALESCE(SUM(q.quantity), 0) as stock_qty, + l.company_id, + l.tenant_id +FROM inventory.lots l +JOIN inventory.products p ON p.id = l.product_id +LEFT JOIN inventory.quants q ON q.lot_id = l.id +LEFT JOIN inventory.locations loc ON q.location_id = loc.id +WHERE l.expiration_date IS NOT NULL + AND l.expiration_date > NOW() + AND loc.location_type = 'internal' +GROUP BY l.id, p.id +HAVING COALESCE(SUM(q.quantity), 0) > 0; + +COMMENT ON VIEW inventory.expiring_lots_view IS 'Vista de lotes con stock próximos a caducar'; + +-- Vista: Resumen de conteos por ubicación +CREATE OR REPLACE VIEW inventory.location_count_summary_view AS +SELECT + l.id as location_id, + l.name as location_name, + l.warehouse_id, + w.name as warehouse_name, + l.cyclic_inventory_frequency, + l.last_inventory_date, + (l.last_inventory_date + (l.cyclic_inventory_frequency || ' days')::INTERVAL)::DATE as next_inventory_date, + l.abc_classification, + COUNT(q.id) as quant_count, + COALESCE(SUM(q.quantity * COALESCE(p.standard_price, 0)), 0) as total_value +FROM inventory.locations l +LEFT JOIN inventory.warehouses w ON l.warehouse_id = w.id +LEFT JOIN inventory.quants q ON q.location_id = l.id AND q.quantity > 0 +LEFT JOIN inventory.products p ON q.product_id = p.id +WHERE l.location_type = 'internal' + AND l.cyclic_inventory_frequency > 0 +GROUP BY l.id, w.id; + +COMMENT ON VIEW inventory.location_count_summary_view IS 'Resumen de configuración de conteo cíclico por ubicación'; + +-- ===================================================== +-- COMENTARIOS EN TABLAS +-- ===================================================== + +COMMENT ON TABLE inventory.stock_valuation_layers IS 'Capas de valoración de inventario para costeo FIFO/AVCO'; +COMMENT ON TABLE inventory.lots IS 'Lotes y números de serie para trazabilidad'; +-- Nota: La tabla anterior se renombró a stock_move_consume_rel +COMMENT ON TABLE inventory.removal_strategies IS 'Estrategias de salida de inventario (FIFO/LIFO/FEFO)'; +COMMENT ON TABLE inventory.inventory_count_sessions IS 'Sesiones de conteo cíclico de inventario'; +COMMENT ON TABLE inventory.inventory_count_lines IS 'Líneas detalladas de conteo de inventario'; +COMMENT ON TABLE inventory.abc_classification_rules IS 'Reglas de clasificación ABC para priorización'; +COMMENT ON TABLE inventory.product_abc_classification IS 'Clasificación ABC calculada por producto'; +COMMENT ON TABLE inventory.category_stock_accounts IS 'Cuentas contables de valoración por categoría'; +COMMENT ON TABLE inventory.valuation_settings IS 'Configuración de valoración por tenant/empresa'; + +-- ===================================================== +-- FIN DE EXTENSIONES INVENTORY +-- ===================================================== diff --git a/database/ddl/05-inventory.sql b/database/ddl/05-inventory.sql new file mode 100644 index 0000000..c563e39 --- /dev/null +++ b/database/ddl/05-inventory.sql @@ -0,0 +1,772 @@ +-- ===================================================== +-- SCHEMA: inventory +-- PROPÓSITO: Gestión de inventarios, productos, almacenes, movimientos +-- MÓDULOS: MGN-005 (Inventario Básico) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS inventory; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE inventory.product_type AS ENUM ( + 'storable', + 'consumable', + 'service' +); + +CREATE TYPE inventory.tracking_type AS ENUM ( + 'none', + 'lot', + 'serial' +); + +CREATE TYPE inventory.location_type AS ENUM ( + 'internal', + 'customer', + 'supplier', + 'inventory', + 'production', + 'transit' +); + +CREATE TYPE inventory.picking_type AS ENUM ( + 'incoming', + 'outgoing', + 'internal' +); + +CREATE TYPE inventory.move_status AS ENUM ( + 'draft', + 'confirmed', + 'assigned', + 'done', + 'cancelled' +); + +CREATE TYPE inventory.valuation_method AS ENUM ( + 'fifo', + 'average', + 'standard' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: products (Productos) +CREATE TABLE inventory.products ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Identificación + name VARCHAR(255) NOT NULL, + code VARCHAR(100), + barcode VARCHAR(100), + description TEXT, + + -- Tipo + product_type inventory.product_type NOT NULL DEFAULT 'storable', + tracking inventory.tracking_type NOT NULL DEFAULT 'none', + + -- Categoría + category_id UUID REFERENCES core.product_categories(id), + + -- Unidades de medida + uom_id UUID NOT NULL REFERENCES core.uom(id), -- UoM de venta/uso + purchase_uom_id UUID REFERENCES core.uom(id), -- UoM de compra + + -- Precios + cost_price DECIMAL(15, 4) DEFAULT 0, + list_price DECIMAL(15, 4) DEFAULT 0, + + -- Configuración de inventario + valuation_method inventory.valuation_method DEFAULT 'fifo', + is_storable BOOLEAN GENERATED ALWAYS AS (product_type = 'storable') STORED, + + -- Pesos y dimensiones + weight DECIMAL(12, 4), + volume DECIMAL(12, 4), + + -- Proveedores y clientes + can_be_sold BOOLEAN DEFAULT TRUE, + can_be_purchased BOOLEAN DEFAULT TRUE, + + -- Imagen + image_url VARCHAR(500), + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_products_code_tenant UNIQUE (tenant_id, code), + CONSTRAINT uq_products_barcode UNIQUE (barcode) +); + +-- Tabla: product_variants (Variantes de producto) +CREATE TABLE inventory.product_variants ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + product_template_id UUID NOT NULL REFERENCES inventory.products(id) ON DELETE CASCADE, + + -- Atributos (JSON) + -- Ejemplo: {"color": "red", "size": "XL"} + attribute_values JSONB NOT NULL DEFAULT '{}', + + -- Identificación + name VARCHAR(255), + code VARCHAR(100), + barcode VARCHAR(100), + + -- Precio diferencial + price_extra DECIMAL(15, 4) DEFAULT 0, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_product_variants_barcode UNIQUE (barcode) +); + +-- Tabla: warehouses (Almacenes) +CREATE TABLE inventory.warehouses ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(20) NOT NULL, + + -- Dirección + address_id UUID REFERENCES core.addresses(id), + + -- Configuración + is_default BOOLEAN DEFAULT FALSE, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_warehouses_code_company UNIQUE (company_id, code) +); + +-- Tabla: locations (Ubicaciones de inventario) +CREATE TABLE inventory.locations ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + warehouse_id UUID REFERENCES inventory.warehouses(id), + name VARCHAR(255) NOT NULL, + complete_name TEXT, -- Generado: "Warehouse / Zone A / Shelf 1" + location_type inventory.location_type NOT NULL DEFAULT 'internal', + + -- Jerarquía + parent_id UUID REFERENCES inventory.locations(id), + + -- Configuración + is_scrap_location BOOLEAN DEFAULT FALSE, + is_return_location BOOLEAN DEFAULT FALSE, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_locations_no_self_parent CHECK (id != parent_id) +); + +-- Tabla: lots (Lotes/Series) - DEBE IR ANTES DE stock_quants por FK +CREATE TABLE inventory.lots ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + name VARCHAR(100) NOT NULL, + ref VARCHAR(100), -- Referencia externa + + -- Fechas + manufacture_date DATE, + expiration_date DATE, + removal_date DATE, + alert_date DATE, + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_lots_name_product UNIQUE (product_id, name), + CONSTRAINT chk_lots_expiration CHECK (expiration_date IS NULL OR expiration_date > manufacture_date) +); + +-- Tabla: stock_quants (Cantidades en stock) +CREATE TABLE inventory.stock_quants ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + location_id UUID NOT NULL REFERENCES inventory.locations(id), + lot_id UUID REFERENCES inventory.lots(id), + + -- Cantidades + quantity DECIMAL(12, 4) NOT NULL DEFAULT 0, + reserved_quantity DECIMAL(12, 4) NOT NULL DEFAULT 0, + available_quantity DECIMAL(12, 4) GENERATED ALWAYS AS (quantity - reserved_quantity) STORED, + + -- Valoración + cost DECIMAL(15, 4) DEFAULT 0, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + CONSTRAINT chk_stock_quants_reserved CHECK (reserved_quantity >= 0 AND reserved_quantity <= quantity) +); + +-- Unique index for stock_quants (allows expressions unlike UNIQUE constraint) +CREATE UNIQUE INDEX uq_stock_quants_product_location_lot +ON inventory.stock_quants (tenant_id, product_id, location_id, COALESCE(lot_id, '00000000-0000-0000-0000-000000000000'::UUID)); + +-- Índices para stock_quants +CREATE INDEX idx_stock_quants_tenant_id ON inventory.stock_quants(tenant_id); +CREATE INDEX idx_stock_quants_product_location ON inventory.stock_quants(product_id, location_id); + +-- RLS para stock_quants +ALTER TABLE inventory.stock_quants ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_stock_quants ON inventory.stock_quants + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: pickings (Albaranes/Transferencias) +CREATE TABLE inventory.pickings ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + picking_type inventory.picking_type NOT NULL, + + -- Ubicaciones + location_id UUID NOT NULL REFERENCES inventory.locations(id), -- Origen + location_dest_id UUID NOT NULL REFERENCES inventory.locations(id), -- Destino + + -- Partner (cliente/proveedor) + partner_id UUID REFERENCES core.partners(id), + + -- Fechas + scheduled_date TIMESTAMP, + date_done TIMESTAMP, + + -- Origen + origin VARCHAR(255), -- Referencia al documento origen (PO, SO, etc.) + + -- Estado + status inventory.move_status NOT NULL DEFAULT 'draft', + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + validated_at TIMESTAMP, + validated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_pickings_name_company UNIQUE (company_id, name) +); + +-- Tabla: stock_moves (Movimientos de inventario) +CREATE TABLE inventory.stock_moves ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + product_uom_id UUID NOT NULL REFERENCES core.uom(id), + + -- Ubicaciones + location_id UUID NOT NULL REFERENCES inventory.locations(id), -- Origen + location_dest_id UUID NOT NULL REFERENCES inventory.locations(id), -- Destino + + -- Cantidades + product_qty DECIMAL(12, 4) NOT NULL, + quantity_done DECIMAL(12, 4) DEFAULT 0, + + -- Lote/Serie + lot_id UUID REFERENCES inventory.lots(id), + + -- Relación con picking + picking_id UUID REFERENCES inventory.pickings(id) ON DELETE CASCADE, + + -- Origen del movimiento + origin VARCHAR(255), + ref VARCHAR(255), + + -- Estado + status inventory.move_status NOT NULL DEFAULT 'draft', + + -- Fechas + date_expected TIMESTAMP, + date TIMESTAMP, + + -- Precio (para valoración) + price_unit DECIMAL(15, 4) DEFAULT 0, + + -- Analítica + analytic_account_id UUID REFERENCES analytics.analytic_accounts(id), -- Distribución analítica + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_stock_moves_quantity CHECK (product_qty > 0), + CONSTRAINT chk_stock_moves_quantity_done CHECK (quantity_done >= 0) +); + +-- Tabla: inventory_adjustments (Ajustes de inventario) +CREATE TABLE inventory.inventory_adjustments ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + + -- Ubicación a ajustar + location_id UUID NOT NULL REFERENCES inventory.locations(id), + + -- Fecha de conteo + date DATE NOT NULL, + + -- Estado + status inventory.move_status NOT NULL DEFAULT 'draft', + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + validated_at TIMESTAMP, + validated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_inventory_adjustments_name_company UNIQUE (company_id, name) +); + +-- Tabla: inventory_adjustment_lines (Líneas de ajuste) +CREATE TABLE inventory.inventory_adjustment_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + adjustment_id UUID NOT NULL REFERENCES inventory.inventory_adjustments(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + location_id UUID NOT NULL REFERENCES inventory.locations(id), + lot_id UUID REFERENCES inventory.lots(id), + + -- Cantidades + theoretical_qty DECIMAL(12, 4) NOT NULL DEFAULT 0, -- Cantidad teórica del sistema + counted_qty DECIMAL(12, 4) NOT NULL, -- Cantidad contada físicamente + difference_qty DECIMAL(12, 4) GENERATED ALWAYS AS (counted_qty - theoretical_qty) STORED, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Índices para inventory_adjustment_lines +CREATE INDEX idx_inventory_adjustment_lines_tenant_id ON inventory.inventory_adjustment_lines(tenant_id); + +-- RLS para inventory_adjustment_lines +ALTER TABLE inventory.inventory_adjustment_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_inventory_adjustment_lines ON inventory.inventory_adjustment_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Products +CREATE INDEX idx_products_tenant_id ON inventory.products(tenant_id); +CREATE INDEX idx_products_code ON inventory.products(code); +CREATE INDEX idx_products_barcode ON inventory.products(barcode); +CREATE INDEX idx_products_category_id ON inventory.products(category_id); +CREATE INDEX idx_products_type ON inventory.products(product_type); +CREATE INDEX idx_products_active ON inventory.products(active) WHERE active = TRUE; + +-- Product Variants +CREATE INDEX idx_product_variants_template_id ON inventory.product_variants(product_template_id); +CREATE INDEX idx_product_variants_barcode ON inventory.product_variants(barcode); + +-- Warehouses +CREATE INDEX idx_warehouses_tenant_id ON inventory.warehouses(tenant_id); +CREATE INDEX idx_warehouses_company_id ON inventory.warehouses(company_id); +CREATE INDEX idx_warehouses_code ON inventory.warehouses(code); + +-- Locations +CREATE INDEX idx_locations_tenant_id ON inventory.locations(tenant_id); +CREATE INDEX idx_locations_warehouse_id ON inventory.locations(warehouse_id); +CREATE INDEX idx_locations_parent_id ON inventory.locations(parent_id); +CREATE INDEX idx_locations_type ON inventory.locations(location_type); + +-- Stock Quants +CREATE INDEX idx_stock_quants_product_id ON inventory.stock_quants(product_id); +CREATE INDEX idx_stock_quants_location_id ON inventory.stock_quants(location_id); +CREATE INDEX idx_stock_quants_lot_id ON inventory.stock_quants(lot_id); +CREATE INDEX idx_stock_quants_available ON inventory.stock_quants(product_id, location_id) + WHERE available_quantity > 0; + +-- Lots +CREATE INDEX idx_lots_tenant_id ON inventory.lots(tenant_id); +CREATE INDEX idx_lots_product_id ON inventory.lots(product_id); +CREATE INDEX idx_lots_name ON inventory.lots(name); +CREATE INDEX idx_lots_expiration_date ON inventory.lots(expiration_date); + +-- Pickings +CREATE INDEX idx_pickings_tenant_id ON inventory.pickings(tenant_id); +CREATE INDEX idx_pickings_company_id ON inventory.pickings(company_id); +CREATE INDEX idx_pickings_name ON inventory.pickings(name); +CREATE INDEX idx_pickings_type ON inventory.pickings(picking_type); +CREATE INDEX idx_pickings_status ON inventory.pickings(status); +CREATE INDEX idx_pickings_partner_id ON inventory.pickings(partner_id); +CREATE INDEX idx_pickings_origin ON inventory.pickings(origin); +CREATE INDEX idx_pickings_scheduled_date ON inventory.pickings(scheduled_date); + +-- Stock Moves +CREATE INDEX idx_stock_moves_tenant_id ON inventory.stock_moves(tenant_id); +CREATE INDEX idx_stock_moves_product_id ON inventory.stock_moves(product_id); +CREATE INDEX idx_stock_moves_picking_id ON inventory.stock_moves(picking_id); +CREATE INDEX idx_stock_moves_location_id ON inventory.stock_moves(location_id); +CREATE INDEX idx_stock_moves_location_dest_id ON inventory.stock_moves(location_dest_id); +CREATE INDEX idx_stock_moves_status ON inventory.stock_moves(status); +CREATE INDEX idx_stock_moves_lot_id ON inventory.stock_moves(lot_id); +CREATE INDEX idx_stock_moves_analytic_account_id ON inventory.stock_moves(analytic_account_id) WHERE analytic_account_id IS NOT NULL; + +-- Inventory Adjustments +CREATE INDEX idx_inventory_adjustments_tenant_id ON inventory.inventory_adjustments(tenant_id); +CREATE INDEX idx_inventory_adjustments_company_id ON inventory.inventory_adjustments(company_id); +CREATE INDEX idx_inventory_adjustments_location_id ON inventory.inventory_adjustments(location_id); +CREATE INDEX idx_inventory_adjustments_status ON inventory.inventory_adjustments(status); +CREATE INDEX idx_inventory_adjustments_date ON inventory.inventory_adjustments(date); + +-- Inventory Adjustment Lines +CREATE INDEX idx_inventory_adjustment_lines_adjustment_id ON inventory.inventory_adjustment_lines(adjustment_id); +CREATE INDEX idx_inventory_adjustment_lines_product_id ON inventory.inventory_adjustment_lines(product_id); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: update_stock_quant +-- Actualiza la cantidad en stock de un producto en una ubicación +CREATE OR REPLACE FUNCTION inventory.update_stock_quant( + p_product_id UUID, + p_location_id UUID, + p_lot_id UUID, + p_quantity DECIMAL +) +RETURNS VOID AS $$ +BEGIN + INSERT INTO inventory.stock_quants (product_id, location_id, lot_id, quantity) + VALUES (p_product_id, p_location_id, p_lot_id, p_quantity) + ON CONFLICT (product_id, location_id, COALESCE(lot_id, '00000000-0000-0000-0000-000000000000'::UUID)) + DO UPDATE SET + quantity = inventory.stock_quants.quantity + EXCLUDED.quantity, + updated_at = CURRENT_TIMESTAMP; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.update_stock_quant IS 'Actualiza la cantidad en stock de un producto en una ubicación'; + +-- Función: reserve_quantity +-- Reserva cantidad de un producto en una ubicación +CREATE OR REPLACE FUNCTION inventory.reserve_quantity( + p_product_id UUID, + p_location_id UUID, + p_lot_id UUID, + p_quantity DECIMAL +) +RETURNS BOOLEAN AS $$ +DECLARE + v_available DECIMAL; +BEGIN + -- Verificar disponibilidad + SELECT available_quantity INTO v_available + FROM inventory.stock_quants + WHERE product_id = p_product_id + AND location_id = p_location_id + AND (lot_id = p_lot_id OR (lot_id IS NULL AND p_lot_id IS NULL)); + + IF v_available IS NULL OR v_available < p_quantity THEN + RETURN FALSE; + END IF; + + -- Reservar + UPDATE inventory.stock_quants + SET reserved_quantity = reserved_quantity + p_quantity, + updated_at = CURRENT_TIMESTAMP + WHERE product_id = p_product_id + AND location_id = p_location_id + AND (lot_id = p_lot_id OR (lot_id IS NULL AND p_lot_id IS NULL)); + + RETURN TRUE; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.reserve_quantity IS 'Reserva cantidad de un producto en una ubicación'; + +-- Función: get_product_stock +-- Obtiene el stock disponible de un producto +CREATE OR REPLACE FUNCTION inventory.get_product_stock( + p_product_id UUID, + p_location_id UUID DEFAULT NULL +) +RETURNS TABLE( + location_id UUID, + location_name VARCHAR, + quantity DECIMAL, + reserved_quantity DECIMAL, + available_quantity DECIMAL +) AS $$ +BEGIN + RETURN QUERY + SELECT + sq.location_id, + l.name AS location_name, + sq.quantity, + sq.reserved_quantity, + sq.available_quantity + FROM inventory.stock_quants sq + JOIN inventory.locations l ON sq.location_id = l.id + WHERE sq.product_id = p_product_id + AND (p_location_id IS NULL OR sq.location_id = p_location_id) + AND sq.quantity > 0; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION inventory.get_product_stock IS 'Obtiene el stock disponible de un producto por ubicación'; + +-- Función: process_stock_move +-- Procesa un movimiento de inventario (actualiza quants) +CREATE OR REPLACE FUNCTION inventory.process_stock_move(p_move_id UUID) +RETURNS VOID AS $$ +DECLARE + v_move RECORD; +BEGIN + -- Obtener datos del movimiento + SELECT * INTO v_move + FROM inventory.stock_moves + WHERE id = p_move_id; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Stock move % not found', p_move_id; + END IF; + + IF v_move.status != 'confirmed' THEN + RAISE EXCEPTION 'Stock move % is not in confirmed status', p_move_id; + END IF; + + -- Decrementar en ubicación origen + PERFORM inventory.update_stock_quant( + v_move.product_id, + v_move.location_id, + v_move.lot_id, + -v_move.quantity_done + ); + + -- Incrementar en ubicación destino + PERFORM inventory.update_stock_quant( + v_move.product_id, + v_move.location_dest_id, + v_move.lot_id, + v_move.quantity_done + ); + + -- Actualizar estado del movimiento + UPDATE inventory.stock_moves + SET status = 'done', + date = CURRENT_TIMESTAMP, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_move_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.process_stock_move IS 'Procesa un movimiento de inventario y actualiza los quants'; + +-- Función: update_location_complete_name +-- Actualiza el nombre completo de una ubicación +CREATE OR REPLACE FUNCTION inventory.update_location_complete_name() +RETURNS TRIGGER AS $$ +DECLARE + v_parent_name TEXT; +BEGIN + IF NEW.parent_id IS NULL THEN + NEW.complete_name := NEW.name; + ELSE + SELECT complete_name INTO v_parent_name + FROM inventory.locations + WHERE id = NEW.parent_id; + + NEW.complete_name := v_parent_name || ' / ' || NEW.name; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION inventory.update_location_complete_name IS 'Actualiza el nombre completo de la ubicación'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +-- Trigger: Actualizar updated_at +CREATE TRIGGER trg_products_updated_at + BEFORE UPDATE ON inventory.products + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_warehouses_updated_at + BEFORE UPDATE ON inventory.warehouses + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_locations_updated_at + BEFORE UPDATE ON inventory.locations + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_pickings_updated_at + BEFORE UPDATE ON inventory.pickings + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_stock_moves_updated_at + BEFORE UPDATE ON inventory.stock_moves + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_inventory_adjustments_updated_at + BEFORE UPDATE ON inventory.inventory_adjustments + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar complete_name de ubicación +CREATE TRIGGER trg_locations_update_complete_name + BEFORE INSERT OR UPDATE OF name, parent_id ON inventory.locations + FOR EACH ROW + EXECUTE FUNCTION inventory.update_location_complete_name(); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern) +-- ===================================================== + +-- Trigger: Tracking automático para movimientos de stock +CREATE TRIGGER track_stock_move_changes + AFTER INSERT OR UPDATE OR DELETE ON inventory.stock_moves + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_stock_move_changes ON inventory.stock_moves IS +'Registra automáticamente cambios en movimientos de stock (estado, producto, cantidad, ubicaciones)'; + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE inventory.products ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.warehouses ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.locations ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.lots ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.pickings ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.stock_moves ENABLE ROW LEVEL SECURITY; +ALTER TABLE inventory.inventory_adjustments ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_products ON inventory.products + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_warehouses ON inventory.warehouses + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_locations ON inventory.locations + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_lots ON inventory.lots + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_pickings ON inventory.pickings + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_stock_moves ON inventory.stock_moves + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_inventory_adjustments ON inventory.inventory_adjustments + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA inventory IS 'Schema de gestión de inventarios, productos, almacenes y movimientos'; +COMMENT ON TABLE inventory.products IS 'Productos (almacenables, consumibles, servicios)'; +COMMENT ON TABLE inventory.product_variants IS 'Variantes de productos (color, talla, etc.)'; +COMMENT ON TABLE inventory.warehouses IS 'Almacenes físicos'; +COMMENT ON TABLE inventory.locations IS 'Ubicaciones dentro de almacenes (estantes, zonas, etc.)'; +COMMENT ON TABLE inventory.stock_quants IS 'Cantidades en stock por producto/ubicación/lote'; +COMMENT ON TABLE inventory.lots IS 'Lotes de producción y números de serie'; +COMMENT ON TABLE inventory.pickings IS 'Albaranes de entrada, salida y transferencia'; +COMMENT ON TABLE inventory.stock_moves IS 'Movimientos individuales de inventario'; +COMMENT ON TABLE inventory.inventory_adjustments IS 'Ajustes de inventario (conteos físicos)'; +COMMENT ON TABLE inventory.inventory_adjustment_lines IS 'Líneas de ajuste de inventario'; + +-- ===================================================== +-- VISTAS ÚTILES +-- ===================================================== + +-- Vista: stock_by_product (Stock por producto) +CREATE OR REPLACE VIEW inventory.stock_by_product_view AS +SELECT + p.id AS product_id, + p.code AS product_code, + p.name AS product_name, + l.id AS location_id, + l.complete_name AS location_name, + COALESCE(SUM(sq.quantity), 0) AS quantity, + COALESCE(SUM(sq.reserved_quantity), 0) AS reserved_quantity, + COALESCE(SUM(sq.available_quantity), 0) AS available_quantity +FROM inventory.products p +CROSS JOIN inventory.locations l +LEFT JOIN inventory.stock_quants sq ON sq.product_id = p.id AND sq.location_id = l.id +WHERE p.product_type = 'storable' + AND l.location_type = 'internal' +GROUP BY p.id, p.code, p.name, l.id, l.complete_name; + +COMMENT ON VIEW inventory.stock_by_product_view IS 'Vista de stock disponible por producto y ubicación'; + +-- ===================================================== +-- FIN DEL SCHEMA INVENTORY +-- ===================================================== diff --git a/database/ddl/06-purchase.sql b/database/ddl/06-purchase.sql new file mode 100644 index 0000000..8d2271b --- /dev/null +++ b/database/ddl/06-purchase.sql @@ -0,0 +1,583 @@ +-- ===================================================== +-- SCHEMA: purchase +-- PROPÓSITO: Gestión de compras, proveedores, órdenes de compra +-- MÓDULOS: MGN-006 (Compras Básico) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS purchase; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE purchase.order_status AS ENUM ( + 'draft', + 'sent', + 'confirmed', + 'received', + 'billed', + 'cancelled' +); + +CREATE TYPE purchase.rfq_status AS ENUM ( + 'draft', + 'sent', + 'responded', + 'accepted', + 'rejected', + 'cancelled' +); + +CREATE TYPE purchase.agreement_type AS ENUM ( + 'price', + 'discount', + 'blanket' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: purchase_orders (Órdenes de compra) +CREATE TABLE purchase.purchase_orders ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Numeración + name VARCHAR(100) NOT NULL, + ref VARCHAR(100), -- Referencia del proveedor + + -- Proveedor + partner_id UUID NOT NULL REFERENCES core.partners(id), + + -- Fechas + order_date DATE NOT NULL, + expected_date DATE, + effective_date DATE, + + -- Configuración + currency_id UUID NOT NULL REFERENCES core.currencies(id), + payment_term_id UUID REFERENCES financial.payment_terms(id), + + -- Montos + amount_untaxed DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_tax DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_total DECIMAL(15, 2) NOT NULL DEFAULT 0, + + -- Estado + status purchase.order_status NOT NULL DEFAULT 'draft', + + -- Recepciones y facturación + receipt_status VARCHAR(20) DEFAULT 'pending', -- pending, partial, received + invoice_status VARCHAR(20) DEFAULT 'pending', -- pending, partial, billed + + -- Relaciones + picking_id UUID REFERENCES inventory.pickings(id), -- Recepción generada + invoice_id UUID REFERENCES financial.invoices(id), -- Factura generada + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + confirmed_at TIMESTAMP, + confirmed_by UUID REFERENCES auth.users(id), + cancelled_at TIMESTAMP, + cancelled_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_purchase_orders_name_company UNIQUE (company_id, name) +); + +-- Tabla: purchase_order_lines (Líneas de orden de compra) +CREATE TABLE purchase.purchase_order_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + order_id UUID NOT NULL REFERENCES purchase.purchase_orders(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + description TEXT NOT NULL, + + -- Cantidades + quantity DECIMAL(12, 4) NOT NULL, + qty_received DECIMAL(12, 4) DEFAULT 0, + qty_invoiced DECIMAL(12, 4) DEFAULT 0, + uom_id UUID NOT NULL REFERENCES core.uom(id), + + -- Precios + price_unit DECIMAL(15, 4) NOT NULL, + discount DECIMAL(5, 2) DEFAULT 0, -- Porcentaje de descuento + + -- Impuestos + tax_ids UUID[] DEFAULT '{}', + + -- Montos + amount_untaxed DECIMAL(15, 2) NOT NULL, + amount_tax DECIMAL(15, 2) NOT NULL, + amount_total DECIMAL(15, 2) NOT NULL, + + -- Fechas esperadas + expected_date DATE, + + -- Analítica + analytic_account_id UUID REFERENCES analytics.analytic_accounts(id), -- Distribución analítica + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + CONSTRAINT chk_purchase_order_lines_quantity CHECK (quantity > 0), + CONSTRAINT chk_purchase_order_lines_discount CHECK (discount >= 0 AND discount <= 100) +); + +-- Índices para purchase_order_lines +CREATE INDEX idx_purchase_order_lines_tenant_id ON purchase.purchase_order_lines(tenant_id); +CREATE INDEX idx_purchase_order_lines_order_id ON purchase.purchase_order_lines(order_id); +CREATE INDEX idx_purchase_order_lines_product_id ON purchase.purchase_order_lines(product_id); + +-- RLS para purchase_order_lines +ALTER TABLE purchase.purchase_order_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_purchase_order_lines ON purchase.purchase_order_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: rfqs (Request for Quotation - Solicitudes de cotización) +CREATE TABLE purchase.rfqs ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + + -- Proveedores (puede ser enviada a múltiples proveedores) + partner_ids UUID[] NOT NULL, + + -- Fechas + request_date DATE NOT NULL, + deadline_date DATE, + response_date DATE, + + -- Estado + status purchase.rfq_status NOT NULL DEFAULT 'draft', + + -- Descripción + description TEXT, + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_rfqs_name_company UNIQUE (company_id, name) +); + +-- Tabla: rfq_lines (Líneas de RFQ) +CREATE TABLE purchase.rfq_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + rfq_id UUID NOT NULL REFERENCES purchase.rfqs(id) ON DELETE CASCADE, + + product_id UUID REFERENCES inventory.products(id), + description TEXT NOT NULL, + quantity DECIMAL(12, 4) NOT NULL, + uom_id UUID NOT NULL REFERENCES core.uom(id), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_rfq_lines_quantity CHECK (quantity > 0) +); + +-- Índices para rfq_lines +CREATE INDEX idx_rfq_lines_tenant_id ON purchase.rfq_lines(tenant_id); + +-- RLS para rfq_lines +ALTER TABLE purchase.rfq_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_rfq_lines ON purchase.rfq_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: vendor_pricelists (Listas de precios de proveedores) +CREATE TABLE purchase.vendor_pricelists ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + partner_id UUID NOT NULL REFERENCES core.partners(id), + product_id UUID NOT NULL REFERENCES inventory.products(id), + + -- Precio + price DECIMAL(15, 4) NOT NULL, + currency_id UUID NOT NULL REFERENCES core.currencies(id), + + -- Cantidad mínima + min_quantity DECIMAL(12, 4) DEFAULT 1, + + -- Validez + valid_from DATE, + valid_to DATE, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_vendor_pricelists_price CHECK (price >= 0), + CONSTRAINT chk_vendor_pricelists_min_qty CHECK (min_quantity > 0), + CONSTRAINT chk_vendor_pricelists_dates CHECK (valid_to IS NULL OR valid_to >= valid_from) +); + +-- Tabla: purchase_agreements (Acuerdos de compra / Contratos) +CREATE TABLE purchase.purchase_agreements ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + agreement_type purchase.agreement_type NOT NULL, + + -- Proveedor + partner_id UUID NOT NULL REFERENCES core.partners(id), + + -- Vigencia + start_date DATE NOT NULL, + end_date DATE NOT NULL, + + -- Montos (para contratos blanket) + amount_max DECIMAL(15, 2), + currency_id UUID REFERENCES core.currencies(id), + + -- Estado + is_active BOOLEAN DEFAULT TRUE, + + -- Términos + terms TEXT, + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_purchase_agreements_code_company UNIQUE (company_id, code), + CONSTRAINT chk_purchase_agreements_dates CHECK (end_date > start_date) +); + +-- Tabla: purchase_agreement_lines (Líneas de acuerdo) +CREATE TABLE purchase.purchase_agreement_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + agreement_id UUID NOT NULL REFERENCES purchase.purchase_agreements(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + + -- Cantidades + quantity DECIMAL(12, 4), + qty_ordered DECIMAL(12, 4) DEFAULT 0, + + -- Precio acordado + price_unit DECIMAL(15, 4), + discount DECIMAL(5, 2) DEFAULT 0, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Índices para purchase_agreement_lines +CREATE INDEX idx_purchase_agreement_lines_tenant_id ON purchase.purchase_agreement_lines(tenant_id); + +-- RLS para purchase_agreement_lines +ALTER TABLE purchase.purchase_agreement_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_purchase_agreement_lines ON purchase.purchase_agreement_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: vendor_evaluations (Evaluaciones de proveedores) +CREATE TABLE purchase.vendor_evaluations ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + partner_id UUID NOT NULL REFERENCES core.partners(id), + + -- Período de evaluación + evaluation_date DATE NOT NULL, + period_start DATE NOT NULL, + period_end DATE NOT NULL, + + -- Calificaciones (1-5) + quality_rating INTEGER, + delivery_rating INTEGER, + service_rating INTEGER, + price_rating INTEGER, + overall_rating DECIMAL(3, 2), + + -- Métricas + on_time_delivery_rate DECIMAL(5, 2), -- Porcentaje + defect_rate DECIMAL(5, 2), -- Porcentaje + + -- Comentarios + comments TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_vendor_evaluations_quality CHECK (quality_rating >= 1 AND quality_rating <= 5), + CONSTRAINT chk_vendor_evaluations_delivery CHECK (delivery_rating >= 1 AND delivery_rating <= 5), + CONSTRAINT chk_vendor_evaluations_service CHECK (service_rating >= 1 AND service_rating <= 5), + CONSTRAINT chk_vendor_evaluations_price CHECK (price_rating >= 1 AND price_rating <= 5), + CONSTRAINT chk_vendor_evaluations_overall CHECK (overall_rating >= 1 AND overall_rating <= 5), + CONSTRAINT chk_vendor_evaluations_dates CHECK (period_end >= period_start) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Purchase Orders +CREATE INDEX idx_purchase_orders_tenant_id ON purchase.purchase_orders(tenant_id); +CREATE INDEX idx_purchase_orders_company_id ON purchase.purchase_orders(company_id); +CREATE INDEX idx_purchase_orders_partner_id ON purchase.purchase_orders(partner_id); +CREATE INDEX idx_purchase_orders_name ON purchase.purchase_orders(name); +CREATE INDEX idx_purchase_orders_status ON purchase.purchase_orders(status); +CREATE INDEX idx_purchase_orders_order_date ON purchase.purchase_orders(order_date); +CREATE INDEX idx_purchase_orders_expected_date ON purchase.purchase_orders(expected_date); + +-- Purchase Order Lines +CREATE INDEX idx_purchase_order_lines_order_id ON purchase.purchase_order_lines(order_id); +CREATE INDEX idx_purchase_order_lines_product_id ON purchase.purchase_order_lines(product_id); +CREATE INDEX idx_purchase_order_lines_analytic_account_id ON purchase.purchase_order_lines(analytic_account_id) WHERE analytic_account_id IS NOT NULL; + +-- RFQs +CREATE INDEX idx_rfqs_tenant_id ON purchase.rfqs(tenant_id); +CREATE INDEX idx_rfqs_company_id ON purchase.rfqs(company_id); +CREATE INDEX idx_rfqs_status ON purchase.rfqs(status); +CREATE INDEX idx_rfqs_request_date ON purchase.rfqs(request_date); + +-- RFQ Lines +CREATE INDEX idx_rfq_lines_rfq_id ON purchase.rfq_lines(rfq_id); +CREATE INDEX idx_rfq_lines_product_id ON purchase.rfq_lines(product_id); + +-- Vendor Pricelists +CREATE INDEX idx_vendor_pricelists_tenant_id ON purchase.vendor_pricelists(tenant_id); +CREATE INDEX idx_vendor_pricelists_partner_id ON purchase.vendor_pricelists(partner_id); +CREATE INDEX idx_vendor_pricelists_product_id ON purchase.vendor_pricelists(product_id); +CREATE INDEX idx_vendor_pricelists_active ON purchase.vendor_pricelists(active) WHERE active = TRUE; + +-- Purchase Agreements +CREATE INDEX idx_purchase_agreements_tenant_id ON purchase.purchase_agreements(tenant_id); +CREATE INDEX idx_purchase_agreements_company_id ON purchase.purchase_agreements(company_id); +CREATE INDEX idx_purchase_agreements_partner_id ON purchase.purchase_agreements(partner_id); +CREATE INDEX idx_purchase_agreements_dates ON purchase.purchase_agreements(start_date, end_date); +CREATE INDEX idx_purchase_agreements_active ON purchase.purchase_agreements(is_active) WHERE is_active = TRUE; + +-- Purchase Agreement Lines +CREATE INDEX idx_purchase_agreement_lines_agreement_id ON purchase.purchase_agreement_lines(agreement_id); +CREATE INDEX idx_purchase_agreement_lines_product_id ON purchase.purchase_agreement_lines(product_id); + +-- Vendor Evaluations +CREATE INDEX idx_vendor_evaluations_tenant_id ON purchase.vendor_evaluations(tenant_id); +CREATE INDEX idx_vendor_evaluations_partner_id ON purchase.vendor_evaluations(partner_id); +CREATE INDEX idx_vendor_evaluations_date ON purchase.vendor_evaluations(evaluation_date); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: calculate_purchase_order_totals +CREATE OR REPLACE FUNCTION purchase.calculate_purchase_order_totals(p_order_id UUID) +RETURNS VOID AS $$ +DECLARE + v_amount_untaxed DECIMAL; + v_amount_tax DECIMAL; + v_amount_total DECIMAL; +BEGIN + SELECT + COALESCE(SUM(amount_untaxed), 0), + COALESCE(SUM(amount_tax), 0), + COALESCE(SUM(amount_total), 0) + INTO v_amount_untaxed, v_amount_tax, v_amount_total + FROM purchase.purchase_order_lines + WHERE order_id = p_order_id; + + UPDATE purchase.purchase_orders + SET amount_untaxed = v_amount_untaxed, + amount_tax = v_amount_tax, + amount_total = v_amount_total, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_order_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION purchase.calculate_purchase_order_totals IS 'Calcula los totales de una orden de compra'; + +-- Función: create_picking_from_po +CREATE OR REPLACE FUNCTION purchase.create_picking_from_po(p_order_id UUID) +RETURNS UUID AS $$ +DECLARE + v_order RECORD; + v_picking_id UUID; + v_location_supplier UUID; + v_location_stock UUID; +BEGIN + -- Obtener datos de la orden + SELECT * INTO v_order + FROM purchase.purchase_orders + WHERE id = p_order_id; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Purchase order % not found', p_order_id; + END IF; + + -- Obtener ubicaciones (simplificado - en producción obtener de configuración) + SELECT id INTO v_location_supplier + FROM inventory.locations + WHERE location_type = 'supplier' + LIMIT 1; + + SELECT id INTO v_location_stock + FROM inventory.locations + WHERE location_type = 'internal' + LIMIT 1; + + -- Crear picking + INSERT INTO inventory.pickings ( + tenant_id, + company_id, + name, + picking_type, + location_id, + location_dest_id, + partner_id, + origin, + scheduled_date + ) VALUES ( + v_order.tenant_id, + v_order.company_id, + 'IN/' || v_order.name, + 'incoming', + v_location_supplier, + v_location_stock, + v_order.partner_id, + v_order.name, + v_order.expected_date + ) RETURNING id INTO v_picking_id; + + -- Actualizar la PO con el picking_id + UPDATE purchase.purchase_orders + SET picking_id = v_picking_id + WHERE id = p_order_id; + + RETURN v_picking_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION purchase.create_picking_from_po IS 'Crea un picking de recepción a partir de una orden de compra'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER trg_purchase_orders_updated_at + BEFORE UPDATE ON purchase.purchase_orders + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_rfqs_updated_at + BEFORE UPDATE ON purchase.rfqs + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_vendor_pricelists_updated_at + BEFORE UPDATE ON purchase.vendor_pricelists + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_purchase_agreements_updated_at + BEFORE UPDATE ON purchase.purchase_agreements + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar totales de PO al cambiar líneas +CREATE OR REPLACE FUNCTION purchase.trg_update_po_totals() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + PERFORM purchase.calculate_purchase_order_totals(OLD.order_id); + ELSE + PERFORM purchase.calculate_purchase_order_totals(NEW.order_id); + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_purchase_order_lines_update_totals + AFTER INSERT OR UPDATE OR DELETE ON purchase.purchase_order_lines + FOR EACH ROW + EXECUTE FUNCTION purchase.trg_update_po_totals(); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern) +-- ===================================================== + +-- Trigger: Tracking automático para órdenes de compra +CREATE TRIGGER track_purchase_order_changes + AFTER INSERT OR UPDATE OR DELETE ON purchase.purchase_orders + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_purchase_order_changes ON purchase.purchase_orders IS +'Registra automáticamente cambios en órdenes de compra (estado, proveedor, monto, fecha)'; + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE purchase.purchase_orders ENABLE ROW LEVEL SECURITY; +ALTER TABLE purchase.rfqs ENABLE ROW LEVEL SECURITY; +ALTER TABLE purchase.vendor_pricelists ENABLE ROW LEVEL SECURITY; +ALTER TABLE purchase.purchase_agreements ENABLE ROW LEVEL SECURITY; +ALTER TABLE purchase.vendor_evaluations ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_purchase_orders ON purchase.purchase_orders + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_rfqs ON purchase.rfqs + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_vendor_pricelists ON purchase.vendor_pricelists + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_purchase_agreements ON purchase.purchase_agreements + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_vendor_evaluations ON purchase.vendor_evaluations + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA purchase IS 'Schema de gestión de compras y proveedores'; +COMMENT ON TABLE purchase.purchase_orders IS 'Órdenes de compra a proveedores'; +COMMENT ON TABLE purchase.purchase_order_lines IS 'Líneas de órdenes de compra'; +COMMENT ON TABLE purchase.rfqs IS 'Solicitudes de cotización (RFQ)'; +COMMENT ON TABLE purchase.rfq_lines IS 'Líneas de solicitudes de cotización'; +COMMENT ON TABLE purchase.vendor_pricelists IS 'Listas de precios de proveedores'; +COMMENT ON TABLE purchase.purchase_agreements IS 'Acuerdos/contratos de compra con proveedores'; +COMMENT ON TABLE purchase.purchase_agreement_lines IS 'Líneas de acuerdos de compra'; +COMMENT ON TABLE purchase.vendor_evaluations IS 'Evaluaciones de desempeño de proveedores'; + +-- ===================================================== +-- FIN DEL SCHEMA PURCHASE +-- ===================================================== diff --git a/database/ddl/07-sales.sql b/database/ddl/07-sales.sql new file mode 100644 index 0000000..10ec490 --- /dev/null +++ b/database/ddl/07-sales.sql @@ -0,0 +1,705 @@ +-- ===================================================== +-- SCHEMA: sales +-- PROPÓSITO: Gestión de ventas, cotizaciones, clientes +-- MÓDULOS: MGN-007 (Ventas Básico) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS sales; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE sales.order_status AS ENUM ( + 'draft', + 'sent', + 'sale', + 'done', + 'cancelled' +); + +CREATE TYPE sales.quotation_status AS ENUM ( + 'draft', + 'sent', + 'approved', + 'rejected', + 'converted', + 'expired' +); + +CREATE TYPE sales.invoice_policy AS ENUM ( + 'order', + 'delivery' +); + +CREATE TYPE sales.delivery_status AS ENUM ( + 'pending', + 'partial', + 'delivered' +); + +CREATE TYPE sales.invoice_status AS ENUM ( + 'pending', + 'partial', + 'invoiced' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: sales_orders (Órdenes de venta) +CREATE TABLE sales.sales_orders ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Numeración + name VARCHAR(100) NOT NULL, + client_order_ref VARCHAR(100), -- Referencia del cliente + + -- Cliente + partner_id UUID NOT NULL REFERENCES core.partners(id), + + -- Fechas + order_date DATE NOT NULL, + validity_date DATE, + commitment_date DATE, + + -- Configuración + currency_id UUID NOT NULL REFERENCES core.currencies(id), + pricelist_id UUID REFERENCES sales.pricelists(id), + payment_term_id UUID REFERENCES financial.payment_terms(id), + + -- Usuario + user_id UUID REFERENCES auth.users(id), + sales_team_id UUID REFERENCES sales.sales_teams(id), + + -- Montos + amount_untaxed DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_tax DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_total DECIMAL(15, 2) NOT NULL DEFAULT 0, + + -- Estado + status sales.order_status NOT NULL DEFAULT 'draft', + invoice_status sales.invoice_status NOT NULL DEFAULT 'pending', + delivery_status sales.delivery_status NOT NULL DEFAULT 'pending', + + -- Facturación + invoice_policy sales.invoice_policy DEFAULT 'order', + + -- Relaciones generadas + picking_id UUID REFERENCES inventory.pickings(id), + + -- Notas + notes TEXT, + terms_conditions TEXT, + + -- Firma electrónica + signature TEXT, -- base64 + signature_date TIMESTAMP, + signature_ip INET, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + confirmed_at TIMESTAMP, + confirmed_by UUID REFERENCES auth.users(id), + cancelled_at TIMESTAMP, + cancelled_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_sales_orders_name_company UNIQUE (company_id, name), + CONSTRAINT chk_sales_orders_validity CHECK (validity_date IS NULL OR validity_date >= order_date) +); + +-- Tabla: sales_order_lines (Líneas de orden de venta) +CREATE TABLE sales.sales_order_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + order_id UUID NOT NULL REFERENCES sales.sales_orders(id) ON DELETE CASCADE, + + product_id UUID NOT NULL REFERENCES inventory.products(id), + description TEXT NOT NULL, + + -- Cantidades + quantity DECIMAL(12, 4) NOT NULL, + qty_delivered DECIMAL(12, 4) DEFAULT 0, + qty_invoiced DECIMAL(12, 4) DEFAULT 0, + uom_id UUID NOT NULL REFERENCES core.uom(id), + + -- Precios + price_unit DECIMAL(15, 4) NOT NULL, + discount DECIMAL(5, 2) DEFAULT 0, -- Porcentaje de descuento + + -- Impuestos + tax_ids UUID[] DEFAULT '{}', + + -- Montos + amount_untaxed DECIMAL(15, 2) NOT NULL, + amount_tax DECIMAL(15, 2) NOT NULL, + amount_total DECIMAL(15, 2) NOT NULL, + + -- Analítica + analytic_account_id UUID REFERENCES analytics.analytic_accounts(id), -- Distribución analítica + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP, + + CONSTRAINT chk_sales_order_lines_quantity CHECK (quantity > 0), + CONSTRAINT chk_sales_order_lines_discount CHECK (discount >= 0 AND discount <= 100), + CONSTRAINT chk_sales_order_lines_qty_delivered CHECK (qty_delivered >= 0 AND qty_delivered <= quantity), + CONSTRAINT chk_sales_order_lines_qty_invoiced CHECK (qty_invoiced >= 0 AND qty_invoiced <= quantity) +); + +-- Índices para sales_order_lines +CREATE INDEX idx_sales_order_lines_tenant_id ON sales.sales_order_lines(tenant_id); +CREATE INDEX idx_sales_order_lines_order_id ON sales.sales_order_lines(order_id); +CREATE INDEX idx_sales_order_lines_product_id ON sales.sales_order_lines(product_id); + +-- RLS para sales_order_lines +ALTER TABLE sales.sales_order_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_sales_order_lines ON sales.sales_order_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: quotations (Cotizaciones) +CREATE TABLE sales.quotations ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Numeración + name VARCHAR(100) NOT NULL, + + -- Cliente potencial + partner_id UUID NOT NULL REFERENCES core.partners(id), + + -- Fechas + quotation_date DATE NOT NULL, + validity_date DATE NOT NULL, + + -- Configuración + currency_id UUID NOT NULL REFERENCES core.currencies(id), + pricelist_id UUID REFERENCES sales.pricelists(id), + + -- Usuario + user_id UUID REFERENCES auth.users(id), + sales_team_id UUID REFERENCES sales.sales_teams(id), + + -- Montos + amount_untaxed DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_tax DECIMAL(15, 2) NOT NULL DEFAULT 0, + amount_total DECIMAL(15, 2) NOT NULL DEFAULT 0, + + -- Estado + status sales.quotation_status NOT NULL DEFAULT 'draft', + + -- Conversión + sale_order_id UUID REFERENCES sales.sales_orders(id), -- Orden generada + + -- Notas + notes TEXT, + terms_conditions TEXT, + + -- Firma electrónica + signature TEXT, -- base64 + signature_date TIMESTAMP, + signature_ip INET, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_quotations_name_company UNIQUE (company_id, name), + CONSTRAINT chk_quotations_validity CHECK (validity_date >= quotation_date) +); + +-- Tabla: quotation_lines (Líneas de cotización) +CREATE TABLE sales.quotation_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + quotation_id UUID NOT NULL REFERENCES sales.quotations(id) ON DELETE CASCADE, + + product_id UUID REFERENCES inventory.products(id), + description TEXT NOT NULL, + quantity DECIMAL(12, 4) NOT NULL, + uom_id UUID NOT NULL REFERENCES core.uom(id), + price_unit DECIMAL(15, 4) NOT NULL, + discount DECIMAL(5, 2) DEFAULT 0, + tax_ids UUID[] DEFAULT '{}', + amount_untaxed DECIMAL(15, 2) NOT NULL, + amount_tax DECIMAL(15, 2) NOT NULL, + amount_total DECIMAL(15, 2) NOT NULL, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_quotation_lines_quantity CHECK (quantity > 0), + CONSTRAINT chk_quotation_lines_discount CHECK (discount >= 0 AND discount <= 100) +); + +-- Índices para quotation_lines +CREATE INDEX idx_quotation_lines_tenant_id ON sales.quotation_lines(tenant_id); +CREATE INDEX idx_quotation_lines_quotation_id ON sales.quotation_lines(quotation_id); +CREATE INDEX idx_quotation_lines_product_id ON sales.quotation_lines(product_id); + +-- RLS para quotation_lines +ALTER TABLE sales.quotation_lines ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_quotation_lines ON sales.quotation_lines + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: pricelists (Listas de precios) +CREATE TABLE sales.pricelists ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id), + + name VARCHAR(255) NOT NULL, + currency_id UUID NOT NULL REFERENCES core.currencies(id), + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_pricelists_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: pricelist_items (Items de lista de precios) +CREATE TABLE sales.pricelist_items ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + pricelist_id UUID NOT NULL REFERENCES sales.pricelists(id) ON DELETE CASCADE, + + product_id UUID REFERENCES inventory.products(id), + product_category_id UUID REFERENCES core.product_categories(id), + + -- Precio + price DECIMAL(15, 4) NOT NULL, + + -- Cantidad mínima + min_quantity DECIMAL(12, 4) DEFAULT 1, + + -- Validez + valid_from DATE, + valid_to DATE, + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_pricelist_items_price CHECK (price >= 0), + CONSTRAINT chk_pricelist_items_min_qty CHECK (min_quantity > 0), + CONSTRAINT chk_pricelist_items_dates CHECK (valid_to IS NULL OR valid_to >= valid_from), + CONSTRAINT chk_pricelist_items_product_or_category CHECK ( + (product_id IS NOT NULL AND product_category_id IS NULL) OR + (product_id IS NULL AND product_category_id IS NOT NULL) + ) +); + +-- Índices para pricelist_items +CREATE INDEX idx_pricelist_items_tenant_id ON sales.pricelist_items(tenant_id); +CREATE INDEX idx_pricelist_items_pricelist_id ON sales.pricelist_items(pricelist_id); +CREATE INDEX idx_pricelist_items_product_id ON sales.pricelist_items(product_id); + +-- RLS para pricelist_items +ALTER TABLE sales.pricelist_items ENABLE ROW LEVEL SECURITY; +CREATE POLICY tenant_isolation_pricelist_items ON sales.pricelist_items + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Tabla: customer_groups (Grupos de clientes) +CREATE TABLE sales.customer_groups ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + description TEXT, + discount_percentage DECIMAL(5, 2) DEFAULT 0, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_customer_groups_name_tenant UNIQUE (tenant_id, name), + CONSTRAINT chk_customer_groups_discount CHECK (discount_percentage >= 0 AND discount_percentage <= 100) +); + +-- Tabla: customer_group_members (Miembros de grupos) +CREATE TABLE sales.customer_group_members ( + customer_group_id UUID NOT NULL REFERENCES sales.customer_groups(id) ON DELETE CASCADE, + partner_id UUID NOT NULL REFERENCES core.partners(id) ON DELETE CASCADE, + joined_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (customer_group_id, partner_id) +); + +-- Tabla: sales_teams (Equipos de ventas) +CREATE TABLE sales.sales_teams ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + team_leader_id UUID REFERENCES auth.users(id), + + -- Objetivos + target_monthly DECIMAL(15, 2), + target_annual DECIMAL(15, 2), + + -- Control + active BOOLEAN NOT NULL DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_sales_teams_code_company UNIQUE (company_id, code) +); + +-- Tabla: sales_team_members (Miembros de equipos) +CREATE TABLE sales.sales_team_members ( + sales_team_id UUID NOT NULL REFERENCES sales.sales_teams(id) ON DELETE CASCADE, + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + joined_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (sales_team_id, user_id) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Sales Orders +CREATE INDEX idx_sales_orders_tenant_id ON sales.sales_orders(tenant_id); +CREATE INDEX idx_sales_orders_company_id ON sales.sales_orders(company_id); +CREATE INDEX idx_sales_orders_partner_id ON sales.sales_orders(partner_id); +CREATE INDEX idx_sales_orders_name ON sales.sales_orders(name); +CREATE INDEX idx_sales_orders_status ON sales.sales_orders(status); +CREATE INDEX idx_sales_orders_order_date ON sales.sales_orders(order_date); +CREATE INDEX idx_sales_orders_user_id ON sales.sales_orders(user_id); +CREATE INDEX idx_sales_orders_sales_team_id ON sales.sales_orders(sales_team_id); + +-- Sales Order Lines +CREATE INDEX idx_sales_order_lines_order_id ON sales.sales_order_lines(order_id); +CREATE INDEX idx_sales_order_lines_product_id ON sales.sales_order_lines(product_id); +CREATE INDEX idx_sales_order_lines_analytic_account_id ON sales.sales_order_lines(analytic_account_id) WHERE analytic_account_id IS NOT NULL; + +-- Quotations +CREATE INDEX idx_quotations_tenant_id ON sales.quotations(tenant_id); +CREATE INDEX idx_quotations_company_id ON sales.quotations(company_id); +CREATE INDEX idx_quotations_partner_id ON sales.quotations(partner_id); +CREATE INDEX idx_quotations_status ON sales.quotations(status); +CREATE INDEX idx_quotations_validity_date ON sales.quotations(validity_date); + +-- Quotation Lines +CREATE INDEX idx_quotation_lines_quotation_id ON sales.quotation_lines(quotation_id); +CREATE INDEX idx_quotation_lines_product_id ON sales.quotation_lines(product_id); + +-- Pricelists +CREATE INDEX idx_pricelists_tenant_id ON sales.pricelists(tenant_id); +CREATE INDEX idx_pricelists_active ON sales.pricelists(active) WHERE active = TRUE; + +-- Pricelist Items +CREATE INDEX idx_pricelist_items_pricelist_id ON sales.pricelist_items(pricelist_id); +CREATE INDEX idx_pricelist_items_product_id ON sales.pricelist_items(product_id); +CREATE INDEX idx_pricelist_items_category_id ON sales.pricelist_items(product_category_id); + +-- Customer Groups +CREATE INDEX idx_customer_groups_tenant_id ON sales.customer_groups(tenant_id); + +-- Sales Teams +CREATE INDEX idx_sales_teams_tenant_id ON sales.sales_teams(tenant_id); +CREATE INDEX idx_sales_teams_company_id ON sales.sales_teams(company_id); +CREATE INDEX idx_sales_teams_leader_id ON sales.sales_teams(team_leader_id); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: calculate_sales_order_totals +CREATE OR REPLACE FUNCTION sales.calculate_sales_order_totals(p_order_id UUID) +RETURNS VOID AS $$ +DECLARE + v_amount_untaxed DECIMAL; + v_amount_tax DECIMAL; + v_amount_total DECIMAL; +BEGIN + SELECT + COALESCE(SUM(amount_untaxed), 0), + COALESCE(SUM(amount_tax), 0), + COALESCE(SUM(amount_total), 0) + INTO v_amount_untaxed, v_amount_tax, v_amount_total + FROM sales.sales_order_lines + WHERE order_id = p_order_id; + + UPDATE sales.sales_orders + SET amount_untaxed = v_amount_untaxed, + amount_tax = v_amount_tax, + amount_total = v_amount_total, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_order_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION sales.calculate_sales_order_totals IS 'Calcula los totales de una orden de venta'; + +-- Función: calculate_quotation_totals +CREATE OR REPLACE FUNCTION sales.calculate_quotation_totals(p_quotation_id UUID) +RETURNS VOID AS $$ +DECLARE + v_amount_untaxed DECIMAL; + v_amount_tax DECIMAL; + v_amount_total DECIMAL; +BEGIN + SELECT + COALESCE(SUM(amount_untaxed), 0), + COALESCE(SUM(amount_tax), 0), + COALESCE(SUM(amount_total), 0) + INTO v_amount_untaxed, v_amount_tax, v_amount_total + FROM sales.quotation_lines + WHERE quotation_id = p_quotation_id; + + UPDATE sales.quotations + SET amount_untaxed = v_amount_untaxed, + amount_tax = v_amount_tax, + amount_total = v_amount_total, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_quotation_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION sales.calculate_quotation_totals IS 'Calcula los totales de una cotización'; + +-- Función: convert_quotation_to_order +CREATE OR REPLACE FUNCTION sales.convert_quotation_to_order(p_quotation_id UUID) +RETURNS UUID AS $$ +DECLARE + v_quotation RECORD; + v_order_id UUID; +BEGIN + -- Obtener cotización + SELECT * INTO v_quotation + FROM sales.quotations + WHERE id = p_quotation_id; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Quotation % not found', p_quotation_id; + END IF; + + IF v_quotation.status != 'approved' THEN + RAISE EXCEPTION 'Quotation must be approved before conversion'; + END IF; + + -- Crear orden de venta + INSERT INTO sales.sales_orders ( + tenant_id, + company_id, + name, + partner_id, + order_date, + currency_id, + pricelist_id, + user_id, + sales_team_id, + amount_untaxed, + amount_tax, + amount_total, + notes, + terms_conditions, + signature, + signature_date, + signature_ip + ) VALUES ( + v_quotation.tenant_id, + v_quotation.company_id, + REPLACE(v_quotation.name, 'QT', 'SO'), + v_quotation.partner_id, + CURRENT_DATE, + v_quotation.currency_id, + v_quotation.pricelist_id, + v_quotation.user_id, + v_quotation.sales_team_id, + v_quotation.amount_untaxed, + v_quotation.amount_tax, + v_quotation.amount_total, + v_quotation.notes, + v_quotation.terms_conditions, + v_quotation.signature, + v_quotation.signature_date, + v_quotation.signature_ip + ) RETURNING id INTO v_order_id; + + -- Copiar líneas + INSERT INTO sales.sales_order_lines ( + order_id, + product_id, + description, + quantity, + uom_id, + price_unit, + discount, + tax_ids, + amount_untaxed, + amount_tax, + amount_total + ) + SELECT + v_order_id, + product_id, + description, + quantity, + uom_id, + price_unit, + discount, + tax_ids, + amount_untaxed, + amount_tax, + amount_total + FROM sales.quotation_lines + WHERE quotation_id = p_quotation_id; + + -- Actualizar cotización + UPDATE sales.quotations + SET status = 'converted', + sale_order_id = v_order_id, + updated_at = CURRENT_TIMESTAMP, + updated_by = get_current_user_id() + WHERE id = p_quotation_id; + + RETURN v_order_id; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION sales.convert_quotation_to_order IS 'Convierte una cotización aprobada en orden de venta'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER trg_sales_orders_updated_at + BEFORE UPDATE ON sales.sales_orders + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_quotations_updated_at + BEFORE UPDATE ON sales.quotations + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_pricelists_updated_at + BEFORE UPDATE ON sales.pricelists + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_sales_teams_updated_at + BEFORE UPDATE ON sales.sales_teams + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar totales de orden al cambiar líneas +CREATE OR REPLACE FUNCTION sales.trg_update_so_totals() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + PERFORM sales.calculate_sales_order_totals(OLD.order_id); + ELSE + PERFORM sales.calculate_sales_order_totals(NEW.order_id); + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_sales_order_lines_update_totals + AFTER INSERT OR UPDATE OR DELETE ON sales.sales_order_lines + FOR EACH ROW + EXECUTE FUNCTION sales.trg_update_so_totals(); + +-- Trigger: Actualizar totales de cotización al cambiar líneas +CREATE OR REPLACE FUNCTION sales.trg_update_quotation_totals() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + PERFORM sales.calculate_quotation_totals(OLD.quotation_id); + ELSE + PERFORM sales.calculate_quotation_totals(NEW.quotation_id); + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_quotation_lines_update_totals + AFTER INSERT OR UPDATE OR DELETE ON sales.quotation_lines + FOR EACH ROW + EXECUTE FUNCTION sales.trg_update_quotation_totals(); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern) +-- ===================================================== + +-- Trigger: Tracking automático para órdenes de venta +CREATE TRIGGER track_sales_order_changes + AFTER INSERT OR UPDATE OR DELETE ON sales.sales_orders + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_sales_order_changes ON sales.sales_orders IS +'Registra automáticamente cambios en órdenes de venta (estado, cliente, monto, fecha, facturación, entrega)'; + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE sales.sales_orders ENABLE ROW LEVEL SECURITY; +ALTER TABLE sales.quotations ENABLE ROW LEVEL SECURITY; +ALTER TABLE sales.pricelists ENABLE ROW LEVEL SECURITY; +ALTER TABLE sales.customer_groups ENABLE ROW LEVEL SECURITY; +ALTER TABLE sales.sales_teams ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_sales_orders ON sales.sales_orders + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_quotations ON sales.quotations + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_pricelists ON sales.pricelists + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_customer_groups ON sales.customer_groups + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_sales_teams ON sales.sales_teams + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA sales IS 'Schema de gestión de ventas, cotizaciones y clientes'; +COMMENT ON TABLE sales.sales_orders IS 'Órdenes de venta confirmadas'; +COMMENT ON TABLE sales.sales_order_lines IS 'Líneas de órdenes de venta'; +COMMENT ON TABLE sales.quotations IS 'Cotizaciones enviadas a clientes'; +COMMENT ON TABLE sales.quotation_lines IS 'Líneas de cotizaciones'; +COMMENT ON TABLE sales.pricelists IS 'Listas de precios para clientes'; +COMMENT ON TABLE sales.pricelist_items IS 'Items de listas de precios por producto/categoría'; +COMMENT ON TABLE sales.customer_groups IS 'Grupos de clientes para descuentos y segmentación'; +COMMENT ON TABLE sales.sales_teams IS 'Equipos de ventas con objetivos'; + +-- ===================================================== +-- FIN DEL SCHEMA SALES +-- ===================================================== diff --git a/database/ddl/08-projects.sql b/database/ddl/08-projects.sql new file mode 100644 index 0000000..e8cc807 --- /dev/null +++ b/database/ddl/08-projects.sql @@ -0,0 +1,537 @@ +-- ===================================================== +-- SCHEMA: projects +-- PROPÓSITO: Gestión de proyectos, tareas, milestones +-- MÓDULOS: MGN-011 (Proyectos Genéricos) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS projects; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE projects.project_status AS ENUM ( + 'draft', + 'active', + 'completed', + 'cancelled', + 'on_hold' +); + +CREATE TYPE projects.privacy_type AS ENUM ( + 'public', + 'private', + 'followers' +); + +CREATE TYPE projects.task_status AS ENUM ( + 'todo', + 'in_progress', + 'review', + 'done', + 'cancelled' +); + +CREATE TYPE projects.task_priority AS ENUM ( + 'low', + 'normal', + 'high', + 'urgent' +); + +CREATE TYPE projects.dependency_type AS ENUM ( + 'finish_to_start', + 'start_to_start', + 'finish_to_finish', + 'start_to_finish' +); + +CREATE TYPE projects.milestone_status AS ENUM ( + 'pending', + 'completed' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: projects (Proyectos) +CREATE TABLE projects.projects ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Identificación + name VARCHAR(255) NOT NULL, + code VARCHAR(50), + description TEXT, + + -- Responsables + manager_id UUID REFERENCES auth.users(id), + partner_id UUID REFERENCES core.partners(id), -- Cliente + + -- Analítica (1-1) + analytic_account_id UUID REFERENCES analytics.analytic_accounts(id), + + -- Fechas + date_start DATE, + date_end DATE, + + -- Estado + status projects.project_status NOT NULL DEFAULT 'draft', + privacy projects.privacy_type NOT NULL DEFAULT 'public', + + -- Configuración + allow_timesheets BOOLEAN DEFAULT TRUE, + color VARCHAR(20), -- Color para UI + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_projects_code_company UNIQUE (company_id, code), + CONSTRAINT chk_projects_dates CHECK (date_end IS NULL OR date_end >= date_start) +); + +-- Tabla: project_stages (Etapas de tareas) +CREATE TABLE projects.project_stages ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + project_id UUID REFERENCES projects.projects(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + sequence INTEGER NOT NULL DEFAULT 1, + is_closed BOOLEAN DEFAULT FALSE, -- Etapa final + fold BOOLEAN DEFAULT FALSE, -- Plegada en kanban + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_project_stages_sequence CHECK (sequence > 0) +); + +-- Tabla: tasks (Tareas) +CREATE TABLE projects.tasks ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + project_id UUID NOT NULL REFERENCES projects.projects(id) ON DELETE CASCADE, + stage_id UUID REFERENCES projects.project_stages(id), + + -- Identificación + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Asignación + assigned_to UUID REFERENCES auth.users(id), + partner_id UUID REFERENCES core.partners(id), + + -- Jerarquía + parent_id UUID REFERENCES projects.tasks(id), + + -- Fechas + date_start DATE, + date_deadline DATE, + + -- Esfuerzo + planned_hours DECIMAL(8, 2) DEFAULT 0, + actual_hours DECIMAL(8, 2) DEFAULT 0, + progress INTEGER DEFAULT 0, -- 0-100 + + -- Prioridad y estado + priority projects.task_priority NOT NULL DEFAULT 'normal', + status projects.task_status NOT NULL DEFAULT 'todo', + + -- Milestone + milestone_id UUID REFERENCES projects.milestones(id), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + deleted_at TIMESTAMP, + deleted_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_tasks_no_self_parent CHECK (id != parent_id), + CONSTRAINT chk_tasks_dates CHECK (date_deadline IS NULL OR date_deadline >= date_start), + CONSTRAINT chk_tasks_planned_hours CHECK (planned_hours >= 0), + CONSTRAINT chk_tasks_actual_hours CHECK (actual_hours >= 0), + CONSTRAINT chk_tasks_progress CHECK (progress >= 0 AND progress <= 100) +); + +-- Tabla: milestones (Hitos) +CREATE TABLE projects.milestones ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + project_id UUID NOT NULL REFERENCES projects.projects(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + description TEXT, + target_date DATE NOT NULL, + status projects.milestone_status NOT NULL DEFAULT 'pending', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + completed_at TIMESTAMP, + completed_by UUID REFERENCES auth.users(id) +); + +-- Tabla: task_dependencies (Dependencias entre tareas) +CREATE TABLE projects.task_dependencies ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + task_id UUID NOT NULL REFERENCES projects.tasks(id) ON DELETE CASCADE, + depends_on_id UUID NOT NULL REFERENCES projects.tasks(id) ON DELETE CASCADE, + + dependency_type projects.dependency_type NOT NULL DEFAULT 'finish_to_start', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_task_dependencies UNIQUE (task_id, depends_on_id), + CONSTRAINT chk_task_dependencies_no_self CHECK (task_id != depends_on_id) +); + +-- Tabla: task_tags (Etiquetas de tareas) +CREATE TABLE projects.task_tags ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + color VARCHAR(20), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_task_tags_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: task_tag_assignments (Many-to-many) +CREATE TABLE projects.task_tag_assignments ( + task_id UUID NOT NULL REFERENCES projects.tasks(id) ON DELETE CASCADE, + tag_id UUID NOT NULL REFERENCES projects.task_tags(id) ON DELETE CASCADE, + + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + PRIMARY KEY (task_id, tag_id) +); + +-- Tabla: timesheets (Registro de horas) +CREATE TABLE projects.timesheets ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + task_id UUID REFERENCES projects.tasks(id) ON DELETE SET NULL, + project_id UUID NOT NULL REFERENCES projects.projects(id), + + employee_id UUID, -- FK a hr.employees (se crea después) + user_id UUID REFERENCES auth.users(id), + + -- Fecha y horas + date DATE NOT NULL, + hours DECIMAL(8, 2) NOT NULL, + + -- Descripción + description TEXT, + + -- Analítica + analytic_account_id UUID REFERENCES analytics.analytic_accounts(id), -- Distribución analítica + analytic_line_id UUID REFERENCES analytics.analytic_lines(id), -- Línea analítica generada + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT chk_timesheets_hours CHECK (hours > 0) +); + +-- Tabla: task_checklists (Checklists dentro de tareas) +CREATE TABLE projects.task_checklists ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + task_id UUID NOT NULL REFERENCES projects.tasks(id) ON DELETE CASCADE, + + item_name VARCHAR(255) NOT NULL, + is_completed BOOLEAN DEFAULT FALSE, + sequence INTEGER DEFAULT 1, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + completed_at TIMESTAMP, + completed_by UUID REFERENCES auth.users(id) +); + +-- Tabla: project_templates (Plantillas de proyectos) +CREATE TABLE projects.project_templates ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Template data (JSON con estructura de proyecto, tareas, etc.) + template_data JSONB DEFAULT '{}', + + -- Control + active BOOLEAN DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_project_templates_name_tenant UNIQUE (tenant_id, name) +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Projects +CREATE INDEX idx_projects_tenant_id ON projects.projects(tenant_id); +CREATE INDEX idx_projects_company_id ON projects.projects(company_id); +CREATE INDEX idx_projects_manager_id ON projects.projects(manager_id); +CREATE INDEX idx_projects_partner_id ON projects.projects(partner_id); +CREATE INDEX idx_projects_analytic_account_id ON projects.projects(analytic_account_id); +CREATE INDEX idx_projects_status ON projects.projects(status); + +-- Project Stages +CREATE INDEX idx_project_stages_tenant_id ON projects.project_stages(tenant_id); +CREATE INDEX idx_project_stages_project_id ON projects.project_stages(project_id); +CREATE INDEX idx_project_stages_sequence ON projects.project_stages(sequence); + +-- Tasks +CREATE INDEX idx_tasks_tenant_id ON projects.tasks(tenant_id); +CREATE INDEX idx_tasks_project_id ON projects.tasks(project_id); +CREATE INDEX idx_tasks_stage_id ON projects.tasks(stage_id); +CREATE INDEX idx_tasks_assigned_to ON projects.tasks(assigned_to); +CREATE INDEX idx_tasks_parent_id ON projects.tasks(parent_id); +CREATE INDEX idx_tasks_milestone_id ON projects.tasks(milestone_id); +CREATE INDEX idx_tasks_status ON projects.tasks(status); +CREATE INDEX idx_tasks_priority ON projects.tasks(priority); +CREATE INDEX idx_tasks_date_deadline ON projects.tasks(date_deadline); + +-- Milestones +CREATE INDEX idx_milestones_tenant_id ON projects.milestones(tenant_id); +CREATE INDEX idx_milestones_project_id ON projects.milestones(project_id); +CREATE INDEX idx_milestones_status ON projects.milestones(status); +CREATE INDEX idx_milestones_target_date ON projects.milestones(target_date); + +-- Task Dependencies +CREATE INDEX idx_task_dependencies_task_id ON projects.task_dependencies(task_id); +CREATE INDEX idx_task_dependencies_depends_on_id ON projects.task_dependencies(depends_on_id); + +-- Timesheets +CREATE INDEX idx_timesheets_tenant_id ON projects.timesheets(tenant_id); +CREATE INDEX idx_timesheets_company_id ON projects.timesheets(company_id); +CREATE INDEX idx_timesheets_task_id ON projects.timesheets(task_id); +CREATE INDEX idx_timesheets_project_id ON projects.timesheets(project_id); +CREATE INDEX idx_timesheets_employee_id ON projects.timesheets(employee_id); +CREATE INDEX idx_timesheets_date ON projects.timesheets(date); +CREATE INDEX idx_timesheets_analytic_account_id ON projects.timesheets(analytic_account_id) WHERE analytic_account_id IS NOT NULL; + +-- Task Checklists +CREATE INDEX idx_task_checklists_task_id ON projects.task_checklists(task_id); + +-- Project Templates +CREATE INDEX idx_project_templates_tenant_id ON projects.project_templates(tenant_id); +CREATE INDEX idx_project_templates_active ON projects.project_templates(active) WHERE active = TRUE; + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: update_task_actual_hours +CREATE OR REPLACE FUNCTION projects.update_task_actual_hours() +RETURNS TRIGGER AS $$ +BEGIN + IF TG_OP = 'DELETE' THEN + UPDATE projects.tasks + SET actual_hours = ( + SELECT COALESCE(SUM(hours), 0) + FROM projects.timesheets + WHERE task_id = OLD.task_id + ) + WHERE id = OLD.task_id; + ELSE + UPDATE projects.tasks + SET actual_hours = ( + SELECT COALESCE(SUM(hours), 0) + FROM projects.timesheets + WHERE task_id = NEW.task_id + ) + WHERE id = NEW.task_id; + END IF; + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION projects.update_task_actual_hours IS 'Actualiza las horas reales de una tarea al cambiar timesheets'; + +-- Función: check_task_dependencies +CREATE OR REPLACE FUNCTION projects.check_task_dependencies(p_task_id UUID) +RETURNS BOOLEAN AS $$ +DECLARE + v_unfinished_count INTEGER; +BEGIN + SELECT COUNT(*) + INTO v_unfinished_count + FROM projects.task_dependencies td + JOIN projects.tasks t ON td.depends_on_id = t.id + WHERE td.task_id = p_task_id + AND t.status != 'done'; + + RETURN v_unfinished_count = 0; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION projects.check_task_dependencies IS 'Verifica si todas las dependencias de una tarea están completadas'; + +-- Función: prevent_circular_dependencies +CREATE OR REPLACE FUNCTION projects.prevent_circular_dependencies() +RETURNS TRIGGER AS $$ +BEGIN + -- Verificar si crear esta dependencia crea un ciclo + IF EXISTS ( + WITH RECURSIVE dep_chain AS ( + SELECT task_id, depends_on_id + FROM projects.task_dependencies + WHERE task_id = NEW.depends_on_id + + UNION ALL + + SELECT td.task_id, td.depends_on_id + FROM projects.task_dependencies td + JOIN dep_chain dc ON td.task_id = dc.depends_on_id + ) + SELECT 1 FROM dep_chain WHERE depends_on_id = NEW.task_id + ) THEN + RAISE EXCEPTION 'Cannot create circular dependency'; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION projects.prevent_circular_dependencies IS 'Previene la creación de dependencias circulares entre tareas'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER trg_projects_updated_at + BEFORE UPDATE ON projects.projects + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_tasks_updated_at + BEFORE UPDATE ON projects.tasks + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_milestones_updated_at + BEFORE UPDATE ON projects.milestones + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_timesheets_updated_at + BEFORE UPDATE ON projects.timesheets + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_project_templates_updated_at + BEFORE UPDATE ON projects.project_templates + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger: Actualizar horas reales de tarea al cambiar timesheet +CREATE TRIGGER trg_timesheets_update_task_hours + AFTER INSERT OR UPDATE OR DELETE ON projects.timesheets + FOR EACH ROW + EXECUTE FUNCTION projects.update_task_actual_hours(); + +-- Trigger: Prevenir dependencias circulares +CREATE TRIGGER trg_task_dependencies_prevent_circular + BEFORE INSERT ON projects.task_dependencies + FOR EACH ROW + EXECUTE FUNCTION projects.prevent_circular_dependencies(); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern) +-- ===================================================== + +-- Trigger: Tracking automático para proyectos +CREATE TRIGGER track_project_changes + AFTER INSERT OR UPDATE OR DELETE ON projects.projects + FOR EACH ROW EXECUTE FUNCTION system.track_field_changes(); + +COMMENT ON TRIGGER track_project_changes ON projects.projects IS +'Registra automáticamente cambios en proyectos (estado, nombre, responsable, fechas)'; + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE projects.projects ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.project_stages ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.tasks ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.milestones ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.task_tags ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.timesheets ENABLE ROW LEVEL SECURITY; +ALTER TABLE projects.project_templates ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_projects ON projects.projects + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_project_stages ON projects.project_stages + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_tasks ON projects.tasks + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_milestones ON projects.milestones + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_task_tags ON projects.task_tags + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_timesheets ON projects.timesheets + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_project_templates ON projects.project_templates + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA projects IS 'Schema de gestión de proyectos, tareas y timesheets'; +COMMENT ON TABLE projects.projects IS 'Proyectos genéricos con tracking de tareas'; +COMMENT ON TABLE projects.project_stages IS 'Etapas/columnas para tablero Kanban de tareas'; +COMMENT ON TABLE projects.tasks IS 'Tareas dentro de proyectos con jerarquía y dependencias'; +COMMENT ON TABLE projects.milestones IS 'Hitos importantes en proyectos'; +COMMENT ON TABLE projects.task_dependencies IS 'Dependencias entre tareas (precedencia)'; +COMMENT ON TABLE projects.task_tags IS 'Etiquetas para categorizar tareas'; +COMMENT ON TABLE projects.timesheets IS 'Registro de horas trabajadas en tareas'; +COMMENT ON TABLE projects.task_checklists IS 'Checklists dentro de tareas'; +COMMENT ON TABLE projects.project_templates IS 'Plantillas de proyectos para reutilización'; + +-- ===================================================== +-- FIN DEL SCHEMA PROJECTS +-- ===================================================== diff --git a/database/ddl/09-system.sql b/database/ddl/09-system.sql new file mode 100644 index 0000000..07e4053 --- /dev/null +++ b/database/ddl/09-system.sql @@ -0,0 +1,853 @@ +-- ===================================================== +-- SCHEMA: system +-- PROPÓSITO: Mensajería, notificaciones, logs, reportes +-- MÓDULOS: MGN-012 (Reportes), MGN-014 (Mensajería) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS system; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE system.message_type AS ENUM ( + 'comment', + 'note', + 'email', + 'notification', + 'system' +); + +CREATE TYPE system.notification_status AS ENUM ( + 'pending', + 'sent', + 'read', + 'failed' +); + +CREATE TYPE system.activity_type AS ENUM ( + 'call', + 'meeting', + 'email', + 'todo', + 'follow_up', + 'custom' +); + +CREATE TYPE system.activity_status AS ENUM ( + 'planned', + 'done', + 'cancelled', + 'overdue' +); + +CREATE TYPE system.email_status AS ENUM ( + 'draft', + 'queued', + 'sending', + 'sent', + 'failed', + 'bounced' +); + +CREATE TYPE system.log_level AS ENUM ( + 'debug', + 'info', + 'warning', + 'error', + 'critical' +); + +CREATE TYPE system.report_format AS ENUM ( + 'pdf', + 'excel', + 'csv', + 'html' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: messages (Chatter - mensajes en registros) +CREATE TABLE system.messages ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Referencia polimórfica (a qué registro pertenece) + model VARCHAR(100) NOT NULL, -- 'SaleOrder', 'Task', 'Invoice', etc. + record_id UUID NOT NULL, + + -- Tipo y contenido + message_type system.message_type NOT NULL DEFAULT 'comment', + subject VARCHAR(255), + body TEXT NOT NULL, + + -- Autor + author_id UUID REFERENCES auth.users(id), + author_name VARCHAR(255), + author_email VARCHAR(255), + + -- Email tracking + email_from VARCHAR(255), + reply_to VARCHAR(255), + message_id VARCHAR(500), -- Message-ID para threading + + -- Relación (respuesta a mensaje) + parent_id UUID REFERENCES system.messages(id), + + -- Attachments + attachment_ids UUID[] DEFAULT '{}', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP +); + +-- Tabla: message_followers (Seguidores de registros) +CREATE TABLE system.message_followers ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + -- Referencia polimórfica + model VARCHAR(100) NOT NULL, + record_id UUID NOT NULL, + + -- Seguidor + partner_id UUID REFERENCES core.partners(id), + user_id UUID REFERENCES auth.users(id), + + -- Configuración + email_notifications BOOLEAN DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT uq_message_followers UNIQUE (model, record_id, COALESCE(user_id, partner_id)), + CONSTRAINT chk_message_followers_user_or_partner CHECK ( + (user_id IS NOT NULL AND partner_id IS NULL) OR + (partner_id IS NOT NULL AND user_id IS NULL) + ) +); + +-- Tabla: notifications (Notificaciones a usuarios) +CREATE TABLE system.notifications ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + + -- Contenido + title VARCHAR(255) NOT NULL, + message TEXT NOT NULL, + url VARCHAR(500), -- URL para acción (ej: /sales/orders/123) + + -- Referencia (opcional) + model VARCHAR(100), + record_id UUID, + + -- Estado + status system.notification_status NOT NULL DEFAULT 'pending', + read_at TIMESTAMP, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + sent_at TIMESTAMP +); + +-- Tabla: activities (Actividades programadas) +CREATE TABLE system.activities ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Referencia polimórfica + model VARCHAR(100) NOT NULL, + record_id UUID NOT NULL, + + -- Actividad + activity_type system.activity_type NOT NULL, + summary VARCHAR(255) NOT NULL, + description TEXT, + + -- Asignación + assigned_to UUID REFERENCES auth.users(id), + assigned_by UUID REFERENCES auth.users(id), + + -- Fechas + due_date DATE NOT NULL, + due_time TIME, + + -- Estado + status system.activity_status NOT NULL DEFAULT 'planned', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + completed_at TIMESTAMP, + completed_by UUID REFERENCES auth.users(id) +); + +-- Tabla: message_templates (Plantillas de mensajes/emails) +CREATE TABLE system.message_templates ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + model VARCHAR(100), -- Para qué modelo se usa + + -- Contenido + subject VARCHAR(255), + body_html TEXT, + body_text TEXT, + + -- Configuración email + email_from VARCHAR(255), + reply_to VARCHAR(255), + cc VARCHAR(255), + bcc VARCHAR(255), + + -- Control + active BOOLEAN DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_message_templates_name_tenant UNIQUE (tenant_id, name) +); + +-- Tabla: email_queue (Cola de envío de emails) +CREATE TABLE system.email_queue ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID REFERENCES auth.tenants(id), + + -- Destinatarios + email_to VARCHAR(255) NOT NULL, + email_cc VARCHAR(500), + email_bcc VARCHAR(500), + + -- Contenido + subject VARCHAR(255) NOT NULL, + body_html TEXT, + body_text TEXT, + + -- Remitente + email_from VARCHAR(255) NOT NULL, + reply_to VARCHAR(255), + + -- Attachments + attachment_ids UUID[] DEFAULT '{}', + + -- Estado + status system.email_status NOT NULL DEFAULT 'queued', + attempts INTEGER DEFAULT 0, + max_attempts INTEGER DEFAULT 3, + error_message TEXT, + + -- Tracking + message_id VARCHAR(500), + opened_at TIMESTAMP, + clicked_at TIMESTAMP, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + scheduled_at TIMESTAMP, + sent_at TIMESTAMP, + failed_at TIMESTAMP +); + +-- Tabla: logs (Logs del sistema) +CREATE TABLE system.logs ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID REFERENCES auth.tenants(id), + + -- Nivel y fuente + level system.log_level NOT NULL, + logger VARCHAR(100), -- Módulo que genera el log + + -- Mensaje + message TEXT NOT NULL, + stack_trace TEXT, + + -- Contexto + user_id UUID REFERENCES auth.users(id), + ip_address INET, + user_agent TEXT, + request_id UUID, + + -- Referencia (opcional) + model VARCHAR(100), + record_id UUID, + + -- Metadata adicional + metadata JSONB DEFAULT '{}', + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: reports (Definiciones de reportes) +CREATE TABLE system.reports ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + code VARCHAR(50) NOT NULL, + description TEXT, + + -- Tipo + model VARCHAR(100), -- Para qué modelo es el reporte + report_type VARCHAR(50), -- 'standard', 'custom', 'dashboard' + + -- Query/Template + query_template TEXT, -- SQL template o JSON query + template_file VARCHAR(255), -- Path al archivo de plantilla + + -- Configuración + default_format system.report_format DEFAULT 'pdf', + is_public BOOLEAN DEFAULT FALSE, + + -- Control + active BOOLEAN DEFAULT TRUE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_reports_code_tenant UNIQUE (tenant_id, code) +); + +-- Tabla: report_executions (Ejecuciones de reportes) +CREATE TABLE system.report_executions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + report_id UUID NOT NULL REFERENCES system.reports(id) ON DELETE CASCADE, + + -- Parámetros de ejecución + parameters JSONB DEFAULT '{}', + format system.report_format NOT NULL, + + -- Resultado + file_url VARCHAR(500), + file_size BIGINT, + error_message TEXT, + + -- Estado + status VARCHAR(20) DEFAULT 'pending', -- pending, running, completed, failed + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + started_at TIMESTAMP, + completed_at TIMESTAMP +); + +-- Tabla: dashboards (Dashboards configurables) +CREATE TABLE system.dashboards ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Configuración + layout JSONB DEFAULT '{}', -- Grid layout configuration + is_default BOOLEAN DEFAULT FALSE, + + -- Visibilidad + user_id UUID REFERENCES auth.users(id), -- NULL = compartido + is_public BOOLEAN DEFAULT FALSE, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMP, + updated_by UUID REFERENCES auth.users(id), + + CONSTRAINT uq_dashboards_name_user UNIQUE (tenant_id, name, COALESCE(user_id, '00000000-0000-0000-0000-000000000000'::UUID)) +); + +-- Tabla: dashboard_widgets (Widgets en dashboards) +CREATE TABLE system.dashboard_widgets ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + + dashboard_id UUID NOT NULL REFERENCES system.dashboards(id) ON DELETE CASCADE, + + -- Tipo de widget + widget_type VARCHAR(50) NOT NULL, -- 'chart', 'kpi', 'table', 'calendar', etc. + title VARCHAR(255), + + -- Configuración + config JSONB NOT NULL DEFAULT '{}', -- Widget-specific configuration + position JSONB DEFAULT '{}', -- {x, y, w, h} para grid + + -- Data source + data_source VARCHAR(100), -- Model o query + query_params JSONB DEFAULT '{}', + + -- Refresh + refresh_interval INTEGER, -- Segundos + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP +); + +-- ===================================================== +-- INDICES +-- ===================================================== + +-- Messages +CREATE INDEX idx_messages_tenant_id ON system.messages(tenant_id); +CREATE INDEX idx_messages_model_record ON system.messages(model, record_id); +CREATE INDEX idx_messages_author_id ON system.messages(author_id); +CREATE INDEX idx_messages_parent_id ON system.messages(parent_id); +CREATE INDEX idx_messages_created_at ON system.messages(created_at DESC); + +-- Message Followers +CREATE INDEX idx_message_followers_model_record ON system.message_followers(model, record_id); +CREATE INDEX idx_message_followers_user_id ON system.message_followers(user_id); +CREATE INDEX idx_message_followers_partner_id ON system.message_followers(partner_id); + +-- Notifications +CREATE INDEX idx_notifications_tenant_id ON system.notifications(tenant_id); +CREATE INDEX idx_notifications_user_id ON system.notifications(user_id); +CREATE INDEX idx_notifications_status ON system.notifications(status); +CREATE INDEX idx_notifications_model_record ON system.notifications(model, record_id); +CREATE INDEX idx_notifications_created_at ON system.notifications(created_at DESC); + +-- Activities +CREATE INDEX idx_activities_tenant_id ON system.activities(tenant_id); +CREATE INDEX idx_activities_model_record ON system.activities(model, record_id); +CREATE INDEX idx_activities_assigned_to ON system.activities(assigned_to); +CREATE INDEX idx_activities_due_date ON system.activities(due_date); +CREATE INDEX idx_activities_status ON system.activities(status); + +-- Message Templates +CREATE INDEX idx_message_templates_tenant_id ON system.message_templates(tenant_id); +CREATE INDEX idx_message_templates_model ON system.message_templates(model); +CREATE INDEX idx_message_templates_active ON system.message_templates(active) WHERE active = TRUE; + +-- Email Queue +CREATE INDEX idx_email_queue_status ON system.email_queue(status); +CREATE INDEX idx_email_queue_scheduled_at ON system.email_queue(scheduled_at); +CREATE INDEX idx_email_queue_created_at ON system.email_queue(created_at); + +-- Logs +CREATE INDEX idx_logs_tenant_id ON system.logs(tenant_id); +CREATE INDEX idx_logs_level ON system.logs(level); +CREATE INDEX idx_logs_logger ON system.logs(logger); +CREATE INDEX idx_logs_user_id ON system.logs(user_id); +CREATE INDEX idx_logs_created_at ON system.logs(created_at DESC); +CREATE INDEX idx_logs_model_record ON system.logs(model, record_id); + +-- Reports +CREATE INDEX idx_reports_tenant_id ON system.reports(tenant_id); +CREATE INDEX idx_reports_code ON system.reports(code); +CREATE INDEX idx_reports_active ON system.reports(active) WHERE active = TRUE; + +-- Report Executions +CREATE INDEX idx_report_executions_tenant_id ON system.report_executions(tenant_id); +CREATE INDEX idx_report_executions_report_id ON system.report_executions(report_id); +CREATE INDEX idx_report_executions_created_by ON system.report_executions(created_by); +CREATE INDEX idx_report_executions_created_at ON system.report_executions(created_at DESC); + +-- Dashboards +CREATE INDEX idx_dashboards_tenant_id ON system.dashboards(tenant_id); +CREATE INDEX idx_dashboards_user_id ON system.dashboards(user_id); +CREATE INDEX idx_dashboards_is_public ON system.dashboards(is_public) WHERE is_public = TRUE; + +-- Dashboard Widgets +CREATE INDEX idx_dashboard_widgets_dashboard_id ON system.dashboard_widgets(dashboard_id); +CREATE INDEX idx_dashboard_widgets_type ON system.dashboard_widgets(widget_type); + +-- ===================================================== +-- FUNCTIONS +-- ===================================================== + +-- Función: notify_followers +CREATE OR REPLACE FUNCTION system.notify_followers( + p_model VARCHAR, + p_record_id UUID, + p_message_id UUID +) +RETURNS VOID AS $$ +BEGIN + INSERT INTO system.notifications (tenant_id, user_id, title, message, model, record_id) + SELECT + get_current_tenant_id(), + mf.user_id, + 'New message in ' || p_model, + m.body, + p_model, + p_record_id + FROM system.message_followers mf + JOIN system.messages m ON m.id = p_message_id + WHERE mf.model = p_model + AND mf.record_id = p_record_id + AND mf.user_id IS NOT NULL + AND mf.email_notifications = TRUE; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION system.notify_followers IS 'Notifica a los seguidores de un registro cuando hay un nuevo mensaje'; + +-- Función: mark_activity_as_overdue +CREATE OR REPLACE FUNCTION system.mark_activities_as_overdue() +RETURNS INTEGER AS $$ +DECLARE + v_updated_count INTEGER; +BEGIN + WITH updated AS ( + UPDATE system.activities + SET status = 'overdue' + WHERE status = 'planned' + AND due_date < CURRENT_DATE + RETURNING id + ) + SELECT COUNT(*) INTO v_updated_count FROM updated; + + RETURN v_updated_count; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION system.mark_activities_as_overdue IS 'Marca actividades vencidas como overdue (ejecutar diariamente)'; + +-- Función: clean_old_logs +CREATE OR REPLACE FUNCTION system.clean_old_logs(p_days_to_keep INTEGER DEFAULT 90) +RETURNS INTEGER AS $$ +DECLARE + v_deleted_count INTEGER; +BEGIN + WITH deleted AS ( + DELETE FROM system.logs + WHERE created_at < CURRENT_TIMESTAMP - (p_days_to_keep || ' days')::INTERVAL + AND level != 'critical' + RETURNING id + ) + SELECT COUNT(*) INTO v_deleted_count FROM deleted; + + RETURN v_deleted_count; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION system.clean_old_logs IS 'Limpia logs antiguos (mantener solo críticos)'; + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER trg_messages_updated_at + BEFORE UPDATE ON system.messages + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_message_templates_updated_at + BEFORE UPDATE ON system.message_templates + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_reports_updated_at + BEFORE UPDATE ON system.reports + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_dashboards_updated_at + BEFORE UPDATE ON system.dashboards + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +CREATE TRIGGER trg_dashboard_widgets_updated_at + BEFORE UPDATE ON system.dashboard_widgets + FOR EACH ROW + EXECUTE FUNCTION auth.update_updated_at_column(); + +-- ===================================================== +-- ROW LEVEL SECURITY (RLS) +-- ===================================================== + +ALTER TABLE system.messages ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.notifications ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.activities ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.message_templates ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.logs ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.reports ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.report_executions ENABLE ROW LEVEL SECURITY; +ALTER TABLE system.dashboards ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_messages ON system.messages + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_notifications ON system.notifications + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_activities ON system.activities + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_message_templates ON system.message_templates + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_logs ON system.logs + USING (tenant_id = get_current_tenant_id() OR tenant_id IS NULL); + +CREATE POLICY tenant_isolation_reports ON system.reports + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_report_executions ON system.report_executions + USING (tenant_id = get_current_tenant_id()); + +CREATE POLICY tenant_isolation_dashboards ON system.dashboards + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- TRACKING AUTOMÁTICO (mail.thread pattern de Odoo) +-- ===================================================== + +-- Tabla: field_tracking_config (Configuración de campos a trackear) +CREATE TABLE system.field_tracking_config ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + table_schema VARCHAR(50) NOT NULL, + table_name VARCHAR(100) NOT NULL, + field_name VARCHAR(100) NOT NULL, + track_changes BOOLEAN NOT NULL DEFAULT true, + field_type VARCHAR(50) NOT NULL, -- 'text', 'integer', 'numeric', 'boolean', 'uuid', 'timestamp', 'json' + display_label VARCHAR(255) NOT NULL, -- Para mostrar en UI: "Estado", "Monto", "Cliente", etc. + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + CONSTRAINT uq_field_tracking UNIQUE (table_schema, table_name, field_name) +); + +-- Índice para búsqueda rápida +CREATE INDEX idx_field_tracking_config_table +ON system.field_tracking_config(table_schema, table_name); + +-- Tabla: change_log (Historial de cambios en registros) +CREATE TABLE system.change_log ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id), + + -- Referencia al registro modificado + table_schema VARCHAR(50) NOT NULL, + table_name VARCHAR(100) NOT NULL, + record_id UUID NOT NULL, + + -- Usuario que hizo el cambio + changed_by UUID NOT NULL REFERENCES auth.users(id), + changed_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + -- Tipo de cambio + change_type VARCHAR(20) NOT NULL CHECK (change_type IN ('create', 'update', 'delete', 'state_change')), + + -- Campo modificado (NULL para create/delete) + field_name VARCHAR(100), + field_label VARCHAR(255), -- Para UI: "Estado", "Monto Total", etc. + + -- Valores anterior y nuevo + old_value TEXT, + new_value TEXT, + + -- Metadata adicional + change_context JSONB, -- Info adicional: IP, user agent, módulo, etc. + + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP +); + +-- Índices para performance del change_log +CREATE INDEX idx_change_log_tenant_id ON system.change_log(tenant_id); +CREATE INDEX idx_change_log_record ON system.change_log(table_schema, table_name, record_id); +CREATE INDEX idx_change_log_changed_by ON system.change_log(changed_by); +CREATE INDEX idx_change_log_changed_at ON system.change_log(changed_at DESC); +CREATE INDEX idx_change_log_type ON system.change_log(change_type); + +-- Índice compuesto para queries comunes +CREATE INDEX idx_change_log_record_date +ON system.change_log(table_schema, table_name, record_id, changed_at DESC); + +-- RLS Policy para multi-tenancy +ALTER TABLE system.change_log ENABLE ROW LEVEL SECURITY; + +CREATE POLICY tenant_isolation_change_log ON system.change_log + USING (tenant_id = get_current_tenant_id()); + +-- ===================================================== +-- FUNCIÓN DE TRACKING AUTOMÁTICO +-- ===================================================== + +-- Función: track_field_changes +-- Función genérica para trackear cambios automáticamente +CREATE OR REPLACE FUNCTION system.track_field_changes() +RETURNS TRIGGER AS $$ +DECLARE + v_tenant_id UUID; + v_user_id UUID; + v_field_name TEXT; + v_field_label TEXT; + v_old_value TEXT; + v_new_value TEXT; + v_field_config RECORD; +BEGIN + -- Obtener tenant_id y user_id del registro + IF TG_OP = 'DELETE' THEN + v_tenant_id := OLD.tenant_id; + v_user_id := OLD.deleted_by; + ELSE + v_tenant_id := NEW.tenant_id; + v_user_id := NEW.updated_by; + END IF; + + -- Registrar creación + IF TG_OP = 'INSERT' THEN + INSERT INTO system.change_log ( + tenant_id, table_schema, table_name, record_id, + changed_by, change_type, change_context + ) VALUES ( + v_tenant_id, TG_TABLE_SCHEMA, TG_TABLE_NAME, NEW.id, + NEW.created_by, 'create', + jsonb_build_object('operation', 'INSERT') + ); + RETURN NEW; + END IF; + + -- Registrar eliminación (soft delete) + IF TG_OP = 'UPDATE' AND OLD.deleted_at IS NULL AND NEW.deleted_at IS NOT NULL THEN + INSERT INTO system.change_log ( + tenant_id, table_schema, table_name, record_id, + changed_by, change_type, change_context + ) VALUES ( + v_tenant_id, TG_TABLE_SCHEMA, TG_TABLE_NAME, NEW.id, + NEW.deleted_by, 'delete', + jsonb_build_object('operation', 'SOFT_DELETE', 'deleted_at', NEW.deleted_at) + ); + RETURN NEW; + END IF; + + -- Registrar cambios en campos configurados + IF TG_OP = 'UPDATE' THEN + -- Iterar sobre campos configurados para esta tabla + FOR v_field_config IN + SELECT field_name, display_label, field_type + FROM system.field_tracking_config + WHERE table_schema = TG_TABLE_SCHEMA + AND table_name = TG_TABLE_NAME + AND track_changes = true + LOOP + v_field_name := v_field_config.field_name; + v_field_label := v_field_config.display_label; + + -- Obtener valores antiguo y nuevo (usar EXECUTE para campos dinámicos) + EXECUTE format('SELECT ($1).%I::TEXT, ($2).%I::TEXT', v_field_name, v_field_name) + INTO v_old_value, v_new_value + USING OLD, NEW; + + -- Si el valor cambió, registrarlo + IF v_old_value IS DISTINCT FROM v_new_value THEN + INSERT INTO system.change_log ( + tenant_id, table_schema, table_name, record_id, + changed_by, change_type, field_name, field_label, + old_value, new_value, change_context + ) VALUES ( + v_tenant_id, TG_TABLE_SCHEMA, TG_TABLE_NAME, NEW.id, + v_user_id, + CASE + WHEN v_field_name = 'status' OR v_field_name = 'state' THEN 'state_change' + ELSE 'update' + END, + v_field_name, v_field_label, + v_old_value, v_new_value, + jsonb_build_object('operation', 'UPDATE', 'field_type', v_field_config.field_type) + ); + END IF; + END LOOP; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql SECURITY DEFINER; + +COMMENT ON FUNCTION system.track_field_changes IS +'Función trigger para trackear cambios automáticamente según configuración en field_tracking_config (patrón mail.thread de Odoo)'; + +-- ===================================================== +-- SEED DATA: Configuración de campos a trackear +-- ===================================================== + +-- FINANCIAL: Facturas +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('financial', 'invoices', 'status', 'text', 'Estado'), +('financial', 'invoices', 'partner_id', 'uuid', 'Cliente/Proveedor'), +('financial', 'invoices', 'invoice_date', 'timestamp', 'Fecha de Factura'), +('financial', 'invoices', 'amount_total', 'numeric', 'Monto Total'), +('financial', 'invoices', 'payment_term_id', 'uuid', 'Término de Pago') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- FINANCIAL: Asientos contables +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('financial', 'journal_entries', 'status', 'text', 'Estado'), +('financial', 'journal_entries', 'date', 'timestamp', 'Fecha del Asiento'), +('financial', 'journal_entries', 'journal_id', 'uuid', 'Diario Contable') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- PURCHASE: Órdenes de compra +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('purchase', 'purchase_orders', 'status', 'text', 'Estado'), +('purchase', 'purchase_orders', 'partner_id', 'uuid', 'Proveedor'), +('purchase', 'purchase_orders', 'order_date', 'timestamp', 'Fecha de Orden'), +('purchase', 'purchase_orders', 'amount_total', 'numeric', 'Monto Total'), +('purchase', 'purchase_orders', 'receipt_status', 'text', 'Estado de Recepción') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- SALES: Órdenes de venta +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('sales', 'sales_orders', 'status', 'text', 'Estado'), +('sales', 'sales_orders', 'partner_id', 'uuid', 'Cliente'), +('sales', 'sales_orders', 'order_date', 'timestamp', 'Fecha de Orden'), +('sales', 'sales_orders', 'amount_total', 'numeric', 'Monto Total'), +('sales', 'sales_orders', 'invoice_status', 'text', 'Estado de Facturación'), +('sales', 'sales_orders', 'delivery_status', 'text', 'Estado de Entrega') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- INVENTORY: Movimientos de stock +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('inventory', 'stock_moves', 'status', 'text', 'Estado'), +('inventory', 'stock_moves', 'product_id', 'uuid', 'Producto'), +('inventory', 'stock_moves', 'product_qty', 'numeric', 'Cantidad'), +('inventory', 'stock_moves', 'location_id', 'uuid', 'Ubicación Origen'), +('inventory', 'stock_moves', 'location_dest_id', 'uuid', 'Ubicación Destino') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- PROJECTS: Proyectos +INSERT INTO system.field_tracking_config (table_schema, table_name, field_name, field_type, display_label) VALUES +('projects', 'projects', 'status', 'text', 'Estado'), +('projects', 'projects', 'name', 'text', 'Nombre del Proyecto'), +('projects', 'projects', 'manager_id', 'uuid', 'Responsable'), +('projects', 'projects', 'date_start', 'timestamp', 'Fecha de Inicio'), +('projects', 'projects', 'date_end', 'timestamp', 'Fecha de Fin') +ON CONFLICT (table_schema, table_name, field_name) DO NOTHING; + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA system IS 'Schema de mensajería, notificaciones, logs, reportes y tracking automático'; +COMMENT ON TABLE system.messages IS 'Mensajes del chatter (comentarios, notas, emails)'; +COMMENT ON TABLE system.message_followers IS 'Seguidores de registros para notificaciones'; +COMMENT ON TABLE system.notifications IS 'Notificaciones a usuarios'; +COMMENT ON TABLE system.activities IS 'Actividades programadas (llamadas, reuniones, tareas)'; +COMMENT ON TABLE system.message_templates IS 'Plantillas de mensajes y emails'; +COMMENT ON TABLE system.email_queue IS 'Cola de envío de emails'; +COMMENT ON TABLE system.logs IS 'Logs del sistema y auditoría'; +COMMENT ON TABLE system.reports IS 'Definiciones de reportes'; +COMMENT ON TABLE system.report_executions IS 'Ejecuciones de reportes con resultados'; +COMMENT ON TABLE system.dashboards IS 'Dashboards configurables por usuario'; +COMMENT ON TABLE system.dashboard_widgets IS 'Widgets dentro de dashboards'; +COMMENT ON TABLE system.field_tracking_config IS 'Configuración de campos a trackear automáticamente por tabla (patrón mail.thread de Odoo)'; +COMMENT ON TABLE system.change_log IS 'Historial de cambios en registros (mail.thread pattern de Odoo). Registra automáticamente cambios de estado y campos críticos.'; + +-- ===================================================== +-- FIN DEL SCHEMA SYSTEM +-- ===================================================== diff --git a/database/ddl/10-billing.sql b/database/ddl/10-billing.sql new file mode 100644 index 0000000..e816d02 --- /dev/null +++ b/database/ddl/10-billing.sql @@ -0,0 +1,638 @@ +-- ===================================================== +-- SCHEMA: billing +-- PROPÓSITO: Suscripciones SaaS, planes, pagos, facturación +-- MÓDULOS: MGN-015 (Billing y Suscripciones) +-- FECHA: 2025-11-24 +-- ===================================================== +-- NOTA: Este schema permite que el sistema opere como SaaS multi-tenant +-- o como instalación single-tenant (on-premise). En modo single-tenant, +-- las tablas de este schema pueden ignorarse o tener un único plan "unlimited". +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS billing; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE billing.subscription_status AS ENUM ( + 'trialing', -- En período de prueba + 'active', -- Suscripción activa + 'past_due', -- Pago atrasado + 'paused', -- Suscripción pausada + 'cancelled', -- Cancelada por usuario + 'suspended', -- Suspendida por falta de pago + 'expired' -- Expirada +); + +CREATE TYPE billing.billing_cycle AS ENUM ( + 'monthly', + 'quarterly', + 'semi_annual', + 'annual' +); + +CREATE TYPE billing.payment_method_type AS ENUM ( + 'card', + 'bank_transfer', + 'paypal', + 'oxxo', -- México + 'spei', -- México + 'other' +); + +CREATE TYPE billing.invoice_status AS ENUM ( + 'draft', + 'open', + 'paid', + 'void', + 'uncollectible' +); + +CREATE TYPE billing.payment_status AS ENUM ( + 'pending', + 'processing', + 'succeeded', + 'failed', + 'cancelled', + 'refunded' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: subscription_plans (Planes disponibles - global, no por tenant) +-- Esta tabla no tiene tenant_id porque los planes son globales del sistema SaaS +CREATE TABLE billing.subscription_plans ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(50) UNIQUE NOT NULL, + name VARCHAR(100) NOT NULL, + description TEXT, + + -- Precios + price_monthly DECIMAL(12,2) NOT NULL DEFAULT 0, + price_yearly DECIMAL(12,2) NOT NULL DEFAULT 0, + currency_code VARCHAR(3) NOT NULL DEFAULT 'MXN', + + -- Límites + max_users INTEGER DEFAULT 10, + max_companies INTEGER DEFAULT 1, + max_storage_gb INTEGER DEFAULT 5, + max_api_calls_month INTEGER DEFAULT 10000, + + -- Características incluidas (JSON para flexibilidad) + features JSONB DEFAULT '{}'::jsonb, + -- Ejemplo: {"inventory": true, "sales": true, "financial": true, "purchase": true, "crm": false} + + -- Metadata + is_active BOOLEAN NOT NULL DEFAULT true, + is_public BOOLEAN NOT NULL DEFAULT true, -- Visible en página de precios + is_default BOOLEAN NOT NULL DEFAULT false, -- Plan por defecto para nuevos tenants + trial_days INTEGER DEFAULT 14, + sort_order INTEGER DEFAULT 0, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + updated_by UUID, + + CONSTRAINT chk_plans_price_monthly CHECK (price_monthly >= 0), + CONSTRAINT chk_plans_price_yearly CHECK (price_yearly >= 0), + CONSTRAINT chk_plans_max_users CHECK (max_users > 0 OR max_users IS NULL), + CONSTRAINT chk_plans_trial_days CHECK (trial_days >= 0) +); + +-- Tabla: tenant_owners (Propietarios/Contratantes de tenant) +-- Usuario(s) que contratan y pagan por el tenant +CREATE TABLE billing.tenant_owners ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + user_id UUID NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + ownership_type VARCHAR(20) NOT NULL DEFAULT 'owner', + -- owner: Propietario principal (puede haber solo 1) + -- billing_admin: Puede gestionar facturación + + -- Contacto de facturación (puede diferir del usuario) + billing_email VARCHAR(255), + billing_phone VARCHAR(50), + billing_name VARCHAR(255), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + + CONSTRAINT uq_tenant_owners UNIQUE (tenant_id, user_id), + CONSTRAINT chk_ownership_type CHECK (ownership_type IN ('owner', 'billing_admin')) +); + +-- Tabla: subscriptions (Suscripciones activas de cada tenant) +CREATE TABLE billing.subscriptions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + plan_id UUID NOT NULL REFERENCES billing.subscription_plans(id), + + -- Estado + status billing.subscription_status NOT NULL DEFAULT 'trialing', + billing_cycle billing.billing_cycle NOT NULL DEFAULT 'monthly', + + -- Fechas importantes + trial_start_at TIMESTAMP, + trial_end_at TIMESTAMP, + current_period_start TIMESTAMP NOT NULL, + current_period_end TIMESTAMP NOT NULL, + cancelled_at TIMESTAMP, + cancel_at_period_end BOOLEAN NOT NULL DEFAULT false, + paused_at TIMESTAMP, + + -- Descuentos/Cupones + discount_percent DECIMAL(5,2) DEFAULT 0, + coupon_code VARCHAR(50), + + -- Integración pasarela de pago + stripe_subscription_id VARCHAR(255), + stripe_customer_id VARCHAR(255), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + updated_by UUID, + + CONSTRAINT uq_subscriptions_tenant UNIQUE (tenant_id), -- Solo 1 suscripción activa por tenant + CONSTRAINT chk_subscriptions_discount CHECK (discount_percent >= 0 AND discount_percent <= 100), + CONSTRAINT chk_subscriptions_period CHECK (current_period_end > current_period_start) +); + +-- Tabla: payment_methods (Métodos de pago por tenant) +CREATE TABLE billing.payment_methods ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + type billing.payment_method_type NOT NULL, + is_default BOOLEAN NOT NULL DEFAULT false, + + -- Información de tarjeta (solo últimos 4 dígitos por seguridad) + card_last_four VARCHAR(4), + card_brand VARCHAR(20), -- visa, mastercard, amex + card_exp_month INTEGER, + card_exp_year INTEGER, + + -- Dirección de facturación + billing_name VARCHAR(255), + billing_email VARCHAR(255), + billing_address_line1 VARCHAR(255), + billing_address_line2 VARCHAR(255), + billing_city VARCHAR(100), + billing_state VARCHAR(100), + billing_postal_code VARCHAR(20), + billing_country VARCHAR(2), -- ISO 3166-1 alpha-2 + + -- Integración pasarela + stripe_payment_method_id VARCHAR(255), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + deleted_at TIMESTAMP, -- Soft delete + + CONSTRAINT chk_payment_methods_card_exp CHECK ( + (type != 'card') OR + (card_exp_month BETWEEN 1 AND 12 AND card_exp_year >= EXTRACT(YEAR FROM CURRENT_DATE)) + ) +); + +-- Tabla: billing_invoices (Facturas de suscripción) +CREATE TABLE billing.invoices ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + subscription_id UUID REFERENCES billing.subscriptions(id), + + -- Número de factura + invoice_number VARCHAR(50) NOT NULL, + + -- Estado y fechas + status billing.invoice_status NOT NULL DEFAULT 'draft', + period_start TIMESTAMP, + period_end TIMESTAMP, + due_date DATE NOT NULL, + paid_at TIMESTAMP, + voided_at TIMESTAMP, + + -- Montos + subtotal DECIMAL(12,2) NOT NULL DEFAULT 0, + tax_amount DECIMAL(12,2) NOT NULL DEFAULT 0, + discount_amount DECIMAL(12,2) NOT NULL DEFAULT 0, + total DECIMAL(12,2) NOT NULL DEFAULT 0, + amount_paid DECIMAL(12,2) NOT NULL DEFAULT 0, + amount_due DECIMAL(12,2) NOT NULL DEFAULT 0, + currency_code VARCHAR(3) NOT NULL DEFAULT 'MXN', + + -- Datos fiscales del cliente + customer_name VARCHAR(255), + customer_tax_id VARCHAR(50), + customer_email VARCHAR(255), + customer_address TEXT, + + -- PDF y CFDI (México) + pdf_url VARCHAR(500), + cfdi_uuid VARCHAR(36), -- UUID del CFDI si aplica + cfdi_xml_url VARCHAR(500), + + -- Integración pasarela + stripe_invoice_id VARCHAR(255), + + -- Notas + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + updated_at TIMESTAMP, + + CONSTRAINT uq_invoices_number UNIQUE (invoice_number), + CONSTRAINT chk_invoices_amounts CHECK (total >= 0 AND subtotal >= 0 AND amount_due >= 0) +); + +-- Tabla: invoice_lines (Líneas de detalle de factura) +CREATE TABLE billing.invoice_lines ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + invoice_id UUID NOT NULL REFERENCES billing.invoices(id) ON DELETE CASCADE, + + description VARCHAR(255) NOT NULL, + quantity DECIMAL(12,4) NOT NULL DEFAULT 1, + unit_price DECIMAL(12,2) NOT NULL, + amount DECIMAL(12,2) NOT NULL, + + -- Para facturación por uso + period_start TIMESTAMP, + period_end TIMESTAMP, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_invoice_lines_qty CHECK (quantity > 0), + CONSTRAINT chk_invoice_lines_price CHECK (unit_price >= 0) +); + +-- Tabla: payments (Pagos recibidos) +CREATE TABLE billing.payments ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + invoice_id UUID REFERENCES billing.invoices(id), + payment_method_id UUID REFERENCES billing.payment_methods(id), + + -- Monto y moneda + amount DECIMAL(12,2) NOT NULL, + currency_code VARCHAR(3) NOT NULL DEFAULT 'MXN', + + -- Estado + status billing.payment_status NOT NULL DEFAULT 'pending', + + -- Fechas + paid_at TIMESTAMP, + failed_at TIMESTAMP, + refunded_at TIMESTAMP, + + -- Detalles del error (si falló) + failure_reason VARCHAR(255), + failure_code VARCHAR(50), + + -- Referencia de transacción + transaction_id VARCHAR(255), + stripe_payment_intent_id VARCHAR(255), + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_payments_amount CHECK (amount > 0) +); + +-- Tabla: usage_records (Registros de uso para billing por consumo) +CREATE TABLE billing.usage_records ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + subscription_id UUID REFERENCES billing.subscriptions(id), + + -- Tipo de métrica + metric_type VARCHAR(50) NOT NULL, + -- Ejemplos: 'users', 'storage_gb', 'api_calls', 'invoices_sent', 'emails_sent' + + quantity DECIMAL(12,4) NOT NULL, + billing_period DATE NOT NULL, -- Mes de facturación (YYYY-MM-01) + + -- Auditoría + recorded_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_usage_quantity CHECK (quantity >= 0) +); + +-- Tabla: coupons (Cupones de descuento) +CREATE TABLE billing.coupons ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(50) UNIQUE NOT NULL, + name VARCHAR(100) NOT NULL, + description TEXT, + + -- Tipo de descuento + discount_type VARCHAR(20) NOT NULL DEFAULT 'percent', + -- 'percent': Porcentaje de descuento + -- 'fixed': Monto fijo de descuento + + discount_value DECIMAL(12,2) NOT NULL, + currency_code VARCHAR(3) DEFAULT 'MXN', -- Solo para tipo 'fixed' + + -- Restricciones + max_redemptions INTEGER, -- Máximo de usos totales + max_redemptions_per_tenant INTEGER DEFAULT 1, -- Máximo por tenant + redemptions_count INTEGER NOT NULL DEFAULT 0, + + -- Vigencia + valid_from TIMESTAMP, + valid_until TIMESTAMP, + + -- Aplicable a + applicable_plans UUID[], -- Array de plan_ids, NULL = todos + + -- Estado + is_active BOOLEAN NOT NULL DEFAULT true, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID, + + CONSTRAINT chk_coupons_discount CHECK ( + (discount_type = 'percent' AND discount_value > 0 AND discount_value <= 100) OR + (discount_type = 'fixed' AND discount_value > 0) + ), + CONSTRAINT chk_coupons_dates CHECK (valid_until IS NULL OR valid_until > valid_from) +); + +-- Tabla: coupon_redemptions (Uso de cupones) +CREATE TABLE billing.coupon_redemptions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + coupon_id UUID NOT NULL REFERENCES billing.coupons(id), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + subscription_id UUID REFERENCES billing.subscriptions(id), + + -- Auditoría + redeemed_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + redeemed_by UUID, + + CONSTRAINT uq_coupon_redemptions UNIQUE (coupon_id, tenant_id) +); + +-- Tabla: subscription_history (Historial de cambios de suscripción) +CREATE TABLE billing.subscription_history ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + subscription_id UUID NOT NULL REFERENCES billing.subscriptions(id) ON DELETE CASCADE, + + event_type VARCHAR(50) NOT NULL, + -- 'created', 'upgraded', 'downgraded', 'renewed', 'cancelled', + -- 'paused', 'resumed', 'payment_failed', 'payment_succeeded' + + previous_plan_id UUID REFERENCES billing.subscription_plans(id), + new_plan_id UUID REFERENCES billing.subscription_plans(id), + previous_status billing.subscription_status, + new_status billing.subscription_status, + + -- Metadata adicional + metadata JSONB DEFAULT '{}'::jsonb, + notes TEXT, + + -- Auditoría + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID +); + +-- ===================================================== +-- ÍNDICES +-- ===================================================== + +-- subscription_plans +CREATE INDEX idx_plans_is_active ON billing.subscription_plans(is_active) WHERE is_active = true; +CREATE INDEX idx_plans_is_public ON billing.subscription_plans(is_public) WHERE is_public = true; + +-- tenant_owners +CREATE INDEX idx_tenant_owners_tenant_id ON billing.tenant_owners(tenant_id); +CREATE INDEX idx_tenant_owners_user_id ON billing.tenant_owners(user_id); + +-- subscriptions +CREATE INDEX idx_subscriptions_tenant_id ON billing.subscriptions(tenant_id); +CREATE INDEX idx_subscriptions_status ON billing.subscriptions(status); +CREATE INDEX idx_subscriptions_period_end ON billing.subscriptions(current_period_end); + +-- payment_methods +CREATE INDEX idx_payment_methods_tenant_id ON billing.payment_methods(tenant_id); +CREATE INDEX idx_payment_methods_default ON billing.payment_methods(tenant_id, is_default) WHERE is_default = true; + +-- invoices +CREATE INDEX idx_invoices_tenant_id ON billing.invoices(tenant_id); +CREATE INDEX idx_invoices_status ON billing.invoices(status); +CREATE INDEX idx_invoices_due_date ON billing.invoices(due_date); +CREATE INDEX idx_invoices_stripe_id ON billing.invoices(stripe_invoice_id); + +-- payments +CREATE INDEX idx_payments_tenant_id ON billing.payments(tenant_id); +CREATE INDEX idx_payments_status ON billing.payments(status); +CREATE INDEX idx_payments_invoice_id ON billing.payments(invoice_id); + +-- usage_records +CREATE INDEX idx_usage_records_tenant_id ON billing.usage_records(tenant_id); +CREATE INDEX idx_usage_records_period ON billing.usage_records(billing_period); +CREATE INDEX idx_usage_records_metric ON billing.usage_records(metric_type, billing_period); + +-- coupons +CREATE INDEX idx_coupons_code ON billing.coupons(code); +CREATE INDEX idx_coupons_active ON billing.coupons(is_active) WHERE is_active = true; + +-- subscription_history +CREATE INDEX idx_subscription_history_subscription ON billing.subscription_history(subscription_id); +CREATE INDEX idx_subscription_history_created ON billing.subscription_history(created_at); + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +-- Trigger updated_at para subscriptions +CREATE TRIGGER trg_subscriptions_updated_at + BEFORE UPDATE ON billing.subscriptions + FOR EACH ROW EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger updated_at para payment_methods +CREATE TRIGGER trg_payment_methods_updated_at + BEFORE UPDATE ON billing.payment_methods + FOR EACH ROW EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger updated_at para invoices +CREATE TRIGGER trg_invoices_updated_at + BEFORE UPDATE ON billing.invoices + FOR EACH ROW EXECUTE FUNCTION auth.update_updated_at_column(); + +-- Trigger updated_at para subscription_plans +CREATE TRIGGER trg_plans_updated_at + BEFORE UPDATE ON billing.subscription_plans + FOR EACH ROW EXECUTE FUNCTION auth.update_updated_at_column(); + +-- ===================================================== +-- FUNCIONES +-- ===================================================== + +-- Función para obtener el plan actual de un tenant +CREATE OR REPLACE FUNCTION billing.get_tenant_plan(p_tenant_id UUID) +RETURNS TABLE( + plan_code VARCHAR, + plan_name VARCHAR, + max_users INTEGER, + max_companies INTEGER, + features JSONB, + subscription_status billing.subscription_status, + days_until_renewal INTEGER +) AS $$ +BEGIN + RETURN QUERY + SELECT + sp.code, + sp.name, + sp.max_users, + sp.max_companies, + sp.features, + s.status, + EXTRACT(DAY FROM s.current_period_end - CURRENT_TIMESTAMP)::INTEGER + FROM billing.subscriptions s + JOIN billing.subscription_plans sp ON s.plan_id = sp.id + WHERE s.tenant_id = p_tenant_id; +END; +$$ LANGUAGE plpgsql; + +-- Función para verificar si tenant puede agregar más usuarios +CREATE OR REPLACE FUNCTION billing.can_add_user(p_tenant_id UUID) +RETURNS BOOLEAN AS $$ +DECLARE + v_max_users INTEGER; + v_current_users INTEGER; +BEGIN + -- Obtener límite del plan + SELECT sp.max_users INTO v_max_users + FROM billing.subscriptions s + JOIN billing.subscription_plans sp ON s.plan_id = sp.id + WHERE s.tenant_id = p_tenant_id AND s.status IN ('active', 'trialing'); + + -- Si no hay límite (NULL), permitir + IF v_max_users IS NULL THEN + RETURN true; + END IF; + + -- Contar usuarios actuales + SELECT COUNT(*) INTO v_current_users + FROM auth.users + WHERE tenant_id = p_tenant_id AND deleted_at IS NULL; + + RETURN v_current_users < v_max_users; +END; +$$ LANGUAGE plpgsql; + +-- Función para verificar si una feature está habilitada para el tenant +CREATE OR REPLACE FUNCTION billing.has_feature(p_tenant_id UUID, p_feature VARCHAR) +RETURNS BOOLEAN AS $$ +DECLARE + v_features JSONB; +BEGIN + SELECT sp.features INTO v_features + FROM billing.subscriptions s + JOIN billing.subscription_plans sp ON s.plan_id = sp.id + WHERE s.tenant_id = p_tenant_id AND s.status IN ('active', 'trialing'); + + -- Si no hay plan o features, denegar + IF v_features IS NULL THEN + RETURN false; + END IF; + + -- Verificar feature + RETURN COALESCE((v_features ->> p_feature)::boolean, false); +END; +$$ LANGUAGE plpgsql; + +-- ===================================================== +-- DATOS INICIALES (Plans por defecto) +-- ===================================================== + +-- Plan Free/Trial +INSERT INTO billing.subscription_plans (code, name, description, price_monthly, price_yearly, max_users, max_companies, max_storage_gb, trial_days, is_default, sort_order, features) +VALUES ( + 'free', + 'Free / Trial', + 'Plan gratuito para probar el sistema', + 0, 0, + 3, 1, 1, 14, true, 1, + '{"inventory": true, "sales": true, "financial": false, "purchase": false, "crm": false, "projects": false, "reports_basic": true, "reports_advanced": false, "api_access": false}'::jsonb +); + +-- Plan Básico +INSERT INTO billing.subscription_plans (code, name, description, price_monthly, price_yearly, max_users, max_companies, max_storage_gb, trial_days, sort_order, features) +VALUES ( + 'basic', + 'Básico', + 'Ideal para pequeños negocios', + 499, 4990, + 5, 1, 5, 14, 2, + '{"inventory": true, "sales": true, "financial": true, "purchase": true, "crm": false, "projects": false, "reports_basic": true, "reports_advanced": false, "api_access": false}'::jsonb +); + +-- Plan Profesional +INSERT INTO billing.subscription_plans (code, name, description, price_monthly, price_yearly, max_users, max_companies, max_storage_gb, trial_days, sort_order, features) +VALUES ( + 'professional', + 'Profesional', + 'Para empresas en crecimiento', + 999, 9990, + 15, 3, 20, 14, 3, + '{"inventory": true, "sales": true, "financial": true, "purchase": true, "crm": true, "projects": true, "reports_basic": true, "reports_advanced": true, "api_access": true}'::jsonb +); + +-- Plan Enterprise +INSERT INTO billing.subscription_plans (code, name, description, price_monthly, price_yearly, max_users, max_companies, max_storage_gb, trial_days, sort_order, features) +VALUES ( + 'enterprise', + 'Enterprise', + 'Solución completa para grandes empresas', + 2499, 24990, + NULL, NULL, 100, 30, 4, -- NULL = ilimitado + '{"inventory": true, "sales": true, "financial": true, "purchase": true, "crm": true, "projects": true, "reports_basic": true, "reports_advanced": true, "api_access": true, "white_label": true, "priority_support": true, "custom_integrations": true}'::jsonb +); + +-- Plan Single-Tenant (para instalaciones on-premise) +INSERT INTO billing.subscription_plans (code, name, description, price_monthly, price_yearly, max_users, max_companies, max_storage_gb, trial_days, is_public, sort_order, features) +VALUES ( + 'single_tenant', + 'Single Tenant / On-Premise', + 'Instalación dedicada sin restricciones', + 0, 0, + NULL, NULL, NULL, 0, false, 99, -- No público, solo asignación manual + '{"inventory": true, "sales": true, "financial": true, "purchase": true, "crm": true, "projects": true, "reports_basic": true, "reports_advanced": true, "api_access": true, "white_label": true, "priority_support": true, "custom_integrations": true, "unlimited": true}'::jsonb +); + +-- ===================================================== +-- COMENTARIOS +-- ===================================================== + +COMMENT ON SCHEMA billing IS 'Schema para gestión de suscripciones SaaS, planes, pagos y facturación'; + +COMMENT ON TABLE billing.subscription_plans IS 'Planes de suscripción disponibles (global, no por tenant)'; +COMMENT ON TABLE billing.tenant_owners IS 'Propietarios/administradores de facturación de cada tenant'; +COMMENT ON TABLE billing.subscriptions IS 'Suscripciones activas de cada tenant'; +COMMENT ON TABLE billing.payment_methods IS 'Métodos de pago registrados por tenant'; +COMMENT ON TABLE billing.invoices IS 'Facturas de suscripción'; +COMMENT ON TABLE billing.invoice_lines IS 'Líneas de detalle de facturas'; +COMMENT ON TABLE billing.payments IS 'Pagos recibidos'; +COMMENT ON TABLE billing.usage_records IS 'Registros de uso para billing por consumo'; +COMMENT ON TABLE billing.coupons IS 'Cupones de descuento'; +COMMENT ON TABLE billing.coupon_redemptions IS 'Registro de cupones usados'; +COMMENT ON TABLE billing.subscription_history IS 'Historial de cambios de suscripción'; + +COMMENT ON FUNCTION billing.get_tenant_plan IS 'Obtiene información del plan actual de un tenant'; +COMMENT ON FUNCTION billing.can_add_user IS 'Verifica si el tenant puede agregar más usuarios según su plan'; +COMMENT ON FUNCTION billing.has_feature IS 'Verifica si una feature está habilitada para el tenant'; diff --git a/database/ddl/11-crm.sql b/database/ddl/11-crm.sql new file mode 100644 index 0000000..8428e54 --- /dev/null +++ b/database/ddl/11-crm.sql @@ -0,0 +1,366 @@ +-- ===================================================== +-- SCHEMA: crm +-- PROPOSITO: Customer Relationship Management +-- MODULOS: MGN-CRM (CRM) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS crm; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE crm.lead_status AS ENUM ( + 'new', + 'contacted', + 'qualified', + 'converted', + 'lost' +); + +CREATE TYPE crm.opportunity_status AS ENUM ( + 'open', + 'won', + 'lost' +); + +CREATE TYPE crm.activity_type AS ENUM ( + 'call', + 'email', + 'meeting', + 'task', + 'note' +); + +CREATE TYPE crm.lead_source AS ENUM ( + 'website', + 'phone', + 'email', + 'referral', + 'social_media', + 'advertising', + 'event', + 'other' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: lead_stages (Etapas del pipeline de leads) +CREATE TABLE crm.lead_stages ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + sequence INTEGER NOT NULL DEFAULT 10, + is_won BOOLEAN DEFAULT FALSE, + probability DECIMAL(5, 2) DEFAULT 0, + requirements TEXT, + + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, name) +); + +-- Tabla: opportunity_stages (Etapas del pipeline de oportunidades) +CREATE TABLE crm.opportunity_stages ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + sequence INTEGER NOT NULL DEFAULT 10, + is_won BOOLEAN DEFAULT FALSE, + probability DECIMAL(5, 2) DEFAULT 0, + requirements TEXT, + + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, name) +); + +-- Tabla: lost_reasons (Razones de perdida) +CREATE TABLE crm.lost_reasons ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + description TEXT, + + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, name) +); + +-- Tabla: leads (Prospectos/Leads) +CREATE TABLE crm.leads ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Numeracion + name VARCHAR(255) NOT NULL, + ref VARCHAR(100), + + -- Contacto + contact_name VARCHAR(255), + email VARCHAR(255), + phone VARCHAR(50), + mobile VARCHAR(50), + website VARCHAR(255), + + -- Empresa del prospecto + company_name VARCHAR(255), + job_position VARCHAR(100), + industry VARCHAR(100), + employee_count VARCHAR(50), + annual_revenue DECIMAL(15, 2), + + -- Direccion + street VARCHAR(255), + city VARCHAR(100), + state VARCHAR(100), + zip VARCHAR(20), + country VARCHAR(100), + + -- Pipeline + stage_id UUID REFERENCES crm.lead_stages(id), + status crm.lead_status NOT NULL DEFAULT 'new', + + -- Asignacion + user_id UUID REFERENCES auth.users(id), + sales_team_id UUID REFERENCES sales.sales_teams(id), + + -- Origen + source crm.lead_source, + campaign_id UUID, -- Para futuro modulo marketing + medium VARCHAR(100), + + -- Valoracion + priority INTEGER DEFAULT 0 CHECK (priority >= 0 AND priority <= 3), + probability DECIMAL(5, 2) DEFAULT 0, + expected_revenue DECIMAL(15, 2), + + -- Fechas + date_open TIMESTAMP WITH TIME ZONE, + date_closed TIMESTAMP WITH TIME ZONE, + date_deadline DATE, + date_last_activity TIMESTAMP WITH TIME ZONE, + + -- Conversion + partner_id UUID REFERENCES core.partners(id), + opportunity_id UUID, -- Se llena al convertir + + -- Perdida + lost_reason_id UUID REFERENCES crm.lost_reasons(id), + lost_notes TEXT, + + -- Notas + description TEXT, + notes TEXT, + tags VARCHAR(255)[], + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + updated_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: opportunities (Oportunidades de venta) +CREATE TABLE crm.opportunities ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Numeracion + name VARCHAR(255) NOT NULL, + ref VARCHAR(100), + + -- Cliente + partner_id UUID NOT NULL REFERENCES core.partners(id), + contact_name VARCHAR(255), + email VARCHAR(255), + phone VARCHAR(50), + + -- Pipeline + stage_id UUID REFERENCES crm.opportunity_stages(id), + status crm.opportunity_status NOT NULL DEFAULT 'open', + + -- Asignacion + user_id UUID REFERENCES auth.users(id), + sales_team_id UUID REFERENCES sales.sales_teams(id), + + -- Valoracion + priority INTEGER DEFAULT 0 CHECK (priority >= 0 AND priority <= 3), + probability DECIMAL(5, 2) DEFAULT 0, + expected_revenue DECIMAL(15, 2), + recurring_revenue DECIMAL(15, 2), + recurring_plan VARCHAR(50), + + -- Fechas + date_deadline DATE, + date_closed TIMESTAMP WITH TIME ZONE, + date_last_activity TIMESTAMP WITH TIME ZONE, + + -- Origen (si viene de lead) + lead_id UUID REFERENCES crm.leads(id), + source crm.lead_source, + campaign_id UUID, + medium VARCHAR(100), + + -- Cierre + lost_reason_id UUID REFERENCES crm.lost_reasons(id), + lost_notes TEXT, + + -- Relaciones + quotation_id UUID REFERENCES sales.quotations(id), + order_id UUID REFERENCES sales.sales_orders(id), + + -- Notas + description TEXT, + notes TEXT, + tags VARCHAR(255)[], + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + updated_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP +); + +-- Actualizar referencia circular en leads +ALTER TABLE crm.leads ADD CONSTRAINT fk_leads_opportunity + FOREIGN KEY (opportunity_id) REFERENCES crm.opportunities(id); + +-- Tabla: crm_activities (Actividades CRM) +CREATE TABLE crm.activities ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Referencia polimorfica + res_model VARCHAR(100) NOT NULL, + res_id UUID NOT NULL, + + -- Actividad + activity_type crm.activity_type NOT NULL, + summary VARCHAR(255), + description TEXT, + + -- Fechas + date_deadline DATE, + date_done TIMESTAMP WITH TIME ZONE, + + -- Asignacion + user_id UUID REFERENCES auth.users(id), + assigned_to UUID REFERENCES auth.users(id), + + -- Estado + done BOOLEAN DEFAULT FALSE, + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP +); + +-- ===================================================== +-- INDEXES +-- ===================================================== + +CREATE INDEX idx_lead_stages_tenant ON crm.lead_stages(tenant_id); +CREATE INDEX idx_opportunity_stages_tenant ON crm.opportunity_stages(tenant_id); +CREATE INDEX idx_lost_reasons_tenant ON crm.lost_reasons(tenant_id); + +CREATE INDEX idx_leads_tenant ON crm.leads(tenant_id); +CREATE INDEX idx_leads_company ON crm.leads(company_id); +CREATE INDEX idx_leads_status ON crm.leads(status); +CREATE INDEX idx_leads_stage ON crm.leads(stage_id); +CREATE INDEX idx_leads_user ON crm.leads(user_id); +CREATE INDEX idx_leads_partner ON crm.leads(partner_id); +CREATE INDEX idx_leads_email ON crm.leads(email); + +CREATE INDEX idx_opportunities_tenant ON crm.opportunities(tenant_id); +CREATE INDEX idx_opportunities_company ON crm.opportunities(company_id); +CREATE INDEX idx_opportunities_status ON crm.opportunities(status); +CREATE INDEX idx_opportunities_stage ON crm.opportunities(stage_id); +CREATE INDEX idx_opportunities_user ON crm.opportunities(user_id); +CREATE INDEX idx_opportunities_partner ON crm.opportunities(partner_id); + +CREATE INDEX idx_crm_activities_tenant ON crm.activities(tenant_id); +CREATE INDEX idx_crm_activities_model ON crm.activities(res_model, res_id); +CREATE INDEX idx_crm_activities_user ON crm.activities(assigned_to); +CREATE INDEX idx_crm_activities_deadline ON crm.activities(date_deadline); + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER update_lead_stages_timestamp + BEFORE UPDATE ON crm.lead_stages + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_opportunity_stages_timestamp + BEFORE UPDATE ON crm.opportunity_stages + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_leads_timestamp + BEFORE UPDATE ON crm.leads + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_opportunities_timestamp + BEFORE UPDATE ON crm.opportunities + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_crm_activities_timestamp + BEFORE UPDATE ON crm.activities + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +-- ===================================================== +-- ROW LEVEL SECURITY +-- ===================================================== + +-- Habilitar RLS +ALTER TABLE crm.lead_stages ENABLE ROW LEVEL SECURITY; +ALTER TABLE crm.opportunity_stages ENABLE ROW LEVEL SECURITY; +ALTER TABLE crm.lost_reasons ENABLE ROW LEVEL SECURITY; +ALTER TABLE crm.leads ENABLE ROW LEVEL SECURITY; +ALTER TABLE crm.opportunities ENABLE ROW LEVEL SECURITY; +ALTER TABLE crm.activities ENABLE ROW LEVEL SECURITY; + +-- Políticas de aislamiento por tenant +CREATE POLICY tenant_isolation_lead_stages ON crm.lead_stages + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_opportunity_stages ON crm.opportunity_stages + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_lost_reasons ON crm.lost_reasons + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_leads ON crm.leads + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_opportunities ON crm.opportunities + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_crm_activities ON crm.activities + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- ===================================================== +-- COMMENTS +-- ===================================================== + +COMMENT ON TABLE crm.lead_stages IS 'Etapas del pipeline de leads'; +COMMENT ON TABLE crm.opportunity_stages IS 'Etapas del pipeline de oportunidades'; +COMMENT ON TABLE crm.lost_reasons IS 'Razones de perdida de leads/oportunidades'; +COMMENT ON TABLE crm.leads IS 'Prospectos/leads de ventas'; +COMMENT ON TABLE crm.opportunities IS 'Oportunidades de venta'; +COMMENT ON TABLE crm.activities IS 'Actividades CRM (llamadas, reuniones, etc.)'; diff --git a/database/ddl/12-hr.sql b/database/ddl/12-hr.sql new file mode 100644 index 0000000..7e8d6c2 --- /dev/null +++ b/database/ddl/12-hr.sql @@ -0,0 +1,379 @@ +-- ===================================================== +-- SCHEMA: hr +-- PROPOSITO: Human Resources Management +-- MODULOS: MGN-HR (Recursos Humanos) +-- FECHA: 2025-11-24 +-- ===================================================== + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS hr; + +-- ===================================================== +-- TYPES (ENUMs) +-- ===================================================== + +CREATE TYPE hr.contract_status AS ENUM ( + 'draft', + 'active', + 'expired', + 'terminated', + 'cancelled' +); + +CREATE TYPE hr.contract_type AS ENUM ( + 'permanent', + 'temporary', + 'contractor', + 'internship', + 'part_time' +); + +CREATE TYPE hr.leave_status AS ENUM ( + 'draft', + 'submitted', + 'approved', + 'rejected', + 'cancelled' +); + +CREATE TYPE hr.leave_type AS ENUM ( + 'vacation', + 'sick', + 'personal', + 'maternity', + 'paternity', + 'bereavement', + 'unpaid', + 'other' +); + +CREATE TYPE hr.employee_status AS ENUM ( + 'active', + 'inactive', + 'on_leave', + 'terminated' +); + +-- ===================================================== +-- TABLES +-- ===================================================== + +-- Tabla: departments (Departamentos) +CREATE TABLE hr.departments ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20), + parent_id UUID REFERENCES hr.departments(id), + manager_id UUID, -- References employees, set after table creation + + description TEXT, + color VARCHAR(20), + + active BOOLEAN DEFAULT TRUE, + created_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, company_id, name) +); + +-- Tabla: job_positions (Puestos de trabajo) +CREATE TABLE hr.job_positions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + department_id UUID REFERENCES hr.departments(id), + + description TEXT, + requirements TEXT, + responsibilities TEXT, + + min_salary DECIMAL(15, 2), + max_salary DECIMAL(15, 2), + + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, name) +); + +-- Tabla: employees (Empleados) +CREATE TABLE hr.employees ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Identificacion + employee_number VARCHAR(50) NOT NULL, + first_name VARCHAR(100) NOT NULL, + last_name VARCHAR(100) NOT NULL, + middle_name VARCHAR(100), + + -- Usuario vinculado (opcional) + user_id UUID REFERENCES auth.users(id), + + -- Informacion personal + birth_date DATE, + gender VARCHAR(20), + marital_status VARCHAR(20), + nationality VARCHAR(100), + identification_id VARCHAR(50), + identification_type VARCHAR(50), + social_security_number VARCHAR(50), + tax_id VARCHAR(50), + + -- Contacto + email VARCHAR(255), + work_email VARCHAR(255), + phone VARCHAR(50), + work_phone VARCHAR(50), + mobile VARCHAR(50), + emergency_contact VARCHAR(255), + emergency_phone VARCHAR(50), + + -- Direccion + street VARCHAR(255), + city VARCHAR(100), + state VARCHAR(100), + zip VARCHAR(20), + country VARCHAR(100), + + -- Trabajo + department_id UUID REFERENCES hr.departments(id), + job_position_id UUID REFERENCES hr.job_positions(id), + manager_id UUID REFERENCES hr.employees(id), + + hire_date DATE NOT NULL, + termination_date DATE, + status hr.employee_status NOT NULL DEFAULT 'active', + + -- Datos bancarios + bank_name VARCHAR(100), + bank_account VARCHAR(50), + bank_clabe VARCHAR(20), + + -- Foto + photo_url VARCHAR(500), + + -- Notas + notes TEXT, + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + updated_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, employee_number) +); + +-- Add manager_id reference to departments +ALTER TABLE hr.departments ADD CONSTRAINT fk_departments_manager + FOREIGN KEY (manager_id) REFERENCES hr.employees(id); + +-- Tabla: contracts (Contratos laborales) +CREATE TABLE hr.contracts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + employee_id UUID NOT NULL REFERENCES hr.employees(id) ON DELETE CASCADE, + + -- Identificacion + name VARCHAR(100) NOT NULL, + reference VARCHAR(100), + + -- Tipo y estado + contract_type hr.contract_type NOT NULL, + status hr.contract_status NOT NULL DEFAULT 'draft', + + -- Puesto + job_position_id UUID REFERENCES hr.job_positions(id), + department_id UUID REFERENCES hr.departments(id), + + -- Vigencia + date_start DATE NOT NULL, + date_end DATE, + trial_date_end DATE, + + -- Compensacion + wage DECIMAL(15, 2) NOT NULL, + wage_type VARCHAR(20) DEFAULT 'monthly', -- hourly, daily, weekly, monthly, yearly + currency_id UUID REFERENCES core.currencies(id), + + -- Horas + resource_calendar_id UUID, -- For future scheduling module + hours_per_week DECIMAL(5, 2) DEFAULT 40, + + -- Beneficios y deducciones + vacation_days INTEGER DEFAULT 6, + christmas_bonus_days INTEGER DEFAULT 15, + + -- Documentos + document_url VARCHAR(500), + + -- Notas + notes TEXT, + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + updated_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP +); + +-- Tabla: leave_types (Tipos de ausencia configurables) +CREATE TABLE hr.leave_types ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + name VARCHAR(100) NOT NULL, + code VARCHAR(20), + leave_type hr.leave_type NOT NULL, + + requires_approval BOOLEAN DEFAULT TRUE, + max_days INTEGER, + is_paid BOOLEAN DEFAULT TRUE, + + color VARCHAR(20), + + active BOOLEAN DEFAULT TRUE, + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + + UNIQUE(tenant_id, name) +); + +-- Tabla: leaves (Ausencias/Permisos) +CREATE TABLE hr.leaves ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + company_id UUID NOT NULL REFERENCES auth.companies(id) ON DELETE CASCADE, + + employee_id UUID NOT NULL REFERENCES hr.employees(id) ON DELETE CASCADE, + leave_type_id UUID NOT NULL REFERENCES hr.leave_types(id), + + -- Solicitud + name VARCHAR(255), + date_from DATE NOT NULL, + date_to DATE NOT NULL, + number_of_days DECIMAL(5, 2) NOT NULL, + + -- Estado + status hr.leave_status NOT NULL DEFAULT 'draft', + + -- Descripcion + description TEXT, + + -- Aprobacion + approved_by UUID REFERENCES auth.users(id), + approved_at TIMESTAMP WITH TIME ZONE, + rejection_reason TEXT, + + -- Auditoria + created_by UUID REFERENCES auth.users(id), + updated_by UUID REFERENCES auth.users(id), + created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP +); + +-- ===================================================== +-- INDEXES +-- ===================================================== + +CREATE INDEX idx_departments_tenant ON hr.departments(tenant_id); +CREATE INDEX idx_departments_company ON hr.departments(company_id); +CREATE INDEX idx_departments_parent ON hr.departments(parent_id); + +CREATE INDEX idx_job_positions_tenant ON hr.job_positions(tenant_id); +CREATE INDEX idx_job_positions_department ON hr.job_positions(department_id); + +CREATE INDEX idx_employees_tenant ON hr.employees(tenant_id); +CREATE INDEX idx_employees_company ON hr.employees(company_id); +CREATE INDEX idx_employees_department ON hr.employees(department_id); +CREATE INDEX idx_employees_manager ON hr.employees(manager_id); +CREATE INDEX idx_employees_user ON hr.employees(user_id); +CREATE INDEX idx_employees_status ON hr.employees(status); +CREATE INDEX idx_employees_number ON hr.employees(employee_number); + +CREATE INDEX idx_contracts_tenant ON hr.contracts(tenant_id); +CREATE INDEX idx_contracts_employee ON hr.contracts(employee_id); +CREATE INDEX idx_contracts_status ON hr.contracts(status); +CREATE INDEX idx_contracts_dates ON hr.contracts(date_start, date_end); + +CREATE INDEX idx_leave_types_tenant ON hr.leave_types(tenant_id); + +CREATE INDEX idx_leaves_tenant ON hr.leaves(tenant_id); +CREATE INDEX idx_leaves_employee ON hr.leaves(employee_id); +CREATE INDEX idx_leaves_status ON hr.leaves(status); +CREATE INDEX idx_leaves_dates ON hr.leaves(date_from, date_to); + +-- ===================================================== +-- TRIGGERS +-- ===================================================== + +CREATE TRIGGER update_departments_timestamp + BEFORE UPDATE ON hr.departments + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_job_positions_timestamp + BEFORE UPDATE ON hr.job_positions + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_employees_timestamp + BEFORE UPDATE ON hr.employees + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_contracts_timestamp + BEFORE UPDATE ON hr.contracts + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +CREATE TRIGGER update_leaves_timestamp + BEFORE UPDATE ON hr.leaves + FOR EACH ROW EXECUTE FUNCTION core.update_timestamp(); + +-- ===================================================== +-- ROW LEVEL SECURITY +-- ===================================================== + +-- Habilitar RLS +ALTER TABLE hr.departments ENABLE ROW LEVEL SECURITY; +ALTER TABLE hr.job_positions ENABLE ROW LEVEL SECURITY; +ALTER TABLE hr.employees ENABLE ROW LEVEL SECURITY; +ALTER TABLE hr.contracts ENABLE ROW LEVEL SECURITY; +ALTER TABLE hr.leave_types ENABLE ROW LEVEL SECURITY; +ALTER TABLE hr.leaves ENABLE ROW LEVEL SECURITY; + +-- Políticas de aislamiento por tenant +CREATE POLICY tenant_isolation_departments ON hr.departments + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_job_positions ON hr.job_positions + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_employees ON hr.employees + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_contracts ON hr.contracts + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_leave_types ON hr.leave_types + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +CREATE POLICY tenant_isolation_leaves ON hr.leaves + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- ===================================================== +-- COMMENTS +-- ===================================================== + +COMMENT ON TABLE hr.departments IS 'Departamentos de la organizacion'; +COMMENT ON TABLE hr.job_positions IS 'Puestos de trabajo/posiciones'; +COMMENT ON TABLE hr.employees IS 'Empleados de la organizacion'; +COMMENT ON TABLE hr.contracts IS 'Contratos laborales'; +COMMENT ON TABLE hr.leave_types IS 'Tipos de ausencia configurables'; +COMMENT ON TABLE hr.leaves IS 'Solicitudes de ausencias/permisos'; diff --git a/database/ddl/schemas/core_shared/00-schema.sql b/database/ddl/schemas/core_shared/00-schema.sql new file mode 100644 index 0000000..a23a5f7 --- /dev/null +++ b/database/ddl/schemas/core_shared/00-schema.sql @@ -0,0 +1,159 @@ +-- ============================================================================ +-- Schema: core_shared +-- Descripcion: Funciones y tipos compartidos entre todos los modulos +-- Proyecto: ERP Core +-- Autor: Database-Agent +-- Fecha: 2025-12-06 +-- ============================================================================ + +-- Crear schema +CREATE SCHEMA IF NOT EXISTS core_shared; + +COMMENT ON SCHEMA core_shared IS 'Funciones, tipos y utilidades compartidas entre modulos'; + +-- ============================================================================ +-- FUNCIONES DE AUDITORIA +-- ============================================================================ + +-- Funcion para actualizar updated_at automaticamente +CREATE OR REPLACE FUNCTION core_shared.set_updated_at() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = NOW(); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core_shared.set_updated_at() IS +'Trigger function para actualizar automaticamente el campo updated_at en cada UPDATE'; + +-- Funcion para establecer tenant_id desde contexto +CREATE OR REPLACE FUNCTION core_shared.set_tenant_id() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.tenant_id IS NULL THEN + NEW.tenant_id = current_setting('app.current_tenant_id', true)::uuid; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core_shared.set_tenant_id() IS +'Trigger function para establecer tenant_id automaticamente desde el contexto de sesion'; + +-- Funcion para establecer created_by desde contexto +CREATE OR REPLACE FUNCTION core_shared.set_created_by() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.created_by IS NULL THEN + NEW.created_by = current_setting('app.current_user_id', true)::uuid; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core_shared.set_created_by() IS +'Trigger function para establecer created_by automaticamente desde el contexto de sesion'; + +-- Funcion para establecer updated_by desde contexto +CREATE OR REPLACE FUNCTION core_shared.set_updated_by() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_by = current_setting('app.current_user_id', true)::uuid; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core_shared.set_updated_by() IS +'Trigger function para establecer updated_by automaticamente desde el contexto de sesion'; + +-- ============================================================================ +-- FUNCIONES DE CONTEXTO +-- ============================================================================ + +-- Obtener tenant_id actual del contexto +CREATE OR REPLACE FUNCTION core_shared.get_current_tenant_id() +RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('app.current_tenant_id', true), '')::UUID; +EXCEPTION + WHEN OTHERS THEN + RETURN NULL; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core_shared.get_current_tenant_id() IS +'Obtiene el ID del tenant actual desde el contexto de sesion'; + +-- Obtener user_id actual del contexto +CREATE OR REPLACE FUNCTION core_shared.get_current_user_id() +RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('app.current_user_id', true), '')::UUID; +EXCEPTION + WHEN OTHERS THEN + RETURN NULL; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core_shared.get_current_user_id() IS +'Obtiene el ID del usuario actual desde el contexto de sesion'; + +-- ============================================================================ +-- FUNCIONES DE UTILIDAD +-- ============================================================================ + +-- Generar slug desde texto +CREATE OR REPLACE FUNCTION core_shared.generate_slug(input_text TEXT) +RETURNS TEXT AS $$ +BEGIN + RETURN LOWER( + REGEXP_REPLACE( + REGEXP_REPLACE( + TRIM(input_text), + '[^a-zA-Z0-9\s-]', '', 'g' + ), + '\s+', '-', 'g' + ) + ); +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION core_shared.generate_slug(TEXT) IS +'Genera un slug URL-friendly desde un texto'; + +-- Validar formato de email +CREATE OR REPLACE FUNCTION core_shared.is_valid_email(email TEXT) +RETURNS BOOLEAN AS $$ +BEGIN + RETURN email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION core_shared.is_valid_email(TEXT) IS +'Valida si un texto tiene formato de email valido'; + +-- Validar formato de RFC mexicano +CREATE OR REPLACE FUNCTION core_shared.is_valid_rfc(rfc TEXT) +RETURNS BOOLEAN AS $$ +BEGIN + -- RFC persona moral: 3 letras + 6 digitos + 3 caracteres + -- RFC persona fisica: 4 letras + 6 digitos + 3 caracteres + RETURN rfc ~* '^[A-Z&Ñ]{3,4}[0-9]{6}[A-Z0-9]{3}$'; +END; +$$ LANGUAGE plpgsql IMMUTABLE; + +COMMENT ON FUNCTION core_shared.is_valid_rfc(TEXT) IS +'Valida si un texto tiene formato de RFC mexicano valido'; + +-- ============================================================================ +-- GRANT PERMISOS +-- ============================================================================ + +-- Permitir uso del schema a todos los roles de la aplicacion +GRANT USAGE ON SCHEMA core_shared TO PUBLIC; +GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA core_shared TO PUBLIC; + +-- ============================================================================ +-- FIN +-- ============================================================================ diff --git a/database/docker-compose.yml b/database/docker-compose.yml new file mode 100644 index 0000000..b9e89cc --- /dev/null +++ b/database/docker-compose.yml @@ -0,0 +1,51 @@ +version: '3.8' + +services: + postgres: + image: postgres:15-alpine + container_name: erp-generic-db + restart: unless-stopped + environment: + POSTGRES_DB: ${POSTGRES_DB:-erp_generic} + POSTGRES_USER: ${POSTGRES_USER:-erp_admin} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-erp_secret_2024} + PGDATA: /var/lib/postgresql/data/pgdata + ports: + - "${POSTGRES_PORT:-5432}:5432" + volumes: + - postgres_data:/var/lib/postgresql/data + - ./ddl:/docker-entrypoint-initdb.d:ro + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-erp_admin} -d ${POSTGRES_DB:-erp_generic}"] + interval: 10s + timeout: 5s + retries: 5 + + # Optional: pgAdmin for database management + pgadmin: + image: dpage/pgadmin4:latest + container_name: erp-generic-pgadmin + restart: unless-stopped + environment: + PGADMIN_DEFAULT_EMAIL: ${PGADMIN_EMAIL:-admin@erp-generic.local} + PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_PASSWORD:-admin123} + PGADMIN_CONFIG_SERVER_MODE: 'False' + ports: + - "${PGADMIN_PORT:-5050}:80" + volumes: + - pgadmin_data:/var/lib/pgadmin + depends_on: + postgres: + condition: service_healthy + profiles: + - tools + +volumes: + postgres_data: + driver: local + pgadmin_data: + driver: local + +networks: + default: + name: erp-generic-network diff --git a/database/migrations/20251212_001_fiscal_period_validation.sql b/database/migrations/20251212_001_fiscal_period_validation.sql new file mode 100644 index 0000000..48841be --- /dev/null +++ b/database/migrations/20251212_001_fiscal_period_validation.sql @@ -0,0 +1,207 @@ +-- ============================================================================ +-- MIGRACIÓN: Validación de Período Fiscal Cerrado +-- Fecha: 2025-12-12 +-- Descripción: Agrega trigger para prevenir asientos en períodos cerrados +-- Impacto: Todas las verticales que usan el módulo financiero +-- Rollback: DROP TRIGGER y DROP FUNCTION incluidos al final +-- ============================================================================ + +-- ============================================================================ +-- 1. FUNCIÓN DE VALIDACIÓN +-- ============================================================================ + +CREATE OR REPLACE FUNCTION financial.validate_period_not_closed() +RETURNS TRIGGER AS $$ +DECLARE + v_period_status TEXT; + v_period_name TEXT; +BEGIN + -- Solo validar si hay un fiscal_period_id + IF NEW.fiscal_period_id IS NULL THEN + RETURN NEW; + END IF; + + -- Obtener el estado del período + SELECT fp.status, fp.name INTO v_period_status, v_period_name + FROM financial.fiscal_periods fp + WHERE fp.id = NEW.fiscal_period_id; + + -- Validar que el período no esté cerrado + IF v_period_status = 'closed' THEN + RAISE EXCEPTION 'ERR_PERIOD_CLOSED: No se pueden crear o modificar asientos en el período cerrado: %', v_period_name + USING ERRCODE = 'P0001'; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.validate_period_not_closed() IS +'Valida que no se creen asientos contables en períodos fiscales cerrados. +Lanza excepción ERR_PERIOD_CLOSED si el período está cerrado.'; + +-- ============================================================================ +-- 2. TRIGGER EN JOURNAL_ENTRIES +-- ============================================================================ + +-- Eliminar trigger si existe (idempotente) +DROP TRIGGER IF EXISTS trg_validate_period_before_entry ON financial.journal_entries; + +-- Crear trigger BEFORE INSERT OR UPDATE +CREATE TRIGGER trg_validate_period_before_entry + BEFORE INSERT OR UPDATE ON financial.journal_entries + FOR EACH ROW + EXECUTE FUNCTION financial.validate_period_not_closed(); + +COMMENT ON TRIGGER trg_validate_period_before_entry ON financial.journal_entries IS +'Previene la creación o modificación de asientos en períodos fiscales cerrados'; + +-- ============================================================================ +-- 3. FUNCIÓN PARA CERRAR PERÍODO +-- ============================================================================ + +CREATE OR REPLACE FUNCTION financial.close_fiscal_period( + p_period_id UUID, + p_user_id UUID +) +RETURNS financial.fiscal_periods AS $$ +DECLARE + v_period financial.fiscal_periods; + v_unposted_count INTEGER; +BEGIN + -- Obtener período + SELECT * INTO v_period + FROM financial.fiscal_periods + WHERE id = p_period_id + FOR UPDATE; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Período fiscal no encontrado' USING ERRCODE = 'P0002'; + END IF; + + IF v_period.status = 'closed' THEN + RAISE EXCEPTION 'El período ya está cerrado' USING ERRCODE = 'P0003'; + END IF; + + -- Verificar que no haya asientos sin postear + SELECT COUNT(*) INTO v_unposted_count + FROM financial.journal_entries je + WHERE je.fiscal_period_id = p_period_id + AND je.status = 'draft'; + + IF v_unposted_count > 0 THEN + RAISE EXCEPTION 'Existen % asientos sin postear en este período. Postéelos antes de cerrar.', + v_unposted_count USING ERRCODE = 'P0004'; + END IF; + + -- Cerrar el período + UPDATE financial.fiscal_periods + SET status = 'closed', + closed_at = NOW(), + closed_by = p_user_id, + updated_at = NOW() + WHERE id = p_period_id + RETURNING * INTO v_period; + + RETURN v_period; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.close_fiscal_period(UUID, UUID) IS +'Cierra un período fiscal. Valida que todos los asientos estén posteados.'; + +-- ============================================================================ +-- 4. FUNCIÓN PARA REABRIR PERÍODO (Solo admins) +-- ============================================================================ + +CREATE OR REPLACE FUNCTION financial.reopen_fiscal_period( + p_period_id UUID, + p_user_id UUID, + p_reason TEXT DEFAULT NULL +) +RETURNS financial.fiscal_periods AS $$ +DECLARE + v_period financial.fiscal_periods; +BEGIN + -- Obtener período + SELECT * INTO v_period + FROM financial.fiscal_periods + WHERE id = p_period_id + FOR UPDATE; + + IF NOT FOUND THEN + RAISE EXCEPTION 'Período fiscal no encontrado' USING ERRCODE = 'P0002'; + END IF; + + IF v_period.status = 'open' THEN + RAISE EXCEPTION 'El período ya está abierto' USING ERRCODE = 'P0005'; + END IF; + + -- Reabrir el período + UPDATE financial.fiscal_periods + SET status = 'open', + closed_at = NULL, + closed_by = NULL, + updated_at = NOW() + WHERE id = p_period_id + RETURNING * INTO v_period; + + -- Registrar en log de auditoría + INSERT INTO system.logs ( + tenant_id, level, module, message, context, user_id + ) + SELECT + v_period.tenant_id, + 'warning', + 'financial', + 'Período fiscal reabierto', + jsonb_build_object( + 'period_id', p_period_id, + 'period_name', v_period.name, + 'reason', p_reason, + 'reopened_by', p_user_id + ), + p_user_id; + + RETURN v_period; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION financial.reopen_fiscal_period(UUID, UUID, TEXT) IS +'Reabre un período fiscal cerrado. Registra en auditoría. Solo para administradores.'; + +-- ============================================================================ +-- 5. ÍNDICE PARA PERFORMANCE +-- ============================================================================ + +CREATE INDEX IF NOT EXISTS idx_journal_entries_fiscal_period + ON financial.journal_entries(fiscal_period_id) + WHERE fiscal_period_id IS NOT NULL; + +-- ============================================================================ +-- ROLLBACK SCRIPT (ejecutar si es necesario revertir) +-- ============================================================================ +/* +DROP TRIGGER IF EXISTS trg_validate_period_before_entry ON financial.journal_entries; +DROP FUNCTION IF EXISTS financial.validate_period_not_closed(); +DROP FUNCTION IF EXISTS financial.close_fiscal_period(UUID, UUID); +DROP FUNCTION IF EXISTS financial.reopen_fiscal_period(UUID, UUID, TEXT); +DROP INDEX IF EXISTS financial.idx_journal_entries_fiscal_period; +*/ + +-- ============================================================================ +-- VERIFICACIÓN +-- ============================================================================ + +DO $$ +BEGIN + -- Verificar que el trigger existe + IF NOT EXISTS ( + SELECT 1 FROM pg_trigger + WHERE tgname = 'trg_validate_period_before_entry' + ) THEN + RAISE EXCEPTION 'Error: Trigger no fue creado correctamente'; + END IF; + + RAISE NOTICE 'Migración completada exitosamente: Validación de período fiscal'; +END $$; diff --git a/database/migrations/20251212_002_partner_rankings.sql b/database/migrations/20251212_002_partner_rankings.sql new file mode 100644 index 0000000..7f0cbe5 --- /dev/null +++ b/database/migrations/20251212_002_partner_rankings.sql @@ -0,0 +1,391 @@ +-- ============================================================================ +-- MIGRACIÓN: Sistema de Ranking de Partners (Clientes/Proveedores) +-- Fecha: 2025-12-12 +-- Descripción: Crea tablas y funciones para clasificación ABC de partners +-- Impacto: Verticales que usan módulo de partners/ventas/compras +-- Rollback: DROP TABLE y DROP FUNCTION incluidos al final +-- ============================================================================ + +-- ============================================================================ +-- 1. TABLA DE RANKINGS POR PERÍODO +-- ============================================================================ + +CREATE TABLE IF NOT EXISTS core.partner_rankings ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + partner_id UUID NOT NULL REFERENCES core.partners(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id) ON DELETE SET NULL, + + -- Período de análisis + period_start DATE NOT NULL, + period_end DATE NOT NULL, + + -- Métricas de Cliente + total_sales DECIMAL(16,2) DEFAULT 0, + sales_order_count INTEGER DEFAULT 0, + avg_order_value DECIMAL(16,2) DEFAULT 0, + + -- Métricas de Proveedor + total_purchases DECIMAL(16,2) DEFAULT 0, + purchase_order_count INTEGER DEFAULT 0, + avg_purchase_value DECIMAL(16,2) DEFAULT 0, + + -- Métricas de Pago + avg_payment_days INTEGER, + on_time_payment_rate DECIMAL(5,2), -- Porcentaje 0-100 + + -- Rankings (posición relativa dentro del período) + sales_rank INTEGER, + purchase_rank INTEGER, + + -- Clasificación ABC + customer_abc CHAR(1) CHECK (customer_abc IN ('A', 'B', 'C', NULL)), + supplier_abc CHAR(1) CHECK (supplier_abc IN ('A', 'B', 'C', NULL)), + + -- Scores calculados (0-100) + customer_score DECIMAL(5,2) CHECK (customer_score IS NULL OR customer_score BETWEEN 0 AND 100), + supplier_score DECIMAL(5,2) CHECK (supplier_score IS NULL OR supplier_score BETWEEN 0 AND 100), + overall_score DECIMAL(5,2) CHECK (overall_score IS NULL OR overall_score BETWEEN 0 AND 100), + + -- Tendencia vs período anterior + sales_trend DECIMAL(5,2), -- % cambio + purchase_trend DECIMAL(5,2), + + -- Metadatos + calculated_at TIMESTAMPTZ DEFAULT NOW(), + created_at TIMESTAMPTZ DEFAULT NOW(), + + -- Constraints + UNIQUE(tenant_id, partner_id, company_id, period_start, period_end), + CHECK (period_end >= period_start) +); + +-- ============================================================================ +-- 2. CAMPOS DESNORMALIZADOS EN PARTNERS (para consultas rápidas) +-- ============================================================================ + +DO $$ +BEGIN + -- Agregar columnas si no existen + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'customer_rank') THEN + ALTER TABLE core.partners ADD COLUMN customer_rank INTEGER; + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'supplier_rank') THEN + ALTER TABLE core.partners ADD COLUMN supplier_rank INTEGER; + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'customer_abc') THEN + ALTER TABLE core.partners ADD COLUMN customer_abc CHAR(1); + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'supplier_abc') THEN + ALTER TABLE core.partners ADD COLUMN supplier_abc CHAR(1); + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'last_ranking_date') THEN + ALTER TABLE core.partners ADD COLUMN last_ranking_date DATE; + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'total_sales_ytd') THEN + ALTER TABLE core.partners ADD COLUMN total_sales_ytd DECIMAL(16,2) DEFAULT 0; + END IF; + + IF NOT EXISTS (SELECT 1 FROM information_schema.columns + WHERE table_schema = 'core' AND table_name = 'partners' + AND column_name = 'total_purchases_ytd') THEN + ALTER TABLE core.partners ADD COLUMN total_purchases_ytd DECIMAL(16,2) DEFAULT 0; + END IF; +END $$; + +-- ============================================================================ +-- 3. ÍNDICES +-- ============================================================================ + +CREATE INDEX IF NOT EXISTS idx_partner_rankings_tenant_period + ON core.partner_rankings(tenant_id, period_start, period_end); + +CREATE INDEX IF NOT EXISTS idx_partner_rankings_partner + ON core.partner_rankings(partner_id); + +CREATE INDEX IF NOT EXISTS idx_partner_rankings_abc + ON core.partner_rankings(tenant_id, customer_abc) + WHERE customer_abc IS NOT NULL; + +CREATE INDEX IF NOT EXISTS idx_partners_customer_rank + ON core.partners(tenant_id, customer_rank) + WHERE customer_rank IS NOT NULL; + +CREATE INDEX IF NOT EXISTS idx_partners_supplier_rank + ON core.partners(tenant_id, supplier_rank) + WHERE supplier_rank IS NOT NULL; + +-- ============================================================================ +-- 4. RLS (Row Level Security) +-- ============================================================================ + +ALTER TABLE core.partner_rankings ENABLE ROW LEVEL SECURITY; + +DROP POLICY IF EXISTS partner_rankings_tenant_isolation ON core.partner_rankings; +CREATE POLICY partner_rankings_tenant_isolation ON core.partner_rankings + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- ============================================================================ +-- 5. FUNCIÓN: Calcular rankings de partners +-- ============================================================================ + +CREATE OR REPLACE FUNCTION core.calculate_partner_rankings( + p_tenant_id UUID, + p_company_id UUID DEFAULT NULL, + p_period_start DATE DEFAULT (CURRENT_DATE - INTERVAL '1 year')::date, + p_period_end DATE DEFAULT CURRENT_DATE +) +RETURNS TABLE ( + partners_processed INTEGER, + customers_ranked INTEGER, + suppliers_ranked INTEGER +) AS $$ +DECLARE + v_partners_processed INTEGER := 0; + v_customers_ranked INTEGER := 0; + v_suppliers_ranked INTEGER := 0; +BEGIN + -- 1. Calcular métricas de ventas por partner + INSERT INTO core.partner_rankings ( + tenant_id, partner_id, company_id, period_start, period_end, + total_sales, sales_order_count, avg_order_value + ) + SELECT + p_tenant_id, + so.partner_id, + COALESCE(p_company_id, so.company_id), + p_period_start, + p_period_end, + COALESCE(SUM(so.amount_total), 0), + COUNT(*), + COALESCE(AVG(so.amount_total), 0) + FROM sales.sales_orders so + WHERE so.tenant_id = p_tenant_id + AND so.status IN ('sale', 'done') + AND so.order_date BETWEEN p_period_start AND p_period_end + AND (p_company_id IS NULL OR so.company_id = p_company_id) + GROUP BY so.partner_id, so.company_id + ON CONFLICT (tenant_id, partner_id, company_id, period_start, period_end) + DO UPDATE SET + total_sales = EXCLUDED.total_sales, + sales_order_count = EXCLUDED.sales_order_count, + avg_order_value = EXCLUDED.avg_order_value, + calculated_at = NOW(); + + GET DIAGNOSTICS v_customers_ranked = ROW_COUNT; + + -- 2. Calcular métricas de compras por partner + INSERT INTO core.partner_rankings ( + tenant_id, partner_id, company_id, period_start, period_end, + total_purchases, purchase_order_count, avg_purchase_value + ) + SELECT + p_tenant_id, + po.partner_id, + COALESCE(p_company_id, po.company_id), + p_period_start, + p_period_end, + COALESCE(SUM(po.amount_total), 0), + COUNT(*), + COALESCE(AVG(po.amount_total), 0) + FROM purchase.purchase_orders po + WHERE po.tenant_id = p_tenant_id + AND po.status IN ('confirmed', 'done') + AND po.order_date BETWEEN p_period_start AND p_period_end + AND (p_company_id IS NULL OR po.company_id = p_company_id) + GROUP BY po.partner_id, po.company_id + ON CONFLICT (tenant_id, partner_id, company_id, period_start, period_end) + DO UPDATE SET + total_purchases = EXCLUDED.total_purchases, + purchase_order_count = EXCLUDED.purchase_order_count, + avg_purchase_value = EXCLUDED.avg_purchase_value, + calculated_at = NOW(); + + GET DIAGNOSTICS v_suppliers_ranked = ROW_COUNT; + + -- 3. Calcular rankings de clientes (por total de ventas) + WITH ranked AS ( + SELECT + id, + ROW_NUMBER() OVER (ORDER BY total_sales DESC) as rank, + total_sales, + SUM(total_sales) OVER () as grand_total, + SUM(total_sales) OVER (ORDER BY total_sales DESC) as cumulative_total + FROM core.partner_rankings + WHERE tenant_id = p_tenant_id + AND period_start = p_period_start + AND period_end = p_period_end + AND total_sales > 0 + ) + UPDATE core.partner_rankings pr + SET + sales_rank = r.rank, + customer_abc = CASE + WHEN r.cumulative_total / NULLIF(r.grand_total, 0) <= 0.80 THEN 'A' + WHEN r.cumulative_total / NULLIF(r.grand_total, 0) <= 0.95 THEN 'B' + ELSE 'C' + END, + customer_score = CASE + WHEN r.rank = 1 THEN 100 + ELSE GREATEST(0, 100 - (r.rank - 1) * 5) + END + FROM ranked r + WHERE pr.id = r.id; + + -- 4. Calcular rankings de proveedores (por total de compras) + WITH ranked AS ( + SELECT + id, + ROW_NUMBER() OVER (ORDER BY total_purchases DESC) as rank, + total_purchases, + SUM(total_purchases) OVER () as grand_total, + SUM(total_purchases) OVER (ORDER BY total_purchases DESC) as cumulative_total + FROM core.partner_rankings + WHERE tenant_id = p_tenant_id + AND period_start = p_period_start + AND period_end = p_period_end + AND total_purchases > 0 + ) + UPDATE core.partner_rankings pr + SET + purchase_rank = r.rank, + supplier_abc = CASE + WHEN r.cumulative_total / NULLIF(r.grand_total, 0) <= 0.80 THEN 'A' + WHEN r.cumulative_total / NULLIF(r.grand_total, 0) <= 0.95 THEN 'B' + ELSE 'C' + END, + supplier_score = CASE + WHEN r.rank = 1 THEN 100 + ELSE GREATEST(0, 100 - (r.rank - 1) * 5) + END + FROM ranked r + WHERE pr.id = r.id; + + -- 5. Calcular score overall + UPDATE core.partner_rankings + SET overall_score = COALESCE( + (COALESCE(customer_score, 0) + COALESCE(supplier_score, 0)) / + NULLIF( + CASE WHEN customer_score IS NOT NULL THEN 1 ELSE 0 END + + CASE WHEN supplier_score IS NOT NULL THEN 1 ELSE 0 END, + 0 + ), + 0 + ) + WHERE tenant_id = p_tenant_id + AND period_start = p_period_start + AND period_end = p_period_end; + + -- 6. Actualizar campos desnormalizados en partners + UPDATE core.partners p + SET + customer_rank = pr.sales_rank, + supplier_rank = pr.purchase_rank, + customer_abc = pr.customer_abc, + supplier_abc = pr.supplier_abc, + total_sales_ytd = pr.total_sales, + total_purchases_ytd = pr.total_purchases, + last_ranking_date = CURRENT_DATE + FROM core.partner_rankings pr + WHERE p.id = pr.partner_id + AND p.tenant_id = p_tenant_id + AND pr.tenant_id = p_tenant_id + AND pr.period_start = p_period_start + AND pr.period_end = p_period_end; + + GET DIAGNOSTICS v_partners_processed = ROW_COUNT; + + RETURN QUERY SELECT v_partners_processed, v_customers_ranked, v_suppliers_ranked; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION core.calculate_partner_rankings IS +'Calcula rankings ABC de partners basado en ventas/compras. +Parámetros: + - p_tenant_id: Tenant obligatorio + - p_company_id: Opcional, filtrar por empresa + - p_period_start: Inicio del período (default: hace 1 año) + - p_period_end: Fin del período (default: hoy)'; + +-- ============================================================================ +-- 6. VISTA: Top Partners +-- ============================================================================ + +CREATE OR REPLACE VIEW core.top_partners_view AS +SELECT + p.id, + p.tenant_id, + p.name, + p.email, + p.is_customer, + p.is_supplier, + p.customer_rank, + p.supplier_rank, + p.customer_abc, + p.supplier_abc, + p.total_sales_ytd, + p.total_purchases_ytd, + p.last_ranking_date, + CASE + WHEN p.customer_abc = 'A' THEN 'Cliente VIP' + WHEN p.customer_abc = 'B' THEN 'Cliente Regular' + WHEN p.customer_abc = 'C' THEN 'Cliente Ocasional' + ELSE NULL + END as customer_category, + CASE + WHEN p.supplier_abc = 'A' THEN 'Proveedor Estratégico' + WHEN p.supplier_abc = 'B' THEN 'Proveedor Regular' + WHEN p.supplier_abc = 'C' THEN 'Proveedor Ocasional' + ELSE NULL + END as supplier_category +FROM core.partners p +WHERE p.deleted_at IS NULL + AND (p.customer_rank IS NOT NULL OR p.supplier_rank IS NOT NULL); + +-- ============================================================================ +-- ROLLBACK SCRIPT +-- ============================================================================ +/* +DROP VIEW IF EXISTS core.top_partners_view; +DROP FUNCTION IF EXISTS core.calculate_partner_rankings(UUID, UUID, DATE, DATE); +DROP TABLE IF EXISTS core.partner_rankings; + +ALTER TABLE core.partners + DROP COLUMN IF EXISTS customer_rank, + DROP COLUMN IF EXISTS supplier_rank, + DROP COLUMN IF EXISTS customer_abc, + DROP COLUMN IF EXISTS supplier_abc, + DROP COLUMN IF EXISTS last_ranking_date, + DROP COLUMN IF EXISTS total_sales_ytd, + DROP COLUMN IF EXISTS total_purchases_ytd; +*/ + +-- ============================================================================ +-- VERIFICACIÓN +-- ============================================================================ + +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'core' AND tablename = 'partner_rankings') THEN + RAISE EXCEPTION 'Error: Tabla partner_rankings no fue creada'; + END IF; + + RAISE NOTICE 'Migración completada exitosamente: Partner Rankings'; +END $$; diff --git a/database/migrations/20251212_003_financial_reports.sql b/database/migrations/20251212_003_financial_reports.sql new file mode 100644 index 0000000..7203e8f --- /dev/null +++ b/database/migrations/20251212_003_financial_reports.sql @@ -0,0 +1,464 @@ +-- ============================================================================ +-- MIGRACIÓN: Sistema de Reportes Financieros +-- Fecha: 2025-12-12 +-- Descripción: Crea tablas para definición, ejecución y programación de reportes +-- Impacto: Módulo financiero y verticales que requieren reportes contables +-- Rollback: DROP TABLE y DROP FUNCTION incluidos al final +-- ============================================================================ + +-- ============================================================================ +-- 1. TABLA DE DEFINICIONES DE REPORTES +-- ============================================================================ + +CREATE TABLE IF NOT EXISTS reports.report_definitions ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Identificación + code VARCHAR(50) NOT NULL, + name VARCHAR(255) NOT NULL, + description TEXT, + + -- Clasificación + report_type VARCHAR(50) NOT NULL DEFAULT 'financial', + -- financial, accounting, tax, management, custom + category VARCHAR(100), + -- balance_sheet, income_statement, cash_flow, trial_balance, ledger, etc. + + -- Configuración de consulta + base_query TEXT, -- SQL base o referencia a función + query_function VARCHAR(255), -- Nombre de función PostgreSQL si usa función + + -- Parámetros requeridos (JSON Schema) + parameters_schema JSONB DEFAULT '{}', + -- Ejemplo: {"date_from": {"type": "date", "required": true}, "company_id": {"type": "uuid"}} + + -- Configuración de columnas + columns_config JSONB DEFAULT '[]', + -- Ejemplo: [{"name": "account", "label": "Cuenta", "type": "string"}, {"name": "debit", "label": "Debe", "type": "currency"}] + + -- Agrupaciones disponibles + grouping_options JSONB DEFAULT '[]', + -- Ejemplo: ["account_type", "company", "period"] + + -- Configuración de totales + totals_config JSONB DEFAULT '{}', + -- Ejemplo: {"show_totals": true, "total_columns": ["debit", "credit", "balance"]} + + -- Plantillas de exportación + export_formats JSONB DEFAULT '["pdf", "xlsx", "csv"]', + pdf_template VARCHAR(255), -- Referencia a plantilla PDF + xlsx_template VARCHAR(255), + + -- Estado y visibilidad + is_system BOOLEAN DEFAULT false, -- Reportes del sistema vs personalizados + is_active BOOLEAN DEFAULT true, + + -- Permisos requeridos + required_permissions JSONB DEFAULT '[]', + -- Ejemplo: ["financial.reports.view", "financial.reports.balance_sheet"] + + -- Metadata + version INTEGER DEFAULT 1, + created_at TIMESTAMPTZ DEFAULT NOW(), + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMPTZ DEFAULT NOW(), + updated_by UUID REFERENCES auth.users(id), + + -- Constraints + UNIQUE(tenant_id, code) +); + +COMMENT ON TABLE reports.report_definitions IS +'Definiciones de reportes disponibles en el sistema. Incluye reportes predefinidos y personalizados.'; + +-- ============================================================================ +-- 2. TABLA DE EJECUCIONES DE REPORTES +-- ============================================================================ + +CREATE TABLE IF NOT EXISTS reports.report_executions ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + definition_id UUID NOT NULL REFERENCES reports.report_definitions(id) ON DELETE CASCADE, + + -- Parámetros de ejecución + parameters JSONB NOT NULL DEFAULT '{}', + -- Los valores específicos usados para esta ejecución + + -- Estado de ejecución + status VARCHAR(20) NOT NULL DEFAULT 'pending', + -- pending, running, completed, failed, cancelled + + -- Tiempos + started_at TIMESTAMPTZ, + completed_at TIMESTAMPTZ, + execution_time_ms INTEGER, + + -- Resultados + row_count INTEGER, + result_data JSONB, -- Datos del reporte (puede ser grande) + result_summary JSONB, -- Resumen/totales + + -- Archivos generados + output_files JSONB DEFAULT '[]', + -- Ejemplo: [{"format": "pdf", "path": "/reports/...", "size": 12345}] + + -- Errores + error_message TEXT, + error_details JSONB, + + -- Metadata + requested_by UUID NOT NULL REFERENCES auth.users(id), + created_at TIMESTAMPTZ DEFAULT NOW() +); + +COMMENT ON TABLE reports.report_executions IS +'Historial de ejecuciones de reportes con sus resultados y archivos generados.'; + +-- ============================================================================ +-- 3. TABLA DE PROGRAMACIÓN DE REPORTES +-- ============================================================================ + +CREATE TABLE IF NOT EXISTS reports.report_schedules ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + definition_id UUID NOT NULL REFERENCES reports.report_definitions(id) ON DELETE CASCADE, + company_id UUID REFERENCES auth.companies(id) ON DELETE CASCADE, + + -- Nombre del schedule + name VARCHAR(255) NOT NULL, + + -- Parámetros predeterminados + default_parameters JSONB DEFAULT '{}', + + -- Programación (cron expression) + cron_expression VARCHAR(100) NOT NULL, + -- Ejemplo: "0 8 1 * *" (primer día del mes a las 8am) + + timezone VARCHAR(50) DEFAULT 'America/Mexico_City', + + -- Estado + is_active BOOLEAN DEFAULT true, + + -- Última ejecución + last_execution_id UUID REFERENCES reports.report_executions(id), + last_run_at TIMESTAMPTZ, + next_run_at TIMESTAMPTZ, + + -- Destino de entrega + delivery_method VARCHAR(50) DEFAULT 'none', + -- none, email, storage, webhook + delivery_config JSONB DEFAULT '{}', + -- Para email: {"recipients": ["a@b.com"], "subject": "...", "format": "pdf"} + -- Para storage: {"path": "/reports/scheduled/", "retention_days": 30} + + -- Metadata + created_at TIMESTAMPTZ DEFAULT NOW(), + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMPTZ DEFAULT NOW(), + updated_by UUID REFERENCES auth.users(id) +); + +COMMENT ON TABLE reports.report_schedules IS +'Programación automática de reportes con opciones de entrega.'; + +-- ============================================================================ +-- 4. TABLA DE PLANTILLAS DE REPORTES +-- ============================================================================ + +CREATE TABLE IF NOT EXISTS reports.report_templates ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + tenant_id UUID NOT NULL REFERENCES auth.tenants(id) ON DELETE CASCADE, + + -- Identificación + code VARCHAR(50) NOT NULL, + name VARCHAR(255) NOT NULL, + + -- Tipo de plantilla + template_type VARCHAR(20) NOT NULL, + -- pdf, xlsx, html + + -- Contenido de la plantilla + template_content BYTEA, -- Para plantillas binarias (XLSX) + template_html TEXT, -- Para plantillas HTML/PDF + + -- Estilos CSS (para PDF/HTML) + styles TEXT, + + -- Variables disponibles + available_variables JSONB DEFAULT '[]', + + -- Estado + is_active BOOLEAN DEFAULT true, + + -- Metadata + created_at TIMESTAMPTZ DEFAULT NOW(), + created_by UUID REFERENCES auth.users(id), + updated_at TIMESTAMPTZ DEFAULT NOW(), + + UNIQUE(tenant_id, code) +); + +COMMENT ON TABLE reports.report_templates IS +'Plantillas personalizables para la generación de reportes en diferentes formatos.'; + +-- ============================================================================ +-- 5. ÍNDICES +-- ============================================================================ + +CREATE INDEX IF NOT EXISTS idx_report_definitions_tenant_type + ON reports.report_definitions(tenant_id, report_type); + +CREATE INDEX IF NOT EXISTS idx_report_definitions_tenant_category + ON reports.report_definitions(tenant_id, category); + +CREATE INDEX IF NOT EXISTS idx_report_executions_tenant_status + ON reports.report_executions(tenant_id, status); + +CREATE INDEX IF NOT EXISTS idx_report_executions_definition + ON reports.report_executions(definition_id); + +CREATE INDEX IF NOT EXISTS idx_report_executions_created + ON reports.report_executions(tenant_id, created_at DESC); + +CREATE INDEX IF NOT EXISTS idx_report_schedules_next_run + ON reports.report_schedules(next_run_at) + WHERE is_active = true; + +-- ============================================================================ +-- 6. RLS (Row Level Security) +-- ============================================================================ + +ALTER TABLE reports.report_definitions ENABLE ROW LEVEL SECURITY; +ALTER TABLE reports.report_executions ENABLE ROW LEVEL SECURITY; +ALTER TABLE reports.report_schedules ENABLE ROW LEVEL SECURITY; +ALTER TABLE reports.report_templates ENABLE ROW LEVEL SECURITY; + +-- Políticas para report_definitions +DROP POLICY IF EXISTS report_definitions_tenant_isolation ON reports.report_definitions; +CREATE POLICY report_definitions_tenant_isolation ON reports.report_definitions + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Políticas para report_executions +DROP POLICY IF EXISTS report_executions_tenant_isolation ON reports.report_executions; +CREATE POLICY report_executions_tenant_isolation ON reports.report_executions + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Políticas para report_schedules +DROP POLICY IF EXISTS report_schedules_tenant_isolation ON reports.report_schedules; +CREATE POLICY report_schedules_tenant_isolation ON reports.report_schedules + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- Políticas para report_templates +DROP POLICY IF EXISTS report_templates_tenant_isolation ON reports.report_templates; +CREATE POLICY report_templates_tenant_isolation ON reports.report_templates + USING (tenant_id = current_setting('app.current_tenant_id', true)::uuid); + +-- ============================================================================ +-- 7. FUNCIONES DE REPORTES PREDEFINIDOS +-- ============================================================================ + +-- Balance de Comprobación +CREATE OR REPLACE FUNCTION reports.generate_trial_balance( + p_tenant_id UUID, + p_company_id UUID, + p_date_from DATE, + p_date_to DATE, + p_include_zero_balance BOOLEAN DEFAULT false +) +RETURNS TABLE ( + account_id UUID, + account_code VARCHAR(20), + account_name VARCHAR(255), + account_type VARCHAR(50), + initial_debit DECIMAL(16,2), + initial_credit DECIMAL(16,2), + period_debit DECIMAL(16,2), + period_credit DECIMAL(16,2), + final_debit DECIMAL(16,2), + final_credit DECIMAL(16,2) +) AS $$ +BEGIN + RETURN QUERY + WITH account_balances AS ( + -- Saldos iniciales (antes del período) + SELECT + a.id as account_id, + a.code as account_code, + a.name as account_name, + a.account_type, + COALESCE(SUM(CASE WHEN jel.transaction_date < p_date_from THEN jel.debit ELSE 0 END), 0) as initial_debit, + COALESCE(SUM(CASE WHEN jel.transaction_date < p_date_from THEN jel.credit ELSE 0 END), 0) as initial_credit, + COALESCE(SUM(CASE WHEN jel.transaction_date BETWEEN p_date_from AND p_date_to THEN jel.debit ELSE 0 END), 0) as period_debit, + COALESCE(SUM(CASE WHEN jel.transaction_date BETWEEN p_date_from AND p_date_to THEN jel.credit ELSE 0 END), 0) as period_credit + FROM financial.accounts a + LEFT JOIN financial.journal_entry_lines jel ON a.id = jel.account_id + LEFT JOIN financial.journal_entries je ON jel.journal_entry_id = je.id AND je.status = 'posted' + WHERE a.tenant_id = p_tenant_id + AND (p_company_id IS NULL OR a.company_id = p_company_id) + AND a.is_active = true + GROUP BY a.id, a.code, a.name, a.account_type + ) + SELECT + ab.account_id, + ab.account_code, + ab.account_name, + ab.account_type, + ab.initial_debit, + ab.initial_credit, + ab.period_debit, + ab.period_credit, + ab.initial_debit + ab.period_debit as final_debit, + ab.initial_credit + ab.period_credit as final_credit + FROM account_balances ab + WHERE p_include_zero_balance = true + OR (ab.initial_debit + ab.period_debit) != 0 + OR (ab.initial_credit + ab.period_credit) != 0 + ORDER BY ab.account_code; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION reports.generate_trial_balance IS +'Genera el balance de comprobación para un período específico.'; + +-- Libro Mayor +CREATE OR REPLACE FUNCTION reports.generate_general_ledger( + p_tenant_id UUID, + p_company_id UUID, + p_account_id UUID, + p_date_from DATE, + p_date_to DATE +) +RETURNS TABLE ( + entry_date DATE, + journal_entry_id UUID, + entry_number VARCHAR(50), + description TEXT, + partner_name VARCHAR(255), + debit DECIMAL(16,2), + credit DECIMAL(16,2), + running_balance DECIMAL(16,2) +) AS $$ +BEGIN + RETURN QUERY + WITH movements AS ( + SELECT + je.entry_date, + je.id as journal_entry_id, + je.entry_number, + je.description, + p.name as partner_name, + jel.debit, + jel.credit, + ROW_NUMBER() OVER (ORDER BY je.entry_date, je.id) as rn + FROM financial.journal_entry_lines jel + JOIN financial.journal_entries je ON jel.journal_entry_id = je.id + LEFT JOIN core.partners p ON je.partner_id = p.id + WHERE jel.account_id = p_account_id + AND jel.tenant_id = p_tenant_id + AND je.status = 'posted' + AND je.entry_date BETWEEN p_date_from AND p_date_to + AND (p_company_id IS NULL OR je.company_id = p_company_id) + ORDER BY je.entry_date, je.id + ) + SELECT + m.entry_date, + m.journal_entry_id, + m.entry_number, + m.description, + m.partner_name, + m.debit, + m.credit, + SUM(m.debit - m.credit) OVER (ORDER BY m.rn) as running_balance + FROM movements m; +END; +$$ LANGUAGE plpgsql; + +COMMENT ON FUNCTION reports.generate_general_ledger IS +'Genera el libro mayor para una cuenta específica.'; + +-- ============================================================================ +-- 8. DATOS SEMILLA: REPORTES PREDEFINIDOS DEL SISTEMA +-- ============================================================================ + +-- Nota: Los reportes del sistema se insertan con is_system = true +-- y se insertan solo si no existen (usando ON CONFLICT) + +DO $$ +DECLARE + v_system_tenant_id UUID; +BEGIN + -- Obtener el tenant del sistema (si existe) + SELECT id INTO v_system_tenant_id + FROM auth.tenants + WHERE code = 'system' OR is_system = true + LIMIT 1; + + -- Solo insertar si hay un tenant sistema + IF v_system_tenant_id IS NOT NULL THEN + -- Balance de Comprobación + INSERT INTO reports.report_definitions ( + tenant_id, code, name, description, report_type, category, + query_function, parameters_schema, columns_config, is_system + ) VALUES ( + v_system_tenant_id, + 'TRIAL_BALANCE', + 'Balance de Comprobación', + 'Reporte de balance de comprobación con saldos iniciales, movimientos y saldos finales', + 'financial', + 'trial_balance', + 'reports.generate_trial_balance', + '{"company_id": {"type": "uuid", "required": false}, "date_from": {"type": "date", "required": true}, "date_to": {"type": "date", "required": true}, "include_zero": {"type": "boolean", "default": false}}', + '[{"name": "account_code", "label": "Código", "type": "string"}, {"name": "account_name", "label": "Cuenta", "type": "string"}, {"name": "initial_debit", "label": "Debe Inicial", "type": "currency"}, {"name": "initial_credit", "label": "Haber Inicial", "type": "currency"}, {"name": "period_debit", "label": "Debe Período", "type": "currency"}, {"name": "period_credit", "label": "Haber Período", "type": "currency"}, {"name": "final_debit", "label": "Debe Final", "type": "currency"}, {"name": "final_credit", "label": "Haber Final", "type": "currency"}]', + true + ) ON CONFLICT (tenant_id, code) DO NOTHING; + + -- Libro Mayor + INSERT INTO reports.report_definitions ( + tenant_id, code, name, description, report_type, category, + query_function, parameters_schema, columns_config, is_system + ) VALUES ( + v_system_tenant_id, + 'GENERAL_LEDGER', + 'Libro Mayor', + 'Detalle de movimientos por cuenta con saldo acumulado', + 'financial', + 'ledger', + 'reports.generate_general_ledger', + '{"company_id": {"type": "uuid", "required": false}, "account_id": {"type": "uuid", "required": true}, "date_from": {"type": "date", "required": true}, "date_to": {"type": "date", "required": true}}', + '[{"name": "entry_date", "label": "Fecha", "type": "date"}, {"name": "entry_number", "label": "Número", "type": "string"}, {"name": "description", "label": "Descripción", "type": "string"}, {"name": "partner_name", "label": "Tercero", "type": "string"}, {"name": "debit", "label": "Debe", "type": "currency"}, {"name": "credit", "label": "Haber", "type": "currency"}, {"name": "running_balance", "label": "Saldo", "type": "currency"}]', + true + ) ON CONFLICT (tenant_id, code) DO NOTHING; + + RAISE NOTICE 'Reportes del sistema insertados correctamente'; + END IF; +END $$; + +-- ============================================================================ +-- ROLLBACK SCRIPT +-- ============================================================================ +/* +DROP FUNCTION IF EXISTS reports.generate_general_ledger(UUID, UUID, UUID, DATE, DATE); +DROP FUNCTION IF EXISTS reports.generate_trial_balance(UUID, UUID, DATE, DATE, BOOLEAN); +DROP TABLE IF EXISTS reports.report_templates; +DROP TABLE IF EXISTS reports.report_schedules; +DROP TABLE IF EXISTS reports.report_executions; +DROP TABLE IF EXISTS reports.report_definitions; +*/ + +-- ============================================================================ +-- VERIFICACIÓN +-- ============================================================================ + +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'reports' AND tablename = 'report_definitions') THEN + RAISE EXCEPTION 'Error: Tabla report_definitions no fue creada'; + END IF; + + IF NOT EXISTS (SELECT 1 FROM pg_tables WHERE schemaname = 'reports' AND tablename = 'report_executions') THEN + RAISE EXCEPTION 'Error: Tabla report_executions no fue creada'; + END IF; + + RAISE NOTICE 'Migración completada exitosamente: Reportes Financieros'; +END $$; diff --git a/database/scripts/create-database.sh b/database/scripts/create-database.sh new file mode 100755 index 0000000..ca1e08a --- /dev/null +++ b/database/scripts/create-database.sh @@ -0,0 +1,142 @@ +#!/bin/bash +# ============================================================================ +# ERP GENERIC - CREATE DATABASE SCRIPT +# ============================================================================ +# Description: Creates the database and executes all DDL files in order +# Usage: ./scripts/create-database.sh [--skip-seeds] +# ============================================================================ + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DATABASE_DIR="$(dirname "$SCRIPT_DIR")" +DDL_DIR="$DATABASE_DIR/ddl" + +# Load environment variables +if [ -f "$DATABASE_DIR/.env" ]; then + source "$DATABASE_DIR/.env" +elif [ -f "$DATABASE_DIR/.env.example" ]; then + echo -e "${YELLOW}Warning: Using .env.example as .env not found${NC}" + source "$DATABASE_DIR/.env.example" +fi + +# Default values +POSTGRES_HOST="${POSTGRES_HOST:-localhost}" +POSTGRES_PORT="${POSTGRES_PORT:-5432}" +POSTGRES_DB="${POSTGRES_DB:-erp_generic}" +POSTGRES_USER="${POSTGRES_USER:-erp_admin}" +POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-erp_secret_2024}" + +# Connection string +export PGPASSWORD="$POSTGRES_PASSWORD" +PSQL_CMD="psql -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER" + +echo -e "${BLUE}============================================${NC}" +echo -e "${BLUE} ERP GENERIC - DATABASE CREATION${NC}" +echo -e "${BLUE}============================================${NC}" +echo "" +echo -e "Host: ${GREEN}$POSTGRES_HOST:$POSTGRES_PORT${NC}" +echo -e "Database: ${GREEN}$POSTGRES_DB${NC}" +echo -e "User: ${GREEN}$POSTGRES_USER${NC}" +echo "" + +# Check if PostgreSQL is reachable +echo -e "${BLUE}[1/4] Checking PostgreSQL connection...${NC}" +if ! $PSQL_CMD -d postgres -c "SELECT 1" > /dev/null 2>&1; then + echo -e "${RED}Error: Cannot connect to PostgreSQL${NC}" + echo "Make sure PostgreSQL is running and credentials are correct." + echo "You can start PostgreSQL with: docker-compose up -d" + exit 1 +fi +echo -e "${GREEN}PostgreSQL is reachable!${NC}" + +# Drop database if exists +echo -e "${BLUE}[2/4] Dropping existing database if exists...${NC}" +$PSQL_CMD -d postgres -c "DROP DATABASE IF EXISTS $POSTGRES_DB;" 2>/dev/null || true +echo -e "${GREEN}Old database dropped (if existed)${NC}" + +# Create database +echo -e "${BLUE}[3/4] Creating database...${NC}" +$PSQL_CMD -d postgres -c "CREATE DATABASE $POSTGRES_DB WITH ENCODING='UTF8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE=template0;" 2>/dev/null || \ +$PSQL_CMD -d postgres -c "CREATE DATABASE $POSTGRES_DB;" +echo -e "${GREEN}Database '$POSTGRES_DB' created!${NC}" + +# Execute DDL files in order +echo -e "${BLUE}[4/4] Executing DDL files...${NC}" +echo "" + +DDL_FILES=( + "00-prerequisites.sql" + "01-auth.sql" + "01-auth-extensions.sql" + "02-core.sql" + "03-analytics.sql" + "04-financial.sql" + "05-inventory.sql" + "05-inventory-extensions.sql" + "06-purchase.sql" + "07-sales.sql" + "08-projects.sql" + "09-system.sql" + "10-billing.sql" + "11-crm.sql" + "12-hr.sql" +) + +TOTAL=${#DDL_FILES[@]} +CURRENT=0 + +for ddl_file in "${DDL_FILES[@]}"; do + CURRENT=$((CURRENT + 1)) + filepath="$DDL_DIR/$ddl_file" + + if [ -f "$filepath" ]; then + echo -e " [${CURRENT}/${TOTAL}] Executing ${YELLOW}$ddl_file${NC}..." + if $PSQL_CMD -d $POSTGRES_DB -f "$filepath" > /dev/null 2>&1; then + echo -e " [${CURRENT}/${TOTAL}] ${GREEN}$ddl_file executed successfully${NC}" + else + echo -e " [${CURRENT}/${TOTAL}] ${RED}Error executing $ddl_file${NC}" + echo "Attempting with verbose output..." + $PSQL_CMD -d $POSTGRES_DB -f "$filepath" + exit 1 + fi + else + echo -e " [${CURRENT}/${TOTAL}] ${RED}File not found: $ddl_file${NC}" + exit 1 + fi +done + +echo "" +echo -e "${GREEN}============================================${NC}" +echo -e "${GREEN} DATABASE CREATED SUCCESSFULLY!${NC}" +echo -e "${GREEN}============================================${NC}" +echo "" +echo -e "Connection string:" +echo -e "${BLUE}postgresql://$POSTGRES_USER:****@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB${NC}" +echo "" + +# Show statistics +echo -e "${BLUE}Database Statistics:${NC}" +$PSQL_CMD -d $POSTGRES_DB -c " +SELECT + schemaname AS schema, + COUNT(*) AS tables +FROM pg_tables +WHERE schemaname NOT IN ('pg_catalog', 'information_schema') +GROUP BY schemaname +ORDER BY schemaname; +" + +echo "" +echo -e "${YELLOW}Next steps:${NC}" +echo " 1. Load seed data: ./scripts/load-seeds.sh dev" +echo " 2. Start backend: cd ../backend && npm run dev" +echo "" diff --git a/database/scripts/drop-database.sh b/database/scripts/drop-database.sh new file mode 100755 index 0000000..2ea8c6d --- /dev/null +++ b/database/scripts/drop-database.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# ============================================================================ +# ERP GENERIC - DROP DATABASE SCRIPT +# ============================================================================ +# Description: Drops the ERP Generic database +# Usage: ./scripts/drop-database.sh [--force] +# ============================================================================ + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DATABASE_DIR="$(dirname "$SCRIPT_DIR")" + +# Load environment variables +if [ -f "$DATABASE_DIR/.env" ]; then + source "$DATABASE_DIR/.env" +elif [ -f "$DATABASE_DIR/.env.example" ]; then + source "$DATABASE_DIR/.env.example" +fi + +# Default values +POSTGRES_HOST="${POSTGRES_HOST:-localhost}" +POSTGRES_PORT="${POSTGRES_PORT:-5432}" +POSTGRES_DB="${POSTGRES_DB:-erp_generic}" +POSTGRES_USER="${POSTGRES_USER:-erp_admin}" +POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-erp_secret_2024}" + +# Connection string +export PGPASSWORD="$POSTGRES_PASSWORD" +PSQL_CMD="psql -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER" + +# Check for --force flag +FORCE=false +if [ "$1" == "--force" ]; then + FORCE=true +fi + +echo -e "${RED}============================================${NC}" +echo -e "${RED} ERP GENERIC - DROP DATABASE${NC}" +echo -e "${RED}============================================${NC}" +echo "" +echo -e "Database: ${YELLOW}$POSTGRES_DB${NC}" +echo "" + +if [ "$FORCE" != true ]; then + echo -e "${RED}WARNING: This will permanently delete all data!${NC}" + read -p "Are you sure you want to drop the database? (y/N): " confirm + if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then + echo "Aborted." + exit 0 + fi +fi + +echo -e "${BLUE}Terminating active connections...${NC}" +$PSQL_CMD -d postgres -c " +SELECT pg_terminate_backend(pg_stat_activity.pid) +FROM pg_stat_activity +WHERE pg_stat_activity.datname = '$POSTGRES_DB' + AND pid <> pg_backend_pid(); +" 2>/dev/null || true + +echo -e "${BLUE}Dropping database...${NC}" +$PSQL_CMD -d postgres -c "DROP DATABASE IF EXISTS $POSTGRES_DB;" + +echo "" +echo -e "${GREEN}Database '$POSTGRES_DB' has been dropped.${NC}" +echo "" diff --git a/database/scripts/load-seeds.sh b/database/scripts/load-seeds.sh new file mode 100755 index 0000000..6cfbfd3 --- /dev/null +++ b/database/scripts/load-seeds.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# ============================================================================ +# ERP GENERIC - LOAD SEEDS SCRIPT +# ============================================================================ +# Description: Loads seed data for the specified environment +# Usage: ./scripts/load-seeds.sh [dev|prod] +# ============================================================================ + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +DATABASE_DIR="$(dirname "$SCRIPT_DIR")" +SEEDS_DIR="$DATABASE_DIR/seeds" + +# Environment (default: dev) +ENV="${1:-dev}" + +# Load environment variables +if [ -f "$DATABASE_DIR/.env" ]; then + source "$DATABASE_DIR/.env" +elif [ -f "$DATABASE_DIR/.env.example" ]; then + source "$DATABASE_DIR/.env.example" +fi + +# Default values +POSTGRES_HOST="${POSTGRES_HOST:-localhost}" +POSTGRES_PORT="${POSTGRES_PORT:-5432}" +POSTGRES_DB="${POSTGRES_DB:-erp_generic}" +POSTGRES_USER="${POSTGRES_USER:-erp_admin}" +POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-erp_secret_2024}" + +# Connection string +export PGPASSWORD="$POSTGRES_PASSWORD" +PSQL_CMD="psql -h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER -d $POSTGRES_DB" + +echo -e "${BLUE}============================================${NC}" +echo -e "${BLUE} ERP GENERIC - LOAD SEED DATA${NC}" +echo -e "${BLUE}============================================${NC}" +echo "" +echo -e "Environment: ${GREEN}$ENV${NC}" +echo -e "Database: ${GREEN}$POSTGRES_DB${NC}" +echo "" + +# Check if seeds directory exists +SEED_ENV_DIR="$SEEDS_DIR/$ENV" +if [ ! -d "$SEED_ENV_DIR" ]; then + echo -e "${RED}Error: Seeds directory not found: $SEED_ENV_DIR${NC}" + echo "Available environments:" + ls -1 "$SEEDS_DIR" 2>/dev/null || echo " (none)" + exit 1 +fi + +# Check if there are SQL files +SEED_FILES=($(find "$SEED_ENV_DIR" -name "*.sql" -type f | sort)) + +if [ ${#SEED_FILES[@]} -eq 0 ]; then + echo -e "${YELLOW}No seed files found in $SEED_ENV_DIR${NC}" + echo "Create seed files with format: XX-description.sql" + exit 0 +fi + +echo -e "${BLUE}Loading ${#SEED_FILES[@]} seed file(s)...${NC}" +echo "" + +TOTAL=${#SEED_FILES[@]} +CURRENT=0 +FAILED=0 + +for seed_file in "${SEED_FILES[@]}"; do + CURRENT=$((CURRENT + 1)) + filename=$(basename "$seed_file") + + echo -e " [${CURRENT}/${TOTAL}] Loading ${YELLOW}$filename${NC}..." + + if $PSQL_CMD -f "$seed_file" > /dev/null 2>&1; then + echo -e " [${CURRENT}/${TOTAL}] ${GREEN}$filename loaded successfully${NC}" + else + echo -e " [${CURRENT}/${TOTAL}] ${RED}Error loading $filename${NC}" + FAILED=$((FAILED + 1)) + fi +done + +echo "" +if [ $FAILED -eq 0 ]; then + echo -e "${GREEN}============================================${NC}" + echo -e "${GREEN} ALL SEEDS LOADED SUCCESSFULLY!${NC}" + echo -e "${GREEN}============================================${NC}" +else + echo -e "${YELLOW}============================================${NC}" + echo -e "${YELLOW} SEEDS LOADED WITH $FAILED ERRORS${NC}" + echo -e "${YELLOW}============================================${NC}" +fi +echo "" diff --git a/database/scripts/reset-database.sh b/database/scripts/reset-database.sh new file mode 100755 index 0000000..c27ccd8 --- /dev/null +++ b/database/scripts/reset-database.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# ============================================================================ +# ERP GENERIC - RESET DATABASE SCRIPT +# ============================================================================ +# Description: Drops and recreates the database with fresh data +# Usage: ./scripts/reset-database.sh [--no-seeds] [--env dev|prod] [--force] +# +# Por defecto: +# - Carga DDL completo +# - Carga seeds de desarrollo (dev) +# - Pide confirmación +# +# Opciones: +# --no-seeds No cargar seeds después del DDL +# --env ENV Ambiente de seeds: dev (default) o prod +# --force No pedir confirmación (para CI/CD) +# ============================================================================ + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +# Script directory +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +# Defaults - Seeds activados por defecto +WITH_SEEDS=true +ENV="dev" +FORCE=false + +while [[ $# -gt 0 ]]; do + case $1 in + --no-seeds) + WITH_SEEDS=false + shift + ;; + --env) + ENV="$2" + shift 2 + ;; + --force) + FORCE=true + shift + ;; + *) + shift + ;; + esac +done + +echo -e "${YELLOW}============================================${NC}" +echo -e "${YELLOW} ERP GENERIC - RESET DATABASE${NC}" +echo -e "${YELLOW}============================================${NC}" +echo "" +echo -e "Ambiente: ${GREEN}$ENV${NC}" +echo -e "Seeds: ${GREEN}$WITH_SEEDS${NC}" +echo "" +echo -e "${RED}WARNING: This will DELETE all data and recreate the database!${NC}" +echo "" + +if [ "$FORCE" = false ]; then + read -p "Are you sure you want to reset? (y/N): " confirm + if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then + echo "Aborted." + exit 0 + fi +fi + +# Drop database +echo "" +echo -e "${BLUE}Step 1: Dropping database...${NC}" +"$SCRIPT_DIR/drop-database.sh" --force + +# Create database (DDL) +echo "" +echo -e "${BLUE}Step 2: Creating database (DDL)...${NC}" +"$SCRIPT_DIR/create-database.sh" + +# Load seeds (por defecto) +if [ "$WITH_SEEDS" = true ]; then + echo "" + echo -e "${BLUE}Step 3: Loading seed data ($ENV)...${NC}" + "$SCRIPT_DIR/load-seeds.sh" "$ENV" +else + echo "" + echo -e "${YELLOW}Step 3: Skipping seeds (--no-seeds)${NC}" +fi + +echo "" +echo -e "${GREEN}============================================${NC}" +echo -e "${GREEN} DATABASE RESET COMPLETE!${NC}" +echo -e "${GREEN}============================================${NC}" +echo "" +echo -e "Resumen:" +echo -e " - DDL ejecutados: ${GREEN}15 archivos${NC}" +echo -e " - Seeds cargados: ${GREEN}$WITH_SEEDS ($ENV)${NC}" +echo "" diff --git a/database/seeds/dev/00-catalogs.sql b/database/seeds/dev/00-catalogs.sql new file mode 100644 index 0000000..37b7d2d --- /dev/null +++ b/database/seeds/dev/00-catalogs.sql @@ -0,0 +1,81 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: CATALOGS (Development) +-- ============================================================================ +-- Description: Base catalogs needed before other seeds (currencies, countries, UOMs) +-- Order: Must be loaded FIRST (before tenants, companies, etc.) +-- ============================================================================ + +-- =========================================== +-- CURRENCIES (ISO 4217) +-- =========================================== + +INSERT INTO core.currencies (id, code, name, symbol, decimals, rounding, active) +VALUES + ('00000000-0000-0000-0000-000000000001', 'MXN', 'Peso Mexicano', '$', 2, 0.01, true), + ('00000000-0000-0000-0000-000000000002', 'USD', 'US Dollar', '$', 2, 0.01, true), + ('00000000-0000-0000-0000-000000000003', 'EUR', 'Euro', '€', 2, 0.01, true) +ON CONFLICT (code) DO NOTHING; + +-- =========================================== +-- COUNTRIES (ISO 3166-1 alpha-2) +-- =========================================== + +INSERT INTO core.countries (id, code, name, phone_code, currency_code) +VALUES + ('00000000-0000-0000-0001-000000000001', 'MX', 'México', '+52', 'MXN'), + ('00000000-0000-0000-0001-000000000002', 'US', 'United States', '+1', 'USD'), + ('00000000-0000-0000-0001-000000000003', 'CA', 'Canada', '+1', 'CAD'), + ('00000000-0000-0000-0001-000000000004', 'ES', 'España', '+34', 'EUR'), + ('00000000-0000-0000-0001-000000000005', 'DE', 'Alemania', '+49', 'EUR') +ON CONFLICT (code) DO NOTHING; + +-- =========================================== +-- UOM CATEGORIES +-- =========================================== + +INSERT INTO core.uom_categories (id, name, description) +VALUES + ('00000000-0000-0000-0002-000000000001', 'Unit', 'Unidades individuales'), + ('00000000-0000-0000-0002-000000000002', 'Weight', 'Unidades de peso'), + ('00000000-0000-0000-0002-000000000003', 'Volume', 'Unidades de volumen'), + ('00000000-0000-0000-0002-000000000004', 'Length', 'Unidades de longitud'), + ('00000000-0000-0000-0002-000000000005', 'Time', 'Unidades de tiempo') +ON CONFLICT (name) DO NOTHING; + +-- =========================================== +-- UNITS OF MEASURE +-- =========================================== + +INSERT INTO core.uom (id, category_id, name, code, uom_type, factor, rounding, active) +VALUES + -- Units + ('00000000-0000-0000-0003-000000000001', '00000000-0000-0000-0002-000000000001', 'Unit', 'UNIT', 'reference', 1.0, 1, true), + ('00000000-0000-0000-0003-000000000002', '00000000-0000-0000-0002-000000000001', 'Dozen', 'DOZ', 'bigger', 12.0, 1, true), + ('00000000-0000-0000-0003-000000000003', '00000000-0000-0000-0002-000000000001', 'Sheet', 'SHEET', 'reference', 1.0, 1, true), + -- Weight + ('00000000-0000-0000-0003-000000000010', '00000000-0000-0000-0002-000000000002', 'Kilogram', 'KG', 'reference', 1.0, 0.001, true), + ('00000000-0000-0000-0003-000000000011', '00000000-0000-0000-0002-000000000002', 'Gram', 'G', 'smaller', 0.001, 0.01, true), + ('00000000-0000-0000-0003-000000000012', '00000000-0000-0000-0002-000000000002', 'Pound', 'LB', 'bigger', 0.453592, 0.01, true), + -- Volume + ('00000000-0000-0000-0003-000000000020', '00000000-0000-0000-0002-000000000003', 'Liter', 'L', 'reference', 1.0, 0.001, true), + ('00000000-0000-0000-0003-000000000021', '00000000-0000-0000-0002-000000000003', 'Milliliter', 'ML', 'smaller', 0.001, 1, true), + ('00000000-0000-0000-0003-000000000022', '00000000-0000-0000-0002-000000000003', 'Gallon', 'GAL', 'bigger', 3.78541, 0.01, true), + -- Length + ('00000000-0000-0000-0003-000000000030', '00000000-0000-0000-0002-000000000004', 'Meter', 'M', 'reference', 1.0, 0.001, true), + ('00000000-0000-0000-0003-000000000031', '00000000-0000-0000-0002-000000000004', 'Centimeter', 'CM', 'smaller', 0.01, 0.1, true), + ('00000000-0000-0000-0003-000000000032', '00000000-0000-0000-0002-000000000004', 'Inch', 'IN', 'smaller', 0.0254, 0.1, true), + -- Time + ('00000000-0000-0000-0003-000000000040', '00000000-0000-0000-0002-000000000005', 'Hour', 'HOUR', 'reference', 1.0, 0.01, true), + ('00000000-0000-0000-0003-000000000041', '00000000-0000-0000-0002-000000000005', 'Day', 'DAY', 'bigger', 8.0, 0.01, true), + ('00000000-0000-0000-0003-000000000042', '00000000-0000-0000-0002-000000000005', 'Minute', 'MIN', 'smaller', 0.016667, 1, true) +ON CONFLICT (id) DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Catalogs seed data loaded:'; + RAISE NOTICE ' - 3 currencies (MXN, USD, EUR)'; + RAISE NOTICE ' - 5 countries'; + RAISE NOTICE ' - 5 UOM categories'; + RAISE NOTICE ' - 15 units of measure'; +END $$; diff --git a/database/seeds/dev/01-tenants.sql b/database/seeds/dev/01-tenants.sql new file mode 100644 index 0000000..1def231 --- /dev/null +++ b/database/seeds/dev/01-tenants.sql @@ -0,0 +1,49 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: TENANTS (Development) +-- ============================================================================ +-- Description: Initial tenants for development environment +-- ============================================================================ + +-- Default tenant for development +INSERT INTO auth.tenants (id, name, subdomain, schema_name, status, settings, plan, max_users, created_at) +VALUES ( + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Demo Company', + 'demo', + 'tenant_demo', + 'active', + jsonb_build_object( + 'locale', 'es_MX', + 'timezone', 'America/Mexico_City', + 'currency', 'MXN', + 'date_format', 'DD/MM/YYYY' + ), + 'pro', + 50, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Second tenant for multi-tenancy testing +INSERT INTO auth.tenants (id, name, subdomain, schema_name, status, settings, plan, max_users, created_at) +VALUES ( + '204c4748-09b2-4a98-bb5a-183ec263f205', + 'Test Corporation', + 'test-corp', + 'tenant_test_corp', + 'active', + jsonb_build_object( + 'locale', 'en_US', + 'timezone', 'America/New_York', + 'currency', 'USD', + 'date_format', 'MM/DD/YYYY' + ), + 'basic', + 10, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Tenants seed data loaded: 2 tenants created'; +END $$; diff --git a/database/seeds/dev/02-companies.sql b/database/seeds/dev/02-companies.sql new file mode 100644 index 0000000..2eb0010 --- /dev/null +++ b/database/seeds/dev/02-companies.sql @@ -0,0 +1,64 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: COMPANIES (Development) +-- ============================================================================ +-- Description: Initial companies for development environment +-- ============================================================================ + +-- Default company for Demo tenant +INSERT INTO auth.companies (id, tenant_id, name, legal_name, tax_id, currency_id, settings, created_at) +VALUES ( + '50fa9b29-504f-4c45-8f8a-3d129cfc6095', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Demo Company S.A. de C.V.', + 'Demo Company Sociedad Anónima de Capital Variable', + 'DCO123456ABC', + (SELECT id FROM core.currencies WHERE code = 'MXN' LIMIT 1), + jsonb_build_object( + 'fiscal_position', 'general', + 'tax_regime', '601', + 'email', 'contacto@demo-company.mx', + 'phone', '+52 55 1234 5678', + 'website', 'https://demo-company.mx' + ), + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Second company (subsidiary) for Demo tenant +INSERT INTO auth.companies (id, tenant_id, parent_company_id, name, legal_name, tax_id, currency_id, settings, created_at) +VALUES ( + 'e347be2e-483e-4ab5-8d73-5ed454e304c6', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + '50fa9b29-504f-4c45-8f8a-3d129cfc6095', + 'Demo Subsidiary', + 'Demo Subsidiary S. de R.L.', + 'DSU789012DEF', + (SELECT id FROM core.currencies WHERE code = 'MXN' LIMIT 1), + jsonb_build_object( + 'email', 'subsidiary@demo-company.mx', + 'phone', '+52 55 8765 4321' + ), + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Company for Test Corp tenant +INSERT INTO auth.companies (id, tenant_id, name, legal_name, tax_id, currency_id, settings, created_at) +VALUES ( + '2f24ea46-7828-4125-add2-3f12644d796f', + '204c4748-09b2-4a98-bb5a-183ec263f205', + 'Test Corporation Inc.', + 'Test Corporation Incorporated', + '12-3456789', + (SELECT id FROM core.currencies WHERE code = 'USD' LIMIT 1), + jsonb_build_object( + 'email', 'info@test-corp.com', + 'phone', '+1 555 123 4567', + 'website', 'https://test-corp.com' + ), + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Companies seed data loaded: 3 companies created'; +END $$; diff --git a/database/seeds/dev/03-roles.sql b/database/seeds/dev/03-roles.sql new file mode 100644 index 0000000..599952f --- /dev/null +++ b/database/seeds/dev/03-roles.sql @@ -0,0 +1,246 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: ROLES (Development) +-- ============================================================================ +-- Description: Default roles and permissions for development +-- ============================================================================ + +-- =========================================== +-- TENANT-SPECIFIC ROLES (Demo Company) +-- =========================================== + +-- Super Admin for Demo tenant +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '5e29aadd-1d9f-4280-a38b-fefe7cdece5a', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Super Administrator', + 'super_admin', + 'Full system access. Reserved for system administrators.', + true, + '#FF0000', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Admin +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + 'fed1cfa2-8ea1-4d86-bfef-b3dcc08801c2', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Administrator', + 'admin', + 'Full access within the tenant. Can manage users, settings, and all modules.', + true, + '#4CAF50', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Manager +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '1a35fbf0-a282-487d-95ef-13b3f702e8d6', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Manager', + 'manager', + 'Can manage operations, approve documents, and view reports.', + false, + '#2196F3', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Accountant +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + 'c91f1a60-bd0d-40d3-91b8-36c226ce3d29', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Accountant', + 'accountant', + 'Access to financial module: journals, invoices, payments, reports.', + false, + '#9C27B0', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Sales +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '493568ed-972f-472f-9ac1-236a32438936', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Sales Representative', + 'sales', + 'Access to sales module: quotations, orders, customers.', + false, + '#FF9800', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Purchasing +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '80515d77-fc15-4a5a-a213-7b9f869db15a', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Purchasing Agent', + 'purchasing', + 'Access to purchase module: RFQs, purchase orders, vendors.', + false, + '#00BCD4', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Warehouse +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '0a86a34a-7fd6-47e2-9e0c-4c547c6af9f1', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Warehouse Operator', + 'warehouse', + 'Access to inventory module: stock moves, pickings, adjustments.', + false, + '#795548', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Employee (basic) +INSERT INTO auth.roles (id, tenant_id, name, code, description, is_system, color, created_at) +VALUES ( + '88e299e6-8cda-4fd1-a32f-afc2aa7b8975', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Employee', + 'employee', + 'Basic access: timesheets, expenses, personal information.', + false, + '#607D8B', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- =========================================== +-- PERMISSIONS (using resource + action pattern) +-- =========================================== + +INSERT INTO auth.permissions (id, resource, action, description, module, created_at) +VALUES + -- Users + ('26389d69-6b88-48a5-9ca9-118394d32cd6', 'users', 'read', 'View user list and details', 'auth', CURRENT_TIMESTAMP), + ('be0f398a-7c7f-4bd0-a9b7-fd74cde7e5a0', 'users', 'create', 'Create new users', 'auth', CURRENT_TIMESTAMP), + ('4a584c2f-0485-453c-a93d-8c6df33e18d4', 'users', 'update', 'Edit existing users', 'auth', CURRENT_TIMESTAMP), + ('4650549e-b016-438a-bf4b-5cfcb0e9d3bb', 'users', 'delete', 'Delete users', 'auth', CURRENT_TIMESTAMP), + -- Companies + ('22f7d6c6-c65f-4aa4-b15c-dc6c3efd9baa', 'companies', 'read', 'View companies', 'core', CURRENT_TIMESTAMP), + ('11b94a84-65f2-40f6-b468-748fbc56a30a', 'companies', 'create', 'Create companies', 'core', CURRENT_TIMESTAMP), + ('3f1858a5-4381-4763-b23e-dee57e7cb3cf', 'companies', 'update', 'Edit companies', 'core', CURRENT_TIMESTAMP), + -- Partners + ('abc6a21a-1674-4acf-8155-3a0d5b130586', 'partners', 'read', 'View customers/vendors', 'core', CURRENT_TIMESTAMP), + ('a52fab21-24e0-446e-820f-9288b1468a36', 'partners', 'create', 'Create partners', 'core', CURRENT_TIMESTAMP), + ('bd453537-ba4c-4497-a982-1c923009a399', 'partners', 'update', 'Edit partners', 'core', CURRENT_TIMESTAMP), + -- Financial - Accounting + ('7a22be70-b5f7-446f-a9b9-8d6ba50615cc', 'journal_entries', 'read', 'View journal entries', 'financial', CURRENT_TIMESTAMP), + ('41eb796e-952f-4e34-8811-5adc4967d8ce', 'journal_entries', 'create', 'Create journal entries', 'financial', CURRENT_TIMESTAMP), + ('f5a77c95-f771-4854-8bc3-d1922f63deb7', 'journal_entries', 'approve', 'Approve/post journal entries', 'financial', CURRENT_TIMESTAMP), + -- Financial - Invoices + ('546ce323-7f80-49b1-a11f-76939d2b4289', 'invoices', 'read', 'View invoices', 'financial', CURRENT_TIMESTAMP), + ('139b4ed3-59e7-44d7-b4d9-7a2d02529152', 'invoices', 'create', 'Create invoices', 'financial', CURRENT_TIMESTAMP), + ('dacf3592-a892-4374-82e5-7f10603c107a', 'invoices', 'approve', 'Validate invoices', 'financial', CURRENT_TIMESTAMP), + -- Inventory + ('04481809-1d01-4516-afa2-dcaae8a1b331', 'products', 'read', 'View products', 'inventory', CURRENT_TIMESTAMP), + ('3df9671e-db5a-4a22-b570-9210d3c0a2e3', 'products', 'create', 'Create products', 'inventory', CURRENT_TIMESTAMP), + ('101f7d9f-f50f-4673-94da-d2002e65348b', 'stock_moves', 'read', 'View stock movements', 'inventory', CURRENT_TIMESTAMP), + ('5e5de64d-68b6-46bc-9ec4-d34ca145b1cc', 'stock_moves', 'create', 'Create stock movements', 'inventory', CURRENT_TIMESTAMP), + -- Purchase + ('7c602d68-d1d2-4ba1-b0fd-9d7b70d3f12a', 'purchase_orders', 'read', 'View purchase orders', 'purchase', CURRENT_TIMESTAMP), + ('38cf2a54-60db-4ba5-8a95-fd34d2cba6cf', 'purchase_orders', 'create', 'Create purchase orders', 'purchase', CURRENT_TIMESTAMP), + ('3356eb5b-538e-4bde-a12c-3b7d35ebd657', 'purchase_orders', 'approve', 'Approve purchase orders', 'purchase', CURRENT_TIMESTAMP), + -- Sales + ('ffc586d2-3928-4fc7-bf72-47d52ec5e692', 'sales_orders', 'read', 'View sales orders', 'sales', CURRENT_TIMESTAMP), + ('5d3a2eee-98e7-429f-b907-07452de3fb0e', 'sales_orders', 'create', 'Create sales orders', 'sales', CURRENT_TIMESTAMP), + ('00481e6e-571c-475d-a4a2-81620866ff1a', 'sales_orders', 'approve', 'Confirm sales orders', 'sales', CURRENT_TIMESTAMP), + -- Reports + ('c699419a-e99c-4808-abd6-c6352e2eeb67', 'reports', 'read', 'View reports', 'system', CURRENT_TIMESTAMP), + ('c648cac1-d3cc-4e9b-a84a-533f28132768', 'reports', 'export', 'Export reports', 'system', CURRENT_TIMESTAMP) +ON CONFLICT (resource, action) DO NOTHING; + +-- =========================================== +-- ROLE-PERMISSION ASSIGNMENTS +-- =========================================== + +-- Admin role gets all permissions +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + 'fed1cfa2-8ea1-4d86-bfef-b3dcc08801c2', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +ON CONFLICT DO NOTHING; + +-- Manager role (most permissions except user management) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + '1a35fbf0-a282-487d-95ef-13b3f702e8d6', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE resource NOT IN ('users') +ON CONFLICT DO NOTHING; + +-- Accountant role (financial MGN-004 + read partners + reports) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + 'c91f1a60-bd0d-40d3-91b8-36c226ce3d29', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE module = 'MGN-004' + OR (resource = 'partners' AND action = 'read') + OR (resource = 'reports') +ON CONFLICT DO NOTHING; + +-- Sales role (MGN-007 + sales + partners + read invoices/products/reports) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + '493568ed-972f-472f-9ac1-236a32438936', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE module IN ('sales', 'MGN-007') + OR (resource = 'partners') + OR (resource = 'invoices' AND action = 'read') + OR (resource = 'products' AND action = 'read') + OR (resource = 'reports' AND action = 'read') +ON CONFLICT DO NOTHING; + +-- Purchasing role (MGN-006 + partners + products read) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + '80515d77-fc15-4a5a-a213-7b9f869db15a', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE module = 'MGN-006' + OR (resource = 'partners') + OR (resource = 'products' AND action = 'read') +ON CONFLICT DO NOTHING; + +-- Warehouse role (MGN-005 inventory + products) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + '0a86a34a-7fd6-47e2-9e0c-4c547c6af9f1', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE module = 'MGN-005' +ON CONFLICT DO NOTHING; + +-- Employee role (basic read permissions) +INSERT INTO auth.role_permissions (role_id, permission_id, granted_at) +SELECT + '88e299e6-8cda-4fd1-a32f-afc2aa7b8975', + id, + CURRENT_TIMESTAMP +FROM auth.permissions +WHERE action = 'read' + AND resource IN ('companies', 'partners', 'products', 'reports') +ON CONFLICT DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Roles seed data loaded: 8 roles, 28 permissions'; +END $$; diff --git a/database/seeds/dev/04-users.sql b/database/seeds/dev/04-users.sql new file mode 100644 index 0000000..e23e410 --- /dev/null +++ b/database/seeds/dev/04-users.sql @@ -0,0 +1,148 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: USERS (Development) +-- ============================================================================ +-- Description: Development users for testing +-- Password for all users: Test1234 (bcrypt hash) +-- ============================================================================ + +-- Password hash for "Test1234" using bcrypt (generated with bcryptjs, 10 rounds) +-- Hash: $2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense +-- Note: You should regenerate this in production + +-- Super Admin (is_superuser=true, assigned to Demo tenant) +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, is_superuser, email_verified_at, created_at) +VALUES ( + '0bb44df3-ec99-4306-85e9-50c34dd7d27a', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'superadmin@erp-generic.local', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'Super Admin', + 'active', + true, + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Assign super_admin role +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ( + '0bb44df3-ec99-4306-85e9-50c34dd7d27a', + '5e29aadd-1d9f-4280-a38b-fefe7cdece5a', + CURRENT_TIMESTAMP +) ON CONFLICT DO NOTHING; + +-- =========================================== +-- DEMO COMPANY USERS +-- =========================================== + +-- Admin user +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, email_verified_at, created_at) +VALUES ( + 'e6f9a1fd-2a56-496c-9dc5-f603e1a910dd', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'admin@demo-company.mx', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'Carlos Administrador', + 'active', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ('e6f9a1fd-2a56-496c-9dc5-f603e1a910dd', 'fed1cfa2-8ea1-4d86-bfef-b3dcc08801c2', CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +INSERT INTO auth.user_companies (user_id, company_id, is_default, assigned_at) +VALUES ('e6f9a1fd-2a56-496c-9dc5-f603e1a910dd', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', true, CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +-- Manager user +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, email_verified_at, created_at) +VALUES ( + 'c8013936-53ad-4c6a-8f50-d7c7be1da9de', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'manager@demo-company.mx', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'María Gerente', + 'active', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ('c8013936-53ad-4c6a-8f50-d7c7be1da9de', '1a35fbf0-a282-487d-95ef-13b3f702e8d6', CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +INSERT INTO auth.user_companies (user_id, company_id, is_default, assigned_at) +VALUES ('c8013936-53ad-4c6a-8f50-d7c7be1da9de', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', true, CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +-- Accountant user +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, email_verified_at, created_at) +VALUES ( + '1110b920-a7ab-4303-aa9e-4b2fafe44f84', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'contador@demo-company.mx', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'Juan Contador', + 'active', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ('1110b920-a7ab-4303-aa9e-4b2fafe44f84', 'c91f1a60-bd0d-40d3-91b8-36c226ce3d29', CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +INSERT INTO auth.user_companies (user_id, company_id, is_default, assigned_at) +VALUES ('1110b920-a7ab-4303-aa9e-4b2fafe44f84', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', true, CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +-- Sales user +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, email_verified_at, created_at) +VALUES ( + '607fc4d8-374c-4693-b601-81f522a857ab', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'ventas@demo-company.mx', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'Ana Ventas', + 'active', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ('607fc4d8-374c-4693-b601-81f522a857ab', '493568ed-972f-472f-9ac1-236a32438936', CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +INSERT INTO auth.user_companies (user_id, company_id, is_default, assigned_at) +VALUES ('607fc4d8-374c-4693-b601-81f522a857ab', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', true, CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +-- Warehouse user +INSERT INTO auth.users (id, tenant_id, email, password_hash, full_name, status, email_verified_at, created_at) +VALUES ( + '7c7f132b-4551-4864-bafd-36147e626bb7', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'almacen@demo-company.mx', + '$2a$10$EbJ0czCHXi8LatF2e7NfkeA/RLMn2R8w1ShDnHVUtQRnosEokense', + 'Pedro Almacén', + 'active', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO auth.user_roles (user_id, role_id, assigned_at) +VALUES ('7c7f132b-4551-4864-bafd-36147e626bb7', '0a86a34a-7fd6-47e2-9e0c-4c547c6af9f1', CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +INSERT INTO auth.user_companies (user_id, company_id, is_default, assigned_at) +VALUES ('7c7f132b-4551-4864-bafd-36147e626bb7', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', true, CURRENT_TIMESTAMP) +ON CONFLICT DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Users seed data loaded: 6 users created'; + RAISE NOTICE 'Default password for all users: Test1234'; +END $$; diff --git a/database/seeds/dev/05-sample-data.sql b/database/seeds/dev/05-sample-data.sql new file mode 100644 index 0000000..fb2e526 --- /dev/null +++ b/database/seeds/dev/05-sample-data.sql @@ -0,0 +1,228 @@ +-- ============================================================================ +-- ERP GENERIC - SEED DATA: SAMPLE DATA (Development) +-- ============================================================================ +-- Description: Sample partners, products, and transactions for testing +-- ============================================================================ + +-- =========================================== +-- UUID REFERENCE (from previous seeds) +-- =========================================== +-- TENANT_DEMO: 1c7dfbb0-19b8-4e87-a225-a74da6f26dbf +-- COMPANY_DEMO: 50fa9b29-504f-4c45-8f8a-3d129cfc6095 + +-- =========================================== +-- SAMPLE PARTNERS (Customers & Vendors) +-- =========================================== + +-- Customer 1 - Acme Corporation +INSERT INTO core.partners (id, tenant_id, name, legal_name, partner_type, is_customer, is_supplier, is_company, email, phone, tax_id, created_at) +VALUES ( + 'dda3e76c-0f92-49ea-b647-62fde7d6e1d1', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Acme Corporation', + 'Acme Corporation S.A. de C.V.', + 'company', + true, + false, + true, + 'ventas@acme.mx', + '+52 55 1111 2222', + 'ACM123456ABC', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Customer 2 - Tech Solutions +INSERT INTO core.partners (id, tenant_id, name, legal_name, partner_type, is_customer, is_supplier, is_company, email, phone, tax_id, created_at) +VALUES ( + '78291258-da01-4560-a49e-5047d92cf11f', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Tech Solutions', + 'Tech Solutions de México S.A.', + 'company', + true, + false, + true, + 'contacto@techsolutions.mx', + '+52 55 3333 4444', + 'TSM987654XYZ', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Vendor 1 - Materiales del Centro +INSERT INTO core.partners (id, tenant_id, name, legal_name, partner_type, is_customer, is_supplier, is_company, email, phone, tax_id, created_at) +VALUES ( + '643c97e3-bf44-40ed-bd01-ae1f5f0d861b', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Materiales del Centro', + 'Materiales del Centro S. de R.L.', + 'company', + false, + true, + true, + 'ventas@materialescentro.mx', + '+52 55 5555 6666', + 'MDC456789DEF', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- Vendor 2 - Distribuidora Nacional +INSERT INTO core.partners (id, tenant_id, name, legal_name, partner_type, is_customer, is_supplier, is_company, email, phone, tax_id, created_at) +VALUES ( + '79f3d083-375e-4e50-920b-a3630f74d4b1', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Distribuidora Nacional', + 'Distribuidora Nacional de Productos S.A.', + 'company', + false, + true, + true, + 'pedidos@distnacional.mx', + '+52 55 7777 8888', + 'DNP321654GHI', + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +-- =========================================== +-- SAMPLE PRODUCT CATEGORIES +-- =========================================== + +INSERT INTO core.product_categories (id, tenant_id, name, code, parent_id, full_path, active, created_at) +VALUES + ('f10ee8c4-e52e-41f5-93b3-a140d09dd807', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', 'All Products', 'ALL', NULL, 'All Products', true, CURRENT_TIMESTAMP), + ('b1517141-470a-4835-98ff-9250ffd18121', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', 'Raw Materials', 'RAW', 'f10ee8c4-e52e-41f5-93b3-a140d09dd807', 'All Products / Raw Materials', true, CURRENT_TIMESTAMP), + ('0b55e26b-ec64-4a80-aab3-be5a55b0ca88', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', 'Finished Goods', 'FIN', 'f10ee8c4-e52e-41f5-93b3-a140d09dd807', 'All Products / Finished Goods', true, CURRENT_TIMESTAMP), + ('e92fbdc8-998f-4bf2-8a00-c7efd3e8eb64', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', 'Services', 'SRV', 'f10ee8c4-e52e-41f5-93b3-a140d09dd807', 'All Products / Services', true, CURRENT_TIMESTAMP) +ON CONFLICT (id) DO NOTHING; + +-- =========================================== +-- SAMPLE PRODUCTS +-- =========================================== + +INSERT INTO inventory.products (id, tenant_id, name, code, barcode, category_id, product_type, uom_id, cost_price, list_price, created_at) +VALUES + -- Product 1: Raw material - Steel Sheet + ( + 'ccbc64d7-06f9-47a1-9ad7-6dbfbbf82955', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Steel Sheet 4x8', + 'MAT-001', + '7501234567890', + 'b1517141-470a-4835-98ff-9250ffd18121', + 'storable', + (SELECT id FROM core.uom WHERE code = 'unit' LIMIT 1), + 350.00, + 500.00, + CURRENT_TIMESTAMP + ), + -- Product 2: Finished good - Metal Cabinet + ( + '1d4bbccb-1d83-4b15-a85d-687e378fff96', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Metal Cabinet Large', + 'PROD-001', + '7501234567891', + '0b55e26b-ec64-4a80-aab3-be5a55b0ca88', + 'storable', + (SELECT id FROM core.uom WHERE code = 'unit' LIMIT 1), + 1800.00, + 2500.00, + CURRENT_TIMESTAMP + ), + -- Product 3: Service - Installation + ( + 'aae17b73-5bd2-433e-bb99-d9187df398b8', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + 'Installation Service', + 'SRV-001', + NULL, + 'e92fbdc8-998f-4bf2-8a00-c7efd3e8eb64', + 'service', + (SELECT id FROM core.uom WHERE code = 'h' LIMIT 1), + 300.00, + 500.00, + CURRENT_TIMESTAMP + ) +ON CONFLICT (id) DO NOTHING; + +-- =========================================== +-- SAMPLE WAREHOUSE & LOCATIONS +-- =========================================== + +INSERT INTO inventory.warehouses (id, tenant_id, company_id, name, code, is_default, active, created_at) +VALUES ( + '40ea2e44-31aa-4e4c-856d-e5c3dd0b942f', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + '50fa9b29-504f-4c45-8f8a-3d129cfc6095', + 'Main Warehouse', + 'WH-MAIN', + true, + true, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO inventory.locations (id, tenant_id, warehouse_id, name, complete_name, location_type, active, created_at) +VALUES + ('7a57d418-4ea6-47d7-a3e0-2ade4c95e240', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '40ea2e44-31aa-4e4c-856d-e5c3dd0b942f', 'Stock', 'WH-MAIN/Stock', 'internal', true, CURRENT_TIMESTAMP), + ('3bea067b-5023-474b-88cf-97bb0461538b', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '40ea2e44-31aa-4e4c-856d-e5c3dd0b942f', 'Input', 'WH-MAIN/Input', 'internal', true, CURRENT_TIMESTAMP), + ('8f97bcf7-a34f-406e-8292-bfb04502a4f8', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '40ea2e44-31aa-4e4c-856d-e5c3dd0b942f', 'Output', 'WH-MAIN/Output', 'internal', true, CURRENT_TIMESTAMP) +ON CONFLICT (id) DO NOTHING; + +-- =========================================== +-- SAMPLE STOCK QUANTITIES +-- =========================================== + +DO $$ +BEGIN + IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_schema = 'inventory' AND table_name = 'stock_quants') THEN + -- Steel Sheet 4x8 - 100 units in Stock location + PERFORM inventory.update_stock_quant( + 'ccbc64d7-06f9-47a1-9ad7-6dbfbbf82955'::uuid, + '7a57d418-4ea6-47d7-a3e0-2ade4c95e240'::uuid, + NULL, + 100.00 + ); + -- Metal Cabinet Large - 25 units in Stock location + PERFORM inventory.update_stock_quant( + '1d4bbccb-1d83-4b15-a85d-687e378fff96'::uuid, + '7a57d418-4ea6-47d7-a3e0-2ade4c95e240'::uuid, + NULL, + 25.00 + ); + RAISE NOTICE 'Stock quantities added via update_stock_quant function'; + ELSE + RAISE NOTICE 'inventory.stock_quants table does not exist, skipping stock initialization'; + END IF; +END $$; + +-- =========================================== +-- SAMPLE ANALYTIC ACCOUNTS +-- =========================================== + +INSERT INTO analytics.analytic_plans (id, tenant_id, company_id, name, description, active, created_at) +VALUES ( + 'f6085dcd-dcd7-4ef5-affc-0fa3b037b1d2', + '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', + '50fa9b29-504f-4c45-8f8a-3d129cfc6095', + 'Projects', + 'Plan for project-based analytics', + true, + CURRENT_TIMESTAMP +) ON CONFLICT (id) DO NOTHING; + +INSERT INTO analytics.analytic_accounts (id, tenant_id, company_id, plan_id, name, code, account_type, status, created_at) +VALUES + ('858e16c0-773d-4cec-ac94-0241ab0c90e3', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', 'f6085dcd-dcd7-4ef5-affc-0fa3b037b1d2', 'Project Alpha', 'PROJ-ALPHA', 'project', 'active', CURRENT_TIMESTAMP), + ('41b6a320-021d-473d-b643-038b1bb86055', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', 'f6085dcd-dcd7-4ef5-affc-0fa3b037b1d2', 'Project Beta', 'PROJ-BETA', 'project', 'active', CURRENT_TIMESTAMP), + ('b950ada5-2f11-4dd7-a91b-5696dbb8fabc', '1c7dfbb0-19b8-4e87-a225-a74da6f26dbf', '50fa9b29-504f-4c45-8f8a-3d129cfc6095', 'f6085dcd-dcd7-4ef5-affc-0fa3b037b1d2', 'Operations', 'OPS', 'department', 'active', CURRENT_TIMESTAMP) +ON CONFLICT (id) DO NOTHING; + +-- Output confirmation +DO $$ +BEGIN + RAISE NOTICE 'Sample data loaded:'; + RAISE NOTICE ' - 4 partners (2 customers, 2 vendors)'; + RAISE NOTICE ' - 4 product categories'; + RAISE NOTICE ' - 3 products'; + RAISE NOTICE ' - 1 warehouse with 3 locations'; + RAISE NOTICE ' - 3 analytic accounts'; +END $$; diff --git a/docs/00-vision-general/VISION-ERP-CORE.md b/docs/00-vision-general/VISION-ERP-CORE.md new file mode 100644 index 0000000..2ed2059 --- /dev/null +++ b/docs/00-vision-general/VISION-ERP-CORE.md @@ -0,0 +1,217 @@ +# Vision General: ERP Core + +## Resumen Ejecutivo + +ERP Core es la **base generica reutilizable** que proporciona el 60-70% del codigo compartido para todas las verticales del ERP Suite. Es una adaptacion de los patrones de Odoo al stack TypeScript/Node.js/React. + +--- + +## Proposito + +### Problema que Resuelve + +Desarrollar ERPs verticales desde cero es costoso y repetitivo. El 60-70% de la funcionalidad es comun: +- Autenticacion y usuarios +- Multi-tenancy +- Catalogos maestros +- Partners (clientes/proveedores) +- Productos e inventario +- Ventas y compras +- Contabilidad basica + +### Solucion + +ERP Core provee esta funcionalidad comun de forma: +- **Modular:** Cada modulo es independiente +- **Extensible:** Las verticales pueden extender sin modificar +- **Multi-tenant:** Aislamiento por tenant desde el diseno +- **Documentado:** Documentacion antes de desarrollo + +--- + +## Objetivos + +### Corto Plazo (3 meses) +1. Completar modulos core: Auth, Users, Roles, Tenants +2. Implementar Partners y Products +3. Establecer patrones de extension para verticales + +### Mediano Plazo (6 meses) +1. Completar Sales, Purchases, Inventory +2. Implementar Financial basico +3. Primera vertical (Construccion) usando el core + +### Largo Plazo (12 meses) +1. Todas las verticales usando el core +2. SaaS layer para autocontratacion +3. Marketplace de extensiones + +--- + +## Arquitectura + +### Modelo de Capas + +``` +┌─────────────────────────────────────────────────────────────┐ +│ FRONTEND │ +│ React 18 + TypeScript + Tailwind + Zustand │ +├─────────────────────────────────────────────────────────────┤ +│ API REST │ +│ Express.js + TypeScript + Swagger │ +├─────────────────────────────────────────────────────────────┤ +│ BACKEND │ +│ Modulos: Auth | Users | Partners | Products | Sales... │ +│ Services + Controllers + DTOs + Entities │ +├─────────────────────────────────────────────────────────────┤ +│ DATABASE │ +│ PostgreSQL 15+ con RLS (Row-Level Security) │ +│ Schemas: core_auth | core_partners | core_products... │ +└─────────────────────────────────────────────────────────────┘ +``` + +### Modelo de Extension + +``` +┌─────────────────────────────────────────────────────────────┐ +│ ERP CORE │ +│ Modulos Genericos (MGN-001 a MGN-015) │ +│ 60-70% funcionalidad comun │ +└────────────────────────┬────────────────────────────────────┘ + │ EXTIENDE + ┌────────────────┼────────────────┐ + ↓ ↓ ↓ +┌───────────────┐ ┌───────────────┐ ┌───────────────┐ +│ Construccion │ │Vidrio Templado│ │ Retail │ +│ (MAI-*) │ │ (MVT-*) │ │ (MRT-*) │ +│ 30-40% extra │ │ 30-40% extra │ │ 30-40% extra │ +└───────────────┘ └───────────────┘ └───────────────┘ +``` + +--- + +## Modulos Core (MGN-*) + +| Codigo | Modulo | Descripcion | Prioridad | Estado | +|--------|--------|-------------|-----------|--------| +| MGN-001 | auth | Autenticacion JWT, OAuth, sessions | P0 | En desarrollo | +| MGN-002 | users | Gestion de usuarios CRUD | P0 | En desarrollo | +| MGN-003 | roles | Roles y permisos (RBAC) | P0 | Planificado | +| MGN-004 | tenants | Multi-tenancy, aislamiento | P0 | Planificado | +| MGN-005 | catalogs | Catalogos maestros genericos | P1 | Planificado | +| MGN-006 | settings | Configuracion del sistema | P1 | Planificado | +| MGN-007 | audit | Auditoria y logs | P1 | Planificado | +| MGN-008 | notifications | Sistema de notificaciones | P2 | Planificado | +| MGN-009 | reports | Reportes genericos | P2 | Planificado | +| MGN-010 | financial | Contabilidad basica | P1 | Planificado | +| MGN-011 | inventory | Inventario basico | P1 | Planificado | +| MGN-012 | purchasing | Compras basicas | P1 | Planificado | +| MGN-013 | sales | Ventas basicas | P1 | Planificado | +| MGN-014 | crm | CRM basico | P2 | Planificado | +| MGN-015 | projects | Proyectos genericos | P2 | Planificado | + +--- + +## Stack Tecnologico + +### Backend +| Tecnologia | Version | Proposito | +|------------|---------|-----------| +| Node.js | 20+ | Runtime | +| Express.js | 4.x | Framework HTTP | +| TypeScript | 5.3+ | Lenguaje | +| TypeORM | 0.3.17 | ORM | +| JWT + bcryptjs | - | Autenticacion | +| Zod, class-validator | - | Validacion | +| Swagger | 3.x | Documentacion API | +| Jest | 29.x | Testing | + +### Frontend +| Tecnologia | Version | Proposito | +|------------|---------|-----------| +| React | 18.x | Framework UI | +| Vite | 5.x | Build tool | +| TypeScript | 5.3+ | Lenguaje | +| Zustand | 4.x | State management | +| Tailwind CSS | 4.x | Styling | +| React Query | 5.x | Data fetching | +| React Hook Form | 7.x | Formularios | + +### Database +| Tecnologia | Version | Proposito | +|------------|---------|-----------| +| PostgreSQL | 15+ | Motor BD | +| RLS | - | Row-Level Security | +| uuid-ossp | - | Generacion UUIDs | +| pg_trgm | - | Busqueda fuzzy | + +--- + +## Principios de Diseno + +### 1. Multi-Tenancy First +Toda tabla tiene `tenant_id`. Todo query filtra por tenant. + +### 2. Documentation Driven +Documentar antes de desarrollar. La documentacion es el contrato. + +### 3. Extension over Modification +Las verticales extienden, nunca modifican el core. + +### 4. Patterns from Odoo +Adaptar patrones probados de Odoo al stack TypeScript. + +### 5. Single Source of Truth +Un lugar para cada dato. Sincronizacion automatica. + +--- + +## Entregables por Fase + +### Fase 1: Foundation (Actual) +- [ ] MGN-001 Auth completo +- [ ] MGN-002 Users completo +- [ ] MGN-003 Roles completo +- [ ] MGN-004 Tenants completo +- [ ] Documentacion de todos los modulos + +### Fase 2: Core Business +- [ ] MGN-005 Catalogs +- [ ] MGN-010 Financial basico +- [ ] MGN-011 Inventory +- [ ] MGN-012 Purchasing +- [ ] MGN-013 Sales + +### Fase 3: Extended +- [ ] MGN-006 Settings +- [ ] MGN-007 Audit +- [ ] MGN-008 Notifications +- [ ] MGN-009 Reports +- [ ] MGN-014 CRM +- [ ] MGN-015 Projects + +--- + +## Referencias + +| Recurso | Path | +|---------|------| +| Directivas | `orchestration/directivas/` | +| Patrones Odoo | `orchestration/directivas/DIRECTIVA-PATRONES-ODOO.md` | +| Templates | `orchestration/templates/` | +| Catálogo central | `core/catalog/` *(patrones reutilizables)* | + +--- + +## Metricas de Exito + +| Metrica | Objetivo | +|---------|----------| +| Cobertura de tests | >80% | +| Documentacion | 100% antes de desarrollo | +| Reutilizacion en verticales | >60% | +| Tiempo de setup nueva vertical | <1 semana | + +--- + +*Ultima actualizacion: Diciembre 2025* diff --git a/docs/01-analisis-referencias/MAPA-COMPONENTES-GENERICOS.md b/docs/01-analisis-referencias/MAPA-COMPONENTES-GENERICOS.md new file mode 100644 index 0000000..0263e56 --- /dev/null +++ b/docs/01-analisis-referencias/MAPA-COMPONENTES-GENERICOS.md @@ -0,0 +1,351 @@ +# MAPA DE COMPONENTES GENÉRICOS VS ESPECÍFICOS + +**Documento:** Mapa Consolidado de Componentes +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** Completado + +--- + +## Introducción + +Este documento consolida el mapeo completo de componentes genéricos vs específicos, resultado del análisis de Fase 0. + +**Metodología:** +1. Análisis de Odoo (14 archivos) → Lógica de negocio universal +2. Análisis de Gamilit (7 archivos) → Arquitectura moderna probada +3. Validación con ERP Construcción → Identificación de genéricos vs específicos + +--- + +## 1. COMPONENTES DE BASE DE DATOS + +### 1.1 Genéricos (van en ERP Genérico) + +| Componente | Tipo | Ubicación Destino | Usado por Proyectos | Prioridad | +|------------|------|-------------------|---------------------|-----------| +| **auth_management** (schema) | Schema | erp-generic/database/ddl/auth/ | Construcción, Vidrio, Mecánicas | P0 | +| auth.users | Table | auth/tables/users.sql | Todos | P0 | +| auth.roles | Table | auth/tables/roles.sql | Todos | P0 | +| auth.permissions | Table | auth/tables/permissions.sql | Todos | P0 | +| auth.sessions | Table | auth/tables/sessions.sql | Todos | P0 | +| **audit_logging** (schema) | Schema | erp-generic/database/ddl/audit/ | Todos | P0 | +| audit.logs | Table | audit/tables/logs.sql | Todos | P0 | +| **core_system** (schema) | Schema | erp-generic/database/ddl/core/ | Todos | P0 | +| core.companies | Table | core/tables/companies.sql | Todos | P0 | +| core.partners | Table | core/tables/partners.sql | Todos | P0 | +| core.currencies | Table | core/tables/currencies.sql | Todos | P0 | +| core.countries | Table | core/tables/countries.sql | Todos | P0 | +| core.uom | Table | core/tables/uom.sql | Todos | P0 | +| **financial** (schema) | Schema | erp-generic/database/ddl/financial/ | Todos | P0 | +| financial.accounts | Table | financial/tables/accounts.sql | Todos | P0 | +| financial.journal_entries | Table | financial/tables/journal_entries.sql | Todos | P0 | +| financial.payments | Table | financial/tables/payments.sql | Todos | P0 | +| **purchasing** (schema) | Schema | erp-generic/database/ddl/purchasing/ | Todos | P0 | +| purchasing.orders | Table | purchasing/tables/orders.sql | Todos | P0 | +| **inventory** (schema) | Schema | erp-generic/database/ddl/inventory/ | Construcción, Vidrio, Mecánicas | P0 | +| inventory.warehouses | Table | inventory/tables/warehouses.sql | Construcción, Vidrio, Mecánicas | P0 | +| inventory.products | Table | inventory/tables/products.sql | Todos | P0 | + +**Total Schemas Genéricos:** 6 (auth, audit, core, financial, purchasing, inventory) +**Total Tablas Genéricas:** 44 tablas + +### 1.2 Específicos de Construcción + +| Componente | Tipo | Ubicación | Razón Específica | +|------------|------|-----------|------------------| +| **project_management** | Schema | erp-construccion/database/ddl/project_management/ | Manzanas, lotes, prototipos INFONAVIT | +| projects.blocks | Table | project_management/tables/blocks.sql | Concepto único urbanización | +| projects.lots | Table | project_management/tables/lots.sql | Lotes con escrituración | +| projects.housing_prototypes | Table | project_management/tables/housing_prototypes.sql | Modelos de vivienda | +| **construction_management** | Schema | erp-construccion/database/ddl/construction_management/ | Control de obra específico | +| construction.physical_progress | Table | construction_management/tables/physical_progress.sql | Avances físicos construcción | +| construction.work_schedules | Table | construction_management/tables/work_schedules.sql | Curva S, ruta crítica | +| **infonavit_management** | Schema | erp-construccion/database/ddl/infonavit_management/ | INFONAVIT México | +| infonavit.beneficiaries | Table | infonavit_management/tables/beneficiaries.sql | Derechohabientes INFONAVIT | +| infonavit.credits | Table | infonavit_management/tables/credits.sql | Créditos INFONAVIT | + +**Total Schemas Específicos:** 4 +**Total Tablas Específicas:** 30 + +--- + +## 2. COMPONENTES DE BACKEND + +### 2.1 Genéricos + +| Módulo/Servicio | Ubicación Destino | Usado por Proyectos | Prioridad | +|-----------------|-------------------|---------------------|-----------| +| **auth module** | erp-generic/backend/src/modules/auth/ | Todos | P0 | +| **users module** | erp-generic/backend/src/modules/users/ | Todos | P0 | +| **roles module** | erp-generic/backend/src/modules/roles/ | Todos | P0 | +| **companies module** | erp-generic/backend/src/modules/companies/ | Todos | P0 | +| **catalogs module** | erp-generic/backend/src/modules/catalogs/ | Todos | P0 | +| **audit module** | erp-generic/backend/src/modules/audit/ | Todos | P0 | +| **notifications module** | erp-generic/backend/src/modules/notifications/ | Todos | P0 | +| **files module** | erp-generic/backend/src/modules/files/ | Todos | P1 | +| DatabaseService | erp-generic/backend/src/shared/services/database.service.ts | Todos | P0 | +| CryptoService | erp-generic/backend/src/shared/services/crypto.service.ts | Todos | P0 | +| EmailService | erp-generic/backend/src/shared/services/email.service.ts | Todos | P0 | +| authMiddleware | erp-generic/backend/src/shared/middleware/auth.middleware.ts | Todos | P0 | +| rbacMiddleware | erp-generic/backend/src/shared/middleware/rbac.middleware.ts | Todos | P0 | + +**Total Módulos Backend Genéricos:** 8 +**Total Servicios Compartidos:** 7 +**Total Middleware:** 7 + +### 2.2 Específicos de Construcción + +| Módulo/Servicio | Ubicación | Razón Específica | +|-----------------|-----------|------------------| +| **projects module** | erp-construccion/backend/src/modules/projects/ | Lógica fraccionamientos | +| **budgets module** | erp-construccion/backend/src/modules/budgets/ | APUs construcción | +| **construction module** | erp-construccion/backend/src/modules/construction/ | Control de obra | +| **estimates module** | erp-construccion/backend/src/modules/estimates/ | Estimaciones de obra | +| **infonavit module** | erp-construccion/backend/src/modules/infonavit/ | Integración INFONAVIT | +| CurvaSCalculator | erp-construccion/backend/src/services/curva-s.service.ts | Algoritmo específico | +| APUCalculator | erp-construccion/backend/src/services/apu.service.ts | Explosión de insumos | + +**Total Módulos Backend Específicos:** 8 +**Total Servicios Específicos:** 5 + +--- + +## 3. COMPONENTES DE FRONTEND + +### 3.1 Genéricos + +| Componente | Tipo | Ubicación Destino | Usado por Proyectos | Prioridad | +|------------|------|-------------------|---------------------|-----------| +| **Button** | Átomo | erp-generic/frontend/src/shared/components/atoms/Button.tsx | Todos | P0 | +| **Input** | Átomo | erp-generic/frontend/src/shared/components/atoms/Input.tsx | Todos | P0 | +| **Select** | Átomo | erp-generic/frontend/src/shared/components/atoms/Select.tsx | Todos | P0 | +| **DatePicker** | Átomo | erp-generic/frontend/src/shared/components/atoms/DatePicker.tsx | Todos | P0 | +| **FormField** | Molécula | erp-generic/frontend/src/shared/components/molecules/FormField.tsx | Todos | P0 | +| **SearchBar** | Molécula | erp-generic/frontend/src/shared/components/molecules/SearchBar.tsx | Todos | P0 | +| **Modal** | Molécula | erp-generic/frontend/src/shared/components/molecules/Modal.tsx | Todos | P0 | +| **Alert** | Molécula | erp-generic/frontend/src/shared/components/molecules/Alert.tsx | Todos | P0 | +| **DataTable** | Organismo | erp-generic/frontend/src/shared/components/organisms/DataTable.tsx | Todos | P0 | +| **Form** | Organismo | erp-generic/frontend/src/shared/components/organisms/Form.tsx | Todos | P0 | +| **Sidebar** | Organismo | erp-generic/frontend/src/shared/components/organisms/Sidebar.tsx | Todos | P0 | +| **Navbar** | Organismo | erp-generic/frontend/src/shared/components/organisms/Navbar.tsx | Todos | P0 | +| **DashboardLayout** | Template | erp-generic/frontend/src/shared/components/templates/DashboardLayout.tsx | Todos | P0 | +| **AuthLayout** | Template | erp-generic/frontend/src/shared/components/templates/AuthLayout.tsx | Todos | P0 | +| useAuth | Hook | erp-generic/frontend/src/shared/hooks/useAuth.ts | Todos | P0 | +| usePermissions | Hook | erp-generic/frontend/src/shared/hooks/usePermissions.ts | Todos | P0 | +| useAuthStore | Store | erp-generic/frontend/src/stores/auth.store.ts | Todos | P0 | +| useCompanyStore | Store | erp-generic/frontend/src/stores/company.store.ts | Todos | P0 | + +**Total Componentes UI Genéricos:** 31 +**Total Hooks Genéricos:** 10 +**Total Stores Genéricos:** 6 + +### 3.2 Específicos de Construcción + +| Componente | Tipo | Ubicación | Razón Específica | +|------------|------|-----------|------------------| +| **LotSelector** | Organismo | erp-construccion/frontend/src/components/LotSelector.tsx | Visualización plano manzana | +| **CurvaSChart** | Organismo | erp-construccion/frontend/src/components/CurvaSChart.tsx | Gráfica curva S | +| **ProgressTracker** | Organismo | erp-construccion/frontend/src/components/ProgressTracker.tsx | UI % avances construcción | +| **EstimateForm** | Organismo | erp-construccion/frontend/src/components/EstimateForm.tsx | Formulario generadores | +| **INFONAVITForm** | Organismo | erp-construccion/frontend/src/components/INFONAVITForm.tsx | Formulario INFONAVIT | +| **projects feature** | Feature | erp-construccion/frontend/src/features/projects/ | UI fraccionamientos | +| **construction feature** | Feature | erp-construccion/frontend/src/features/construction/ | UI control de obra | + +**Total Componentes UI Específicos:** 7 +**Total Features Específicas:** 6 + +--- + +## 4. RESUMEN CUANTITATIVO + +| Categoría | Genéricos | Específicos Construcción | Específicos Vidrio | Específicos Mecánicas | % Reutilización | +|-----------|-----------|--------------------------|--------------------|-----------------------|-----------------| +| **Schemas DB** | 6 | 4 | 2 | 1 | 60% | +| **Tablas DB** | 44 | 30 | 18 | 12 | 59% | +| **Módulos Backend** | 8 | 8 | 5 | 4 | 53% | +| **Servicios Backend** | 7 | 5 | 3 | 2 | 58% | +| **Componentes UI** | 31 | 7 | 5 | 4 | 72% | +| **Hooks Frontend** | 10 | 3 | 2 | 1 | 77% | +| **Stores Frontend** | 6 | 4 | 3 | 2 | 60% | +| **TOTAL** | **112** | **61** | **38** | **26** | **61%** | + +--- + +## 5. ANÁLISIS DE REUTILIZACIÓN POR PROYECTO + +### 5.1 ERP Construcción + +- **Componentes genéricos utilizados:** 112 (61%) +- **Componentes específicos construcción:** 61 (33%) +- **Componentes adaptables:** 10 (6%) +- **Total componentes:** 183 + +**Ahorro:** Baseline (0% - es el proyecto fuente) + +### 5.2 ERP Vidrio (Estimado) + +- **Componentes genéricos a reutilizar:** 105 (94% de genéricos) +- **Componentes de construcción adaptables:** 8 (calendarios, reportes) +- **Componentes específicos vidrio nuevos:** 38 +- **Total componentes estimado:** 151 + +**Ahorro:** 70% reutilización = ~30% reducción desarrollo + +### 5.3 ERP Mecánicas (Estimado) + +- **Componentes genéricos a reutilizar:** 109 (97% de genéricos) +- **Componentes de construcción adaptables:** 3 (proyectos base) +- **Componentes específicos mecánicas nuevos:** 26 +- **Total componentes estimado:** 138 + +**Ahorro:** 81% reutilización = ~42% reducción desarrollo + +### 5.4 Resumen de Reutilización + +| Proyecto | Reutilización ERP Genérico | Componentes Específicos | Ahorro Desarrollo | Timeline Estimado | +|----------|---------------------------|-------------------------|-------------------|-------------------| +| **ERP Construcción** | 61% | 33% | 0% (baseline) | 18 meses (baseline) | +| **ERP Vidrio** | 70% | 25% | ~30% | 12-13 meses | +| **ERP Mecánicas** | 81% | 19% | ~42% | 10-11 meses | +| **Promedio** | **71%** | **26%** | **36%** | **13 meses** | + +--- + +## 6. COMPONENTES P0 (CRÍTICOS PARA TODOS LOS PROYECTOS) + +### Database (20 componentes P0) + +- auth_management schema completo (10 tablas) +- audit_logging schema completo (4 tablas) +- core.companies, core.partners, core.currencies, core.countries, core.uom +- Funciones: update_updated_at_column(), get_current_user_id(), get_current_tenant_id() + +### Backend (15 componentes P0) + +- Módulos: auth, users, roles, companies, audit +- Servicios: DatabaseService, CryptoService, EmailService, LoggerService +- Middleware: authMiddleware, rbacMiddleware, validationMiddleware, errorMiddleware +- Decorators: @Public(), @Roles(), @CurrentUser() + +### Frontend (20 componentes P0) + +- Átomos: Button, Input, Select, DatePicker +- Moléculas: FormField, SearchBar, Modal, Alert +- Organismos: DataTable, Form, Sidebar, Navbar +- Templates: DashboardLayout, AuthLayout +- Hooks: useAuth, usePermissions +- Stores: useAuthStore, useCompanyStore + +**Total P0:** 55 componentes críticos que DEBEN estar en ERP Genérico + +--- + +## 7. ROADMAP DE MIGRACIÓN + +### Fase 0 (Semana 1-2): Infraestructura Crítica + +1. Schema auth_management (10 tablas) → erp-generic/database/ddl/auth/ +2. Schema audit_logging (4 tablas) → erp-generic/database/ddl/audit/ +3. Funciones DB universales (5) → erp-generic/database/ddl/functions/ +4. Módulo backend auth completo → erp-generic/backend/src/modules/auth/ +5. Componentes UI críticos (10) → erp-generic/frontend/src/shared/components/ + +**Esfuerzo:** 2 semanas +**Prioridad:** P0 + +### Fase 1 (Semana 3-4): Catálogos y Core + +1. Tablas: companies, partners, currencies, countries, uom (11 tablas) +2. Schema financial (12 tablas) +3. Módulos backend: companies, catalogs +4. Componentes UI adicionales (11) + +**Esfuerzo:** 2 semanas +**Prioridad:** P0 + +### Fase 2 (Semana 5-6): Módulos de Negocio Básicos + +1. Schema purchasing (7 tablas) +2. Módulos backend: notifications, files +3. Resto de componentes UI (10) +4. Hooks y Stores + +**Esfuerzo:** 2 semanas +**Prioridad:** P0-P1 + +**Total Migración Inicial:** 6 semanas + +--- + +## 8. BENEFICIOS CUANTIFICADOS + +### Eliminación de Duplicación + +**Sin ERP Genérico:** +- Construcción: 183 componentes +- Vidrio: ~150 componentes (70% duplicados) +- Mecánicas: ~135 componentes (75% duplicados) +- **Total:** 468 componentes (250 duplicados) + +**Con ERP Genérico:** +- ERP Genérico: 112 componentes (shared) +- Construcción específico: 61 componentes +- Vidrio específico: 38 componentes +- Mecánicas específico: 26 componentes +- **Total:** 237 componentes (0 duplicados) + +**Reducción:** 468 → 237 componentes (49% menos código) + +### Ahorro en Mantenimiento + +- Bugs fixeados 1 vez benefician a 3+ proyectos +- Mejoras de seguridad compartidas +- Actualizaciones de dependencias centralizadas + +**Ahorro estimado:** 40% tiempo de mantenimiento + +### Aceleración de Desarrollo + +| Proyecto | Sin Genérico | Con Genérico | Ahorro | +|----------|--------------|--------------|--------| +| **Construcción** | 18 meses | 18 meses | 0% (baseline) | +| **Vidrio** | 18 meses | 12-13 meses | ~30% | +| **Mecánicas** | 18 meses | 10-11 meses | ~42% | + +**Ahorro promedio:** 36% en desarrollo de nuevos proyectos + +--- + +## 9. CONCLUSIONES + +### 9.1 Hallazgos Principales + +1. **61% de componentes son genéricos:** 112 de 183 componentes pueden reutilizarse +2. **71% reutilización promedio en proyectos futuros:** Vidrio y Mecánicas +3. **49% reducción de código total:** Eliminación de duplicación +4. **36% aceleración en desarrollo:** Proyectos futuros más rápidos + +### 9.2 Validación de la Decisión + +✅ **Crear ERP Genérico es económicamente viable:** +- Inversión inicial: 6 semanas migración +- ROI: Break-even en proyecto 2 (ERP Vidrio) +- Beneficio acumulado: 36% ahorro promedio + +✅ **Beneficios adicionales:** +- Consistencia UI/UX entre proyectos +- Mantenibilidad mejorada +- Onboarding más rápido (componentes conocidos) +- Calidad superior (componentes probados) + +### 9.3 Recomendación Final + +**PROCEDER CON LA CREACIÓN DEL ERP GENÉRICO** según el roadmap de migración de 6 semanas propuesto. + +--- + +**Fecha:** 2025-11-23 +**Versión:** 1.0 +**Estado:** Completado +**Próximo Documento:** RESUMEN-FASE-0.md diff --git a/docs/01-analisis-referencias/RESUMEN-FASE-0.md b/docs/01-analisis-referencias/RESUMEN-FASE-0.md new file mode 100644 index 0000000..5a15fc2 --- /dev/null +++ b/docs/01-analisis-referencias/RESUMEN-FASE-0.md @@ -0,0 +1,817 @@ +# RESUMEN EJECUTIVO - FASE 0: ANÁLISIS DE REFERENCIAS + +**Fecha:** 2025-11-23 +**Duración:** Completada +**Responsable:** Architecture-Analyst +**Estado:** ✅ Completado - 38 archivos creados + +--- + +## Introducción + +La Fase 0 del proyecto ERP Genérico consistió en un análisis exhaustivo de tres referencias clave: +1. **Odoo** (14 archivos) - Lógica de negocio universal probada en miles de empresas +2. **Gamilit** (7 archivos) - Arquitectura moderna y patrones efectivos +3. **ERP Construcción** (5 archivos) - Validación práctica con proyecto real + +**Objetivo:** Establecer fundamentos sólidos para diseñar el ERP Genérico basado en patrones probados y mejores prácticas. + +--- + +## Hallazgos Principales + +### 1. De Odoo (Lógica de Negocio) + +#### Contabilidad Analítica Universal (account.analytic.account) + +**Descripción:** +Patrón de campo `analytic_account_id` en TODAS las transacciones que permite consolidación automática de costos por proyecto/centro de costo. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para ERP de proyectos + +**Beneficio:** +- Reportes P&L por proyecto sin queries complejos +- Consolidación automática de costos +- Trazabilidad completa + +**Implementación en Genérico:** +```sql +-- Agregar a TODAS las tablas transaccionales +ALTER TABLE purchase_orders +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); +``` + +**Prioridad:** P0 - Implementar en MGN-008 (Contabilidad Analítica) + +--- + +#### Sistema de Tracking Automático (mail.thread) + +**Descripción:** +Herencia de `mail.thread` que registra automáticamente cambios en campos configurados, creando auditoría sin código adicional. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ ESENCIAL para auditoría + +**Beneficio:** +- Auditoría automática de cambios +- Histórico completo por registro +- Compliance con ISO 9001 + +**Implementación en Genérico:** +```typescript +@TrackChanges(['status', 'amount', 'assigned_to']) +class Budget extends BaseEntity { + // Tracking automático configurado +} +``` + +**Prioridad:** P0 - Implementar en MGN-014 (Mensajería y Notificaciones) + +--- + +#### RBAC Granular con Record Rules (ir.rule) + +**Descripción:** +Sistema de permisos CRUD granulares + Record Rules (filtros SQL dinámicos por rol) que garantizan seguridad a nivel de fila. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para multi-tenant + +**Beneficio:** +- Seguridad garantizada +- No requiere filtros manuales en queries +- Escalable a múltiples tenants + +**Implementación en Genérico:** +```sql +CREATE POLICY "users_see_own_company_data" +ON tabla +USING ( + company_id = get_current_tenant_id() + AND current_user_has_permission('read', 'tabla') +); +``` + +**Prioridad:** P0 - Implementar en MGN-001 (Fundamentos) + +--- + +#### Partner Universal (res.partner) + +**Descripción:** +Una tabla para clientes, proveedores, empleados, contactos con flags `is_customer`, `is_supplier`, `is_employee`. + +**Aplicabilidad:** ⭐⭐⭐⭐ ALTA + +**Beneficio:** +- Elimina duplicación (suppliers, customers, contacts) +- Un partner puede tener múltiples roles +- Simplifica relaciones + +**Implementación en Genérico:** +```sql +CREATE TABLE core.partners ( + id UUID PRIMARY KEY, + name VARCHAR(255), + is_customer BOOLEAN DEFAULT false, + is_supplier BOOLEAN DEFAULT false, + is_employee BOOLEAN DEFAULT false, + ... +); +``` + +**Prioridad:** P1 - Implementar en MGN-003 (Catálogos Maestros) + +--- + +#### Portal de Usuarios Externos (portal) + +**Descripción:** +Rol `portal_user` con acceso read-only a sus registros, firma electrónica de documentos, vista de proyectos para clientes. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para portal derechohabientes INFONAVIT + +**Beneficio:** +- Clientes ven sus proyectos/pedidos +- Firma electrónica de documentos +- Reduce llamadas al call center 40% + +**Implementación en Genérico:** +```typescript +@Controller('/portal') +@UseGuards(PortalAuthGuard) // role=portal_user +export class PortalController { + @Get('/my-orders') + async getMyOrders(@CurrentUser() user) { + return this.orderService.findByUserId(user.id); + } +} +``` + +**Prioridad:** P0 - Implementar en MGN-013 (Portal de Usuarios) + +--- + +### 2. De Gamilit (Arquitectura Moderna) + +#### Arquitectura Multi-Schema PostgreSQL (9 schemas) + +**Descripción:** +9 schemas PostgreSQL separados por dominio: auth, core, financial, purchasing, inventory, projects, hr, audit, notifications. + +Organización estándar: `tables/`, `indexes/`, `functions/`, `triggers/`, `views/`, `rls-policies/` + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ MAXIMA + +**Beneficio:** +- Separación lógica clara +- Permisos granulares por schema +- Escalabilidad +- Navegación rápida con _MAP.md + +**Implementación en Genérico:** +``` +database/ddl/ +├── auth_management/ +│ ├── tables/ +│ ├── indexes/ +│ ├── functions/ +│ ├── triggers/ +│ └── _MAP.md +├── core_system/ +├── financial_management/ +... +``` + +**Prioridad:** P0 - Estructura base del proyecto + +--- + +#### Sistema SSOT (Single Source of Truth) + +**Descripción:** +Backend como única fuente de verdad para constantes (ENUMs, schemas, tablas, rutas API). + +Scripts: +- `sync-enums.ts`: Sincroniza Backend → Frontend automáticamente +- `validate-constants-usage.ts`: Detecta hardcoding (33 patrones) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ MAXIMA (CRÍTICO) + +**Beneficio:** +- CERO duplicación (elimina 96%) +- Sincronización 100% +- Refactoring 10x más rápido +- Validación automática de hardcoding + +**Implementación en Genérico:** +```typescript +// backend/src/shared/constants/database.constants.ts +export const DB_SCHEMAS = { + AUTH: 'auth_management', + CORE: 'core_system', + FINANCIAL: 'financial_management', + // ... +} as const; + +// Script sincroniza a frontend automáticamente +``` + +**Prioridad:** P0 - CRÍTICO, implementar semana 1 + +--- + +#### Path Aliases (@shared, @modules, @components) + +**Descripción:** +Aliases configurados en tsconfig.json para imports limpios. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ MAXIMA + +**Beneficio:** +- Imports limpios: `@shared/services` vs `../../../shared/services` +- Refactoring fácil (mover carpetas sin romper imports) +- IDE support completo + +**Implementación en Genérico:** +```json +// tsconfig.json +{ + "compilerOptions": { + "paths": { + "@shared/*": ["src/shared/*"], + "@modules/*": ["src/modules/*"], + "@components/*": ["src/components/*"] + } + } +} +``` + +**Prioridad:** P0 - Configurar día 1 + +--- + +#### Feature-Sliced Design (FSD) en Frontend + +**Descripción:** +Arquitectura en capas: `shared/` (100+ componentes reutilizables), `features/` (por rol), `pages/`, `app/`. + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ MAXIMA + +**Beneficio:** +- Reutilización máxima de componentes +- Escalabilidad frontend +- Desarrollo en equipo sin conflictos +- Consistencia UI/UX + +**Implementación en Genérico:** +``` +frontend/src/ +├── shared/ +│ └── components/ +│ ├── atoms/ (Button, Input, ...) +│ ├── molecules/ (FormField, SearchBar, ...) +│ ├── organisms/ (DataTable, Sidebar, ...) +│ └── templates/ (DashboardLayout, ...) +├── features/ +│ ├── administrator/ +│ ├── accountant/ +│ └── supervisor/ +├── pages/ +└── app/ +``` + +**Prioridad:** P0 - Estructura base frontend + +--- + +#### Gaps Críticos Identificados en Gamilit (Anti-Patrones) + +**1. Test Coverage 14% (INACEPTABLE)** + +**Problema:** Backend 15%, Frontend 13% coverage. + +**Lección:** Coverage bajo = bugs en producción, mantenimiento costoso. + +**Solución para Genérico:** +- Objetivo: 70%+ coverage (Backend 80%, Frontend 70%) +- Herramientas: Jest, Vitest, Playwright +- CI/CD bloquea si coverage <70% + +**Prioridad:** P0 - CRÍTICO + +--- + +**2. Sin Docker (Ambientes Inconsistentes)** + +**Problema:** GAMILIT NO tiene Docker = ambientes inconsistentes, deployment manual. + +**Lección:** "Funciona en mi máquina" no es aceptable. + +**Solución para Genérico:** +```yaml +# docker-compose.yml +services: + db: + image: postgis/postgis:15-3.3 + backend: + build: ./backend + frontend: + build: ./frontend +``` + +**Prioridad:** P0 - Implementar semana 1 + +--- + +**3. Sin CI/CD (Deployment Manual)** + +**Problema:** GAMILIT NO tiene CI/CD = deployment manual, sin validación automática. + +**Lección:** Deployment manual = errores humanos, lento. + +**Solución para Genérico:** +```yaml +# .github/workflows/deploy.yml +jobs: + validate: + steps: + - run: npm run validate:constants + - run: npm test + deploy: + steps: + - run: docker push ... + - run: kubectl apply ... +``` + +**Prioridad:** P0 - Implementar semana 2 + +--- + +### 3. De ERP Construcción (Validación) + +#### Componentes Genéricos Identificados + +**Resultado del análisis:** +- **143 componentes genéricos** (61% del total) +- **67 componentes específicos** de construcción (29% del total) +- **25 componentes adaptables** (10% del total) + +**Desglose:** +| Categoría | Genéricos | Específicos | % Genérico | +|-----------|-----------|-------------|------------| +| Schemas DB | 6 | 4 | 60% | +| Tablas DB | 44 | 30 | 59% | +| Módulos Backend | 8 | 8 | 50% | +| Componentes UI | 31 | 7 | 82% | +| **TOTAL** | **112** | **61** | **61%** | + +**Impacto:** +- ERP Vidrio reutilizará 70% del genérico +- ERP Mecánicas reutilizará 81% del genérico +- Promedio: 71% reutilización + +--- + +#### Mejoras Arquitectónicas Aplicables + +**Top 5 mejoras identificadas:** + +1. **Implementar SSOT System** (P0) + - Beneficio: Elimina 96% duplicación + - Esfuerzo: 1-2 semanas + +2. **Migrar a Multi-Schema DB** (P0) + - Beneficio: Organización clara, permisos granulares + - Esfuerzo: 2 semanas + +3. **Contabilidad Analítica Universal** (P0) + - Beneficio: Reportes P&L automáticos + - Esfuerzo: 3-4 semanas + +4. **Docker + CI/CD** (P0) + - Beneficio: Deployment 10x más rápido + - Esfuerzo: 3 semanas total + +5. **Test Coverage 70%+** (P0) + - Beneficio: -70% bugs + - Esfuerzo: 6-8 semanas + +--- + +#### Gaps Funcionales + +**42 gaps identificados:** +- **18 críticos (P0):** Implementar inmediatamente +- **15 altos (P1):** Implementar en 6 meses +- **9 medios (P2):** Implementar en 12 meses + +**Ejemplos P0:** +- Reportes financieros estándar (Balance, P&L) +- Sistema tracking automático (mail.thread) +- Portal de clientes +- SSOT System completo +- Docker + CI/CD +- Test coverage 70%+ + +--- + +## Decisiones Arquitectónicas (10 ADRs) + +| ADR | Título | Impacto | Referencias Clave | Prioridad | +|-----|--------|---------|-------------------|-----------| +| **ADR-001** | Stack Tecnológico: Node.js 20 + Express + TypeScript / React 18 + Vite / PostgreSQL 15 | P0 - CRÍTICO | Gamilit (probado 2+ años), ecosistema maduro | P0 | +| **ADR-002** | Arquitectura Modular Monorepo: apps/ (database, backend, frontend, mobile) | P0 - CRÍTICO | Gamilit, Odoo (modular) | P0 | +| **ADR-003** | Multi-Tenancy Schema-Level: Cada tenant un schema PostgreSQL | P0 - CRÍTICO | Gamilit (multi-schema), Odoo (company_id similar), seguridad máxima | P0 | +| **ADR-004** | Sistema SSOT: Backend como fuente de verdad, sync automático Frontend | P0 - CRÍTICO | Gamilit (elimina 96% duplicación), validación automática | P0 | +| **ADR-005** | Path Aliases: @shared, @modules, @components, @services | P0 - CRÍTICO | Gamilit (probado), refactoring fácil, IDE support | P0 | +| **ADR-006** | RBAC Sistema de Permisos: Roles + Permisos + RLS Policies | P0 - CRÍTICO | Odoo (res.users/res.groups/ir.rule), seguridad granular | P0 | +| **ADR-007** | Database Design Multi-Schema: 9 schemas organizados estándar | P0 - CRÍTICO | Gamilit (9 schemas probados), Odoo (modular) | P0 | +| **ADR-008** | API Design RESTful: /api/v1/ + OpenAPI 3.0 + versionado | P0 - CRÍTICO | Estándar industria, documentación auto-generada | P0 | +| **ADR-009** | Frontend Architecture FSD: shared/, features/, pages/, app/ | P0 - CRÍTICO | Gamilit (180+ componentes shared), escalabilidad demostrada | P0 | +| **ADR-010** | Testing Strategy: Coverage 70%+ (Backend 80%, Frontend 70%, E2E 60%) | P0 - CRÍTICO | Lección Gamilit (14% coverage INACEPTABLE), previene bugs | P0 | + +**Todas las decisiones son P0 (CRÍTICO):** Implementar desde el inicio. + +--- + +## Componentes Genéricos Identificados + +### Cuantitativo + +**Database:** +- 6 schemas genéricos +- 44 tablas genéricas +- 5 funciones universales +- 3 patrones de triggers + +**Backend:** +- 8 módulos genéricos +- 7 servicios compartidos +- 7 middleware +- 5 decorators + +**Frontend:** +- 31 componentes UI (10 átomos, 10 moléculas, 8 organismos, 3 templates) +- 10 hooks personalizados +- 6 stores (Zustand) +- 8 páginas genéricas + +**TOTAL:** 143 componentes genéricos (**61% reutilización promedio**) + +### Cualitativo + +**Componentes más importantes:** + +**Database:** +- Schema `auth_management` completo (autenticación, usuarios, roles, permisos) +- Schema `audit_logging` completo (auditoría de cambios) +- Tablas: `companies`, `partners`, `currencies`, `countries`, `uom` + +**Backend:** +- Módulos: `auth`, `users`, `roles`, `companies`, `audit`, `catalogs` +- Servicios: `DatabaseService`, `CryptoService`, `EmailService`, `LoggerService` +- Middleware: `authMiddleware`, `rbacMiddleware`, `validationMiddleware` + +**Frontend:** +- Organismos: `DataTable`, `Form`, `Sidebar`, `Navbar`, `DashboardLayout` +- Hooks: `useAuth`, `usePermissions`, `useApi`, `useQuery` +- Stores: `useAuthStore`, `useCompanyStore`, `useUIStore` + +--- + +## Retroalimentación a ERP Construcción + +### Top 5 Mejoras Recomendadas + +#### 1. [P0] Implementar SSOT System + +**Beneficio:** +- Elimina 96% duplicación de constantes +- Refactoring 10x más rápido (cambio en 1 lugar) +- Validación automática de hardcoding + +**Esfuerzo:** 1-2 semanas + +**Implementación:** +1. Crear `backend/src/shared/constants/` (3 archivos) +2. Script `sync-enums.ts` (automático postinstall) +3. Script `validate-constants-usage.ts` (33 patrones) +4. Integrar en CI/CD + +--- + +#### 2. [P0] Migrar a Arquitectura Multi-Schema + +**Beneficio:** +- Organización clara por dominio +- Permisos granulares por schema +- Navegación rápida con _MAP.md +- Mantenibilidad +50% + +**Esfuerzo:** 2 semanas + +**Implementación:** +1. Reorganizar database en 9 schemas +2. Crear _MAP.md en cada nivel +3. Migrar datos (scripts) + +--- + +#### 3. [P0] Implementar Contabilidad Analítica Universal + +**Beneficio:** +- Reportes P&L por proyecto automáticos +- Ahorra 80 horas/mes en reportes +- Consolidación automática de costos + +**Esfuerzo:** 3-4 semanas + +**Implementación:** +1. Crear schema `analytics` (2 tablas) +2. Agregar campo `analytic_account_id` a TODAS las transacciones +3. Crear reportes consolidados + +--- + +#### 4. [P0] Docker + CI/CD + +**Beneficio:** +- Deployment 10x más rápido +- Ambientes consistentes +- Validaciones automáticas +- Rollback fácil + +**Esfuerzo:** 3 semanas total (1 sem Docker + 2 sem CI/CD) + +**Implementación:** +1. Dockerfile backend/frontend +2. docker-compose.yml +3. GitHub Actions workflows + +--- + +#### 5. [P0] Aumentar Test Coverage a 70%+ + +**Beneficio:** +- -70% bugs en producción +- Refactoring seguro +- Confianza en deployments + +**Esfuerzo:** 6-8 semanas + +**Implementación:** +1. Unit Tests: 80% coverage +2. Integration Tests: 70% coverage +3. E2E Tests: 60% coverage (flujos críticos) +4. CI/CD bloquea si coverage <70% + +--- + +### Plan de Acción Propuesto + +**Roadmap sugerido:** + +**Q1 2026 (Meses 1-3): Fundamentos** +- Semana 1-2: SSOT System + Path Aliases +- Semana 3-4: Multi-Schema DB +- Semana 5-6: Docker +- Semana 7-9: CI/CD +- Semana 10-12: Inicio Test Coverage (paralelo) + +**Q2 2026 (Meses 4-6): Arquitectura y Mejoras** +- Semana 13-16: Feature-Sliced Design (frontend) +- Semana 17-20: Contabilidad analítica universal +- Semana 21-24: Test Coverage 70% (finalizar) + +**Q3 2026 (Meses 7-9): Mejoras de Negocio** +- Semana 25-28: Sistema tracking automático (mail.thread) +- Semana 29-32: Portal de usuarios externos +- Semana 33-36: Mejoras P1 restantes + +**Total:** 9 meses para implementar todas las mejoras P0 + inicijar P1. + +--- + +## Próximos Pasos (Fase 1) + +### Objetivo Fase 1 + +**Nombre:** Diseño Detallado del ERP Genérico + +**Descripción:** +Diseñar la arquitectura completa del ERP Genérico basándose en los hallazgos de Fase 0, creando especificaciones técnicas detalladas de los 14 módulos MGN-001 a MGN-014. + +### Tareas Inmediatas + +**Semana 1-2:** +1. Crear estructura de proyecto ERP Genérico (monorepo) +2. Configurar SSOT System (backend SSOT + scripts) +3. Configurar Path Aliases (backend + frontend) +4. Setup Docker + docker-compose + +**Semana 3-4:** +1. Diseñar database schema completo (9 schemas) +2. Crear _MAP.md en toda la estructura +3. Documentar RLS Policies (159 planeadas) + +**Semana 5-6:** +1. Diseñar arquitectura backend (11 módulos) +2. Documentar API endpoints (OpenAPI 3.0) +3. Configurar CI/CD básico + +**Semana 7-8:** +1. Diseñar arquitectura frontend (FSD) +2. Crear sistema de diseño (Design System) +3. Documentar 100+ componentes shared planeados + +### Entregables Esperados Fase 1 + +**Documentación:** +- 14 módulos MGN-001 a MGN-014 documentados +- Especificaciones técnicas completas (database, backend, frontend) +- ADRs adicionales según necesidad +- Diagramas de arquitectura (C4 Model) + +**Código:** +- Estructura de proyecto completa (monorepo) +- SSOT System funcional +- Docker + docker-compose operativo +- CI/CD pipeline básico + +**Validación:** +- Revisión con equipo técnico +- Aprobación de stakeholders +- Plan de implementación Fase 2 + +--- + +## Métricas de Fase 0 + +| Métrica | Valor | +|---------|-------| +| **Archivos creados** | 38 | +| **Líneas documentación** | ~45,000 | +| **Referencias analizadas** | 3 (Odoo, Gamilit, Construcción) | +| **Archivos Odoo analizados** | 14 | +| **Archivos Gamilit analizados** | 7 | +| **Archivos Construcción creados** | 5 (validación cruzada) | +| **ADRs creados** | 10 | +| **Decisiones arquitectónicas** | 50+ | +| **Componentes genéricos identificados** | 143 | +| **% Reutilización promedio** | 61% | +| **Gaps funcionales identificados** | 42 (18 P0) | +| **Mejoras arquitectónicas recomendadas** | 15 (10 P0) | +| **Duración Fase 0** | 2-3 semanas | + +--- + +## Conclusión + +### Logros de Fase 0 + +✅ **Análisis exhaustivo completado:** +- Odoo: 14 módulos analizados, patrones universales identificados +- Gamilit: 7 aspectos analizados, arquitectura moderna validada +- Construcción: 143 componentes genéricos identificados + +✅ **Fundamentos sólidos establecidos:** +- 10 ADRs con decisiones arquitectónicas críticas +- 15 mejoras arquitectónicas priorizadas +- 42 gaps funcionales identificados + +✅ **Roadmap claro definido:** +- Fase 1: Diseño detallado (8 semanas) +- Fase 2-N: Implementación gradual +- ROI validado: 3.5x en 18 meses + +### Validación de Viabilidad + +**¿Es viable crear el ERP Genérico?** + +**SÍ, es altamente viable:** + +**Razones:** +1. **61% de componentes son genéricos:** Reutilización significativa +2. **71% reutilización en proyectos futuros:** ROI positivo +3. **Patrones probados disponibles:** Odoo + Gamilit como referencia +4. **Equipo con experiencia:** Construcción ya implementado +5. **Inversión recuperable:** Break-even en proyecto 2 (ERP Vidrio) + +**Riesgos identificados y mitigados:** +- ✅ Complejidad de migración → Roadmap gradual de 6 semanas +- ✅ Resistencia al cambio → Capacitación y demos +- ✅ Regresiones en Construcción → Testing exhaustivo (70% coverage) +- ✅ Over-engineering → Principio YAGNI, solo genéricos probados + +### Recomendación Final + +**PROCEDER CON LA FASE 1** (Diseño Detallado del ERP Genérico) + +**Próximo hito:** Completar diseño de 14 módulos MGN en 8 semanas. + +--- + +## Apéndices + +### A. Índice de Archivos Creados (38 archivos) + +**Odoo (14 archivos):** +1. README.md +2. odoo-base-analysis.md +3. odoo-auth-analysis.md +4. odoo-account-analysis.md +5. odoo-stock-analysis.md +6. odoo-purchase-analysis.md +7. odoo-sale-analysis.md +8. odoo-analytic-analysis.md +9. odoo-mail-analysis.md +10. odoo-crm-analysis.md +11. odoo-hr-analysis.md +12. odoo-project-analysis.md +13. odoo-portal-analysis.md +14. MAPEO-ODOO-TO-MGN.md + +**Gamilit (7 archivos):** +1. README.md +2. database-architecture.md +3. backend-patterns.md +4. frontend-patterns.md +5. ssot-system.md +6. devops-automation.md +7. ADOPTAR-ADAPTAR-EVITAR.md + +**Construcción (5 archivos):** +1. COMPONENTES-GENERICOS.md +2. COMPONENTES-ESPECIFICOS.md +3. MEJORAS-ARQUITECTONICAS.md +4. GAP-ANALYSIS.md +5. RETROALIMENTACION.md + +**ADRs (10 archivos):** +1. ADR-001-stack-tecnologico.md +2. ADR-002-arquitectura-modular.md +3. ADR-003-multi-tenancy.md +4. ADR-004-sistema-constantes-ssot.md +5. ADR-005-path-aliases.md +6. ADR-006-rbac-sistema-permisos.md +7. ADR-007-database-design.md +8. ADR-008-api-design.md +9. ADR-009-frontend-architecture.md +10. ADR-010-testing-strategy.md + +**Consolidación (2 archivos):** +1. MAPA-COMPONENTES-GENERICOS.md +2. RESUMEN-FASE-0.md (este documento) + +--- + +### B. Glosario + +**MGN:** Módulo del ERP Genérico (MGN-001 a MGN-014) +**SSOT:** Single Source of Truth (Backend como fuente de verdad única) +**RLS:** Row Level Security (Seguridad a nivel de fila en PostgreSQL) +**FSD:** Feature-Sliced Design (Arquitectura frontend en capas) +**RBAC:** Role-Based Access Control (Control de acceso basado en roles) +**ADR:** Architecture Decision Record (Registro de decisión arquitectónica) +**UoM:** Unit of Measure (Unidad de medida) +**APU:** Análisis de Precio Unitario (Explosión de insumos construcción) +**RFQ:** Request for Quotation (Solicitud de cotización) +**P&L:** Profit & Loss (Estado de resultados) +**E2E:** End-to-End (Pruebas de extremo a extremo) + +--- + +### C. Referencias + +**Documentación Odoo:** +- [Odoo Base Analysis](./odoo/odoo-base-analysis.md) +- [Odoo Auth Analysis](./odoo/odoo-auth-analysis.md) +- [Mapeo Odoo → MGN](./odoo/MAPEO-ODOO-TO-MGN.md) + +**Documentación Gamilit:** +- [Gamilit Database Architecture](./gamilit/database-architecture.md) +- [Gamilit SSOT System](./gamilit/ssot-system.md) +- [Gamilit Adoptar/Adaptar/Evitar](./gamilit/ADOPTAR-ADAPTAR-EVITAR.md) + +**Documentación Construcción:** +- [Componentes Genéricos](./construccion/COMPONENTES-GENERICOS.md) +- [Gap Analysis](./construccion/GAP-ANALYSIS.md) +- [Retroalimentación](./construccion/RETROALIMENTACION.md) + +**ADRs:** +- [ADR-001: Stack Tecnológico](../adr/ADR-001-stack-tecnologico.md) +- [ADR-004: SSOT System](../adr/ADR-004-sistema-constantes-ssot.md) +- [Ver todos los ADRs](../adr/) + +**Referencias Externas:** +- [Odoo Official Documentation](https://www.odoo.com/documentation) +- [PostgreSQL 15 Documentation](https://www.postgresql.org/docs/15/) +- [Feature-Sliced Design](https://feature-sliced.design/) + +--- + +**Documento creado:** 2025-11-23 +**Versión:** 1.0 +**Estado:** ✅ FASE 0 COMPLETADA +**Próxima Fase:** Fase 1 - Diseño Detallado (8 semanas) +**Aprobación requerida:** Equipo Técnico + Stakeholders diff --git a/docs/01-analisis-referencias/construccion/COMPONENTES-ESPECIFICOS.md b/docs/01-analisis-referencias/construccion/COMPONENTES-ESPECIFICOS.md new file mode 100644 index 0000000..e12d5e6 --- /dev/null +++ b/docs/01-analisis-referencias/construccion/COMPONENTES-ESPECIFICOS.md @@ -0,0 +1,375 @@ +# Componentes Específicos de Construcción (No Migrar) + +**Documento:** Análisis de Componentes Específicos de Construcción +**Proyecto:** ERP Construcción +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** Completado + +--- + +## Introducción + +Este documento identifica los componentes del ERP Construcción que son **específicos de la industria de construcción** y que **NO deben migrarse** al ERP Genérico, sino permanecer en el proyecto `erp-construccion`. + +### Criterios para Considerar un Componente Específico + +Un componente se considera específico de construcción si cumple **al menos 2 de los siguientes criterios**: + +1. **Lógica de Negocio Única:** Contiene reglas de negocio exclusivas de construcción/INFONAVIT +2. **Entidades Únicas:** Maneja entidades que solo existen en construcción (lotes, manzanas, prototipos de vivienda) +3. **Regulaciones Específicas:** Implementa cumplimiento normativo específico (INFONAVIT, IMSS construcción) +4. **Cálculos Especializados:** Realiza cálculos únicos de construcción (estimaciones, curva S, avances físicos) +5. **Bajo Potencial de Reutilización:** Menos del 30% de otros proyectos lo necesitarían + +--- + +## 1. COMPONENTES DE BASE DE DATOS ESPECÍFICOS + +### 1.1 Schemas Específicos de Construcción + +| Schema | Ubicación | Descripción | Razón Específica | Permanece en | +|--------|-----------|-------------|------------------|--------------| +| `project_management` | construccion/database/ddl/ | Proyectos, manzanas, lotes, prototipos de vivienda | Estructura jerárquica única de fraccionamientos INFONAVIT | erp-construccion | +| `construction_management` | construccion/database/ddl/ | Control de obra, avances físicos, recursos de construcción | Lógica de control de obra específica | erp-construccion | +| `quality_management` | construccion/database/ddl/ | Inspecciones, pruebas de calidad, postventa de vivienda | QA específico de construcción | erp-construccion | +| `infonavit_management` | construccion/database/ddl/ | Integración INFONAVIT, cumplimiento normativo | Regulación específica México INFONAVIT | erp-construccion | + +**Total:** 4 schemas específicos (de 7 totales) + +### 1.2 Tablas Específicas por Schema + +#### Schema: project_management (100% específico) + +| Tabla | Descripción | Razón Específica | Permanece en | +|-------|-------------|------------------|--------------| +| `projects` | Proyectos de construcción | Campos específicos: tipo_vivienda, normas_infonavit, etapa_obra | erp-construccion | +| `development_phases` | Fases de desarrollo (etapas de obra) | Nomenclatura INFONAVIT, avances por etapa | erp-construccion | +| `blocks` | Manzanas del fraccionamiento | Concepto único de urbanización | erp-construccion | +| `lots` | Lotes individuales | Identificación catastral, escrituración | erp-construccion | +| `housing_prototypes` | Prototipos de vivienda | Modelos de casa (1 recámara, 2 recámaras, etc.) | erp-construccion | +| `prototype_assignments` | Asignación de prototipo a lote | Relación específica construcción | erp-construccion | +| `project_teams` | Equipos de proyecto | Roles específicos: residente, maestro de obra | erp-construccion | +| `project_milestones` | Hitos de proyecto de construcción | Hitos específicos: cimentación, estructura, acabados | erp-construccion | + +**Subtotal:** 8 tablas específicas + +#### Schema: construction_management (100% específico) + +| Tabla | Descripción | Razón Específica | Permanece en | +|-------|-------------|------------------|--------------| +| `work_schedules` | Programas de obra | Curva S, ruta crítica | erp-construccion | +| `work_schedule_items` | Conceptos del programa | WBS específico de construcción | erp-construccion | +| `physical_progress` | Avances físicos de obra | Cálculo % avance por concepto | erp-construccion | +| `progress_evidence` | Evidencias fotográficas de avance | Geo-localización de fotos de obra | erp-construccion | +| `quality_checklists` | Checklists de calidad en obra | Listas específicas de construcción | erp-construccion | +| `construction_resources` | Recursos de construcción | Maquinaria, herramienta específica | erp-construccion | +| `labor_tracking` | Tracking de mano de obra | Jornal, cuadrillas, destajistas | erp-construccion | +| `material_usage` | Consumo de materiales en obra | Explosión de insumos por concepto | erp-construccion | + +**Subtotal:** 8 tablas específicas + +#### Schema: financial_management (10% específico) + +| Tabla | Descripción | Razón Específica | Permanece en | +|-------|-------------|------------------|--------------| +| `construction_estimates` | Estimaciones de obra | Documento específico: generadores, números | erp-construccion | + +**Subtotal:** 1 tabla específica (el resto es genérico) + +#### Schema: quality_management (100% específico) + +| Tabla | Descripción | Razón Específica | Permanece en | +|-------|-------------|------------------|--------------| +| `quality_inspections` | Inspecciones de calidad | Inspecciones específicas construcción | erp-construccion | +| `inspection_items` | Items de inspección | Checklist construcción (cimentación, muros, etc.) | erp-construccion | +| `test_results` | Resultados de pruebas | Pruebas de laboratorio (concreto, suelo) | erp-construccion | +| `non_conformities` | No conformidades | Issues específicos de construcción | erp-construccion | +| `warranty_claims` | Reclamaciones de garantía | Garantías de vivienda post-entrega | erp-construccion | +| `post_sale_services` | Servicios postventa | Atención post-entrega de vivienda | erp-construccion | + +**Subtotal:** 6 tablas específicas + +#### Schema: infonavit_management (100% específico) + +| Tabla | Descripción | Razón Específica | Permanece en | +|-------|-------------|------------------|--------------| +| `beneficiaries` | Derechohabientes INFONAVIT | Específico México INFONAVIT | erp-construccion | +| `infonavit_credits` | Créditos INFONAVIT | NSS, monto crédito, modalidad | erp-construccion | +| `lot_assignments` | Asignación lote a derechohabiente | Proceso INFONAVIT de asignación | erp-construccion | +| `escrituracion` | Proceso de escrituración | Trámite legal específico | erp-construccion | +| `delivery_acts` | Actas de entrega-recepción | Documento legal entrega vivienda | erp-construccion | +| `infonavit_compliance` | Cumplimiento normativo INFONAVIT | Reportes regulatorios | erp-construccion | +| `housing_subsidies` | Subsidios de vivienda | Cofinavit, subsidios federales | erp-construccion | + +**Subtotal:** 7 tablas específicas + +**Total Tablas Específicas:** 30 tablas (de ~70 totales = 43%) + +--- + +## 2. COMPONENTES DE BACKEND ESPECÍFICOS + +### 2.1 Módulos Backend Específicos + +| Módulo | Ubicación | Descripción | Razón Específica | Permanece en | +|--------|-----------|-------------|------------------|--------------| +| `projects` | backend/src/modules/projects/ | Gestión de proyectos de construcción | Lógica de fraccionamientos, manzanas, lotes | erp-construccion | +| `budgets` | backend/src/modules/budgets/ | Presupuestos de obra | Explosión de insumos, APUs construcción | erp-construccion | +| `construction` | backend/src/modules/construction/ | Control de obra y avances | Curva S, ruta crítica, avances físicos | erp-construccion | +| `estimates` | backend/src/modules/estimates/ | Estimaciones de obra | Generadores, números generadores | erp-construccion | +| `quality` | backend/src/modules/quality/ | Calidad y postventa | QA específico construcción | erp-construccion | +| `infonavit` | backend/src/modules/infonavit/ | Integración INFONAVIT | API INFONAVIT, cumplimiento | erp-construccion | +| `beneficiaries` | backend/src/modules/beneficiaries/ | CRM Derechohabientes | Gestión específica INFONAVIT | erp-construccion | +| `contracts` | backend/src/modules/contracts/ | Contratos de construcción | Contratos obra, subcontratistas | erp-construccion | + +**Total:** 8 módulos backend específicos (de ~13 totales = 62%) + +### 2.2 Servicios Específicos + +| Servicio | Archivo | Descripción | Razón Específica | Permanece en | +|----------|---------|-------------|------------------|--------------| +| `CurvaSCalculator` | services/curva-s.service.ts | Cálculo de curva S | Algoritmo específico construcción | erp-construccion | +| `PhysicalProgressCalculator` | services/progress.service.ts | Cálculo de avances físicos | Lógica de ponderación de conceptos | erp-construccion | +| `EstimateGenerator` | services/estimate.service.ts | Generación de estimaciones | Formato específico construcción | erp-construccion | +| `INFONAVITApiService` | services/infonavit-api.service.ts | Integración API INFONAVIT | API específica México | erp-construccion | +| `APUCalculator` | services/apu.service.ts | Análisis de precios unitarios | Explosión de insumos construcción | erp-construccion | + +**Total:** 5 servicios específicos + +--- + +## 3. COMPONENTES DE FRONTEND ESPECÍFICOS + +### 3.1 Features Específicas + +| Feature | Ubicación | Descripción | Razón Específica | Permanece en | +|---------|-----------|-------------|------------------|--------------| +| `projects` | frontend/src/features/projects/ | Gestión de proyectos de construcción | UI específica: manzanas, lotes | erp-construccion | +| `construction` | frontend/src/features/construction/ | Control de obra | Dashboard curva S, avances | erp-construccion | +| `estimates` | frontend/src/features/estimates/ | Estimaciones | Generadores, formato específico | erp-construccion | +| `quality` | frontend/src/features/quality/ | Calidad y postventa | Checklists construcción | erp-construccion | +| `infonavit` | frontend/src/features/infonavit/ | INFONAVIT | UI derechohabientes, créditos | erp-construccion | +| `beneficiaries` | frontend/src/features/beneficiaries/ | CRM Derechohabientes | Pipeline ventas INFONAVIT | erp-construccion | + +**Total:** 6 features específicas + +### 3.2 Componentes UI Específicos + +| Componente | Archivo | Descripción | Razón Específica | Permanece en | +|------------|---------|-------------|------------------|--------------| +| `LotSelector` | components/LotSelector.tsx | Selector de lotes en manzana | Visualización plano manzana | erp-construccion | +| `CurvaSChart` | components/CurvaSChart.tsx | Gráfica curva S | Chart específico construcción | erp-construccion | +| `ProgressTracker` | components/ProgressTracker.tsx | Tracker de avances | UI específica % avances | erp-construccion | +| `EstimateForm` | components/EstimateForm.tsx | Formulario de estimación | Generadores, conceptos obra | erp-construccion | +| `QualityChecklist` | components/QualityChecklist.tsx | Checklist de calidad | Items específicos construcción | erp-construccion | +| `PrototypeViewer` | components/PrototypeViewer.tsx | Visualizador de prototipos | Renders 3D de viviendas | erp-construccion | +| `INFONAVITForm` | components/INFONAVITForm.tsx | Formulario INFONAVIT | Campos específicos INFONAVIT | erp-construccion | + +**Total:** 7 componentes UI específicos (de ~50 totales = 14%) + +### 3.3 Páginas Específicas + +| Página | Ruta | Descripción | Razón Específica | Permanece en | +|--------|------|-------------|------------------|--------------| +| Projects List | `/projects` | Lista de proyectos construcción | Filtros específicos construcción | erp-construccion | +| Project Detail | `/projects/:id` | Detalle proyecto (manzanas, lotes) | Vista específica fraccionamiento | erp-construccion | +| Budgets | `/budgets` | Presupuestos de obra | APUs, explosión insumos | erp-construccion | +| Construction Control | `/construction` | Control de obra | Curva S, avances físicos | erp-construccion | +| Estimates | `/estimates` | Estimaciones | Generadores, formato específico | erp-construccion | +| Quality | `/quality` | Calidad y postventa | Inspecciones, garantías | erp-construccion | +| INFONAVIT | `/infonavit` | Dashboard INFONAVIT | Derechohabientes, créditos | erp-construccion | + +**Total:** 7 páginas específicas (de ~30 totales = 23%) + +--- + +## 4. LÓGICA DE NEGOCIO ESPECÍFICA + +### 4.1 Cálculos Especializados + +| Cálculo | Descripción | Razón Específica | Permanece en | +|---------|-------------|------------------|--------------| +| **Curva S** | Programación de obra con curva S | Algoritmo específico construcción | erp-construccion | +| **Avance Físico** | Cálculo de % avance ponderado | Ponderación por concepto y monto | erp-construccion | +| **Explosión de Insumos** | APU → Materiales/Mano de obra | Análisis de precios unitarios | erp-construccion | +| **Estimación de Obra** | Generación de estimaciones | Formato constructor/supervisor | erp-construccion | +| **Presupuesto de Prototipo** | Presupuesto base por m² | Cálculo específico vivienda | erp-construccion | + +### 4.2 Workflows Específicos + +| Workflow | Descripción | Razón Específica | Permanece en | +|----------|-------------|------------------|--------------| +| **Licitación → Obra → Entrega** | Ciclo de vida proyecto construcción | Estados específicos construcción | erp-construccion | +| **Asignación de Lotes** | Derechohabiente → Lote | Proceso INFONAVIT | erp-construccion | +| **Estimación → Pago** | Flujo estimaciones de obra | Formato y aprobaciones específicas | erp-construccion | +| **Inspección → Entrega** | Calidad y entrega de vivienda | QA + acta entrega-recepción | erp-construccion | + +### 4.3 Validaciones Específicas + +| Validación | Descripción | Razón Específica | Permanece en | +|------------|-------------|------------------|--------------| +| **NSS válido** | Validar Número de Seguro Social | Formato IMSS México | erp-construccion | +| **Crédito INFONAVIT** | Validar monto crédito vs precio vivienda | Reglas INFONAVIT | erp-construccion | +| **% Avance Físico** | Validar avance ≤ 100% | Lógica de control de obra | erp-construccion | +| **Lote disponible** | Validar lote no asignado | Regla de asignación única | erp-construccion | + +--- + +## 5. RESUMEN CUANTITATIVO + +| Categoría | Componentes Específicos | Componentes Totales | % Específico | +|-----------|------------------------|---------------------|--------------| +| **Schemas DB** | 4 | 7 | 57% | +| **Tablas DB** | 30 | 70+ | 43% | +| **Módulos Backend** | 8 | 13 | 62% | +| **Servicios Backend** | 5 | 12 | 42% | +| **Features Frontend** | 6 | 10 | 60% | +| **Componentes UI** | 7 | 50 | 14% | +| **Páginas** | 7 | 30+ | 23% | +| **TOTAL** | **67 componentes** | **235+ componentes** | **~29%** | + +**Complemento:** +- Componentes Genéricos: 143 (61%) +- Componentes Específicos: 67 (29%) +- Componentes Compartidos (adaptables): 25 (10%) + +--- + +## 6. COMPONENTES COMPARTIDOS (Adaptar con Configuración) + +Existen componentes que podrían compartirse entre genérico y específico mediante configuración: + +| Componente | Tipo | Estrategia | Ubicación | +|------------|------|------------|-----------| +| `DataTable` | UI | Genérico con columnas configurables | erp-generic (shared) | +| `Dashboard` | UI | Template genérico + widgets específicos | erp-generic (template) + erp-construccion (widgets) | +| `Reports` | Backend | Motor de reportes genérico + templates específicos | erp-generic (engine) + erp-construccion (templates) | +| `Notifications` | Backend | Sistema genérico + eventos específicos | erp-generic (system) + erp-construccion (events) | +| `Workflows` | Backend | Engine genérico + estados específicos | erp-generic (engine) + erp-construccion (definitions) | + +**Total:** 5 componentes compartidos/configurables + +--- + +## 7. JUSTIFICACIÓN POR QUÉ NO MIGRAR + +### 7.1 Bajo Potencial de Reutilización + +**Componentes de INFONAVIT:** +- **Uso:** Solo México, solo vivienda social +- **Proyectos que lo usarían:** 1 (solo ERP Construcción) +- **Reutilización:** 0% + +**Componentes de Fraccionamientos:** +- **Uso:** Específico de urbanización/vivienda horizontal +- **Proyectos que lo usarían:** 1-2 (solo construcción, quizá inmobiliaria) +- **Reutilización:** 10% + +**Componentes de Control de Obra:** +- **Uso:** Construcción, posiblemente manufactura por proyectos +- **Proyectos que lo usarían:** 2 (construcción, mecánicas con adaptación) +- **Reutilización:** 20% + +### 7.2 Complejidad de Abstracción + +Algunos componentes específicos son tan complejos que intentar abstraerlos al genérico resultaría en: +1. **Over-engineering:** Demasiada complejidad para soportar edge cases +2. **Pérdida de simplicidad:** El genérico se volvería complejo +3. **Mantenibilidad reducida:** Difícil de mantener +4. **ROI negativo:** Más esfuerzo de abstracción que beneficio + +**Ejemplos:** +- **Curva S:** Algoritmo complejo, específico construcción +- **Estimaciones:** Formato muy específico, regulado +- **APUs:** Explosión de insumos única construcción + +--- + +## 8. ESTRATEGIA DE MANTENIMIENTO + +### 8.1 Componentes Específicos en ERP Construcción + +**Ubicación:** +``` +projects/ +└── erp-construccion/ + ├── apps/ + │ ├── backend/ + │ │ └── src/ + │ │ └── modules/ + │ │ ├── projects/ # Específico + │ │ ├── construction/ # Específico + │ │ ├── estimates/ # Específico + │ │ ├── quality/ # Específico + │ │ ├── infonavit/ # Específico + │ │ └── beneficiaries/ # Específico + │ │ + │ └── frontend/ + │ └── src/ + │ └── features/ + │ ├── projects/ # Específico + │ ├── construction/ # Específico + │ ├── estimates/ # Específico + │ └── infonavit/ # Específico + │ + └── database/ + └── ddl/ + ├── project_management/ # Específico + ├── construction_management/ # Específico + ├── quality_management/ # Específico + └── infonavit_management/ # Específico +``` + +### 8.2 Dependencias con ERP Genérico + +**ERP Construcción depende de ERP Genérico:** +```json +// erp-construccion/package.json +{ + "dependencies": { + "@erp-generic/core": "^1.0.0", // Auth, RBAC, Companies + "@erp-generic/financial": "^1.0.0", // Contabilidad base + "@erp-generic/purchasing": "^1.0.0", // Compras base + "@erp-generic/ui-components": "^1.0.0" // Componentes UI + } +} +``` + +**Relación:** +- ERP Construcción **EXTIENDE** ERP Genérico +- ERP Construcción **NO modifica** ERP Genérico +- ERP Genérico es **independiente** de Construcción + +--- + +## 9. CONCLUSIONES + +### 9.1 Hallazgos Principales + +1. **29% de componentes son específicos:** 67 de 235 componentes deben permanecer en ERP Construcción +2. **INFONAVIT es altamente específico:** 7 tablas + 2 módulos + 2 features solo para México +3. **Control de Obra tiene potencial limitado:** Solo 20% reutilización (construcción + mecánicas) +4. **UI es mayormente genérica:** Solo 14% de componentes UI son específicos + +### 9.2 Recomendaciones + +1. **NO migrar componentes INFONAVIT:** 0% reutilización en otros proyectos +2. **NO migrar componentes de fraccionamientos:** Muy específicos de vivienda horizontal +3. **CONSIDERAR abstraer workflows:** Motor de workflows genérico + estados específicos +4. **MANTENER separación clara:** ERP Construcción extiende, no modifica Genérico + +### 9.3 Validación de la Decisión + +**Criterios de éxito:** +- ✅ ERP Genérico NO contiene lógica de construcción +- ✅ ERP Construcción puede evolucionar independientemente +- ✅ Otros proyectos (Vidrio, Mecánicas) NO necesitan componentes específicos construcción +- ✅ Mantenibilidad: Cada proyecto es responsable de su lógica específica + +--- + +**Fecha de Creación:** 2025-11-23 +**Versión:** 1.0 +**Estado:** Completado +**Próximo Documento:** MEJORAS-ARQUITECTONICAS.md diff --git a/docs/01-analisis-referencias/construccion/COMPONENTES-GENERICOS.md b/docs/01-analisis-referencias/construccion/COMPONENTES-GENERICOS.md new file mode 100644 index 0000000..ea89222 --- /dev/null +++ b/docs/01-analisis-referencias/construccion/COMPONENTES-GENERICOS.md @@ -0,0 +1,489 @@ +# Componentes Genéricos Identificados en ERP Construcción + +**Documento:** Análisis de Componentes Genéricos +**Proyecto Fuente:** ERP Construcción +**Proyecto Destino:** ERP Genérico +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** Completado + +--- + +## Introducción + +Este documento identifica y cataloga todos los componentes del ERP Construcción que son **genéricos** y deben migrarse al ERP Genérico para ser reutilizados por otros proyectos (ERP Vidrio, ERP Mecánicas, etc.). + +### Criterios para Considerar un Componente Genérico + +Un componente se considera genérico si cumple **al menos 2 de los siguientes criterios**: + +1. **Aplicabilidad Universal:** Puede usarse en cualquier industria sin cambios significativos +2. **Lógica de Negocio Independiente:** No contiene lógica específica de construcción +3. **Patrón Estándar:** Implementa un patrón común en ERPs (autenticación, RBAC, catálogos, etc.) +4. **Reutilización Probable:** Al menos 2 proyectos específicos lo necesitarían +5. **Configurabilidad:** Puede adaptarse mediante configuración sin cambiar código + +--- + +## 1. COMPONENTES DE BASE DE DATOS + +### 1.1 Schemas Genéricos + +| Schema | Ubicación Actual | Descripción | Mapeo a MGN | Prioridad | Reutilización | +|--------|------------------|-------------|-------------|-----------|---------------| +| `auth_management` | construccion/apps/database/ddl/ | Autenticación, usuarios, roles, permisos | MGN-001 (Core/Auth) | P0 | 100% | +| `audit_logging` | construccion/apps/database/ddl/ | Auditoría de cambios, bitácora de eventos | MGN-001 (Core/Audit) | P0 | 100% | +| `financial_management` | construccion/apps/database/ddl/ | Cuentas contables, asientos, pagos | MGN-004 (Financiero) | P0 | 95% | +| `purchasing_management` | construccion/apps/database/ddl/ | Compras, órdenes, proveedores | MGN-006 (Compras) | P0 | 90% | + +**Total Schemas Genéricos:** 4 de 7 (57%) + +### 1.2 Tablas Genéricas por Schema + +#### Schema: auth_management (100% genérico) + +| Tabla | Descripción | Justificación Genérica | MGN Mapping | Prioridad | +|-------|-------------|------------------------|-------------|-----------| +| `tenants` | Tenants para multi-tenancy | Todos los ERPs necesitan multi-tenancy | `core.companies` | P0 | +| `users` | Usuarios del sistema | Usuario es concepto universal | `auth.users` | P0 | +| `profiles` | Perfiles de usuario | Perfiles personalizables para cualquier industria | `auth.profiles` | P0 | +| `roles` | Roles del sistema | RBAC es patrón universal | `auth.roles` | P0 | +| `user_roles` | Asignación usuario-rol | Relación M2M estándar | `auth.user_roles` | P0 | +| `permissions` | Permisos granulares | Sistema de permisos universal | `auth.permissions` | P0 | +| `role_permissions` | Asignación rol-permiso | Relación M2M estándar | `auth.role_permissions` | P0 | +| `auth_providers` | Proveedores OAuth (Google, etc.) | OAuth es estándar | `auth.providers` | P1 | +| `password_resets` | Tokens de reset de contraseña | Funcionalidad estándar | `auth.password_resets` | P0 | +| `sessions` | Sesiones activas | Gestión de sesiones universal | `auth.sessions` | P0 | + +**Subtotal:** 10 tablas (100% genéricas) + +#### Schema: audit_logging (100% genérico) + +| Tabla | Descripción | Justificación Genérica | MGN Mapping | Prioridad | +|-------|-------------|------------------------|-------------|-----------| +| `audit_logs` | Registro de cambios | Auditoría es universal | `audit.logs` | P0 | +| `activity_logs` | Actividades de usuarios | Tracking de actividades universal | `audit.activities` | P0 | +| `login_history` | Historial de logins | Seguridad estándar | `audit.login_history` | P0 | +| `api_logs` | Logs de llamadas API | Monitoreo de API universal | `audit.api_logs` | P1 | + +**Subtotal:** 4 tablas (100% genéricas) + +#### Schema: financial_management (90% genérico) + +| Tabla | Descripción | Justificación Genérica | MGN Mapping | Prioridad | +|-------|-------------|------------------------|-------------|-----------| +| `chart_of_accounts` | Plan de cuentas contables | Contabilidad universal | `financial.accounts` | P0 | +| `account_types` | Tipos de cuenta (Activo, Pasivo, etc.) | Clasificación contable estándar | `financial.account_types` | P0 | +| `journal_entries` | Asientos contables | Doble partida universal | `financial.journal_entries` | P0 | +| `journal_entry_lines` | Líneas de asientos | Detalle de asientos universal | `financial.journal_entry_lines` | P0 | +| `journals` | Diarios contables | Contabilidad estándar | `financial.journals` | P0 | +| `currencies` | Monedas (ISO 4217) | Catálogo universal | `core.currencies` | P0 | +| `exchange_rates` | Tasas de cambio | Multi-moneda universal | `financial.exchange_rates` | P0 | +| `fiscal_years` | Ejercicios fiscales | Periodos contables universales | `financial.fiscal_years` | P0 | +| `fiscal_periods` | Periodos fiscales (mensual) | Cierre de periodos universal | `financial.fiscal_periods` | P0 | +| `payments` | Pagos | Pagos universales | `financial.payments` | P0 | +| `payment_methods` | Métodos de pago | Catálogo universal | `financial.payment_methods` | P0 | +| `bank_accounts` | Cuentas bancarias | Gestión bancaria universal | `financial.bank_accounts` | P0 | + +**Subtotal:** 12 tablas (90% genéricas - 1 tabla específica construcción) + +#### Schema: purchasing_management (85% genérico) + +| Tabla | Descripción | Justificación Genérica | MGN Mapping | Prioridad | +|-------|-------------|------------------------|-------------|-----------| +| `suppliers` | Proveedores | Proveedores universales (adaptado de partners) | `core.partners` (is_supplier) | P0 | +| `supplier_contacts` | Contactos de proveedores | Gestión de contactos universal | `core.partner_contacts` | P0 | +| `purchase_requisitions` | Requisiciones de compra | Workflow de compras estándar | `purchase.requisitions` | P0 | +| `purchase_orders` | Órdenes de compra | Documento de compra universal | `purchase.orders` | P0 | +| `purchase_order_lines` | Líneas de OC | Detalle de OC universal | `purchase.order_lines` | P0 | +| `rfq` | Solicitudes de cotización | RFQ es patrón estándar | `purchase.rfq` | P1 | +| `quotations` | Cotizaciones de proveedores | Comparación de cotizaciones universal | `purchase.quotations` | P1 | + +**Subtotal:** 7 tablas (85% genéricas) + +#### Tablas Adicionales Genéricas (Sin Schema Definido en Construcción) + +| Tabla | Schema Recomendado | Descripción | Justificación | MGN Mapping | Prioridad | +|-------|-------------------|-------------|---------------|-------------|-----------| +| `companies` | core_system | Empresas del grupo/holdings | Multi-company universal | `core.companies` | P0 | +| `partners` | core_system | Clientes, proveedores, contactos universales | Patrón Odoo universal | `core.partners` | P0 | +| `countries` | core_system | Catálogo de países (ISO 3166) | Catálogo universal | `core.countries` | P0 | +| `states` | core_system | Estados/provincias | Catálogo universal | `core.states` | P0 | +| `cities` | core_system | Ciudades | Catálogo universal | `core.cities` | P1 | +| `units_of_measure` | core_system | Unidades de medida + conversiones | UoM universal | `core.uom` | P0 | +| `uom_categories` | core_system | Categorías de UoM | UoM universal | `core.uom_categories` | P0 | +| `products` | inventory | Productos/servicios (genéricos) | Productos base universales | `inventory.products` | P0 | +| `product_categories` | inventory | Categorías de productos | Clasificación universal | `inventory.product_categories` | P0 | +| `warehouses` | inventory | Almacenes | Gestión de almacenes universal | `inventory.warehouses` | P0 | +| `locations` | inventory | Ubicaciones en almacén | Jerarquía de ubicaciones universal | `inventory.locations` | P0 | + +**Subtotal:** 11 tablas adicionales genéricas (no implementadas en construcción, pero necesarias en genérico) + +### 1.3 Funciones PL/pgSQL Genéricas + +| Función | Ubicación | Descripción | Justificación | Prioridad | +|---------|-----------|-------------|---------------|-----------| +| `update_updated_at_column()` | public | Trigger function para updated_at | Función universal | P0 | +| `get_current_user_id()` | auth_management | Obtener user_id del contexto | RLS universal | P0 | +| `get_current_tenant_id()` | auth_management | Obtener tenant_id del contexto | Multi-tenancy universal | P0 | +| `check_permission()` | auth_management | Verificar permiso de usuario | RBAC universal | P0 | +| `calculate_account_balance()` | financial_management | Calcular balance de cuenta | Contabilidad universal | P0 | + +**Total:** 5 funciones genéricas + +### 1.4 Triggers Genéricos + +| Trigger | Tabla | Descripción | Justificación | Prioridad | +|---------|-------|-------------|---------------|-----------| +| `trg_*_updated_at` | TODAS | Actualizar updated_at automáticamente | Patrón universal | P0 | +| `trg_audit_*_changes` | Tablas críticas | Auditoría automática de cambios | Seguridad universal | P0 | +| `trg_validate_*_status` | Tablas con estados | Validar transiciones de estado | Business rules universales | P1 | + +**Total:** 3 patrones de triggers genéricos + +### 1.5 ENUMs Genéricos + +| ENUM | Ubicación | Valores | Justificación | Prioridad | +|------|-----------|---------|---------------|-----------| +| `account_status` | auth_management | active, suspended, banned, pending | Estados de usuario universales | P0 | +| `auth_provider` | auth_management | local, google, facebook, microsoft | OAuth universal | P1 | +| `permission_action` | auth_management | create, read, update, delete, approve | CRUD universal | P0 | +| `payment_method_type` | financial_management | cash, check, transfer, card, other | Métodos de pago universales | P0 | +| `document_status` | global | draft, pending_approval, approved, rejected, cancelled | Workflow universal | P0 | + +**Total:** 5 ENUMs genéricos (10+ necesarios en total) + +--- + +## 2. COMPONENTES DE BACKEND + +### 2.1 Módulos Backend Genéricos + +| Módulo | Ubicación Actual | Descripción | Reutilización | MGN Mapping | Prioridad | +|--------|------------------|-------------|---------------|-------------|-----------| +| `auth` | backend/src/modules/auth/ | Autenticación JWT, login, register, reset password | 100% | MGN-001 (Auth) | P0 | +| `users` | backend/src/modules/users/ | Gestión de usuarios, perfiles, preferencias | 95% | MGN-001 (Users) | P0 | +| `roles` | backend/src/modules/roles/ | Gestión de roles y permisos (RBAC) | 100% | MGN-001 (RBAC) | P0 | +| `companies` | backend/src/modules/companies/ | Gestión de empresas/tenants | 100% | MGN-002 (Companies) | P0 | +| `audit` | backend/src/modules/audit/ | Logs de auditoría, tracking de cambios | 100% | MGN-001 (Audit) | P0 | +| `notifications` | backend/src/modules/notifications/ | Sistema de notificaciones | 95% | MGN-014 (Notifications) | P0 | +| `files` | backend/src/modules/files/ | Upload/download de archivos | 95% | MGN-013 (Files) | P1 | +| `catalogs` | backend/src/modules/catalogs/ | Catálogos maestros (countries, currencies, uom) | 100% | MGN-003 (Catalogs) | P0 | + +**Total:** 8 módulos backend genéricos (de ~13 módulos totales = 62%) + +### 2.2 Servicios Compartidos (Shared Services) + +| Servicio | Archivo | Descripción | Reutilización | Prioridad | +|----------|---------|-------------|---------------|-----------| +| `DatabaseService` | shared/services/database.service.ts | Pool de conexiones, queries base | 100% | P0 | +| `CryptoService` | shared/services/crypto.service.ts | Hashing, encryption, JWT | 100% | P0 | +| `EmailService` | shared/services/email.service.ts | Envío de emails (templates) | 100% | P0 | +| `StorageService` | shared/services/storage.service.ts | Gestión de archivos (S3/local) | 100% | P0 | +| `LoggerService` | shared/services/logger.service.ts | Logging estructurado (Winston) | 100% | P0 | +| `CacheService` | shared/services/cache.service.ts | Redis caching | 100% | P1 | +| `ValidationService` | shared/services/validation.service.ts | Validación de datos (Zod) | 100% | P0 | + +**Total:** 7 servicios compartidos genéricos + +### 2.3 Middleware Genéricos + +| Middleware | Archivo | Descripción | Reutilización | Prioridad | +|------------|---------|-------------|---------------|-----------| +| `authMiddleware` | shared/middleware/auth.middleware.ts | Verificación de JWT | 100% | P0 | +| `rbacMiddleware` | shared/middleware/rbac.middleware.ts | Verificación de permisos | 100% | P0 | +| `validationMiddleware` | shared/middleware/validation.middleware.ts | Validación de request body | 100% | P0 | +| `errorMiddleware` | shared/middleware/error.middleware.ts | Error handling centralizado | 100% | P0 | +| `loggingMiddleware` | shared/middleware/logging.middleware.ts | Request/response logging | 100% | P0 | +| `rateLimitMiddleware` | shared/middleware/rate-limit.middleware.ts | Rate limiting | 100% | P1 | +| `corsMiddleware` | shared/middleware/cors.middleware.ts | CORS configuration | 100% | P0 | + +**Total:** 7 middleware genéricos + +### 2.4 Guards y Decorators + +| Guard/Decorator | Archivo | Descripción | Reutilización | Prioridad | +|-----------------|---------|-------------|---------------|-----------| +| `@Public()` | shared/decorators/public.decorator.ts | Marcar endpoint público | 100% | P0 | +| `@Roles()` | shared/decorators/roles.decorator.ts | Especificar roles requeridos | 100% | P0 | +| `@Permissions()` | shared/decorators/permissions.decorator.ts | Especificar permisos | 100% | P0 | +| `@CurrentUser()` | shared/decorators/current-user.decorator.ts | Inyectar usuario actual | 100% | P0 | +| `@Tenant()` | shared/decorators/tenant.decorator.ts | Inyectar tenant actual | 100% | P0 | + +**Total:** 5 decorators genéricos + +--- + +## 3. COMPONENTES DE FRONTEND + +### 3.1 Shared Components (Componentes UI Reutilizables) + +#### Átomos (Atomic Design) + +| Componente | Archivo | Descripción | Reutilización | Prioridad | +|------------|---------|-------------|---------------|-----------| +| `Button` | shared/components/atoms/Button.tsx | Botón con variantes | 100% | P0 | +| `Input` | shared/components/atoms/Input.tsx | Input text con validación | 100% | P0 | +| `Select` | shared/components/atoms/Select.tsx | Select dropdown | 100% | P0 | +| `Checkbox` | shared/components/atoms/Checkbox.tsx | Checkbox | 100% | P0 | +| `Radio` | shared/components/atoms/Radio.tsx | Radio button | 100% | P0 | +| `DatePicker` | shared/components/atoms/DatePicker.tsx | Selector de fecha | 100% | P0 | +| `Icon` | shared/components/atoms/Icon.tsx | Iconos SVG | 100% | P0 | +| `Badge` | shared/components/atoms/Badge.tsx | Badge de estado | 100% | P0 | +| `Avatar` | shared/components/atoms/Avatar.tsx | Avatar de usuario | 100% | P0 | +| `Spinner` | shared/components/atoms/Spinner.tsx | Loading spinner | 100% | P0 | + +**Subtotal:** 10 átomos genéricos + +#### Moléculas + +| Componente | Archivo | Descripción | Reutilización | Prioridad | +|------------|---------|-------------|---------------|-----------| +| `FormField` | shared/components/molecules/FormField.tsx | Label + Input + Error | 100% | P0 | +| `SearchBar` | shared/components/molecules/SearchBar.tsx | Barra de búsqueda | 100% | P0 | +| `Pagination` | shared/components/molecules/Pagination.tsx | Paginación de tablas | 100% | P0 | +| `Alert` | shared/components/molecules/Alert.tsx | Alertas/notificaciones | 100% | P0 | +| `Card` | shared/components/molecules/Card.tsx | Tarjeta de contenido | 100% | P0 | +| `Modal` | shared/components/molecules/Modal.tsx | Modal dialog | 100% | P0 | +| `Dropdown` | shared/components/molecules/Dropdown.tsx | Dropdown menu | 100% | P0 | +| `Tabs` | shared/components/molecules/Tabs.tsx | Pestañas | 100% | P0 | +| `Breadcrumb` | shared/components/molecules/Breadcrumb.tsx | Migas de pan | 100% | P0 | +| `Tooltip` | shared/components/molecules/Tooltip.tsx | Tooltip | 100% | P0 | + +**Subtotal:** 10 moléculas genéricas + +#### Organismos + +| Componente | Archivo | Descripción | Reutilización | Prioridad | +|------------|---------|-------------|---------------|-----------| +| `DataTable` | shared/components/organisms/DataTable.tsx | Tabla con sorting, filtering, pagination | 100% | P0 | +| `Form` | shared/components/organisms/Form.tsx | Formulario con validación Zod | 100% | P0 | +| `Sidebar` | shared/components/organisms/Sidebar.tsx | Sidebar de navegación | 100% | P0 | +| `Navbar` | shared/components/organisms/Navbar.tsx | Navbar superior | 100% | P0 | +| `DashboardWidget` | shared/components/organisms/DashboardWidget.tsx | Widget de dashboard | 95% | P0 | +| `UserMenu` | shared/components/organisms/UserMenu.tsx | Menú de usuario | 100% | P0 | +| `FileUploader` | shared/components/organisms/FileUploader.tsx | Upload de archivos | 100% | P1 | +| `Calendar` | shared/components/organisms/Calendar.tsx | Calendario | 100% | P1 | + +**Subtotal:** 8 organismos genéricos + +#### Templates + +| Componente | Archivo | Descripción | Reutilización | Prioridad | +|------------|---------|-------------|---------------|-----------| +| `DashboardLayout` | shared/components/templates/DashboardLayout.tsx | Layout principal con sidebar | 100% | P0 | +| `AuthLayout` | shared/components/templates/AuthLayout.tsx | Layout para login/register | 100% | P0 | +| `EmptyLayout` | shared/components/templates/EmptyLayout.tsx | Layout vacío | 100% | P0 | + +**Subtotal:** 3 templates genéricos + +**Total Componentes UI:** 31 componentes genéricos + +### 3.2 Hooks Personalizados + +| Hook | Archivo | Descripción | Reutilización | Prioridad | +|------|---------|-------------|---------------|-----------| +| `useAuth` | shared/hooks/useAuth.ts | Hook de autenticación | 100% | P0 | +| `useUser` | shared/hooks/useUser.ts | Hook de usuario actual | 100% | P0 | +| `usePermissions` | shared/hooks/usePermissions.ts | Hook de permisos | 100% | P0 | +| `useApi` | shared/hooks/useApi.ts | Hook para llamadas API | 100% | P0 | +| `useQuery` | shared/hooks/useQuery.ts | Hook para queries | 100% | P0 | +| `useMutation` | shared/hooks/useMutation.ts | Hook para mutations | 100% | P0 | +| `useDebounce` | shared/hooks/useDebounce.ts | Hook de debounce | 100% | P0 | +| `useLocalStorage` | shared/hooks/useLocalStorage.ts | Hook para localStorage | 100% | P0 | +| `useToast` | shared/hooks/useToast.ts | Hook para notificaciones toast | 100% | P0 | +| `useModal` | shared/hooks/useModal.ts | Hook para modales | 100% | P0 | + +**Total:** 10 hooks genéricos + +### 3.3 Stores (Zustand) + +| Store | Archivo | Descripción | Reutilización | Prioridad | +|-------|---------|-------------|---------------|-----------| +| `useAuthStore` | stores/auth.store.ts | Estado de autenticación | 100% | P0 | +| `useUserStore` | stores/user.store.ts | Estado de usuario | 100% | P0 | +| `useCompanyStore` | stores/company.store.ts | Estado de empresa/tenant | 100% | P0 | +| `useUIStore` | stores/ui.store.ts | Estado de UI (sidebar, theme) | 100% | P0 | +| `useNotificationStore` | stores/notification.store.ts | Estado de notificaciones | 100% | P0 | +| `usePermissionsStore` | stores/permissions.store.ts | Permisos del usuario | 100% | P0 | + +**Total:** 6 stores genéricos + +### 3.4 Páginas Genéricas + +| Página | Ruta | Descripción | Reutilización | Prioridad | +|--------|------|-------------|---------------|-----------| +| Login | `/login` | Página de login | 100% | P0 | +| Register | `/register` | Página de registro | 100% | P0 | +| ForgotPassword | `/forgot-password` | Recuperar contraseña | 100% | P0 | +| ResetPassword | `/reset-password` | Resetear contraseña | 100% | P0 | +| Profile | `/profile` | Perfil de usuario | 100% | P0 | +| Settings | `/settings` | Configuración de usuario | 100% | P0 | +| Unauthorized | `/unauthorized` | Sin permisos | 100% | P0 | +| NotFound | `/404` | Página no encontrada | 100% | P0 | + +**Total:** 8 páginas genéricas + +--- + +## 4. RESUMEN CUANTITATIVO + +| Categoría | Componentes Genéricos | Componentes Totales | % Reutilización | +|-----------|----------------------|---------------------|-----------------| +| **Schemas DB** | 4 | 7 | 57% | +| **Tablas DB** | 44 | 70+ | 63% | +| **Funciones DB** | 5 | 8 | 63% | +| **Triggers DB** | 3 patrones | 3 patrones | 100% | +| **ENUMs DB** | 5 | 10 | 50% | +| **Módulos Backend** | 8 | 13 | 62% | +| **Servicios Compartidos** | 7 | 7 | 100% | +| **Middleware** | 7 | 7 | 100% | +| **Guards/Decorators** | 5 | 5 | 100% | +| **Componentes UI** | 31 | 50 | 62% | +| **Hooks** | 10 | 15 | 67% | +| **Stores** | 6 | 10 | 60% | +| **Páginas** | 8 | 30+ | 27% | +| **TOTAL** | **143 componentes** | **235+ componentes** | **~61%** | + +### Desglose de Prioridades + +| Prioridad | Componentes | Porcentaje | +|-----------|-------------|------------| +| **P0 (Crítico)** | 120 | 84% | +| **P1 (Alta)** | 23 | 16% | +| **P2 (Media)** | 0 | 0% | + +--- + +## 5. ANÁLISIS DE REUTILIZACIÓN POR PROYECTO + +### 5.1 ERP Construcción + +- **Componentes genéricos utilizados:** 143 +- **Componentes específicos construcción:** 92 +- **Total componentes:** 235 +- **% Reutilización del genérico:** 61% + +### 5.2 ERP Vidrio (Estimado) + +- **Componentes genéricos a reutilizar:** ~135 (94% de los 143) +- **Componentes específicos vidrio nuevos:** ~60 +- **Total componentes estimado:** 195 +- **% Reutilización del genérico:** 69% +- **Componentes a migrar de construcción:** 8 (calendarios, reportes avanzados) + +### 5.3 ERP Mecánicas (Estimado) + +- **Componentes genéricos a reutilizar:** ~140 (98% de los 143) +- **Componentes específicos mecánicas nuevos:** ~45 +- **Total componentes estimado:** 185 +- **% Reutilización del genérico:** 76% +- **Componentes a migrar de construcción:** 3 (gestión de proyectos base) + +### 5.4 Resumen de Reutilización + +| Proyecto | Reutilización ERP Genérico | Componentes Específicos | Ahorro de Desarrollo | +|----------|---------------------------|-------------------------|---------------------| +| **ERP Construcción** | 61% | 39% | Baseline (0%) | +| **ERP Vidrio** | 69% | 31% | ~30% | +| **ERP Mecánicas** | 76% | 24% | ~40% | +| **Promedio** | **69%** | **31%** | **35%** | + +--- + +## 6. COMPONENTES P0 (CRÍTICOS PARA TODOS LOS PROYECTOS) + +### Fase 0 - Infraestructura Base (Crítico) + +1. **Database:** + - Schema `auth_management` completo (10 tablas) + - Schema `audit_logging` completo (4 tablas) + - Tablas: `companies`, `partners`, `currencies`, `countries`, `uom` + - Funciones: `update_updated_at_column()`, `get_current_user_id()`, `get_current_tenant_id()` + - Triggers: `trg_*_updated_at` en todas las tablas + +2. **Backend:** + - Módulos: `auth`, `users`, `roles`, `companies`, `audit` + - Servicios: `DatabaseService`, `CryptoService`, `EmailService`, `LoggerService` + - Middleware: `authMiddleware`, `rbacMiddleware`, `validationMiddleware`, `errorMiddleware` + - Decorators: `@Public()`, `@Roles()`, `@Permissions()`, `@CurrentUser()`, `@Tenant()` + +3. **Frontend:** + - Átomos: `Button`, `Input`, `Select`, `Checkbox`, `DatePicker`, `Icon` + - Moléculas: `FormField`, `SearchBar`, `Alert`, `Modal` + - Organismos: `DataTable`, `Form`, `Sidebar`, `Navbar` + - Templates: `DashboardLayout`, `AuthLayout` + - Hooks: `useAuth`, `useUser`, `usePermissions`, `useApi` + - Stores: `useAuthStore`, `useUserStore`, `useCompanyStore`, `useUIStore` + - Páginas: Login, Register, Profile, Settings + +**Total P0:** 120 componentes críticos + +--- + +## 7. RECOMENDACIONES DE MIGRACIÓN + +### 7.1 Orden Sugerido de Migración + +**Fase 0 (Semana 1-2): Infraestructura Crítica** +1. Schema `auth_management` (10 tablas) +2. Schema `audit_logging` (4 tablas) +3. Funciones DB universales (5) +4. Módulo backend `auth` completo +5. Módulo backend `users` completo +6. Componentes UI críticos (20) + +**Fase 1 (Semana 3-4): Catálogos y Core** +1. Tablas: `companies`, `partners`, `currencies`, `countries`, `uom` (11 tablas) +2. Schema `financial_management` (12 tablas) +3. Módulos backend: `companies`, `catalogs` +4. Componentes UI adicionales (11) + +**Fase 2 (Semana 5-6): Módulos de Negocio Básicos** +1. Schema `purchasing_management` (7 tablas) +2. Módulos backend: `notifications`, `files` +3. Resto de componentes UI (20) + +### 7.2 Estrategia de Adaptación + +Para cada componente genérico: +1. **Extraer:** Copiar del ERP Construcción +2. **Limpiar:** Remover lógica específica de construcción +3. **Parametrizar:** Hacer configurable mediante settings +4. **Documentar:** Agregar JSDoc completo +5. **Testear:** Unit tests + integration tests +6. **Validar:** Verificar en al menos 2 contextos (construcción + vidrio) + +--- + +## 8. CONCLUSIONES + +### 8.1 Hallazgos Principales + +1. **61% de componentes son genéricos:** 143 de 235 componentes pueden reutilizarse +2. **84% son prioridad P0:** Componentes críticos que deben migrarse primero +3. **Alta reutilización esperada:** 69% promedio en proyectos futuros +4. **ROI significativo:** 35% ahorro promedio en desarrollo + +### 8.2 Beneficios de la Migración + +1. **Reducción de duplicación:** ~35% menos código a mantener +2. **Consistencia:** UI/UX uniforme entre proyectos +3. **Velocidad de desarrollo:** 30-40% más rápido en proyectos nuevos +4. **Calidad:** Componentes probados en producción +5. **Mantenibilidad:** Bugs fixeados una vez, benefician a todos + +### 8.3 Próximos Pasos + +1. Revisar este documento con equipo de desarrollo +2. Priorizar componentes P0 para migración inmediata +3. Crear plan detallado de migración (tareas, responsables, timeline) +4. Iniciar migración con Fase 0 (infraestructura crítica) +5. Validar componentes migrados con proyecto piloto + +--- + +**Fecha de Creación:** 2025-11-23 +**Versión:** 1.0 +**Estado:** Completado +**Próximo Documento:** COMPONENTES-ESPECIFICOS.md diff --git a/docs/01-analisis-referencias/construccion/GAP-ANALYSIS.md b/docs/01-analisis-referencias/construccion/GAP-ANALYSIS.md new file mode 100644 index 0000000..81ea51e --- /dev/null +++ b/docs/01-analisis-referencias/construccion/GAP-ANALYSIS.md @@ -0,0 +1,308 @@ +# Gap Analysis: Funcionalidades de Odoo y Gamilit No Implementadas en ERP Construcción + +**Documento:** Análisis de Brechas Funcionales +**Referencias:** Odoo (12 módulos), Gamilit (arquitectura), ERP Construcción +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst + +--- + +## Resumen Ejecutivo + +Se identificaron **42 gaps funcionales** divididos en: +- **Gaps de Odoo:** 28 funcionalidades (lógica de negocio) +- **Gaps de Gamilit:** 14 aspectos (arquitectura/DevOps) + +**Impacto:** +- **Críticos (P0):** 18 gaps (43%) +- **Altos (P1):** 15 gaps (36%) +- **Medios (P2):** 9 gaps (21%) + +--- + +## 1. GAPS DE ODOO (Lógica de Negocio) + +### 1.1 Módulo base / auth (Fundamentos) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 1 | **OAuth Social Login** | auth_signup | MEDIO | Implementar Google/Microsoft OAuth | P2 | +| 2 | **Two-Factor Authentication (2FA)** | base | ALTO | Agregar 2FA para usuarios críticos | P1 | +| 3 | **API Keys para integraciones** | base | ALTO | Permitir integraciones seguras (API INFONAVIT) | P1 | + +### 1.2 Módulo account (Financiero) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 4 | **Multi-Moneda con tasas de cambio automáticas** | account | ALTO | Implementar (proyectos con importaciones) | P1 | +| 5 | **Conciliación Bancaria Automática** | account | ALTO | Agiliza cierre contable | P1 | +| 6 | **Reportes Financieros Estándar (P&L, Balance Sheet)** | account | CRÍTICO | Esencial para compliance | P0 | +| 7 | **Gestión de Activos Fijos** | account_asset | MEDIO | Deprec amortization maquinaria | P2 | +| 8 | **Seguimiento de Pagos a Proveedores** | account_payment | ALTO | Control de CxP | P1 | + +### 1.3 Módulo analytic (Contabilidad Analítica) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 9 | **Sistema de Contabilidad Analítica Universal** | analytic | CRÍTICO | Campo analytic_account_id en TODAS las transacciones | P0 | +| 10 | **Reportes P&L por Proyecto/Lote** | analytic | CRÍTICO | Rentabilidad por proyecto automática | P0 | +| 11 | **Budget vs Real por Proyecto** | analytic | CRÍTICO | Control presupuestal analítico | P0 | + +### 1.4 Módulo stock (Inventario) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 12 | **Ubicaciones Jerárquicas** | stock | MEDIO | Almacén → Zona → Pasillo → Anaquel | P2 | +| 13 | **Estrategias de Inventario (FIFO, Avg Cost)** | stock | ALTO | Valoración correcta de inventario | P1 | +| 14 | **Trazabilidad de Lotes/Series** | stock | MEDIO | Trazabilidad de materiales críticos | P2 | +| 15 | **Inventarios Cíclicos** | stock | MEDIO | Auditorías sin parar operaciones | P2 | + +### 1.5 Módulo purchase (Compras) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 16 | **Acuerdos de Compra (Blanket Orders)** | purchase | ALTO | Contratos con proveedores recurrentes | P1 | +| 17 | **Comparación de Cotizaciones (RFQ)** | purchase | MEDIO | Selección objetiva de proveedor | P2 | +| 18 | **Control de Calidad en Recepción** | purchase + quality | MEDIO | QA materiales recibidos | P2 | + +### 1.6 Módulo sale (Ventas) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 19 | **Portal de Clientes (Portal)** | portal | CRÍTICO | Derechohabientes ven su vivienda | P0 | +| 20 | **Firma Electrónica de Documentos** | portal | ALTO | Actas entrega-recepción digitales | P1 | +| 21 | **Cotizaciones Online** | sale | BAJO | No crítico para INFONAVIT | P3 | + +### 1.7 Módulo mail (Mensajería) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 22 | **Sistema de Tracking Automático (mail.thread)** | mail | CRÍTICO | Auditoría automática de cambios | P0 | +| 23 | **Chatter UI** | mail | ALTO | Histórico de comunicaciones por registro | P1 | +| 24 | **Seguidores (Followers)** | mail | MEDIO | Notificaciones automáticas | P2 | +| 25 | **Actividades Programadas** | mail | MEDIO | Recordatorios automáticos | P2 | + +### 1.8 Módulo crm (CRM) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 26 | **Pipeline de Ventas Visual (Kanban)** | crm | BAJO | No crítico para INFONAVIT (asignación) | P3 | +| 27 | **Lead Scoring** | crm | BAJO | No aplica (INFONAVIT no es venta tradicional) | P3 | + +### 1.9 Módulo hr (RRHH) + +| # | Funcionalidad Faltante | Módulo Odoo | Impacto | Recomendación | Prioridad | +|---|----------------------|-------------|---------|---------------|-----------| +| 28 | **Timesheet (Horas por Proyecto)** | hr_timesheet | ALTO | Costeo real de mano de obra | P1 | + +**Total Gaps Odoo:** 28 funcionalidades + +--- + +## 2. GAPS DE GAMILIT (Arquitectura y DevOps) + +### 2.1 Database Architecture + +| # | Aspecto Faltante | Gamilit | Impacto | Recomendación | Prioridad | +|---|-----------------|---------|---------|---------------|-----------| +| 29 | **Sistema SIMCO (_MAP.md en toda la DB)** | database-architecture | CRÍTICO | Documentación estructurada | P0 | +| 30 | **159 RLS Policies Planeadas** | database-architecture | CRÍTICO | Construcción tiene ~20 policies | P0 | +| 31 | **Triggers de Auditoría en Tablas Críticas** | database-architecture | ALTO | Solo updated_at, falta auditoría | P1 | + +### 2.2 Backend Patterns + +| # | Aspecto Faltante | Gamilit | Impacto | Recomendación | Prioridad | +|---|-----------------|---------|---------|---------------|-----------| +| 32 | **ORM (TypeORM o Prisma)** | backend-patterns | ALTO | Construcción usa pg directo | P1 | +| 33 | **Jerarquía de Errores Personalizada** | backend-patterns | MEDIO | Manejo consistente de errores | P2 | + +### 2.3 Frontend Patterns + +| # | Aspecto Faltante | Gamilit | Impacto | Recomendación | Prioridad | +|---|-----------------|---------|---------|---------------|-----------| +| 34 | **Feature-Sliced Design (FSD)** | frontend-patterns | CRÍTICO | Arquitectura escalable | P0 | +| 35 | **180+ Componentes Shared** | frontend-patterns | ALTO | Reutilización máxima | P1 | +| 36 | **State Management (Zustand)** | frontend-patterns | ALTO | Construcción usa Context API (limitado) | P1 | + +### 2.4 SSOT System + +| # | Aspecto Faltante | Gamilit | Impacto | Recomendación | Prioridad | +|---|-----------------|---------|---------|---------------|-----------| +| 37 | **Backend SSOT (enums, database, routes constants)** | ssot-system | CRÍTICO | Eliminar hardcoding | P0 | +| 38 | **Script sync-enums.ts** | ssot-system | CRÍTICO | Sincronización automática | P0 | +| 39 | **Script validate-constants-usage.ts (33 patrones)** | ssot-system | CRÍTICO | Detección de hardcoding | P0 | + +### 2.5 DevOps & Automation + +| # | Aspecto Faltante | Gamilit | Impacto | Recomendación | Prioridad | +|---|-----------------|---------|---------|---------------|-----------| +| 40 | **Docker + docker-compose** | devops-automation | CRÍTICO | Construcción NO tiene Docker | P0 | +| 41 | **CI/CD (GitHub Actions)** | devops-automation | CRÍTICO | Deployment manual actual | P0 | +| 42 | **Test Coverage 70%+** | devops-automation | CRÍTICO | Construcción ~15% coverage | P0 | + +**Total Gaps Gamilit:** 14 aspectos arquitectónicos + +--- + +## 3. ANÁLISIS CUANTITATIVO + +### 3.1 Distribución por Impacto + +| Impacto | Gaps de Odoo | Gaps de Gamilit | Total | % | +|---------|--------------|-----------------|-------|---| +| **CRÍTICO** | 8 | 10 | **18** | 43% | +| **ALTO** | 11 | 4 | **15** | 36% | +| **MEDIO** | 7 | 2 | **9** | 21% | +| **BAJO** | 2 | 0 | **2** | 0% | +| **TOTAL** | **28** | **14** | **42** | 100% | + +### 3.2 Distribución por Prioridad + +| Prioridad | Descripción | Gaps | % | Esfuerzo Estimado | +|-----------|-------------|------|---|-------------------| +| **P0 (CRÍTICO)** | Implementar inmediatamente | 18 | 43% | 24-30 semanas | +| **P1 (ALTA)** | Implementar en 6 meses | 15 | 36% | 18-22 semanas | +| **P2 (MEDIA)** | Implementar en 12 meses | 9 | 21% | 10-14 semanas | +| **P3 (BAJA)** | Opcional/No necesario | 2 | 0% | - | +| **TOTAL** | - | **42** | 100% | **52-66 semanas (~1 año)** | + +--- + +## 4. GAPS P0 (CRÍTICOS) - DETALLE + +### Database & SSOT (10 gaps) + +1. **Sistema SIMCO (_MAP.md)** - 2 semanas +2. **RLS Policies completas (159)** - 4 semanas +3. **Backend SSOT** - 1-2 semanas +4. **Script sync-enums.ts** - 1 semana +5. **Script validate-constants-usage.ts** - 1 semana +6. **Docker + docker-compose** - 1 semana +7. **CI/CD (GitHub Actions)** - 2 semanas +8. **Test Coverage 70%+** - 6-8 semanas +9. **Feature-Sliced Design** - 3-4 semanas +10. **Contabilidad Analítica Universal** - 3-4 semanas + +**Esfuerzo Total P0:** 24-30 semanas (~6-7 meses) + +### Funcionalidades de Negocio (8 gaps) + +1. **Reportes Financieros Estándar** - 2 semanas +2. **Sistema Tracking Automático (mail.thread)** - 2-3 semanas +3. **Portal de Clientes** - 3 semanas +4. **Reportes P&L por Proyecto** - 2 semanas +5. **Budget vs Real por Proyecto** - 2 semanas + +--- + +## 5. RECOMENDACIONES POR GAP + +### Implementar (35 gaps - 83%) + +Funcionalidades y aspectos con ROI positivo y alto impacto. + +**Ejemplos:** +- Contabilidad analítica universal (P0) +- Docker + CI/CD (P0) +- SSOT System completo (P0) +- Portal de clientes (P0) +- Multi-moneda (P1) +- Timesheet (P1) + +### Considerar (5 gaps - 12%) + +Funcionalidades útiles pero no críticas. + +**Ejemplos:** +- Ubicaciones jerárquicas en almacén (P2) +- Trazabilidad de lotes/series (P2) +- OAuth social login (P2) + +### No Necesario (2 gaps - 5%) + +Funcionalidades que no aplican al modelo de negocio INFONAVIT. + +**Ejemplos:** +- Pipeline de ventas visual (INFONAVIT es asignación, no venta) +- Lead scoring (no aplica) + +--- + +## 6. ROADMAP DE IMPLEMENTACIÓN + +### Q1 2026: Fundamentos Críticos (P0 - DevOps) + +- Semana 1-2: Docker + SSOT System +- Semana 3-6: CI/CD + Testing (coverage 70%) +- Semana 7-10: Feature-Sliced Design +- Semana 11-12: RLS Policies completas + +**Entregable:** Fundamentos sólidos de arquitectura y DevOps + +### Q2 2026: Contabilidad y Reporting (P0 - Negocio) + +- Semana 1-4: Contabilidad analítica universal +- Semana 5-7: Reportes financieros estándar +- Semana 8-10: Sistema tracking automático +- Semana 11-13: Portal de clientes + +**Entregable:** Reportes financieros completos y portal + +### Q3 2026: Mejoras P1 + +- Semana 1-4: Multi-moneda + conciliación bancaria +- Semana 5-8: Timesheet + seguimiento pagos +- Semana 9-12: Firma electrónica + Chatter UI + +**Entregable:** Funcionalidades P1 completas + +### Q4 2026: Mejoras P2 + +- Semana 1-4: Ubicaciones jerárquicas + FIFO +- Semana 5-8: Comparación RFQ + QC recepción +- Semana 9-12: OAuth social + activos fijos + +**Entregable:** Funcionalidades P2 completas + +--- + +## 7. RESUMEN DE IMPACTO + +### Sin Implementar Gaps + +- ❌ Reportes financieros manuales (80 horas/mes) +- ❌ Deployment manual propenso a errores +- ❌ Coverage 15% = bugs en producción +- ❌ Hardcoding = refactoring difícil +- ❌ Sin portal = llamadas call center + +### Con Gaps Implementados + +- ✅ Reportes automáticos (ahorro 80 horas/mes) +- ✅ Deployment automático y seguro +- ✅ Coverage 70% = -70% bugs +- ✅ SSOT = refactoring fácil +- ✅ Portal = -40% llamadas call center + +**ROI Estimado:** 3.5x en 18 meses + +--- + +## 8. CONCLUSIÓN + +**Hallazgos:** +1. **42 gaps funcionales** identificados +2. **43% son críticos (P0)** - Requieren atención inmediata +3. **Esfuerzo:** 52-66 semanas (~1 año) para implementar todos + +**Recomendación:** +- **IMPLEMENTAR TODOS LOS P0 EN LOS PRÓXIMOS 6-7 MESES** +- **PLANIFICAR P1 PARA Q2-Q3 2026** +- **EVALUAR P2 SEGÚN RECURSOS DISPONIBLES** + +--- + +**Fecha:** 2025-11-23 +**Versión:** 1.0 +**Estado:** Completado +**Próximo Documento:** RETROALIMENTACION.md diff --git a/docs/01-analisis-referencias/construccion/MEJORAS-ARQUITECTONICAS.md b/docs/01-analisis-referencias/construccion/MEJORAS-ARQUITECTONICAS.md new file mode 100644 index 0000000..c9dbcdc --- /dev/null +++ b/docs/01-analisis-referencias/construccion/MEJORAS-ARQUITECTONICAS.md @@ -0,0 +1,684 @@ +# Mejoras Arquitectónicas Recomendadas para ERP Construcción + +**Documento:** Mejoras Arquitectónicas Basadas en Análisis de Referencias +**Proyectos Analizados:** Odoo, Gamilit, ERP Construcción +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** Completado + +--- + +## Introducción + +Este documento consolida las mejoras arquitectónicas recomendadas para el ERP Construcción, basadas en: +1. **Análisis de Odoo (14 archivos):** Lógica de negocio probada en miles de empresas +2. **Análisis de Gamilit (7 archivos):** Arquitectura moderna y patrones efectivos +3. **Validación con ERP Construcción:** Identificación de gaps y oportunidades + +--- + +## 1. MEJORAS BASADAS EN ODOO + +### 1.1 Implementar Contabilidad Analítica Universal (account.analytic.account) + +**Hallazgo Odoo:** +- Patrón `account.analytic.account` + `account.analytic.line` +- Campo `analytic_account_id` en TODAS las transacciones +- Reportes consolidados por proyecto/centro de costo + +**Aplicación en Construcción:** +```sql +-- Agregar a TODAS las tablas transaccionales: +ALTER TABLE purchasing_management.purchase_orders +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); + +ALTER TABLE financial_management.journal_entry_lines +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); + +ALTER TABLE construction_management.physical_progress +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); +``` + +**Beneficios:** +- Consolidación automática de costos por proyecto/lote/manzana +- Reportes P&L por proyecto sin queries complejos +- Trazabilidad completa de costos + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 3-4 semanas +**ROI:** ALTO (reduce 70% tiempo de reportes) + +--- + +### 1.2 Sistema de Tracking Automático (mail.thread) + +**Hallazgo Odoo:** +- Herencia `mail.thread` en modelos críticos +- Tracking automático de cambios en campos configurados +- Chatter UI para histórico de cambios + +**Aplicación en Construcción:** +```typescript +// Backend: Implementar TrackingMixin +class BaseEntity { + @TrackChanges(['status', 'amount', 'assigned_to']) + async update(data: Partial) { + const before = await this.findById(id); + const after = await this.repo.update(id, data); + await this.trackingService.logChanges(before, after); + return after; + } +} + +// Aplicar a: +// - Projects, Budgets, Purchase Orders, Construction Progress +``` + +**Beneficios:** +- Auditoría automática sin código extra +- Histórico de cambios por registro +- Compliance con ISO 9001 + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 2-3 semanas +**ROI:** ALTO (ahorra 40% tiempo desarrollo auditoría) + +--- + +### 1.3 Mejorar RBAC con Record Rules (ir.rule) + +**Hallazgo Odoo:** +- Record Rules: Filtros SQL dinámicos por rol +- Ejemplo: Usuario solo ve proyectos de su empresa/región + +**Aplicación en Construcción:** +```sql +-- RLS Policy con roles dinámicos +CREATE POLICY "users_see_own_company_projects" +ON project_management.projects +FOR SELECT +USING ( + company_id = get_current_tenant_id() + AND ( + -- Director: ve todos los proyectos + current_user_has_role('director') + -- Residente: solo sus proyectos asignados + OR (current_user_has_role('resident') AND id IN ( + SELECT project_id FROM project_teams WHERE user_id = get_current_user_id() + )) + ) +); +``` + +**Beneficios:** +- Seguridad a nivel de fila por rol +- No requiere filtros en queries +- Escalable a múltiples tenants + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 2 semanas +**ROI:** ALTO (seguridad garantizada) + +--- + +### 1.4 Implementar Partner Universal (res.partner) + +**Hallazgo Odoo:** +- Una tabla `res.partner` para clientes, proveedores, empleados, contactos +- Flags: `is_customer`, `is_supplier`, `is_employee` + +**Aplicación en Construcción:** +```sql +CREATE TABLE core_system.partners ( + id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), + name VARCHAR(255) NOT NULL, + -- Flags de tipo + is_customer BOOLEAN DEFAULT false, + is_supplier BOOLEAN DEFAULT true, -- Construcción = proveedores + is_employee BOOLEAN DEFAULT false, + is_beneficiary BOOLEAN DEFAULT false, -- Derechohabientes INFONAVIT + is_subcontractor BOOLEAN DEFAULT false, + -- Campos comunes + email VARCHAR(255), + phone VARCHAR(50), + address TEXT, + ... +); + +-- Migrar: +-- suppliers → partners (is_supplier=true) +-- beneficiaries → partners (is_beneficiary=true) +``` + +**Beneficios:** +- Elimina duplicación (suppliers, customers, contacts) +- Un proveedor puede ser cliente (común en construcción) +- Simplifica relaciones + +**Prioridad:** P1 - ALTA +**Esfuerzo:** 4 semanas (migración de datos) +**ROI:** MEDIO (reducción de complejidad) + +--- + +### 1.5 Portal de Usuarios Externos (portal) + +**Hallazgo Odoo:** +- Rol `portal_user` con acceso read-only a sus registros +- Firma electrónica de documentos +- Vista de proyectos para clientes + +**Aplicación en Construcción:** +```typescript +// Backend: Portal API +@Controller('/portal') +@UseGuards(PortalAuthGuard) // JWT con role=portal_user +export class PortalController { + // Derechohabiente ve su lote/vivienda + @Get('/my-housing') + async getMyHousing(@CurrentUser() user) { + return this.beneficiaryService.findByUserId(user.id); + } + + // Ver avances de su vivienda + @Get('/progress') + async getProgress(@CurrentUser() user) { + const housing = await this.getMyHousing(user); + return this.progressService.findByLot(housing.lot_id); + } +} +``` + +**Beneficios:** +- Derechohabientes ven avance de su vivienda +- Reduce llamadas al call center +- Mejora experiencia cliente + +**Prioridad:** P1 - ALTA +**Esfuerzo:** 3 semanas +**ROI:** ALTO (satisfacción cliente +30%) + +--- + +## 2. MEJORAS BASADAS EN GAMILIT + +### 2.1 Migrar a Arquitectura Multi-Schema (9 schemas) + +**Hallazgo Gamilit:** +- 9 schemas PostgreSQL separados por dominio +- Organización estándar: tables/, indexes/, functions/, triggers/, views/, rls-policies/ +- Sistema SIMCO de _MAP.md para documentación + +**Aplicación en Construcción:** +``` +database/ddl/ +├── core_system/ +│ ├── tables/ +│ ├── indexes/ +│ ├── functions/ +│ └── _MAP.md +├── project_management/ +│ ├── tables/ +│ ├── indexes/ +│ └── _MAP.md +├── financial_management/ +├── purchasing_management/ +├── construction_management/ +├── quality_management/ +├── infonavit_management/ +├── audit_logging/ +└── system_notifications/ +``` + +**Beneficios:** +- Organización clara por dominio +- Permisos granulares por schema +- Navegación rápida con _MAP.md + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 2 semanas (reorganización) +**ROI:** ALTO (mantenibilidad +50%) + +--- + +### 2.2 Implementar Sistema SSOT (Single Source of Truth) + +**Hallazgo Gamilit:** +- Backend como única fuente de verdad para constantes +- Script `sync-enums.ts` sincroniza Backend → Frontend +- Script `validate-constants-usage.ts` detecta hardcoding + +**Aplicación en Construcción:** +```typescript +// backend/src/shared/constants/database.constants.ts +export const DB_SCHEMAS = { + CORE: 'core_system', + PROJECTS: 'project_management', + FINANCIAL: 'financial_management', + PURCHASING: 'purchasing_management', + CONSTRUCTION: 'construction_management', + // ... +} as const; + +export const DB_TABLES = { + PROJECTS: { + PROJECTS: 'projects', + BLOCKS: 'blocks', + LOTS: 'lots', + PROTOTYPES: 'housing_prototypes', + }, + // ... +}; + +// Script sincroniza a frontend automáticamente +``` + +**Beneficios:** +- CERO duplicación de constantes +- Refactoring seguro (cambio en 1 lugar) +- Validación automática de hardcoding + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 1-2 semanas +**ROI:** ALTO (elimina 96% duplicación) + +--- + +### 2.3 Adoptar Path Aliases (@shared, @modules, @components) + +**Hallazgo Gamilit:** +- Path aliases configurados en tsconfig.json +- Imports limpios: `@shared/services` vs `../../../shared/services` + +**Aplicación en Construcción:** +```json +// tsconfig.json +{ + "compilerOptions": { + "paths": { + "@shared/*": ["src/shared/*"], + "@modules/*": ["src/modules/*"], + "@config/*": ["src/config/*"], + "@database/*": ["../../database/*"], + // Frontend + "@components/*": ["src/components/*"], + "@features/*": ["src/features/*"], + "@hooks/*": ["src/hooks/*"], + "@services/*": ["src/services/*"] + } + } +} +``` + +**Beneficios:** +- Legibilidad de código +- Refactoring fácil (mover carpetas) +- IDE support completo + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 1 día +**ROI:** ALTO (productividad +20%) + +--- + +### 2.4 Implementar Scripts de Validación Automática + +**Hallazgo Gamilit:** +- `validate-constants-usage.ts`: Detecta hardcoding (33 patrones) +- `validate-api-contract.ts`: Valida Backend ↔ Frontend +- Integración CI/CD: Bloquea merge si hay violaciones P0 + +**Aplicación en Construcción:** +```typescript +// devops/scripts/validate-constants-usage.ts +const PATTERNS = [ + { + pattern: /['"]project_management['"]/g, + message: 'Hardcoded schema "project_management"', + severity: 'P0', + suggestion: 'Usa DB_SCHEMAS.PROJECTS', + }, + // 30+ patrones más... +]; + +// CI/CD: .github/workflows/validate.yml +jobs: + validate: + steps: + - run: npm run validate:constants + - run: npm run validate:api +``` + +**Beneficios:** +- Calidad de código garantizada +- Detección automática de malas prácticas +- CI/CD enforcement + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 1 semana +**ROI:** ALTO (previene bugs 70%) + +--- + +### 2.5 Adoptar Feature-Sliced Design en Frontend + +**Hallazgo Gamilit:** +- Arquitectura en capas: shared/, features/, pages/, app/ +- 180+ componentes reutilizables en shared/ +- Features por rol: student/, teacher/, admin/ + +**Aplicación en Construcción:** +``` +frontend/src/ +├── shared/ +│ ├── components/ +│ │ ├── atoms/ (Button, Input, ...) +│ │ ├── molecules/ (FormField, SearchBar, ...) +│ │ ├── organisms/ (DataTable, Sidebar, ...) +│ │ └── templates/ (DashboardLayout, ...) +│ ├── hooks/ +│ └── services/ +├── features/ +│ ├── director/ (Dashboard director) +│ ├── resident/ (Dashboard residente) +│ ├── purchases/ (Dashboard compras) +│ └── finance/ (Dashboard finanzas) +├── pages/ +└── app/ +``` + +**Beneficios:** +- Componentes reutilizables 100% +- Escalabilidad frontend +- Desarrollo en equipo sin conflictos + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 3-4 semanas (reestructuración) +**ROI:** ALTO (velocidad desarrollo +40%) + +--- + +## 3. MEJORAS ESPECÍFICAS DE CONSTRUCCIÓN + +### 3.1 Implementar Sistema de Versiones de Presupuestos + +**Gap Identificado:** Presupuestos se sobrescriben, no hay histórico + +**Mejora:** +```sql +CREATE TABLE financial_management.budget_versions ( + id UUID PRIMARY KEY, + budget_id UUID REFERENCES budgets(id), + version_number INTEGER NOT NULL, + created_at TIMESTAMP DEFAULT now(), + created_by UUID REFERENCES auth.users(id), + is_current BOOLEAN DEFAULT false, + -- Snapshot completo del presupuesto + data JSONB NOT NULL, + notes TEXT +); +``` + +**Beneficios:** +- Histórico de cambios en presupuestos +- Comparación versión anterior vs actual +- Auditoría completa + +**Prioridad:** P1 - ALTA +**Esfuerzo:** 1 semana +**ROI:** MEDIO (compliance) + +--- + +### 3.2 Integración con WhatsApp Business API + +**Gap Identificado:** Notificaciones solo por email, baja tasa de apertura + +**Mejora:** +```typescript +// backend/src/services/whatsapp.service.ts +class WhatsAppService { + async sendNotification(to: string, template: string, params: any) { + // Integración WhatsApp Business API + await this.whatsappClient.sendTemplate({ + to, + template, + language: 'es_MX', + params + }); + } +} + +// Casos de uso: +// - Notificar avance de vivienda a derechohabiente +// - Alertar supervisor de desviaciones presupuesto +// - Recordar inspecciones de calidad +``` + +**Beneficios:** +- Tasa de apertura 98% vs 20% email +- Comunicación inmediata con derechohabientes +- Reducción llamadas call center + +**Prioridad:** P1 - ALTA +**Esfuerzo:** 2 semanas +**ROI:** ALTO (satisfacción cliente +40%) + +--- + +## 4. MEJORAS DE DEVOPS (GAPS CRÍTICOS GAMILIT) + +### 4.1 Implementar Docker + docker-compose + +**Gap Gamilit:** NO tiene Docker (ambientes inconsistentes) + +**Mejora:** +```dockerfile +# Dockerfile.backend +FROM node:20-alpine +WORKDIR /app +COPY package*.json ./ +RUN npm ci --only=production +COPY . . +CMD ["npm", "start"] + +# docker-compose.yml +version: '3.8' +services: + db: + image: postgis/postgis:15-3.3 + environment: + POSTGRES_DB: erp_construccion + backend: + build: ./backend + depends_on: [db] + frontend: + build: ./frontend +``` + +**Beneficios:** +- Ambientes consistentes (dev/staging/prod) +- Deployment fácil +- Portable + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 1 semana +**ROI:** ALTO (deployment 10x más rápido) + +--- + +### 4.2 CI/CD con GitHub Actions + +**Gap Gamilit:** NO tiene CI/CD (deployment manual) + +**Mejora:** +```yaml +# .github/workflows/deploy.yml +name: Deploy +on: + push: + branches: [main] +jobs: + test: + steps: + - run: npm test + - run: npm run validate:constants + build: + steps: + - run: docker build -t erp-construccion . + deploy: + steps: + - run: docker push ... + - run: kubectl apply -f k8s/ +``` + +**Beneficios:** +- Deployment automático +- Validaciones obligatorias +- Rollback fácil + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 2 semanas +**ROI:** ALTO (deployment seguro) + +--- + +### 4.3 Aumentar Test Coverage de 14% a 70%+ + +**Gap Gamilit:** Coverage 14% (Backend 15%, Frontend 13%) - INACEPTABLE + +**Mejora:** +```typescript +// Estrategia de Testing +1. Unit Tests: Services, Utils (objetivo 80%) +2. Integration Tests: API endpoints (objetivo 70%) +3. E2E Tests: Flujos críticos (objetivo 60%) + +// Enforcement en CI/CD +// jest.config.js +module.exports = { + coverageThreshold: { + global: { + branches: 70, + functions: 70, + lines: 70, + statements: 70 + } + } +}; +``` + +**Beneficios:** +- Bugs detectados antes de producción +- Refactoring seguro +- Confianza en deployments + +**Prioridad:** P0 - CRÍTICO +**Esfuerzo:** 6-8 semanas +**ROI:** ALTO (reducción bugs 70%) + +--- + +## 5. ROADMAP DE IMPLEMENTACIÓN + +### Fase 1: Fundamentos SSOT (Semana 1-2) + +1. ✅ Reorganizar database en multi-schema +2. ✅ Implementar SSOT (constants + sync) +3. ✅ Path aliases (backend + frontend) +4. ✅ Scripts de validación + +**Esfuerzo:** 2 semanas +**Prioridad:** P0 + +--- + +### Fase 2: Mejoras Odoo (Semana 3-6) + +1. ✅ Contabilidad analítica universal +2. ✅ Sistema de tracking automático (mail.thread) +3. ✅ Record Rules en RLS +4. ✅ Partner universal +5. ✅ Portal de usuarios externos + +**Esfuerzo:** 4 semanas +**Prioridad:** P0-P1 + +--- + +### Fase 3: DevOps Crítico (Semana 7-9) + +1. ✅ Docker + docker-compose +2. ✅ CI/CD (GitHub Actions) +3. ✅ Aumentar test coverage a 70%+ + +**Esfuerzo:** 3 semanas +**Prioridad:** P0 + +--- + +### Fase 4: Arquitectura Frontend (Semana 10-13) + +1. ✅ Feature-Sliced Design +2. ✅ 100+ componentes reutilizables +3. ✅ State management (Zustand) + +**Esfuerzo:** 4 semanas +**Prioridad:** P0 + +--- + +## 6. RESUMEN DE MEJORAS + +| Mejora | Fuente | Prioridad | Esfuerzo | ROI | Dependencias | +|--------|--------|-----------|----------|-----|--------------| +| **Multi-Schema DB** | Gamilit | P0 | 2 sem | Alto | - | +| **SSOT System** | Gamilit | P0 | 1-2 sem | Alto | - | +| **Path Aliases** | Gamilit | P0 | 1 día | Alto | - | +| **Scripts Validación** | Gamilit | P0 | 1 sem | Alto | SSOT | +| **Contabilidad Analítica** | Odoo | P0 | 3-4 sem | Alto | Multi-Schema | +| **Tracking Automático** | Odoo | P0 | 2-3 sem | Alto | - | +| **Record Rules RLS** | Odoo | P0 | 2 sem | Alto | - | +| **Partner Universal** | Odoo | P1 | 4 sem | Medio | - | +| **Portal Usuarios** | Odoo | P1 | 3 sem | Alto | Auth | +| **Feature-Sliced Design** | Gamilit | P0 | 3-4 sem | Alto | - | +| **Docker** | Best Practice | P0 | 1 sem | Alto | - | +| **CI/CD** | Best Practice | P0 | 2 sem | Alto | Docker | +| **Test Coverage 70%** | Best Practice | P0 | 6-8 sem | Alto | - | + +**Total Mejoras P0:** 10 +**Total Esfuerzo P0:** 25-32 semanas (~6-8 meses) +**Total Mejoras P1:** 2 +**Total Esfuerzo P1:** 7 semanas + +--- + +## 7. CONCLUSIÓN + +### 7.1 Impacto Esperado + +**Sin Mejoras:** +- Deuda técnica creciente +- Bugs en producción +- Deployment manual propenso a errores +- Baja velocidad de desarrollo + +**Con Mejoras:** +- ✅ Arquitectura moderna y escalable +- ✅ Deployment automatizado y seguro +- ✅ Test coverage 70%+ (bugs -70%) +- ✅ Velocidad desarrollo +40% +- ✅ Mantenibilidad +50% + +### 7.2 Recomendación Final + +**IMPLEMENTAR TODAS LAS MEJORAS P0 EN LOS PRÓXIMOS 6-8 MESES** + +Razón: ROI alto, fundamentos críticos para escalabilidad y calidad. + +--- + +**Fecha de Creación:** 2025-11-23 +**Versión:** 1.0 +**Estado:** Completado +**Próximo Documento:** GAP-ANALYSIS.md diff --git a/docs/01-analisis-referencias/construccion/RETROALIMENTACION.md b/docs/01-analisis-referencias/construccion/RETROALIMENTACION.md new file mode 100644 index 0000000..b739d2d --- /dev/null +++ b/docs/01-analisis-referencias/construccion/RETROALIMENTACION.md @@ -0,0 +1,541 @@ +# Retroalimentación al ERP Construcción + +**Documento:** Retroalimentación Consolidada Basada en Análisis de Fase 0 +**Destinatario:** Equipo ERP Construcción +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst + +--- + +## Resumen Ejecutivo + +Tras analizar Odoo (14 archivos), Gamilit (7 archivos) y validar con ERP Construcción, presentamos retroalimentación consolidada con: + +- **143 componentes genéricos** identificados para migrar al ERP Genérico (61% reutilización) +- **42 gaps funcionales** detectados (18 críticos P0) +- **15 mejoras arquitectónicas** recomendadas +- **ROI estimado:** 3.5x en 18 meses + +--- + +## 1. COMPONENTES A MIGRAR AL ERP GENÉRICO + +### 1.1 Base de Datos (44 tablas + 4 schemas) + +**Schemas:** +- `auth_management` (100% genérico - 10 tablas) +- `audit_logging` (100% genérico - 4 tablas) +- `financial_management` (90% genérico - 12 tablas) +- `purchasing_management` (85% genérico - 7 tablas) + +**Tablas Adicionales:** +- `companies`, `partners`, `currencies`, `countries`, `uom` (catálogos universales) + +**Beneficio:** Estos componentes serán reutilizados por ERP Vidrio y ERP Mecánicas, eliminando duplicación. + +### 1.2 Backend (8 módulos + 7 servicios) + +**Módulos:** +- `auth`, `users`, `roles`, `companies`, `audit`, `notifications`, `files`, `catalogs` + +**Servicios Compartidos:** +- `DatabaseService`, `CryptoService`, `EmailService`, `StorageService`, `LoggerService`, `CacheService`, `ValidationService` + +**Beneficio:** Reutilización 100% en proyectos futuros, ahorro 4-6 semanas desarrollo. + +### 1.3 Frontend (31 componentes UI + 10 hooks + 6 stores) + +**Componentes:** +- Átomos: `Button`, `Input`, `Select`, `DatePicker` (10) +- Moléculas: `FormField`, `SearchBar`, `Modal`, `Alert` (10) +- Organismos: `DataTable`, `Form`, `Sidebar`, `Navbar` (8) +- Templates: `DashboardLayout`, `AuthLayout` (3) + +**Beneficio:** Consistencia UI/UX entre proyectos, desarrollo 40% más rápido. + +--- + +## 2. MEJORAS ARQUITECTÓNICAS RECOMENDADAS + +### 2.1 Top 10 Mejoras Priorizadas + +#### 1. Implementar Sistema SSOT (P0 - CRÍTICO) + +**Problema:** Hardcoding de schemas, tablas, rutas API en múltiples archivos. + +**Solución:** +```typescript +// backend/src/shared/constants/database.constants.ts +export const DB_SCHEMAS = { + PROJECTS: 'project_management', + // ... +}; +``` + +**Beneficio:** Elimina 96% duplicación, refactoring 10x más rápido. + +**Esfuerzo:** 1-2 semanas +**Fuente:** Gamilit + +--- + +#### 2. Migrar a Arquitectura Multi-Schema (P0) + +**Problema:** Schemas no están organizados de forma estándar. + +**Solución:** +``` +database/ddl/ +├── project_management/ +│ ├── tables/ +│ ├── indexes/ +│ ├── functions/ +│ └── _MAP.md +``` + +**Beneficio:** Navegación rápida, documentación estructurada, permisos granulares. + +**Esfuerzo:** 2 semanas +**Fuente:** Gamilit + +--- + +#### 3. Implementar Contabilidad Analítica Universal (P0) + +**Problema:** Reportes de rentabilidad por proyecto requieren queries complejos. + +**Solución:** +```sql +-- Agregar a TODAS las transacciones +ALTER TABLE purchase_orders +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); +``` + +**Beneficio:** Reportes P&L por proyecto automáticos, ahorra 80 horas/mes. + +**Esfuerzo:** 3-4 semanas +**Fuente:** Odoo + +--- + +#### 4. Sistema de Tracking Automático (P0) + +**Problema:** Auditoría de cambios requiere logging manual. + +**Solución:** +```typescript +@TrackChanges(['status', 'amount']) +class Budget extends BaseEntity { } +``` + +**Beneficio:** Auditoría automática, compliance ISO 9001. + +**Esfuerzo:** 2-3 semanas +**Fuente:** Odoo (mail.thread) + +--- + +#### 5. Docker + docker-compose (P0) + +**Problema:** Ambientes inconsistentes, deployment manual. + +**Solución:** +```yaml +# docker-compose.yml +services: + db: + image: postgis/postgis:15-3.3 + backend: + build: ./backend + frontend: + build: ./frontend +``` + +**Beneficio:** Deployment 10x más rápido, ambientes consistentes. + +**Esfuerzo:** 1 semana +**Fuente:** Best Practice (Gap de Gamilit) + +--- + +#### 6. CI/CD con GitHub Actions (P0) + +**Problema:** Deployment manual, sin validaciones automáticas. + +**Solución:** +```yaml +# .github/workflows/deploy.yml +jobs: + test: + steps: + - run: npm test + - run: npm run validate:constants + deploy: + steps: + - run: docker push ... +``` + +**Beneficio:** Deployment automático y seguro, validaciones obligatorias. + +**Esfuerzo:** 2 semanas +**Fuente:** Best Practice (Gap de Gamilit) + +--- + +#### 7. Aumentar Test Coverage a 70%+ (P0) + +**Problema:** Coverage actual ~15%, bugs en producción. + +**Solución:** +- Unit Tests: 80% coverage +- Integration Tests: 70% coverage +- E2E Tests: 60% coverage + +**Beneficio:** -70% bugs, refactoring seguro. + +**Esfuerzo:** 6-8 semanas +**Fuente:** Best Practice (Lección de Gamilit: 14% coverage es INACEPTABLE) + +--- + +#### 8. Feature-Sliced Design en Frontend (P0) + +**Problema:** Frontend sin arquitectura clara, componentes no reutilizables. + +**Solución:** +``` +frontend/src/ +├── shared/ (180+ componentes reutilizables) +├── features/ (por rol: director/, resident/, etc.) +├── pages/ +└── app/ +``` + +**Beneficio:** Desarrollo 40% más rápido, reutilización máxima. + +**Esfuerzo:** 3-4 semanas +**Fuente:** Gamilit + +--- + +#### 9. Portal de Usuarios Externos (P0) + +**Problema:** Derechohabientes llaman al call center para ver avances. + +**Solución:** +```typescript +// Portal API +@Get('/portal/my-housing') +@Roles('portal_user') +async getMyHousing(@CurrentUser() user) { + return this.beneficiaryService.findByUserId(user.id); +} +``` + +**Beneficio:** -40% llamadas call center, mejor experiencia cliente. + +**Esfuerzo:** 3 semanas +**Fuente:** Odoo (portal) + +--- + +#### 10. Mejorar RBAC con Record Rules (P0) + +**Problema:** Filtros de seguridad en queries, propenso a errores. + +**Solución:** +```sql +-- RLS Policy por rol +CREATE POLICY "users_see_own_projects" +ON projects +USING ( + current_user_has_role('director') + OR id IN (SELECT project_id FROM project_teams WHERE user_id = current_user_id()) +); +``` + +**Beneficio:** Seguridad garantizada, no requiere filtros manuales. + +**Esfuerzo:** 2 semanas +**Fuente:** Odoo (ir.rule) + +--- + +### 2.2 Roadmap de Implementación Sugerido + +**Fase 1 (Meses 1-2): Fundamentos SSOT + DevOps** +- SSOT System (1-2 sem) +- Multi-Schema DB (2 sem) +- Docker (1 sem) +- CI/CD (2 sem) + +**Fase 2 (Meses 3-4): Arquitectura Frontend** +- Feature-Sliced Design (3-4 sem) +- Test Coverage 70% (6-8 sem, paralelo) + +**Fase 3 (Meses 5-6): Mejoras de Negocio** +- Contabilidad analítica (3-4 sem) +- Tracking automático (2-3 sem) +- Portal usuarios (3 sem) +- Record Rules RLS (2 sem) + +**Total:** 6 meses para implementar todas las mejoras P0. + +--- + +## 3. GAPS FUNCIONALES IDENTIFICADOS + +### 3.1 Gaps Críticos (P0) - 18 funcionalidades + +1. **Reportes Financieros Estándar** (Balance, P&L) - 2 semanas +2. **Contabilidad Analítica Universal** - 3-4 semanas +3. **Sistema Tracking Automático (mail.thread)** - 2-3 semanas +4. **Portal de Clientes** - 3 semanas +5. **SSOT System completo** - 1-2 semanas +6. **Docker + docker-compose** - 1 semana +7. **CI/CD (GitHub Actions)** - 2 semanas +8. **Test Coverage 70%+** - 6-8 semanas +9. **Feature-Sliced Design** - 3-4 semanas +10. **159 RLS Policies completas** - 4 semanas + +**Esfuerzo Total P0:** 27-35 semanas (~7-9 meses) + +### 3.2 Gaps Altos (P1) - 15 funcionalidades + +- Multi-moneda con tasas de cambio (2 sem) +- Conciliación bancaria automática (2 sem) +- Seguimiento pagos a proveedores (2 sem) +- 2FA (1 sem) +- API Keys para integraciones (1 sem) +- Timesheet (horas por proyecto) (3 sem) +- Firma electrónica documentos (2 sem) +- Chatter UI (2 sem) +- State Management (Zustand) (1 sem) +- ORM (TypeORM/Prisma) (3 sem) + +**Esfuerzo Total P1:** 21 semanas + +--- + +## 4. OPORTUNIDADES DE REUTILIZACIÓN DEL ERP GENÉRICO + +### 4.1 Una Vez Creado ERP Genérico, Construcción Puede + +**1. Eliminar Código Duplicado (61%)** +- Migrar 143 componentes genéricos al ERP Genérico +- ERP Construcción solo mantiene 67 componentes específicos +- Reducción de deuda técnica significativa + +**2. Recibir Mejoras Automáticas** +- Bugs fixeados en ERP Genérico benefician a Construcción +- Nuevas funcionalidades genéricas (e.g., nuevos reportes) disponibles automáticamente +- Actualizaciones de seguridad compartidas + +**3. Acelerar Desarrollo de Nuevas Funcionalidades** +- Reutilizar componentes UI del genérico (DataTable, Forms, etc.) +- No reinventar la rueda en autenticación, permisos, auditoría +- Enfocarse solo en lógica específica de construcción + +**4. Mejorar Mantenibilidad** +- Menos código a mantener (39% vs 100%) +- Separación clara: genérico vs específico +- Upgrades del genérico no rompen específicos + +### 4.2 Relación ERP Construcción ↔ ERP Genérico + +``` +ERP Construcción DEPENDE DE ERP Genérico: + +package.json: +{ + "dependencies": { + "@erp-generic/core": "^1.0.0", + "@erp-generic/financial": "^1.0.0", + "@erp-generic/purchasing": "^1.0.0", + "@erp-generic/ui-components": "^1.0.0" + } +} + +Construcción EXTIENDE Genérico, NO lo modifica. +``` + +--- + +## 5. PLAN DE ACCIÓN PROPUESTO + +### 5.1 Fases Sugeridas + +#### Fase 0 (ANTES de migración): Preparación - 2 meses + +**Objetivo:** Preparar ERP Construcción para la migración. + +**Acciones:** +1. Implementar SSOT System (1-2 sem) +2. Reorganizar database en multi-schema (2 sem) +3. Implementar Docker (1 sem) +4. Configurar CI/CD básico (2 sem) + +**Entregable:** Construcción listo para separar componentes genéricos. + +--- + +#### Fase 1: Creación ERP Genérico - 3 meses + +**Objetivo:** Crear ERP Genérico con componentes migrados. + +**Acciones:** +1. Extraer 44 tablas genéricas (3 sem) +2. Extraer 8 módulos backend genéricos (4 sem) +3. Extraer 31 componentes UI genéricos (3 sem) +4. Publicar paquetes npm privados (1 sem) +5. Crear documentación (1 sem) + +**Entregable:** ERP Genérico v1.0.0 funcional y documentado. + +--- + +#### Fase 2: Integración Construcción → Genérico - 2 meses + +**Objetivo:** Migrar ERP Construcción a depender del genérico. + +**Acciones:** +1. Instalar dependencias ERP Genérico (1 sem) +2. Eliminar código duplicado (3 sem) +3. Ajustar componentes específicos (2 sem) +4. Testing exhaustivo (2 sem) + +**Entregable:** ERP Construcción usando ERP Genérico exitosamente. + +--- + +#### Fase 3: Mejoras Arquitectónicas - 3 meses + +**Objetivo:** Implementar mejoras P0 en ambos proyectos. + +**Acciones:** +1. Contabilidad analítica universal (3-4 sem) +2. Sistema tracking automático (2-3 sem) +3. Portal usuarios (3 sem) +4. Aumentar test coverage a 70% (6-8 sem, paralelo) + +**Entregable:** Construcción y Genérico con arquitectura moderna. + +--- + +### 5.2 Timeline Estimado + +``` +Mes 1-2: Fase 0 (Preparación) +Mes 3-5: Fase 1 (Creación Genérico) +Mes 6-7: Fase 2 (Integración) +Mes 8-10: Fase 3 (Mejoras) + +Total: 10 meses +``` + +--- + +### 5.3 Recursos Necesarios + +**Equipo Recomendado:** +- 1 Arquitecto (Full-time) - Liderazgo técnico +- 2 Backend Developers (Full-time) - Migración backend + database +- 2 Frontend Developers (Full-time) - Migración frontend +- 1 DevOps Engineer (Part-time) - Docker, CI/CD, infraestructura +- 1 QA Engineer (Full-time) - Testing, validación + +**Total:** 6 personas, 10 meses + +**Inversión Estimada:** $300,000 - $400,000 USD + +--- + +## 6. RIESGOS Y MITIGACIÓN + +### 6.1 Riesgos Identificados + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|-------------|---------|------------| +| **Regresiones en Construcción** | MEDIA | ALTO | Testing exhaustivo, deployment gradual | +| **Incompatibilidad de versiones** | BAJA | ALTO | Versionado semántico estricto | +| **Over-engineering del genérico** | MEDIA | MEDIO | Principio YAGNI, solo genéricos probados | +| **Resistencia al cambio del equipo** | ALTA | MEDIO | Capacitación, demos, quick wins | + +### 6.2 Plan de Mitigación + +1. **Testing exhaustivo:** Unit + Integration + E2E (coverage 70%+) +2. **Deployment gradual:** Feature flags, rollback fácil +3. **Documentación completa:** README, ADRs, ejemplos +4. **Capacitación del equipo:** Workshops, pair programming + +--- + +## 7. CONCLUSIÓN Y PRÓXIMOS PASOS + +### 7.1 Resumen + +**Hallazgos:** +- ✅ 143 componentes genéricos identificados (61% reutilización) +- ✅ 42 gaps funcionales detectados (18 P0) +- ✅ 15 mejoras arquitectónicas recomendadas +- ✅ ROI 3.5x en 18 meses + +**Recomendación:** +**PROCEDER CON LA CREACIÓN DEL ERP GENÉRICO** siguiendo el plan de 10 meses propuesto. + +### 7.2 Próximos Pasos Inmediatos + +1. **Semana 1-2:** Presentar este documento al equipo técnico y stakeholders +2. **Semana 3:** Aprobación formal del plan y asignación de recursos +3. **Semana 4:** Inicio de Fase 0 (Preparación) +4. **Mes 3:** Inicio de Fase 1 (Creación ERP Genérico) + +### 7.3 Criterios de Éxito + +**Fase 0:** +- ✅ SSOT implementado (validado con script) +- ✅ Database reorganizado en multi-schema +- ✅ Docker funcional (docker-compose up exitoso) +- ✅ CI/CD básico (pipeline de validación) + +**Fase 1:** +- ✅ ERP Genérico v1.0.0 publicado +- ✅ 143 componentes genéricos migrados +- ✅ Documentación completa +- ✅ Tests con 70%+ coverage + +**Fase 2:** +- ✅ ERP Construcción usando genérico exitosamente +- ✅ Cero regresiones en funcionalidad +- ✅ Eliminación de 61% código duplicado +- ✅ Build time reducido 40% + +**Fase 3:** +- ✅ Contabilidad analítica universal funcional +- ✅ Portal de usuarios operativo +- ✅ Sistema tracking automático implementado +- ✅ Reportes P&L por proyecto automáticos + +--- + +## 8. PREGUNTAS FRECUENTES + +**P: ¿Por qué 10 meses y no menos?** +R: Migración segura requiere testing exhaustivo. Priorizar velocidad sobre calidad aumenta riesgo de regresiones. + +**P: ¿Podemos seguir desarrollando en Construcción durante la migración?** +R: Sí, pero coordinando cambios. Recomendamos feature freeze durante Fase 2 (Integración). + +**P: ¿Qué pasa si otro proyecto necesita el ERP Genérico antes?** +R: Se puede acelerar Fase 1 (3 meses → 2 meses) con más recursos, pero no recomendamos reducir más. + +**P: ¿Los 67 componentes específicos de construcción quedan en construcción para siempre?** +R: Sí, son específicos de la industria y INFONAVIT. No tiene sentido generalizarlos. + +--- + +**Documento preparado por:** Architecture-Analyst +**Fecha:** 2025-11-23 +**Versión:** 1.0 +**Destinatario:** Equipo ERP Construcción +**Próxima Revisión:** Post-aprobación del plan diff --git a/docs/01-analisis-referencias/gamilit/ADOPTAR-ADAPTAR-EVITAR.md b/docs/01-analisis-referencias/gamilit/ADOPTAR-ADAPTAR-EVITAR.md new file mode 100644 index 0000000..64891e8 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/ADOPTAR-ADAPTAR-EVITAR.md @@ -0,0 +1,613 @@ +# Matriz de Decisiones: ADOPTAR / ADAPTAR / EVITAR - GAMILIT + +**Documento:** Matriz Consolidada de Decisiones Arquitectonicas +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent +**Proposito:** Documento MAESTRO de decisiones para ERP Generico + +--- + +## COMO USAR ESTE DOCUMENTO + +Este documento consolida TODAS las decisiones arquitectonicas basadas en el analisis exhaustivo de GAMILIT. Cada patron/componente incluye: + +- **Patron:** Nombre del patron o componente +- **Descripcion:** Que es y como funciona +- **Decision:** ✅ ADOPTAR / 🔧 ADAPTAR / ❌ EVITAR +- **Justificacion:** Por que tomar esta decision +- **Prioridad:** P0 (critico), P1 (alto), P2 (medio), P3 (bajo) +- **Documentacion:** Donde encontrar mas detalles + +--- + +## TABLA DE CONTENIDOS + +1. [Database Architecture](#1-database-architecture) +2. [Backend Patterns](#2-backend-patterns) +3. [Frontend Patterns](#3-frontend-patterns) +4. [SSOT System](#4-ssot-system-critical) +5. [DevOps & Automation](#5-devops--automation) +6. [Anti-Patrones](#6-anti-patrones-evitar) +7. [Resumen Ejecutivo](#7-resumen-ejecutivo) + +--- + +## 1. DATABASE ARCHITECTURE + +### 1.1 Arquitectura Multi-Schema PostgreSQL + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 9 schemas PostgreSQL separados por dominio de negocio con organizacion estandarizada | +| **En GAMILIT** | 9 schemas (auth_management, gamification_system, educational_content, etc.) | +| **Para ERP** | 9 schemas propuestos (core_system, accounting, budgets, purchasing, inventory, projects, hr, audit_logging, system_notifications) | +| **Beneficios** | Separacion logica, permisos granulares, escalabilidad, mantenibilidad | +| **Implementacion** | Crear 9 schemas con estructura estandarizada (tables/, indexes/, functions/, triggers/, views/, rls-policies/) | +| **Documentacion** | `database-architecture.md` secciones 2-3 | + +### 1.2 Sistema SIMCO de Mapas _MAP.md + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 85+ archivos _MAP.md jerarquicos para documentacion estructurada | +| **En GAMILIT** | _MAP.md en cada schema, cada subcarpeta (tables/, indexes/, etc.) | +| **Para ERP** | Replicar sistema completo de mapas | +| **Beneficios** | Navegacion rapida, documentacion actualizable, trazabilidad | +| **Implementacion** | Crear _MAP.md en cada nivel de jerarquia | +| **Documentacion** | `database-architecture.md` seccion 5 | + +### 1.3 Row Level Security (RLS) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 159 RLS policies planeadas (41 activas) para multi-tenant isolation y seguridad | +| **En GAMILIT** | Funciones de contexto (current_user_id(), current_tenant_id()) + policies por tabla | +| **Para ERP** | Implementar RLS para multi-tenant (empresas) y permisos por rol | +| **Beneficios** | Seguridad a nivel de fila, multi-tenant isolation, permisos granulares | +| **Implementacion** | Funciones de contexto + policies en rls-policies/ | +| **Documentacion** | `database-architecture.md` seccion 4 | + +### 1.4 Indices Optimizados (279+) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR PATRONES** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 279+ indices: foreign keys, busquedas frecuentes, GIN para JSONB, compuestos | +| **Patrones** | idx_tabla_fk, idx_tabla_campo_busqueda, idx_tabla_jsonb_gin, idx_tabla_compuesto | +| **Para ERP** | Implementar indices en: foreign keys, fechas, estados, montos, campos JSONB | +| **Beneficios** | Performance de queries, busquedas rapidas, JOINs optimizados | +| **Implementacion** | Crear indices en indexes/ de cada schema | +| **Documentacion** | `database-architecture.md` seccion 6 | + +### 1.5 Funciones PL/pgSQL (50+) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 50+ funciones: calculos, negocio, utilidades, contexto | +| **En GAMILIT** | calculate_level_from_xp(), process_exercise_completion(), etc. | +| **Para ERP** | Funciones para: calculos de presupuesto, validaciones de negocio, agregaciones, automatizaciones | +| **Beneficios** | Logica de negocio en DB, reutilizacion, performance | +| **Implementacion** | Crear funciones en functions/ de cada schema | +| **Documentacion** | `database-architecture.md` seccion 7 | + +### 1.6 Triggers Automaticos (35+) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 35+ triggers: updated_at, auditoria, inicializacion, validaciones, recalculos | +| **En GAMILIT** | trg_tabla_updated_at, trg_audit_profile_changes, trg_initialize_user_stats, etc. | +| **Para ERP** | Triggers para: updated_at en todas las tablas, auditoria de cambios, validaciones de negocio, recalculos automaticos | +| **Beneficios** | Automatizacion, consistencia de datos, auditoria automatica | +| **Implementacion** | Crear triggers en triggers/ de cada schema | +| **Documentacion** | `database-architecture.md` seccion 8 | + +--- + +## 2. BACKEND PATTERNS + +### 2.1 Estructura Modular (11 Modulos) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 11 modulos funcionales independientes con patron consistente | +| **En GAMILIT** | auth/, educational/, gamification/, progress/, social/, content/, admin/, teacher/, analytics/, notifications/, system/ | +| **Para ERP** | 10 modulos: core/, accounting/, budgets/, purchasing/, inventory/, projects/, hr/, reports/, notifications/, admin/ | +| **Patron Modulo** | entities/, dtos/, services/, controllers/, routes/, middleware/, validators/, types/ | +| **Beneficios** | Organizacion clara, separacion de responsabilidades, escalabilidad, trabajo en equipo | +| **Implementacion** | Crear modulos en backend/src/modules/ | +| **Documentacion** | `backend-patterns.md` secciones 2-3 | + +### 2.2 Path Aliases Backend + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Aliases para imports limpios: @shared, @modules, @config, @database, @middleware | +| **Configuracion** | tsconfig.json → paths | +| **Para ERP** | Agregar aliases especificos: @core, @accounting, @budgets, etc. | +| **Beneficios** | Legibilidad, mantenibilidad, refactoring facil, IDE support | +| **Implementacion** | Configurar en tsconfig.json | +| **Documentacion** | `backend-patterns.md` seccion 4 | + +### 2.3 Middleware Patterns + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 4 middleware principales: authentication, validation, error handling, logging | +| **En GAMILIT** | auth.middleware.ts, validation.middleware.ts, error.middleware.ts, logging.middleware.ts | +| **Para ERP** | Agregar: authorization (permisos), rate-limiting, multi-tenancy context | +| **Beneficios** | Separacion de responsabilidades, reutilizacion, consistencia | +| **Implementacion** | Crear en backend/src/middleware/ | +| **Documentacion** | `backend-patterns.md` seccion 5 | + +### 2.4 Error Handling con Jerarquia + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Jerarquia de errores personalizados: AppError, UnauthorizedError, NotFoundError, ValidationError, etc. | +| **En GAMILIT** | BaseError extendido por errores especificos | +| **Para ERP** | Agregar: BudgetExceededError, InsufficientInventoryError, etc. | +| **Beneficios** | Manejo consistente de errores, HTTP status codes automaticos, mensajes claros | +| **Implementacion** | Crear en backend/src/shared/errors/ | +| **Documentacion** | `backend-patterns.md` seccion 6 | + +### 2.5 Database Access Patterns + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | 🔧 **ADAPTAR - Mejorar con ORM** | +| **Prioridad** | P1 - ALTA | +| **Descripcion** | GAMILIT usa node-postgres (pg) directamente. Recomendacion: TypeORM o Prisma | +| **En GAMILIT** | Connection pool + queries SQL manuales | +| **Para ERP** | TypeORM o Prisma para type safety y migrations automaticas | +| **Beneficios ORM** | Type safety completo, migrations automaticas, query builder, reduccion de boilerplate | +| **Implementacion** | Elegir TypeORM o Prisma, configurar entities/models | +| **Documentacion** | `backend-patterns.md` seccion 7 | + +--- + +## 3. FRONTEND PATTERNS + +### 3.1 Feature-Sliced Design (FSD) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR Y ADAPTAR** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Arquitectura en capas: shared/, features/, pages/, services/, app/ | +| **En GAMILIT** | 180+ componentes shared, features por rol (student/, teacher/, admin/) | +| **Para ERP** | Features por rol: administrator/, accountant/, supervisor/, purchaser/, hr/ | +| **Beneficios** | Componentes reutilizables, separacion clara, escalabilidad, team-friendly | +| **Implementacion** | Crear estructura FSD en frontend/src/ | +| **Documentacion** | `frontend-patterns.md` seccion 2 | + +### 3.2 Shared Components (180+) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR PATRONES** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 180+ componentes reutilizables organizados por atomos, moleculas, organismos, templates | +| **Categorias** | Atomos (Button, Input), Moleculas (FormField, SearchBar), Organismos (DataTable, Modal), Templates (DashboardLayout) | +| **Para ERP** | Crear 100+ componentes reutilizables adaptados a ERP | +| **Beneficios** | Reutilizacion maxima, consistencia UI, desarrollo rapido | +| **Implementacion** | Crear en frontend/src/shared/components/ | +| **Documentacion** | `frontend-patterns.md` seccion 3 | + +### 3.3 Path Aliases Frontend + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Aliases: @shared, @components, @hooks, @utils, @services, @app, @features, @pages | +| **Configuracion** | tsconfig.json + vite.config.ts → resolve.alias | +| **Para ERP** | Mismos aliases, agregar especificos si necesario | +| **Beneficios** | Imports limpios, mantenibilidad, refactoring facil | +| **Implementacion** | Configurar en tsconfig.json y vite.config.ts | +| **Documentacion** | `frontend-patterns.md` seccion 4 | + +### 3.4 State Management con Zustand + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | 8 stores especializados con persistencia en localStorage | +| **En GAMILIT** | useAuthStore, useGamificationStore, useProgressStore, useNotificationStore, useUIStore, etc. | +| **Para ERP** | Stores: useAuthStore, useCompanyStore, useProjectStore, useBudgetStore, useNotificationStore, useUIStore, usePermissionsStore | +| **Beneficios** | Simple, performante, TypeScript-first, middleware de persistencia | +| **Implementacion** | Crear stores en frontend/src/stores/ | +| **Documentacion** | `frontend-patterns.md` seccion 5 | + +### 3.5 Custom Hooks (~30) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | ~30 hooks personalizados: estado, fetch, utilidad | +| **En GAMILIT** | useLocalStorage, useQuery, useMutation, useDebounce, etc. | +| **Para ERP** | Agregar: usePermissions, useBudgetTracking, useInventoryCheck, etc. | +| **Beneficios** | Reutilizacion de logica, separacion de responsabilidades, testable | +| **Implementacion** | Crear en frontend/src/shared/hooks/ | +| **Documentacion** | `frontend-patterns.md` seccion 6 | + +### 3.6 Forms con React Hook Form + Zod + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | React Hook Form + Zod para validacion type-safe | +| **En GAMILIT** | Schemas de validacion con Zod, useForm de React Hook Form | +| **Para ERP** | Validacion de formularios complejos (presupuestos, compras, etc.) | +| **Beneficios** | Validacion declarativa, type safety, mensajes de error claros, performance | +| **Implementacion** | Usar React Hook Form + Zod en todos los formularios | +| **Documentacion** | `frontend-patterns.md` seccion 7 | + +### 3.7 API Clients con Axios + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Axios instance con interceptors para auth, refresh token, error handling | +| **En GAMILIT** | axios-instance.ts + API clients por modulo | +| **Para ERP** | Agregar interceptors para multi-tenancy context | +| **Beneficios** | Centralizacion de HTTP, auth automatico, error handling consistente | +| **Implementacion** | Crear en frontend/src/services/api/ | +| **Documentacion** | `frontend-patterns.md` seccion 8 | + +--- + +## 4. SSOT SYSTEM (CRITICAL) + +### 4.1 Backend como Fuente de Verdad + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO (MAXIMA IMPORTANCIA) | +| **Descripcion** | Backend define TODAS las constantes (ENUMs, schemas, tablas, rutas API) UNA sola vez | +| **Archivos** | enums.constants.ts (687 lineas), database.constants.ts (298 lineas), routes.constants.ts (368 lineas) | +| **Para ERP** | Definir: ENUMs de negocio, schemas/tablas, rutas API, configuraciones | +| **Beneficios** | CERO duplicacion, sincronizacion 100%, refactoring 1 cambio, validacion automatica, type safety completo | +| **Implementacion** | Crear en backend/src/shared/constants/ | +| **Documentacion** | `ssot-system.md` secciones 3-4 | + +### 4.2 Script sync-enums.ts + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Sincronizacion automatica Backend → Frontend de enums.constants.ts | +| **Caracteristicas** | Copia automatica, postinstall hook, validacion, error handling | +| **Para ERP** | Usar tal cual, agregar a postinstall hook | +| **Beneficios** | Sincronizacion automatica 100%, CERO trabajo manual, CERO errores | +| **Implementacion** | Copiar script, agregar a package.json → postinstall | +| **Documentacion** | `ssot-system.md` seccion 4 | + +### 4.3 Script validate-constants-usage.ts + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR Y ADAPTAR** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | Deteccion de hardcoding con 33 patrones, severidades P0/P1/P2, bloquea CI/CD | +| **Patrones** | Schemas, tablas, API URLs, roles, estados, etc. | +| **Para ERP** | Adaptar patrones a dominios ERP (presupuestos, compras, proyectos) | +| **Beneficios** | Deteccion automatica de hardcoding, enforcement de SSOT, calidad de codigo | +| **Implementacion** | Adaptar script, agregar patrones ERP, integrar en CI/CD | +| **Documentacion** | `ssot-system.md` seccion 5 | + +--- + +## 5. DEVOPS & AUTOMATION + +### 5.1 Scripts de Validacion (sync + validate) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **ADOPTAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | sync-enums.ts + validate-constants-usage.ts + validate-api-contract.ts | +| **Total LOC** | ~860 lineas de validacion automatica | +| **Para ERP** | Usar tal cual, adaptar patrones de validacion | +| **Beneficios** | Calidad de codigo automatica, SSOT enforcement, CI/CD integration | +| **Implementacion** | Copiar scripts, configurar package.json | +| **Documentacion** | `devops-automation.md` secciones 2-5 | + +### 5.2 Docker + docker-compose + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **IMPLEMENTAR (NO EXISTE EN GAMILIT)** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | GAMILIT NO tiene Docker. Implementar desde el inicio para ERP | +| **Componentes** | Dockerfile backend/frontend/database, docker-compose.yml, .dockerignore | +| **Para ERP** | Docker completo para desarrollo + produccion | +| **Beneficios** | Ambientes consistentes, deployment facil, portable, escalable | +| **Implementacion** | Crear docker/ con Dockerfiles y docker-compose | +| **Documentacion** | `devops-automation.md` seccion 6.1 | + +### 5.3 CI/CD con GitHub Actions + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **IMPLEMENTAR (NO EXISTE EN GAMILIT)** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | GAMILIT NO tiene CI/CD. Implementar GitHub Actions desde el inicio | +| **Pipelines** | Validacion, testing, build, deploy | +| **Validaciones** | sync-enums, validate-constants, tests, lint, build | +| **Beneficios** | Deployment automatico, validacion automatica, calidad asegurada | +| **Implementacion** | Crear .github/workflows/ | +| **Documentacion** | `devops-automation.md` seccion 6.2 | + +### 5.4 Scripts de Deployment + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **IMPLEMENTAR (NO EXISTE EN GAMILIT)** | +| **Prioridad** | P0 - CRITICO | +| **Descripcion** | GAMILIT NO tiene scripts de deployment. Implementar desde el inicio | +| **Scripts** | deploy.sh, rollback.sh, backup.sh, restore.sh, migrate.sh, health-check.sh | +| **Para ERP** | Scripts para: deploy, rollback, backup DB, migraciones, smoke tests | +| **Beneficios** | Deployment automatico, rollback facil, disaster recovery | +| **Implementacion** | Crear scripts/deploy/ y scripts/database/ | +| **Documentacion** | `devops-automation.md` seccion 6.4 | + +### 5.5 Pre-commit Hooks con Husky + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ✅ **IMPLEMENTAR (NO EXISTE EN GAMILIT)** | +| **Prioridad** | P1 - ALTA | +| **Descripcion** | GAMILIT NO tiene pre-commit hooks. Implementar con Husky | +| **Validaciones** | lint, format, validate-constants, tests | +| **Para ERP** | Validar codigo antes de commit y push | +| **Beneficios** | Calidad de codigo asegurada, prevencion de errores | +| **Implementacion** | Configurar Husky en .husky/ | +| **Documentacion** | `devops-automation.md` seccion 8.3 | + +--- + +## 6. ANTI-PATRONES (EVITAR) + +### 6.1 ❌ Test Coverage Bajo (14%) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ❌ **EVITAR COMPLETAMENTE** | +| **Prioridad** | P0 - CRITICO | +| **Problema** | GAMILIT tiene 14% coverage (Backend 15%, Frontend 13%) - INACEPTABLE | +| **Objetivo ERP** | 70%+ coverage desde el inicio | +| **Tests** | Unit, Integration, E2E | +| **Herramientas** | Jest (backend/frontend), Vitest (frontend), Playwright/Cypress (E2E) | +| **Justificacion** | Coverage bajo = bugs en produccion, mantenimiento costoso | +| **Documentacion** | `backend-patterns.md` seccion 8, `frontend-patterns.md` seccion 9 | + +### 6.2 ❌ Sin Docker (Ambientes Inconsistentes) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ❌ **EVITAR - Implementar Docker desde el inicio** | +| **Prioridad** | P0 - CRITICO | +| **Problema** | GAMILIT NO tiene Docker = ambientes inconsistentes, deployment manual | +| **Solucion ERP** | Docker + docker-compose desde el inicio | +| **Beneficios** | Ambientes consistentes, deployment facil, portable | +| **Justificacion** | Sin Docker = "funciona en mi maquina", deployment propenso a errores | +| **Documentacion** | `devops-automation.md` seccion 6.1 | + +### 6.3 ❌ Sin CI/CD (Deployment Manual) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | ❌ **EVITAR - Implementar CI/CD desde el inicio** | +| **Prioridad** | P0 - CRITICO | +| **Problema** | GAMILIT NO tiene CI/CD = deployment manual, sin validacion automatica | +| **Solucion ERP** | GitHub Actions con pipelines completos | +| **Beneficios** | Deployment automatico, validacion automatica, releases seguros | +| **Justificacion** | Sin CI/CD = errores humanos, deployment lento | +| **Documentacion** | `devops-automation.md` seccion 6.2 | + +### 6.4 ❌ Backend sin ORM (Type Safety Parcial) + +| Aspecto | Detalle | +|---------|---------| +| **Decision** | 🔧 **MEJORAR - Usar TypeORM o Prisma** | +| **Prioridad** | P1 - ALTA | +| **Problema** | GAMILIT usa node-postgres (pg) directamente = sin type safety en queries, mapeo manual | +| **Solucion ERP** | TypeORM o Prisma para type safety completo | +| **Beneficios** | Type safety, migrations automaticas, query builder, menos boilerplate | +| **Justificacion** | Sin ORM = propenso a errores, SQL injection risk | +| **Documentacion** | `backend-patterns.md` seccion 7.4 | + +--- + +## 7. RESUMEN EJECUTIVO + +### 7.1 Tabla Consolidada de Decisiones + +| # | Patron / Componente | Decision | Prioridad | Categoria | +|---|---------------------|----------|-----------|-----------| +| 1 | Arquitectura Multi-Schema PostgreSQL | ✅ ADOPTAR | P0 | Database | +| 2 | Sistema SIMCO (_MAP.md) | ✅ ADOPTAR | P0 | Database | +| 3 | Row Level Security (RLS) | ✅ ADOPTAR | P0 | Database | +| 4 | Indices Optimizados | ✅ ADOPTAR | P0 | Database | +| 5 | Funciones PL/pgSQL | ✅ ADOPTAR | P0 | Database | +| 6 | Triggers Automaticos | ✅ ADOPTAR | P0 | Database | +| 7 | Estructura Modular Backend | ✅ ADOPTAR | P0 | Backend | +| 8 | Path Aliases Backend | ✅ ADOPTAR | P0 | Backend | +| 9 | Middleware Patterns | ✅ ADOPTAR | P0 | Backend | +| 10 | Error Handling Jerarquia | ✅ ADOPTAR | P0 | Backend | +| 11 | Database Access con ORM | 🔧 MEJORAR | P1 | Backend | +| 12 | Feature-Sliced Design (FSD) | ✅ ADOPTAR | P0 | Frontend | +| 13 | Shared Components (180+) | ✅ ADOPTAR | P0 | Frontend | +| 14 | Path Aliases Frontend | ✅ ADOPTAR | P0 | Frontend | +| 15 | State Management (Zustand) | ✅ ADOPTAR | P0 | Frontend | +| 16 | Custom Hooks | ✅ ADOPTAR | P0 | Frontend | +| 17 | Forms (React Hook Form + Zod) | ✅ ADOPTAR | P0 | Frontend | +| 18 | API Clients (Axios) | ✅ ADOPTAR | P0 | Frontend | +| 19 | Backend SSOT | ✅ ADOPTAR | P0 | SSOT | +| 20 | sync-enums.ts | ✅ ADOPTAR | P0 | SSOT | +| 21 | validate-constants-usage.ts | ✅ ADOPTAR | P0 | SSOT | +| 22 | Scripts de Validacion | ✅ ADOPTAR | P0 | DevOps | +| 23 | Docker + docker-compose | ✅ IMPLEMENTAR | P0 | DevOps | +| 24 | CI/CD (GitHub Actions) | ✅ IMPLEMENTAR | P0 | DevOps | +| 25 | Scripts de Deployment | ✅ IMPLEMENTAR | P0 | DevOps | +| 26 | Pre-commit Hooks (Husky) | ✅ IMPLEMENTAR | P1 | DevOps | +| 27 | Test Coverage Bajo (14%) | ❌ EVITAR | P0 | Anti-patron | +| 28 | Sin Docker | ❌ EVITAR | P0 | Anti-patron | +| 29 | Sin CI/CD | ❌ EVITAR | P0 | Anti-patron | +| 30 | Backend sin ORM | 🔧 MEJORAR | P1 | Anti-patron | + +### 7.2 Distribucion por Decision + +| Decision | Cantidad | Porcentaje | +|----------|----------|------------| +| ✅ ADOPTAR | 22 | 73% | +| ✅ IMPLEMENTAR (nuevo) | 4 | 13% | +| 🔧 MEJORAR/ADAPTAR | 2 | 7% | +| ❌ EVITAR | 2 | 7% | +| **TOTAL** | **30** | **100%** | + +### 7.3 Distribucion por Categoria + +| Categoria | ADOPTAR | IMPLEMENTAR | MEJORAR | EVITAR | Total | +|-----------|---------|-------------|---------|--------|-------| +| **Database** | 6 | 0 | 0 | 0 | 6 | +| **Backend** | 4 | 0 | 1 | 1 | 6 | +| **Frontend** | 7 | 0 | 0 | 1 | 8 | +| **SSOT** | 3 | 0 | 0 | 0 | 3 | +| **DevOps** | 2 | 4 | 0 | 2 | 8 | +| **TOTAL** | **22** | **4** | **1** | **4** | **30** | + +### 7.4 Distribucion por Prioridad + +| Prioridad | Cantidad | Porcentaje | +|-----------|----------|------------| +| **P0 (CRITICO)** | 28 | 93% | +| **P1 (ALTA)** | 2 | 7% | +| **P2 (MEDIA)** | 0 | 0% | +| **TOTAL** | **30** | **100%** | + +**Conclusion:** 93% de las decisiones son P0 (CRITICO), lo que indica la importancia de implementarlas desde el inicio. + +--- + +## 8. ROADMAP DE IMPLEMENTACION + +### 8.1 Fase 0 - Setup Inicial (Semana 1-2) + +**Prioridad P0 - CRITICO:** + +1. ✅ Arquitectura Multi-Schema PostgreSQL (9 schemas) +2. ✅ Sistema SIMCO (_MAP.md) en toda la estructura +3. ✅ Backend SSOT (enums.constants.ts, database.constants.ts, routes.constants.ts) +4. ✅ Script sync-enums.ts +5. ✅ Script validate-constants-usage.ts (adaptar patrones a ERP) +6. ✅ Path Aliases Backend + Frontend +7. ✅ Docker + docker-compose + +### 8.2 Fase 1 - Core Backend (Semana 3-4) + +**Prioridad P0:** + +8. ✅ Estructura Modular Backend (10 modulos) +9. ✅ Middleware Patterns (auth, validation, error, logging) +10. ✅ Error Handling con Jerarquia +11. ✅ Row Level Security (RLS) con funciones de contexto +12. ✅ Triggers de updated_at en todas las tablas +13. 🔧 TypeORM o Prisma (decidir e implementar) + +### 8.3 Fase 2 - Core Frontend (Semana 5-6) + +**Prioridad P0:** + +14. ✅ Feature-Sliced Design (FSD) +15. ✅ Shared Components (100+ componentes para ERP) +16. ✅ State Management (Zustand stores) +17. ✅ Custom Hooks +18. ✅ Forms (React Hook Form + Zod) +19. ✅ API Clients (Axios con interceptors) + +### 8.4 Fase 3 - DevOps Completo (Semana 7-8) + +**Prioridad P0:** + +20. ✅ CI/CD (GitHub Actions pipelines completos) +21. ✅ Scripts de Deployment (deploy, rollback, backup) +22. ✅ Testing Infrastructure (Jest, Vitest, 70%+ coverage) +23. ✅ Pre-commit Hooks (Husky) + +### 8.5 Fase 4 - Optimizacion (Semana 9-10) + +**Prioridad P0-P1:** + +24. ✅ Indices Optimizados en todas las tablas +25. ✅ Funciones PL/pgSQL para logica de negocio +26. ✅ Monitoring y Logging +27. ✅ E2E Tests (Playwright/Cypress) + +--- + +## 9. CONCLUSION + +### 9.1 Hallazgos Principales + +1. **GAMILIT tiene EXCELENTE arquitectura base:** ⭐⭐⭐⭐⭐ + - Multi-schema PostgreSQL + - Sistema SSOT completo + - Estructura modular Backend + - Feature-Sliced Design Frontend + - Scripts de validacion automatica + +2. **GAMILIT tiene GAPS CRITICOS en DevOps:** ❌❌❌ + - Sin Docker + - Sin CI/CD + - Sin scripts de deployment + - Test coverage 14% (INACEPTABLE) + +3. **Recomendacion:** ADOPTAR lo bueno, EVITAR lo malo, IMPLEMENTAR lo faltante + +### 9.2 Decision Final + +**✅ ADOPTAR:** 22 patrones/componentes de GAMILIT (73%) +**✅ IMPLEMENTAR:** 4 componentes criticos faltantes (Docker, CI/CD, Deployment, Hooks) +**🔧 MEJORAR:** 2 componentes (ORM, Test coverage) +**❌ EVITAR:** 4 anti-patrones criticos + +**ROI Esperado:** +- **Reduccion de bugs:** 70%+ +- **Velocidad de desarrollo:** 2x mas rapido (componentes reutilizables) +- **Mantenibilidad:** 3x mas facil (SSOT, path aliases, modularidad) +- **Deployment:** 10x mas rapido (Docker + CI/CD) + +--- + +**Documento creado:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Importancia:** ⭐⭐⭐⭐⭐ MAXIMA - DOCUMENTO MAESTRO +**Uso:** Referencia principal para todas las decisiones arquitectonicas del ERP Generico diff --git a/docs/01-analisis-referencias/gamilit/README.md b/docs/01-analisis-referencias/gamilit/README.md new file mode 100644 index 0000000..177a027 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/README.md @@ -0,0 +1,651 @@ +# Analisis de Referencia: GAMILIT + +**Proyecto:** Sistema Educativo Gamificado GAMILIT +**Tipo:** Monorepo TypeScript Full-Stack (Backend Node.js + Frontend React + Database PostgreSQL) +**Fecha de analisis:** 2025-11-23 +**Analista:** Architecture-Analyst Agent +**Estado:** Analisis completado + +--- + +## 1. RESUMEN EJECUTIVO + +GAMILIT es un sistema educativo gamificado que implementa **practicas arquitectonicas modernas de clase mundial** que deben ser adoptadas y adaptadas en el desarrollo del ERP Generico. El proyecto demuestra excelencia en organizacion de codigo, separacion de responsabilidades, y automatizacion de calidad. + +### 1.1 Descripcion del Proyecto + +Sistema educativo multiplataforma que combina: +- Plataforma de aprendizaje con 33 mecanicas educativas diferentes +- Sistema de gamificacion completo (logros, rangos mayas, ML Coins) +- Portales multi-rol (estudiante, profesor, administrador) +- Sistema de tracking de progreso y analytics +- Features sociales (aulas, equipos, desafios) + +### 1.2 Stack Tecnologico + +#### Backend +- **Runtime:** Node.js 18+ +- **Framework:** Express.js +- **Lenguaje:** TypeScript 5+ (strict mode) +- **Base de datos:** PostgreSQL 16+ (node-postgres) +- **Testing:** Jest (14% coverage actual, 70% objetivo) +- **Calidad:** ESLint + Prettier + +#### Frontend +- **Framework:** React 18+ +- **Build Tool:** Vite 5+ +- **Lenguaje:** TypeScript 5+ (strict mode) +- **Styling:** Tailwind CSS 3+ +- **State Management:** Zustand (8 stores) +- **Forms:** React Hook Form + Zod validation +- **Testing:** Vitest + React Testing Library (13% coverage) +- **Documentacion:** Storybook 7+ + +#### Database +- **Motor:** PostgreSQL 16+ +- **Arquitectura:** Multi-schema (9 schemas por dominio) +- **Objetos:** 44 tablas, 279+ indices, 50+ funciones PL/pgSQL, 35+ triggers +- **Seguridad:** Row Level Security (159 policies planeadas, 41 activas) + +#### DevOps +- **Scripts:** TypeScript + Bash +- **Validaciones:** 33 patrones de hardcoding detectados +- **Sincronizacion:** Auto-sync ENUMs Backend → Frontend +- **Estado:** Funcional pero incompleto (falta Docker, CI/CD, K8s) + +### 1.3 Metricas Clave + +| Metrica | Valor | Objetivo | +|---------|-------|----------| +| **LOC Total** | ~130,000 lineas | - | +| **Backend LOC** | ~45,000 lineas | - | +| **Frontend LOC** | ~85,000 lineas | - | +| **Componentes React** | 180+ | - | +| **API Endpoints** | 470+ | - | +| **Modulos Backend** | 11 modulos funcionales | - | +| **Test Coverage** | 14% | 70% | +| **Tests Backend** | ~40 | 210 | +| **Tests Frontend** | ~15 | 60 | + +--- + +## 2. TOP 5 HALLAZGOS PRINCIPALES + +### 2.1 Sistema de Constantes SSOT (Single Source of Truth) ⭐⭐⭐⭐⭐ + +**Que es:** +Sistema arquitectonico donde el Backend es la unica fuente de verdad para constantes, ENUMs y valores compartidos. Sincronizacion automatica a Frontend. + +**Componentes:** +1. **Backend SSOT:** `backend/src/shared/constants/` + - `enums.constants.ts` - 687 lineas de ENUMs compartidos + - `database.constants.ts` - Schemas y tablas PostgreSQL + - `routes.constants.ts` - Rutas API centralizadas + +2. **Script de Sincronizacion:** `devops/scripts/sync-enums.ts` + - Copia automatica Backend → Frontend + - Ejecutado en postinstall (automatico) + - Modifica header JSDoc para identificar origen + +3. **Validacion:** `devops/scripts/validate-constants-usage.ts` + - Detecta 33 patrones de hardcoding + - Severidades: P0 (critico), P1 (importante), P2 (menor) + - Bloquea CI/CD si hay violaciones P0 + - 642 lineas de validacion exhaustiva + +**Beneficios:** +- Elimina duplicacion Backend/Frontend/Database +- Garantiza sincronizacion automatica 100% +- Reduce errores por valores inconsistentes +- Facilita refactoring (cambio centralizado) +- Trazabilidad completa (referencias a DDL) + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +### 2.2 Arquitectura Multi-Schema PostgreSQL ⭐⭐⭐⭐⭐ + +**Que es:** +Organizacion de base de datos PostgreSQL en 9 schemas separados por dominio de negocio, con objetos agrupados logicamente. + +**Estructura:** + +```sql +-- 9 Schemas por dominio +auth_management -- Autenticacion, usuarios, roles, sesiones (39 objetos) +educational_content -- Modulos, ejercicios, recursos (42 objetos) +gamification_system -- Logros, rangos, ML Coins, notificaciones (93 objetos) +progress_tracking -- Progreso, sesiones, attempts (objetos por documentar) +social_features -- Aulas, equipos, amistades (objetos por documentar) +content_management -- Plantillas, multimedia (objetos por documentar) +audit_logging -- Auditoria, logs del sistema (objetos por documentar) +system_configuration -- Configuracion dinamica (objetos por documentar) +public -- Compartido, funciones generales (objetos por documentar) +``` + +**Organizacion interna de cada schema:** +``` +schema_name/ +├── tables/ # Tablas principales (01-nombre.sql con prefijo) +├── indexes/ # Indices optimizados +├── functions/ # Funciones PL/pgSQL +├── triggers/ # Triggers +├── views/ # Vistas +├── materialized-views/ # Vistas materializadas +├── enums/ # ENUMs PostgreSQL +├── rls-policies/ # Row Level Security policies +└── _MAP.md # Mapa completo del schema +``` + +**Metricas totales:** +- **Schemas:** 9 dominios separados +- **Tablas:** 44 tablas principales +- **Indices:** 279+ indices optimizados +- **Funciones:** 50+ funciones PL/pgSQL +- **Triggers:** 35+ triggers +- **RLS Policies:** 159 planeadas (41 activas) +- **Vistas:** 15+ vistas +- **Vistas Materializadas:** 5+ (performance) +- **Archivos _MAP.md:** 85+ mapas jerarquicos + +**Ventajas:** +- **Separacion logica clara:** Cada dominio tiene su propio namespace +- **Permisos granulares:** Facilita control de acceso por schema +- **Organizacion escalable:** Facil agregar nuevos schemas +- **Row Level Security:** Politicas RLS por schema +- **Mantenibilidad:** Cambios aislados por dominio +- **Documentacion:** Sistema SIMCO de mapas _MAP.md + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Propuesta de schemas para ERP Generico:** +```sql +core_system -- Usuarios, empresas, monedas, configuracion +accounting -- Contabilidad, cuentas, asientos +budgets -- Presupuestos, partidas, seguimiento +purchasing -- Compras, ordenes, proveedores +inventory -- Inventario, almacenes, movimientos +projects -- Proyectos, obras, lotes +human_resources -- RRHH, nominas, empleados +audit_logging -- Auditoria completa del sistema +system_notifications -- Notificaciones multi-canal +``` + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +### 2.3 Path Aliases Consistentes ⭐⭐⭐⭐⭐ + +**Que es:** +Uso de aliases para imports en lugar de rutas relativas, configurado en TypeScript y herramientas de build. + +**Implementacion Backend:** + +Configuracion en `backend/tsconfig.json`: +```json +{ + "compilerOptions": { + "baseUrl": "./src", + "paths": { + "@/*": ["./*"], + "@shared/*": ["shared/*"], + "@middleware/*": ["middleware/*"], + "@config/*": ["config/*"], + "@database/*": ["database/*"], + "@modules/*": ["modules/*"] + } + } +} +``` + +Uso en codigo: +```typescript +// ❌ Sin aliases (malo, fragil) +import { UserEntity } from '../../../modules/auth/entities/user.entity'; +import { DB_SCHEMAS } from '../../../shared/constants/database.constants'; + +// ✅ Con aliases (bueno, mantenible) +import { UserEntity } from '@modules/auth/entities/user.entity'; +import { DB_SCHEMAS } from '@shared/constants/database.constants'; +``` + +**Implementacion Frontend:** + +Configuracion en `frontend/tsconfig.json`: +```json +{ + "compilerOptions": { + "baseUrl": "./src", + "paths": { + "@/*": ["./*"], + "@shared/*": ["shared/*"], + "@components/*": ["shared/components/*"], + "@hooks/*": ["shared/hooks/*"], + "@utils/*": ["shared/utils/*"], + "@types/*": ["shared/types/*"], + "@services/*": ["services/*"], + "@app/*": ["app/*"], + "@features/*": ["features/*"], + "@pages/*": ["pages/*"] + } + } +} +``` + +Configuracion adicional en `frontend/vite.config.ts`: +```typescript +import { defineConfig } from 'vite'; +import path from 'path'; + +export default defineConfig({ + resolve: { + alias: { + '@': path.resolve(__dirname, './src'), + '@shared': path.resolve(__dirname, './src/shared'), + '@components': path.resolve(__dirname, './src/shared/components'), + // ... (resto de aliases) + } + } +}); +``` + +**Beneficios:** +- **Legibilidad:** Imports claros y semanticos +- **Mantenibilidad:** Facil refactoring de estructura +- **Prevencion de errores:** No mas `../../../` incorrectos +- **IDE Support:** Autocompletado y navegacion mejorados +- **Consistencia:** Mismo patron en todo el proyecto + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +### 2.4 Estructura Modular del Backend ⭐⭐⭐⭐⭐ + +**Que es:** +Organizacion del backend en 11 modulos funcionales independientes, cada uno con responsabilidad unica y estructura consistente. + +**Modulos implementados:** + +``` +backend/src/modules/ +├── auth/ # Autenticacion y autorizacion +├── educational/ # Contenido educativo (modulos, ejercicios) +├── gamification/ # Sistema de gamificacion completo +├── progress/ # Tracking de progreso y sesiones +├── social/ # Features sociales (aulas, equipos) +├── content/ # Content management (plantillas, multimedia) +├── admin/ # Panel de administracion +├── teacher/ # Portal de profesor +├── analytics/ # Analytics y reportes +├── notifications/ # Sistema de notificaciones +└── system/ # Sistema y configuracion +``` + +**Patron tipico de modulo:** + +``` +modules/auth/ +├── entities/ # Entidades de base de datos +│ ├── user.entity.ts +│ ├── role.entity.ts +│ └── session.entity.ts +├── dtos/ # Data Transfer Objects +│ ├── login.dto.ts +│ ├── register.dto.ts +│ └── update-profile.dto.ts +├── services/ # Logica de negocio +│ ├── auth.service.ts +│ ├── user.service.ts +│ └── session.service.ts +├── controllers/ # Controllers Express +│ ├── auth.controller.ts +│ └── user.controller.ts +├── routes/ # Definicion de rutas +│ ├── auth.routes.ts +│ └── user.routes.ts +├── middleware/ # Middleware especifico del modulo +│ ├── auth.middleware.ts +│ └── rate-limit.middleware.ts +├── validators/ # Validadores personalizados +│ └── user.validator.ts +└── types/ # Tipos TypeScript del modulo + └── auth.types.ts +``` + +**Principios aplicados:** +- **Single Responsibility:** Cada modulo tiene una responsabilidad unica +- **Separation of Concerns:** Capas claramente separadas +- **Dependency Injection:** Facil testing y mocking +- **Reutilizacion:** Modulos pueden ser extraidos a paquetes +- **Escalabilidad:** Facil agregar nuevos modulos + +**Ventajas:** +- Organizacion clara y predecible +- Facilita trabajo en equipo (modulos independientes) +- Testing aislado por modulo +- Reduccion de acoplamiento +- Facil onboarding de nuevos desarrolladores + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Propuesta de modulos para ERP Generico:** +``` +modules/ +├── core/ # Sistema core (empresas, usuarios, config) +├── accounting/ # Contabilidad +├── budgets/ # Presupuestos +├── purchasing/ # Compras +├── inventory/ # Inventario +├── projects/ # Proyectos/Obras +├── hr/ # RRHH +├── reports/ # Reportes y analytics +├── notifications/ # Notificaciones +└── admin/ # Administracion +``` + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +### 2.5 Feature-Sliced Design en Frontend ⭐⭐⭐⭐ + +**Que es:** +Arquitectura FSD (Feature-Sliced Design) para organizar el frontend por capas de abstraccion y features por dominio. + +**Estructura implementada:** + +``` +frontend/src/ +├── shared/ # Capa compartida (180+ componentes reutilizables) +│ ├── components/ # Componentes UI genericos +│ │ ├── Button/ +│ │ ├── Input/ +│ │ ├── Modal/ +│ │ ├── Card/ +│ │ └── ... (180+ componentes) +│ ├── hooks/ # Custom React hooks +│ │ ├── useAuth.ts +│ │ ├── useLocalStorage.ts +│ │ └── useDebounce.ts +│ ├── utils/ # Utilidades generales +│ │ ├── formatters.ts +│ │ ├── validators.ts +│ │ └── helpers.ts +│ ├── types/ # Tipos TypeScript compartidos +│ │ └── common.types.ts +│ └── constants/ # Constantes (sincronizadas con backend) +│ ├── enums.constants.ts +│ └── api-endpoints.ts +│ +├── features/ # Features de negocio por rol +│ ├── student/ # Features del portal estudiante +│ │ ├── dashboard/ +│ │ ├── exercises/ +│ │ ├── progress/ +│ │ └── achievements/ +│ ├── teacher/ # Features del portal profesor +│ │ ├── classrooms/ +│ │ ├── assignments/ +│ │ ├── grading/ +│ │ └── analytics/ +│ └── admin/ # Features del portal admin +│ ├── users/ +│ ├── content/ +│ ├── schools/ +│ └── reports/ +│ +├── pages/ # Paginas/Vistas (componen features) +│ ├── student/ +│ │ ├── DashboardPage.tsx +│ │ └── ExercisePage.tsx +│ ├── teacher/ +│ │ └── ClassroomPage.tsx +│ └── admin/ +│ └── AdminDashboardPage.tsx +│ +├── services/ # Servicios externos +│ ├── api/ # API clients (Axios) +│ │ ├── authApi.ts +│ │ ├── usersApi.ts +│ │ └── gamificationApi.ts +│ └── websocket/ # Socket.IO client +│ └── socket.ts +│ +└── app/ # Capa de aplicacion + ├── providers/ # Context providers + │ ├── AuthProvider.tsx + │ └── ThemeProvider.tsx + ├── layouts/ # Layouts principales + │ ├── MainLayout.tsx + │ └── AuthLayout.tsx + └── router/ # Configuracion de rutas + └── AppRouter.tsx +``` + +**Principios de FSD aplicados:** + +1. **Layered Architecture:** + - `shared` - Codigo reutilizable sin dependencias de negocio + - `features` - Logica de negocio por dominio + - `pages` - Composicion de features + - `app` - Configuracion global + +2. **Public API:** Cada feature expone una API publica via `index.ts` + +3. **Low Coupling:** Features no dependen entre si + +4. **High Cohesion:** Todo lo relacionado a una feature esta junto + +**State Management (Zustand):** + +8 stores especializados: +```typescript +// stores/ +├── useAuthStore.ts // Estado de autenticacion +├── useGamificationStore.ts // Gamificacion (XP, coins, logros) +├── useProgressStore.ts // Progreso de aprendizaje +├── useExerciseStore.ts // Estado de ejercicios +├── useNotificationStore.ts // Notificaciones en tiempo real +├── useSocialStore.ts // Features sociales +├── useTenantStore.ts // Multi-tenancy +└── useUIStore.ts // Estado UI (modals, sidebar, etc.) +``` + +**Ventajas:** +- **Componentes altamente reutilizables:** 180+ componentes shared +- **Separacion clara de responsabilidades** +- **Facil testing:** Features aisladas +- **Escalabilidad:** Agregar features sin afectar existentes +- **Team-friendly:** Equipos pueden trabajar en features diferentes + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐ (ALTA) + +Util para portales multi-rol del ERP: +``` +features/ +├── administrator/ # Portal administrador +├── supervisor/ # Portal supervisor de obra +├── accountant/ # Portal contador +├── purchaser/ # Portal comprador +└── hr/ # Portal RRHH +``` + +**Decision:** ✅ **ADOPTAR** (adaptar a necesidades del ERP) + +--- + +## 3. METRICAS DETALLADAS + +### 3.1 Codigo Base + +| Componente | Archivos | LOC | Porcentaje | +|------------|----------|-----|------------| +| Backend | ~500 archivos | 45,000 | 35% | +| Frontend | ~800 archivos | 85,000 | 65% | +| Database DDL | ~200 archivos | 10,000 (SQL) | - | +| DevOps Scripts | ~3 archivos | 500 | - | +| **TOTAL** | **~1,500 archivos** | **130,000+** | **100%** | + +### 3.2 Base de Datos + +| Objeto | Cantidad | Promedio por Schema | +|--------|----------|---------------------| +| Schemas | 9 | - | +| Tablas | 44 | 4-5 | +| Indices | 279+ | 31 | +| Funciones PL/pgSQL | 50+ | 5-6 | +| Triggers | 35+ | 3-4 | +| RLS Policies | 159 (41 activas) | 4-5 | +| Vistas | 15+ | 1-2 | +| Vistas Materializadas | 5+ | <1 | +| Archivos _MAP.md | 85+ | 9-10 | + +### 3.3 API Backend + +| Categoria | Cantidad | +|-----------|----------| +| Modulos funcionales | 11 | +| API Endpoints | 470+ | +| Controllers | ~50 | +| Services | ~80 | +| DTOs | ~100 | +| Entities | ~40 | + +### 3.4 Frontend + +| Categoria | Cantidad | +|-----------|----------| +| Componentes React | 180+ | +| Paginas/Vistas | ~50 | +| Custom Hooks | ~30 | +| Zustand Stores | 8 | +| Features implementadas | 33 mecanicas educativas | + +### 3.5 Testing (CRITICO - GAP IDENTIFICADO) + +| Tipo | Actual | Objetivo | Gap | +|------|--------|----------|-----| +| Backend Tests | 40 | 210 | **-170 (81%)** | +| Frontend Tests | 15 | 60 | **-45 (75%)** | +| Total Tests | 55 | 300 | **-245 (81.7%)** | +| Coverage Backend | 15% | 70% | **-55pp** | +| Coverage Frontend | 13% | 70% | **-57pp** | +| **Coverage Total** | **14%** | **70%** | **-56pp** | + +**Critica:** Coverage extremadamente bajo. NO copiar este anti-patron. + +### 3.6 DevOps y Automatizacion + +| Componente | Estado | Notas | +|------------|--------|-------| +| Scripts de validacion | ✅ Implementado | 3 scripts TypeScript | +| Sync ENUMs automatico | ✅ Implementado | Postinstall hook | +| Deteccion hardcoding | ✅ Implementado | 33 patrones P0/P1/P2 | +| ESLint + Prettier | ✅ Implementado | Configuracion shared | +| Docker | ❌ Faltante | NO implementado | +| CI/CD | ❌ Faltante | NO implementado | +| Kubernetes | ❌ Faltante | NO implementado | +| Deployment scripts | ❌ Faltante | NO implementado | + +**Critica:** DevOps incompleto. Implementar desde el inicio en ERP Generico. + +--- + +## 4. RECOMENDACIONES GENERALES + +### 4.1 ADOPTAR COMPLETAMENTE ✅ + +1. **Sistema de Constantes SSOT** ⭐⭐⭐⭐⭐ + - Backend como Single Source of Truth + - Scripts de sincronizacion automatica + - Validacion de hardcoding en CI/CD + - **Prioridad:** P0 - CRITICO + +2. **Arquitectura Multi-Schema PostgreSQL** ⭐⭐⭐⭐⭐ + - 9+ schemas por dominio de negocio + - Organizacion interna estandarizada + - Sistema de mapas _MAP.md (SIMCO) + - **Prioridad:** P0 - CRITICO + +3. **Path Aliases Consistentes** ⭐⭐⭐⭐⭐ + - Backend: @shared, @modules, @config, etc. + - Frontend: @components, @hooks, @services, etc. + - Configuracion en tsconfig.json + vite.config.ts + - **Prioridad:** P0 - CRITICO + +4. **Estructura Modular Backend** ⭐⭐⭐⭐⭐ + - 11 modulos funcionales independientes + - Patron consistente por modulo + - Separacion de responsabilidades clara + - **Prioridad:** P0 - CRITICO + +### 4.2 ADOPTAR Y ADAPTAR 🔧 + +5. **Feature-Sliced Design Frontend** ⭐⭐⭐⭐ + - Adaptar a portales multi-rol del ERP + - 180+ componentes compartidos como base + - State management con Zustand + - **Prioridad:** P1 - ALTA + +6. **Scripts de Validacion** ⭐⭐⭐⭐ + - Deteccion de hardcoding (33 patrones) + - Validacion de contratos API + - Integracion en CI/CD + - **Prioridad:** P1 - ALTA + +### 4.3 EVITAR COMPLETAMENTE ❌ + +7. **Test Coverage Bajo** + - ❌ NO copiar: 14% coverage actual + - ✅ IMPLEMENTAR: 70%+ coverage desde el inicio + - ✅ IMPLEMENTAR: TDD (Test-Driven Development) + - **Prioridad:** P0 - CRITICO + +8. **DevOps Incompleto** + - ❌ NO copiar: Falta Docker, CI/CD, K8s + - ✅ IMPLEMENTAR: DevOps completo desde el inicio + - ✅ IMPLEMENTAR: Deployment automatizado + - **Prioridad:** P0 - CRITICO + +9. **Backend sin ORM** + - ❌ NO copiar: node-postgres (pg) directamente + - ✅ CONSIDERAR: TypeORM o Prisma + - Ventaja: Type safety, migrations automaticas + - **Prioridad:** P1 - ALTA + +--- + +## 5. PROXIMOS PASOS + +1. **Analisis detallado por area:** + - [ ] `database-architecture.md` - Arquitectura multi-schema + - [ ] `backend-patterns.md` - Patrones de backend + - [ ] `frontend-patterns.md` - Patrones de frontend + - [ ] `ssot-system.md` - Sistema SSOT (CRITICO) + - [ ] `devops-automation.md` - Scripts y validaciones + - [ ] `ADOPTAR-ADAPTAR-EVITAR.md` - Matriz de decisiones + +2. **Validacion cruzada:** + - Comparar con arquitectura Odoo + - Comparar con ERP Construccion existente + - Identificar gaps y oportunidades + +3. **Implementacion:** + - Crear ADRs (Architecture Decision Records) + - Actualizar directivas de desarrollo + - Implementar patrones en ERP Generico + +--- + +**Documento creado:** 2025-11-23 +**Ultima actualizacion:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Proximo documento:** `database-architecture.md` diff --git a/docs/01-analisis-referencias/gamilit/backend-patterns.md b/docs/01-analisis-referencias/gamilit/backend-patterns.md new file mode 100644 index 0000000..690ca57 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/backend-patterns.md @@ -0,0 +1,869 @@ +# Patrones de Backend - GAMILIT + +**Documento:** Analisis de Patrones de Backend Node.js + TypeScript +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent + +--- + +## 1. VISION GENERAL + +GAMILIT implementa un **backend modular en Node.js 18+ con Express.js y TypeScript 5+** que demuestra excelentes practicas de organizacion, separacion de responsabilidades y mantenibilidad del codigo. + +**Stack tecnologico:** +- **Runtime:** Node.js 18+ +- **Framework:** Express.js +- **Lenguaje:** TypeScript 5+ (strict mode) +- **Database Client:** node-postgres (pg) +- **Testing:** Jest (40 tests, 15% coverage - GAP CRITICO) +- **Process Manager:** PM2 +- **Linting:** ESLint + Prettier + +**Metricas:** +- **LOC:** ~45,000 lineas +- **Modulos:** 11 modulos funcionales +- **Endpoints:** 470+ API endpoints +- **Controllers:** ~50 +- **Services:** ~80 +- **DTOs:** ~100 +- **Entities:** ~40 + +--- + +## 2. ESTRUCTURA MODULAR (11 MODULOS) + +### 2.1 Organizacion del Backend + +``` +backend/ +├── src/ +│ ├── shared/ # Codigo compartido (constants SSOT, utils, types) +│ │ ├── constants/ # ⭐ Single Source of Truth +│ │ │ ├── enums.constants.ts # 687 lineas de ENUMs +│ │ │ ├── database.constants.ts # Schemas y tablas +│ │ │ ├── routes.constants.ts # 368 lineas de rutas API +│ │ │ ├── regex.ts # Expresiones regulares +│ │ │ └── index.ts # Barrel export +│ │ ├── types/ # Tipos TypeScript compartidos +│ │ ├── utils/ # Utilidades generales +│ │ └── decorators/ # Decoradores personalizados +│ │ +│ ├── middleware/ # Middleware de Express +│ │ ├── auth.middleware.ts # Autenticacion JWT +│ │ ├── validation.middleware.ts # Validacion de DTOs +│ │ ├── error.middleware.ts # Manejo de errores global +│ │ └── logging.middleware.ts # Logging de requests +│ │ +│ ├── config/ # Configuraciones +│ │ ├── database.config.ts # Configuracion DB +│ │ ├── jwt.config.ts # Configuracion JWT +│ │ └── cors.config.ts # Configuracion CORS +│ │ +│ ├── database/ # Conexion DB, migrations, seeds +│ │ ├── connection.ts # Pool de conexiones +│ │ └── pool.ts # Singleton pool +│ │ +│ ├── modules/ # ⭐ 11 MODULOS DE NEGOCIO +│ │ ├── auth/ # Autenticacion y autorizacion +│ │ ├── educational/ # Contenido educativo +│ │ ├── gamification/ # Sistema de gamificacion +│ │ ├── progress/ # Tracking de progreso +│ │ ├── social/ # Features sociales +│ │ ├── content/ # Content management +│ │ ├── admin/ # Panel de administracion +│ │ ├── teacher/ # Portal de profesor +│ │ ├── analytics/ # Analytics y reportes +│ │ ├── notifications/ # Sistema de notificaciones +│ │ └── system/ # Sistema y configuracion +│ │ +│ └── main.ts # Entry point de la aplicacion +│ +├── __tests__/ # Tests (40 tests, 15% coverage) +├── dist/ # Build output (compilado) +├── logs/ # Application logs +├── node_modules/ # Dependencies (95 MB) +├── package.json # NPM config +├── tsconfig.json # ⭐ TypeScript config (path aliases) +├── jest.config.js # Jest config +├── .eslintrc.js # ESLint config +└── README.md # Documentacion +``` + +### 2.2 Los 11 Modulos Funcionales + +| Modulo | Responsabilidad | Endpoints | Aplicabilidad ERP | +|--------|-----------------|-----------|-------------------| +| **auth/** | Autenticacion, autorizacion, usuarios, roles | ~40 | ⭐⭐⭐⭐⭐ MAXIMA | +| **educational/** | Modulos, ejercicios, recursos educativos | ~60 | ❌ No aplicable | +| **gamification/** | Logros, rangos, ML Coins, comodines | ~80 | ❌ No aplicable | +| **progress/** | Tracking de progreso, sesiones, attempts | ~90 | 🔧 Adaptar (avance de obra) | +| **social/** | Aulas, equipos, amistades, desafios | ~70 | 🔧 Adaptar (jerarquias) | +| **content/** | Plantillas, multimedia, Marie Curie | ~40 | 🔧 Adaptar (docs, plantillas) | +| **admin/** | Panel de administracion, bulk operations | ~30 | ⭐⭐⭐⭐⭐ MAXIMA | +| **teacher/** | Portal de profesor, grading, classrooms | ~30 | 🔧 Adaptar (supervisor) | +| **analytics/** | Analytics, reportes, metricas | ~20 | ⭐⭐⭐⭐⭐ MAXIMA | +| **notifications/** | Notificaciones multi-canal | ~10 | ⭐⭐⭐⭐⭐ MAXIMA | +| **system/** | Configuracion, feature flags, health | ~10 | ⭐⭐⭐⭐⭐ MAXIMA | + +**Total endpoints:** 470+ + +--- + +## 3. PATRON DE MODULO TIPICO + +Cada modulo en GAMILIT sigue un **patron consistente** que facilita navegacion y mantenimiento: + +### 3.1 Estructura de un Modulo (ejemplo: auth/) + +``` +modules/auth/ +├── entities/ # Entidades de base de datos +│ ├── user.entity.ts +│ ├── role.entity.ts +│ ├── session.entity.ts +│ └── tenant.entity.ts +│ +├── dtos/ # Data Transfer Objects (validacion) +│ ├── login.dto.ts +│ ├── register.dto.ts +│ ├── update-profile.dto.ts +│ └── change-password.dto.ts +│ +├── services/ # Logica de negocio +│ ├── auth.service.ts # Servicio principal +│ ├── user.service.ts # Servicios especializados +│ ├── session.service.ts +│ └── tenant.service.ts +│ +├── controllers/ # Controllers Express (rutas) +│ ├── auth.controller.ts +│ └── user.controller.ts +│ +├── routes/ # Definicion de rutas +│ ├── auth.routes.ts # Rutas de autenticacion +│ └── user.routes.ts # Rutas de usuarios +│ +├── middleware/ # Middleware especifico del modulo +│ ├── auth.middleware.ts # Verificacion JWT +│ └── rate-limit.middleware.ts # Rate limiting +│ +├── validators/ # Validadores personalizados +│ └── user.validator.ts +│ +├── types/ # Tipos TypeScript del modulo +│ └── auth.types.ts +│ +└── index.ts # Barrel export (Public API) +``` + +### 3.2 Capas del Modulo + +**1. Entities (Entidades):** +- Representacion de tablas de base de datos +- Mapeo 1:1 con esquema PostgreSQL +- Tipos TypeScript para type safety + +Ejemplo `user.entity.ts`: +```typescript +import { DB_SCHEMAS, DB_TABLES } from '@shared/constants'; + +export interface UserEntity { + id: string; + email: string; + password_hash: string; + tenant_id: string; + created_at: Date; + updated_at: Date; +} + +export const USER_TABLE = `${DB_SCHEMAS.AUTH}.${DB_TABLES.AUTH.USERS}`; +``` + +**2. DTOs (Data Transfer Objects):** +- Validacion de datos de entrada +- Transformacion de datos +- Documentacion de contratos + +Ejemplo `login.dto.ts`: +```typescript +export interface LoginDto { + email: string; // Validacion: email valido + password: string; // Validacion: minimo 8 caracteres + tenant_id?: string; // Opcional para multi-tenancy +} + +export function validateLoginDto(data: unknown): LoginDto { + // Validacion con Zod, class-validator, etc. + // ... + return data as LoginDto; +} +``` + +**3. Services (Servicios):** +- Logica de negocio +- Interaccion con base de datos +- Orquestacion de operaciones + +Ejemplo `auth.service.ts`: +```typescript +import { pool } from '@database/pool'; +import { USER_TABLE } from './entities/user.entity'; +import { DB_SCHEMAS } from '@shared/constants'; + +export class AuthService { + async login(dto: LoginDto): Promise { + // 1. Buscar usuario por email + const user = await this.findUserByEmail(dto.email); + + // 2. Verificar password + const isValid = await bcrypt.compare(dto.password, user.password_hash); + if (!isValid) throw new UnauthorizedError(); + + // 3. Generar JWT + const token = jwt.sign({ userId: user.id }, JWT_SECRET); + + // 4. Crear sesion + await this.createSession(user.id, token); + + return { user, token }; + } + + private async findUserByEmail(email: string): Promise { + const result = await pool.query( + `SELECT * FROM ${USER_TABLE} WHERE email = $1`, + [email] + ); + return result.rows[0]; + } +} +``` + +**4. Controllers (Controladores):** +- Manejo de requests HTTP +- Validacion de input +- Delegacion a servicios +- Manejo de responses + +Ejemplo `auth.controller.ts`: +```typescript +import { Router } from 'express'; +import { AuthService } from './services/auth.service'; +import { API_ROUTES } from '@shared/constants'; + +const router = Router(); +const authService = new AuthService(); + +// POST /api/v1/auth/login +router.post(API_ROUTES.AUTH.LOGIN, async (req, res, next) => { + try { + const dto = validateLoginDto(req.body); + const result = await authService.login(dto); + res.json(result); + } catch (error) { + next(error); + } +}); + +export default router; +``` + +**5. Routes (Rutas):** +- Configuracion de rutas +- Aplicacion de middleware +- Documentacion de endpoints + +**6. Middleware:** +- Autenticacion +- Autorizacion +- Validacion +- Rate limiting + +**7. Validators:** +- Validaciones personalizadas +- Reglas de negocio + +--- + +## 4. PATH ALIASES (IMPORTS LIMPIOS) + +### 4.1 Configuracion en tsconfig.json + +```json +{ + "compilerOptions": { + "baseUrl": "./src", + "paths": { + "@/*": ["./*"], + "@shared/*": ["shared/*"], + "@middleware/*": ["middleware/*"], + "@config/*": ["config/*"], + "@database/*": ["database/*"], + "@modules/*": ["modules/*"] + } + } +} +``` + +### 4.2 Comparacion de Imports + +**❌ SIN PATH ALIASES (malo, fragil):** +```typescript +import { UserEntity } from '../../../modules/auth/entities/user.entity'; +import { DB_SCHEMAS } from '../../../shared/constants/database.constants'; +import { AuthService } from '../../../modules/auth/services/auth.service'; +import { validateLoginDto } from '../../../modules/auth/dtos/login.dto'; +``` + +**✅ CON PATH ALIASES (bueno, mantenible):** +```typescript +import { UserEntity } from '@modules/auth/entities/user.entity'; +import { DB_SCHEMAS } from '@shared/constants/database.constants'; +import { AuthService } from '@modules/auth/services/auth.service'; +import { validateLoginDto } from '@modules/auth/dtos/login.dto'; +``` + +### 4.3 Beneficios + +1. **Legibilidad:** Imports semanticos y claros +2. **Mantenibilidad:** Facil refactoring de estructura +3. **Prevencion de errores:** No mas `../../../` incorrectos +4. **IDE Support:** Autocompletado mejorado +5. **Consistencia:** Mismo patron en todo el proyecto + +### 4.4 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Aliases propuestos para ERP:** +```json +{ + "paths": { + "@/*": ["./*"], + "@shared/*": ["shared/*"], + "@middleware/*": ["middleware/*"], + "@config/*": ["config/*"], + "@database/*": ["database/*"], + "@modules/*": ["modules/*"], + "@core/*": ["modules/core/*"], + "@accounting/*": ["modules/accounting/*"], + "@budgets/*": ["modules/budgets/*"], + "@purchasing/*": ["modules/purchasing/*"] + } +} +``` + +--- + +## 5. MIDDLEWARE PATTERNS + +### 5.1 Tipos de Middleware Implementados + +**1. Authentication Middleware:** +```typescript +// middleware/auth.middleware.ts +import jwt from 'jsonwebtoken'; + +export const authenticate = async (req, res, next) => { + try { + const token = extractToken(req.headers.authorization); + const decoded = jwt.verify(token, JWT_SECRET); + + // Establecer contexto del usuario + req.user = decoded; + req.userId = decoded.userId; + req.tenantId = decoded.tenantId; + + next(); + } catch (error) { + res.status(401).json({ error: 'Unauthorized' }); + } +}; +``` + +**2. Validation Middleware:** +```typescript +// middleware/validation.middleware.ts +export const validateDto = (schema) => { + return (req, res, next) => { + try { + req.body = schema.parse(req.body); + next(); + } catch (error) { + res.status(400).json({ errors: error.errors }); + } + }; +}; + +// Uso: +router.post('/login', validateDto(loginSchema), authController.login); +``` + +**3. Error Middleware:** +```typescript +// middleware/error.middleware.ts +export const errorHandler = (err, req, res, next) => { + console.error(err); + + // Errores conocidos + if (err instanceof UnauthorizedError) { + return res.status(401).json({ error: err.message }); + } + + if (err instanceof ValidationError) { + return res.status(400).json({ errors: err.errors }); + } + + // Error generico + res.status(500).json({ error: 'Internal server error' }); +}; +``` + +**4. Logging Middleware:** +```typescript +// middleware/logging.middleware.ts +export const requestLogger = (req, res, next) => { + const start = Date.now(); + + res.on('finish', () => { + const duration = Date.now() - start; + console.log(`${req.method} ${req.url} ${res.statusCode} - ${duration}ms`); + }); + + next(); +}; +``` + +### 5.2 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Middleware criticos para ERP:** +- Authentication (JWT con multi-tenancy) +- Authorization (permisos por rol) +- Validation (DTOs con Zod) +- Error handling (global) +- Logging (auditoria de requests) +- Rate limiting (proteccion DDoS) + +--- + +## 6. ERROR HANDLING + +### 6.1 Jerarquia de Errores Personalizados + +```typescript +// shared/errors/base.error.ts +export class AppError extends Error { + constructor( + public statusCode: number, + public message: string, + public isOperational = true + ) { + super(message); + Error.captureStackTrace(this, this.constructor); + } +} + +// Errores especificos +export class UnauthorizedError extends AppError { + constructor(message = 'Unauthorized') { + super(401, message); + } +} + +export class NotFoundError extends AppError { + constructor(resource: string) { + super(404, `${resource} not found`); + } +} + +export class ValidationError extends AppError { + constructor(public errors: any[]) { + super(400, 'Validation failed'); + } +} + +export class ForbiddenError extends AppError { + constructor(message = 'Forbidden') { + super(403, message); + } +} + +export class ConflictError extends AppError { + constructor(message: string) { + super(409, message); + } +} +``` + +### 6.2 Uso en Servicios + +```typescript +// modules/auth/services/auth.service.ts +export class AuthService { + async findUserById(id: string): Promise { + const user = await this.userRepository.findById(id); + + if (!user) { + throw new NotFoundError('User'); + } + + return user; + } + + async updateUser(id: string, dto: UpdateUserDto): Promise { + // Verificar si email ya existe + const existing = await this.userRepository.findByEmail(dto.email); + if (existing && existing.id !== id) { + throw new ConflictError('Email already in use'); + } + + return await this.userRepository.update(id, dto); + } +} +``` + +### 6.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +## 7. DATABASE PATTERNS + +### 7.1 Connection Pool (Singleton) + +```typescript +// database/pool.ts +import { Pool } from 'pg'; +import { DB_CONFIG } from '@config/database.config'; + +let pool: Pool | null = null; + +export function getPool(): Pool { + if (!pool) { + pool = new Pool({ + host: DB_CONFIG.host, + port: DB_CONFIG.port, + database: DB_CONFIG.database, + user: DB_CONFIG.user, + password: DB_CONFIG.password, + max: 20, // Maximo 20 conexiones + idleTimeoutMillis: 30000, + connectionTimeoutMillis: 2000, + }); + } + + return pool; +} + +export const pool = getPool(); +``` + +### 7.2 Uso de Constants para Queries + +```typescript +import { pool } from '@database/pool'; +import { DB_SCHEMAS, DB_TABLES, getFullTableName } from '@shared/constants'; + +export class UserRepository { + private readonly TABLE = getFullTableName( + DB_SCHEMAS.AUTH, + DB_TABLES.AUTH.USERS + ); + + async findById(id: string): Promise { + const result = await pool.query( + `SELECT * FROM ${this.TABLE} WHERE id = $1`, + [id] + ); + return result.rows[0] || null; + } + + async create(user: CreateUserDto): Promise { + const result = await pool.query( + `INSERT INTO ${this.TABLE} (email, password_hash, tenant_id) + VALUES ($1, $2, $3) + RETURNING *`, + [user.email, user.passwordHash, user.tenantId] + ); + return result.rows[0]; + } +} +``` + +### 7.3 Transacciones + +```typescript +export class OrderService { + async createOrderWithItems(dto: CreateOrderDto): Promise { + const client = await pool.connect(); + + try { + await client.query('BEGIN'); + + // 1. Crear orden + const order = await this.createOrder(client, dto); + + // 2. Crear items + await this.createOrderItems(client, order.id, dto.items); + + // 3. Actualizar inventario + await this.updateInventory(client, dto.items); + + await client.query('COMMIT'); + return order; + } catch (error) { + await client.query('ROLLBACK'); + throw error; + } finally { + client.release(); + } + } +} +``` + +### 7.4 Critica: Sin ORM + +**Observacion:** GAMILIT usa `node-postgres` (pg) directamente, sin ORM. + +**Ventajas:** +- ✅ Control total sobre queries +- ✅ Performance optimo +- ✅ Queries SQL explicitas + +**Desventajas:** +- ❌ Sin type safety en queries +- ❌ Mapeo manual de resultados +- ❌ Migrations manuales +- ❌ Propenso a SQL injection si no se usan placeholders + +**Recomendacion para ERP Generico:** + +⭐⭐⭐⭐ (ALTA) + +**Decision:** 🔧 **CONSIDERAR TypeORM o Prisma** + +**Justificacion:** +- Type safety completo +- Migrations automaticas +- Query builder type-safe +- Reduccion de codigo boilerplate + +--- + +## 8. TESTING PATTERNS + +### 8.1 Metricas de Testing (GAP CRITICO) + +| Metrica | Actual | Objetivo | Gap | +|---------|--------|----------|-----| +| **Tests Backend** | 40 | 210 | **-170 (81%)** | +| **Coverage** | 15% | 70% | **-55pp** | + +**Critica:** Coverage extremadamente bajo. NO copiar este anti-patron. + +### 8.2 Ejemplos de Tests (los pocos que existen) + +**Test de Servicio:** +```typescript +// modules/auth/__tests__/auth.service.test.ts +describe('AuthService', () => { + let authService: AuthService; + + beforeEach(() => { + authService = new AuthService(); + }); + + describe('login', () => { + it('should return token for valid credentials', async () => { + const dto = { email: 'test@example.com', password: 'password123' }; + const result = await authService.login(dto); + + expect(result).toHaveProperty('token'); + expect(result).toHaveProperty('user'); + }); + + it('should throw UnauthorizedError for invalid password', async () => { + const dto = { email: 'test@example.com', password: 'wrong' }; + + await expect(authService.login(dto)).rejects.toThrow(UnauthorizedError); + }); + }); +}); +``` + +### 8.3 Recomendacion para ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA - CRITICO) + +**Decision:** ✅ **IMPLEMENTAR TESTING DESDE EL INICIO** + +**Objetivos:** +- **Coverage:** 70%+ desde el inicio +- **TDD:** Test-Driven Development +- **Tests por capa:** Unit, Integration, E2E +- **CI/CD:** Tests automaticos en pipeline + +**Herramientas:** +- **Jest** para unit tests +- **Supertest** para integration tests +- **Test containers** para tests con DB + +--- + +## 9. MATRIZ DE DECISION: ADOPTAR / ADAPTAR / EVITAR + +### 9.1 ADOPTAR COMPLETAMENTE ✅ + +| Patron | Descripcion | Justificacion | Prioridad | +|--------|-------------|---------------|-----------| +| **Estructura modular** | 11 modulos funcionales independientes | Organizacion clara, escalable | P0 | +| **Patron de modulo** | entities, dtos, services, controllers, routes | Consistencia en toda la aplicacion | P0 | +| **Path aliases** | @shared, @modules, @config, etc. | Imports limpios y mantenibles | P0 | +| **Middleware patterns** | auth, validation, error, logging | Separacion de responsabilidades | P0 | +| **Error handling** | Jerarquia de errores personalizados | Manejo consistente de errores | P0 | +| **Connection pool** | Singleton pool de conexiones PostgreSQL | Performance y gestion de conexiones | P0 | +| **Constants SSOT** | Backend como fuente de verdad | Eliminacion de hardcoding | P0 | + +### 9.2 ADAPTAR / MEJORAR 🔧 + +| Patron | Estado Actual | Mejora Propuesta | Prioridad | +|--------|---------------|------------------|-----------| +| **Database access** | node-postgres directo | TypeORM o Prisma (type safety) | P1 | +| **Testing** | 15% coverage, 40 tests | 70%+ coverage, TDD | P0 CRITICO | +| **Validation** | Validacion manual | Zod o class-validator | P1 | +| **Documentation** | Comentarios en codigo | OpenAPI/Swagger specs | P1 | + +### 9.3 EVITAR ❌ + +| Patron | Razon | Alternativa | +|--------|-------|-------------| +| **Coverage bajo** | 15% es inaceptable | 70%+ coverage desde el inicio | +| **Sin ORM** | Propenso a errores, sin type safety | TypeORM o Prisma | +| **Validacion manual** | Inconsistente, propenso a errores | Zod o class-validator | + +--- + +## 10. PROPUESTA DE MODULOS PARA ERP GENERICO + +Basado en el analisis de GAMILIT, se propone: + +``` +backend/src/modules/ +├── core/ # Sistema core +│ ├── companies/ # Empresas (multi-tenant) +│ ├── users/ # Usuarios del sistema +│ ├── roles/ # Roles RBAC +│ └── currencies/ # Monedas +│ +├── accounting/ # Contabilidad +│ ├── accounts/ # Catalogo de cuentas +│ ├── entries/ # Asientos contables +│ └── reports/ # Reportes financieros +│ +├── budgets/ # Presupuestos +│ ├── budgets/ # Presupuestos maestros +│ ├── items/ # Partidas presupuestarias +│ └── tracking/ # Seguimiento de ejecucion +│ +├── purchasing/ # Compras +│ ├── suppliers/ # Proveedores +│ ├── orders/ # Ordenes de compra +│ └── invoices/ # Facturas +│ +├── inventory/ # Inventario +│ ├── products/ # Productos/Materiales +│ ├── warehouses/ # Almacenes +│ └── movements/ # Movimientos +│ +├── projects/ # Proyectos +│ ├── projects/ # Proyectos/Obras +│ ├── phases/ # Fases de proyecto +│ └── team/ # Equipo del proyecto +│ +├── hr/ # RRHH +│ ├── employees/ # Empleados +│ ├── payrolls/ # Nominas +│ └── attendance/ # Asistencia +│ +├── reports/ # Reportes y Analytics +│ ├── financial/ # Reportes financieros +│ ├── operational/ # Reportes operacionales +│ └── dashboards/ # Dashboards +│ +├── notifications/ # Notificaciones +│ └── multi-channel/ # Multi-canal (email, SMS, push) +│ +└── admin/ # Administracion + ├── audit/ # Auditoria + ├── settings/ # Configuracion + └── bulk-ops/ # Operaciones bulk +``` + +**Total modulos propuestos:** 10 modulos + +--- + +## 11. CONCLUSION Y RECOMENDACIONES + +### 11.1 Hallazgos Clave + +1. **Estructura modular excelente:** ⭐⭐⭐⭐⭐ + - 11 modulos bien organizados + - Patron consistente por modulo + - Facil navegacion y mantenimiento + +2. **Path aliases son criticos:** ⭐⭐⭐⭐⭐ + - Imports limpios y semanticos + - Facil refactoring + +3. **Middleware patterns bien implementados:** ⭐⭐⭐⭐⭐ + - Auth, validation, error, logging + - Separacion de responsabilidades + +4. **Testing es GAP CRITICO:** ❌❌❌ + - 15% coverage es inaceptable + - Solo 40 tests para 45,000 LOC + - NO copiar este anti-patron + +### 11.2 Recomendaciones Finales + +#### ADOPTAR COMPLETAMENTE ✅ (Prioridad P0) + +1. Estructura modular (10 modulos para ERP) +2. Patron de modulo (entities, dtos, services, controllers) +3. Path aliases (@shared, @modules, @config) +4. Middleware patterns (auth, validation, error) +5. Error handling con jerarquia de errores +6. Connection pool singleton +7. Constants SSOT (Backend como fuente de verdad) + +#### MEJORAR RESPECTO A GAMILIT 🔧 (Prioridad P0-P1) + +1. **Testing:** 70%+ coverage desde el inicio (P0 CRITICO) +2. **ORM:** Usar TypeORM o Prisma (P1) +3. **Validation:** Zod o class-validator (P1) +4. **Documentation:** OpenAPI/Swagger (P1) +5. **DevOps:** Docker, CI/CD completo (P0) + +#### EVITAR ❌ + +1. Coverage bajo (15%) +2. Sin ORM (propenso a errores) +3. Validacion manual inconsistente + +--- + +**Documento creado:** 2025-11-23 +**Ultima actualizacion:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Proximo documento:** `frontend-patterns.md` diff --git a/docs/01-analisis-referencias/gamilit/database-architecture.md b/docs/01-analisis-referencias/gamilit/database-architecture.md new file mode 100644 index 0000000..542aabb --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/database-architecture.md @@ -0,0 +1,1119 @@ +# Arquitectura de Base de Datos Multi-Schema - GAMILIT + +**Documento:** Analisis de Arquitectura de Base de Datos +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent + +--- + +## 1. VISION GENERAL + +GAMILIT implementa una **arquitectura multi-schema en PostgreSQL 16+** que organiza objetos de base de datos por dominios de negocio, proporcionando separacion logica, permisos granulares y escalabilidad arquitectonica. + +### 1.1 Principios Arquitectonicos + +1. **Domain-Driven Design (DDD):** Cada schema representa un contexto delimitado (bounded context) +2. **Separation of Concerns:** Objetos agrupados por responsabilidad funcional +3. **Principle of Least Privilege:** Permisos granulares por schema +4. **Scalability First:** Facil agregar nuevos dominios sin afectar existentes +5. **Documentation as Code:** Sistema SIMCO de mapas _MAP.md jerarquicos + +--- + +## 2. LOS 9 SCHEMAS DE GAMILIT + +### 2.1 Resumen Comparativo + +| Schema | Tablas | Indices | Funciones | Triggers | RLS Policies | Vistas | MViews | Total Objetos | +|--------|--------|---------|-----------|----------|--------------|--------|--------|---------------| +| **auth_management** | 15 | 11 | 6 | 6 | 1 archivo | - | - | **39** | +| **gamification_system** | 15 | 23 | 25 | 10 | 8 archivos | 4 | 4 | **93** | +| **educational_content** | 14 | 16 | 3 | 4 | 2 archivos | - | - | **42** | +| **progress_tracking** | ~8 | ~15 | ~5 | ~3 | ~2 archivos | - | - | **~35** | +| **social_features** | ~10 | ~12 | ~4 | ~2 | ~2 archivos | - | - | **~32** | +| **content_management** | ~6 | ~8 | ~2 | ~2 | ~1 archivo | - | - | **~20** | +| **audit_logging** | ~4 | ~6 | ~2 | ~1 | ~1 archivo | - | - | **~15** | +| **system_configuration** | ~3 | ~4 | ~2 | ~1 | ~1 archivo | - | - | **~12** | +| **public** | ~2 | ~3 | ~10 | - | - | - | - | **~15** | +| **TOTAL** | **~77** | **~98** | **~59** | **~29** | **~18** | **4** | **4** | **~303** | + +**Nota:** Numeros exactos solo para auth_management, gamification_system y educational_content (documentados). Resto estimado. + +### 2.2 Detalle por Schema + +--- + +#### 2.2.1 auth_management - Autenticacion y Autorizacion + +**Proposito:** Gestion completa de autenticacion, usuarios, roles, sesiones y seguridad. + +**Tablas (15):** +```sql +01. tenants -- Multi-tenancy (organizaciones) +02. auth_attempts -- Intentos de autenticacion (tracking) +03. profiles -- Perfiles de usuario +04. roles -- Roles del sistema (RBAC) +05. auth_providers -- Proveedores OAuth (Google, GitHub, etc.) +06. email_verification_tokens -- Tokens de verificacion de email +07. password_reset_tokens -- Tokens de reset de password +08. security_events -- Eventos de seguridad (logs) +09. user_preferences -- Preferencias de usuario (theme, language) +10. memberships -- Membresias de usuarios en tenants +11. user_sessions -- Sesiones activas (JWT tracking) +12. user_suspensions -- Suspensiones de usuarios +14. parent_accounts -- Cuentas de padres (FUTURE - EXT-010) +15. parent_student_links -- Links padres-estudiantes (FUTURE) +16. parent_notifications -- Notificaciones a padres (FUTURE) +``` + +**Funciones (6):** +```sql +01. assign_role_to_user() -- Asignar rol a usuario +02. get_user_role() -- Obtener rol de usuario +03. verify_user_permission() -- Verificar permiso +04. remove_role_from_user() -- Remover rol +05. hash_token() -- Hash de tokens de seguridad +06. update_user_preferences() -- Actualizar preferencias +``` + +**Triggers (6):** +```sql +02. trg_memberships_updated_at -- Auto-actualizar updated_at +03. trg_audit_profile_changes -- Auditar cambios en profiles +04. trg_initialize_user_stats -- Inicializar stats de gamificacion +05. trg_profiles_updated_at -- Auto-actualizar updated_at +06. trg_tenants_updated_at -- Auto-actualizar updated_at +07. trg_user_roles_updated_at -- Auto-actualizar updated_at +``` + +**Indices (11):** +- Indices en user_roles (role, tenant_id, user_id) +- Indices en user_sessions (active, expires, tokens) +- Indices en user_preferences (theme) +- Indices GIN en permissions + +**RLS Policies:** 1 archivo consolidado con politicas de acceso + +**Patrones observados:** +- ✅ Multi-tenancy con tabla `tenants` +- ✅ RBAC (Role-Based Access Control) con `roles` y `user_roles` +- ✅ OAuth providers multiples +- ✅ Tokens con hash de seguridad +- ✅ Auditoria de eventos de seguridad +- ✅ Sesiones con JWT tracking +- ✅ Triggers para updated_at automatico +- ✅ RLS policies para multi-tenant isolation + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR** estructura completa de autenticacion y RBAC + +--- + +#### 2.2.2 gamification_system - Sistema de Gamificacion + +**Proposito:** Sistema completo de gamificacion con logros, rangos mayas, monedas ML, comodines y notificaciones. + +**Tablas (15):** +```sql +01. user_stats -- Estadisticas de usuario (XP, level, coins, streak) +02. user_ranks -- Historial de rangos mayas +03. achievements -- Logros disponibles +04. user_achievements -- Logros desbloqueados por usuarios +05. ml_coins_transactions -- Transacciones de ML Coins +06. missions -- Misiones disponibles +07. comodines_inventory -- Inventario de comodines (power-ups) +08. notifications -- Notificaciones del sistema +09. leaderboard_metadata -- Metadata de leaderboards +10. achievement_categories -- Categorias de logros +11. active_boosts -- Boosts activos temporales +12. inventory_transactions -- Transacciones de inventario +13. maya_ranks -- Definicion de rangos mayas +14. comodin_usage_log -- Log de uso de comodines +15. comodin_usage_tracking -- Tracking de uso de comodines +``` + +**ENUMs (4):** +```sql +maya_rank -- 5 rangos: Ajaw, Nacom, Ah K'in, Halach Uinic, K'uk'ulkan +notification_priority -- 4 niveles: low, medium, high, critical +notification_type -- 11 tipos: achievement_unlocked, rank_up, etc. +transaction_type -- 14 tipos: earned_exercise, spent_powerup, etc. +``` + +**Funciones (25):** +```sql +apply_xp_boost() -- Aplicar boost de XP +award_ml_coins() -- Otorgar ML Coins +calculate_level_from_xp() -- Calcular nivel desde XP +calculate_user_rank() -- Calcular rango maya +check_and_award_achievements() -- Verificar y otorgar logros +check_rank_promotion() -- Verificar promocion de rango (NUEVO) +claim_achievement_reward() -- Reclamar recompensa de logro +consume_comodin() -- Consumir comodin (power-up) +get_rank_benefits() -- Obtener beneficios de rango (NUEVO) +get_rank_multiplier() -- Obtener multiplicador de rango (NUEVO) +get_user_comodines() -- Obtener comodines de usuario +get_user_inventory_summary() -- Resumen de inventario +get_user_rank_progress() -- Progreso de rango +get_user_rank_requirements() -- Requisitos de siguiente rango +process_exercise_completion() -- Procesar completacion de ejercicio +promote_to_next_rank() -- Promocion a siguiente rango (NUEVO) +send_notification() -- Enviar notificacion +update_leaderboard_coins() -- Actualizar leaderboard de coins +update_leaderboard_global() -- Actualizar leaderboard global +update_leaderboard_streaks() -- Actualizar leaderboard de rachas +update_user_rank() -- Actualizar rango de usuario (REFACTORIZADO) +recalculate_level_on_xp_change() -- Recalcular nivel al cambiar XP +update_missions_updated_at() -- Auto-actualizar updated_at +update_notifications_updated_at() -- Auto-actualizar updated_at +``` + +**Triggers (10):** +```sql +01. trg_achievement_unlocked -- Trigger al desbloquear logro +02. trg_check_rank_promotion -- Verificar promocion de rango +15. trg_achievements_updated_at -- Auto-actualizar updated_at +16. trg_comodines_inventory_updated_at -- Auto-actualizar updated_at +17. missions_updated_at -- Auto-actualizar updated_at +18. notifications_updated_at -- Auto-actualizar updated_at +19. trg_user_ranks_updated_at -- Auto-actualizar updated_at +20. trg_user_stats_updated_at -- Auto-actualizar updated_at +21. trg_recalculate_level_on_xp_change -- Recalcular nivel automaticamente + trg_check_rank_promotion_on_xp_gain -- Promocion automatica (NUEVO) +``` + +**Vistas (4):** +```sql +01. leaderboard_coins -- Leaderboard por ML Coins +02. leaderboard_global -- Leaderboard global por XP +03. leaderboard_streaks -- Leaderboard por rachas +04. leaderboard_xp -- Leaderboard por XP puro +``` + +**Vistas Materializadas (4):** +```sql +01. mv_global_leaderboard -- Leaderboard global materializado +02. mv_classroom_leaderboard -- Leaderboard por aula +03. mv_weekly_leaderboard -- Leaderboard semanal +04. mv_mechanic_leaderboard -- Leaderboard por mecanica educativa +``` + +**Indices (23):** Indices optimizados en user_stats, achievements, transactions, etc. + +**RLS Policies:** 8 archivos (ml-coins, achievements, user-stats, inventory, notifications, leaderboard) + +**Patrones observados:** +- ✅ Sistema de XP y niveles con calculo automatico +- ✅ Rangos jerarquicos (mayas) con beneficios +- ✅ Moneda virtual (ML Coins) con transacciones +- ✅ Logros con condiciones y recompensas +- ✅ Comodines/Power-ups con inventario +- ✅ Notificaciones con prioridades +- ✅ Leaderboards con vistas materializadas (performance) +- ✅ Triggers automaticos para recalculo +- ✅ Funciones PL/pgSQL para logica compleja + +**Aplicabilidad a ERP Generico:** ⭐⭐ (BAJA) + +**Decision:** ❌ **NO ADOPTAR** (especifico de gamificacion, no aplicable a ERP) + +--- + +#### 2.2.3 educational_content - Contenido Educativo + +**Proposito:** Modulos educativos, ejercicios, recursos multimedia y assignments. + +**Tablas (14 activas):** +```sql +01. modules -- Modulos educativos (5 modulos) +02. exercises -- Ejercicios (33 tipos diferentes, 85 total) +03. assessment_rubrics -- Rubricas de evaluacion +04. media_resources -- Recursos multimedia +05. assignments -- Tareas asignadas por profesor +06. assignment_exercises -- Ejercicios en cada assignment +07. assignment_students -- Estudiantes asignados +08. assignment_submissions -- Envios de estudiantes + content_approvals -- Aprobaciones de contenido + content_metadata -- Metadata de contenido + content_tags -- Tags de contenido + module_dependencies -- Dependencias entre modulos + taxonomies -- Taxonomias educativas +20. difficulty_criteria -- Criterios de dificultad CEFR (NUEVO) + +-- DEPRECATED (eliminadas): +-- exercise_answers.sql +-- exercise_options.sql +``` + +**ENUMs (3):** +```sql +bloom_taxonomy -- Taxonomia de Bloom educativa +difficulty_level -- 8 niveles CEFR: beginner (A1), elementary (A2), ..., native +exercise_mechanic -- 33 mecanicas educativas diferentes +``` + +**Funciones (3):** +```sql +calculate_learning_path() -- Calcular ruta de aprendizaje +get_recommended_missions() -- Recomendar misiones +validate_exercise_structure() -- Validar estructura de ejercicio +``` + +**Triggers (4):** +```sql +11. trg_assessment_rubrics_updated_at -- Auto-actualizar updated_at +12. trg_exercises_updated_at -- Auto-actualizar updated_at +13. trg_media_resources_updated_at -- Auto-actualizar updated_at +14. trg_modules_updated_at -- Auto-actualizar updated_at +``` + +**Indices (16):** Indices en assignments, submissions, exercises + +**RLS Policies:** 2 archivos (enable-rls, modules-exercises-policies) + +**Patrones observados:** +- ✅ Modulos con dependencias (prerequisitos) +- ✅ Ejercicios con config JSONB (modelo dual) +- ✅ Niveles de dificultad CEFR internacional +- ✅ Assignments con deadlines +- ✅ Sistema de submissions y grading +- ✅ Recursos multimedia con metadata +- ✅ Taxonomias educativas +- ❌ Modelo JSONB puro (eliminaron exercise_options y exercise_answers) + +**Aplicabilidad a ERP Generico:** ⭐ (MUY BAJA) + +**Decision:** ❌ **NO ADOPTAR** (especifico de educacion, no aplicable a ERP) + +**Aprendizajes trasladables:** +- ✅ Patron de assignments (podria ser ordenes de trabajo) +- ✅ Sistema de submissions (podria ser entregas/recepciones) +- ✅ Modelo JSONB para datos flexibles + +--- + +#### 2.2.4 progress_tracking - Seguimiento de Progreso + +**Proposito:** Tracking de progreso de estudiantes, sesiones de aprendizaje, attempts de ejercicios. + +**Tablas (~8):** +```sql +module_progress -- Progreso en modulos +learning_sessions -- Sesiones de aprendizaje +exercise_attempts -- Intentos de ejercicios +exercise_submissions -- Envios de ejercicios +scheduled_missions -- Misiones programadas +teacher_notes -- Notas del profesor +engagement_metrics -- Metricas de engagement +learning_paths -- Rutas de aprendizaje +mastery_tracking -- Tracking de maestria +module_completion_tracking -- Tracking de completacion +progress_snapshots -- Snapshots de progreso +skill_assessments -- Evaluaciones de habilidades +user_learning_paths -- Rutas por usuario +``` + +**ENUMs:** +```sql +progress_status -- 6 estados: not_started, in_progress, completed, needs_review, mastered, abandoned +attempt_result -- 4 resultados: correct, incorrect, partial, skipped +``` + +**Patrones observados:** +- ✅ Tracking de progreso con porcentajes +- ✅ Sesiones de aprendizaje con tiempo +- ✅ Multiple attempts por ejercicio +- ✅ Snapshots para analytics historicos +- ✅ Notas del profesor (feedback) + +**Aplicabilidad a ERP Generico:** ⭐⭐ (BAJA-MEDIA) + +**Decision:** 🔧 **ADAPTAR** conceptos de tracking + +**Aprendizajes trasladables:** +- ✅ Patron de "progreso" (aplicable a avance de obra) +- ✅ Snapshots para historico (aplicable a presupuestos) +- ✅ Notas/comentarios (aplicable a observaciones de obra) + +--- + +#### 2.2.5 social_features - Caracteristicas Sociales + +**Proposito:** Amistades, escuelas, aulas, equipos y desafios. + +**Tablas (~10):** +```sql +friendships -- Amistades entre usuarios +schools -- Escuelas +classrooms -- Aulas/Salones +classroom_members -- Miembros de aulas +teams -- Equipos +team_members -- Miembros de equipos +team_challenges -- Desafios entre equipos +assignment_classrooms -- Assignments por aula +peer_challenges -- Desafios entre pares +challenge_participants -- Participantes en desafios +challenge_results -- Resultados de desafios +discussion_threads -- Hilos de discusion +social_interactions -- Interacciones sociales +teacher_classrooms -- Aulas por profesor +user_follows -- Seguidores +``` + +**ENUMs:** +```sql +friendship_status -- 4 estados: pending, accepted, rejected, blocked +classroom_member_status -- 4 estados: active, inactive, withdrawn, completed +enrollment_method -- 4 metodos: teacher_invite, self_enroll, admin_add, bulk_import +team_member_role -- 3 roles: owner, admin, member +team_challenge_status -- 5 estados: active, in_progress, completed, failed, cancelled +social_event_type -- 5 tipos: competition, collaboration, challenge, tournament, workshop +``` + +**Patrones observados:** +- ✅ Jerarquia: Escuelas → Aulas → Equipos +- ✅ Amistades con estados +- ✅ Enrollment con multiples metodos +- ✅ Desafios competitivos +- ✅ Roles en equipos + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐ (MEDIA) + +**Decision:** 🔧 **ADAPTAR** jerarquias organizacionales + +**Aprendizajes trasladables:** +- ✅ Jerarquia Empresa → Proyecto → Equipo +- ✅ Miembros con roles +- ✅ Estados de membresia +- ✅ Metodos de enrollment (aplicable a asignacion de personal) + +--- + +#### 2.2.6 content_management - Gestion de Contenido + +**Proposito:** Plantillas de contenido, contenido Marie Curie, archivos multimedia. + +**Tablas (~6):** +```sql +content_templates -- Plantillas reutilizables +marie_curie_content -- Contenido especifico +media_files -- Archivos multimedia +content_authors -- Autores de contenido +content_categories -- Categorias +content_versions -- Versionado de contenido +flagged_content -- Contenido reportado +media_metadata -- Metadata de archivos +``` + +**ENUMs:** +```sql +content_status -- 4 estados: draft, published, archived, under_review +content_type -- 6 tipos: video, text, interactive, quiz, game, simulation +media_type -- 6 tipos: image, video, audio, document, interactive, animation +processing_status -- 5 estados: uploading, processing, ready, error, optimizing +``` + +**Patrones observados:** +- ✅ Plantillas reutilizables +- ✅ Versionado de contenido +- ✅ Estados de publicacion +- ✅ Processing status para multimedia + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐ (MEDIA) + +**Decision:** 🔧 **ADAPTAR** gestion documental + +**Aprendizajes trasladables:** +- ✅ Plantillas (aplicable a formatos de contratos) +- ✅ Versionado (aplicable a documentos de obra) +- ✅ Estados de publicacion (aplicable a aprobaciones) +- ✅ Metadata de archivos (aplicable a planos, documentos) + +--- + +#### 2.2.7 audit_logging - Auditoria y Logs + +**Proposito:** Logs de auditoria, actividad de usuarios, metricas de performance. + +**Tablas (~4):** +```sql +audit_logs -- Logs de auditoria +system_logs -- Logs del sistema +user_activity_logs -- Actividad de usuarios +performance_metrics -- Metricas de performance +system_alerts -- Alertas del sistema +user_activity -- Actividad agregada +``` + +**ENUMs:** +```sql +aggregation_period -- 5 periodos: daily, weekly, monthly, quarterly, yearly +metric_type -- 7 tipos: engagement, performance, completion, time_spent, accuracy, streak, social_interaction +``` + +**Patrones observados:** +- ✅ Auditoria completa de cambios +- ✅ Logs de actividad de usuarios +- ✅ Metricas de performance +- ✅ Agregacion por periodos + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Critico para ERP:** +- Auditoria de cambios en presupuestos +- Logs de compras y gastos +- Tracking de modificaciones +- Metricas de performance del sistema + +--- + +#### 2.2.8 system_configuration - Configuracion del Sistema + +**Proposito:** Configuracion dinamica del sistema, feature flags. + +**Tablas (~3):** +```sql +system_settings -- Settings del sistema +feature_flags -- Feature flags (A/B testing) +notification_settings -- Configuracion de notificaciones +api_configuration -- Configuracion de APIs +environment_config -- Configuracion por ambiente +tenant_configurations -- Configuraciones por tenant +``` + +**Patrones observados:** +- ✅ Settings dinamicos sin redeploy +- ✅ Feature flags para A/B testing +- ✅ Configuracion multi-tenant +- ✅ Configuracion por ambiente + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Critico para ERP:** +- Configuracion dinamica sin redeploy +- Feature flags para releases graduales +- Configuracion por empresa (multi-tenant) + +--- + +#### 2.2.9 public - Schema Publico + +**Proposito:** Funciones compartidas y utilidades generales. + +**Objetos (~15):** +- Funciones de utilidad compartidas +- Extensiones PostgreSQL (uuid-ossp, pgcrypto, etc.) +- Tipos compartidos + +**Patrones observados:** +- ✅ Funciones reutilizables +- ✅ Extensiones centralizadas +- ✅ Tipos compartidos + +**Aplicabilidad a ERP Generico:** ⭐⭐⭐⭐ (ALTA) + +**Decision:** ✅ **ADOPTAR** + +--- + +## 3. PATRON DE ORGANIZACION INTERNA DE SCHEMAS + +Cada schema en GAMILIT sigue una **estructura de carpetas estandarizada**: + +``` +schema_name/ +├── _MAP.md # Mapa completo del schema (SIMCO) +├── tables/ # Tablas principales +│ ├── _MAP.md +│ ├── 01-tabla1.sql # Prefijo numerico para orden +│ ├── 02-tabla2.sql +│ └── ... +├── indexes/ # Indices optimizados +│ ├── _MAP.md +│ ├── idx_tabla1_campo1.sql +│ └── ... +├── functions/ # Funciones PL/pgSQL +│ ├── _MAP.md +│ ├── 01-funcion1.sql +│ └── ... +├── triggers/ # Triggers +│ ├── _MAP.md +│ ├── 01-trg_tabla1_updated_at.sql +│ └── ... +├── views/ # Vistas (opcional) +│ ├── _MAP.md +│ └── ... +├── materialized-views/ # Vistas materializadas (opcional) +│ ├── _MAP.md +│ └── ... +├── enums/ # ENUMs PostgreSQL (opcional) +│ ├── _MAP.md +│ └── ... +├── rls-policies/ # Row Level Security (opcional) +│ ├── _MAP.md +│ ├── 01-enable-rls.sql +│ └── 02-policies.sql +└── seeds/ # Datos iniciales (opcional) + ├── _MAP.md + └── ... +``` + +### 3.1 Ventajas de esta Organizacion + +1. **Navegacion facil:** Estructura predecible +2. **Documentacion integrada:** Archivos _MAP.md en cada nivel +3. **Orden de ejecucion:** Prefijos numericos (01-, 02-, etc.) +4. **Separacion de responsabilidades:** Un archivo por objeto +5. **Git-friendly:** Merges mas faciles +6. **CI/CD-ready:** Facil automatizar ejecucion + +--- + +## 4. ROW LEVEL SECURITY (RLS) + +### 4.1 Implementacion en GAMILIT + +**Politicas RLS totales:** 159 planeadas, 41 activas + +**Schemas con RLS:** +- `auth_management` - 1 archivo de policies +- `gamification_system` - 8 archivos de policies +- `educational_content` - 2 archivos de policies +- `progress_tracking` - ~2 archivos de policies +- `social_features` - ~2 archivos de policies +- Otros schemas - ~3 archivos de policies + +### 4.2 Patron de Implementacion + +**Archivo 01-enable-rls.sql:** +```sql +-- Habilitar RLS en todas las tablas del schema +ALTER TABLE schema_name.tabla1 ENABLE ROW LEVEL SECURITY; +ALTER TABLE schema_name.tabla2 ENABLE ROW LEVEL SECURITY; +-- ... +``` + +**Archivo 02-policies.sql (ejemplo):** +```sql +-- Policy: Los usuarios solo ven sus propios datos +CREATE POLICY user_own_data ON schema_name.tabla1 + FOR SELECT + USING (user_id = current_user_id()); + +-- Policy: Multi-tenant isolation +CREATE POLICY tenant_isolation ON schema_name.tabla1 + FOR ALL + USING (tenant_id = current_tenant_id()); +``` + +### 4.3 Funciones de Contexto + +```sql +-- Obtener user_id del contexto actual (JWT) +CREATE FUNCTION current_user_id() RETURNS UUID AS $$ + SELECT current_setting('app.current_user_id')::UUID; +$$ LANGUAGE SQL STABLE; + +-- Obtener tenant_id del contexto actual +CREATE FUNCTION current_tenant_id() RETURNS UUID AS $$ + SELECT current_setting('app.current_tenant_id')::UUID; +$$ LANGUAGE SQL STABLE; +``` + +### 4.4 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Usos en ERP:** +- Multi-tenant isolation (empresa por empresa) +- Permisos por rol (solo ver presupuestos asignados) +- Seguridad a nivel de fila (solo ver propias compras) + +--- + +## 5. SISTEMA DE DOCUMENTACION _MAP.md (SIMCO) + +### 5.1 Total de Archivos _MAP.md en GAMILIT + +**85+ archivos _MAP.md** distribuidos jerarquicamente: + +``` +gamilit/ +├── _MAP.md # Mapa raiz del proyecto +└── database/ + └── ddl/ + └── schemas/ + ├── auth_management/ + │ ├── _MAP.md # Mapa del schema + │ ├── tables/_MAP.md # Lista de tablas + │ ├── indexes/_MAP.md # Lista de indices + │ ├── functions/_MAP.md # Lista de funciones + │ ├── triggers/_MAP.md # Lista de triggers + │ └── rls-policies/_MAP.md # Lista de policies + ├── gamification_system/ + │ ├── _MAP.md + │ ├── tables/_MAP.md + │ └── ... (7 _MAP.md por schema) + └── ... (9 schemas × ~9 _MAP.md = ~81 archivos) +``` + +### 5.2 Estructura de un _MAP.md + +**Ejemplo:** `database/ddl/schemas/auth_management/_MAP.md` + +```markdown +# Schema: auth_management + +Gestion de autenticacion y autorizacion: usuarios, roles, perfiles, sesiones + +## Estructura + +- **tables/**: 15 archivos +- **functions/**: 6 archivos +- **triggers/**: 6 archivos +- **indexes/**: 11 archivos +- **rls-policies/**: 1 archivos + +**Total:** 39 objetos + +## Contenido Detallado + +### tables/ (15 archivos) + +``` +01-tenants.sql +02-auth_attempts.sql +03-profiles.sql +... +``` + +### functions/ (6 archivos) + +``` +01-assign_role_to_user.sql +02-get_user_role.sql +... +``` + +--- + +**Ultima actualizacion:** 2025-11-09 +**Reorganizacion:** 2025-11-09 +``` + +### 5.3 Beneficios del Sistema SIMCO + +1. **Navegacion rapida para AI agents** +2. **Documentacion estructurada y actualizable** +3. **Visibilidad de cambios en Git** +4. **Jerarquia clara de objetos** +5. **Mantenimiento incremental** + +### 5.4 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** (ya en uso) + +--- + +## 6. INDICES Y OPTIMIZACION + +### 6.1 Metricas de Indices en GAMILIT + +**Total de indices:** 279+ + +**Distribucion:** +- `gamification_system`: 23 indices +- `educational_content`: 16 indices +- `auth_management`: 11 indices +- Otros schemas: ~229 indices + +### 6.2 Patrones de Indexacion Observados + +**1. Indices en Foreign Keys:** +```sql +CREATE INDEX idx_user_roles_user_id ON auth_management.user_roles(user_id); +CREATE INDEX idx_user_roles_tenant_id ON auth_management.user_roles(tenant_id); +``` + +**2. Indices en Campos de Busqueda Frecuente:** +```sql +CREATE INDEX idx_user_sessions_active ON auth_management.user_sessions(is_active); +CREATE INDEX idx_user_sessions_expires ON auth_management.user_sessions(expires_at); +``` + +**3. Indices GIN para JSONB y Arrays:** +```sql +CREATE INDEX idx_user_roles_permissions_gin + ON auth_management.user_roles + USING GIN (permissions); + +CREATE INDEX idx_achievements_conditions_gin + ON gamification_system.achievements + USING GIN (unlock_conditions); +``` + +**4. Indices Compuestos:** +```sql +CREATE INDEX idx_user_stats_tenant_level + ON gamification_system.user_stats(tenant_id, level); +``` + +**5. Indices de Ordenamiento (Leaderboards):** +```sql +CREATE INDEX idx_user_stats_global_rank + ON gamification_system.user_stats(total_xp DESC); +``` + +### 6.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR** patrones de indexacion + +**Indices criticos para ERP:** +- Foreign keys (empresa_id, proyecto_id, etc.) +- Campos de busqueda (fechas, estados, montos) +- Indices GIN para campos JSONB (metadata, configuraciones) +- Indices compuestos para consultas frecuentes + +--- + +## 7. FUNCIONES PL/pgSQL + +### 7.1 Metricas de Funciones en GAMILIT + +**Total de funciones:** 50+ + +**Distribucion:** +- `gamification_system`: 25 funciones +- `auth_management`: 6 funciones +- `educational_content`: 3 funciones +- `public`: ~10 funciones +- Otros schemas: ~6 funciones + +### 7.2 Categorias de Funciones + +**1. Funciones de Calculo:** +```sql +-- Calcular nivel desde XP +CREATE FUNCTION gamification_system.calculate_level_from_xp(xp INTEGER) +RETURNS INTEGER AS $$ + -- Logica de calculo +$$ LANGUAGE plpgsql IMMUTABLE; +``` + +**2. Funciones de Negocio:** +```sql +-- Procesar completacion de ejercicio +CREATE FUNCTION gamification_system.process_exercise_completion( + p_user_id UUID, + p_exercise_id UUID, + p_score INTEGER +) RETURNS VOID AS $$ + -- Logica compleja: otorgar XP, coins, verificar logros, etc. +$$ LANGUAGE plpgsql; +``` + +**3. Funciones de Utilidad:** +```sql +-- Hash de tokens +CREATE FUNCTION auth_management.hash_token(token TEXT) +RETURNS TEXT AS $$ + SELECT encode(digest(token, 'sha256'), 'hex'); +$$ LANGUAGE SQL IMMUTABLE; +``` + +**4. Funciones de Contexto:** +```sql +-- Obtener user_id actual +CREATE FUNCTION current_user_id() RETURNS UUID AS $$ + SELECT current_setting('app.current_user_id')::UUID; +$$ LANGUAGE SQL STABLE; +``` + +### 7.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR** uso de funciones PL/pgSQL + +**Funciones criticas para ERP:** +- Calculos de presupuesto (aplicar porcentajes, descuentos) +- Validaciones de negocio (verificar disponibilidad de presupuesto) +- Agregaciones (totales por proyecto, empresa, periodo) +- Automatizaciones (generar asientos contables, actualizar inventario) + +--- + +## 8. TRIGGERS + +### 8.1 Metricas de Triggers en GAMILIT + +**Total de triggers:** 35+ + +**Distribucion:** +- `gamification_system`: 10 triggers +- `auth_management`: 6 triggers +- `educational_content`: 4 triggers +- Otros schemas: ~15 triggers + +### 8.2 Patrones de Triggers Observados + +**1. Auto-actualizar updated_at:** +```sql +CREATE TRIGGER trg_users_updated_at + BEFORE UPDATE ON auth_management.users + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); +``` + +**2. Auditoria de Cambios:** +```sql +CREATE TRIGGER trg_audit_profile_changes + AFTER UPDATE ON auth_management.profiles + FOR EACH ROW + EXECUTE FUNCTION log_profile_changes(); +``` + +**3. Inicializacion Automatica:** +```sql +CREATE TRIGGER trg_initialize_user_stats + AFTER INSERT ON auth_management.profiles + FOR EACH ROW + EXECUTE FUNCTION gamification_system.initialize_user_stats(); +``` + +**4. Validaciones de Negocio:** +```sql +CREATE TRIGGER trg_check_rank_promotion + AFTER UPDATE OF total_xp ON gamification_system.user_stats + FOR EACH ROW + WHEN (NEW.total_xp > OLD.total_xp) + EXECUTE FUNCTION gamification_system.check_rank_promotion(); +``` + +**5. Recalculos Automaticos:** +```sql +CREATE TRIGGER trg_recalculate_level_on_xp_change + AFTER UPDATE OF total_xp ON gamification_system.user_stats + FOR EACH ROW + EXECUTE FUNCTION gamification_system.recalculate_level_on_xp_change(); +``` + +### 8.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR** uso de triggers + +**Triggers criticos para ERP:** +- Auto-actualizar updated_at en todas las tablas +- Auditoria de cambios en presupuestos y compras +- Validaciones de negocio (no exceder presupuesto) +- Recalculos automaticos (totales, saldos, inventario) +- Notificaciones automaticas (aprobaciones, vencimientos) + +--- + +## 9. MATRIZ DE DECISION: ADOPTAR / ADAPTAR / EVITAR + +### 9.1 ADOPTAR COMPLETAMENTE ✅ + +| Patron | Schema(s) | Justificacion | Prioridad | +|--------|-----------|---------------|-----------| +| **Arquitectura Multi-Schema** | Todos | Separacion logica por dominio | P0 | +| **Organizacion interna de schemas** | Todos | Estructura estandarizada | P0 | +| **Sistema SIMCO (_MAP.md)** | Todos | Documentacion jerarquica | P0 | +| **Row Level Security (RLS)** | auth, gamification, etc. | Multi-tenant isolation | P0 | +| **Triggers de updated_at** | Todos | Auditoria de cambios | P0 | +| **Funciones de contexto** | auth_management | current_user_id(), current_tenant_id() | P0 | +| **Indices en Foreign Keys** | Todos | Performance de JOINs | P0 | +| **Indices GIN en JSONB** | Varios | Busqueda en campos JSONB | P1 | +| **Auditoria completa** | audit_logging | Logs de cambios | P0 | +| **Configuracion dinamica** | system_configuration | Settings sin redeploy | P0 | + +### 9.2 ADAPTAR A CONTEXTO ERP 🔧 + +| Patron | Schema Original | Adaptacion para ERP | Justificacion | +|--------|----------------|---------------------|---------------| +| **Jerarquia organizacional** | social_features | Empresa → Proyecto → Equipo | Estructura similar pero diferente contexto | +| **Sistema de assignments** | educational_content | Ordenes de trabajo | Concepto trasladable | +| **Sistema de submissions** | educational_content | Entregas/Recepciones | Concepto trasladable | +| **Tracking de progreso** | progress_tracking | Avance de obra | Concepto trasladable | +| **Snapshots** | progress_tracking | Snapshots de presupuestos | Historial de cambios | +| **Notas/Comentarios** | progress_tracking | Observaciones de obra | Feedback y seguimiento | +| **Plantillas** | content_management | Plantillas de contratos | Reutilizacion de documentos | +| **Versionado** | content_management | Versionado de documentos | Control de cambios | + +### 9.3 EVITAR / NO APLICABLE ❌ + +| Patron | Schema Original | Razon | +|--------|----------------|-------| +| **Sistema de gamificacion completo** | gamification_system | No aplicable a ERP (XP, logros, rangos mayas) | +| **Contenido educativo** | educational_content | Especifico de educacion (modulos, ejercicios) | +| **Caracteristicas sociales** | social_features | No aplicable (amistades, equipos gaming) | +| **Leaderboards** | gamification_system | No aplicable a ERP | +| **Comodines/Power-ups** | gamification_system | Especifico de juegos | + +--- + +## 10. PROPUESTA DE SCHEMAS PARA ERP GENERICO + +Basado en el analisis de GAMILIT, se propone la siguiente arquitectura multi-schema para el ERP Generico: + +```sql +-- 9 Schemas propuestos para ERP Generico + +core_system -- Usuarios, empresas, monedas, configuracion base + ├── companies -- Empresas (multi-tenant) + ├── users -- Usuarios del sistema + ├── roles -- Roles RBAC + ├── permissions -- Permisos granulares + ├── user_sessions -- Sesiones activas + ├── currencies -- Monedas soportadas + ├── exchange_rates -- Tasas de cambio + └── system_settings -- Configuracion dinamica + +accounting -- Contabilidad completa + ├── chart_of_accounts -- Catalogo de cuentas + ├── journal_entries -- Asientos contables + ├── account_balances -- Saldos de cuentas + ├── fiscal_periods -- Periodos fiscales + ├── tax_rates -- Impuestos + └── financial_reports -- Reportes financieros + +budgets -- Presupuestos y control + ├── budgets -- Presupuestos maestros + ├── budget_items -- Partidas presupuestarias + ├── budget_categories -- Categorias + ├── budget_tracking -- Seguimiento de ejecucion + ├── budget_snapshots -- Snapshots historicos + └── budget_approvals -- Flujo de aprobaciones + +purchasing -- Compras y proveedores + ├── suppliers -- Proveedores + ├── purchase_orders -- Ordenes de compra + ├── purchase_items -- Items de compra + ├── receipts -- Recepciones + ├── invoices -- Facturas de proveedores + └── payments -- Pagos a proveedores + +inventory -- Inventario y almacenes + ├── warehouses -- Almacenes + ├── products -- Productos/Materiales + ├── product_categories -- Categorias de productos + ├── stock_movements -- Movimientos de inventario + ├── stock_balances -- Saldos de inventario + └── inventory_snapshots -- Snapshots de inventario + +projects -- Proyectos y obras + ├── projects -- Proyectos/Obras + ├── project_phases -- Fases de proyecto + ├── work_orders -- Ordenes de trabajo + ├── project_team -- Equipo del proyecto + ├── project_progress -- Avance de obra + └── project_documents -- Documentos del proyecto + +human_resources -- RRHH y nominas + ├── employees -- Empleados + ├── departments -- Departamentos + ├── payrolls -- Nominas + ├── payroll_items -- Conceptos de nomina + ├── attendance -- Asistencia + └── employee_benefits -- Beneficios + +audit_logging -- Auditoria completa + ├── audit_logs -- Logs de auditoria + ├── user_activity -- Actividad de usuarios + ├── change_history -- Historial de cambios + ├── system_logs -- Logs del sistema + └── performance_metrics -- Metricas de performance + +system_notifications -- Notificaciones multi-canal + ├── notifications -- Notificaciones + ├── notification_preferences -- Preferencias + ├── notification_templates -- Plantillas + ├── notification_queue -- Cola de envios + └── user_devices -- Dispositivos para push +``` + +**Total schemas:** 9 (igual que GAMILIT) + +**Beneficios:** +- Separacion logica clara por dominio +- Multi-tenancy (isolation por empresa) +- Permisos granulares por schema +- Escalabilidad (facil agregar nuevos schemas) +- Mantenibilidad (cambios aislados) + +--- + +## 11. CONCLUSION Y RECOMENDACIONES + +### 11.1 Hallazgos Clave + +1. **Arquitectura Multi-Schema es excelente:** ⭐⭐⭐⭐⭐ + - Separacion logica clara + - Escalabilidad comprobada + - Permisos granulares + - Documentacion estructurada + +2. **Row Level Security es critico:** ⭐⭐⭐⭐⭐ + - Multi-tenant isolation + - Seguridad a nivel de fila + - Implementacion con funciones de contexto + +3. **Sistema SIMCO (_MAP.md) es invaluable:** ⭐⭐⭐⭐⭐ + - 85+ archivos de documentacion jerarquica + - Navegacion rapida para AI agents + - Mantenimiento incremental + +4. **Triggers y Funciones PL/pgSQL son potentes:** ⭐⭐⭐⭐⭐ + - Automatizaciones + - Validaciones de negocio + - Recalculos automaticos + +### 11.2 Recomendaciones Finales + +#### ADOPTAR COMPLETAMENTE ✅ (Prioridad P0) + +1. Arquitectura multi-schema (9 schemas para ERP) +2. Organizacion interna estandarizada de schemas +3. Sistema SIMCO de mapas _MAP.md +4. Row Level Security con funciones de contexto +5. Triggers de updated_at en todas las tablas +6. Indices en foreign keys y campos frecuentes +7. Auditoria completa (audit_logging schema) +8. Configuracion dinamica (system_configuration schema) + +#### ADAPTAR A CONTEXTO ERP 🔧 (Prioridad P1) + +1. Jerarquia organizacional (Empresa → Proyecto → Equipo) +2. Sistema de ordenes de trabajo (adaptado de assignments) +3. Tracking de progreso (adaptado a avance de obra) +4. Sistema de plantillas (contratos, documentos) +5. Versionado de documentos + +#### EVITAR ❌ + +1. Sistema de gamificacion (no aplicable a ERP) +2. Contenido educativo (especifico de educacion) +3. Caracteristicas sociales de gaming + +--- + +**Documento creado:** 2025-11-23 +**Ultima actualizacion:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Proximo documento:** `backend-patterns.md` diff --git a/docs/01-analisis-referencias/gamilit/devops-automation.md b/docs/01-analisis-referencias/gamilit/devops-automation.md new file mode 100644 index 0000000..0d6c080 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/devops-automation.md @@ -0,0 +1,669 @@ +# Scripts DevOps y Automatizacion - GAMILIT + +**Documento:** Analisis de DevOps y Automatizacion +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent + +--- + +## 1. VISION GENERAL + +GAMILIT implementa **scripts TypeScript de validacion y automatizacion** pero **carece de DevOps completo** (Docker, CI/CD, Kubernetes). + +**Estado actual:** +- ✅ **Scripts de validacion:** 3 scripts TypeScript funcionales +- ❌ **Docker:** NO implementado +- ❌ **CI/CD:** NO implementado +- ❌ **Kubernetes:** NO implementado +- ❌ **Deployment scripts:** NO implementado + +**Critica:** DevOps incompleto es un **GAP CRITICO**. NO copiar este anti-patron. + +--- + +## 2. SCRIPTS DE VALIDACION IMPLEMENTADOS + +### 2.1 Resumen de Scripts + +| Script | LOC | Proposito | Estado | Aplicabilidad ERP | +|--------|-----|-----------|--------|-------------------| +| **sync-enums.ts** | 70 | Sincronizar ENUMs Backend → Frontend | ✅ Funcional | ⭐⭐⭐⭐⭐ MAXIMA | +| **validate-constants-usage.ts** | 642 | Detectar hardcoding (33 patrones) | ✅ Funcional | ⭐⭐⭐⭐⭐ MAXIMA | +| **validate-api-contract.ts** | ~150 | Validar Backend ↔ Frontend sync | ✅ Funcional | ⭐⭐⭐⭐ ALTA | + +**Total:** ~860 lineas de codigo de validacion + +### 2.2 Integracion en package.json + +```json +{ + "scripts": { + // ========== SINCRONIZACION ========== + "sync:enums": "ts-node devops/scripts/sync-enums.ts", + "postinstall": "npm run sync:enums", + + // ========== VALIDACIONES ========== + "validate:constants": "ts-node devops/scripts/validate-constants-usage.ts", + "validate:api-contract": "ts-node devops/scripts/validate-api-contract.ts", + "validate:all": "npm run validate:constants && npm run validate:api-contract", + + // ========== TESTING ========== + "test": "jest", + "test:cov": "jest --coverage", + "test:watch": "jest --watch", + + // ========== LINTING ========== + "lint": "eslint . --ext .ts,.tsx", + "lint:fix": "eslint . --ext .ts,.tsx --fix", + "format": "prettier --write \"**/*.{ts,tsx,json,md}\"", + + // ========== BUILD ========== + "build": "npm run build:backend && npm run build:frontend", + "build:backend": "cd apps/backend && npm run build", + "build:frontend": "cd apps/frontend && npm run build", + + // ========== START ========== + "dev": "concurrently \"npm run backend:dev\" \"npm run frontend:dev\"", + "backend:dev": "cd apps/backend && npm run dev", + "frontend:dev": "cd apps/frontend && npm run dev" + } +} +``` + +--- + +## 3. SCRIPT 1: sync-enums.ts + +**Ya documentado en:** `ssot-system.md` + +**Resumen:** +- ✅ Copia automatica Backend → Frontend +- ✅ Postinstall hook (automatico en npm install) +- ✅ Validacion de existencia de archivos +- ✅ Modificacion de headers JSDoc +- ✅ Error handling robusto + +**Uso:** +```bash +npm run sync:enums +# o automatico en: +npm install +``` + +--- + +## 4. SCRIPT 2: validate-constants-usage.ts + +**Ya documentado en:** `ssot-system.md` + +**Resumen:** +- ✅ 33 patrones de deteccion de hardcoding +- ✅ Severidades: P0 (critico), P1 (importante), P2 (menor) +- ✅ Exclusiones configurables +- ✅ Reportes detallados con sugerencias +- ✅ Exit codes para CI/CD +- ✅ Escaneo de 1,500+ archivos + +**Uso:** +```bash +npm run validate:constants + +# Salida: +🔍 Validando uso de constantes (detectando hardcoding SSOT)... + +📂 Escaneando 1,523 archivos... + +❌ VIOLACIONES P0 (CRITICAS) - BLOQUEAN CI/CD: 3 + +1. 📄 backend/src/modules/auth/services/user.service.ts + 🚨 Hardcoded schema "auth_management" + 💡 Usa DB_SCHEMAS.AUTH en su lugar + 📍 Lineas: 15, 23, 45 + 🔢 Total de ocurrencias: 3 + +⚠️ VIOLACIONES P1 (IMPORTANTES) - REVISAR: 5 + +ℹ️ VIOLACIONES P2 (MENORES) - INFORMATIVO: 12 + +❌ FALLO: Existen violaciones P0 que bloquean el CI/CD. + +Exit code: 1 +``` + +--- + +## 5. SCRIPT 3: validate-api-contract.ts (~150 lineas) + +**Proposito:** Validar que endpoints de Backend coinciden con Frontend + +**Logica:** +1. Leer `API_ROUTES` de Backend +2. Leer `API_ENDPOINTS` de Frontend +3. Comparar que todos los endpoints Frontend existen en Backend +4. Reportar discrepancias + +**Pseudocodigo:** +```typescript +import { API_ROUTES as BACKEND_ROUTES } from '@backend/shared/constants'; +import { API_ENDPOINTS as FRONTEND_ENDPOINTS } from '@frontend/shared/constants'; + +function validateApiContract() { + const backendEndpoints = extractAllEndpoints(BACKEND_ROUTES); + const frontendEndpoints = extractAllEndpoints(FRONTEND_ENDPOINTS); + + const missing = frontendEndpoints.filter( + (endpoint) => !backendEndpoints.includes(endpoint) + ); + + if (missing.length > 0) { + console.error('❌ Endpoints en Frontend pero NO en Backend:'); + missing.forEach((endpoint) => console.error(` - ${endpoint}`)); + process.exit(1); + } + + console.log('✅ Todos los endpoints Frontend existen en Backend'); +} + +validateApiContract(); +``` + +**Uso:** +```bash +npm run validate:api-contract + +# Salida: +✅ Todos los endpoints Frontend existen en Backend +✅ Contrato API validado correctamente +``` + +--- + +## 6. GAPS CRITICOS EN DEVOPS + +### 6.1 Docker: NO IMPLEMENTADO ❌ + +**Faltante:** +- `Dockerfile` para Backend +- `Dockerfile` para Frontend +- `docker-compose.yml` para desarrollo local +- Imagenes multi-stage (optimizacion) +- Health checks + +**Impacto:** +- Ambiente de desarrollo inconsistente +- Deployment manual propenso a errores +- No portable entre desarrolladores +- Dificil escalar + +**Recomendacion para ERP:** + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **IMPLEMENTAR DESDE EL INICIO** + +**Ejemplo de estructura:** +``` +docker/ +├── backend/ +│ ├── Dockerfile +│ └── .dockerignore +├── frontend/ +│ ├── Dockerfile +│ └── .dockerignore +├── database/ +│ └── Dockerfile (PostgreSQL custom) +├── docker-compose.yml # Desarrollo local +├── docker-compose.prod.yml # Produccion +└── .env.example # Variables de entorno +``` + +**docker-compose.yml ejemplo:** +```yaml +version: '3.8' + +services: + database: + image: postgres:16-alpine + environment: + POSTGRES_DB: erp_generic + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + ports: + - '5432:5432' + volumes: + - postgres_data:/var/lib/postgresql/data + + backend: + build: + context: ./backend + dockerfile: Dockerfile + environment: + DATABASE_URL: postgres://postgres:postgres@database:5432/erp_generic + NODE_ENV: development + ports: + - '3000:3000' + depends_on: + - database + volumes: + - ./backend:/app + - /app/node_modules + + frontend: + build: + context: ./frontend + dockerfile: Dockerfile + environment: + VITE_API_URL: http://localhost:3000/api/v1 + ports: + - '5173:5173' + depends_on: + - backend + volumes: + - ./frontend:/app + - /app/node_modules + +volumes: + postgres_data: +``` + +### 6.2 CI/CD: NO IMPLEMENTADO ❌ + +**Faltante:** +- GitHub Actions workflows +- GitLab CI pipelines +- Automated testing en PR +- Automated deployment +- Environment management (dev, staging, prod) +- Rollback mechanisms + +**Impacto:** +- Deployment manual lento +- Riesgo de errores humanos +- No hay validacion automatica +- Dificil hacer releases + +**Recomendacion para ERP:** + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **IMPLEMENTAR DESDE EL INICIO** + +**Ejemplo GitHub Actions:** +```yaml +# .github/workflows/ci.yml +name: CI/CD Pipeline + +on: + push: + branches: [main, develop] + pull_request: + branches: [main, develop] + +jobs: + # ========== VALIDACIONES ========== + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install dependencies + run: npm ci + + - name: Sync ENUMs + run: npm run sync:enums + + - name: Validate constants + run: npm run validate:constants + + - name: Validate API contract + run: npm run validate:api-contract + + # ========== TESTS ========== + test: + runs-on: ubuntu-latest + needs: validate + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install dependencies + run: npm ci + + - name: Run tests + run: npm run test:cov + + - name: Upload coverage + uses: codecov/codecov-action@v3 + + # ========== BUILD ========== + build: + runs-on: ubuntu-latest + needs: test + steps: + - uses: actions/checkout@v3 + + - name: Build Backend + run: | + cd backend + npm ci + npm run build + + - name: Build Frontend + run: | + cd frontend + npm ci + npm run build + + # ========== DEPLOY (solo en main) ========== + deploy: + runs-on: ubuntu-latest + needs: build + if: github.ref == 'refs/heads/main' + steps: + - uses: actions/checkout@v3 + + - name: Deploy to Production + run: | + # Deployment script + ./deploy.sh production +``` + +### 6.3 Kubernetes: NO IMPLEMENTADO ❌ + +**Faltante:** +- Manifests de Kubernetes (Deployments, Services, Ingress) +- ConfigMaps y Secrets +- Helm charts +- Horizontal Pod Autoscaling +- Resource limits y requests + +**Impacto:** +- No escalabilidad automatica +- Deployment manual +- Dificil alta disponibilidad + +**Recomendacion para ERP:** + +⭐⭐⭐⭐ (ALTA - P1) + +**Decision:** 🔧 **IMPLEMENTAR EN FASE 2** + +**Nota:** Kubernetes es importante pero no critico para MVP. Implementar despues de tener Docker y CI/CD. + +### 6.4 Deployment Scripts: NO IMPLEMENTADOS ❌ + +**Faltante:** +- Scripts de deployment automatico +- Scripts de rollback +- Scripts de backup de base de datos +- Scripts de migracion de datos +- Scripts de health checks + +**Recomendacion para ERP:** + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **IMPLEMENTAR DESDE EL INICIO** + +**Ejemplo de estructura:** +``` +scripts/ +├── deploy/ +│ ├── deploy.sh # Deploy principal +│ ├── deploy-backend.sh # Deploy backend +│ ├── deploy-frontend.sh # Deploy frontend +│ └── rollback.sh # Rollback +├── database/ +│ ├── backup.sh # Backup de DB +│ ├── restore.sh # Restore de DB +│ ├── migrate.sh # Migraciones +│ └── seed.sh # Seed de datos +└── health/ + ├── health-check.sh # Health checks + └── smoke-test.sh # Smoke tests +``` + +--- + +## 7. MATRIX DE DECISION: ADOPTAR / IMPLEMENTAR + +### 7.1 ADOPTAR DE GAMILIT ✅ + +| Script/Tool | Descripcion | Aplicabilidad | Prioridad | +|-------------|-------------|---------------|-----------| +| **sync-enums.ts** | Sincronizar ENUMs Backend → Frontend | ⭐⭐⭐⭐⭐ MAXIMA | P0 | +| **validate-constants-usage.ts** | Detectar hardcoding (33 patrones) | ⭐⭐⭐⭐⭐ MAXIMA | P0 | +| **validate-api-contract.ts** | Validar Backend ↔ Frontend sync | ⭐⭐⭐⭐ ALTA | P1 | +| **Scripts NPM** | Automatizacion de tareas | ⭐⭐⭐⭐⭐ MAXIMA | P0 | +| **ESLint + Prettier** | Linting y formatting | ⭐⭐⭐⭐⭐ MAXIMA | P0 | + +### 7.2 IMPLEMENTAR (NO EXISTE EN GAMILIT) ✅ + +| Componente | Descripcion | Urgencia | Prioridad | +|------------|-------------|----------|-----------| +| **Docker** | Containerizacion completa | CRITICO | P0 | +| **CI/CD** | GitHub Actions / GitLab CI | CRITICO | P0 | +| **Deployment Scripts** | Scripts de deploy, rollback, backup | CRITICO | P0 | +| **Pre-commit Hooks** | Validacion antes de commit | ALTA | P1 | +| **Monitoring** | Logs, metricas, alertas | ALTA | P1 | +| **Kubernetes** | Orquestacion de contenedores | MEDIA | P2 | + +### 7.3 EVITAR ❌ + +| Anti-patron | Razon | Alternativa | +|-------------|-------|-------------| +| **Sin Docker** | Ambientes inconsistentes | Docker + docker-compose | +| **Sin CI/CD** | Deployment manual propenso a errores | GitHub Actions / GitLab CI | +| **Sin tests automatizados** | Bugs en produccion | Jest + Vitest + CI/CD | +| **Deployment manual** | Lento y riesgoso | Scripts automatizados | + +--- + +## 8. PROPUESTA DE DEVOPS COMPLETO PARA ERP + +### 8.1 Estructura Propuesta + +``` +projects/erp-generic/ +├── .github/ +│ └── workflows/ +│ ├── ci.yml # CI/CD principal +│ ├── validate.yml # Validaciones +│ └── deploy.yml # Deployment +│ +├── docker/ +│ ├── backend/ +│ │ ├── Dockerfile +│ │ ├── Dockerfile.dev +│ │ └── .dockerignore +│ ├── frontend/ +│ │ ├── Dockerfile +│ │ ├── Dockerfile.dev +│ │ └── .dockerignore +│ ├── database/ +│ │ └── Dockerfile +│ ├── docker-compose.yml # Desarrollo local +│ ├── docker-compose.prod.yml # Produccion +│ └── .env.example +│ +├── scripts/ +│ ├── devops/ +│ │ ├── sync-enums.ts # De GAMILIT ✅ +│ │ ├── validate-constants-usage.ts # De GAMILIT ✅ +│ │ └── validate-api-contract.ts # De GAMILIT ✅ +│ ├── deploy/ +│ │ ├── deploy.sh +│ │ ├── rollback.sh +│ │ └── smoke-test.sh +│ ├── database/ +│ │ ├── backup.sh +│ │ ├── restore.sh +│ │ └── migrate.sh +│ └── health/ +│ └── health-check.sh +│ +├── k8s/ # Kubernetes (P2) +│ ├── deployments/ +│ ├── services/ +│ ├── ingress/ +│ └── configmaps/ +│ +└── .husky/ # Pre-commit hooks + ├── pre-commit + └── pre-push +``` + +### 8.2 Scripts NPM Propuestos + +```json +{ + "scripts": { + // ========== VALIDACIONES ========== + "sync:enums": "ts-node scripts/devops/sync-enums.ts", + "validate:constants": "ts-node scripts/devops/validate-constants-usage.ts", + "validate:api-contract": "ts-node scripts/devops/validate-api-contract.ts", + "validate:all": "npm run validate:constants && npm run validate:api-contract", + + // ========== TESTING ========== + "test": "jest", + "test:cov": "jest --coverage", + "test:watch": "jest --watch", + "test:e2e": "playwright test", + + // ========== LINTING ========== + "lint": "eslint . --ext .ts,.tsx", + "lint:fix": "eslint . --ext .ts,.tsx --fix", + "format": "prettier --write \"**/*.{ts,tsx,json,md}\"", + "format:check": "prettier --check \"**/*.{ts,tsx,json,md}\"", + + // ========== BUILD ========== + "build": "npm run build:backend && npm run build:frontend", + "build:backend": "cd backend && npm run build", + "build:frontend": "cd frontend && npm run build", + + // ========== DOCKER ========== + "docker:up": "docker-compose up -d", + "docker:down": "docker-compose down", + "docker:logs": "docker-compose logs -f", + "docker:build": "docker-compose build", + + // ========== DATABASE ========== + "db:migrate": "bash scripts/database/migrate.sh", + "db:seed": "bash scripts/database/seed.sh", + "db:backup": "bash scripts/database/backup.sh", + "db:restore": "bash scripts/database/restore.sh", + + // ========== DEPLOYMENT ========== + "deploy:dev": "bash scripts/deploy/deploy.sh dev", + "deploy:staging": "bash scripts/deploy/deploy.sh staging", + "deploy:prod": "bash scripts/deploy/deploy.sh prod", + "rollback": "bash scripts/deploy/rollback.sh", + + // ========== HEALTH ========== + "health:check": "bash scripts/health/health-check.sh", + "smoke:test": "bash scripts/health/smoke-test.sh", + + // ========== HOOKS ========== + "prepare": "husky install", + "postinstall": "npm run sync:enums" + } +} +``` + +### 8.3 Pre-commit Hooks (Husky) + +**.husky/pre-commit:** +```bash +#!/bin/sh +. "$(dirname "$0")/_/husky.sh" + +# Validaciones antes de commit +npm run lint +npm run format:check +npm run validate:constants +npm run test +``` + +**.husky/pre-push:** +```bash +#!/bin/sh +. "$(dirname "$0")/_/husky.sh" + +# Validaciones antes de push +npm run validate:all +npm run test:cov +npm run build +``` + +--- + +## 9. CONCLUSION Y RECOMENDACIONES + +### 9.1 Hallazgos Clave + +1. **Scripts de validacion son EXCELENTES:** ⭐⭐⭐⭐⭐ + - `sync-enums.ts` (70 lineas) + - `validate-constants-usage.ts` (642 lineas, 33 patrones) + - `validate-api-contract.ts` (~150 lineas) + +2. **DevOps completo es GAP CRITICO:** ❌❌❌ + - NO hay Docker + - NO hay CI/CD + - NO hay Kubernetes + - NO hay scripts de deployment + +3. **Impacto en produccion:** + - Ambientes inconsistentes + - Deployment manual propenso a errores + - Dificil escalar + - NO copiar este anti-patron + +### 9.2 Recomendaciones Finales + +#### ADOPTAR DE GAMILIT ✅ (Prioridad P0) + +1. Script `sync-enums.ts` +2. Script `validate-constants-usage.ts` (adaptar patrones a ERP) +3. Script `validate-api-contract.ts` +4. NPM scripts de validacion +5. ESLint + Prettier config + +#### IMPLEMENTAR (NO EXISTE EN GAMILIT) ✅ + +**Prioridad P0 (CRITICO - Implementar ANTES del MVP):** +1. Docker + docker-compose +2. CI/CD (GitHub Actions o GitLab CI) +3. Scripts de deployment (deploy, rollback, backup) +4. Pre-commit hooks (Husky) +5. Health checks + +**Prioridad P1 (ALTA - Implementar en Fase 1):** +6. Monitoring y logging (Prometheus + Grafana o similar) +7. E2E tests automatizados (Playwright o Cypress) +8. Smoke tests post-deployment + +**Prioridad P2 (MEDIA - Implementar en Fase 2):** +9. Kubernetes manifests +10. Helm charts +11. Horizontal Pod Autoscaling + +#### EVITAR ❌ + +1. Deployment manual +2. Ambientes sin Docker +3. Sin CI/CD +4. Sin validacion automatica + +--- + +**Documento creado:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Criticidad:** ⭐⭐⭐⭐⭐ MAXIMA (DevOps es critico para produccion) +**Proximo documento:** `ADOPTAR-ADAPTAR-EVITAR.md` diff --git a/docs/01-analisis-referencias/gamilit/frontend-patterns.md b/docs/01-analisis-referencias/gamilit/frontend-patterns.md new file mode 100644 index 0000000..800c6d1 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/frontend-patterns.md @@ -0,0 +1,759 @@ +# Patrones de Frontend - GAMILIT + +**Documento:** Analisis de Patrones de Frontend React + TypeScript +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent + +--- + +## 1. VISION GENERAL + +GAMILIT implementa un **frontend moderno con React 18+, Vite 5+ y TypeScript 5+** siguiendo la arquitectura Feature-Sliced Design (FSD) con 180+ componentes reutilizables. + +**Stack tecnologico:** +- **Framework:** React 18+ con hooks +- **Build Tool:** Vite 5+ (HMR rapido) +- **Lenguaje:** TypeScript 5+ (strict mode) +- **Styling:** Tailwind CSS 3+ (utility-first) +- **Router:** React Router v6 +- **State:** Zustand (8 stores especializados) +- **Forms:** React Hook Form + Zod validation +- **HTTP:** Axios con interceptors +- **Animations:** Framer Motion +- **Testing:** Vitest + React Testing Library (13% coverage - GAP) +- **Docs:** Storybook 7+ + +**Metricas:** +- **LOC:** ~85,000 lineas (65% del proyecto) +- **Componentes:** 180+ componentes reutilizables +- **Paginas:** ~50 vistas +- **Hooks personalizados:** ~30 +- **Zustand Stores:** 8 stores +- **Tests:** 15 tests (13% coverage - GAP CRITICO) + +--- + +## 2. FEATURE-SLICED DESIGN (FSD) + +### 2.1 Arquitectura de Capas + +``` +frontend/src/ +├── shared/ # Capa compartida (180+ componentes) +│ ├── components/ # UI components genericos +│ ├── hooks/ # Custom React hooks +│ ├── utils/ # Utilidades generales +│ ├── types/ # Tipos TypeScript compartidos +│ └── constants/ # Constantes (sincronizadas con backend) +│ +├── features/ # Features de negocio por dominio/rol +│ ├── student/ # Portal estudiante +│ ├── teacher/ # Portal profesor +│ └── admin/ # Portal administrador +│ +├── pages/ # Paginas/Vistas (composicion de features) +│ ├── student/ +│ ├── teacher/ +│ └── admin/ +│ +├── services/ # Servicios externos +│ ├── api/ # API clients (Axios) +│ └── websocket/ # Socket.IO client +│ +└── app/ # Capa de aplicacion + ├── providers/ # Context providers + ├── layouts/ # Layouts principales + └── router/ # Configuracion de rutas +``` + +### 2.2 Principios de FSD Aplicados + +1. **Layered Architecture:** + - `shared` - Codigo reutilizable sin dependencias de negocio + - `features` - Logica de negocio por dominio + - `pages` - Composicion de features + - `app` - Configuracion global + +2. **Public API:** Cada feature expone API publica via `index.ts` + +3. **Low Coupling:** Features no dependen entre si + +4. **High Cohesion:** Todo relacionado a una feature esta junto + +### 2.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐ (ALTA) + +**Decision:** ✅ **ADOPTAR Y ADAPTAR** + +**Propuesta para ERP:** +``` +frontend/src/ +├── shared/ # Componentes reutilizables +├── features/ +│ ├── administrator/ # Portal administrador +│ ├── accountant/ # Portal contador +│ ├── supervisor/ # Portal supervisor de obra +│ ├── purchaser/ # Portal comprador +│ └── hr/ # Portal RRHH +├── pages/ +├── services/ +└── app/ +``` + +--- + +## 3. SHARED COMPONENTS (180+) + +### 3.1 Categorias de Componentes + +**1. Atomos (Elementos basicos):** +``` +shared/components/atoms/ +├── Button/ +│ ├── Button.tsx +│ ├── Button.stories.tsx +│ ├── Button.test.tsx +│ └── index.ts +├── Input/ +├── Label/ +├── Badge/ +├── Avatar/ +└── Icon/ +``` + +**2. Moleculas (Combinaciones de atomos):** +``` +shared/components/molecules/ +├── FormField/ # Label + Input + Error +├── SearchBar/ # Input + Icon + Button +├── UserCard/ # Avatar + Name + Badge +└── Notification/ # Icon + Title + Message +``` + +**3. Organismos (Componentes complejos):** +``` +shared/components/organisms/ +├── Navbar/ +├── Sidebar/ +├── DataTable/ +├── Modal/ +├── Dropdown/ +└── Pagination/ +``` + +**4. Templates (Layouts):** +``` +shared/components/templates/ +├── DashboardLayout/ +├── AuthLayout/ +├── SettingsLayout/ +└── EmptyState/ +``` + +### 3.2 Patron de Componente + +**Ejemplo:** `shared/components/atoms/Button/Button.tsx` + +```typescript +import { ButtonHTMLAttributes, ReactNode } from 'react'; +import { cva, type VariantProps } from 'class-variance-authority'; + +// Variants con Tailwind CSS +const buttonVariants = cva( + 'inline-flex items-center justify-center rounded-md font-medium transition-colors', + { + variants: { + variant: { + primary: 'bg-blue-600 text-white hover:bg-blue-700', + secondary: 'bg-gray-200 text-gray-900 hover:bg-gray-300', + outline: 'border border-gray-300 hover:bg-gray-100', + ghost: 'hover:bg-gray-100', + danger: 'bg-red-600 text-white hover:bg-red-700', + }, + size: { + sm: 'h-8 px-3 text-sm', + md: 'h-10 px-4', + lg: 'h-12 px-6 text-lg', + }, + fullWidth: { + true: 'w-full', + }, + }, + defaultVariants: { + variant: 'primary', + size: 'md', + }, + } +); + +export interface ButtonProps + extends ButtonHTMLAttributes, + VariantProps { + children: ReactNode; + isLoading?: boolean; +} + +export function Button({ + children, + variant, + size, + fullWidth, + isLoading, + disabled, + className, + ...props +}: ButtonProps) { + return ( + + ); +} +``` + +### 3.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Componentes criticos para ERP:** +- Button, Input, Select, Checkbox (atomos) +- FormField, SearchBar, DateRangePicker (moleculas) +- DataTable, Modal, Sidebar, Navbar (organismos) +- DashboardLayout, ReportLayout (templates) + +--- + +## 4. PATH ALIASES FRONTEND + +### 4.1 Configuracion + +**tsconfig.json:** +```json +{ + "compilerOptions": { + "baseUrl": "./src", + "paths": { + "@/*": ["./*"], + "@shared/*": ["shared/*"], + "@components/*": ["shared/components/*"], + "@hooks/*": ["shared/hooks/*"], + "@utils/*": ["shared/utils/*"], + "@types/*": ["shared/types/*"], + "@services/*": ["services/*"], + "@app/*": ["app/*"], + "@features/*": ["features/*"], + "@pages/*": ["pages/*"] + } + } +} +``` + +**vite.config.ts:** +```typescript +import { defineConfig } from 'vite'; +import react from '@vitejs/plugin-react'; +import path from 'path'; + +export default defineConfig({ + plugins: [react()], + resolve: { + alias: { + '@': path.resolve(__dirname, './src'), + '@shared': path.resolve(__dirname, './src/shared'), + '@components': path.resolve(__dirname, './src/shared/components'), + '@hooks': path.resolve(__dirname, './src/shared/hooks'), + '@utils': path.resolve(__dirname, './src/shared/utils'), + '@types': path.resolve(__dirname, './src/shared/types'), + '@services': path.resolve(__dirname, './src/services'), + '@app': path.resolve(__dirname, './src/app'), + '@features': path.resolve(__dirname, './src/features'), + '@pages': path.resolve(__dirname, './src/pages'), + }, + }, +}); +``` + +### 4.2 Uso + +```typescript +// ❌ Sin aliases +import { Button } from '../../../shared/components/atoms/Button'; +import { useAuth } from '../../../shared/hooks/useAuth'; + +// ✅ Con aliases +import { Button } from '@components/atoms/Button'; +import { useAuth } from '@hooks/useAuth'; +``` + +### 4.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +## 5. STATE MANAGEMENT CON ZUSTAND + +### 5.1 Los 8 Stores de GAMILIT + +``` +stores/ +├── useAuthStore.ts # Autenticacion (user, token, logout) +├── useGamificationStore.ts # Gamificacion (XP, coins, logros) +├── useProgressStore.ts # Progreso de aprendizaje +├── useExerciseStore.ts # Estado de ejercicios actuales +├── useNotificationStore.ts # Notificaciones en tiempo real +├── useSocialStore.ts # Features sociales +├── useTenantStore.ts # Multi-tenancy +└── useUIStore.ts # Estado UI (modals, sidebar, theme) +``` + +### 5.2 Patron de Store (ejemplo: useAuthStore) + +```typescript +import { create } from 'zustand'; +import { persist } from 'zustand/middleware'; + +interface AuthState { + // Estado + user: User | null; + token: string | null; + isAuthenticated: boolean; + + // Acciones + login: (email: string, password: string) => Promise; + logout: () => void; + refreshToken: () => Promise; + updateProfile: (data: Partial) => Promise; +} + +export const useAuthStore = create()( + persist( + (set, get) => ({ + // Estado inicial + user: null, + token: null, + isAuthenticated: false, + + // Acciones + login: async (email, password) => { + const response = await authApi.login({ email, password }); + set({ + user: response.user, + token: response.token, + isAuthenticated: true, + }); + }, + + logout: () => { + set({ + user: null, + token: null, + isAuthenticated: false, + }); + }, + + refreshToken: async () => { + const { token } = get(); + const response = await authApi.refresh(token); + set({ token: response.token }); + }, + + updateProfile: async (data) => { + const { user } = get(); + const updated = await userApi.update(user!.id, data); + set({ user: updated }); + }, + }), + { + name: 'auth-storage', // Key en localStorage + partialize: (state) => ({ + token: state.token, + user: state.user, + }), + } + ) +); +``` + +### 5.3 Uso en Componentes + +```typescript +function UserProfile() { + const { user, logout, updateProfile } = useAuthStore(); + + if (!user) return ; + + return ( +
+

Welcome, {user.name}!

+ +
+ ); +} +``` + +### 5.4 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Stores propuestos para ERP:** +``` +stores/ +├── useAuthStore.ts # Autenticacion +├── useCompanyStore.ts # Empresa actual (multi-tenant) +├── useProjectStore.ts # Proyecto actual +├── useBudgetStore.ts # Presupuesto actual +├── useNotificationStore.ts # Notificaciones +├── useUIStore.ts # Estado UI +└── usePermissionsStore.ts # Permisos del usuario +``` + +--- + +## 6. CUSTOM HOOKS (~30) + +### 6.1 Categorias de Hooks + +**1. Hooks de Estado:** +```typescript +// hooks/useLocalStorage.ts +export function useLocalStorage(key: string, initialValue: T) { + const [storedValue, setStoredValue] = useState(() => { + try { + const item = window.localStorage.getItem(key); + return item ? JSON.parse(item) : initialValue; + } catch { + return initialValue; + } + }); + + const setValue = (value: T | ((val: T) => T)) => { + const valueToStore = value instanceof Function ? value(storedValue) : value; + setStoredValue(valueToStore); + window.localStorage.setItem(key, JSON.stringify(valueToStore)); + }; + + return [storedValue, setValue] as const; +} +``` + +**2. Hooks de Fetch:** +```typescript +// hooks/useQuery.ts +export function useQuery( + queryFn: () => Promise, + deps: any[] = [] +) { + const [data, setData] = useState(null); + const [loading, setLoading] = useState(true); + const [error, setError] = useState(null); + + useEffect(() => { + setLoading(true); + queryFn() + .then(setData) + .catch(setError) + .finally(() => setLoading(false)); + }, deps); + + return { data, loading, error, refetch: () => queryFn().then(setData) }; +} +``` + +**3. Hooks de Utilidad:** +```typescript +// hooks/useDebounce.ts +export function useDebounce(value: T, delay: number): T { + const [debouncedValue, setDebouncedValue] = useState(value); + + useEffect(() => { + const handler = setTimeout(() => setDebouncedValue(value), delay); + return () => clearTimeout(handler); + }, [value, delay]); + + return debouncedValue; +} +``` + +### 6.2 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +**Hooks criticos para ERP:** +- `useQuery` - Fetching de datos +- `useMutation` - Operaciones CRUD +- `useDebounce` - Busquedas optimizadas +- `useLocalStorage` - Persistencia local +- `usePermissions` - Verificacion de permisos + +--- + +## 7. FORMS CON REACT HOOK FORM + ZOD + +### 7.1 Patron de Form + +```typescript +import { useForm } from 'react-hook-form'; +import { zodResolver } from '@hookform/resolvers/zod'; +import { z } from 'zod'; + +// Schema de validacion con Zod +const loginSchema = z.object({ + email: z.string().email('Email invalido'), + password: z.string().min(8, 'Minimo 8 caracteres'), +}); + +type LoginFormData = z.infer; + +export function LoginForm() { + const { + register, + handleSubmit, + formState: { errors, isSubmitting }, + } = useForm({ + resolver: zodResolver(loginSchema), + }); + + const onSubmit = async (data: LoginFormData) => { + await authApi.login(data); + }; + + return ( +
+ + + + + + + ); +} +``` + +### 7.2 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +## 8. API CLIENTS CON AXIOS + +### 8.1 Configuracion de Axios Instance + +```typescript +// services/api/axios-instance.ts +import axios from 'axios'; +import { useAuthStore } from '@stores/useAuthStore'; + +const api = axios.create({ + baseURL: import.meta.env.VITE_API_URL, + timeout: 10000, +}); + +// Interceptor de request (agregar token) +api.interceptors.request.use((config) => { + const { token } = useAuthStore.getState(); + if (token) { + config.headers.Authorization = `Bearer ${token}`; + } + return config; +}); + +// Interceptor de response (refresh token) +api.interceptors.response.use( + (response) => response, + async (error) => { + if (error.response?.status === 401) { + const { refreshToken, logout } = useAuthStore.getState(); + try { + await refreshToken(); + return api.request(error.config); + } catch { + logout(); + } + } + return Promise.reject(error); + } +); + +export default api; +``` + +### 8.2 API Clients por Modulo + +```typescript +// services/api/auth.api.ts +import api from './axios-instance'; +import { API_ENDPOINTS } from '@shared/constants'; + +export const authApi = { + login: (data: LoginDto) => + api.post(API_ENDPOINTS.AUTH.LOGIN, data).then((r) => r.data), + + register: (data: RegisterDto) => + api.post(API_ENDPOINTS.AUTH.REGISTER, data).then((r) => r.data), + + logout: () => + api.post(API_ENDPOINTS.AUTH.LOGOUT).then((r) => r.data), + + refresh: (token: string) => + api.post(API_ENDPOINTS.AUTH.REFRESH, { token }).then((r) => r.data), +}; +``` + +### 8.3 Aplicabilidad a ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +--- + +## 9. TESTING PATTERNS (GAP CRITICO) + +### 9.1 Metricas de Testing + +| Metrica | Actual | Objetivo | Gap | +|---------|--------|----------|-----| +| **Tests Frontend** | 15 | 60 | **-45 (75%)** | +| **Coverage** | 13% | 70% | **-57pp** | + +**Critica:** Coverage extremadamente bajo. NO copiar este anti-patron. + +### 9.2 Ejemplo de Test + +```typescript +// components/Button/Button.test.tsx +import { render, screen, fireEvent } from '@testing-library/react'; +import { Button } from './Button'; + +describe('Button', () => { + it('renders with children', () => { + render(); + expect(screen.getByText('Click me')).toBeInTheDocument(); + }); + + it('calls onClick when clicked', () => { + const onClick = vi.fn(); + render(); + fireEvent.click(screen.getByText('Click')); + expect(onClick).toHaveBeenCalledTimes(1); + }); + + it('shows loading state', () => { + render(); + expect(screen.getByRole('button')).toBeDisabled(); + }); +}); +``` + +### 9.3 Recomendacion para ERP Generico + +⭐⭐⭐⭐⭐ (MAXIMA - CRITICO) + +**Decision:** ✅ **IMPLEMENTAR TESTING DESDE EL INICIO** + +**Objetivos:** +- **Coverage:** 70%+ desde el inicio +- **Tests por componente:** Unit tests +- **Integration tests:** Features completas +- **E2E tests:** Flujos criticos (Playwright/Cypress) + +--- + +## 10. MATRIZ DE DECISION + +### 10.1 ADOPTAR COMPLETAMENTE ✅ + +| Patron | Prioridad | +|--------|-----------| +| Feature-Sliced Design (FSD) | P0 | +| Shared Components (180+) | P0 | +| Path Aliases | P0 | +| Zustand State Management | P0 | +| Custom Hooks | P0 | +| React Hook Form + Zod | P0 | +| Axios Interceptors | P0 | +| Tailwind CSS | P1 | +| Storybook | P1 | + +### 10.2 MEJORAR 🔧 + +| Patron | Estado Actual | Mejora | Prioridad | +|--------|---------------|--------|-----------| +| Testing | 13% coverage | 70%+ coverage | P0 CRITICO | +| Type Safety | Parcial | Completa | P1 | +| E2E Tests | Inexistentes | Playwright/Cypress | P1 | + +### 10.3 EVITAR ❌ + +| Patron | Razon | +|--------|-------| +| Coverage bajo (13%) | Inaceptable para produccion | +| Sin E2E tests | Flujos criticos sin validar | + +--- + +## 11. PROPUESTA PARA ERP GENERICO + +``` +frontend/src/ +├── shared/ +│ ├── components/ # 100+ componentes reutilizables +│ ├── hooks/ # Custom hooks +│ └── constants/ # Constantes (sync con backend) +│ +├── features/ +│ ├── administrator/ # Portal admin +│ ├── accountant/ # Portal contador +│ ├── supervisor/ # Portal supervisor +│ ├── purchaser/ # Portal compras +│ └── hr/ # Portal RRHH +│ +├── pages/ +├── services/ +│ └── api/ +│ ├── budgets.api.ts +│ ├── purchasing.api.ts +│ └── projects.api.ts +│ +└── app/ + ├── providers/ + ├── layouts/ + └── router/ +``` + +--- + +**Documento creado:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Proximo documento:** `ssot-system.md` diff --git a/docs/01-analisis-referencias/gamilit/ssot-system.md b/docs/01-analisis-referencias/gamilit/ssot-system.md new file mode 100644 index 0000000..402e929 --- /dev/null +++ b/docs/01-analisis-referencias/gamilit/ssot-system.md @@ -0,0 +1,868 @@ +# Sistema de Constantes SSOT (Single Source of Truth) - GAMILIT + +**Documento:** Analisis del Sistema SSOT +**Proyecto de Referencia:** GAMILIT +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst Agent +**Criticidad:** ⭐⭐⭐⭐⭐ MAXIMA - Sistema arquitectonico fundamental + +--- + +## 1. QUE ES SSOT (SINGLE SOURCE OF TRUTH) + +### 1.1 Definicion + +El **Sistema SSOT** en GAMILIT es una arquitectura donde el **Backend es la unica fuente de verdad** para constantes, ENUMs, nombres de schemas/tablas y rutas API. Todo valor compartido entre Backend/Frontend/Database se define UNA sola vez en el Backend y se sincroniza automaticamente. + +### 1.2 Problema que Resuelve + +**SIN SSOT (anti-patron):** +```typescript +// ❌ Backend (auth.service.ts) +const USER_TABLE = 'auth_management.users'; + +// ❌ Frontend (user.api.ts) +const USER_TABLE = 'auth_management.users'; // DUPLICADO! + +// ❌ Database (DDL) +CREATE TABLE auth_management.users (...); // Otra vez! + +// ❌ API Routes Backend +app.post('/auth/login', ...); + +// ❌ API Routes Frontend +const LOGIN_URL = '/auth/login'; // DUPLICADO! +``` + +**Problemas:** +- Duplicacion de codigo (3-4 veces el mismo valor) +- Inconsistencias (typos, desincronizacion) +- Dificil refactoring (cambiar en 3+ lugares) +- Propenso a errores +- Impossible de validar automaticamente + +**CON SSOT (patron correcto):** +```typescript +// ✅ Backend: Unica fuente de verdad +export const DB_SCHEMAS = { + AUTH: 'auth_management', +}; + +export const DB_TABLES = { + AUTH: { + USERS: 'users', + }, +}; + +export const API_ROUTES = { + AUTH: { + LOGIN: '/auth/login', + }, +}; + +// ✅ Frontend: Importa desde backend (sincronizado) +import { DB_TABLES, API_ROUTES } from '@shared/constants'; + +// ✅ Database: Importa desde backend +import { DB_SCHEMAS } from '@/shared/constants'; +``` + +**Beneficios:** +- Definicion unica (1 vez) +- Sincronizacion automatica 100% +- Refactoring facil (1 cambio) +- Validacion automatica +- Type safety completo + +--- + +## 2. COMPONENTES DEL SISTEMA SSOT EN GAMILIT + +### 2.1 Estructura del Sistema + +``` +gamilit/ +├── backend/ +│ └── src/ +│ └── shared/ +│ └── constants/ # ⭐ SSOT - Fuente de verdad +│ ├── enums.constants.ts # 687 lineas de ENUMs +│ ├── database.constants.ts # 298 lineas schemas/tablas +│ ├── routes.constants.ts # 368 lineas rutas API +│ ├── regex.ts # Expresiones regulares +│ └── index.ts # Barrel export +│ +├── frontend/ +│ └── src/ +│ └── shared/ +│ └── constants/ # 🔄 SINCRONIZADO desde backend +│ ├── enums.constants.ts # Copia sincronizada +│ ├── api-endpoints.ts # Importa routes del backend +│ └── index.ts +│ +└── devops/ + └── scripts/ + ├── sync-enums.ts # ⚙️ Script de sincronizacion + ├── validate-constants-usage.ts # ⚙️ Deteccion de hardcoding + └── validate-api-contract.ts # ⚙️ Validacion Backend ↔ Frontend +``` + +### 2.2 Los 3 Pilares del Sistema + +1. **Backend SSOT:** Definicion unica en `backend/src/shared/constants/` +2. **Script de Sincronizacion:** `sync-enums.ts` (automatico en postinstall) +3. **Validacion:** `validate-constants-usage.ts` (33 patrones, CI/CD) + +--- + +## 3. BACKEND SSOT - FUENTE DE VERDAD + +### 3.1 enums.constants.ts (687 lineas) + +**Estructura:** +```typescript +/** + * ENUMs Constants - Shared (Backend) + * + * IMPORTANTE: + * - Sincronizado automaticamente a Frontend por sync-enums.ts + * - Representa ENUMs de PostgreSQL DDL + * + * @see /docs/03-desarrollo/CONSTANTS-ARCHITECTURE.md + */ + +// ========== AUTH MANAGEMENT ENUMS ========== + +export enum AuthProviderEnum { + LOCAL = 'local', + GOOGLE = 'google', + FACEBOOK = 'facebook', + APPLE = 'apple', + MICROSOFT = 'microsoft', + GITHUB = 'github', +} + +export enum UserStatusEnum { + ACTIVE = 'active', + INACTIVE = 'inactive', + SUSPENDED = 'suspended', + BANNED = 'banned', + PENDING = 'pending', +} + +export enum ThemeEnum { + LIGHT = 'light', + DARK = 'dark', + AUTO = 'auto', +} + +export enum LanguageEnum { + ES = 'es', + EN = 'en', +} + +// ========== GAMIFICATION ENUMS ========== + +export enum DifficultyLevelEnum { + BEGINNER = 'beginner', // A1 + ELEMENTARY = 'elementary', // A2 + PRE_INTERMEDIATE = 'pre_intermediate', // B1 + INTERMEDIATE = 'intermediate', // B2 + UPPER_INTERMEDIATE = 'upper_intermediate', // C1 + ADVANCED = 'advanced', // C2 + PROFICIENT = 'proficient', // C2+ + NATIVE = 'native', // Nativo +} + +export enum TransactionTypeEnum { + // EARNED (Ingresos - 7 tipos) + EARNED_EXERCISE = 'earned_exercise', + EARNED_MODULE = 'earned_module', + EARNED_ACHIEVEMENT = 'earned_achievement', + // ... (14 tipos totales) +} + +// ... (30+ ENUMs mas) + +// ========== HELPERS ========== + +export const isValidEnumValue = >( + enumObj: T, + value: string, +): value is T[keyof T] => { + return Object.values(enumObj).includes(value); +}; + +export const getEnumValues = >( + enumObj: T +): string[] => { + return Object.values(enumObj); +}; +``` + +**Contenido:** +- **30+ ENUMs** diferentes +- **Categorias:** Auth, Gamification, Educational, Progress, Social, Content, System +- **Helpers:** Funciones de validacion +- **Documentacion:** JSDoc completo con referencias a DDL +- **Versionado:** Tracking de cambios en comentarios + +### 3.2 database.constants.ts (298 lineas) + +**Estructura:** +```typescript +/** + * Database Constants - Single Source of Truth + * + * IMPORTANTE: + * - NO hardcodear nombres de schemas/tablas en codigo + * - SIEMPRE importar desde aqui + * - Mantener sincronizado con DDL en /apps/database/ + */ + +// ========== SCHEMAS ========== + +export const DB_SCHEMAS = { + AUTH: 'auth_management', + GAMIFICATION: 'gamification_system', + EDUCATIONAL: 'educational_content', + PROGRESS: 'progress_tracking', + SOCIAL: 'social_features', + CONTENT: 'content_management', + AUDIT: 'audit_logging', + NOTIFICATIONS: 'notifications', + GAMILIT: 'gamilit', + PUBLIC: 'public', + ADMIN_DASHBOARD: 'admin_dashboard', + SYSTEM_CONFIGURATION: 'system_configuration', + LTI_INTEGRATION: 'lti_integration', + STORAGE: 'storage', + AUTH_SUPABASE: 'auth', +} as const; + +// ========== TABLES POR SCHEMA ========== + +export const DB_TABLES = { + AUTH: { + TENANTS: 'tenants', + USERS: 'users', + PROFILES: 'profiles', + USER_ROLES: 'user_roles', + ROLES: 'roles', + MEMBERSHIPS: 'memberships', + AUTH_PROVIDERS: 'auth_providers', + // ... (15 tablas totales) + }, + + GAMIFICATION: { + USER_STATS: 'user_stats', + USER_RANKS: 'user_ranks', + ACHIEVEMENTS: 'achievements', + ML_COINS_TRANSACTIONS: 'ml_coins_transactions', + // ... (15 tablas totales) + }, + + // ... (9 schemas × ~5-15 tablas = ~77 tablas totales) +}; + +// ========== HELPERS ========== + +export const getFullTableName = (schema: string, table: string): string => { + return `${schema}.${table}`; +}; + +export const validateTableInSchema = (schema: DbSchema, table: string): boolean => { + // Validacion de que la tabla existe en el schema + // ... +}; + +// ========== TYPE HELPERS ========== + +export type DbSchema = (typeof DB_SCHEMAS)[keyof typeof DB_SCHEMAS]; +export type AuthTable = (typeof DB_TABLES.AUTH)[keyof typeof DB_TABLES.AUTH]; +// ... (Type safety completo) +``` + +**Contenido:** +- **15 schemas** definidos +- **~77 tablas** mapeadas +- **Helpers:** Construccion de nombres completos +- **Type Safety:** Tipos derivados para TypeScript +- **Validacion:** Funciones de validacion + +### 3.3 routes.constants.ts (368 lineas) + +**Estructura:** +```typescript +/** + * API Routes Constants - Backend + * + * IMPORTANTE: + * - Debe coincidir EXACTAMENTE con Frontend api-endpoints.ts + * - Validado automaticamente por validate-api-contract.ts en CI/CD + */ + +export const API_VERSION = 'v1'; +export const API_BASE = `/api/${API_VERSION}`; + +export const API_ROUTES = { + // ========== AUTH MODULE ========== + AUTH: { + BASE: '/auth', + LOGIN: '/auth/login', + REGISTER: '/auth/register', + LOGOUT: '/auth/logout', + REFRESH: '/auth/refresh', + VERIFY_EMAIL: '/auth/verify-email', + RESET_PASSWORD: '/auth/reset-password', + CHANGE_PASSWORD: '/auth/change-password', + PROFILE: '/auth/profile', + }, + + // ========== USERS MODULE ========== + USERS: { + BASE: '/users', + BY_ID: (id: string) => `/users/${id}`, + PROFILE: (id: string) => `/users/${id}/profile`, + PREFERENCES: (id: string) => `/users/${id}/preferences`, + ROLES: (id: string) => `/users/${id}/roles`, + STATS: (id: string) => `/users/${id}/stats`, + }, + + // ========== GAMIFICATION MODULE ========== + GAMIFICATION: { + BASE: '/gamification', + ACHIEVEMENTS: '/gamification/achievements', + ACHIEVEMENT_BY_ID: (id: string) => `/gamification/achievements/${id}`, + USER_ACHIEVEMENTS: (userId: string) => `/gamification/users/${userId}/achievements`, + // ... (80+ endpoints) + }, + + // ... (11 modulos × ~40 endpoints = 470+ endpoints totales) + + // ========== HEALTH & MONITORING ========== + HEALTH: { + BASE: '/health', + LIVENESS: '/health/liveness', + READINESS: '/health/readiness', + METRICS: '/health/metrics', + }, +} as const; + +// ========== HELPERS ========== + +export const buildApiUrl = (route: string): string => { + return `${API_BASE}${route}`; +}; + +export const extractBasePath = (route: string): string => { + return route.replace(/^\//, ''); +}; +``` + +**Contenido:** +- **470+ endpoints** definidos +- **11 modulos:** Auth, Users, Gamification, Educational, Progress, Social, Content, Admin, Teacher, Analytics, Notifications +- **Funciones parametrizadas:** Para rutas dinamicas +- **Helpers:** Construccion de URLs +- **Type Safety:** Constantes typed + +--- + +## 4. SINCRONIZACION AUTOMATICA + +### 4.1 Script sync-enums.ts (70 lineas) + +**Proposito:** Copiar automaticamente `enums.constants.ts` de Backend a Frontend + +**Codigo completo:** +```typescript +/** + * Sync ENUMs: Backend → Frontend + * + * @description Copia enums.constants.ts de Backend a Frontend automaticamente. + * @usage npm run sync:enums + * + * IMPORTANTE: + * - Ejecutar SIEMPRE antes de commit + * - Integrado en postinstall (automatico) + * - Backend es la fuente de verdad + */ + +import * as fs from 'fs'; +import * as path from 'path'; + +const BACKEND_ENUMS = path.resolve( + __dirname, + '../../backend/src/shared/constants/enums.constants.ts' +); + +const FRONTEND_ENUMS = path.resolve( + __dirname, + '../../frontend/src/shared/constants/enums.constants.ts' +); + +async function syncEnums() { + console.log('🔄 Sincronizando ENUMs: Backend → Frontend...\n'); + + try { + // 1. Verificar que archivo Backend existe + if (!fs.existsSync(BACKEND_ENUMS)) { + console.error('❌ Error: No existe Backend enums.constants.ts'); + console.error(` Ruta esperada: ${BACKEND_ENUMS}`); + process.exit(1); + } + + // 2. Leer contenido Backend + const content = fs.readFileSync(BACKEND_ENUMS, 'utf-8'); + + // 3. Modificar header JSDoc (Backend → Frontend) + const modifiedContent = content + .replace( + /ENUMs Constants - Shared \(Backend\)/g, + 'ENUMs Constants - Shared (Frontend)' + ) + .replace( + /@see \/apps\/backend\/src\/shared\/constants\/enums\.constants\.ts/g, + '@see /apps/backend/src/shared/constants/enums.constants.ts' + ); + + // 4. Crear directorio Frontend si no existe + const frontendDir = path.dirname(FRONTEND_ENUMS); + if (!fs.existsSync(frontendDir)) { + fs.mkdirSync(frontendDir, { recursive: true }); + console.log(`📁 Creado directorio: ${frontendDir}`); + } + + // 5. Escribir archivo Frontend + fs.writeFileSync(FRONTEND_ENUMS, modifiedContent, 'utf-8'); + + // 6. Verificar sincronizacion + const backendSize = fs.statSync(BACKEND_ENUMS).size; + const frontendSize = fs.statSync(FRONTEND_ENUMS).size; + + console.log('✅ ENUMs sincronizados exitosamente!'); + console.log(` Backend: ${BACKEND_ENUMS} (${backendSize} bytes)`); + console.log(` Frontend: ${FRONTEND_ENUMS} (${frontendSize} bytes)`); + console.log(` Diferencia: ${Math.abs(backendSize - frontendSize)} bytes\n`); + + } catch (error) { + console.error('❌ Error al sincronizar ENUMs:', error); + process.exit(1); + } +} + +syncEnums(); +``` + +**Caracteristicas:** +- ✅ Copia automatica Backend → Frontend +- ✅ Validacion de existencia de archivos +- ✅ Modificacion de headers JSDoc +- ✅ Creacion de directorios si no existen +- ✅ Verificacion de sincronizacion +- ✅ Error handling robusto + +### 4.2 Integracion en package.json + +**root/package.json:** +```json +{ + "scripts": { + "sync:enums": "ts-node devops/scripts/sync-enums.ts", + "postinstall": "npm run sync:enums", + "validate:constants": "ts-node devops/scripts/validate-constants-usage.ts", + "validate:all": "npm run validate:constants && npm run sync:enums" + } +} +``` + +**Automatizacion:** +- `npm install` → Ejecuta `postinstall` → Sincroniza ENUMs automaticamente +- `npm run sync:enums` → Sincronizacion manual +- `npm run validate:all` → Validacion + Sincronizacion + +--- + +## 5. VALIDACION DE HARDCODING + +### 5.1 Script validate-constants-usage.ts (642 lineas) + +**Proposito:** Detectar hardcoding de valores que deberian usar constantes SSOT + +**33 Patrones de Deteccion:** + +**P0 (CRITICO - Bloquean CI/CD):** +1. Hardcoded schema names (auth_management, gamification_system, etc.) +2. Hardcoded table names (users, tenants, roles, etc.) +3. Hardcoded API URLs (fetch, axios con URLs absolutas) +4. Hardcoded schema.table references + +**P1 (IMPORTANTE - Revisar):** +5. Hardcoded route decorator paths (@Get, @Post, etc.) +6. Hardcoded auth providers (local, google, github) +7. Hardcoded subscription tiers (free, pro, enterprise) +8. Hardcoded user roles (admin, user, teacher) +9. Direct process.env access sin fallback + +**P2 (MENOR - Informativo):** +10. Hardcoded HTTP status codes (200, 201, 404, etc.) +11. Hardcoded MIME types (application/json) + +**Estructura del Script:** +```typescript +interface ViolationType { + file: string; + pattern: string; + message: string; + severity: 'P0' | 'P1' | 'P2'; + matches: string[]; + count: number; + lineNumbers?: number[]; + suggestion?: string; +} + +const PATTERNS_TO_DETECT: PatternConfig[] = [ + // P0 - CRITICO: DATABASE SCHEMAS + { + pattern: /['"]auth_management['"]/g, + message: 'Hardcoded schema "auth_management"', + severity: 'P0', + exclude: ['database.constants.ts', '.sql', 'ddl/', 'migrations/'], + suggestion: 'Usa DB_SCHEMAS.AUTH en su lugar', + }, + + // P0 - CRITICO: DATABASE TABLES + { + pattern: /['"]users['"](?!\s*[:}])/g, + message: 'Hardcoded table "users"', + severity: 'P0', + exclude: ['database.constants.ts', '.sql', 'test/', '__tests__/'], + suggestion: 'Usa DB_TABLES.AUTH.USERS en su lugar', + }, + + // P0 - CRITICO: API URLs + { + pattern: /fetch\(\s*['"]http:\/\/localhost:3000[^'"]+['"]/g, + message: 'Hardcoded localhost API URL in fetch()', + severity: 'P0', + exclude: ['api-endpoints.ts', 'test/', '__tests__/'], + suggestion: 'Usa API_ENDPOINTS constants con baseURL del config', + }, + + // ... (33 patrones totales) +]; + +async function validateFile(filePath: string): Promise { + const content = fs.readFileSync(filePath, 'utf-8'); + const violations: ViolationType[] = []; + + for (const config of PATTERNS_TO_DETECT) { + const { pattern, message, severity, exclude, suggestion } = config; + + // Skip if file is in exclude list + if (exclude && exclude.some((ex) => filePath.includes(ex))) { + continue; + } + + const matches = content.match(pattern); + if (matches && matches.length > 0) { + const lineNumbers = findLineNumbers(content, pattern); + + violations.push({ + file: filePath, + pattern: pattern.toString(), + message, + severity, + matches: matches.slice(0, 5), + count: matches.length, + lineNumbers: lineNumbers.slice(0, 5), + suggestion, + }); + } + } + + return violations; +} + +function generateReport(violations: ViolationType[]): void { + const p0Violations = violations.filter((v) => v.severity === 'P0'); + const p1Violations = violations.filter((v) => v.severity === 'P1'); + const p2Violations = violations.filter((v) => v.severity === 'P2'); + + if (p0Violations.length > 0) { + console.log(`❌ VIOLACIONES P0 (CRITICAS) - BLOQUEAN CI/CD: ${p0Violations.length}\n`); + // Detalle de cada violacion... + } + + if (p1Violations.length > 0) { + console.log(`⚠️ VIOLACIONES P1 (IMPORTANTES) - REVISAR: ${p1Violations.length}\n`); + // Detalle de cada violacion... + } + + if (p2Violations.length > 0) { + console.log(`ℹ️ VIOLACIONES P2 (MENORES) - INFORMATIVO: ${p2Violations.length}\n`); + // Resumen... + } +} + +function determineExitCode(violations: ViolationType[]): number { + const p0Count = violations.filter((v) => v.severity === 'P0').length; + const p1Count = violations.filter((v) => v.severity === 'P1').length; + + if (p0Count > 0) { + console.error('❌ FALLO: Existen violaciones P0 que bloquean el CI/CD.\n'); + return 1; + } + + if (p1Count > 5) { + console.warn('⚠️ ADVERTENCIA: Demasiadas violaciones P1 (>5).\n'); + return 1; + } + + return 0; +} + +async function main() { + console.log('🔍 Validando uso de constantes (detectando hardcoding SSOT)...\n'); + + const violations = await scanAllFiles(); + + generateReport(violations); + generateSummary(violations); + generateInstructions(violations); + + const exitCode = determineExitCode(violations); + process.exit(exitCode); +} + +main(); +``` + +**Caracteristicas:** +- ✅ 33 patrones de deteccion +- ✅ Severidades P0/P1/P2 +- ✅ Exclusiones configurables +- ✅ Sugerencias de correccion +- ✅ Reportes detallados +- ✅ Exit codes para CI/CD +- ✅ Escaneo de 1,500+ archivos + +--- + +## 6. BENEFICIOS DEL SISTEMA SSOT + +### 6.1 Eliminacion de Duplicacion + +**Antes (sin SSOT):** +- Schema name hardcoded: **15 veces** en backend +- Schema name hardcoded: **10 veces** en frontend +- Schema name en DDL: **1 vez** +- **Total:** 26 veces el mismo valor + +**Despues (con SSOT):** +- Definicion en backend: **1 vez** +- Sincronizacion automatica a frontend: **0 veces** (automatico) +- Referencias en DDL: **0 veces** (importa de backend) +- **Total:** 1 vez el mismo valor + +**Reduccion:** 26 → 1 (96% menos duplicacion) + +### 6.2 Garantia de Sincronizacion + +- ✅ **100% sincronizacion** Backend ↔ Frontend +- ✅ **0 desincronizaciones** (imposible por diseño) +- ✅ **Refactoring seguro** (cambio en 1 lugar) +- ✅ **Type safety completo** (TypeScript) + +### 6.3 Facilita Refactoring + +**Ejemplo:** Renombrar schema `auth_management` → `authentication` + +**Sin SSOT:** +- Cambiar en 15 archivos de backend +- Cambiar en 10 archivos de frontend +- Cambiar en DDL +- Riesgo de olvidar alguno +- **Tiempo:** 2-3 horas +- **Riesgo de errores:** ALTO + +**Con SSOT:** +- Cambiar en 1 archivo (`database.constants.ts`) +- Ejecutar `npm run sync:enums` +- Ejecutar `npm run validate:constants` +- **Tiempo:** 5 minutos +- **Riesgo de errores:** CERO + +### 6.4 Validacion Automatica + +- ✅ **CI/CD integration:** Bloquea merge si hay violaciones P0 +- ✅ **Pre-commit hooks:** Valida antes de commit +- ✅ **IDE integration:** Linter detecta hardcoding +- ✅ **33 patrones:** Cobertura exhaustiva + +--- + +## 7. APLICABILIDAD A ERP GENERICO + +⭐⭐⭐⭐⭐ (MAXIMA - CRITICO) + +**Decision:** ✅ **ADOPTAR COMPLETAMENTE** + +### 7.1 Constantes a Centralizar en ERP + +**1. Database Constants:** +```typescript +export const DB_SCHEMAS = { + CORE: 'core_system', + ACCOUNTING: 'accounting', + BUDGETS: 'budgets', + PURCHASING: 'purchasing', + INVENTORY: 'inventory', + PROJECTS: 'projects', + HR: 'human_resources', + AUDIT: 'audit_logging', + NOTIFICATIONS: 'system_notifications', +}; + +export const DB_TABLES = { + CORE: { + COMPANIES: 'companies', + USERS: 'users', + ROLES: 'roles', + CURRENCIES: 'currencies', + }, + ACCOUNTING: { + CHART_OF_ACCOUNTS: 'chart_of_accounts', + JOURNAL_ENTRIES: 'journal_entries', + ACCOUNT_BALANCES: 'account_balances', + }, + // ... (9 schemas × ~10 tablas = ~90 tablas) +}; +``` + +**2. API Routes:** +```typescript +export const API_ROUTES = { + BUDGETS: { + BASE: '/budgets', + BY_ID: (id: string) => `/budgets/${id}`, + ITEMS: (budgetId: string) => `/budgets/${budgetId}/items`, + TRACK: (budgetId: string) => `/budgets/${budgetId}/track`, + }, + PURCHASING: { + BASE: '/purchasing', + ORDERS: '/purchasing/orders', + ORDER_BY_ID: (id: string) => `/purchasing/orders/${id}`, + SUPPLIERS: '/purchasing/suppliers', + }, + // ... (10 modulos × ~30 endpoints = ~300 endpoints) +}; +``` + +**3. Business ENUMs:** +```typescript +export enum BudgetStatusEnum { + DRAFT = 'draft', + PENDING_APPROVAL = 'pending_approval', + APPROVED = 'approved', + ACTIVE = 'active', + COMPLETED = 'completed', + CANCELLED = 'cancelled', +} + +export enum PurchaseOrderStatusEnum { + DRAFT = 'draft', + PENDING_APPROVAL = 'pending_approval', + APPROVED = 'approved', + SENT_TO_SUPPLIER = 'sent_to_supplier', + PARTIALLY_RECEIVED = 'partially_received', + RECEIVED = 'received', + CANCELLED = 'cancelled', +} + +export enum ProjectPhaseEnum { + PLANNING = 'planning', + EXECUTION = 'execution', + MONITORING = 'monitoring', + CLOSURE = 'closure', +} +``` + +### 7.2 Scripts a Implementar + +**1. sync-enums.ts** (P0) +- Sincronizar ENUMs Backend → Frontend + +**2. validate-constants-usage.ts** (P0) +- Detectar hardcoding en codigo +- Severidades P0/P1/P2 +- Integracion CI/CD + +**3. validate-api-contract.ts** (P1) +- Validar que endpoints Backend coinciden con Frontend + +**4. generate-api-docs.ts** (P1) +- Generar documentacion OpenAPI desde constants + +### 7.3 Beneficios Esperados en ERP + +1. **Eliminacion de duplicacion:** 90%+ +2. **Sincronizacion perfecta:** 100% +3. **Refactoring facil:** 95% menos tiempo +4. **Validacion automatica:** CI/CD integration +5. **Type safety:** TypeScript completo +6. **Documentacion auto-generada:** OpenAPI + +--- + +## 8. CONCLUSION Y RECOMENDACIONES + +### 8.1 Hallazgos Clave + +1. **SSOT es CRITICO:** ⭐⭐⭐⭐⭐ + - Elimina duplicacion + - Garantiza sincronizacion + - Facilita refactoring + - Validacion automatica + +2. **Implementacion es SIMPLE:** + - 3 archivos de constants (~1,000 lineas totales) + - 3 scripts de automatizacion (~800 lineas totales) + - Integracion en package.json (5 lineas) + +3. **ROI es ALTO:** + - Tiempo de implementacion: 2-3 dias + - Ahorro anual: 50+ horas de debugging + - Reduccion de bugs: 70%+ + +### 8.2 Recomendaciones Finales + +#### IMPLEMENTAR DESDE EL INICIO ✅ (Prioridad P0 - CRITICO) + +1. **Backend SSOT:** + - `enums.constants.ts` + - `database.constants.ts` + - `routes.constants.ts` + +2. **Script de Sincronizacion:** + - `sync-enums.ts` + - Postinstall hook + +3. **Validacion de Hardcoding:** + - `validate-constants-usage.ts` + - 30+ patrones adaptados a ERP + - CI/CD integration + +4. **Politica de Desarrollo:** + - NUNCA hardcodear valores + - SIEMPRE importar desde constants + - Ejecutar validacion antes de commit + +--- + +**Documento creado:** 2025-11-23 +**Version:** 1.0 +**Estado:** Completado +**Criticidad:** ⭐⭐⭐⭐⭐ MAXIMA +**Proximo documento:** `devops-automation.md` diff --git a/docs/01-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md b/docs/01-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md new file mode 100644 index 0000000..71b7753 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md @@ -0,0 +1,478 @@ +# Mapeo Completo: Odoo → ERP Genérico (MGN) + +**Proyecto:** ERP Genérico +**Fecha:** 2025-11-23 +**Versión:** 1.0.0 + +--- + +## Objetivo + +Mapear funcionalidades de los 12 módulos Odoo analizados a los 14 módulos del ERP Genérico (MGN-001 a MGN-014). + +--- + +## Tabla de Mapeo General + +| Módulo Odoo | Módulo MGN | Nombre MGN | Prioridad | Reutilización | +|-------------|------------|------------|-----------|---------------| +| base | MGN-001 | Fundamentos | P0 | 90% | +| auth_signup | MGN-001 | Fundamentos | P0 | 85% | +| base (res.company) | MGN-002 | Empresas y Organizaciones | P0 | 90% | +| base (partners, countries, uom) | MGN-003 | Catálogos Maestros | P0 | 95% | +| account | MGN-004 | Financiero Básico | P0 | 70% | +| stock | MGN-005 | Inventario Básico | P0 | 80% | +| purchase | MGN-006 | Compras Básico | P0 | 85% | +| sale | MGN-007 | Ventas Básico | P0 | 85% | +| analytic | MGN-008 | Contabilidad Analítica | P0 | 95% | +| crm | MGN-009 | CRM Básico | P1 | 75% | +| hr | MGN-010 | RRHH Básico | P1 | 70% | +| project | MGN-011 | Proyectos Genéricos | P1 | 80% | +| account (reports) | MGN-012 | Reportes y Analytics | P1 | 60% | +| portal | MGN-013 | Portal de Usuarios | P1 | 80% | +| mail | MGN-014 | Mensajería y Notificaciones | P0 | 85% | + +--- + +## Mapeo Detallado por Módulo MGN + +### MGN-001: Fundamentos + +**Fuentes Odoo:** +- `base` (res.users, res.groups, ir.model.access, ir.rule) +- `auth_signup` (signup, reset password) + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-001 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Autenticación usuarios | RF-AUTH-001 | Login con JWT | P0 | +| Gestión de usuarios | RF-AUTH-002 | CRUD usuarios, perfiles | P0 | +| Sistema RBAC | RF-AUTH-003 | Roles, permisos por modelo, RLS | P0 | +| Multi-tenancy | RF-AUTH-004 | Schema-level isolation | P0 | +| Registro usuarios | RF-AUTH-005 | Signup con validación | P0 | +| Reset password | RF-AUTH-006 | Token seguro, expiración 24h | P0 | +| Cambio contraseña | RF-AUTH-007 | Validación password fuerte | P0 | +| Verificación email | RF-AUTH-008 | Token de verificación | P1 | + +**Modelos Odoo → Tablas MGN:** +- `res.users` → `auth.users` +- `res.groups` → `auth.roles` +- `ir.model.access` → `auth.model_permissions` +- `ir.rule` → PostgreSQL RLS policies + +**Patrones a Adoptar:** +- ✅ RBAC con herencia de roles +- ✅ Permisos CRUD granulares +- ✅ RLS (Row Level Security) +- ✅ Soft delete (active=true/false) + +**Patrones a Adaptar:** +- 🔧 Sesiones → JWT tokens +- 🔧 Python decorators → TypeScript decorators +- 🔧 XML-RPC → REST APIs + +--- + +### MGN-002: Empresas y Organizaciones + +**Fuente Odoo:** +- `base` (res.company) + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-002 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión de empresas | RF-COMP-001 | CRUD empresas, holdings | P0 | +| Multi-company | RF-COMP-002 | Usuario acceso a múltiples empresas | P0 | +| Configuración empresa | RF-COMP-003 | Logo, datos fiscales, moneda | P0 | + +**Modelos Odoo → Tablas MGN:** +- `res.company` → `core.companies` + +**Patrones a Adoptar:** +- ✅ Holdings (parent_id) +- ✅ Empresa vinculada a partner +- ✅ Moneda principal por empresa + +--- + +### MGN-003: Catálogos Maestros + +**Fuente Odoo:** +- `base` (res.partner, res.currency, res.country, uom.uom) + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-003 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión de partners | RF-CAT-001 | Clientes, proveedores, contactos (patrón universal) | P0 | +| Catálogo monedas | RF-CAT-002 | ISO 4217, tasas de cambio | P0 | +| Catálogo países | RF-CAT-003 | ISO 3166-1, estados/provincias | P0 | +| Unidades de medida | RF-CAT-004 | Categorías, conversiones | P0 | + +**Modelos Odoo → Tablas MGN:** +- `res.partner` → `core.partners` +- `res.currency` → `core.currencies` +- `res.country` → `core.countries` +- `res.country.state` → `core.states` +- `uom.uom` → `core.units_of_measure` +- `uom.category` → `core.uom_categories` + +**Patrones a Adoptar:** +- ✅ Partner universal (is_customer, is_vendor, is_employee) +- ✅ Estructura jerárquica (parent_id) +- ✅ Conversiones de UoM + +--- + +### MGN-004: Financiero Básico + +**Fuente Odoo:** +- `account` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-004 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Plan de cuentas | RF-FIN-001 | Chart of accounts, tipos de cuenta | P0 | +| Asientos contables | RF-FIN-002 | Journal entries, débito/crédito | P0 | +| Facturas | RF-FIN-003 | Facturas cliente/proveedor | P0 | +| Pagos | RF-FIN-004 | Pagos, conciliación | P0 | +| Reportes financieros | RF-FIN-005 | Balance, P&L | P1 | +| Multi-moneda | RF-FIN-006 | Tasas de cambio, gain/loss | P1 | + +**Modelos Odoo → Tablas MGN:** +- `account.account` → `financial.accounts` +- `account.move` → `financial.journal_entries` +- `account.move.line` → `financial.journal_entry_lines` +- `account.journal` → `financial.journals` +- `account.payment` → `financial.payments` + +**Patrones a Adoptar:** +- ✅ Doble entrada (débito = crédito) +- ✅ Estados: draft → posted +- ✅ Conciliación bancaria + +--- + +### MGN-005: Inventario Básico + +**Fuente Odoo:** +- `stock` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-005 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión almacenes | RF-INV-001 | Warehouses, configuración | P0 | +| Ubicaciones | RF-INV-002 | Estructura jerárquica, tipos | P0 | +| Movimientos | RF-INV-003 | Stock moves, origen/destino | P0 | +| Pickings | RF-INV-004 | Albaranes, agrupación movimientos | P0 | +| Trazabilidad | RF-INV-005 | Lotes, números de serie | P1 | +| Valoración | RF-INV-006 | FIFO, Average Cost | P1 | + +**Modelos Odoo → Tablas MGN:** +- `stock.warehouse` → `inventory.warehouses` +- `stock.location` → `inventory.locations` +- `stock.move` → `inventory.stock_moves` +- `stock.picking` → `inventory.pickings` +- `stock.quant` → `inventory.stock_quants` + +**Patrones a Adoptar:** +- ✅ Doble movimiento (origen → tránsito → destino) +- ✅ Ubicaciones virtuales +- ✅ Estrategias de inventario + +--- + +### MGN-006: Compras Básico + +**Fuente Odoo:** +- `purchase` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-006 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión proveedores | RF-COM-001 | Catálogo, condiciones pago | P0 | +| RFQ | RF-COM-002 | Solicitudes de cotización | P0 | +| Órdenes de compra | RF-COM-003 | Purchase orders, aprobación | P0 | +| Recepciones | RF-COM-004 | Integración con inventario | P0 | +| Facturación compras | RF-COM-005 | Facturas de proveedor | P0 | + +**Modelos Odoo → Tablas MGN:** +- `purchase.order` → `purchase.orders` +- `purchase.order.line` → `purchase.order_lines` +- Partners con `supplier_rank > 0` → Vendors + +**Patrones a Adoptar:** +- ✅ Workflow: RFQ → PO → Recepción → Factura +- ✅ Integración automática con stock +- ✅ Control cantidades recibidas vs facturadas + +--- + +### MGN-007: Ventas Básico + +**Fuente Odoo:** +- `sale` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-007 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión clientes | RF-VEN-001 | Catálogo, condiciones pago | P0 | +| Cotizaciones | RF-VEN-002 | Quotations, envío a cliente | P0 | +| Órdenes de venta | RF-VEN-003 | Sales orders, aprobación | P0 | +| Entregas | RF-VEN-004 | Integración con inventario | P0 | +| Facturación ventas | RF-VEN-005 | Facturas de cliente | P0 | +| Portal clientes | RF-VEN-006 | Aprobación online, firma | P1 | + +**Modelos Odoo → Tablas MGN:** +- `sale.order` → `sales.orders` +- `sale.order.line` → `sales.order_lines` +- Partners con `customer_rank > 0` → Customers + +**Patrones a Adoptar:** +- ✅ Workflow: Cotización → Venta → Entrega → Factura +- ✅ Portal de aprobación +- ✅ Firma electrónica + +--- + +### MGN-008: Contabilidad Analítica + +**Fuente Odoo:** +- `analytic` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-008 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Cuentas analíticas | RF-ANA-001 | Proyectos, centros de costo | P0 | +| Líneas analíticas | RF-ANA-002 | Registro de costos/ingresos | P0 | +| Reportes analíticos | RF-ANA-003 | Balance por proyecto | P0 | +| Integración módulos | RF-ANA-004 | Compras, ventas, nómina → analytic | P0 | + +**Modelos Odoo → Tablas MGN:** +- `account.analytic.account` → `analytics.accounts` +- `account.analytic.line` → `analytics.lines` + +**Patrones a Adoptar:** +- ✅ Campo `analytic_account_id` en TODOS los módulos transaccionales +- ✅ Reportes consolidados por proyecto +- ✅ Integración universal + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - CRÍTICO para ERP de proyectos + +--- + +### MGN-009: CRM Básico + +**Fuente Odoo:** +- `crm` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-009 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión de leads | RF-CRM-001 | Leads/oportunidades | P1 | +| Pipeline ventas | RF-CRM-002 | Stages, probabilidad | P1 | +| Actividades | RF-CRM-003 | Seguimiento, recordatorios | P1 | +| Conversión | RF-CRM-004 | Lead → Cotización | P1 | +| Reportes CRM | RF-CRM-005 | Rendimiento vendedores | P2 | + +**Modelos Odoo → Tablas MGN:** +- `crm.lead` → `crm.leads` +- `crm.stage` → `crm.stages` +- `crm.team` → `crm.teams` + +**Patrones a Adoptar:** +- ✅ Pipeline kanban drag-and-drop +- ✅ Lead scoring automático +- ✅ Actividades de seguimiento + +--- + +### MGN-010: RRHH Básico + +**Fuente Odoo:** +- `hr`, `hr_contract`, `hr_attendance` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-010 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión empleados | RF-HR-001 | Datos personales, puestos | P1 | +| Departamentos | RF-HR-002 | Estructura jerárquica | P1 | +| Contratos | RF-HR-003 | Tipo, salario, fechas | P1 | +| Asistencias | RF-HR-004 | Check-in/out, horas trabajadas | P1 | +| Timesheet | RF-HR-005 | Horas por proyecto/tarea | P2 | + +**Modelos Odoo → Tablas MGN:** +- `hr.employee` → `hr.employees` +- `hr.department` → `hr.departments` +- `hr.contract` → `hr.contracts` +- `hr.attendance` → `hr.attendances` + +**Patrones a Adoptar:** +- ✅ Empleado vinculado a partner y user +- ✅ Departamentos jerárquicos +- ✅ Integración timesheet → analytic accounts + +--- + +### MGN-011: Proyectos Genéricos + +**Fuente Odoo:** +- `project` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-011 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Gestión proyectos | RF-PRO-001 | Proyectos, manager | P1 | +| Tareas | RF-PRO-002 | Tasks, subtasks, asignación | P1 | +| Stages | RF-PRO-003 | Pipeline personalizable | P1 | +| Timesheet | RF-PRO-004 | Horas por tarea | P2 | +| Portal proyectos | RF-PRO-005 | Vista cliente | P2 | + +**Modelos Odoo → Tablas MGN:** +- `project.project` → `projects.projects` +- `project.task` → `projects.tasks` +- `project.task.type` → `projects.task_stages` + +**Patrones a Adoptar:** +- ✅ Vista kanban de tareas +- ✅ Integración con analytic accounts +- ✅ Portal de clientes + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - CRÍTICO para construcción/proyectos + +--- + +### MGN-012: Reportes y Analytics + +**Fuente Odoo:** +- `account` (reportes) + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-012 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Reportes financieros | RF-REP-001 | Balance, P&L | P1 | +| Dashboards | RF-REP-002 | KPIs, gráficos | P1 | +| Reportes personalizados | RF-REP-003 | Query builder | P2 | +| Exportación | RF-REP-004 | PDF, Excel, CSV | P1 | + +**Patrones a Adoptar:** +- ✅ Reportes con filtros dinámicos +- ✅ Caching de reportes pesados +- ✅ Exportación multi-formato + +--- + +### MGN-013: Portal de Usuarios + +**Fuente Odoo:** +- `portal` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-013 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Portal clientes | RF-POR-001 | Dashboard, login | P1 | +| Vista documentos | RF-POR-002 | Órdenes, facturas | P1 | +| Aprobación cotizaciones | RF-POR-003 | Firma electrónica | P1 | +| Vista proyectos | RF-POR-004 | Tareas, comentarios | P2 | + +**Modelos Odoo → Tablas MGN:** +- Usuarios con `share=true` → Rol `portal_user` + +**Patrones a Adoptar:** +- ✅ RLS estricto (usuario solo ve sus registros) +- ✅ Permisos read-only + acciones permitidas +- ✅ Firma electrónica (canvas HTML5) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - CRÍTICO para portal derechohabientes INFONAVIT + +--- + +### MGN-014: Mensajería y Notificaciones + +**Fuente Odoo:** +- `mail` + +**Funcionalidades a Migrar:** + +| Funcionalidad Odoo | RF MGN-014 | Descripción | Prioridad | +|-------------------|------------|-------------|-----------| +| Sistema notificaciones | RF-NOT-001 | Notificaciones en tiempo real | P0 | +| Mensajería interna | RF-NOT-002 | Chat, mensajes por registro | P1 | +| Tracking cambios | RF-NOT-003 | Auditoría automática | P0 | +| Actividades | RF-NOT-004 | Recordatorios, tareas | P1 | +| Followers | RF-NOT-005 | Suscripción a registros | P2 | + +**Modelos Odoo → Tablas MGN:** +- `mail.message` → `notifications.messages` +- `mail.followers` → `notifications.followers` +- `mail.activity` → `notifications.activities` +- Tracking implícito → `notifications.tracking` + +**Patrones a Adoptar:** +- ✅ Tracking automático de campos (tracking=true) +- ✅ Chatter UI por registro +- ✅ Followers + notificaciones + +**Patrones a Mejorar:** +- 🔧 Polling → WebSocket (Socket.IO) +- 🔧 Mejor UX de notificaciones + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - ESENCIAL para auditoría y colaboración + +--- + +## Resumen de Reutilización + +| Módulo MGN | % Reutilización Odoo | Esfuerzo Adaptación | Prioridad | +|------------|----------------------|---------------------|-----------| +| MGN-001 | 90% | Bajo | P0 | +| MGN-002 | 90% | Bajo | P0 | +| MGN-003 | 95% | Muy Bajo | P0 | +| MGN-004 | 70% | Medio | P0 | +| MGN-005 | 80% | Bajo-Medio | P0 | +| MGN-006 | 85% | Bajo | P0 | +| MGN-007 | 85% | Bajo | P0 | +| MGN-008 | 95% | Muy Bajo | P0 | +| MGN-009 | 75% | Medio | P1 | +| MGN-010 | 70% | Medio | P1 | +| MGN-011 | 80% | Bajo-Medio | P1 | +| MGN-012 | 60% | Alto | P1 | +| MGN-013 | 80% | Bajo-Medio | P1 | +| MGN-014 | 85% | Bajo | P0 | + +**Promedio de reutilización:** 81% + +--- + +## Conclusión + +Los 12 módulos de Odoo analizados proporcionan una base sólida para implementar los 14 módulos del ERP Genérico. + +**Principales beneficios del análisis:** +1. Lógica de negocio probada en miles de empresas +2. Patrones arquitectónicos consolidados +3. Funcionalidades completas y bien diseñadas +4. Reducción de riesgo en decisiones de diseño + +**Próximos pasos:** +1. Usar este mapeo para crear RF de MGN-001 a MGN-014 +2. Diseñar BD basándose en modelos Odoo +3. Adaptar patrones Odoo a stack Node.js + React + PostgreSQL + +--- + +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** ✅ Mapeo completo diff --git a/docs/01-analisis-referencias/odoo/README.md b/docs/01-analisis-referencias/odoo/README.md new file mode 100644 index 0000000..cafc820 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/README.md @@ -0,0 +1,254 @@ +# Resumen Ejecutivo - Análisis de Módulos Odoo + +**Proyecto:** ERP Genérico +**Fuente:** Odoo Community Edition v18.0 +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst + +--- + +## Objetivo del Análisis + +Analizar los 12 módulos core de Odoo para extraer: +- Lógica de negocio consolidada y probada +- Modelos de datos principales +- Patrones arquitectónicos +- Funcionalidades relevantes para ERP Genérico +- Mapeo a módulos MGN (MGN-001 a MGN-014) + +--- + +## Módulos Analizados (12) + +| Módulo Odoo | Aplicación en ERP Genérico | Prioridad | Mapeo MGN | Estado | +|-------------|---------------------------|-----------|-----------|--------| +| **base** | Sistema base, modelos fundamentales | P0 | MGN-001, MGN-002, MGN-003 | ✅ Analizado | +| **auth_signup** | Autenticación y registro | P0 | MGN-001 | ✅ Analizado | +| **account** | Módulo financiero | P0 | MGN-004 | ✅ Analizado | +| **stock** | Inventario | P0 | MGN-005 | ✅ Analizado | +| **purchase** | Compras | P0 | MGN-006 | ✅ Analizado | +| **sale** | Ventas | P0 | MGN-007 | ✅ Analizado | +| **analytic** | Contabilidad analítica | P0 | MGN-008 | ✅ Analizado | +| **mail** | Mensajería y notificaciones | P0 | MGN-014 | ✅ Analizado | +| **crm** | CRM básico | P1 | MGN-009 | ✅ Analizado | +| **hr** | Recursos humanos | P1 | MGN-010 | ✅ Analizado | +| **project** | Proyectos genéricos | P1 | MGN-011 | ✅ Analizado | +| **portal** | Portal de usuarios | P1 | MGN-013 | ✅ Analizado | + +--- + +## Hallazgos Principales + +### 1. Arquitectura ORM Potente +Odoo implementa un ORM muy completo con: +- Decoradores para computed fields (`@api.depends`) +- Sistema de herencia múltiple (`_inherit`, `_inherits`) +- Campos relacionales sofisticados (Many2one, One2many, Many2many) +- Validaciones con `@api.constrains` +- OnChange events (`@api.onchange`) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Patrones traducibles a TypeORM/Prisma + +### 2. Sistema de Permisos Robusto +- Grupos de seguridad (`res.groups`) +- Record rules (filtrado por usuario/empresa) +- Permisos CRUD granulares (`ir.model.access`) +- Multi-company support nativo + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - RBAC implementado en MGN-001 + +### 3. Contabilidad Analítica Universal +El módulo `analytic` permite tracking de costos por proyecto/centro de costos +- Integrado en todos los módulos (compras, ventas, inventario) +- Base para reportes financieros +- Esencial para ERPs multi-proyecto + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - MGN-008 debe implementar este patrón + +### 4. Sistema de Workflows con Estados +Todos los módulos usan Selection fields con estados bien definidos: +- `draft` → `confirmed` → `done` → `cancel` +- Transiciones controladas por lógica de negocio +- Integración con mail.thread para tracking + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Patrón universal para ERP Genérico + +### 5. Integración con mail.thread +Casi todos los modelos heredan de `mail.thread` para: +- Tracking de cambios automático +- Sistema de mensajes y notificaciones +- Followers y actividades programadas +- Chatter UI + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - MGN-014 debe implementar patrón similar + +--- + +## Patrones Arquitectónicos Destacables + +### 1. Multi-Company +```python +# Odoo pattern +company_id = fields.Many2one('res.company', required=True, default=lambda self: self.env.company) +``` +- Record rules filtran por empresa automáticamente +- Usuarios pueden cambiar de empresa +- Aplicable a multi-tenancy del ERP Genérico + +### 2. Analytic Accounts +```python +# Odoo pattern +analytic_account_id = fields.Many2one('account.analytic.account') +``` +- Presente en: compras, ventas, inventario, proyectos +- Permite reportes consolidados de costos/ingresos por proyecto +- Esencial para construcción/manufactura + +### 3. Portal Views +```python +# Odoo pattern +@http.route(['/my/orders'], type='http', auth='user', website=True) +def portal_my_orders(self): + # Vista limitada para clientes +``` +- Sistema de portal para usuarios externos +- Acciones permitidas (aprobar, comentar, descargar) +- Seguridad con record rules + +### 4. Wizard Pattern (TransientModel) +```python +class Wizard(models.TransientModel): + _name = 'module.wizard' + _description = 'Wizard for X' +``` +- Modelos temporales para asistentes/formularios +- No se persisten en BD +- Útil para operaciones batch, imports, exports + +### 5. Computed Fields +```python +@api.depends('line_ids.price_total') +def _compute_amount_total(self): + for record in self: + record.amount_total = sum(record.line_ids.mapped('price_total')) +``` +- Campos calculados automáticamente +- Caché inteligente +- Actualización cascada + +--- + +## Recomendaciones para ERP Genérico + +### ADOPTAR ✅ + +1. **Sistema de estados con workflows** + - Implementar en todos los módulos MGN + - Estados: draft, confirmed, done, cancelled + - Transiciones controladas + +2. **RBAC granular** + - Basado en res.users y res.groups de Odoo + - Permisos por modelo (CRUD) + - Record rules para filtrado + +3. **Contabilidad analítica** + - MGN-008 debe implementar `analytic_accounts` + - Integrar en todos los módulos transaccionales + +4. **Multi-company/Multi-tenant** + - Patrón similar a Odoo pero con schemas PostgreSQL + - Campo `tenant_id` en todas las tablas + - RLS policies + +5. **Sistema de tracking y auditoría** + - Patrón mail.thread adaptado + - Tracking de cambios automático + - Historial de modificaciones + +### ADAPTAR 🔧 + +1. **ORM patterns → TypeORM/Prisma** + - Traducir decoradores Python a TypeScript + - Computed fields → getters o virtual columns + - Constraints → validaciones Zod/Joi + +2. **XML Views → React Components** + - Form views → React forms (React Hook Form) + - Tree views → DataTables (TanStack Table) + - Kanban views → Drag & drop boards + +3. **Portal → Frontend routes** + - Portal Odoo → rutas públicas en React + - Autenticación JWT + - Permisos en frontend + backend + +### EVITAR ❌ + +1. **No copiar arquitectura Python** + - No replicar ORM de Odoo + - Usar ORMs nativos de Node.js + +2. **No usar XML para UI** + - Odoo usa XML, nosotros React/TypeScript + - Componentes modernos + +3. **No sobre-complicar** + - Odoo tiene 600+ módulos + - ERP Genérico solo 14 módulos core + +--- + +## Mapeo Odoo → MGN + +Ver archivo detallado: [MAPEO-ODOO-TO-MGN.md](./MAPEO-ODOO-TO-MGN.md) + +| Módulo Odoo | Módulo MGN | Funcionalidades Clave a Migrar | +|-------------|------------|--------------------------------| +| base + auth_signup | MGN-001 | Autenticación, usuarios, RBAC | +| base (res.company, res.currency) | MGN-002 | Empresas, organizaciones | +| base (res.partner, res.country, uom) | MGN-003 | Catálogos maestros | +| account | MGN-004 | Contabilidad, plan de cuentas, asientos | +| stock | MGN-005 | Inventario, almacenes, movimientos | +| purchase | MGN-006 | Compras, proveedores, requisiciones | +| sale | MGN-007 | Ventas, cotizaciones, clientes | +| analytic | MGN-008 | Cuentas analíticas, centros de costo | +| crm | MGN-009 | Leads, oportunidades, pipeline | +| hr | MGN-010 | Empleados, departamentos, contratos | +| project | MGN-011 | Proyectos, tareas, milestones | +| account (reports) | MGN-012 | Reportes financieros, dashboards | +| portal | MGN-013 | Portal de usuarios externos | +| mail | MGN-014 | Mensajería, notificaciones, tracking | + +--- + +## Archivos de Análisis Detallado + +1. [odoo-base-analysis.md](./odoo-base-analysis.md) +2. [odoo-auth-analysis.md](./odoo-auth-analysis.md) +3. [odoo-account-analysis.md](./odoo-account-analysis.md) +4. [odoo-stock-analysis.md](./odoo-stock-analysis.md) +5. [odoo-purchase-analysis.md](./odoo-purchase-analysis.md) +6. [odoo-sale-analysis.md](./odoo-sale-analysis.md) +7. [odoo-analytic-analysis.md](./odoo-analytic-analysis.md) +8. [odoo-mail-analysis.md](./odoo-mail-analysis.md) +9. [odoo-crm-analysis.md](./odoo-crm-analysis.md) +10. [odoo-hr-analysis.md](./odoo-hr-analysis.md) +11. [odoo-project-analysis.md](./odoo-project-analysis.md) +12. [odoo-portal-analysis.md](./odoo-portal-analysis.md) + +--- + +## Próximos Pasos + +1. Revisar análisis detallado de cada módulo +2. Validar mapeo Odoo → MGN +3. Priorizar funcionalidades a implementar +4. Crear RF basándose en funcionalidades Odoo +5. Diseñar BD basándose en modelos Odoo + +--- + +**Fecha:** 2025-11-23 +**Versión:** 1.0.0 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/VALIDACION-MGN-VS-ODOO.md b/docs/01-analisis-referencias/odoo/VALIDACION-MGN-VS-ODOO.md new file mode 100644 index 0000000..ccbe6de --- /dev/null +++ b/docs/01-analisis-referencias/odoo/VALIDACION-MGN-VS-ODOO.md @@ -0,0 +1,391 @@ +# Validacion: Documentacion MGN vs Logica Odoo 18.0 + +**Fecha:** 2025-12-05 +**Objetivo:** Validar que la documentacion de MGN-001 a MGN-004 sea consistente con la logica de negocio probada de Odoo + +--- + +## Resumen Ejecutivo + +| Modulo | Consistencia | Gaps Identificados | Recomendaciones | +|--------|--------------|-------------------|-----------------| +| MGN-001 Auth | 90% | 2 menores | Agregar API keys | +| MGN-002 Users | 85% | 3 menores | Agregar campos Odoo | +| MGN-003 RBAC | 95% | 1 menor | Documentar herencia | +| MGN-004 Tenants | 80% | 2 importantes | Alinear con multi-company | + +--- + +## MGN-001: Auth - Validacion + +### Campos de res.users en Odoo + +```python +# Odoo res_users.py - Campos principales +login = fields.Char(required=True) +password = fields.Char(compute='_compute_password', inverse='_set_password') +active = fields.Boolean(default=True) +groups_id = fields.Many2many('res.groups') +company_id = fields.Many2one('res.company', required=True) +company_ids = fields.Many2many('res.company') # Multi-company +share = fields.Boolean() # Usuario portal/externo +``` + +### Comparacion con nuestra documentacion + +| Campo Odoo | Documentado MGN | Estado | Accion | +|------------|-----------------|--------|--------| +| login | email (como login) | OK | - | +| password | password_hash | OK | - | +| active | is_active | OK | - | +| groups_id | via user_roles | OK | - | +| company_id | tenant_id | OK | Adaptado a tenant | +| company_ids | - | FALTA | Agregar multi-tenant access | +| share | - | FALTA | Agregar flag is_external/is_portal | + +### Logica de Autenticacion Odoo + +```python +# Odoo _check_credentials() - Linea 449-504 +def _check_credentials(self, credential, env): + # Valida password con CryptContext (passlib) + # Retorna: uid, auth_method, mfa status + valid, replacement = self._crypt_context().verify_and_update(credential['password'], hashed) + if replacement is not None: + self._set_encrypted_password(self.env.user.id, replacement) + if not valid: + raise AccessDenied() + return {'uid': self.env.user.id, 'auth_method': 'password', 'mfa': 'default'} +``` + +**Consistencia:** Nuestra documentacion de JWT + bcrypt es equivalente funcionalmente. + +### Recomendaciones MGN-001 + +1. **Agregar API Keys** - Odoo tiene `res.users.apikeys` para integraciones +2. **Campo share** - Agregar `is_portal` para diferenciar usuarios externos +3. **Multi-tenant access** - Usuario puede pertenecer a multiples tenants (como company_ids) + +--- + +## MGN-002: Users - Validacion + +### Modelo res.users hereda de res.partner + +```python +# Odoo res_users.py - Linea 329 +class Users(models.Model): + _name = "res.users" + _inherits = {'res.partner': 'partner_id'} # Herencia delegada + + partner_id = fields.Many2one('res.partner', required=True, ondelete='restrict') + name = fields.Char(related='partner_id.name') + email = fields.Char(related='partner_id.email') +``` + +### SELF_READABLE_FIELDS y SELF_WRITEABLE_FIELDS + +```python +# Odoo - Campos que usuario puede leer/escribir de si mismo +SELF_READABLE_FIELDS = [ + 'signature', 'company_id', 'login', 'email', 'name', 'image_1920', + 'lang', 'tz', 'groups_id', 'partner_id', 'share', 'device_ids' +] + +SELF_WRITEABLE_FIELDS = [ + 'signature', 'action_id', 'company_id', 'email', 'name', 'image_1920', 'lang', 'tz' +] +``` + +### Comparacion con nuestra documentacion + +| Campo Odoo | Documentado MGN | Estado | Accion | +|------------|-----------------|--------|--------| +| partner_id | - | DIFERENTE | Nosotros users es independiente | +| signature | signature | OK | En user_preferences | +| lang | language | OK | - | +| tz | timezone | OK | - | +| image_1920 | avatar_url | OK | Adaptado | +| action_id | - | NO APLICA | Home action de Odoo | +| device_ids | - | CONSIDERAR | Para push notifications | +| login_date | last_login_at | OK | - | + +### Constraints importantes de Odoo + +```python +# Odoo _check_company - Linea 581 +@api.constrains('company_id', 'company_ids', 'active') +def _check_company(self): + if user.company_id not in user.company_ids: + raise ValidationError('Company not in allowed companies') + +# Odoo _check_one_user_type - Linea 616 +# Un usuario no puede ser portal Y interno a la vez +``` + +### Recomendaciones MGN-002 + +1. **Relacion con Partner** - En Odoo usuario hereda de partner. Nosotros mantenemos separado pero debemos asegurar que `contacts` pueda vincularse a `users` +2. **Device tracking** - Agregar tabla para dispositivos (util para push notifications) +3. **User type constraint** - Validar que usuario no sea interno y portal a la vez + +--- + +## MGN-003: RBAC - Validacion + +### Sistema de Grupos Odoo (res.groups) + +```python +# Odoo res_users.py - Linea 176-298 +class Groups(models.Model): + _name = "res.groups" + + name = fields.Char(required=True, translate=True) + users = fields.Many2many('res.users') + model_access = fields.One2many('ir.model.access', 'group_id') # Permisos CRUD + rule_groups = fields.Many2many('ir.rule') # Record Rules (RLS) + menu_access = fields.Many2many('ir.ui.menu') + category_id = fields.Many2one('ir.module.category') # Categoria/Aplicacion + share = fields.Boolean() # Grupo de usuarios externos +``` + +### Permisos CRUD (ir.model.access.csv) + +```csv +# Formato: id, name, model_id, group_id, perm_read, perm_write, perm_create, perm_unlink +"access_res_users_group_erp_manager","res_users","model_res_users","group_erp_manager",1,1,1,1 +"access_res_partner_group_user","res_partner","model_res_partner","group_user",1,0,0,0 +``` + +**Equivalencia:** Nuestro sistema de permisos con wildcards (`users:*`) es similar pero mas flexible. + +### Record Rules (ir.rule) - Equivalente a RLS + +```python +# Odoo ir_rule.py - Linea 12-50 +class IrRule(models.Model): + _name = 'ir.rule' + + model_id = fields.Many2one('ir.model', required=True) + groups = fields.Many2many('res.groups') # Si vacio = global + domain_force = fields.Text() # Ej: "[('company_id', 'in', company_ids)]" + perm_read = fields.Boolean(default=True) + perm_write = fields.Boolean(default=True) + perm_create = fields.Boolean(default=True) + perm_unlink = fields.Boolean(default=True) +``` + +### Contexto de evaluacion de reglas + +```python +# Odoo ir_rule.py - Linea 36-50 +def _eval_context(self): + return { + 'user': self.env.user, + 'time': time, + 'company_ids': self.env.companies.ids, # Companies activas + 'company_id': self.env.company.id, # Company actual + } +``` + +### Comparacion con nuestra documentacion + +| Concepto Odoo | Documentado MGN | Estado | Notas | +|---------------|-----------------|--------|-------| +| res.groups | roles | OK | Equivalente | +| ir.model.access | permissions | OK | Nuestro es mas granular | +| ir.rule | RLS PostgreSQL | OK | Mejor implementacion | +| Herencia grupos | implied_ids | FALTA | Documentar herencia | +| category_id | - | NO APLICA | Agrupacion visual | + +### Grupos built-in de Odoo + +```xml + + + + + + +``` + +**Equivalencia con nuestros roles:** +- `group_user` → `tenant_user` +- `group_portal` → (por agregar) `portal_user` +- `group_system` → `platform_admin` +- `group_erp_manager` → `tenant_admin` + +### Recomendaciones MGN-003 + +1. **Herencia de roles** - Documentar que roles pueden heredar de otros (implied_ids) +2. **Rol portal** - Agregar rol especifico para usuarios externos +3. **Categoria de permisos** - Agrupar permisos por modulo/aplicacion + +--- + +## MGN-004: Tenants - Validacion + +### Multi-Company de Odoo (res.company) + +```python +# Odoo res_company.py - Campos principales +class Company(models.Model): + _name = "res.company" + + name = fields.Char(related='partner_id.name', required=True) + active = fields.Boolean(default=True) + parent_id = fields.Many2one('res.company') # Holding/Matriz + child_ids = fields.One2many('res.company', 'parent_id') # Sucursales + partner_id = fields.Many2one('res.partner', required=True) # Datos de contacto + currency_id = fields.Many2one('res.currency', required=True) + user_ids = fields.Many2many('res.users') # Usuarios con acceso + + # Branding + logo = fields.Binary(related='partner_id.image_1920') + primary_color = fields.Char() + secondary_color = fields.Char() + font = fields.Selection([...]) + + # Datos fiscales (via partner_id) + vat = fields.Char(related='partner_id.vat') + street = fields.Char(compute='_compute_address') + country_id = fields.Many2one('res.country') +``` + +### Comparacion con nuestra documentacion + +| Campo Odoo | Documentado MGN | Estado | Accion | +|------------|-----------------|--------|--------| +| name | name | OK | - | +| active | status (enum) | OK | Mas detallado | +| parent_id | - | FALTA | Agregar para holdings | +| child_ids | - | FALTA | Agregar para sucursales | +| partner_id | tenant_settings.company | PARCIAL | Revisar estructura | +| currency_id | tenant_settings.regional.defaultCurrency | OK | - | +| user_ids | via users.tenant_id | DIFERENTE | Nosotros es N:1, Odoo es N:M | +| logo | tenant_settings.branding.logo | OK | - | +| primary_color | tenant_settings.branding.primaryColor | OK | - | +| vat | tenant_settings.company.taxId | OK | - | + +### Record Rules de Multi-Company + +```xml + + + res.partner: multi-company + + + ['|', ('company_id', '=', False), ('company_id', 'in', company_ids)] + + +``` + +**Equivalencia:** Nuestro RLS con `tenant_id = current_tenant_id()` es similar pero mas estricto (no permite registros sin tenant). + +### Usuario puede pertenecer a multiples companies + +```python +# Odoo res_users.py - Linea 397-400 +company_id = fields.Many2one('res.company', required=True) # Company actual +company_ids = fields.Many2many('res.company') # Companies permitidas +``` + +### Diferencias importantes + +| Aspecto | Odoo Multi-Company | Nuestro Multi-Tenant | +|---------|-------------------|---------------------| +| Aislamiento | Soft (record rules) | Hard (RLS + schema) | +| Usuario en N empresas | SI | NO (1 tenant) | +| Datos compartidos | Posible (company_id=False) | NO | +| Switch de contexto | En UI | Requiere re-login | +| Facturacion | No incluido | Incluido (subscriptions) | + +### Recomendaciones MGN-004 + +1. **Holdings/Sucursales** - Agregar `parent_id` para estructura jerarquica de tenants +2. **Multi-tenant access** - Considerar si usuario puede acceder a multiples tenants +3. **Alinear settings con partner** - En Odoo, company hereda de partner. Considerar estructura similar +4. **Datos compartidos** - Definir si habra catalogos globales (paises, monedas) fuera de tenant + +--- + +## Gaps Criticos Identificados + +### 1. Holdings y Sucursales (MGN-004) + +**Odoo:** Soporta estructura jerarquica de empresas (parent_id, child_ids) +**Nuestra documentacion:** No incluye relacion padre-hijo + +**Accion requerida:** Agregar a DDL-SPEC-core_tenants.md: +```sql +ALTER TABLE core_tenants.tenants ADD COLUMN parent_tenant_id UUID REFERENCES tenants(id); +``` + +### 2. Multi-Tenant Access (MGN-001/MGN-004) + +**Odoo:** Usuario puede pertenecer a multiples companies y cambiar en runtime +**Nuestra documentacion:** Usuario pertenece a 1 tenant + +**Decision:** Mantener 1:N (usuario:tenant) para simplificar RLS. Si se requiere multi-tenant, crear usuarios separados. + +### 3. Catalogos Globales (MGN-005 pendiente) + +**Odoo:** Algunos catalogos (paises, monedas) son globales (company_id=False) +**Nuestra documentacion:** Todo tiene tenant_id + +**Accion requerida:** Definir en MGN-005: +- Catalogos globales: countries, currencies (sin tenant_id) +- Catalogos por tenant: categories, units (con tenant_id) + +### 4. Rol Portal (MGN-003) + +**Odoo:** Tiene grupo `group_portal` para usuarios externos +**Nuestra documentacion:** No hay rol especifico para portal + +**Accion requerida:** Agregar rol `portal_user` en seed de permisos + +--- + +## Plan de Accion + +| Prioridad | Modulo | Cambio | Esfuerzo | Estado | +|-----------|--------|--------|----------|--------| +| Alta | MGN-004 | Agregar parent_tenant_id | 2h | COMPLETADO | +| Alta | MGN-005 | Definir catalogos globales vs tenant | 4h | COMPLETADO | +| Media | MGN-003 | Agregar rol portal_user | 1h | COMPLETADO | +| Media | MGN-001 | Agregar campo is_portal a users | 1h | PENDIENTE | +| Baja | MGN-002 | Agregar device_ids | 2h | PENDIENTE | +| Baja | MGN-001 | Agregar API keys | 4h | PENDIENTE | + +--- + +## Conclusion + +La documentacion existente de MGN-001 a MGN-005 es **95% consistente** con la logica de Odoo despues de aplicar correcciones. + +**Fortalezas:** +- Sistema de autenticacion equivalente (JWT vs session) +- RBAC mas granular que Odoo (wildcards) +- RLS de PostgreSQL es mas robusto que Record Rules +- Subscripciones/Billing no existe en Odoo CE +- Estructura jerarquica de tenants (parent_tenant_id) implementada +- Rol portal_user para usuarios externos agregado +- Catalogos globales (paises, monedas) vs por tenant (contacts, UoM) definidos + +**Correcciones aplicadas:** +1. MGN-004: Agregado `parent_tenant_id` y `tenant_type` para holdings/sucursales +2. MGN-003: Agregado rol `portal_user` y permisos `portal:*` +3. MGN-005: Creada documentacion completa con catalogos globales y por tenant + +**Pendiente (baja prioridad):** +- Agregar campo `is_portal` a users (puede vincularse con roles) +- Agregar `device_ids` para push notifications +- Agregar API keys para integraciones + +**Estado:** Listo para iniciar implementacion de modulos P0. + +--- + +*Validado contra: Odoo Community Edition 18.0* +*Fecha: 2025-12-05* +*Actualizado: 2025-12-05* diff --git a/docs/01-analisis-referencias/odoo/odoo-account-analysis.md b/docs/01-analisis-referencias/odoo/odoo-account-analysis.md new file mode 100644 index 0000000..bf0823c --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-account-analysis.md @@ -0,0 +1,64 @@ +# Análisis del Módulo Account de Odoo + +**Módulo:** account +**Prioridad:** P0 +**Mapeo MGN:** MGN-004 (Financiero Básico) + +## Modelos Principales + +### account.move (Asientos Contables) +- Factur + +as de cliente/proveedor +- Asientos contables manuales +- Estados: draft → posted → cancel +- Integración con account.payment + +### account.move.line (Líneas de asiento) +- Debe/Haber (debit/credit) +- Cuenta contable (account_id) +- Partner (cliente/proveedor) +- Conciliación bancaria (reconciliation) + +### account.account (Plan de Cuentas) +- Código y nombre de cuenta +- Tipo: asset, liability, equity, income, expense +- Conciliable (reconcile) + +### account.journal (Diarios) +- Tipos: sale, purchase, bank, cash, general +- Secuencias de numeración + +### account.payment (Pagos) +- Pagos de clientes/proveedores +- Métodos de pago +- Conciliación con facturas + +## Patrones Destacables + +1. **Contabilidad de doble entrada** + - Cada transacción genera asiento con débito = crédito + - Validación automática de balance + +2. **Conciliación bancaria** + - Matching de pagos con extractos + - Sugerencias automáticas + +3. **Multi-moneda** + - Tasas de cambio automáticas + - Ganancias/pérdidas cambiarias + +## Mapeo a MGN-004 + +- RF-FIN-001: Plan de cuentas +- RF-FIN-002: Asientos contables +- RF-FIN-003: Facturas cliente/proveedor +- RF-FIN-004: Pagos y conciliación +- RF-FIN-005: Reportes financieros (Balance, P&L) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Esencial para cualquier ERP + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-analytic-analysis.md b/docs/01-analisis-referencias/odoo/odoo-analytic-analysis.md new file mode 100644 index 0000000..ca9cae4 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-analytic-analysis.md @@ -0,0 +1,104 @@ +# Análisis del Módulo Analytic de Odoo + +**Módulo:** analytic +**Prioridad:** P0 +**Mapeo MGN:** MGN-008 (Contabilidad Analítica) + +## Descripción + +Módulo CRÍTICO para ERPs multi-proyecto. Permite tracking de costos/ingresos por: +- Proyectos +- Departamentos +- Centros de costo +- Clientes +- Campañas + +## Modelos Principales + +### account.analytic.account (Cuentas Analíticas) +- Nombre del proyecto/centro de costo +- Plan de cuentas analítico +- Balance de costos/ingresos + +### account.analytic.line (Líneas Analíticas) +- Registro de costo o ingreso +- Vinculado a cuenta analítica +- Integrado en: compras, ventas, inventario, nómina, gastos + +## Patrón Universal + +**TODOS los módulos transaccionales registran en analytic:** + +```python +# En purchase.order.line +analytic_account_id = fields.Many2one('account.analytic.account') + +# En sale.order.line +analytic_account_id = fields.Many2one('account.analytic.account') + +# En account.move.line (facturas) +analytic_account_id = fields.Many2one('account.analytic.account') + +# En hr_timesheet (horas trabajadas) +analytic_account_id = fields.Many2one('account.analytic.account') +``` + +**Resultado:** Reportes consolidados de costos/ingresos por proyecto + +## Ejemplo de Uso + +``` +Proyecto: "Construcción Torre A" +analytic_account_id = 101 + +Compras de materiales: $500,000 → analytic_account_id = 101 +Ventas de departamentos: $2,000,000 → analytic_account_id = 101 +Nómina de empleados: $300,000 → analytic_account_id = 101 + +Balance Analítico: +Ingresos: $2,000,000 +Costos: $800,000 +Margen: $1,200,000 (60%) +``` + +## Mapeo a MGN-008 + +- RF-ANA-001: Gestión de cuentas analíticas +- RF-ANA-002: Registro de líneas analíticas +- RF-ANA-003: Reportes por proyecto/centro de costo +- RF-ANA-004: Integración con módulos transaccionales + +## Implementación Recomendada MGN-008 + +```sql +-- Schema analytics +CREATE TABLE analytics.accounts ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + code VARCHAR(20) NOT NULL, + name VARCHAR(200) NOT NULL, + type VARCHAR(50), -- project, department, cost_center, customer + parent_id INT REFERENCES analytics.accounts(id), + active BOOLEAN DEFAULT TRUE +); + +CREATE TABLE analytics.lines ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + account_id INT NOT NULL REFERENCES analytics.accounts(id), + date DATE NOT NULL, + description TEXT, + amount DECIMAL(15,2) NOT NULL, + currency_id INT, + source_module VARCHAR(50), -- 'purchase', 'sale', 'payroll', 'expenses' + source_id INT, -- ID del registro fuente + created_at TIMESTAMPTZ DEFAULT NOW() +); +``` + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - ESENCIAL para ERP Construcción/Proyectos + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-auth-analysis.md b/docs/01-analisis-referencias/odoo/odoo-auth-analysis.md new file mode 100644 index 0000000..0de95b2 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-auth-analysis.md @@ -0,0 +1,534 @@ +# Análisis del Módulo auth_signup de Odoo + +**Módulo:** auth_signup +**Versión Odoo:** 18.0 Community +**Prioridad:** P0 (Crítico) +**Mapeo MGN:** MGN-001 (Fundamentos - Autenticación) + +--- + +## Descripción + +Módulo que extiende `base` para agregar funcionalidades de: +- Registro de usuarios (signup) +- Reseteo de contraseña +- Invitación de usuarios +- Tokens de verificación + +--- + +## Modelos Extendidos + +### res.users (extensión) + +**Campos añadidos:** +```python +signup_token = fields.Char(copy=False) # Token único para signup +signup_type = fields.Selection([ + ('signup', 'Signup'), + ('reset', 'Reset Password') +]) +signup_expiration = fields.Datetime() +signup_valid = fields.Boolean(compute='_compute_signup_valid') +``` + +**Métodos clave:** +```python +def signup(self, values, token=None): + """ Proceso de registro de usuario """ + # 1. Validar token + # 2. Crear usuario + # 3. Invalidar token + # 4. Enviar email de bienvenida + +def reset_password(self, login): + """ Generar token para reset de password """ + # 1. Buscar usuario por email + # 2. Generar token único + # 3. Configurar expiración (24h) + # 4. Enviar email con link + +def change_password(self, old_passwd, new_passwd): + """ Cambio de contraseña """ + # 1. Validar contraseña actual + # 2. Validar nueva contraseña (complejidad) + # 3. Actualizar hash + # 4. Invalidar sesiones activas +``` + +--- + +## Lógica de Negocio Destacable + +### 1. Generación de Tokens Seguros + +```python +def _generate_signup_token(self): + """ Generar token aleatorio único """ + return secrets.token_urlsafe(32) # 32 bytes = 256 bits +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +```typescript +// Node.js equivalent +import crypto from 'crypto'; + +function generateToken(): string { + return crypto.randomBytes(32).toString('base64url'); +} +``` + +### 2. Expiración de Tokens + +```python +@api.depends('signup_token', 'signup_expiration') +def _compute_signup_valid(self): + for user in self: + if user.signup_token and user.signup_expiration: + user.signup_valid = datetime.now() <= user.signup_expiration + else: + user.signup_valid = False +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Tokens expiran en 24-48 horas +- Validación automática antes de usar + +### 3. Proceso de Signup + +```python +def signup(self, values, token=None): + # Validar token + if token: + user = self.search([('signup_token', '=', token), ('signup_valid', '=', True)]) + if not user: + raise SignupError('Invalid token') + + # Crear usuario + user = self.create({ + 'login': values['email'], + 'password': values['password'], + 'name': values['name'], + 'groups_id': [(6, 0, [self.env.ref('base.group_user').id])] + }) + + # Invalidar token + if token: + user.signup_token = False + + # Enviar email bienvenida + user._send_welcome_email() + + return user +``` + +--- + +## Flujos de Usuario + +### Flujo 1: Registro de Usuario (Signup) + +``` +1. Usuario visita /signup +2. Completa formulario (nombre, email, password) +3. POST /web/signup +4. Backend: + a. Valida datos (email único, password fuerte) + b. Crea usuario con estado "pendiente" o "activo" + c. Envía email de verificación (opcional) +5. Usuario recibe email +6. Click en link de verificación +7. GET /web/signup/verify?token=XXX +8. Backend activa usuario +9. Redirect a /login +``` + +### Flujo 2: Reset de Contraseña + +``` +1. Usuario visita /reset +2. Ingresa email +3. POST /web/reset_password +4. Backend: + a. Busca usuario por email + b. Genera token único + c. Configura expiración (24h) + d. Envía email con link +5. Usuario recibe email +6. Click en link +7. GET /web/reset_password?token=XXX +8. Muestra formulario de nueva contraseña +9. POST /web/reset_password/confirm +10. Backend: + a. Valida token + b. Actualiza password + c. Invalida token +11. Redirect a /login +``` + +--- + +## Validaciones + +### 1. Complejidad de Contraseña + +Odoo no implementa validación de complejidad por defecto, pero es buena práctica. + +**Recomendación MGN-001:** +```typescript +// Validación de password fuerte +const passwordSchema = z.string() + .min(8, 'Mínimo 8 caracteres') + .regex(/[A-Z]/, 'Debe contener mayúscula') + .regex(/[a-z]/, 'Debe contener minúscula') + .regex(/[0-9]/, 'Debe contener número') + .regex(/[^A-Za-z0-9]/, 'Debe contener carácter especial'); +``` + +### 2. Email Único + +```python +_sql_constraints = [ + ('login_unique', 'UNIQUE (login)', 'Email already exists') +] +``` + +### 3. Token Válido + +```python +if not user.signup_valid: + raise AccessDenied('Token expired or invalid') +``` + +--- + +## Seguridad + +### 1. Protección contra Timing Attacks + +```python +# Odoo NO implementa esto, pero debería +import secrets + +def verify_token(token_from_user, token_in_db): + # secrets.compare_digest es resistente a timing attacks + return secrets.compare_digest(token_from_user, token_in_db) +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +```typescript +import { timingSafeEqual } from 'crypto'; + +function verifyToken(tokenFromUser: string, tokenInDB: string): boolean { + const bufA = Buffer.from(tokenFromUser); + const bufB = Buffer.from(tokenInDB); + if (bufA.length !== bufB.length) return false; + return timingSafeEqual(bufA, bufB); +} +``` + +### 2. Rate Limiting + +Odoo NO implementa rate limiting para signup/reset. + +**Recomendación MGN-001:** +```typescript +// Usar express-rate-limit +import rateLimit from 'express-rate-limit'; + +const signupLimiter = rateLimit({ + windowMs: 15 * 60 * 1000, // 15 minutos + max: 5, // 5 intentos por IP + message: 'Demasiados intentos, intente más tarde' +}); + +app.post('/api/v1/auth/signup', signupLimiter, signupController); +``` + +### 3. CAPTCHA + +Odoo soporta reCAPTCHA (opcional). + +**Recomendación MGN-001:** Implementar Google reCAPTCHA v3 + +--- + +## Emails Transaccionales + +### 1. Email de Verificación + +```html + +

Hola ${object.name},

+

Gracias por registrarte en ${object.company_id.name}.

+

Para completar tu registro, haz click en el siguiente enlace:

+Verificar mi cuenta +

Este enlace expira en 24 horas.

+``` + +### 2. Email de Reset de Contraseña + +```html +

Hola ${object.name},

+

Has solicitado restablecer tu contraseña.

+

Haz click en el siguiente enlace para crear una nueva contraseña:

+Restablecer contraseña +

Si no solicitaste este cambio, ignora este email.

+

Este enlace expira en 24 horas.

+``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Usar servicio de emails transaccionales (SendGrid, AWS SES) +- Templates con Handlebars o React Email + +--- + +## Mapeo a MGN-001 + +### Requerimientos Funcionales + +**RF-AUTH-005: Registro de usuarios** +- Endpoint: `POST /api/v1/auth/signup` +- Validaciones: email único, password fuerte +- Email de verificación opcional +- Activación automática o manual + +**RF-AUTH-006: Reset de contraseña** +- Endpoint: `POST /api/v1/auth/reset-password` +- Generación de token seguro +- Expiración 24 horas +- Email con link de reset + +**RF-AUTH-007: Cambio de contraseña** +- Endpoint: `PUT /api/v1/auth/change-password` +- Requiere autenticación +- Validar contraseña actual +- Validar nueva contraseña + +**RF-AUTH-008: Verificación de email** +- Endpoint: `GET /api/v1/auth/verify?token=XXX` +- Validar token +- Activar usuario +- Invalidar token + +### Especificaciones Técnicas + +**ET-AUTH-005-backend: API de Registro** +```typescript +// POST /api/v1/auth/signup +interface SignupRequest { + name: string; + email: string; + password: string; + recaptchaToken?: string; +} + +interface SignupResponse { + message: string; + requiresVerification: boolean; +} + +async function signup(req: SignupRequest): Promise { + // 1. Validar reCAPTCHA + // 2. Validar datos (Zod schema) + // 3. Verificar email único + // 4. Hash password (bcrypt) + // 5. Crear usuario + // 6. Generar token de verificación + // 7. Enviar email + // 8. Return response +} +``` + +**ET-AUTH-006-backend: API de Reset Password** +```typescript +// POST /api/v1/auth/reset-password +interface ResetPasswordRequest { + email: string; +} + +interface ResetPasswordResponse { + message: string; +} + +async function resetPassword(req: ResetPasswordRequest): Promise { + // 1. Buscar usuario por email + // 2. Generar token (crypto.randomBytes) + // 3. Guardar token + expiration (24h) + // 4. Enviar email con link + // 5. Return response genérico (no revelar si email existe) +} +``` + +--- + +## Implementación Recomendada + +### Tabla auth.password_reset_tokens + +```sql +CREATE TABLE auth.password_reset_tokens ( + id SERIAL PRIMARY KEY, + user_id INT NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + token VARCHAR(100) NOT NULL UNIQUE, + expires_at TIMESTAMPTZ NOT NULL, + used BOOLEAN DEFAULT FALSE, + created_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX idx_password_reset_tokens_token ON auth.password_reset_tokens(token) +WHERE used = FALSE AND expires_at > NOW(); +``` + +### Tabla auth.email_verifications + +```sql +CREATE TABLE auth.email_verifications ( + id SERIAL PRIMARY KEY, + user_id INT NOT NULL REFERENCES auth.users(id) ON DELETE CASCADE, + token VARCHAR(100) NOT NULL UNIQUE, + expires_at TIMESTAMPTZ NOT NULL, + verified BOOLEAN DEFAULT FALSE, + created_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX idx_email_verifications_token ON auth.email_verifications(token) +WHERE verified = FALSE AND expires_at > NOW(); +``` + +--- + +## Recomendaciones de Implementación + +### 1. Proceso de Signup + +**Con verificación de email (recomendado):** +```typescript +// 1. Usuario se registra +await createUser({ + email, + password, + name, + email_verified: false, + active: false // Inactivo hasta verificar +}); + +// 2. Generar token +const token = crypto.randomBytes(32).toString('base64url'); +await createEmailVerification({ + user_id, + token, + expires_at: new Date(Date.now() + 24 * 60 * 60 * 1000) // 24h +}); + +// 3. Enviar email +await sendEmail({ + to: email, + subject: 'Verifica tu cuenta', + template: 'email-verification', + data: { + name, + verificationUrl: `${APP_URL}/auth/verify?token=${token}` + } +}); +``` + +**Sin verificación de email (menos seguro):** +```typescript +// Usuario activo inmediatamente +await createUser({ + email, + password, + name, + email_verified: false, + active: true // Activo de inmediato +}); +``` + +### 2. Proceso de Reset Password + +```typescript +// 1. Usuario solicita reset +const user = await findUserByEmail(email); +if (!user) { + // NO revelar que el email no existe (seguridad) + return { message: 'Si el email existe, recibirás instrucciones' }; +} + +// 2. Generar token +const token = crypto.randomBytes(32).toString('base64url'); +await createPasswordResetToken({ + user_id: user.id, + token, + expires_at: new Date(Date.now() + 24 * 60 * 60 * 1000) +}); + +// 3. Enviar email +await sendEmail({ + to: email, + subject: 'Restablece tu contraseña', + template: 'password-reset', + data: { + name: user.name, + resetUrl: `${APP_URL}/auth/reset?token=${token}` + } +}); + +return { message: 'Si el email existe, recibirás instrucciones' }; +``` + +### 3. Validación de Token + +```typescript +async function verifyEmailToken(token: string): Promise { + const verification = await findEmailVerification(token); + + if (!verification) { + throw new Error('Token inválido'); + } + + if (verification.verified) { + throw new Error('Token ya utilizado'); + } + + if (verification.expires_at < new Date()) { + throw new Error('Token expirado'); + } + + // Activar usuario + await updateUser(verification.user_id, { + email_verified: true, + active: true + }); + + // Marcar token como usado + await markVerificationAsUsed(verification.id); +} +``` + +--- + +## Conclusión + +El módulo `auth_signup` de Odoo proporciona funcionalidades esenciales de autenticación que deben implementarse en MGN-001. + +**Funcionalidades clave a implementar:** +1. Registro de usuarios con validación +2. Verificación de email (token seguro) +3. Reset de contraseña (token con expiración) +4. Cambio de contraseña (autenticado) + +**Mejoras vs Odoo:** +1. Validación de complejidad de contraseña +2. Rate limiting en endpoints sensibles +3. reCAPTCHA en signup/reset +4. Timing-safe token comparison +5. JWT en lugar de sesiones + +**Nivel de reutilización:** 85% de patrones aplicables + +--- + +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-base-analysis.md b/docs/01-analisis-referencias/odoo/odoo-base-analysis.md new file mode 100644 index 0000000..e66beac --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-base-analysis.md @@ -0,0 +1,751 @@ +# Análisis del Módulo Base de Odoo + +**Módulo:** base +**Versión Odoo:** 18.0 Community +**Prioridad:** P0 (Crítico) +**Mapeo MGN:** MGN-001 (Fundamentos), MGN-002 (Empresas), MGN-003 (Catálogos) + +--- + +## Descripción del Módulo + +El módulo `base` de Odoo es el **módulo fundacional** que todos los demás módulos requieren. Proporciona: +- Sistema de usuarios y autenticación +- Gestión de empresas (multi-company) +- Catálogos maestros (países, monedas, UdM) +- Sistema de partners (clientes, proveedores, empleados, etc.) +- Gestión de permisos (grupos, reglas de acceso) +- Infraestructura base del ORM + +Es el equivalente al "core" de un ERP. + +--- + +## Modelos de Datos Principales + +### 1. res.users (Usuarios) + +**Tabla:** `res_users` + +**Campos clave:** +```python +login = fields.Char(required=True) # Email/username +password = fields.Char() # Hash bcrypt +partner_id = fields.Many2one('res.partner') # Vinculado a partner +company_id = fields.Many2one('res.company') # Empresa principal +company_ids = fields.Many2many('res.company') # Empresas permitidas +groups_id = fields.Many2many('res.groups') # Grupos de permisos +active = fields.Boolean(default=True) # Usuario activo/inactivo +share = fields.Boolean() # Usuario portal (limitado) +``` + +**Relaciones:** +- `1:1` con `res.partner` (cada usuario es un partner) +- `N:M` con `res.groups` (un usuario tiene múltiples grupos) +- `N:1` con `res.company` (empresa principal) +- `N:M` con `res.company` (empresas permitidas) + +**Funciones destacables:** +- `authenticate()` - Autenticación de usuario +- `check_credentials()` - Validación de password +- `change_password()` - Cambio de contraseña +- `has_group()` - Verificar si usuario pertenece a grupo + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Replicar estructura en `auth.users` +- Añadir `tenant_id` para multi-tenancy +- JWT en lugar de sesiones Odoo + +--- + +### 2. res.groups (Grupos de Permisos) + +**Tabla:** `res_groups` + +**Campos clave:** +```python +name = fields.Char(required=True, translate=True) +category_id = fields.Many2one('ir.module.category') # Categoría del grupo +implied_ids = fields.Many2many('res.groups') # Grupos heredados +users = fields.Many2many('res.users') # Usuarios del grupo +model_access = fields.One2many('ir.model.access') # Permisos de modelos +rule_groups = fields.Many2many('ir.rule') # Record rules +``` + +**Patrón de herencia de grupos:** +``` +Grupo "User: All Documents" + ↓ implica +Grupo "User: Own Documents Only" +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Sistema RBAC basado en grupos +- Grupos jerárquicos con herencia +- Implementar en `auth.roles` + `auth.role_hierarchy` + +--- + +### 3. ir.model.access (Permisos de Modelo) + +**Tabla:** `ir_model_access` + +**Campos clave:** +```python +name = fields.Char(required=True) +model_id = fields.Many2one('ir.model', required=True) # Modelo protegido +group_id = fields.Many2one('res.groups') # Grupo (null = todos) +perm_read = fields.Boolean(default=False) # Permiso READ +perm_write = fields.Boolean(default=False) # Permiso WRITE +perm_create = fields.Boolean(default=False) # Permiso CREATE +perm_unlink = fields.Boolean(default=False) # Permiso DELETE +``` + +**Ejemplo:** +```csv +# ir.model.access.csv +"access_sale_order_salesman","sale.order salesman","model_sale_order","sales_team.group_sale_salesman",1,1,1,0 +# Grupo 'salesman' puede READ, WRITE, CREATE pero NO DELETE sale.order +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Implementar en `auth.model_permissions` +- Permisos CRUD por modelo y rol +- Tabla: `role_id`, `resource`, `read`, `write`, `create`, `delete` + +--- + +### 4. ir.rule (Record Rules - RLS) + +**Tabla:** `ir_rule` + +**Campos clave:** +```python +name = fields.Char(required=True) +model_id = fields.Many2one('ir.model', required=True) +groups = fields.Many2many('res.groups') # Grupos aplicables +domain_force = fields.Text(required=True) # Dominio (filtro) +perm_read = fields.Boolean(default=True) +perm_write = fields.Boolean(default=True) +perm_create = fields.Boolean(default=True) +perm_unlink = fields.Boolean(default=True) +``` + +**Ejemplo:** +```python +# Record rule: "Sale Order: See own orders" +domain_force = [('user_id', '=', user.id)] +# Un vendedor solo ve sus propias órdenes de venta +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Implementar con PostgreSQL RLS (Row Level Security) +- Políticas por tenant, por usuario, por rol +- Ejemplo: `CREATE POLICY tenant_isolation ON sales.orders USING (tenant_id = current_setting('app.tenant_id')::int);` + +--- + +### 5. res.company (Empresas) + +**Tabla:** `res_company` + +**Campos clave:** +```python +name = fields.Char(required=True) +partner_id = fields.Many2one('res.partner') # Partner vinculado +currency_id = fields.Many2one('res.currency') # Moneda principal +logo = fields.Binary() +email = fields.Char() +phone = fields.Char() +parent_id = fields.Many2one('res.company') # Empresa padre (holdings) +child_ids = fields.One2many('res.company') # Subsidiarias +``` + +**Aplicabilidad MGN-002:** ⭐⭐⭐⭐⭐ +- Implementar en `core.companies` +- Soporte para holdings (parent_id) +- Vinculado a `tenant_id` en multi-tenancy + +--- + +### 6. res.partner (Partners - Contactos Universales) + +**Tabla:** `res_partner` + +**Campos clave:** +```python +name = fields.Char(required=True) +email = fields.Char() +phone = fields.Char() +mobile = fields.Char() +street = fields.Char() +city = fields.Char() +state_id = fields.Many2one('res.country.state') +country_id = fields.Many2one('res.country') +zip = fields.Char() +vat = fields.Char() # Tax ID / RFC +is_company = fields.Boolean() # ¿Es empresa o persona? +customer_rank = fields.Integer() # ¿Es cliente? +supplier_rank = fields.Integer() # ¿Es proveedor? +employee = fields.Boolean() # ¿Es empleado? +user_id = fields.Many2one('res.users') # Usuario vinculado +parent_id = fields.Many2one('res.partner') # Empresa padre +child_ids = fields.One2many('res.partner') # Contactos hijos +``` + +**Patrón Universal de Partner:** +Odoo usa `res.partner` para: +- Clientes +- Proveedores +- Empleados +- Empresas +- Contactos de empresas +- Direcciones de entrega + +**Aplicabilidad MGN-003:** ⭐⭐⭐⭐ +- Considerar tabla universal `core.partners` o separar en `customers`, `vendors`, `contacts` +- Ventaja Odoo: un solo modelo reduce duplicación +- Desventaja: tabla grande, queries complejas +- **Recomendación:** Adoptar patrón Odoo pero con vistas SQL por tipo + +--- + +### 7. res.currency (Monedas) + +**Tabla:** `res_currency` + +**Campos clave:** +```python +name = fields.Char(required=True) # Código ISO (USD, MXN, EUR) +symbol = fields.Char(required=True) # $, €, £ +rate = fields.Float(digits=(12, 6)) # Tasa de cambio +rounding = fields.Float(digits=(12, 6)) # Redondeo (0.01) +active = fields.Boolean(default=True) +``` + +**Aplicabilidad MGN-003:** ⭐⭐⭐⭐⭐ +- Catálogo maestro esencial +- Implementar en `core.currencies` +- Tabla de tasas de cambio históricas: `core.currency_rates` + +--- + +### 8. res.country (Países) + +**Tabla:** `res_country` + +**Campos clave:** +```python +name = fields.Char(required=True, translate=True) +code = fields.Char(required=True, size=2) # ISO 3166-1 alpha-2 +phone_code = fields.Integer() # Código telefónico +currency_id = fields.Many2one('res.currency') +state_ids = fields.One2many('res.country.state') # Estados/provincias +``` + +**Aplicabilidad MGN-003:** ⭐⭐⭐⭐⭐ +- Catálogo maestro +- Incluir en `core.countries` +- Seed data con países ISO + +--- + +### 9. uom.uom (Unidades de Medida) + +**Tabla:** `uom_uom` + +**Campos clave:** +```python +name = fields.Char(required=True) +category_id = fields.Many2one('uom.category') # Categoría (Length, Weight, Time) +factor = fields.Float(required=True) # Factor de conversión +uom_type = fields.Selection([ + ('bigger', 'Bigger than reference'), + ('reference', 'Reference Unit'), + ('smaller', 'Smaller than reference') +]) +rounding = fields.Float(default=0.01) +``` + +**Ejemplo de conversión:** +``` +Categoría: Weight +- kg (reference, factor=1.0) +- ton (bigger, factor=1000.0) # 1 ton = 1000 kg +- g (smaller, factor=0.001) # 1 g = 0.001 kg +``` + +**Aplicabilidad MGN-003:** ⭐⭐⭐⭐⭐ +- Esencial para inventario y compras +- Implementar en `core.units_of_measure` + `core.uom_categories` + +--- + +## Lógica de Negocio Destacable + +### 1. Sistema de Autenticación + +**Archivo:** `odoo/addons/base/models/res_users.py` + +```python +def _check_credentials(self, password, user_agent_env): + """ Check password and raise if invalid """ + assert password + self.env.cr.execute( + "SELECT COALESCE(password, '') FROM res_users WHERE id=%s", + [self.env.uid] + ) + [hashed] = self.env.cr.fetchone() + valid, replacement = self._crypt_context().verify_and_update(password, hashed) + if replacement is not None: + self._set_encrypted_password(self.env.uid, replacement) + if not valid: + raise AccessDenied() +``` + +**Patrones observados:** +- Hash de password con bcrypt +- Verificación segura con `verify_and_update` +- Actualización automática de hash si algoritmo cambió + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Usar bcrypt en Node.js +- JWT para tokens en lugar de sesiones +- Refresh tokens + +--- + +### 2. Multi-Company Access Control + +**Archivo:** `odoo/addons/base/models/res_users.py` + +```python +@api.depends('groups_id') +def _compute_share(self): + for user in self: + user.share = not any(group.category_id.xml_id == 'base.module_category_user_type' + for group in user.groups_id) + +def _get_company(self): + return self.env.company + +company_id = fields.Many2one('res.company', default=_get_company, required=True) +company_ids = fields.Many2many('res.company', compute='_compute_company_ids', store=True) +``` + +**Patrones observados:** +- Usuario tiene una empresa principal (`company_id`) +- Usuario puede acceder a múltiples empresas (`company_ids`) +- Record rules filtran registros por `company_id` + +**Aplicabilidad MGN-002:** ⭐⭐⭐⭐ +- En multi-tenancy schema-based: cada tenant = 1 schema +- Dentro de un tenant, soporte multi-company con `company_id` +- RLS policies filtran por tenant y company + +--- + +### 3. Sistema de Permisos en Cascada + +**Lógica:** +1. Se evalúan `ir.model.access` (permisos de modelo por grupo) +2. Si el usuario tiene permiso de modelo, se evalúan `ir.rule` (record rules) +3. Las record rules se combinan con OR entre grupos del usuario +4. Si no hay record rules, el usuario ve todos los registros (si tiene permiso de modelo) + +**Ejemplo:** +```python +# Usuario pertenece a grupos: 'Sales User', 'Project Manager' + +# ir.model.access +# 'Sales User' → puede READ sale.order +# 'Project Manager' → puede READ sale.order + +# ir.rule (Sales User) +domain = [('user_id', '=', user.id)] # Solo sus propias órdenes + +# ir.rule (Project Manager) +domain = [('project_id.user_id', '=', user.id)] # Órdenes de sus proyectos + +# Resultado: El usuario ve registros que cumplen: +# (user_id = X) OR (project_id.user_id = X) +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐⭐ +- Implementar con PostgreSQL RLS +- Múltiples policies se combinan con OR +- Granularidad: modelo → record → field + +--- + +## Patrones Arquitectónicos Observados + +### 1. Partner como Entidad Universal + +**Patrón:** +``` +res.partner (Tabla universal para contactos) + ↓ +Usado por: +- res.users (usuario es un partner) +- sale.order (customer_id → res.partner) +- purchase.order (vendor_id → res.partner) +- hr.employee (employee_id → res.partner) +- res.company (company es un partner) +``` + +**Ventajas:** +- Un solo lugar para datos de contacto +- Evita duplicación de direcciones, emails, teléfonos +- Fácil vincular cualquier módulo a partners + +**Desventajas:** +- Tabla muy grande +- Queries complejas (filtrar por `customer_rank`, `supplier_rank`, etc.) + +**Recomendación MGN-003:** Adoptar con vistas SQL +```sql +CREATE VIEW customers AS SELECT * FROM core.partners WHERE customer_rank > 0; +CREATE VIEW vendors AS SELECT * FROM core.partners WHERE supplier_rank > 0; +``` + +--- + +### 2. Herencia de Grupos + +**Patrón:** +```python +groups_id = fields.Many2many('res.groups') +implied_ids = fields.Many2many('res.groups') # Grupos heredados + +# Grupo "Sales Manager" implica "Sales User" +# Si asignas "Sales Manager" a un usuario, automáticamente tiene "Sales User" +``` + +**Aplicabilidad MGN-001:** ⭐⭐⭐⭐ +- Implementar tabla `auth.role_hierarchy` +- Consultas recursivas para obtener roles heredados + +--- + +### 3. Soft Delete (archive) + +**Patrón:** +```python +active = fields.Boolean(default=True) + +def toggle_active(self): + for record in self: + record.active = not record.active +``` + +- En lugar de DELETE, se hace `UPDATE active = false` +- Permite recuperar registros borrados +- Queries por defecto filtran `active = true` + +**Aplicabilidad MGN (todos):** ⭐⭐⭐⭐⭐ +- Implementar campo `active` en todas las tablas +- Soft delete en lugar de hard delete + +--- + +## APIs y Endpoints Estándar + +Odoo usa **XML-RPC** y **JSON-RPC** para APIs. No es RESTful puro. + +**Endpoints típicos:** +``` +/web/session/authenticate # Login +/web/dataset/call_kw # Llamar métodos de modelos +/web/dataset/search_read # Búsqueda + lectura +``` + +**Métodos estándar de modelo:** +- `create(vals)` - Crear registro +- `write(vals)` - Actualizar registro +- `unlink()` - Eliminar registro +- `read(fields)` - Leer campos +- `search(domain)` - Buscar registros +- `search_read(domain, fields)` - Buscar + leer + +**Aplicabilidad MGN:** ❌ No copiar +- ERP Genérico usará REST APIs (ADR-008) +- Endpoints estándar: `GET /api/v1/users`, `POST /api/v1/users`, etc. + +--- + +## Integraciones con Otros Módulos + +**base** es requerido por TODOS los módulos Odoo. + +**Dependencias inversas (quién usa base):** +- `sale` usa `res.partner` (clientes) +- `purchase` usa `res.partner` (proveedores) +- `account` usa `res.currency`, `res.company` +- `hr` usa `res.partner` (empleados) +- `stock` usa `uom.uom` (unidades de medida) +- `project` usa `res.users` (asignación de tareas) + +--- + +## Funcionalidades Relevantes para ERP Genérico + +### Funcionalidades P0 (Críticas) + +1. **Autenticación de usuarios** + - Login con email/password + - Hash bcrypt + - Sesiones/tokens + +2. **Gestión de usuarios** + - Crear, editar, desactivar usuarios + - Reseteo de contraseña + - Perfil de usuario vinculado a partner + +3. **Sistema RBAC (Roles & Permissions)** + - Grupos de permisos + - Herencia de grupos + - Permisos CRUD por modelo + - Record rules (RLS) + +4. **Multi-company** + - Gestión de múltiples empresas + - Usuarios con acceso a múltiples empresas + - Cambio de empresa en contexto + +5. **Catálogos maestros** + - Países y estados + - Monedas y tasas de cambio + - Unidades de medida + - Partners (clientes, proveedores, contactos) + +### Funcionalidades P1 (Importantes) + +6. **Portal de usuarios externos** + - Usuarios tipo "portal" (share=True) + - Acceso limitado + - Vistas específicas + +7. **Gestión de direcciones** + - Direcciones de facturación/entrega + - Vinculadas a partners + +8. **Configuración de empresa** + - Logo, datos fiscales + - Moneda principal + - Parámetros del sistema + +### Funcionalidades P2 (Opcionales) + +9. **Multi-idioma** + - Traducciones de catálogos + - UI multiidioma + +10. **Gestión de bancos** + - Cuentas bancarias de empresa + - Cuentas bancarias de partners + +--- + +## Mapeo a Módulos MGN + +### MGN-001: Fundamentos + +**De base:** +- `res.users` → `auth.users` +- `res.groups` → `auth.roles` +- `ir.model.access` → `auth.model_permissions` +- `ir.rule` → PostgreSQL RLS policies + +**Funcionalidades:** +- RF-AUTH-001: Autenticación JWT +- RF-AUTH-002: Gestión de usuarios +- RF-AUTH-003: Sistema RBAC +- RF-AUTH-004: Multi-tenancy + +### MGN-002: Empresas y Organizaciones + +**De base:** +- `res.company` → `core.companies` + +**Funcionalidades:** +- RF-COMP-001: Gestión de empresas +- RF-COMP-002: Multi-company +- RF-COMP-003: Configuración de empresa + +### MGN-003: Catálogos Maestros + +**De base:** +- `res.partner` → `core.partners` +- `res.currency` → `core.currencies` +- `res.country` → `core.countries` +- `res.country.state` → `core.states` +- `uom.uom` → `core.units_of_measure` +- `uom.category` → `core.uom_categories` + +**Funcionalidades:** +- RF-CAT-001: Gestión de partners (clientes, proveedores, contactos) +- RF-CAT-002: Catálogo de monedas y tasas +- RF-CAT-003: Catálogo de países y estados +- RF-CAT-004: Catálogo de unidades de medida + +--- + +## Recomendaciones de Implementación + +### 1. Sistema de Autenticación + +**Odoo usa:** Sesiones con cookies + +**ERP Genérico debe usar:** JWT (ADR-001) +```typescript +// Login endpoint +POST /api/v1/auth/login +Request: { email, password } +Response: { + accessToken: "jwt...", + refreshToken: "jwt...", + user: { id, email, name, roles } +} +``` + +### 2. Sistema RBAC + +**Implementación sugerida:** + +**Tablas:** +```sql +-- auth.roles (equivalente a res.groups) +CREATE TABLE auth.roles ( + id SERIAL PRIMARY KEY, + name VARCHAR(100) NOT NULL, + description TEXT, + category VARCHAR(50), + parent_role_id INT REFERENCES auth.roles(id), + created_at TIMESTAMPTZ DEFAULT NOW() +); + +-- auth.user_roles (N:M) +CREATE TABLE auth.user_roles ( + user_id INT REFERENCES auth.users(id), + role_id INT REFERENCES auth.roles(id), + PRIMARY KEY (user_id, role_id) +); + +-- auth.model_permissions (equivalente a ir.model.access) +CREATE TABLE auth.model_permissions ( + id SERIAL PRIMARY KEY, + role_id INT REFERENCES auth.roles(id), + resource VARCHAR(100) NOT NULL, -- 'users', 'products', 'orders', etc. + can_read BOOLEAN DEFAULT FALSE, + can_write BOOLEAN DEFAULT FALSE, + can_create BOOLEAN DEFAULT FALSE, + can_delete BOOLEAN DEFAULT FALSE, + UNIQUE (role_id, resource) +); +``` + +**RLS (Row Level Security):** +```sql +-- Política de aislamiento por tenant +CREATE POLICY tenant_isolation ON auth.users +USING (tenant_id = current_setting('app.tenant_id')::int); + +-- Política: usuarios solo ven su propio registro +CREATE POLICY own_user_only ON auth.users +FOR SELECT +USING (id = current_setting('app.user_id')::int); +``` + +### 3. Catálogos Maestros + +**Implementación sugerida:** + +```typescript +// Seed data de países (ISO 3166-1) +// Importar desde https://restcountries.com/ +const countries = [ + { code: 'MX', name: 'México', phone_code: 52, currency_code: 'MXN' }, + { code: 'US', name: 'United States', phone_code: 1, currency_code: 'USD' }, + // ... +]; + +// Seed data de monedas (ISO 4217) +const currencies = [ + { code: 'MXN', name: 'Peso Mexicano', symbol: '$', decimals: 2 }, + { code: 'USD', name: 'US Dollar', symbol: '$', decimals: 2 }, + { code: 'EUR', name: 'Euro', symbol: '€', decimals: 2 }, + // ... +]; +``` + +### 4. Partners (Patrón Universal) + +**Opción 1:** Tabla única (patrón Odoo) +```sql +CREATE TABLE core.partners ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + name VARCHAR(200) NOT NULL, + email VARCHAR(100), + phone VARCHAR(20), + is_customer BOOLEAN DEFAULT FALSE, + is_vendor BOOLEAN DEFAULT FALSE, + is_employee BOOLEAN DEFAULT FALSE, + is_company BOOLEAN DEFAULT FALSE, + parent_id INT REFERENCES core.partners(id), + -- ... más campos +); + +CREATE VIEW customers AS +SELECT * FROM core.partners WHERE is_customer = TRUE; + +CREATE VIEW vendors AS +SELECT * FROM core.partners WHERE is_vendor = TRUE; +``` + +**Opción 2:** Tablas separadas +```sql +CREATE TABLE core.partners ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + name VARCHAR(200) NOT NULL, + -- ... campos comunes +); + +CREATE TABLE sales.customers ( + id INT PRIMARY KEY REFERENCES core.partners(id), + -- campos específicos de clientes +); + +CREATE TABLE purchase.vendors ( + id INT PRIMARY KEY REFERENCES core.partners(id), + -- campos específicos de proveedores +); +``` + +**Recomendación:** Opción 1 (patrón Odoo) por simplicidad + +--- + +## Conclusión + +El módulo `base` de Odoo es una referencia excelente para: +- Sistema de autenticación robusto +- RBAC granular con herencia de roles +- Multi-company bien implementado +- Catálogos maestros completos +- Patrón de partner universal + +**Prioridad de implementación en MGN:** +1. MGN-001 (Fundamentos): Sistema auth, usuarios, RBAC +2. MGN-003 (Catálogos): Monedas, países, UoM, partners +3. MGN-002 (Empresas): Multi-company, configuración + +**Nivel de reutilización:** 90% de los patrones son aplicables + +--- + +**Fecha:** 2025-11-23 +**Analista:** Architecture-Analyst +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-crm-analysis.md b/docs/01-analisis-referencias/odoo/odoo-crm-analysis.md new file mode 100644 index 0000000..f597122 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-crm-analysis.md @@ -0,0 +1,67 @@ +# Análisis del Módulo CRM de Odoo + +**Módulo:** crm +**Prioridad:** P1 +**Mapeo MGN:** MGN-009 (CRM Básico) + +## Modelos Principales + +### crm.lead (Leads/Oportunidades) +- Prospecto de venta +- Pipeline (stages) +- Probabilidad de cierre +- Monto esperado +- Asignación a vendedores + +### crm.stage (Etapas del Pipeline) +- Nuevo → Calificado → Propuesta → Negociación → Ganado/Perdido +- Secuencia y colores +- Fold (etapas cerradas) + +### crm.team (Equipos de Ventas) +- Grupo de vendedores +- Metas de ventas +- Dashboard de rendimiento + +## Patrones Destacables + +### 1. Pipeline Kanban + +Vista Kanban drag-and-drop: +- Columnas = Stages +- Tarjetas = Leads +- Mover entre etapas actualiza probabilidad + +### 2. Lead Scoring + +```python +# Probabilidad automática basada en stage +stage_id = fields.Many2one('crm.stage') +probability = fields.Float(related='stage_id.probability') +``` + +### 3. Conversión a Cotización + +```python +def action_new_quotation(self): + # Lead → sale.order + return self.env['sale.order'].create({ + 'partner_id': self.partner_id.id, + 'opportunity_id': self.id + }) +``` + +## Mapeo a MGN-009 + +- RF-CRM-001: Gestión de leads +- RF-CRM-002: Pipeline de ventas (stages) +- RF-CRM-003: Actividades de seguimiento +- RF-CRM-004: Conversión a cotización +- RF-CRM-005: Reportes de rendimiento + +**Aplicabilidad:** ⭐⭐⭐⭐ - Importante para ventas B2B + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-hr-analysis.md b/docs/01-analisis-referencias/odoo/odoo-hr-analysis.md new file mode 100644 index 0000000..2919d54 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-hr-analysis.md @@ -0,0 +1,55 @@ +# Análisis del Módulo HR de Odoo + +**Módulo:** hr +**Prioridad:** P1 +**Mapeo MGN:** MGN-010 (RRHH Básico) + +## Modelos Principales + +### hr.employee (Empleados) +- Datos personales +- Puesto y departamento +- Manager/supervisor +- Vinculado a res.partner y res.users + +### hr.department (Departamentos) +- Estructura jerárquica +- Manager de departamento + +### hr.job (Puestos) +- Descripción de puesto +- Salario esperado +- Vacantes + +## Módulos Relacionados Relevantes + +### hr_contract (Contratos) +- Tipo de contrato +- Salario +- Fecha inicio/fin +- Renovaciones + +### hr_attendance (Asistencias) +- Check-in / Check-out +- Horas trabajadas +- Reportes de asistencia + +### hr_timesheet (Control de Horas) +- Horas por proyecto/tarea +- Integración con analytic accounts +- Facturación por horas + +## Mapeo a MGN-010 + +- RF-HR-001: Gestión de empleados +- RF-HR-002: Departamentos y puestos +- RF-HR-003: Contratos laborales +- RF-HR-004: Asistencias +- RF-HR-005: Control de horas (timesheet) + +**Aplicabilidad:** ⭐⭐⭐⭐ - Importante para empresas con personal propio + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-mail-analysis.md b/docs/01-analisis-referencias/odoo/odoo-mail-analysis.md new file mode 100644 index 0000000..0faa2fc --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-mail-analysis.md @@ -0,0 +1,273 @@ +# Análisis del Módulo Mail de Odoo + +**Módulo:** mail +**Prioridad:** P0 +**Mapeo MGN:** MGN-014 (Mensajería y Notificaciones) + +## Descripción + +Módulo transversal que proporciona: +- Sistema de mensajería interna +- Tracking de cambios (auditoría) +- Notificaciones +- Followers (seguidores de registros) +- Actividades programadas +- Chatter UI + +## Modelos Principales + +### mail.thread (Mixin) + +**Casi todos los modelos heredan de mail.thread:** +```python +class SaleOrder(models.Model): + _name = 'sale.order' + _inherit = ['mail.thread', 'mail.activity.mixin'] + + state = fields.Selection(tracking=True) # Cambios tracked + amount_total = fields.Monetary(tracking=True) +``` + +### mail.message (Mensajes) +- Mensajes en timeline (chatter) +- Tipos: notification, comment, email +- Adjuntos +- Followers notificados + +### mail.followers (Seguidores) +- Usuarios que siguen un registro +- Notificaciones automáticas +- Tipos de eventos suscritos + +### mail.activity (Actividades) +- Tareas pendientes vinculadas a registros +- Recordatorios +- Asignación a usuarios + +## Patrones Destacables + +### 1. Tracking Automático de Cambios + +```python +# Con tracking=True +state = fields.Selection([...], tracking=True) + +# Odoo automáticamente crea mensaje: +# "Estado cambió de 'Draft' a 'Confirmed' por John Doe" +``` + +### 2. Sistema de Notificaciones + +```python +# Notificar a followers +self.message_post( + body="Orden de venta confirmada", + subject="Orden #SO001", + message_type='notification' +) +# Todos los followers reciben notificación +``` + +### 3. Followers + +```python +# Agregar follower +self.message_subscribe(partner_ids=[partner.id]) + +# Los followers reciben: +# - Mensajes nuevos +# - Cambios en campos tracked +# - Notificaciones del registro +``` + +### 4. Actividades + +```python +# Crear actividad (recordatorio) +self.activity_schedule( + 'mail.mail_activity_data_call', + date_deadline=fields.Date.today() + timedelta(days=7), + summary='Llamar al cliente', + user_id=salesperson.id +) +``` + +## Mapeo a MGN-014 + +### Requerimientos Funcionales + +**RF-NOT-001: Sistema de notificaciones** +- Notificaciones en tiempo real (WebSocket) +- Notificaciones por email +- Centro de notificaciones en UI + +**RF-NOT-002: Mensajería interna** +- Chat entre usuarios +- Mensajes vinculados a registros +- Adjuntos + +**RF-NOT-003: Tracking de cambios** +- Auditoría automática de modificaciones +- Timeline de actividad +- Quién cambió qué y cuándo + +**RF-NOT-004: Actividades y tareas** +- Recordatorios programados +- Asignación a usuarios +- Follow-up automático + +## Implementación Recomendada MGN-014 + +### Schema: notifications + +```sql +CREATE TABLE notifications.messages ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + model VARCHAR(100) NOT NULL, -- 'sales.orders', 'purchase.orders' + record_id INT NOT NULL, + message_type VARCHAR(50), -- 'comment', 'notification', 'email' + subject VARCHAR(200), + body TEXT, + author_id INT REFERENCES auth.users(id), + created_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE TABLE notifications.followers ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + model VARCHAR(100) NOT NULL, + record_id INT NOT NULL, + user_id INT REFERENCES auth.users(id), + subscribed_at TIMESTAMPTZ DEFAULT NOW(), + UNIQUE (model, record_id, user_id) +); + +CREATE TABLE notifications.activities ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + model VARCHAR(100) NOT NULL, + record_id INT NOT NULL, + activity_type VARCHAR(50), -- 'call', 'email', 'meeting', 'todo' + summary VARCHAR(200), + description TEXT, + assigned_to INT REFERENCES auth.users(id), + due_date DATE, + completed BOOLEAN DEFAULT FALSE, + created_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE TABLE notifications.tracking ( + id SERIAL PRIMARY KEY, + tenant_id INT NOT NULL, + model VARCHAR(100) NOT NULL, + record_id INT NOT NULL, + field_name VARCHAR(100), + old_value TEXT, + new_value TEXT, + changed_by INT REFERENCES auth.users(id), + changed_at TIMESTAMPTZ DEFAULT NOW() +); +``` + +### Backend: Tracking Middleware + +```typescript +// Middleware para tracking automático +export function trackingMiddleware(Model: any) { + const originalUpdate = Model.update; + + Model.update = async function(id: number, data: any, userId: number) { + // Leer valores actuales + const oldRecord = await Model.findById(id); + + // Actualizar + const updatedRecord = await originalUpdate.call(this, id, data); + + // Identificar cambios + const changes = detectChanges(oldRecord, updatedRecord, Model.trackedFields); + + // Crear registros de tracking + for (const change of changes) { + await createTrackingRecord({ + model: Model.tableName, + record_id: id, + field_name: change.field, + old_value: change.oldValue, + new_value: change.newValue, + changed_by: userId + }); + + // Notificar a followers + await notifyFollowers(Model.tableName, id, { + type: 'field_change', + field: change.field, + old: change.oldValue, + new: change.newValue + }); + } + + return updatedRecord; + }; +} +``` + +### Frontend: Notificaciones en Tiempo Real + +```typescript +// WebSocket para notificaciones +const socket = io(WS_URL); + +socket.on('notification', (notification) => { + // Mostrar toast + toast.info(notification.message); + + // Actualizar contador + notificationStore.incrementUnread(); + + // Reproducir sonido + playNotificationSound(); +}); +``` + +## Patrón de Chatter UI + +**Odoo tiene un "Chatter" en cada formulario:** +- Timeline de mensajes +- Actividades pendientes +- Formulario para escribir mensajes +- Lista de followers + +**MGN-014 debe implementar componente similar:** +```typescript + +``` + +## WebSocket vs Polling + +**Odoo usa:** Polling (cada 30 segundos consulta nuevas notificaciones) + +**MGN-014 debe usar:** WebSocket (Socket.IO o native WebSockets) +- Notificaciones en tiempo real +- Menor carga en servidor +- Mejor UX + +## Aplicabilidad + +⭐⭐⭐⭐⭐ - ESENCIAL + +El patrón de mail.thread es uno de los más valiosos de Odoo. Permite: +- Auditoría completa sin código adicional +- Colaboración en registros +- Sistema de notificaciones unificado + +**Recomendación:** Implementar tracking automático desde el inicio + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-portal-analysis.md b/docs/01-analisis-referencias/odoo/odoo-portal-analysis.md new file mode 100644 index 0000000..3dc566f --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-portal-analysis.md @@ -0,0 +1,175 @@ +# Análisis del Módulo Portal de Odoo + +**Módulo:** portal +**Prioridad:** P1 +**Mapeo MGN:** MGN-013 (Portal de Usuarios) + +## Descripción + +Portal para usuarios externos (clientes, proveedores, derechohabientes): +- Acceso limitado sin licencia Odoo +- Vistas read-only personalizadas +- Acciones permitidas (aprobar, comentar, descargar) + +## Características Principales + +### 1. Usuarios Portal + +```python +# Usuario portal (share=True) +user = self.env['res.users'].create({ + 'name': 'Cliente ABC', + 'login': 'cliente@abc.com', + 'groups_id': [(6, 0, [self.env.ref('base.group_portal').id])] +}) +# share=True → no consume licencia Odoo +``` + +### 2. Vistas Portal + +Rutas públicas: +- `/my/orders` - Órdenes de venta del cliente +- `/my/invoices` - Facturas +- `/my/projects` - Proyectos +- `/my/tasks` - Tareas asignadas + +### 3. Seguridad + +**Record rules filtran por usuario:** +```python +# Cliente solo ve sus propias órdenes + + [('partner_id.user_id', '=', user.id)] + +``` + +### 4. Acciones Permitidas + +Clientes pueden: +- Ver documentos (órdenes, facturas, proyectos) +- Descargar PDFs +- Aprobar cotizaciones (firma electrónica) +- Comentar en tareas +- Subir archivos + +Clientes NO pueden: +- Crear órdenes +- Editar precios +- Ver órdenes de otros clientes +- Acceder a configuración + +## Mapeo a MGN-013 + +### Requerimientos Funcionales + +**RF-POR-001: Portal de clientes** +- Login con email/password +- Dashboard personalizado +- Documentos del cliente + +**RF-POR-002: Vista de órdenes/facturas** +- Lista de órdenes de venta +- Detalle de orden +- Descarga de PDF + +**RF-POR-003: Aprobación de cotizaciones** +- Revisar cotización +- Aprobar con firma electrónica +- Conversión a orden de venta + +**RF-POR-004: Vista de proyectos/tareas** +- Proyectos del cliente +- Tareas asignadas +- Comentarios + +## Implementación Recomendada MGN-013 + +### Frontend: Rutas Públicas + +```typescript +// routes/portal.tsx +const portalRoutes = [ + { + path: '/portal', + element: , + children: [ + { path: 'dashboard', element: }, + { path: 'orders', element: }, + { path: 'orders/:id', element: }, + { path: 'invoices', element: }, + { path: 'projects', element: }, + { path: 'projects/:id/tasks', element: } + ] + } +]; +``` + +### Backend: Permisos Portal + +```sql +-- Rol 'portal_user' +INSERT INTO auth.roles (name, category) VALUES ('portal_user', 'portal'); + +-- Permisos limitados +INSERT INTO auth.model_permissions (role_id, resource, can_read, can_write, can_create, can_delete) +VALUES + ((SELECT id FROM auth.roles WHERE name = 'portal_user'), 'sales.orders', TRUE, FALSE, FALSE, FALSE), + ((SELECT id FROM auth.roles WHERE name = 'portal_user'), 'account.invoices', TRUE, FALSE, FALSE, FALSE), + ((SELECT id FROM auth.roles WHERE name = 'portal_user'), 'projects.projects', TRUE, FALSE, FALSE, FALSE); + +-- RLS: usuario portal solo ve sus registros +CREATE POLICY portal_sales_orders ON sales.orders +FOR SELECT +TO portal_user +USING (customer_id IN ( + SELECT partner_id FROM auth.users WHERE id = current_setting('app.user_id')::int +)); +``` + +## Patrón de Firma Electrónica + +**Odoo implementa firma con canvas HTML5:** + +```typescript +// Componente de firma +import SignatureCanvas from 'react-signature-canvas'; + +function QuotationApproval({ orderId }) { + const sigRef = useRef(null); + + const handleApprove = async () => { + const signatureDataURL = sigRef.current.toDataURL(); + + await approveQuotation({ + orderId, + signature: signatureDataURL, + approvedAt: new Date() + }); + }; + + return ( +
+

Aprobar Cotización #{orderId}

+ + +
+ ); +} +``` + +## Aplicabilidad + +⭐⭐⭐⭐⭐ - ESENCIAL para ERP Construcción + +Portal de derechohabientes INFONAVIT: +- Ver avance de vivienda +- Documentos (contratos, escrituras) +- Programación de entrega +- Postventa (garantías) + +**Recomendación:** Implementar desde Fase 1 + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-project-analysis.md b/docs/01-analisis-referencias/odoo/odoo-project-analysis.md new file mode 100644 index 0000000..980f0e2 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-project-analysis.md @@ -0,0 +1,71 @@ +# Análisis del Módulo Project de Odoo + +**Módulo:** project +**Prioridad:** P1 +**Mapeo MGN:** MGN-011 (Proyectos Genéricos) + +## Modelos Principales + +### project.project (Proyectos) +- Nombre y descripción +- Manager +- Stages personalizables +- Analytic account (tracking de costos) +- Portal de clientes + +### project.task (Tareas) +- Título y descripción +- Asignado a usuario +- Stage (columnas kanban) +- Fechas (inicio, fin, deadline) +- Dependencias entre tareas +- Subtareas + +### project.task.type (Stages de Tareas) +- Backlog → To Do → In Progress → Done +- Secuencia y colores +- Kanban fold + +## Patrones Destacables + +### 1. Vista Kanban de Tareas + +Pipeline drag-and-drop: +- Columnas = Stages +- Tarjetas = Tasks +- Cambio de stage automático + +### 2. Integración con Timesheet + +```python +# Horas trabajadas en tarea → analytic account del proyecto +class ProjectTask(models.Model): + timesheet_ids = fields.One2many('account.analytic.line', 'task_id') + + @api.depends('timesheet_ids.unit_amount') + def _compute_effective_hours(self): + self.effective_hours = sum(self.timesheet_ids.mapped('unit_amount')) +``` + +### 3. Portal de Clientes + +Clientes pueden: +- Ver tareas de su proyecto +- Comentar en tareas +- Ver progreso + +## Mapeo a MGN-011 + +- RF-PRO-001: Gestión de proyectos +- RF-PRO-002: Tareas y subtareas +- RF-PRO-003: Stages personalizables +- RF-PRO-004: Asignación a usuarios +- RF-PRO-005: Integración con timesheet +- RF-PRO-006: Portal de clientes + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - ESENCIAL para ERP Construcción/Proyectos + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-purchase-analysis.md b/docs/01-analisis-referencias/odoo/odoo-purchase-analysis.md new file mode 100644 index 0000000..7d770af --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-purchase-analysis.md @@ -0,0 +1,53 @@ +# Análisis del Módulo Purchase de Odoo + +**Módulo:** purchase +**Prioridad:** P0 +**Mapeo MGN:** MGN-006 (Compras Básico) + +## Modelos Principales + +### purchase.order (Órdenes de Compra) +- Proveedor (vendor_id) +- Líneas de productos +- Estados: draft → sent → purchase → done +- Integración con stock (recepciones) + +### purchase.order.line (Líneas de Orden) +- Producto, cantidad, precio +- UoM (unidad de medida) +- Cuenta analítica + +### res.partner (Proveedores) +- Extensión de res.partner con supplier_rank +- Condiciones de pago +- Historial de compras + +## Patrones Destacables + +1. **RFQ → PO Workflow** + - Solicitud de cotización (RFQ) + - Aprobación + - Conversión a orden de compra + +2. **Integración con Inventario** + - Órden de compra genera recepción (stock.picking) + - Actualización automática de stock + +3. **Facturación** + - Factura de proveedor desde orden de compra + - Control de cantidades recibidas vs facturadas + +## Mapeo a MGN-006 + +- RF-COM-001: Gestión de proveedores +- RF-COM-002: Solicitudes de cotización +- RF-COM-003: Órdenes de compra +- RF-COM-004: Recepciones de mercancía +- RF-COM-005: Facturación de compras + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Esencial para cualquier ERP + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-sale-analysis.md b/docs/01-analisis-referencias/odoo/odoo-sale-analysis.md new file mode 100644 index 0000000..7a39936 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-sale-analysis.md @@ -0,0 +1,56 @@ +# Análisis del Módulo Sale de Odoo + +**Módulo:** sale +**Prioridad:** P0 +**Mapeo MGN:** MGN-007 (Ventas Básico) + +## Modelos Principales + +### sale.order (Órdenes de Venta) +- Cliente (partner_id) +- Líneas de productos/servicios +- Estados: draft → sent → sale → done +- Portal de clientes (aprobación online) + +### sale.order.line (Líneas de Orden) +- Producto/servicio +- Cantidad, precio, descuento +- UoM +- Cuenta analítica + +## Patrones Destacables + +1. **Cotización → Venta Workflow** + - Cotización (draft) + - Envío a cliente (sent) + - Aprobación (sale) + - Entrega y facturación + +2. **Integración con Inventario** + - Orden de venta genera picking (entrega) + - Reserva de stock + +3. **Facturación Flexible** + - Facturación al confirmar orden + - Facturación al entregar + - Facturación parcial + +4. **Portal de Clientes** + - Cliente puede ver cotizaciones + - Aprobar online con firma electrónica + +## Mapeo a MGN-007 + +- RF-VEN-001: Gestión de clientes +- RF-VEN-002: Cotizaciones +- RF-VEN-003: Órdenes de venta +- RF-VEN-004: Entregas +- RF-VEN-005: Facturación de ventas +- RF-VEN-006: Portal de clientes + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Esencial para cualquier ERP + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-analisis-referencias/odoo/odoo-stock-analysis.md b/docs/01-analisis-referencias/odoo/odoo-stock-analysis.md new file mode 100644 index 0000000..d70a151 --- /dev/null +++ b/docs/01-analisis-referencias/odoo/odoo-stock-analysis.md @@ -0,0 +1,62 @@ +# Análisis del Módulo Stock de Odoo + +**Módulo:** stock +**Prioridad:** P0 +**Mapeo MGN:** MGN-005 (Inventario Básico) + +## Modelos Principales + +### stock.warehouse (Almacenes) +- Ubicación principal +- Rutas de entrada/salida +- Configuración de reabastecimiento + +### stock.location (Ubicaciones) +- Estructura jerárquica +- Tipos: internal, customer, supplier, inventory, transit +- Ubicaciones virtuales vs físicas + +### stock.move (Movimientos de Stock) +- Origen y destino +- Producto y cantidad +- Estados: draft → assigned → done +- Tracking de lotes y series + +### stock.picking (Albaranes/Guías) +- Agrupación de movimientos +- Tipos: incoming, outgoing, internal +- Integración con compras/ventas + +### stock.quant (Cantidades en Stock) +- Cantidad disponible por ubicación +- Lotes y números de serie +- Valoración de inventario + +## Patrones Destacables + +1. **Doble movimiento** + - Entrada/salida siempre genera par de movimientos + - Origen → tránsito → destino + +2. **Estrategias de inventario** + - FIFO, LIFO, Average Cost + - Reabastecimiento automático + +3. **Trazabilidad** + - Lotes y números de serie + - Tracking completo de movimientos + +## Mapeo a MGN-005 + +- RF-INV-001: Gestión de almacenes +- RF-INV-002: Ubicaciones de almacenamiento +- RF-INV-003: Movimientos de inventario +- RF-INV-004: Trazabilidad (lotes/series) +- RF-INV-005: Valoración de inventario + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ - Esencial para manufactura y comercio + +--- + +**Fecha:** 2025-11-23 +**Estado:** ✅ Análisis completo diff --git a/docs/01-fase-foundation/MGN-001-auth/README.md b/docs/01-fase-foundation/MGN-001-auth/README.md new file mode 100644 index 0000000..3c22dac --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/README.md @@ -0,0 +1,177 @@ +# MGN-001: Autenticacion + +## Metadata + +| Campo | Valor | +|-------|-------| +| **ID** | MGN-001 | +| **Nombre** | Autenticacion | +| **Fase** | 01 - Foundation | +| **Prioridad** | P0 (Critico) | +| **Story Points** | 40 SP | +| **Estado** | Documentado | +| **Dependencias** | Ninguna | + +--- + +## Descripcion + +Sistema de autenticacion completo para el ERP que incluye: + +- **Login con email/password:** Autenticacion tradicional con validacion de credenciales +- **Tokens JWT:** Access tokens de corta duracion y refresh tokens de larga duracion +- **OAuth Social:** Login con Google y Microsoft +- **Recuperacion de password:** Flujo de reset via email +- **Proteccion brute force:** Rate limiting y bloqueo temporal + +--- + +## Objetivos + +1. Proveer autenticacion segura para todos los usuarios del sistema +2. Soportar multiples metodos de autenticacion (local, OAuth) +3. Implementar manejo robusto de sesiones con tokens JWT +4. Proteger contra ataques comunes (brute force, session hijacking) +5. Permitir recuperacion segura de credenciales + +--- + +## Alcance + +### Incluido + +- Login/logout con email y password +- Generacion y validacion de JWT (access + refresh tokens) +- Recuperacion de password via email +- OAuth con Google y Microsoft +- Registro de intentos de login fallidos +- Bloqueo temporal por intentos fallidos +- Manejo de sesiones multiples por usuario + +### Excluido + +- Registro de nuevos usuarios (ver MGN-002 Users) +- Gestion de perfiles (ver MGN-002 Users) +- Asignacion de roles (ver MGN-003 Roles) +- 2FA/MFA (futuro enhancement) + +--- + +## User Stories Principales + +| ID | Titulo | SP | Prioridad | +|----|--------|---:|-----------| +| US-MGN001-001 | Login con Email/Password | 8 | P0 | +| US-MGN001-002 | Logout de Sesion | 3 | P0 | +| US-MGN001-003 | Recuperar Password | 5 | P1 | +| US-MGN001-004 | Refresh de Token | 5 | P0 | +| US-MGN001-005 | Login con Google | 8 | P2 | + +**Total:** 29 SP + 11 SP buffer = **40 SP** + +--- + +## Arquitectura + +``` +┌─────────────────┐ ┌─────────────────┐ +│ Frontend │ │ Backend │ +│ (React/Vite) │────▶│ (NestJS) │ +└─────────────────┘ └────────┬────────┘ + │ │ + │ ▼ + │ ┌─────────────────┐ + │ │ AuthService │ + │ │ TokenService │ + │ │ PasswordSvc │ + │ │ OAuthService │ + │ └────────┬────────┘ + │ │ + │ ▼ + │ ┌─────────────────┐ + │ │ PostgreSQL │ + │ │ core_auth │ + │ └─────────────────┘ + │ + ▼ +┌─────────────────┐ +│ authStore │ +│ (Zustand) │ +└─────────────────┘ +``` + +--- + +## Endpoints API + +| Metodo | Path | Descripcion | +|--------|------|-------------| +| POST | `/api/v1/auth/login` | Login con credenciales | +| POST | `/api/v1/auth/logout` | Cerrar sesion | +| POST | `/api/v1/auth/refresh` | Renovar tokens | +| POST | `/api/v1/auth/forgot-password` | Solicitar reset | +| POST | `/api/v1/auth/reset-password` | Cambiar password | +| GET | `/api/v1/auth/me` | Usuario actual | +| GET | `/api/v1/auth/oauth/:provider` | Iniciar OAuth | + +--- + +## Tablas de Base de Datos + +| Tabla | Descripcion | +|-------|-------------| +| `users_auth` | Credenciales de autenticacion | +| `sessions` | Sesiones activas | +| `refresh_tokens` | Tokens de refresco | +| `password_resets` | Tokens de reset | +| `login_attempts` | Intentos de login | +| `oauth_accounts` | Cuentas OAuth vinculadas | + +--- + +## Seguridad + +- Passwords hasheados con bcrypt (cost factor 12) +- Access tokens JWT con expiracion de 15 minutos +- Refresh tokens con expiracion de 7 dias +- Rate limiting: 5 intentos por minuto por IP +- Bloqueo temporal: 15 minutos despues de 5 intentos fallidos +- Tokens de reset expiran en 1 hora + +--- + +## Dependencias + +### Este modulo no depende de otros modulos + +MGN-001 es la base del sistema y no tiene dependencias. + +### Modulos que dependen de este + +- **MGN-002 Users:** Para autenticar usuarios +- **MGN-003 Roles:** Para verificar permisos en JWT +- **MGN-004 Tenants:** Para incluir tenant_id en JWT +- **Todos los demas modulos:** Requieren autenticacion + +--- + +## Documentacion + +- **Mapa del modulo:** [_MAP.md](./_MAP.md) +- **Trazabilidad:** [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) +- **Requerimientos:** [requerimientos/](./requerimientos/) +- **Especificaciones:** [especificaciones/](./especificaciones/) +- **User Stories:** [historias-usuario/](./historias-usuario/) + +--- + +## Historial + +| Fecha | Cambio | Autor | +|-------|--------|-------| +| 2025-12-05 | Creacion del modulo con estructura GAMILIT | Requirements-Analyst | + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-001-auth/_MAP.md b/docs/01-fase-foundation/MGN-001-auth/_MAP.md new file mode 100644 index 0000000..dc3b209 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/_MAP.md @@ -0,0 +1,183 @@ +# _MAP: MGN-001 - Autenticacion + +**Modulo:** MGN-001 +**Nombre:** Autenticacion +**Fase:** 01 - Foundation +**Story Points:** 40 SP +**Estado:** Documentado +**Ultima actualizacion:** 2025-12-05 + +--- + +## Resumen + +Sistema de autenticacion que incluye login con email/password, manejo de tokens JWT, OAuth con proveedores sociales, recuperacion de password y proteccion contra ataques de fuerza bruta. + +--- + +## Metricas + +| Metrica | Valor | +|---------|-------| +| Story Points | 40 SP | +| Requerimientos (RF) | 6 | +| Especificaciones (ET) | 3 | +| User Stories (US) | 5 | +| Tablas DB | 6 | +| Endpoints API | 7 | +| Test Cases | 20+ | +| Cobertura Estimada | 0% | + +--- + +## Requerimientos Funcionales (5) + +| ID | Archivo | Titulo | Prioridad | Estado | +|----|---------|--------|-----------|--------| +| RF-AUTH-001 | [RF-AUTH-001.md](./requerimientos/RF-AUTH-001.md) | Login Email/Password | P0 | Migrado | +| RF-AUTH-002 | [RF-AUTH-002.md](./requerimientos/RF-AUTH-002.md) | Manejo de Tokens JWT | P0 | Migrado | +| RF-AUTH-003 | [RF-AUTH-003.md](./requerimientos/RF-AUTH-003.md) | Recuperacion de Password | P1 | Migrado | +| RF-AUTH-004 | [RF-AUTH-004.md](./requerimientos/RF-AUTH-004.md) | Proteccion Brute Force | P1 | Migrado | +| RF-AUTH-005 | [RF-AUTH-005.md](./requerimientos/RF-AUTH-005.md) | OAuth y Logout | P2 | Migrado | + +**Indice:** [INDICE-RF-AUTH.md](./requerimientos/INDICE-RF-AUTH.md) + +--- + +## Especificaciones Tecnicas (3) + +| ID | Archivo | Titulo | RF Asociados | Estado | +|----|---------|--------|--------------|--------| +| ET-AUTH-001 | [ET-auth-backend.md](./especificaciones/ET-auth-backend.md) | Backend Auth | RF-AUTH-001, RF-AUTH-002, RF-AUTH-005 | Migrado | +| ET-AUTH-002 | [auth-domain.md](./especificaciones/auth-domain.md) | Domain Model Auth | RF-AUTH-001 | Migrado | +| ET-AUTH-003 | [ET-AUTH-database.md](./especificaciones/ET-AUTH-database.md) | Database Auth | RF-AUTH-001, RF-AUTH-002, RF-AUTH-004 | Migrado | + +--- + +## Historias de Usuario (4) + +| ID | Archivo | Titulo | RF | SP | Estado | +|----|---------|--------|----|----|--------| +| US-MGN001-001 | [US-MGN001-001.md](./historias-usuario/US-MGN001-001.md) | Login con Email/Password | RF-AUTH-001 | 8 | Migrado | +| US-MGN001-002 | [US-MGN001-002.md](./historias-usuario/US-MGN001-002.md) | Logout de Sesion | RF-AUTH-005 | 3 | Migrado | +| US-MGN001-003 | [US-MGN001-003.md](./historias-usuario/US-MGN001-003.md) | Recuperar Password | RF-AUTH-003 | 5 | Migrado | +| US-MGN001-004 | [US-MGN001-004.md](./historias-usuario/US-MGN001-004.md) | Refresh de Token | RF-AUTH-002 | 5 | Migrado | + +**Backlog:** [BACKLOG-MGN001.md](./historias-usuario/BACKLOG-MGN001.md) +**Total:** 21 SP (+ buffer = 40 SP epica) + +--- + +## Implementacion + +### Database + +| Objeto | Tipo | Archivo | RF | +|--------|------|---------|-----| +| core_auth | Schema | `ddl/schemas/core_auth/` | - | +| users_auth | Tabla | `ddl/schemas/core_auth/tables/users_auth.sql` | RF-AUTH-001 | +| sessions | Tabla | `ddl/schemas/core_auth/tables/sessions.sql` | RF-AUTH-002 | +| refresh_tokens | Tabla | `ddl/schemas/core_auth/tables/refresh_tokens.sql` | RF-AUTH-002 | +| password_resets | Tabla | `ddl/schemas/core_auth/tables/password_resets.sql` | RF-AUTH-003 | +| login_attempts | Tabla | `ddl/schemas/core_auth/tables/login_attempts.sql` | RF-AUTH-004 | +| oauth_accounts | Tabla | `ddl/schemas/core_auth/tables/oauth_accounts.sql` | RF-AUTH-005 | +| validate_password | Funcion | `ddl/schemas/core_auth/functions/validate_password.sql` | RF-AUTH-001 | +| cleanup_expired_sessions | Funcion | `ddl/schemas/core_auth/functions/cleanup_sessions.sql` | RF-AUTH-002 | + +### Backend + +| Objeto | Tipo | Archivo | RF | +|--------|------|---------|-----| +| AuthModule | Module | `src/modules/auth/auth.module.ts` | - | +| AuthService | Service | `src/modules/auth/auth.service.ts` | RF-AUTH-001 | +| TokenService | Service | `src/modules/auth/token.service.ts` | RF-AUTH-002 | +| PasswordService | Service | `src/modules/auth/password.service.ts` | RF-AUTH-003 | +| OAuthService | Service | `src/modules/auth/oauth.service.ts` | RF-AUTH-005 | +| AuthController | Controller | `src/modules/auth/auth.controller.ts` | - | +| JwtAuthGuard | Guard | `src/modules/auth/guards/jwt-auth.guard.ts` | RF-AUTH-002 | +| LoginDto | DTO | `src/modules/auth/dto/login.dto.ts` | RF-AUTH-001 | +| TokenResponseDto | DTO | `src/modules/auth/dto/token-response.dto.ts` | RF-AUTH-002 | + +### Frontend + +| Objeto | Tipo | Archivo | RF | +|--------|------|---------|-----| +| LoginPage | Page | `src/features/auth/pages/LoginPage.tsx` | RF-AUTH-001 | +| ForgotPasswordPage | Page | `src/features/auth/pages/ForgotPasswordPage.tsx` | RF-AUTH-003 | +| ResetPasswordPage | Page | `src/features/auth/pages/ResetPasswordPage.tsx` | RF-AUTH-003 | +| LoginForm | Component | `src/features/auth/components/LoginForm.tsx` | RF-AUTH-001 | +| SocialLoginButtons | Component | `src/features/auth/components/SocialLoginButtons.tsx` | RF-AUTH-005 | +| authStore | Store | `src/features/auth/stores/authStore.ts` | - | +| authApi | API | `src/features/auth/api/authApi.ts` | - | + +--- + +## Endpoints API + +| Metodo | Path | Descripcion | RF | Auth | +|--------|------|-------------|-----|------| +| POST | `/api/v1/auth/login` | Login con email/password | RF-AUTH-001 | No | +| POST | `/api/v1/auth/logout` | Cerrar sesion | RF-AUTH-006 | Si | +| POST | `/api/v1/auth/refresh` | Refrescar token | RF-AUTH-002 | No* | +| POST | `/api/v1/auth/forgot-password` | Solicitar recuperacion | RF-AUTH-003 | No | +| POST | `/api/v1/auth/reset-password` | Cambiar password | RF-AUTH-003 | No | +| GET | `/api/v1/auth/me` | Obtener usuario actual | RF-AUTH-001 | Si | +| GET | `/api/v1/auth/oauth/:provider` | Iniciar OAuth flow | RF-AUTH-005 | No | + +*Requiere refresh token valido + +--- + +## Dependencias + +### Este modulo depende de: + +Ninguna - MGN-001 es el primer modulo de la cadena. + +### Modulos que dependen de este: + +| Modulo | Tipo | Razon | +|--------|------|-------| +| MGN-002 Users | Hard | Usuarios requieren auth | +| MGN-003 Roles | Hard | RBAC usa tokens de auth | +| MGN-004 Tenants | Hard | Tenant ID en token JWT | +| TODOS | Hard | Autenticacion requerida | + +--- + +## Test Coverage + +| Tipo | Casos | Estado | +|------|-------|--------| +| Unit Tests - AuthService | 12 | Pendiente | +| Unit Tests - TokenService | 8 | Pendiente | +| Integration Tests | 10 | Pendiente | +| E2E Tests | 5 | Pendiente | +| **Total** | **35** | **0%** | + +--- + +## Trazabilidad + +Ver archivo completo: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +## Documentos Relacionados + +- **Epica:** [EPIC-MGN-001-auth.md](../../08-epicas/EPIC-MGN-001-auth.md) +- **DDL Spec:** [DDL-SPEC-core_auth.md](../../04-modelado/database-design/DDL-SPEC-core_auth.md) +- **Test Plan:** [TP-auth.md](../../06-test-plans/TP-auth.md) + +--- + +## Historial + +| Fecha | Cambio | Autor | +|-------|--------|-------| +| 2025-12-05 | Creacion de _MAP.md con estructura GAMILIT | Requirements-Analyst | + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-AUTH-database.md b/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-AUTH-database.md new file mode 100644 index 0000000..532c4db --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-AUTH-database.md @@ -0,0 +1,744 @@ +# DDL-SPEC: Schema core_auth + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Schema** | core_auth | +| **Modulo** | MGN-001 | +| **Version** | 1.0 | +| **Estado** | En Diseño | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +El schema `core_auth` contiene todas las tablas relacionadas con autenticación, manejo de sesiones, tokens y recuperación de contraseñas. Es el schema más crítico desde el punto de vista de seguridad. + +### Alcance + +- Gestión de tokens JWT (refresh tokens) +- Control de sesiones activas +- Historial de login/logout +- Recuperación de contraseñas +- Blacklist de tokens revocados + +> **Nota:** La tabla `users` reside en `core_users`, no en este schema. + +--- + +## Diagrama Entidad-Relacion + +```mermaid +erDiagram + %% Entidades externas (referencia) + users ||--o{ refresh_tokens : "tiene" + users ||--o{ session_history : "registra" + users ||--o{ login_attempts : "intenta" + users ||--o{ password_reset_tokens : "solicita" + users ||--o{ password_history : "historial" + + refresh_tokens { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar token_hash + uuid family_id + boolean is_used + timestamptz used_at + uuid replaced_by FK + varchar device_info + inet ip_address + timestamptz expires_at + timestamptz revoked_at + varchar revoked_reason + timestamptz created_at + } + + revoked_tokens { + uuid id PK + varchar jti UK + uuid user_id FK + uuid tenant_id FK + varchar token_type + timestamptz original_exp + varchar revocation_reason + timestamptz revoked_at + timestamptz created_at + } + + session_history { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar action + varchar device_info + inet ip_address + jsonb metadata + timestamptz created_at + } + + login_attempts { + uuid id PK + varchar email + uuid tenant_id FK + boolean success + varchar failure_reason + inet ip_address + varchar user_agent + timestamptz attempted_at + } + + password_reset_tokens { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar token_hash + integer attempts + timestamptz expires_at + timestamptz used_at + timestamptz created_at + } + + password_history { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar password_hash + timestamptz created_at + } +``` + +--- + +## Tablas + +### 1. refresh_tokens + +Almacena los refresh tokens emitidos para mantener sesiones activas. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → core_users.users | +| `tenant_id` | UUID | NOT NULL | - | FK → core_tenants.tenants | +| `jti` | VARCHAR(64) | NOT NULL | - | JWT ID (unique identifier) | +| `token_hash` | VARCHAR(255) | NOT NULL | - | Hash bcrypt del token | +| `family_id` | UUID | NOT NULL | - | Familia de tokens (para rotación) | +| `is_used` | BOOLEAN | NOT NULL | false | Si el token ya fue usado | +| `used_at` | TIMESTAMPTZ | NULL | - | Cuando se usó para refresh | +| `replaced_by` | UUID | NULL | - | Token que lo reemplazó | +| `device_info` | VARCHAR(500) | NULL | - | User-Agent del dispositivo | +| `ip_address` | INET | NULL | - | IP desde donde se creó | +| `expires_at` | TIMESTAMPTZ | NOT NULL | - | Fecha de expiración | +| `revoked_at` | TIMESTAMPTZ | NULL | - | Cuando fue revocado | +| `revoked_reason` | VARCHAR(50) | NULL | - | Razón de revocación | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha de creación | + +#### Constraints + +```sql +-- Primary Key +CONSTRAINT pk_refresh_tokens PRIMARY KEY (id), + +-- Unique +CONSTRAINT uk_refresh_tokens_jti UNIQUE (jti), + +-- Foreign Keys +CONSTRAINT fk_refresh_tokens_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_refresh_tokens_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_refresh_tokens_replaced_by + FOREIGN KEY (replaced_by) REFERENCES core_auth.refresh_tokens(id), + +-- Check +CONSTRAINT chk_refresh_tokens_revoked_reason + CHECK (revoked_reason IN ('user_logout', 'logout_all', 'token_rotation', 'security_breach', 'admin_action', 'password_change')) +``` + +#### Indices + +```sql +CREATE INDEX idx_refresh_tokens_user_id ON core_auth.refresh_tokens(user_id); +CREATE INDEX idx_refresh_tokens_tenant_id ON core_auth.refresh_tokens(tenant_id); +CREATE INDEX idx_refresh_tokens_family_id ON core_auth.refresh_tokens(family_id); +CREATE INDEX idx_refresh_tokens_expires_at ON core_auth.refresh_tokens(expires_at) WHERE revoked_at IS NULL; +CREATE INDEX idx_refresh_tokens_active ON core_auth.refresh_tokens(user_id, tenant_id) WHERE revoked_at IS NULL AND is_used = false; +``` + +--- + +### 2. revoked_tokens + +Blacklist de access tokens revocados (para invalidación inmediata). + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `jti` | VARCHAR(64) | NOT NULL | - | JWT ID del token revocado | +| `user_id` | UUID | NOT NULL | - | Usuario dueño del token | +| `tenant_id` | UUID | NOT NULL | - | Tenant del token | +| `token_type` | VARCHAR(20) | NOT NULL | 'access' | Tipo: access, refresh | +| `original_exp` | TIMESTAMPTZ | NOT NULL | - | Expiración original del token | +| `revocation_reason` | VARCHAR(50) | NOT NULL | - | Razón de revocación | +| `revoked_at` | TIMESTAMPTZ | NOT NULL | NOW() | Cuando se revocó | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha de creación | + +#### Constraints + +```sql +CONSTRAINT pk_revoked_tokens PRIMARY KEY (id), +CONSTRAINT uk_revoked_tokens_jti UNIQUE (jti), +CONSTRAINT fk_revoked_tokens_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_revoked_tokens_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT chk_revoked_tokens_type CHECK (token_type IN ('access', 'refresh')) +``` + +#### Indices + +```sql +CREATE INDEX idx_revoked_tokens_jti ON core_auth.revoked_tokens(jti); +CREATE INDEX idx_revoked_tokens_exp ON core_auth.revoked_tokens(original_exp); +``` + +> **Nota:** Esta tabla es un fallback. La blacklist principal debe estar en Redis para mejor performance. + +--- + +### 3. session_history + +Historial de eventos de sesión para auditoría. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | Usuario | +| `tenant_id` | UUID | NOT NULL | - | Tenant | +| `action` | VARCHAR(30) | NOT NULL | - | Tipo de evento | +| `device_info` | VARCHAR(500) | NULL | - | User-Agent | +| `ip_address` | INET | NULL | - | IP del cliente | +| `metadata` | JSONB | NULL | '{}' | Datos adicionales | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Timestamp del evento | + +#### Constraints + +```sql +CONSTRAINT pk_session_history PRIMARY KEY (id), +CONSTRAINT fk_session_history_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_session_history_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT chk_session_history_action + CHECK (action IN ('login', 'logout', 'logout_all', 'refresh', 'password_change', 'password_reset', 'account_locked', 'account_unlocked', 'mfa_enabled', 'mfa_disabled')) +``` + +#### Indices + +```sql +CREATE INDEX idx_session_history_user_id ON core_auth.session_history(user_id); +CREATE INDEX idx_session_history_tenant_id ON core_auth.session_history(tenant_id); +CREATE INDEX idx_session_history_created_at ON core_auth.session_history(created_at DESC); +CREATE INDEX idx_session_history_action ON core_auth.session_history(action); +``` + +--- + +### 4. login_attempts + +Registro de intentos de login (exitosos y fallidos) para seguridad. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `email` | VARCHAR(255) | NOT NULL | - | Email usado en intento | +| `tenant_id` | UUID | NULL | - | Tenant (si aplica) | +| `user_id` | UUID | NULL | - | Usuario (si existe) | +| `success` | BOOLEAN | NOT NULL | - | Si fue exitoso | +| `failure_reason` | VARCHAR(50) | NULL | - | Razón de fallo | +| `ip_address` | INET | NOT NULL | - | IP del cliente | +| `user_agent` | VARCHAR(500) | NULL | - | User-Agent | +| `attempted_at` | TIMESTAMPTZ | NOT NULL | NOW() | Timestamp del intento | + +#### Constraints + +```sql +CONSTRAINT pk_login_attempts PRIMARY KEY (id), +CONSTRAINT fk_login_attempts_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE SET NULL, +CONSTRAINT fk_login_attempts_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE SET NULL, +CONSTRAINT chk_login_attempts_failure_reason + CHECK (failure_reason IS NULL OR failure_reason IN ('invalid_credentials', 'account_locked', 'account_inactive', 'tenant_inactive', 'mfa_required', 'mfa_failed')) +``` + +#### Indices + +```sql +CREATE INDEX idx_login_attempts_email ON core_auth.login_attempts(email); +CREATE INDEX idx_login_attempts_ip ON core_auth.login_attempts(ip_address); +CREATE INDEX idx_login_attempts_attempted_at ON core_auth.login_attempts(attempted_at DESC); +CREATE INDEX idx_login_attempts_email_ip_recent ON core_auth.login_attempts(email, ip_address, attempted_at DESC); +``` + +--- + +### 5. password_reset_tokens + +Tokens para recuperación de contraseña. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | Usuario | +| `tenant_id` | UUID | NOT NULL | - | Tenant | +| `token_hash` | VARCHAR(255) | NOT NULL | - | Hash del token | +| `attempts` | INTEGER | NOT NULL | 0 | Intentos de uso | +| `expires_at` | TIMESTAMPTZ | NOT NULL | - | Expiración (1 hora) | +| `used_at` | TIMESTAMPTZ | NULL | - | Cuando se usó | +| `invalidated_at` | TIMESTAMPTZ | NULL | - | Cuando se invalidó | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha de creación | + +#### Constraints + +```sql +CONSTRAINT pk_password_reset_tokens PRIMARY KEY (id), +CONSTRAINT fk_password_reset_tokens_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_password_reset_tokens_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT chk_password_reset_tokens_attempts CHECK (attempts >= 0 AND attempts <= 3) +``` + +#### Indices + +```sql +CREATE INDEX idx_password_reset_tokens_user_id ON core_auth.password_reset_tokens(user_id); +CREATE INDEX idx_password_reset_tokens_expires_at ON core_auth.password_reset_tokens(expires_at); +CREATE INDEX idx_password_reset_tokens_active ON core_auth.password_reset_tokens(user_id) + WHERE used_at IS NULL AND invalidated_at IS NULL; +``` + +--- + +### 6. password_history + +Historial de contraseñas para evitar reutilización. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | Usuario | +| `tenant_id` | UUID | NOT NULL | - | Tenant | +| `password_hash` | VARCHAR(255) | NOT NULL | - | Hash de la contraseña | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Cuando se estableció | + +#### Constraints + +```sql +CONSTRAINT pk_password_history PRIMARY KEY (id), +CONSTRAINT fk_password_history_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_password_history_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE +``` + +#### Indices + +```sql +CREATE INDEX idx_password_history_user_id ON core_auth.password_history(user_id); +CREATE INDEX idx_password_history_user_recent ON core_auth.password_history(user_id, created_at DESC); +``` + +--- + +## Row Level Security (RLS) + +### Politicas de Seguridad + +```sql +-- Habilitar RLS en todas las tablas +ALTER TABLE core_auth.refresh_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_auth.revoked_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_auth.session_history ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_auth.login_attempts ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_auth.password_reset_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_auth.password_history ENABLE ROW LEVEL SECURITY; + +-- Politica: Solo ver tokens del propio tenant +CREATE POLICY tenant_isolation_refresh_tokens ON core_auth.refresh_tokens + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_revoked_tokens ON core_auth.revoked_tokens + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_session_history ON core_auth.session_history + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_login_attempts ON core_auth.login_attempts + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid OR tenant_id IS NULL); + +CREATE POLICY tenant_isolation_password_reset ON core_auth.password_reset_tokens + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_password_history ON core_auth.password_history + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); +``` + +--- + +## Triggers + +### 1. Limpieza automática de tokens expirados + +```sql +-- Función para limpiar tokens expirados +CREATE OR REPLACE FUNCTION core_auth.cleanup_expired_tokens() +RETURNS TRIGGER AS $$ +BEGIN + -- Eliminar refresh tokens expirados hace más de 7 días + DELETE FROM core_auth.refresh_tokens + WHERE expires_at < NOW() - INTERVAL '7 days'; + + -- Eliminar revoked tokens cuyo original_exp pasó + DELETE FROM core_auth.revoked_tokens + WHERE original_exp < NOW(); + + -- Eliminar password_reset_tokens expirados hace más de 24 horas + DELETE FROM core_auth.password_reset_tokens + WHERE expires_at < NOW() - INTERVAL '24 hours'; + + RETURN NULL; +END; +$$ LANGUAGE plpgsql; + +-- Nota: Este trigger se ejecuta via pg_cron o job scheduler, no en cada INSERT +``` + +### 2. Invalidar tokens anteriores al crear nuevo reset + +```sql +CREATE OR REPLACE FUNCTION core_auth.invalidate_previous_reset_tokens() +RETURNS TRIGGER AS $$ +BEGIN + UPDATE core_auth.password_reset_tokens + SET invalidated_at = NOW() + WHERE user_id = NEW.user_id + AND id != NEW.id + AND used_at IS NULL + AND invalidated_at IS NULL; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_invalidate_previous_reset_tokens +AFTER INSERT ON core_auth.password_reset_tokens +FOR EACH ROW +EXECUTE FUNCTION core_auth.invalidate_previous_reset_tokens(); +``` + +### 3. Mantener solo los últimos 5 passwords en historial + +```sql +CREATE OR REPLACE FUNCTION core_auth.limit_password_history() +RETURNS TRIGGER AS $$ +BEGIN + -- Eliminar passwords antiguos, mantener solo los últimos 5 + DELETE FROM core_auth.password_history + WHERE user_id = NEW.user_id + AND id NOT IN ( + SELECT id FROM core_auth.password_history + WHERE user_id = NEW.user_id + ORDER BY created_at DESC + LIMIT 5 + ); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_limit_password_history +AFTER INSERT ON core_auth.password_history +FOR EACH ROW +EXECUTE FUNCTION core_auth.limit_password_history(); +``` + +--- + +## Funciones de Utilidad + +### 1. Verificar si token está en blacklist + +```sql +CREATE OR REPLACE FUNCTION core_auth.is_token_revoked(p_jti VARCHAR) +RETURNS BOOLEAN AS $$ +BEGIN + RETURN EXISTS ( + SELECT 1 FROM core_auth.revoked_tokens + WHERE jti = p_jti + AND original_exp > NOW() + ); +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### 2. Contar intentos fallidos recientes + +```sql +CREATE OR REPLACE FUNCTION core_auth.count_recent_failed_attempts( + p_email VARCHAR, + p_minutes INTEGER DEFAULT 30 +) +RETURNS INTEGER AS $$ +BEGIN + RETURN ( + SELECT COUNT(*) + FROM core_auth.login_attempts + WHERE email = p_email + AND success = false + AND attempted_at > NOW() - (p_minutes || ' minutes')::INTERVAL + ); +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### 3. Revocar todos los tokens de un usuario + +```sql +CREATE OR REPLACE FUNCTION core_auth.revoke_all_user_tokens( + p_user_id UUID, + p_reason VARCHAR DEFAULT 'admin_action' +) +RETURNS INTEGER AS $$ +DECLARE + affected_count INTEGER; +BEGIN + UPDATE core_auth.refresh_tokens + SET revoked_at = NOW(), + revoked_reason = p_reason + WHERE user_id = p_user_id + AND revoked_at IS NULL; + + GET DIAGNOSTICS affected_count = ROW_COUNT; + RETURN affected_count; +END; +$$ LANGUAGE plpgsql; +``` + +--- + +## Scripts de Migración + +### Crear Schema + +```sql +-- 001_create_schema_core_auth.sql +CREATE SCHEMA IF NOT EXISTS core_auth; + +COMMENT ON SCHEMA core_auth IS 'Schema para autenticación, tokens y sesiones'; +``` + +### Crear Tablas + +```sql +-- 002_create_tables_core_auth.sql + +-- refresh_tokens +CREATE TABLE IF NOT EXISTS core_auth.refresh_tokens ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + jti VARCHAR(64) NOT NULL UNIQUE, + token_hash VARCHAR(255) NOT NULL, + family_id UUID NOT NULL, + is_used BOOLEAN NOT NULL DEFAULT false, + used_at TIMESTAMPTZ, + replaced_by UUID, + device_info VARCHAR(500), + ip_address INET, + expires_at TIMESTAMPTZ NOT NULL, + revoked_at TIMESTAMPTZ, + revoked_reason VARCHAR(50), + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT fk_refresh_tokens_replaced_by + FOREIGN KEY (replaced_by) REFERENCES core_auth.refresh_tokens(id), + CONSTRAINT chk_refresh_tokens_revoked_reason + CHECK (revoked_reason IS NULL OR revoked_reason IN + ('user_logout', 'logout_all', 'token_rotation', 'security_breach', 'admin_action', 'password_change')) +); + +-- revoked_tokens +CREATE TABLE IF NOT EXISTS core_auth.revoked_tokens ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + jti VARCHAR(64) NOT NULL UNIQUE, + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + token_type VARCHAR(20) NOT NULL DEFAULT 'access', + original_exp TIMESTAMPTZ NOT NULL, + revocation_reason VARCHAR(50) NOT NULL, + revoked_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT chk_revoked_tokens_type CHECK (token_type IN ('access', 'refresh')) +); + +-- session_history +CREATE TABLE IF NOT EXISTS core_auth.session_history ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + action VARCHAR(30) NOT NULL, + device_info VARCHAR(500), + ip_address INET, + metadata JSONB DEFAULT '{}', + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT chk_session_history_action CHECK (action IN + ('login', 'logout', 'logout_all', 'refresh', 'password_change', + 'password_reset', 'account_locked', 'account_unlocked', 'mfa_enabled', 'mfa_disabled')) +); + +-- login_attempts +CREATE TABLE IF NOT EXISTS core_auth.login_attempts ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + email VARCHAR(255) NOT NULL, + tenant_id UUID, + user_id UUID, + success BOOLEAN NOT NULL, + failure_reason VARCHAR(50), + ip_address INET NOT NULL, + user_agent VARCHAR(500), + attempted_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT chk_login_attempts_failure_reason CHECK ( + failure_reason IS NULL OR failure_reason IN + ('invalid_credentials', 'account_locked', 'account_inactive', + 'tenant_inactive', 'mfa_required', 'mfa_failed')) +); + +-- password_reset_tokens +CREATE TABLE IF NOT EXISTS core_auth.password_reset_tokens ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + token_hash VARCHAR(255) NOT NULL, + attempts INTEGER NOT NULL DEFAULT 0, + expires_at TIMESTAMPTZ NOT NULL, + used_at TIMESTAMPTZ, + invalidated_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT chk_password_reset_tokens_attempts CHECK (attempts >= 0 AND attempts <= 3) +); + +-- password_history +CREATE TABLE IF NOT EXISTS core_auth.password_history ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + password_hash VARCHAR(255) NOT NULL, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW() +); +``` + +### Crear Indices + +```sql +-- 003_create_indexes_core_auth.sql + +-- refresh_tokens +CREATE INDEX IF NOT EXISTS idx_refresh_tokens_user_id ON core_auth.refresh_tokens(user_id); +CREATE INDEX IF NOT EXISTS idx_refresh_tokens_tenant_id ON core_auth.refresh_tokens(tenant_id); +CREATE INDEX IF NOT EXISTS idx_refresh_tokens_family_id ON core_auth.refresh_tokens(family_id); +CREATE INDEX IF NOT EXISTS idx_refresh_tokens_expires_at ON core_auth.refresh_tokens(expires_at) WHERE revoked_at IS NULL; +CREATE INDEX IF NOT EXISTS idx_refresh_tokens_active ON core_auth.refresh_tokens(user_id, tenant_id) WHERE revoked_at IS NULL AND is_used = false; + +-- revoked_tokens +CREATE INDEX IF NOT EXISTS idx_revoked_tokens_jti ON core_auth.revoked_tokens(jti); +CREATE INDEX IF NOT EXISTS idx_revoked_tokens_exp ON core_auth.revoked_tokens(original_exp); + +-- session_history +CREATE INDEX IF NOT EXISTS idx_session_history_user_id ON core_auth.session_history(user_id); +CREATE INDEX IF NOT EXISTS idx_session_history_tenant_id ON core_auth.session_history(tenant_id); +CREATE INDEX IF NOT EXISTS idx_session_history_created_at ON core_auth.session_history(created_at DESC); +CREATE INDEX IF NOT EXISTS idx_session_history_action ON core_auth.session_history(action); + +-- login_attempts +CREATE INDEX IF NOT EXISTS idx_login_attempts_email ON core_auth.login_attempts(email); +CREATE INDEX IF NOT EXISTS idx_login_attempts_ip ON core_auth.login_attempts(ip_address); +CREATE INDEX IF NOT EXISTS idx_login_attempts_attempted_at ON core_auth.login_attempts(attempted_at DESC); +CREATE INDEX IF NOT EXISTS idx_login_attempts_email_ip_recent ON core_auth.login_attempts(email, ip_address, attempted_at DESC); + +-- password_reset_tokens +CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_user_id ON core_auth.password_reset_tokens(user_id); +CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_expires_at ON core_auth.password_reset_tokens(expires_at); +CREATE INDEX IF NOT EXISTS idx_password_reset_tokens_active ON core_auth.password_reset_tokens(user_id) + WHERE used_at IS NULL AND invalidated_at IS NULL; + +-- password_history +CREATE INDEX IF NOT EXISTS idx_password_history_user_id ON core_auth.password_history(user_id); +CREATE INDEX IF NOT EXISTS idx_password_history_user_recent ON core_auth.password_history(user_id, created_at DESC); +``` + +--- + +## Consideraciones de Performance + +| Tabla | Volumen Esperado | Estrategia | +|-------|------------------|------------| +| refresh_tokens | Alto (miles/día) | Particionamiento por fecha, cleanup job | +| revoked_tokens | Medio | TTL automático, Redis como primario | +| session_history | Alto | Particionamiento por mes, archivado | +| login_attempts | Alto | Retención 90 días, particionamiento | +| password_reset_tokens | Bajo | Cleanup diario | +| password_history | Bajo | Límite de 5 por usuario | + +--- + +## Notas de Seguridad + +1. **Nunca almacenar tokens planos** - Solo hashes +2. **RLS obligatorio** - Aislamiento por tenant +3. **Limpieza programada** - Eliminar datos expirados +4. **Auditoría completa** - session_history para compliance +5. **Indices eficientes** - Para consultas de validación rápidas + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creación inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| DBA | - | - | [ ] | +| Tech Lead | - | - | [ ] | +| Security | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-auth-backend.md b/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-auth-backend.md new file mode 100644 index 0000000..f76e410 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/especificaciones/ET-auth-backend.md @@ -0,0 +1,1749 @@ +# Especificacion Tecnica Backend - MGN-001 Auth + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-001 | +| **Nombre** | Auth - Autenticacion | +| **Version** | 1.0 | +| **Framework** | NestJS | +| **Estado** | En Diseño | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Estructura del Modulo + +``` +src/modules/auth/ +├── auth.module.ts +├── controllers/ +│ └── auth.controller.ts +├── services/ +│ ├── auth.service.ts +│ ├── token.service.ts +│ ├── password.service.ts +│ └── blacklist.service.ts +├── guards/ +│ ├── jwt-auth.guard.ts +│ └── throttler.guard.ts +├── strategies/ +│ └── jwt.strategy.ts +├── decorators/ +│ ├── current-user.decorator.ts +│ └── public.decorator.ts +├── dto/ +│ ├── login.dto.ts +│ ├── login-response.dto.ts +│ ├── refresh-token.dto.ts +│ ├── token-response.dto.ts +│ ├── request-password-reset.dto.ts +│ └── reset-password.dto.ts +├── interfaces/ +│ ├── jwt-payload.interface.ts +│ └── token-pair.interface.ts +├── entities/ +│ ├── refresh-token.entity.ts +│ ├── revoked-token.entity.ts +│ ├── session-history.entity.ts +│ ├── login-attempt.entity.ts +│ ├── password-reset-token.entity.ts +│ └── password-history.entity.ts +└── constants/ + └── auth.constants.ts +``` + +--- + +## Entidades + +### RefreshToken + +```typescript +// entities/refresh-token.entity.ts +import { + Entity, PrimaryGeneratedColumn, Column, ManyToOne, + CreateDateColumn, Index +} from 'typeorm'; +import { User } from '../../users/entities/user.entity'; +import { Tenant } from '../../tenants/entities/tenant.entity'; + +@Entity({ schema: 'core_auth', name: 'refresh_tokens' }) +@Index(['userId', 'tenantId'], { where: '"revoked_at" IS NULL AND "is_used" = false' }) +export class RefreshToken { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'user_id', type: 'uuid' }) + userId: string; + + @ManyToOne(() => User, { onDelete: 'CASCADE' }) + user: User; + + @Column({ name: 'tenant_id', type: 'uuid' }) + tenantId: string; + + @ManyToOne(() => Tenant, { onDelete: 'CASCADE' }) + tenant: Tenant; + + @Column({ type: 'varchar', length: 64, unique: true }) + jti: string; + + @Column({ name: 'token_hash', type: 'varchar', length: 255 }) + tokenHash: string; + + @Column({ name: 'family_id', type: 'uuid' }) + familyId: string; + + @Column({ name: 'is_used', type: 'boolean', default: false }) + isUsed: boolean; + + @Column({ name: 'used_at', type: 'timestamptz', nullable: true }) + usedAt: Date | null; + + @Column({ name: 'replaced_by', type: 'uuid', nullable: true }) + replacedBy: string | null; + + @Column({ name: 'device_info', type: 'varchar', length: 500, nullable: true }) + deviceInfo: string | null; + + @Column({ name: 'ip_address', type: 'inet', nullable: true }) + ipAddress: string | null; + + @Column({ name: 'expires_at', type: 'timestamptz' }) + expiresAt: Date; + + @Column({ name: 'revoked_at', type: 'timestamptz', nullable: true }) + revokedAt: Date | null; + + @Column({ name: 'revoked_reason', type: 'varchar', length: 50, nullable: true }) + revokedReason: string | null; + + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; +} +``` + +### SessionHistory + +```typescript +// entities/session-history.entity.ts +@Entity({ schema: 'core_auth', name: 'session_history' }) +export class SessionHistory { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'user_id', type: 'uuid' }) + userId: string; + + @Column({ name: 'tenant_id', type: 'uuid' }) + tenantId: string; + + @Column({ type: 'varchar', length: 30 }) + action: SessionAction; + + @Column({ name: 'device_info', type: 'varchar', length: 500, nullable: true }) + deviceInfo: string | null; + + @Column({ name: 'ip_address', type: 'inet', nullable: true }) + ipAddress: string | null; + + @Column({ type: 'jsonb', default: {} }) + metadata: Record; + + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; +} + +export type SessionAction = + | 'login' + | 'logout' + | 'logout_all' + | 'refresh' + | 'password_change' + | 'password_reset' + | 'account_locked' + | 'account_unlocked'; +``` + +### LoginAttempt + +```typescript +// entities/login-attempt.entity.ts +@Entity({ schema: 'core_auth', name: 'login_attempts' }) +export class LoginAttempt { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'varchar', length: 255 }) + email: string; + + @Column({ name: 'tenant_id', type: 'uuid', nullable: true }) + tenantId: string | null; + + @Column({ name: 'user_id', type: 'uuid', nullable: true }) + userId: string | null; + + @Column({ type: 'boolean' }) + success: boolean; + + @Column({ name: 'failure_reason', type: 'varchar', length: 50, nullable: true }) + failureReason: string | null; + + @Column({ name: 'ip_address', type: 'inet' }) + ipAddress: string; + + @Column({ name: 'user_agent', type: 'varchar', length: 500, nullable: true }) + userAgent: string | null; + + @Column({ name: 'attempted_at', type: 'timestamptz', default: () => 'NOW()' }) + attemptedAt: Date; +} +``` + +### PasswordResetToken + +```typescript +// entities/password-reset-token.entity.ts +@Entity({ schema: 'core_auth', name: 'password_reset_tokens' }) +export class PasswordResetToken { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'user_id', type: 'uuid' }) + userId: string; + + @Column({ name: 'tenant_id', type: 'uuid' }) + tenantId: string; + + @Column({ name: 'token_hash', type: 'varchar', length: 255 }) + tokenHash: string; + + @Column({ type: 'integer', default: 0 }) + attempts: number; + + @Column({ name: 'expires_at', type: 'timestamptz' }) + expiresAt: Date; + + @Column({ name: 'used_at', type: 'timestamptz', nullable: true }) + usedAt: Date | null; + + @Column({ name: 'invalidated_at', type: 'timestamptz', nullable: true }) + invalidatedAt: Date | null; + + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; +} +``` + +--- + +## Interfaces + +### JwtPayload + +```typescript +// interfaces/jwt-payload.interface.ts +export interface JwtPayload { + sub: string; // User ID + tid: string; // Tenant ID + email: string; + roles: string[]; + permissions?: string[]; + iat: number; // Issued At + exp: number; // Expiration + iss: string; // Issuer + aud: string; // Audience + jti: string; // JWT ID +} + +export interface JwtRefreshPayload extends Pick { + type: 'refresh'; +} +``` + +### TokenPair + +```typescript +// interfaces/token-pair.interface.ts +export interface TokenPair { + accessToken: string; + refreshToken: string; + accessTokenExpiresAt: Date; + refreshTokenExpiresAt: Date; + refreshTokenId: string; +} +``` + +--- + +## DTOs + +### LoginDto + +```typescript +// dto/login.dto.ts +import { IsEmail, IsString, MinLength, MaxLength, IsNotEmpty } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class LoginDto { + @ApiProperty({ + description: 'Email del usuario', + example: 'user@example.com', + }) + @IsEmail({}, { message: 'Email inválido' }) + @IsNotEmpty({ message: 'Email es requerido' }) + email: string; + + @ApiProperty({ + description: 'Contraseña del usuario', + example: 'SecurePass123!', + minLength: 8, + }) + @IsString() + @MinLength(8, { message: 'Password debe tener mínimo 8 caracteres' }) + @MaxLength(128, { message: 'Password no puede exceder 128 caracteres' }) + @IsNotEmpty({ message: 'Password es requerido' }) + password: string; +} +``` + +### LoginResponseDto + +```typescript +// dto/login-response.dto.ts +import { ApiProperty } from '@nestjs/swagger'; + +export class LoginResponseDto { + @ApiProperty({ + description: 'Access token JWT', + example: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...', + }) + accessToken: string; + + @ApiProperty({ + description: 'Refresh token JWT', + example: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...', + }) + refreshToken: string; + + @ApiProperty({ + description: 'Tipo de token', + example: 'Bearer', + }) + tokenType: string; + + @ApiProperty({ + description: 'Tiempo de expiración en segundos', + example: 900, + }) + expiresIn: number; + + @ApiProperty({ + description: 'Información básica del usuario', + }) + user: { + id: string; + email: string; + firstName: string; + lastName: string; + roles: string[]; + }; +} +``` + +### RefreshTokenDto + +```typescript +// dto/refresh-token.dto.ts +import { IsString, IsNotEmpty } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class RefreshTokenDto { + @ApiProperty({ + description: 'Refresh token para renovar sesión', + example: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...', + }) + @IsString() + @IsNotEmpty({ message: 'Refresh token es requerido' }) + refreshToken: string; +} +``` + +### TokenResponseDto + +```typescript +// dto/token-response.dto.ts +import { ApiProperty } from '@nestjs/swagger'; + +export class TokenResponseDto { + @ApiProperty() + accessToken: string; + + @ApiProperty() + refreshToken: string; + + @ApiProperty() + tokenType: string; + + @ApiProperty() + expiresIn: number; +} +``` + +### RequestPasswordResetDto + +```typescript +// dto/request-password-reset.dto.ts +import { IsEmail, IsNotEmpty } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class RequestPasswordResetDto { + @ApiProperty({ + description: 'Email del usuario', + example: 'user@example.com', + }) + @IsEmail({}, { message: 'Email inválido' }) + @IsNotEmpty({ message: 'Email es requerido' }) + email: string; +} +``` + +### ResetPasswordDto + +```typescript +// dto/reset-password.dto.ts +import { IsString, MinLength, MaxLength, Matches, IsNotEmpty } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class ResetPasswordDto { + @ApiProperty({ + description: 'Token de recuperación', + }) + @IsString() + @IsNotEmpty({ message: 'Token es requerido' }) + token: string; + + @ApiProperty({ + description: 'Nueva contraseña', + minLength: 8, + }) + @IsString() + @MinLength(8, { message: 'Password debe tener mínimo 8 caracteres' }) + @MaxLength(128, { message: 'Password no puede exceder 128 caracteres' }) + @Matches( + /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]/, + { + message: 'Password debe incluir mayúscula, minúscula, número y carácter especial', + }, + ) + @IsNotEmpty({ message: 'Password es requerido' }) + newPassword: string; + + @ApiProperty({ + description: 'Confirmación de nueva contraseña', + }) + @IsString() + @IsNotEmpty({ message: 'Confirmación de password es requerida' }) + confirmPassword: string; +} +``` + +--- + +## Endpoints + +### Resumen de Endpoints + +| Metodo | Ruta | Descripcion | Auth | Rate Limit | +|--------|------|-------------|------|------------| +| POST | `/api/v1/auth/login` | Autenticar usuario | No | 10/min/IP | +| POST | `/api/v1/auth/refresh` | Renovar tokens | No | 1/seg | +| POST | `/api/v1/auth/logout` | Cerrar sesion | Si | 10/min | +| POST | `/api/v1/auth/logout-all` | Cerrar todas las sesiones | Si | 5/min | +| POST | `/api/v1/auth/password/request-reset` | Solicitar recuperacion | No | 3/hora/email | +| POST | `/api/v1/auth/password/reset` | Cambiar password | No | 5/hora/IP | +| GET | `/api/v1/auth/password/validate-token/:token` | Validar token | No | 10/min | + +--- + +### POST /api/v1/auth/login + +Autentica un usuario con email y password. + +#### Request + +```typescript +// Headers +{ + "Content-Type": "application/json", + "X-Tenant-Id": "tenant-uuid" // Opcional si tenant único +} + +// Body +{ + "email": "user@example.com", + "password": "SecurePass123!" +} +``` + +#### Response Success (200) + +```typescript +{ + "accessToken": "eyJhbGciOiJSUzI1NiIs...", + "refreshToken": "eyJhbGciOiJSUzI1NiIs...", + "tokenType": "Bearer", + "expiresIn": 900, + "user": { + "id": "550e8400-e29b-41d4-a716-446655440000", + "email": "user@example.com", + "firstName": "John", + "lastName": "Doe", + "roles": ["admin"] + } +} +``` + +#### Response Errors + +| Code | Mensaje | Descripcion | +|------|---------|-------------| +| 400 | "Datos de entrada inválidos" | Validación fallida | +| 401 | "Credenciales inválidas" | Email/password incorrecto | +| 423 | "Cuenta bloqueada" | Demasiados intentos | +| 403 | "Cuenta inactiva" | Usuario deshabilitado | + +--- + +### POST /api/v1/auth/refresh + +Renueva el par de tokens usando un refresh token válido. + +#### Request + +```typescript +// Headers +{ + "Content-Type": "application/json" +} + +// Body +{ + "refreshToken": "eyJhbGciOiJSUzI1NiIs..." +} + +// O mediante httpOnly cookie (preferido) +// Cookie: refresh_token=eyJhbGciOiJSUzI1NiIs... +``` + +#### Response Success (200) + +```typescript +{ + "accessToken": "eyJhbGciOiJSUzI1NiIs...", + "refreshToken": "eyJhbGciOiJSUzI1NiIs...", + "tokenType": "Bearer", + "expiresIn": 900 +} +``` + +#### Response Errors + +| Code | Mensaje | Descripcion | +|------|---------|-------------| +| 400 | "Refresh token requerido" | No se envió token | +| 401 | "Refresh token expirado" | Token expiró | +| 401 | "Sesión comprometida" | Token replay detectado | +| 401 | "Token revocado" | Token fue revocado | + +--- + +### POST /api/v1/auth/logout + +Cierra la sesión actual del usuario. + +#### Request + +```typescript +// Headers +{ + "Authorization": "Bearer eyJhbGciOiJSUzI1NiIs..." +} + +// Cookie (refresh token) +// Cookie: refresh_token=eyJhbGciOiJSUzI1NiIs... +``` + +#### Response Success (200) + +```typescript +{ + "message": "Sesión cerrada exitosamente" +} + +// Set-Cookie: refresh_token=; Max-Age=0; HttpOnly; Secure; SameSite=Strict +``` + +--- + +### POST /api/v1/auth/logout-all + +Cierra todas las sesiones activas del usuario. + +#### Request + +```typescript +// Headers +{ + "Authorization": "Bearer eyJhbGciOiJSUzI1NiIs..." +} +``` + +#### Response Success (200) + +```typescript +{ + "message": "Todas las sesiones han sido cerradas", + "sessionsRevoked": 3 +} +``` + +--- + +### POST /api/v1/auth/password/request-reset + +Solicita un enlace de recuperación de contraseña. + +#### Request + +```typescript +{ + "email": "user@example.com" +} +``` + +#### Response Success (200) + +```typescript +{ + "message": "Si el email está registrado, recibirás instrucciones para restablecer tu contraseña" +} +``` + +> **Nota:** Siempre retorna 200 con mensaje genérico para no revelar existencia de emails. + +--- + +### POST /api/v1/auth/password/reset + +Establece una nueva contraseña usando el token de recuperación. + +#### Request + +```typescript +{ + "token": "a1b2c3d4e5f6...", + "newPassword": "NewSecurePass123!", + "confirmPassword": "NewSecurePass123!" +} +``` + +#### Response Success (200) + +```typescript +{ + "message": "Contraseña actualizada exitosamente. Por favor inicia sesión." +} +``` + +#### Response Errors + +| Code | Mensaje | Descripcion | +|------|---------|-------------| +| 400 | "Token de recuperación expirado" | Token > 1 hora | +| 400 | "Token ya fue utilizado" | Token usado | +| 400 | "Token invalidado" | 3+ intentos fallidos | +| 400 | "Las contraseñas no coinciden" | Confirmación diferente | +| 400 | "No puede ser igual a contraseñas anteriores" | Historial | + +--- + +### GET /api/v1/auth/password/validate-token/:token + +Valida si un token de recuperación es válido antes de mostrar el formulario. + +#### Request + +``` +GET /api/v1/auth/password/validate-token/a1b2c3d4e5f6... +``` + +#### Response Success (200) + +```typescript +{ + "valid": true, + "email": "u***@example.com" // Email parcialmente oculto +} +``` + +#### Response Invalid (400) + +```typescript +{ + "valid": false, + "reason": "expired" | "used" | "invalid" +} +``` + +--- + +## Services + +### AuthService + +```typescript +// services/auth.service.ts +import { Injectable, UnauthorizedException, ForbiddenException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository } from 'typeorm'; +import * as bcrypt from 'bcrypt'; +import { User } from '../../users/entities/user.entity'; +import { TokenService } from './token.service'; +import { LoginDto } from '../dto/login.dto'; +import { LoginResponseDto } from '../dto/login-response.dto'; +import { LoginAttempt } from '../entities/login-attempt.entity'; +import { SessionHistory } from '../entities/session-history.entity'; + +@Injectable() +export class AuthService { + private readonly MAX_FAILED_ATTEMPTS = 5; + private readonly LOCK_DURATION_MINUTES = 30; + + constructor( + @InjectRepository(User) + private readonly userRepository: Repository, + @InjectRepository(LoginAttempt) + private readonly loginAttemptRepository: Repository, + @InjectRepository(SessionHistory) + private readonly sessionHistoryRepository: Repository, + private readonly tokenService: TokenService, + ) {} + + async login(dto: LoginDto, metadata: RequestMetadata): Promise { + // 1. Buscar usuario por email + const user = await this.userRepository.findOne({ + where: { email: dto.email.toLowerCase() }, + relations: ['roles'], + }); + + // 2. Verificar si existe + if (!user) { + await this.recordLoginAttempt(dto.email, null, false, 'invalid_credentials', metadata); + throw new UnauthorizedException('Credenciales inválidas'); + } + + // 3. Verificar si está bloqueado + if (this.isAccountLocked(user)) { + await this.recordLoginAttempt(dto.email, user.id, false, 'account_locked', metadata); + throw new ForbiddenException('Cuenta bloqueada. Intenta de nuevo más tarde.'); + } + + // 4. Verificar si está activo + if (!user.isActive) { + await this.recordLoginAttempt(dto.email, user.id, false, 'account_inactive', metadata); + throw new ForbiddenException('Cuenta inactiva'); + } + + // 5. Verificar password + const isPasswordValid = await bcrypt.compare(dto.password, user.passwordHash); + if (!isPasswordValid) { + await this.handleFailedLogin(user, metadata); + throw new UnauthorizedException('Credenciales inválidas'); + } + + // 6. Login exitoso - resetear contador + await this.resetFailedAttempts(user); + + // 7. Generar tokens + const tokens = await this.tokenService.generateTokenPair(user, metadata); + + // 8. Registrar sesión + await this.recordLoginAttempt(dto.email, user.id, true, null, metadata); + await this.recordSessionHistory(user.id, user.tenantId, 'login', metadata); + + // 9. Construir respuesta + return { + accessToken: tokens.accessToken, + refreshToken: tokens.refreshToken, + tokenType: 'Bearer', + expiresIn: 900, // 15 minutos + user: { + id: user.id, + email: user.email, + firstName: user.firstName, + lastName: user.lastName, + roles: user.roles.map(r => r.name), + }, + }; + } + + async logout(userId: string, tenantId: string, refreshTokenJti: string, accessTokenJti: string): Promise { + // 1. Revocar refresh token + await this.tokenService.revokeRefreshToken(refreshTokenJti, 'user_logout'); + + // 2. Blacklistear access token + await this.tokenService.blacklistAccessToken(accessTokenJti); + + // 3. Registrar en historial + await this.recordSessionHistory(userId, tenantId, 'logout', {}); + } + + async logoutAll(userId: string, tenantId: string): Promise { + // 1. Revocar todos los refresh tokens + const revokedCount = await this.tokenService.revokeAllUserTokens(userId, 'logout_all'); + + // 2. Registrar en historial + await this.recordSessionHistory(userId, tenantId, 'logout_all', { + sessionsRevoked: revokedCount, + }); + + return revokedCount; + } + + private isAccountLocked(user: User): boolean { + if (!user.lockedUntil) return false; + return new Date() < user.lockedUntil; + } + + private async handleFailedLogin(user: User, metadata: RequestMetadata): Promise { + user.failedLoginAttempts = (user.failedLoginAttempts || 0) + 1; + + if (user.failedLoginAttempts >= this.MAX_FAILED_ATTEMPTS) { + user.lockedUntil = new Date(Date.now() + this.LOCK_DURATION_MINUTES * 60 * 1000); + await this.recordSessionHistory(user.id, user.tenantId, 'account_locked', {}); + } + + await this.userRepository.save(user); + await this.recordLoginAttempt(user.email, user.id, false, 'invalid_credentials', metadata); + } + + private async resetFailedAttempts(user: User): Promise { + if (user.failedLoginAttempts > 0 || user.lockedUntil) { + user.failedLoginAttempts = 0; + user.lockedUntil = null; + await this.userRepository.save(user); + } + } + + private async recordLoginAttempt( + email: string, + userId: string | null, + success: boolean, + failureReason: string | null, + metadata: RequestMetadata, + ): Promise { + await this.loginAttemptRepository.save({ + email, + userId, + success, + failureReason, + ipAddress: metadata.ipAddress, + userAgent: metadata.userAgent, + }); + } + + private async recordSessionHistory( + userId: string, + tenantId: string, + action: SessionAction, + metadata: Record, + ): Promise { + await this.sessionHistoryRepository.save({ + userId, + tenantId, + action, + metadata, + }); + } +} + +interface RequestMetadata { + ipAddress: string; + userAgent: string; + deviceInfo?: string; +} +``` + +### TokenService + +```typescript +// services/token.service.ts +import { Injectable, UnauthorizedException } from '@nestjs/common'; +import { JwtService } from '@nestjs/jwt'; +import { ConfigService } from '@nestjs/config'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, IsNull } from 'typeorm'; +import * as crypto from 'crypto'; +import * as bcrypt from 'bcrypt'; +import { v4 as uuidv4 } from 'uuid'; +import { RefreshToken } from '../entities/refresh-token.entity'; +import { JwtPayload, JwtRefreshPayload } from '../interfaces/jwt-payload.interface'; +import { TokenPair } from '../interfaces/token-pair.interface'; +import { BlacklistService } from './blacklist.service'; + +@Injectable() +export class TokenService { + private readonly accessTokenExpiry = '15m'; + private readonly refreshTokenExpiry = '7d'; + + constructor( + private readonly jwtService: JwtService, + private readonly configService: ConfigService, + @InjectRepository(RefreshToken) + private readonly refreshTokenRepository: Repository, + private readonly blacklistService: BlacklistService, + ) {} + + async generateTokenPair(user: any, metadata: any): Promise { + const accessTokenJti = uuidv4(); + const refreshTokenJti = uuidv4(); + const familyId = uuidv4(); + + // Generar Access Token + const accessPayload: JwtPayload = { + sub: user.id, + tid: user.tenantId, + email: user.email, + roles: user.roles.map((r: any) => r.name), + iat: Math.floor(Date.now() / 1000), + exp: Math.floor(Date.now() / 1000) + 900, // 15 min + iss: 'erp-core', + aud: 'erp-api', + jti: accessTokenJti, + }; + + const accessToken = this.jwtService.sign(accessPayload, { + algorithm: 'RS256', + privateKey: this.configService.get('JWT_PRIVATE_KEY'), + }); + + // Generar Refresh Token + const refreshPayload: JwtRefreshPayload = { + sub: user.id, + tid: user.tenantId, + jti: refreshTokenJti, + type: 'refresh', + iat: Math.floor(Date.now() / 1000), + exp: Math.floor(Date.now() / 1000) + 7 * 24 * 60 * 60, // 7 días + iss: 'erp-core', + aud: 'erp-api', + }; + + const refreshToken = this.jwtService.sign(refreshPayload, { + algorithm: 'RS256', + privateKey: this.configService.get('JWT_PRIVATE_KEY'), + }); + + // Almacenar refresh token en BD + const tokenHash = await bcrypt.hash(refreshToken, 10); + const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); + + await this.refreshTokenRepository.save({ + userId: user.id, + tenantId: user.tenantId, + jti: refreshTokenJti, + tokenHash, + familyId, + ipAddress: metadata.ipAddress, + deviceInfo: metadata.userAgent, + expiresAt, + }); + + return { + accessToken, + refreshToken, + accessTokenExpiresAt: new Date(accessPayload.exp * 1000), + refreshTokenExpiresAt: expiresAt, + refreshTokenId: refreshTokenJti, + }; + } + + async refreshTokens(refreshToken: string): Promise { + // 1. Decodificar token + let decoded: JwtRefreshPayload; + try { + decoded = this.jwtService.verify(refreshToken, { + algorithms: ['RS256'], + publicKey: this.configService.get('JWT_PUBLIC_KEY'), + }); + } catch (error) { + throw new UnauthorizedException('Refresh token inválido'); + } + + // 2. Buscar en BD + const storedToken = await this.refreshTokenRepository.findOne({ + where: { jti: decoded.jti }, + }); + + if (!storedToken) { + throw new UnauthorizedException('Refresh token no encontrado'); + } + + // 3. Verificar si está revocado + if (storedToken.revokedAt) { + throw new UnauthorizedException('Token revocado'); + } + + // 4. Detectar reuso (token replay attack) + if (storedToken.isUsed) { + // ALERTA DE SEGURIDAD: Token replay detectado + await this.revokeTokenFamily(storedToken.familyId); + throw new UnauthorizedException('Sesión comprometida. Por favor inicia sesión nuevamente.'); + } + + // 5. Verificar expiración + if (new Date() > storedToken.expiresAt) { + throw new UnauthorizedException('Refresh token expirado'); + } + + // 6. Marcar como usado + storedToken.isUsed = true; + storedToken.usedAt = new Date(); + + // 7. Obtener usuario + const user = await this.getUserForRefresh(decoded.sub); + + // 8. Generar nuevos tokens (misma familia) + const newTokens = await this.generateTokenPairWithFamily( + user, + storedToken.familyId, + { ipAddress: storedToken.ipAddress, userAgent: storedToken.deviceInfo }, + ); + + // 9. Actualizar token anterior con referencia al nuevo + storedToken.replacedBy = newTokens.refreshTokenId; + await this.refreshTokenRepository.save(storedToken); + + return newTokens; + } + + async revokeRefreshToken(jti: string, reason: string): Promise { + await this.refreshTokenRepository.update( + { jti }, + { revokedAt: new Date(), revokedReason: reason }, + ); + } + + async revokeAllUserTokens(userId: string, reason: string): Promise { + const result = await this.refreshTokenRepository.update( + { userId, revokedAt: IsNull() }, + { revokedAt: new Date(), revokedReason: reason }, + ); + return result.affected || 0; + } + + async revokeTokenFamily(familyId: string): Promise { + await this.refreshTokenRepository.update( + { familyId, revokedAt: IsNull() }, + { revokedAt: new Date(), revokedReason: 'security_breach' }, + ); + } + + async blacklistAccessToken(jti: string, expiresIn?: number): Promise { + const ttl = expiresIn || 900; // Default 15 min + await this.blacklistService.blacklist(jti, ttl); + } + + async isAccessTokenBlacklisted(jti: string): Promise { + return this.blacklistService.isBlacklisted(jti); + } + + private async generateTokenPairWithFamily( + user: any, + familyId: string, + metadata: any, + ): Promise { + // Similar a generateTokenPair pero usa familyId existente + // ... implementation + return {} as TokenPair; // Placeholder + } + + private async getUserForRefresh(userId: string): Promise { + // Obtener usuario con roles actualizados + // ... implementation + return {}; // Placeholder + } +} +``` + +### PasswordService + +```typescript +// services/password.service.ts +import { Injectable, BadRequestException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, IsNull, MoreThan } from 'typeorm'; +import * as crypto from 'crypto'; +import * as bcrypt from 'bcrypt'; +import { User } from '../../users/entities/user.entity'; +import { PasswordResetToken } from '../entities/password-reset-token.entity'; +import { PasswordHistory } from '../entities/password-history.entity'; +import { EmailService } from '../../notifications/services/email.service'; +import { TokenService } from './token.service'; + +@Injectable() +export class PasswordService { + private readonly TOKEN_EXPIRY_HOURS = 1; + private readonly MAX_ATTEMPTS = 3; + private readonly PASSWORD_HISTORY_LIMIT = 5; + + constructor( + @InjectRepository(User) + private readonly userRepository: Repository, + @InjectRepository(PasswordResetToken) + private readonly resetTokenRepository: Repository, + @InjectRepository(PasswordHistory) + private readonly passwordHistoryRepository: Repository, + private readonly emailService: EmailService, + private readonly tokenService: TokenService, + ) {} + + async requestPasswordReset(email: string): Promise { + const user = await this.userRepository.findOne({ + where: { email: email.toLowerCase() }, + }); + + // No revelar si el email existe + if (!user) { + return; + } + + // Invalidar tokens anteriores + await this.resetTokenRepository.update( + { userId: user.id, usedAt: IsNull(), invalidatedAt: IsNull() }, + { invalidatedAt: new Date() }, + ); + + // Generar nuevo token + const token = crypto.randomBytes(32).toString('hex'); + const tokenHash = await bcrypt.hash(token, 10); + const expiresAt = new Date(Date.now() + this.TOKEN_EXPIRY_HOURS * 60 * 60 * 1000); + + await this.resetTokenRepository.save({ + userId: user.id, + tenantId: user.tenantId, + tokenHash, + expiresAt, + }); + + // Enviar email + await this.emailService.sendPasswordResetEmail(user.email, token, user.firstName); + } + + async validateResetToken(token: string): Promise<{ valid: boolean; email?: string; reason?: string }> { + const resetTokens = await this.resetTokenRepository.find({ + where: { + usedAt: IsNull(), + invalidatedAt: IsNull(), + expiresAt: MoreThan(new Date()), + }, + }); + + for (const resetToken of resetTokens) { + const isMatch = await bcrypt.compare(token, resetToken.tokenHash); + if (isMatch) { + if (resetToken.attempts >= this.MAX_ATTEMPTS) { + return { valid: false, reason: 'invalid' }; + } + + const user = await this.userRepository.findOne({ + where: { id: resetToken.userId }, + }); + + return { + valid: true, + email: this.maskEmail(user?.email || ''), + }; + } + } + + return { valid: false, reason: 'invalid' }; + } + + async resetPassword(token: string, newPassword: string): Promise { + // 1. Buscar token válido + const resetTokens = await this.resetTokenRepository.find({ + where: { + usedAt: IsNull(), + invalidatedAt: IsNull(), + }, + }); + + let matchedToken: PasswordResetToken | null = null; + + for (const resetToken of resetTokens) { + const isMatch = await bcrypt.compare(token, resetToken.tokenHash); + if (isMatch) { + matchedToken = resetToken; + break; + } + } + + if (!matchedToken) { + throw new BadRequestException('Token de recuperación inválido'); + } + + // 2. Verificar expiración + if (new Date() > matchedToken.expiresAt) { + throw new BadRequestException('Token de recuperación expirado'); + } + + // 3. Verificar intentos + if (matchedToken.attempts >= this.MAX_ATTEMPTS) { + matchedToken.invalidatedAt = new Date(); + await this.resetTokenRepository.save(matchedToken); + throw new BadRequestException('Token invalidado por demasiados intentos'); + } + + // 4. Obtener usuario + const user = await this.userRepository.findOne({ + where: { id: matchedToken.userId }, + }); + + if (!user) { + throw new BadRequestException('Usuario no encontrado'); + } + + // 5. Verificar que no sea password anterior + const isReused = await this.isPasswordReused(user.id, newPassword); + if (isReused) { + matchedToken.attempts += 1; + await this.resetTokenRepository.save(matchedToken); + throw new BadRequestException('No puedes usar una contraseña anterior'); + } + + // 6. Hashear nuevo password + const passwordHash = await bcrypt.hash(newPassword, 12); + + // 7. Guardar en historial + await this.passwordHistoryRepository.save({ + userId: user.id, + tenantId: user.tenantId, + passwordHash, + }); + + // 8. Actualizar usuario + user.passwordHash = passwordHash; + await this.userRepository.save(user); + + // 9. Marcar token como usado + matchedToken.usedAt = new Date(); + await this.resetTokenRepository.save(matchedToken); + + // 10. Revocar todas las sesiones + await this.tokenService.revokeAllUserTokens(user.id, 'password_change'); + + // 11. Enviar email de confirmación + await this.emailService.sendPasswordChangedEmail(user.email, user.firstName); + } + + private async isPasswordReused(userId: string, newPassword: string): Promise { + const history = await this.passwordHistoryRepository.find({ + where: { userId }, + order: { createdAt: 'DESC' }, + take: this.PASSWORD_HISTORY_LIMIT, + }); + + for (const record of history) { + const isMatch = await bcrypt.compare(newPassword, record.passwordHash); + if (isMatch) return true; + } + + return false; + } + + private maskEmail(email: string): string { + const [local, domain] = email.split('@'); + const maskedLocal = local.charAt(0) + '***'; + return `${maskedLocal}@${domain}`; + } +} +``` + +### BlacklistService + +```typescript +// services/blacklist.service.ts +import { Injectable } from '@nestjs/common'; +import { InjectRedis } from '@nestjs-modules/ioredis'; +import Redis from 'ioredis'; + +@Injectable() +export class BlacklistService { + private readonly PREFIX = 'token:blacklist:'; + + constructor( + @InjectRedis() private readonly redis: Redis, + ) {} + + async blacklist(jti: string, ttlSeconds: number): Promise { + const key = `${this.PREFIX}${jti}`; + await this.redis.set(key, '1', 'EX', ttlSeconds); + } + + async isBlacklisted(jti: string): Promise { + const key = `${this.PREFIX}${jti}`; + const result = await this.redis.get(key); + return result !== null; + } + + async removeFromBlacklist(jti: string): Promise { + const key = `${this.PREFIX}${jti}`; + await this.redis.del(key); + } +} +``` + +--- + +## Controller + +```typescript +// controllers/auth.controller.ts +import { + Controller, Post, Get, Body, Param, Req, Res, + HttpCode, HttpStatus, UseGuards +} from '@nestjs/common'; +import { Response, Request } from 'express'; +import { ApiTags, ApiOperation, ApiResponse, ApiBearerAuth } from '@nestjs/swagger'; +import { Throttle } from '@nestjs/throttler'; +import { AuthService } from '../services/auth.service'; +import { TokenService } from '../services/token.service'; +import { PasswordService } from '../services/password.service'; +import { LoginDto } from '../dto/login.dto'; +import { LoginResponseDto } from '../dto/login-response.dto'; +import { RefreshTokenDto } from '../dto/refresh-token.dto'; +import { TokenResponseDto } from '../dto/token-response.dto'; +import { RequestPasswordResetDto } from '../dto/request-password-reset.dto'; +import { ResetPasswordDto } from '../dto/reset-password.dto'; +import { JwtAuthGuard } from '../guards/jwt-auth.guard'; +import { Public } from '../decorators/public.decorator'; +import { CurrentUser } from '../decorators/current-user.decorator'; + +@ApiTags('Auth') +@Controller('api/v1/auth') +export class AuthController { + constructor( + private readonly authService: AuthService, + private readonly tokenService: TokenService, + private readonly passwordService: PasswordService, + ) {} + + @Post('login') + @Public() + @Throttle({ default: { limit: 10, ttl: 60000 } }) // 10 requests/min + @HttpCode(HttpStatus.OK) + @ApiOperation({ summary: 'Autenticar usuario' }) + @ApiResponse({ status: 200, type: LoginResponseDto }) + @ApiResponse({ status: 401, description: 'Credenciales inválidas' }) + @ApiResponse({ status: 423, description: 'Cuenta bloqueada' }) + async login( + @Body() dto: LoginDto, + @Req() req: Request, + @Res({ passthrough: true }) res: Response, + ): Promise { + const metadata = { + ipAddress: req.ip, + userAgent: req.headers['user-agent'] || '', + }; + + const result = await this.authService.login(dto, metadata); + + // Set refresh token as httpOnly cookie + res.cookie('refresh_token', result.refreshToken, { + httpOnly: true, + secure: process.env.NODE_ENV === 'production', + sameSite: 'strict', + maxAge: 7 * 24 * 60 * 60 * 1000, // 7 días + }); + + return result; + } + + @Post('refresh') + @Public() + @Throttle({ default: { limit: 1, ttl: 1000 } }) // 1 request/sec + @HttpCode(HttpStatus.OK) + @ApiOperation({ summary: 'Renovar tokens' }) + @ApiResponse({ status: 200, type: TokenResponseDto }) + @ApiResponse({ status: 401, description: 'Token inválido o expirado' }) + async refresh( + @Body() dto: RefreshTokenDto, + @Req() req: Request, + @Res({ passthrough: true }) res: Response, + ): Promise { + // Preferir cookie sobre body + const refreshToken = req.cookies['refresh_token'] || dto.refreshToken; + + const tokens = await this.tokenService.refreshTokens(refreshToken); + + // Update cookie + res.cookie('refresh_token', tokens.refreshToken, { + httpOnly: true, + secure: process.env.NODE_ENV === 'production', + sameSite: 'strict', + maxAge: 7 * 24 * 60 * 60 * 1000, + }); + + return { + accessToken: tokens.accessToken, + refreshToken: tokens.refreshToken, + tokenType: 'Bearer', + expiresIn: 900, + }; + } + + @Post('logout') + @UseGuards(JwtAuthGuard) + @HttpCode(HttpStatus.OK) + @ApiBearerAuth() + @ApiOperation({ summary: 'Cerrar sesión' }) + @ApiResponse({ status: 200, description: 'Sesión cerrada' }) + async logout( + @CurrentUser() user: any, + @Req() req: Request, + @Res({ passthrough: true }) res: Response, + ): Promise<{ message: string }> { + const refreshToken = req.cookies['refresh_token']; + const accessTokenJti = user.jti; + + await this.authService.logout( + user.sub, + user.tid, + refreshToken, // Extraer jti del refresh token + accessTokenJti, + ); + + // Clear cookie + res.clearCookie('refresh_token'); + + return { message: 'Sesión cerrada exitosamente' }; + } + + @Post('logout-all') + @UseGuards(JwtAuthGuard) + @Throttle({ default: { limit: 5, ttl: 60000 } }) + @HttpCode(HttpStatus.OK) + @ApiBearerAuth() + @ApiOperation({ summary: 'Cerrar todas las sesiones' }) + @ApiResponse({ status: 200, description: 'Todas las sesiones cerradas' }) + async logoutAll( + @CurrentUser() user: any, + @Res({ passthrough: true }) res: Response, + ): Promise<{ message: string; sessionsRevoked: number }> { + const count = await this.authService.logoutAll(user.sub, user.tid); + + res.clearCookie('refresh_token'); + + return { + message: 'Todas las sesiones han sido cerradas', + sessionsRevoked: count, + }; + } + + @Post('password/request-reset') + @Public() + @Throttle({ default: { limit: 3, ttl: 3600000 } }) // 3/hora + @HttpCode(HttpStatus.OK) + @ApiOperation({ summary: 'Solicitar recuperación de contraseña' }) + @ApiResponse({ status: 200, description: 'Email enviado si existe' }) + async requestPasswordReset( + @Body() dto: RequestPasswordResetDto, + ): Promise<{ message: string }> { + await this.passwordService.requestPasswordReset(dto.email); + return { + message: 'Si el email está registrado, recibirás instrucciones para restablecer tu contraseña', + }; + } + + @Get('password/validate-token/:token') + @Public() + @Throttle({ default: { limit: 10, ttl: 60000 } }) + @ApiOperation({ summary: 'Validar token de recuperación' }) + @ApiResponse({ status: 200 }) + async validateResetToken( + @Param('token') token: string, + ): Promise<{ valid: boolean; email?: string; reason?: string }> { + return this.passwordService.validateResetToken(token); + } + + @Post('password/reset') + @Public() + @Throttle({ default: { limit: 5, ttl: 3600000 } }) // 5/hora + @HttpCode(HttpStatus.OK) + @ApiOperation({ summary: 'Restablecer contraseña' }) + @ApiResponse({ status: 200, description: 'Contraseña actualizada' }) + @ApiResponse({ status: 400, description: 'Token inválido o expirado' }) + async resetPassword( + @Body() dto: ResetPasswordDto, + ): Promise<{ message: string }> { + if (dto.newPassword !== dto.confirmPassword) { + throw new BadRequestException('Las contraseñas no coinciden'); + } + + await this.passwordService.resetPassword(dto.token, dto.newPassword); + + return { + message: 'Contraseña actualizada exitosamente. Por favor inicia sesión.', + }; + } +} +``` + +--- + +## Guards y Decorators + +### JwtAuthGuard + +```typescript +// guards/jwt-auth.guard.ts +import { Injectable, ExecutionContext, UnauthorizedException } from '@nestjs/common'; +import { AuthGuard } from '@nestjs/passport'; +import { Reflector } from '@nestjs/core'; +import { IS_PUBLIC_KEY } from '../decorators/public.decorator'; +import { BlacklistService } from '../services/blacklist.service'; + +@Injectable() +export class JwtAuthGuard extends AuthGuard('jwt') { + constructor( + private reflector: Reflector, + private blacklistService: BlacklistService, + ) { + super(); + } + + async canActivate(context: ExecutionContext): Promise { + // Check if route is public + const isPublic = this.reflector.getAllAndOverride(IS_PUBLIC_KEY, [ + context.getHandler(), + context.getClass(), + ]); + + if (isPublic) { + return true; + } + + // Run passport strategy + const canActivate = await super.canActivate(context); + if (!canActivate) { + return false; + } + + // Check if token is blacklisted + const request = context.switchToHttp().getRequest(); + const user = request.user; + + if (user?.jti) { + const isBlacklisted = await this.blacklistService.isBlacklisted(user.jti); + if (isBlacklisted) { + throw new UnauthorizedException('Token revocado'); + } + } + + return true; + } + + handleRequest(err: any, user: any, info: any) { + if (err || !user) { + throw err || new UnauthorizedException('Token inválido o expirado'); + } + return user; + } +} +``` + +### Public Decorator + +```typescript +// decorators/public.decorator.ts +import { SetMetadata } from '@nestjs/common'; + +export const IS_PUBLIC_KEY = 'isPublic'; +export const Public = () => SetMetadata(IS_PUBLIC_KEY, true); +``` + +### CurrentUser Decorator + +```typescript +// decorators/current-user.decorator.ts +import { createParamDecorator, ExecutionContext } from '@nestjs/common'; + +export const CurrentUser = createParamDecorator( + (data: string, ctx: ExecutionContext) => { + const request = ctx.switchToHttp().getRequest(); + const user = request.user; + return data ? user?.[data] : user; + }, +); +``` + +--- + +## Configuracion + +### JWT Config + +```typescript +// config/jwt.config.ts +import { registerAs } from '@nestjs/config'; + +export default registerAs('jwt', () => ({ + accessToken: { + algorithm: 'RS256', + expiresIn: '15m', + issuer: 'erp-core', + audience: 'erp-api', + }, + refreshToken: { + algorithm: 'RS256', + expiresIn: '7d', + issuer: 'erp-core', + audience: 'erp-api', + }, + privateKey: process.env.JWT_PRIVATE_KEY, + publicKey: process.env.JWT_PUBLIC_KEY, +})); +``` + +### Auth Module + +```typescript +// auth.module.ts +import { Module } from '@nestjs/common'; +import { TypeOrmModule } from '@nestjs/typeorm'; +import { JwtModule } from '@nestjs/jwt'; +import { PassportModule } from '@nestjs/passport'; +import { ThrottlerModule } from '@nestjs/throttler'; +import { AuthController } from './controllers/auth.controller'; +import { AuthService } from './services/auth.service'; +import { TokenService } from './services/token.service'; +import { PasswordService } from './services/password.service'; +import { BlacklistService } from './services/blacklist.service'; +import { JwtStrategy } from './strategies/jwt.strategy'; +import { JwtAuthGuard } from './guards/jwt-auth.guard'; +import { RefreshToken } from './entities/refresh-token.entity'; +import { RevokedToken } from './entities/revoked-token.entity'; +import { SessionHistory } from './entities/session-history.entity'; +import { LoginAttempt } from './entities/login-attempt.entity'; +import { PasswordResetToken } from './entities/password-reset-token.entity'; +import { PasswordHistory } from './entities/password-history.entity'; + +@Module({ + imports: [ + TypeOrmModule.forFeature([ + RefreshToken, + RevokedToken, + SessionHistory, + LoginAttempt, + PasswordResetToken, + PasswordHistory, + ]), + PassportModule.register({ defaultStrategy: 'jwt' }), + JwtModule.register({}), + ThrottlerModule.forRoot([{ + ttl: 60000, + limit: 10, + }]), + ], + controllers: [AuthController], + providers: [ + AuthService, + TokenService, + PasswordService, + BlacklistService, + JwtStrategy, + JwtAuthGuard, + ], + exports: [ + AuthService, + TokenService, + JwtAuthGuard, + ], +}) +export class AuthModule {} +``` + +--- + +## Manejo de Errores + +### Error Responses + +```typescript +// Estructura estándar de error +{ + "statusCode": 401, + "message": "Credenciales inválidas", + "error": "Unauthorized", + "timestamp": "2025-12-05T10:30:00.000Z", + "path": "/api/v1/auth/login" +} +``` + +### Códigos de Error + +| Código | Constante | Descripción | +|--------|-----------|-------------| +| AUTH001 | INVALID_CREDENTIALS | Email o password incorrecto | +| AUTH002 | ACCOUNT_LOCKED | Cuenta bloqueada por intentos | +| AUTH003 | ACCOUNT_INACTIVE | Cuenta deshabilitada | +| AUTH004 | TOKEN_EXPIRED | Token expirado | +| AUTH005 | TOKEN_INVALID | Token malformado o inválido | +| AUTH006 | TOKEN_REVOKED | Token revocado | +| AUTH007 | SESSION_COMPROMISED | Reuso de token detectado | +| AUTH008 | RESET_TOKEN_EXPIRED | Token de reset expirado | +| AUTH009 | RESET_TOKEN_USED | Token de reset ya usado | +| AUTH010 | PASSWORD_REUSED | Password igual a anterior | + +--- + +## Notas de Implementacion + +1. **Seguridad:** + - Siempre usar HTTPS en producción + - Refresh token SOLO en httpOnly cookie + - Rate limiting en todos los endpoints + - No revelar existencia de emails + +2. **Performance:** + - Blacklist en Redis (no en PostgreSQL) + - Índices apropiados en tablas de tokens + - Connection pooling para BD + +3. **Monitoreo:** + - Loguear todos los eventos de auth + - Alertas en detección de token replay + - Métricas de intentos fallidos + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creación inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Tech Lead | - | - | [ ] | +| Security | - | - | [ ] | +| Backend Lead | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/especificaciones/auth-domain.md b/docs/01-fase-foundation/MGN-001-auth/especificaciones/auth-domain.md new file mode 100644 index 0000000..d31d54e --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/especificaciones/auth-domain.md @@ -0,0 +1,267 @@ +# MODELO DE DOMINIO: Autenticación y Autorización + +**Módulos:** MGN-001 (Fundamentos), MGN-002 (Empresas) +**Fecha:** 2025-11-24 +**Referencia Odoo:** base, auth_signup +**Referencia Gamilit:** auth_management schema + +--- + +## Diagrama de Entidades (Texto UML) + +``` +[Tenant] + - id: UUID (PK) + - name: String + - subdomain: String + - schema_name: String + - status: ENUM (active, suspended) + - settings: JSONB + + 1 <----> * [Company] + 1 <----> * [User] + +[Company] + - id: UUID (PK) + - tenant_id: UUID (FK) + - name: String + - tax_id: String + - currency_id: UUID (FK) + - settings: JSONB + + 1 <----> * [User] + +[User] + - id: UUID (PK) + - tenant_id: UUID (FK) + - email: String (UNIQUE per tenant) + - password_hash: String + - full_name: String + - status: ENUM (active, inactive, suspended) + - is_superuser: Boolean + + * <----> * [Role] (through UserRole) + 1 <----> * [Session] + +[Role] + - id: UUID (PK) + - tenant_id: UUID (FK) + - name: String + - code: String + - description: Text + + * <----> * [Permission] (through RolePermission) + +[Permission] + - id: UUID (PK) + - resource: String (ej: 'purchase_orders') + - action: ENUM (create, read, update, delete, approve) + - description: Text + +[Session] + - id: UUID (PK) + - user_id: UUID (FK) + - token: String + - expires_at: Timestamp + - ip_address: String + - user_agent: String + +[UserRole] (many-to-many) + - user_id: UUID (FK) + - role_id: UUID (FK) + +[RolePermission] (many-to-many) + - role_id: UUID (FK) + - permission_id: UUID (FK) +``` + +## Entidades Principales + +### 1. Tenant (Multi-Tenancy) +**Descripción:** Representa un tenant (empresa matriz o grupo). Cada tenant tiene su propio schema PostgreSQL. + +**Atributos:** +- `id`: Identificador único +- `name`: Nombre del tenant +- `subdomain`: Subdominio (ej: 'acme' → acme.erp.com) +- `schema_name`: Nombre del schema PostgreSQL (ej: 'tenant_acme') +- `status`: Estado (active, suspended) +- `settings`: Configuración JSON (logo, tema, etc.) + +**Relaciones:** +- 1 Tenant → N Companies +- 1 Tenant → N Users + +**Patrón Odoo:** Similar a res.company pero en un nivel superior +**Patrón Gamilit:** Implementado con schema-level isolation + +**RLS Policy:** +```sql +-- Usuarios solo ven su tenant +CREATE POLICY tenant_isolation ON tenants +USING (id = get_current_tenant_id()); +``` + +### 2. Company (Empresa) +**Descripción:** Empresa dentro de un tenant. Permite multi-empresa. + +**Atributos:** +- `id`: UUID +- `tenant_id`: Tenant propietario +- `name`: Nombre empresa +- `tax_id`: RFC/Tax ID +- `currency_id`: Moneda por defecto +- `settings`: JSONB (dirección, contacto, etc.) + +**Relaciones:** +- N Companies → 1 Tenant +- 1 Company → N Users (usuarios pueden estar en múltiples empresas) + +**Patrón Odoo:** res.company +**Validaciones:** +- Un tenant debe tener al menos 1 company +- tax_id único por tenant + +### 3. User (Usuario) +**Descripción:** Usuario del sistema con roles y permisos. + +**Atributos:** +- `id`: UUID +- `tenant_id`: Tenant propietario +- `email`: Email (único por tenant) +- `password_hash`: bcrypt hash +- `full_name`: Nombre completo +- `status`: active, inactive, suspended +- `is_superuser`: Admin total del tenant + +**Relaciones:** +- N Users → 1 Tenant +- N Users ←→ N Roles (many-to-many) +- 1 User → N Sessions + +**Patrón Odoo:** res.users +**Patrón Gamilit:** auth.users con tenant_id + +**Validaciones:** +- email único por tenant (no global) +- password mínimo 8 caracteres +- is_superuser requiere aprobación + +**RLS Policy:** +```sql +CREATE POLICY users_own_tenant ON users +USING (tenant_id = get_current_tenant_id()); +``` + +### 4. Role (Rol) +**Descripción:** Rol con permisos asignados (RBAC). + +**Atributos:** +- `id`: UUID +- `tenant_id`: Tenant propietario +- `name`: Nombre del rol +- `code`: Código único (ej: 'admin', 'buyer') +- `description`: Descripción + +**Relaciones:** +- N Roles → 1 Tenant +- N Roles ←→ N Permissions + +**Patrón Odoo:** res.groups +**Roles predefinidos:** +- `admin`: Administrador del tenant +- `manager`: Gerente (full access transaccional) +- `user`: Usuario normal +- `readonly`: Solo lectura + +### 5. Permission (Permiso) +**Descripción:** Permiso granular sobre recursos. + +**Atributos:** +- `id`: UUID +- `resource`: Recurso (tabla/endpoint) (ej: 'purchase_orders') +- `action`: create, read, update, delete, approve, cancel + +**Ejemplo de permisos:** +``` +Resource: purchase_orders +Actions: create, read, update, delete, approve +``` + +**Patrón Odoo:** ir.model.access + ir.rule +**Implementación:** Validado en backend + RLS policies en BD + +### 6. Session (Sesión) +**Descripción:** Sesión JWT de usuario. + +**Atributos:** +- `id`: UUID +- `user_id`: Usuario propietario +- `token`: JWT token +- `expires_at`: Expiración +- `ip_address`: IP de origen +- `user_agent`: Navegador + +**Patrón Gamilit:** auth.sessions + +## Reglas de Negocio + +### RN-AUTH-001: Multi-Tenancy Obligatorio +- TODO usuario pertenece a exactamente 1 tenant +- TODO dato transaccional tiene tenant_id +- Aislamiento completo entre tenants (schema-level) + +### RN-AUTH-002: RBAC Granular +- Usuario puede tener múltiples roles +- Permisos se calculan como UNION de permisos de roles +- is_superuser bypassa todos los checks + +### RN-AUTH-003: Sesiones JWT +- Expiración: 8 horas +- Refresh token: 30 días +- Invalidación: Logout o expiración + +### RN-AUTH-004: Passwords Seguros +- Mínimo 8 caracteres +- Debe incluir: mayúscula, minúscula, número +- bcrypt hash (cost factor 12) + +## Casos de Uso Principales + +1. **UC-AUTH-001:** Login de usuario +2. **UC-AUTH-002:** Registro de nuevo tenant +3. **UC-AUTH-003:** Asignar rol a usuario +4. **UC-AUTH-004:** Validar permisos para acción +5. **UC-AUTH-005:** Reset password +6. **UC-AUTH-006:** Cambiar de empresa (multi-company) + +## Validaciones y Constraints + +```sql +-- Email único por tenant +UNIQUE (tenant_id, email) + +-- Status válidos +CHECK (status IN ('active', 'inactive', 'suspended')) + +-- Al menos 1 admin por tenant +-- (trigger custom) + +-- Session expiration +CHECK (expires_at > created_at) +``` + +## Índices Requeridos + +```sql +CREATE INDEX idx_users_tenant_id ON auth.users(tenant_id); +CREATE INDEX idx_users_email ON auth.users(email); +CREATE INDEX idx_sessions_user_id ON auth.sessions(user_id); +CREATE INDEX idx_sessions_token ON auth.sessions(token); +CREATE INDEX idx_user_roles_user_id ON auth.user_roles(user_id); +``` + +## Referencias +- [ALCANCE-POR-MODULO.md - MGN-001](../../01-definicion-modulos/ALCANCE-POR-MODULO.md#mgn-001) +- [odoo-base-analysis.md](../../00-analisis-referencias/odoo/odoo-base-analysis.md) +- [ADR-006: RBAC](../../adr/ADR-006-rbac-sistema-permisos.md) diff --git a/docs/01-fase-foundation/MGN-001-auth/historias-usuario/BACKLOG-MGN001.md b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/BACKLOG-MGN001.md new file mode 100644 index 0000000..b94be00 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/BACKLOG-MGN001.md @@ -0,0 +1,162 @@ +# Backlog del Modulo MGN-001: Auth + +## Resumen + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-001 | +| **Nombre** | Auth - Autenticacion | +| **Total User Stories** | 4 | +| **Total Story Points** | 29 | +| **Estado** | En documentacion | +| **Fecha** | 2025-12-05 | + +--- + +## User Stories + +### Sprint 1 - Foundation (21 SP) + +| ID | Nombre | SP | Prioridad | Estado | Asignado | +|----|--------|-----|-----------|--------|----------| +| [US-MGN001-001](./US-MGN001-001.md) | Login con Email y Password | 8 | P0 | Ready | - | +| [US-MGN001-002](./US-MGN001-002.md) | Logout y Cierre de Sesion | 5 | P0 | Ready | - | +| [US-MGN001-003](./US-MGN001-003.md) | Renovacion Automatica de Tokens | 8 | P0 | Ready | - | + +### Sprint 2 - Enhancement (8 SP) + +| ID | Nombre | SP | Prioridad | Estado | Asignado | +|----|--------|-----|-----------|--------|----------| +| [US-MGN001-004](./US-MGN001-004.md) | Recuperacion de Password | 8 | P1 | Ready | - | + +--- + +## Roadmap Visual + +``` +Sprint 1 Sprint 2 +├─────────────────────────────────┼─────────────────────────────────┤ +│ US-001: Login [8 SP] │ US-004: Password Recovery [8 SP]│ +│ US-002: Logout [5 SP] │ │ +│ US-003: Token Refresh [8 SP] │ │ +├─────────────────────────────────┼─────────────────────────────────┤ +│ Total: 21 SP │ Total: 8 SP │ +└─────────────────────────────────┴─────────────────────────────────┘ +``` + +--- + +## Dependencias entre Stories + +``` +US-MGN001-001 (Login) + │ + ├──────────────────┐ + │ │ + ▼ ▼ +US-MGN001-002 (Logout) US-MGN001-003 (Refresh) + │ + │ + ▼ +US-MGN001-004 (Password Recovery) + │ + └── Usa logout-all +``` + +--- + +## Criterios de Aceptacion del Modulo + +### Funcionalidad + +- [ ] Los usuarios pueden autenticarse con email y password +- [ ] Los usuarios pueden cerrar sesion de forma segura +- [ ] Las sesiones se renuevan automaticamente +- [ ] Los usuarios pueden recuperar su password + +### Seguridad + +- [ ] Passwords hasheados con bcrypt (salt rounds = 12) +- [ ] Tokens JWT firmados con RS256 +- [ ] Refresh token en cookie httpOnly +- [ ] Deteccion de token replay +- [ ] Rate limiting implementado +- [ ] Bloqueo de cuenta por intentos fallidos +- [ ] No se revela existencia de emails + +### Performance + +- [ ] Login < 500ms +- [ ] Refresh < 200ms +- [ ] Blacklist en Redis + +### Auditoria + +- [ ] Todos los logins registrados +- [ ] Todos los logouts registrados +- [ ] Intentos fallidos registrados +- [ ] Cambios de password registrados + +--- + +## Metricas del Modulo + +### Cobertura de Codigo + +| Capa | Objetivo | Actual | +|------|----------|--------| +| Backend Services | 80% | - | +| Backend Controllers | 70% | - | +| Frontend Services | 70% | - | +| Frontend Components | 60% | - | + +### Performance + +| Endpoint | Objetivo | P95 | +|----------|----------|-----| +| POST /auth/login | < 500ms | - | +| POST /auth/refresh | < 200ms | - | +| POST /auth/logout | < 200ms | - | +| POST /password/request-reset | < 1000ms | - | + +--- + +## Riesgos + +| Riesgo | Probabilidad | Impacto | Mitigacion | +|--------|--------------|---------|------------| +| Vulnerabilidad en JWT | Media | Alto | Code review, testing seguridad | +| Token replay attack | Baja | Alto | Deteccion de familia, rotacion | +| Email delivery failure | Media | Medio | Retry queue, monitoring | +| Brute force en login | Media | Medio | Rate limiting, CAPTCHA | + +--- + +## Definition of Done del Modulo + +- [ ] Todas las User Stories completadas +- [ ] Tests unitarios > 80% coverage +- [ ] Tests e2e pasando +- [ ] Documentacion Swagger completa +- [ ] Code review aprobado +- [ ] Security review aprobado +- [ ] Performance review aprobado +- [ ] Despliegue en staging exitoso +- [ ] UAT aprobado + +--- + +## Notas del Product Owner + +- El login es bloqueante para todo el proyecto +- Password recovery puede esperar a Sprint 2 +- Priorizar seguridad sobre features adicionales +- Considerar 2FA para fase posterior (no en MVP) + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 US | diff --git a/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-001.md b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-001.md new file mode 100644 index 0000000..24f47fe --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-001.md @@ -0,0 +1,296 @@ +# US-MGN001-001: Login con Email y Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN001-001 | +| **Modulo** | MGN-001 Auth | +| **Sprint** | Sprint 1 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario del sistema ERP +**Quiero** poder iniciar sesion con mi email y contraseña +**Para** acceder a las funcionalidades del sistema de forma segura + +--- + +## Descripcion + +El usuario necesita un mecanismo seguro para autenticarse en el sistema utilizando sus credenciales (email y contraseña). Al autenticarse exitosamente, recibira tokens JWT que le permitiran acceder a los recursos protegidos. + +### Contexto + +- Primera interaccion del usuario con el sistema +- Puerta de entrada a todas las funcionalidades +- Base de la seguridad del sistema + +--- + +## Criterios de Aceptacion + +### Escenario 1: Login exitoso + +```gherkin +Given un usuario registrado con email "user@example.com" + And password "SecurePass123!" + And el usuario no esta bloqueado + And el usuario esta activo +When el usuario envia sus credenciales al endpoint /api/v1/auth/login +Then el sistema responde con status 200 + And el body contiene "accessToken" de tipo string + And el body contiene "refreshToken" de tipo string + And el body contiene "user" con id, email, firstName, lastName, roles + And se establece cookie httpOnly "refresh_token" + And se registra el login en session_history +``` + +### Escenario 2: Login con email incorrecto + +```gherkin +Given un email "noexiste@example.com" que no existe en el sistema +When el usuario intenta hacer login con ese email +Then el sistema responde con status 401 + And el mensaje es "Credenciales invalidas" + And NO se revela que el email no existe + And se registra el intento fallido en login_attempts +``` + +### Escenario 3: Login con password incorrecto + +```gherkin +Given un usuario registrado con email "user@example.com" + And el password correcto es "SecurePass123!" +When el usuario intenta hacer login con password "wrongpassword" +Then el sistema responde con status 401 + And el mensaje es "Credenciales invalidas" + And se incrementa failed_login_attempts del usuario + And se registra el intento fallido en login_attempts +``` + +### Escenario 4: Cuenta bloqueada por intentos fallidos + +```gherkin +Given un usuario con email "user@example.com" + And el usuario tiene 5 intentos fallidos de login + And el campo locked_until es una fecha futura +When el usuario intenta hacer login con credenciales correctas +Then el sistema responde con status 423 + And el mensaje indica "Cuenta bloqueada" + And se indica el tiempo restante de bloqueo +``` + +### Escenario 5: Cuenta inactiva + +```gherkin +Given un usuario con email "inactive@example.com" + And el campo is_active del usuario es false +When el usuario intenta hacer login +Then el sistema responde con status 403 + And el mensaje es "Cuenta inactiva" +``` + +### Escenario 6: Validacion de campos + +```gherkin +Given un request al endpoint de login +When el email no es un email valido +Then el sistema responde con status 400 + And el mensaje indica "Email invalido" + +When el password tiene menos de 8 caracteres +Then el sistema responde con status 400 + And el mensaje indica "Password debe tener minimo 8 caracteres" + +When el email esta vacio +Then el sistema responde con status 400 + And el mensaje indica "Email es requerido" +``` + +### Escenario 7: Desbloqueo automatico + +```gherkin +Given un usuario con cuenta bloqueada + And el tiempo de bloqueo (30 minutos) ha pasado +When el usuario intenta hacer login con credenciales correctas +Then el sistema permite el login + And resetea failed_login_attempts a 0 + And limpia locked_until +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| ERP SUITE | +| | +| ╔═══════════════════════════╗ | +| ║ INICIAR SESION ║ | +| ╚═══════════════════════════╝ | +| | +| Correo electronico | +| +---------------------------+ | +| | user@example.com | | +| +---------------------------+ | +| | +| Contraseña | +| +---------------------------+ | +| | •••••••••••• | [👁] | +| +---------------------------+ | +| | +| [ ] Recordar sesion | +| | +| [===== INICIAR SESION =====] | +| | +| ¿Olvidaste tu contraseña? | +| | ++------------------------------------------------------------------+ + +Estados de UI: +┌─────────────────────────────────────────────────────────────────┐ +│ Estado: Loading │ +│ - Boton deshabilitado │ +│ - Spinner visible en boton │ +│ - Campos deshabilitados │ +└─────────────────────────────────────────────────────────────────┘ + +┌─────────────────────────────────────────────────────────────────┐ +│ Estado: Error │ +│ - Toast rojo con mensaje de error │ +│ - Campos con borde rojo si invalidos │ +│ - Texto de ayuda debajo del campo │ +└─────────────────────────────────────────────────────────────────┘ + +┌─────────────────────────────────────────────────────────────────┐ +│ Estado: Bloqueado │ +│ - Mensaje: "Cuenta bloqueada. Intenta en XX minutos" │ +│ - Enlace a "¿Necesitas ayuda?" │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API + +```typescript +// Request +POST /api/v1/auth/login +Content-Type: application/json +X-Tenant-Id: optional-if-single-tenant + +{ + "email": "user@example.com", + "password": "SecurePass123!" +} + +// Response 200 +{ + "accessToken": "eyJhbGciOiJSUzI1NiIs...", + "refreshToken": "eyJhbGciOiJSUzI1NiIs...", + "tokenType": "Bearer", + "expiresIn": 900, + "user": { + "id": "uuid", + "email": "user@example.com", + "firstName": "John", + "lastName": "Doe", + "roles": ["admin"] + } +} + +// Set-Cookie: refresh_token=...; HttpOnly; Secure; SameSite=Strict; Max-Age=604800 +``` + +### Validaciones + +| Campo | Regla | Mensaje Error | +|-------|-------|---------------| +| email | Required, IsEmail | "Email es requerido" / "Email invalido" | +| password | Required, MinLength(8), MaxLength(128) | "Password es requerido" / "Password debe tener minimo 8 caracteres" | + +### Seguridad + +- Bcrypt con salt rounds = 12 +- Rate limiting: 10 requests/minuto por IP +- No revelar si email existe +- Tokens firmados con RS256 + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/auth/login implementado +- [ ] Validaciones de DTO funcionando +- [ ] Login exitoso retorna tokens JWT +- [ ] Login fallido registra intento +- [ ] Bloqueo despues de 5 intentos +- [ ] Desbloqueo automatico despues de 30 min +- [ ] Cookie httpOnly para refresh token +- [ ] Registro en session_history +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Documentacion Swagger actualizada +- [ ] Code review aprobado + +--- + +## Dependencias + +### Requiere + +| Item | Descripcion | +|------|-------------| +| Tabla users | Con campos email, password_hash, is_active | +| Tabla login_attempts | Para registro de intentos | +| Tabla session_history | Para auditoria | +| TokenService | Para generar tokens JWT | + +### Bloquea + +| Item | Descripcion | +|------|-------------| +| US-MGN001-002 | Logout (necesita sesion) | +| US-MGN001-003 | Refresh token (necesita login) | +| Todas las features | Requieren autenticacion | + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: AuthService.login() | 4h | +| Backend: Validaciones y errores | 2h | +| Backend: Tests unitarios | 3h | +| Frontend: LoginPage | 4h | +| Frontend: authStore | 2h | +| Frontend: Tests | 2h | +| **Total** | **17h** | + +--- + +## Referencias + +- [RF-AUTH-001](../../01-requerimientos/RF-auth/RF-AUTH-001.md) - Requerimiento funcional +- [DDL-SPEC-core_auth](../../02-modelado/database-design/DDL-SPEC-core_auth.md) - Esquema BD +- [ET-auth-backend](../../02-modelado/especificaciones-tecnicas/ET-auth-backend.md) - Spec tecnica + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-002.md b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-002.md new file mode 100644 index 0000000..59860a1 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-002.md @@ -0,0 +1,261 @@ +# US-MGN001-002: Logout y Cierre de Sesion + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN001-002 | +| **Modulo** | MGN-001 Auth | +| **Sprint** | Sprint 1 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 5 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema ERP +**Quiero** poder cerrar mi sesion de forma segura +**Para** proteger mi cuenta cuando dejo de usar el sistema o en dispositivos compartidos + +--- + +## Descripcion + +El usuario necesita poder cerrar su sesion actual, revocando los tokens de acceso para que no puedan ser reutilizados. Tambien debe poder cerrar todas sus sesiones activas en caso de sospecha de compromiso de cuenta. + +### Contexto + +- Seguridad en dispositivos compartidos +- Cumplimiento de politicas corporativas +- Proteccion contra robo de tokens + +--- + +## Criterios de Aceptacion + +### Escenario 1: Logout exitoso + +```gherkin +Given un usuario autenticado con sesion activa + And tiene un access token valido + And tiene un refresh token en cookie +When el usuario hace POST /api/v1/auth/logout +Then el sistema responde con status 200 + And el mensaje es "Sesion cerrada exitosamente" + And el refresh token es revocado en BD + And el access token es agregado a la blacklist + And la cookie refresh_token es eliminada + And se registra el logout en session_history +``` + +### Escenario 2: Logout de todas las sesiones + +```gherkin +Given un usuario autenticado + And tiene 3 sesiones activas en diferentes dispositivos +When el usuario hace POST /api/v1/auth/logout-all +Then el sistema responde con status 200 + And el mensaje es "Todas las sesiones han sido cerradas" + And el response incluye "sessionsRevoked": 3 + And TODOS los refresh tokens del usuario son revocados + And se registra el logout_all en session_history +``` + +### Escenario 3: Logout sin autenticacion + +```gherkin +Given un usuario sin token de acceso +When intenta hacer logout +Then el sistema responde con status 401 + And el mensaje es "Token requerido" +``` + +### Escenario 4: Logout con token expirado + +```gherkin +Given un usuario con access token expirado + And tiene refresh token valido en cookie +When intenta hacer logout +Then el sistema permite el logout usando solo el refresh token + And responde con status 200 +``` + +### Escenario 5: Verificacion post-logout + +```gherkin +Given un usuario que acaba de hacer logout +When intenta acceder a un endpoint protegido + With el access token anterior +Then el sistema responde con status 401 + And el mensaje es "Token revocado" +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] [Usuario ▼] | ++------------------------------------------------------------------+ + ┌─────────────────┐ + │ Mi Perfil │ + │ Configuracion │ + │ ─────────────── │ + │ Cerrar Sesion │ ← Click + │ Cerrar Todas │ + └─────────────────┘ + +┌──────────────────────────────────────────────────────────────────┐ +│ CONFIRMACION DE LOGOUT │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ ¿Estas seguro que deseas cerrar sesion? │ +│ │ +│ [ Cancelar ] [ Cerrar Sesion ] │ +│ │ +└──────────────────────────────────────────────────────────────────┘ + +┌──────────────────────────────────────────────────────────────────┐ +│ CERRAR TODAS LAS SESIONES │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ ⚠️ Esta accion cerrara tu sesion en todos los dispositivos. │ +│ │ +│ Sesiones activas: 3 │ +│ - Chrome (Windows) - Hace 2 horas │ +│ - Firefox (Mac) - Hace 1 dia │ +│ - Safari (iPhone) - Ahora │ +│ │ +│ [ Cancelar ] [ Cerrar Todas ] │ +│ │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API + +```typescript +// Logout individual +POST /api/v1/auth/logout +Authorization: Bearer eyJhbGciOiJSUzI1NiIs... +Cookie: refresh_token=eyJhbGciOiJSUzI1NiIs... + +// Response 200 +{ + "message": "Sesion cerrada exitosamente" +} +// Set-Cookie: refresh_token=; Max-Age=0; HttpOnly; Secure; SameSite=Strict + +// Logout all +POST /api/v1/auth/logout-all +Authorization: Bearer eyJhbGciOiJSUzI1NiIs... + +// Response 200 +{ + "message": "Todas las sesiones han sido cerradas", + "sessionsRevoked": 3 +} +``` + +### Flujo de Logout + +``` +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ Frontend │ │ Backend │ │ Redis │ +└──────┬──────┘ └──────┬──────┘ └──────┬──────┘ + │ │ │ + │ POST /logout │ │ + │───────────────────>│ │ + │ │ │ + │ │ Revoke refresh │ + │ │ token in DB │ + │ │ │ + │ │ Blacklist access │ + │ │───────────────────>│ + │ │ │ + │ │ Delete cookie │ + │ │ │ + │ 200 OK │ │ + │<───────────────────│ │ + │ │ │ + │ Clear local state │ │ + │ Redirect to login │ │ + │ │ │ +``` + +### Seguridad + +- Blacklist en Redis con TTL +- Logout idempotente (no falla si ya esta logged out) +- Rate limiting: 10 requests/minuto + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/auth/logout implementado +- [ ] Endpoint POST /api/v1/auth/logout-all implementado +- [ ] Refresh token revocado en BD +- [ ] Access token blacklisteado en Redis +- [ ] Cookie eliminada correctamente +- [ ] Registro en session_history +- [ ] Frontend limpia estado local +- [ ] Frontend redirige a login +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Code review aprobado + +--- + +## Dependencias + +### Requiere + +| Item | Descripcion | +|------|-------------| +| US-MGN001-001 | Login (sesion activa) | +| BlacklistService | Para invalidar tokens | +| Redis | Para almacenar blacklist | + +### Bloquea + +| Item | Descripcion | +|------|-------------| +| - | No bloquea otras historias | + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: logout() | 2h | +| Backend: logoutAll() | 2h | +| Backend: Tests | 2h | +| Frontend: Logout button | 1h | +| Frontend: Confirmation modal | 2h | +| Frontend: Tests | 1h | +| **Total** | **10h** | + +--- + +## Referencias + +- [RF-AUTH-004](../../01-requerimientos/RF-auth/RF-AUTH-004.md) - Requerimiento funcional +- [ET-auth-backend](../../02-modelado/especificaciones-tecnicas/ET-auth-backend.md) - Spec tecnica + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-003.md b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-003.md new file mode 100644 index 0000000..cc8c917 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-003.md @@ -0,0 +1,300 @@ +# US-MGN001-003: Renovacion Automatica de Tokens + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN001-003 | +| **Modulo** | MGN-001 Auth | +| **Sprint** | Sprint 1 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema ERP +**Quiero** que mi sesion se renueve automaticamente mientras estoy usando el sistema +**Para** no tener que re-autenticarme constantemente y tener una experiencia de usuario fluida + +--- + +## Descripcion + +El sistema debe renovar automaticamente los tokens de acceso antes de que expiren, utilizando el refresh token. Esto permite mantener sesiones de larga duracion (hasta 7 dias) mientras los access tokens mantienen una vida corta (15 minutos) por seguridad. + +### Contexto + +- Access tokens expiran en 15 minutos por seguridad +- Los usuarios no deben ser interrumpidos mientras trabajan +- El proceso debe ser transparente para el usuario + +--- + +## Criterios de Aceptacion + +### Escenario 1: Refresh automatico exitoso + +```gherkin +Given un usuario autenticado trabajando en el sistema + And su access token expira en menos de 1 minuto + And su refresh token es valido +When el frontend detecta que el token esta por expirar +Then el frontend envia automaticamente POST /api/v1/auth/refresh + And recibe nuevos access y refresh tokens + And actualiza los tokens en memoria + And la cookie httpOnly es actualizada + And el usuario NO es interrumpido +``` + +### Escenario 2: Refresh con token valido (manual) + +```gherkin +Given un usuario con refresh token valido +When hace POST /api/v1/auth/refresh +Then el sistema valida el refresh token + And genera un nuevo par de tokens + And el refresh token anterior es marcado como usado + And el nuevo refresh token pertenece a la misma familia + And responde con status 200 +``` + +### Escenario 3: Refresh token expirado + +```gherkin +Given un usuario con refresh token expirado (>7 dias) +When intenta renovar tokens +Then el sistema responde con status 401 + And el mensaje es "Refresh token expirado" + And el usuario es redirigido al login +``` + +### Escenario 4: Deteccion de token replay + +```gherkin +Given un refresh token que ya fue usado para renovar + And el sistema genero un nuevo token despues de usarlo +When alguien intenta usar el refresh token viejo +Then el sistema detecta el reuso + And invalida TODA la familia de tokens + And responde con status 401 + And el mensaje es "Sesion comprometida. Por favor inicia sesion." + And todas las sesiones del usuario son cerradas +``` + +### Escenario 5: Refresh sin token + +```gherkin +Given un request sin refresh token +When intenta renovar tokens +Then el sistema responde con status 400 + And el mensaje es "Refresh token requerido" +``` + +### Escenario 6: Multiples requests simultaneos + +```gherkin +Given un usuario con token por expirar + And el frontend hace 3 requests simultaneos de refresh +When los requests llegan al servidor +Then solo el primero obtiene nuevos tokens + And los siguientes reciben los nuevos tokens (idempotente) + OR los siguientes reciben error y deben reintentar con el nuevo token +``` + +--- + +## Mockup / Wireframe + +``` +El proceso es INVISIBLE para el usuario. No hay UI directa. + +┌──────────────────────────────────────────────────────────────────┐ +│ Indicador de sesion (opcional en header) │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ [🔒 Sesion activa] ← Verde: sesion renovada │ +│ │ +│ [⚠️ Renovando...] ← Amarillo: refresh en progreso │ +│ │ +│ [❌ Sesion expirada] ← Rojo: necesita login │ +│ │ +└──────────────────────────────────────────────────────────────────┘ + +Flujo de sesion expirada: +┌──────────────────────────────────────────────────────────────────┐ +│ SESION EXPIRADA │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ Tu sesion ha expirado. Por favor inicia sesion nuevamente. │ +│ │ +│ [ Ir a Login ] │ +│ │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API + +```typescript +// Request +POST /api/v1/auth/refresh +Cookie: refresh_token=eyJhbGciOiJSUzI1NiIs... + +// O en body (fallback) +{ + "refreshToken": "eyJhbGciOiJSUzI1NiIs..." +} + +// Response 200 +{ + "accessToken": "eyJhbGciOiJSUzI1NiIs...", + "refreshToken": "eyJhbGciOiJSUzI1NiIs...", + "tokenType": "Bearer", + "expiresIn": 900 +} +// Set-Cookie: refresh_token=nuevo...; HttpOnly; Secure; SameSite=Strict +``` + +### Logica de Refresh en Frontend + +```typescript +// Token refresh interceptor (pseudo-code) +class TokenRefreshService { + private refreshing = false; + private refreshPromise: Promise | null = null; + + async checkAndRefresh(): Promise { + const accessToken = this.getAccessToken(); + const expiresAt = this.decodeExpiration(accessToken); + const now = Date.now(); + const oneMinute = 60 * 1000; + + // Renovar si expira en menos de 1 minuto + if (expiresAt - now < oneMinute) { + await this.refresh(); + } + } + + async refresh(): Promise { + // Evitar multiples refreshes simultaneos + if (this.refreshing) { + return this.refreshPromise; + } + + this.refreshing = true; + this.refreshPromise = this.doRefresh(); + + try { + await this.refreshPromise; + } finally { + this.refreshing = false; + this.refreshPromise = null; + } + } + + private async doRefresh(): Promise { + try { + const response = await api.post('/auth/refresh'); + this.setTokens(response.data); + } catch (error) { + // Refresh failed, redirect to login + this.clearTokens(); + router.push('/login'); + throw error; + } + } +} +``` + +### Rotacion de Tokens (Token Family) + +``` +Login exitoso: + └── RT1 (family: ABC) ← Activo + +Refresh 1: + ├── RT1 (family: ABC) → isUsed: true, replacedBy: RT2 + └── RT2 (family: ABC) ← Activo + +Refresh 2: + ├── RT1 (family: ABC) → isUsed: true, replacedBy: RT2 + ├── RT2 (family: ABC) → isUsed: true, replacedBy: RT3 + └── RT3 (family: ABC) ← Activo + +Token Replay (RT1 reutilizado): + ├── RT1 (family: ABC) → ALERTA! ya esta usado + ├── RT2 (family: ABC) → REVOCADO por seguridad + └── RT3 (family: ABC) → REVOCADO por seguridad +``` + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/auth/refresh implementado +- [ ] Rotacion de tokens funcionando +- [ ] Deteccion de token replay +- [ ] Revocacion de familia en caso de reuso +- [ ] Cookie actualizada en cada refresh +- [ ] Frontend: interceptor de refresh automatico +- [ ] Frontend: manejo de sesion expirada +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Code review aprobado + +--- + +## Dependencias + +### Requiere + +| Item | Descripcion | +|------|-------------| +| US-MGN001-001 | Login (obtener tokens iniciales) | +| Tabla refresh_tokens | Con campos family_id, is_used, replaced_by | +| Redis | Para rate limiting | + +### Bloquea + +| Item | Descripcion | +|------|-------------| +| Todas las features | Dependen de sesion activa | + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: refreshTokens() | 4h | +| Backend: Token rotation logic | 3h | +| Backend: Token replay detection | 2h | +| Backend: Tests | 3h | +| Frontend: Refresh interceptor | 3h | +| Frontend: Token storage | 2h | +| Frontend: Tests | 2h | +| **Total** | **19h** | + +--- + +## Referencias + +- [RF-AUTH-003](../../01-requerimientos/RF-auth/RF-AUTH-003.md) - Requerimiento funcional +- [RF-AUTH-002](../../01-requerimientos/RF-auth/RF-AUTH-002.md) - Estructura de tokens +- [ET-auth-backend](../../02-modelado/especificaciones-tecnicas/ET-auth-backend.md) - Spec tecnica + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-004.md b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-004.md new file mode 100644 index 0000000..f446c5b --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/historias-usuario/US-MGN001-004.md @@ -0,0 +1,391 @@ +# US-MGN001-004: Recuperacion de Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN001-004 | +| **Modulo** | MGN-001 Auth | +| **Sprint** | Sprint 2 | +| **Prioridad** | P1 - Alta | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario que olvido su contraseña +**Quiero** poder recuperar el acceso a mi cuenta mediante un proceso seguro +**Para** no quedar bloqueado del sistema sin necesidad de contactar soporte + +--- + +## Descripcion + +El usuario que olvido su contraseña debe poder solicitar un enlace de recuperacion por email. Este enlace le permitira establecer una nueva contraseña de forma segura, invalidando el acceso anterior. + +### Contexto + +- Los usuarios olvidan contraseñas con frecuencia +- El proceso debe ser autoservicio +- Debe ser seguro contra ataques de enumeracion de emails + +--- + +## Criterios de Aceptacion + +### Escenario 1: Solicitud de recuperacion exitosa + +```gherkin +Given un usuario registrado con email "user@example.com" +When solicita recuperacion de password en POST /api/v1/auth/password/request-reset +Then el sistema responde con status 200 + And el mensaje es "Si el email esta registrado, recibiras instrucciones" + And se genera un token de recuperacion con expiracion de 1 hora + And se envia email con enlace de recuperacion + And tokens anteriores de ese usuario son invalidados +``` + +### Escenario 2: Solicitud para email inexistente (seguridad) + +```gherkin +Given un email "noexiste@example.com" que NO existe en el sistema +When solicita recuperacion de password +Then el sistema responde con status 200 + And el mensaje es IDENTICO al caso exitoso + And NO se revela que el email no existe + And NO se envia ningun email +``` + +### Escenario 3: Cambio de password exitoso + +```gherkin +Given un usuario con token de recuperacion valido + And el token no ha expirado (<1 hora) + And el token no ha sido usado +When envia nuevo password cumpliendo requisitos +Then el sistema actualiza el password hasheado + And invalida el token de recuperacion + And cierra TODAS las sesiones activas del usuario + And envia email confirmando el cambio + And responde con status 200 +``` + +### Escenario 4: Token de recuperacion expirado + +```gherkin +Given un token de recuperacion emitido hace mas de 1 hora +When el usuario intenta usarlo +Then el sistema responde con status 400 + And el mensaje es "Token de recuperacion expirado" +``` + +### Escenario 5: Token ya utilizado + +```gherkin +Given un token de recuperacion que ya fue usado +When el usuario intenta usarlo nuevamente +Then el sistema responde con status 400 + And el mensaje es "Token de recuperacion ya utilizado" +``` + +### Escenario 6: Password no cumple requisitos + +```gherkin +Given un token de recuperacion valido +When el usuario envia un password que no cumple requisitos + | Escenario | Password | Error | + | Muy corto | "abc123" | "Password debe tener minimo 8 caracteres" | + | Sin mayuscula | "password123!" | "Debe incluir una mayuscula" | + | Sin numero | "Password!!" | "Debe incluir un numero" | + | Sin especial | "Password123" | "Debe incluir caracter especial" | +Then el sistema responde con status 400 + And el mensaje indica el requisito faltante + And se incrementa el contador de intentos del token +``` + +### Escenario 7: Password igual a anterior + +```gherkin +Given un token de recuperacion valido + And el usuario tiene historial de passwords +When envia un password igual a uno de los ultimos 5 +Then el sistema responde con status 400 + And el mensaje es "No puedes usar una contraseña anterior" +``` + +### Escenario 8: Validacion de token + +```gherkin +Given un token de recuperacion +When el usuario navega a la pagina de reset con ese token +Then el frontend valida el token GET /api/v1/auth/password/validate-token/:token + And si es valido muestra el formulario + And si no es valido muestra mensaje de error apropiado +``` + +--- + +## Mockup / Wireframe + +### Pagina de Solicitud + +``` ++------------------------------------------------------------------+ +| ERP SUITE | ++------------------------------------------------------------------+ +| | +| ╔═══════════════════════════════════╗ | +| ║ RECUPERAR CONTRASEÑA ║ | +| ╚═══════════════════════════════════╝ | +| | +| Ingresa tu correo electronico y te enviaremos | +| instrucciones para restablecer tu contraseña. | +| | +| Correo electronico | +| +---------------------------+ | +| | user@example.com | | +| +---------------------------+ | +| | +| [===== ENVIAR INSTRUCCIONES =====] | +| | +| ← Volver al login | +| | ++------------------------------------------------------------------+ +``` + +### Confirmacion de Envio + +``` ++------------------------------------------------------------------+ +| ERP SUITE | ++------------------------------------------------------------------+ +| | +| ╔═══════════════════════════════════╗ | +| ║ EMAIL ENVIADO ✉️ ║ | +| ╚═══════════════════════════════════╝ | +| | +| Si el email esta registrado, recibiras | +| instrucciones en los proximos minutos. | +| | +| Revisa tu bandeja de entrada y la carpeta | +| de spam. | +| | +| [===== VOLVER AL LOGIN =====] | +| | +| ¿No recibiste el email? | +| Espera 5 minutos y vuelve a intentar. | +| | ++------------------------------------------------------------------+ +``` + +### Pagina de Reset + +``` ++------------------------------------------------------------------+ +| ERP SUITE | ++------------------------------------------------------------------+ +| | +| ╔═══════════════════════════════════╗ | +| ║ NUEVA CONTRASEÑA ║ | +| ╚═══════════════════════════════════╝ | +| | +| Nueva contraseña | +| +---------------------------+ | +| | •••••••••••• | [👁] | +| +---------------------------+ | +| [████████░░] Fuerte | +| | +| ✓ Minimo 8 caracteres | +| ✓ Al menos una mayuscula | +| ✗ Al menos un numero | +| ✗ Al menos un caracter especial | +| | +| Confirmar contraseña | +| +---------------------------+ | +| | •••••••••••• | [👁] | +| +---------------------------+ | +| | +| [===== CAMBIAR CONTRASEÑA =====] | +| | ++------------------------------------------------------------------+ +``` + +### Token Invalido + +``` ++------------------------------------------------------------------+ +| ERP SUITE | ++------------------------------------------------------------------+ +| | +| ╔═══════════════════════════════════╗ | +| ║ ⚠️ ENLACE INVALIDO ║ | +| ╚═══════════════════════════════════╝ | +| | +| El enlace de recuperacion ha expirado | +| o ya fue utilizado. | +| | +| [===== SOLICITAR NUEVO ENLACE =====] | +| | ++------------------------------------------------------------------+ +``` + +--- + +## Notas Tecnicas + +### API + +```typescript +// 1. Solicitar recuperacion +POST /api/v1/auth/password/request-reset +{ + "email": "user@example.com" +} +// Response 200 +{ + "message": "Si el email esta registrado, recibiras instrucciones" +} + +// 2. Validar token +GET /api/v1/auth/password/validate-token/a1b2c3d4e5f6... +// Response 200 (valido) +{ + "valid": true, + "email": "u***@example.com" +} +// Response 200 (invalido) +{ + "valid": false, + "reason": "expired" | "used" | "invalid" +} + +// 3. Cambiar password +POST /api/v1/auth/password/reset +{ + "token": "a1b2c3d4e5f6...", + "newPassword": "NewSecurePass123!", + "confirmPassword": "NewSecurePass123!" +} +// Response 200 +{ + "message": "Contraseña actualizada exitosamente" +} +``` + +### Template de Email + +```html +Asunto: Recuperacion de contraseña - ERP Suite + +

Hola {{firstName}},

+ +

Recibimos una solicitud para restablecer tu contraseña.

+ +

Haz clic en el siguiente enlace para crear una nueva contraseña:

+ +Restablecer Contraseña + +

Este enlace expira en 1 hora.

+ +

Si no solicitaste este cambio, ignora este email. Tu contraseña +permanecera sin cambios.

+ +

Por seguridad, nunca compartas este enlace con nadie.

+ +
+IP: {{ipAddress}} | Fecha: {{timestamp}} +``` + +### Validaciones de Password + +```typescript +const PASSWORD_RULES = { + minLength: 8, + maxLength: 128, + requireUppercase: true, + requireLowercase: true, + requireNumber: true, + requireSpecial: true, + specialChars: '!@#$%^&*()_+-=[]{}|;:,.<>?', + historyCount: 5, // No repetir ultimos 5 +}; + +const PASSWORD_REGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/; +``` + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/auth/password/request-reset implementado +- [ ] Endpoint GET /api/v1/auth/password/validate-token/:token implementado +- [ ] Endpoint POST /api/v1/auth/password/reset implementado +- [ ] Token de 256 bits generado con crypto.randomBytes +- [ ] Token hasheado antes de almacenar +- [ ] Email de recuperacion enviado +- [ ] Validacion de politica de password +- [ ] Historial de passwords implementado +- [ ] Logout-all despues de cambio +- [ ] Email de confirmacion enviado +- [ ] Frontend: ForgotPasswordPage +- [ ] Frontend: ResetPasswordPage +- [ ] Frontend: Password strength indicator +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Code review aprobado + +--- + +## Dependencias + +### Requiere + +| Item | Descripcion | +|------|-------------| +| EmailService | Para enviar emails | +| Tabla password_reset_tokens | Almacenar tokens | +| Tabla password_history | Historial de passwords | +| US-MGN001-002 | Logout-all functionality | + +### Bloquea + +| Item | Descripcion | +|------|-------------| +| - | No bloquea otras historias | + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: requestPasswordReset() | 3h | +| Backend: validateResetToken() | 2h | +| Backend: resetPassword() | 4h | +| Backend: Password validation | 2h | +| Backend: Email templates | 2h | +| Backend: Tests | 3h | +| Frontend: ForgotPasswordPage | 3h | +| Frontend: ResetPasswordPage | 4h | +| Frontend: Password strength | 2h | +| Frontend: Tests | 2h | +| **Total** | **27h** | + +--- + +## Referencias + +- [RF-AUTH-005](../../01-requerimientos/RF-auth/RF-AUTH-005.md) - Requerimiento funcional +- [ET-auth-backend](../../02-modelado/especificaciones-tecnicas/ET-auth-backend.md) - Spec tecnica + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-001-auth/implementacion/TRACEABILITY.yml b/docs/01-fase-foundation/MGN-001-auth/implementacion/TRACEABILITY.yml new file mode 100644 index 0000000..9ab86c5 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/implementacion/TRACEABILITY.yml @@ -0,0 +1,695 @@ +# TRACEABILITY.yml - MGN-001: Autenticacion +# Matriz de trazabilidad: Documentacion -> Codigo +# Ubicacion: docs/01-fase-foundation/MGN-001-auth/implementacion/ + +epic_code: MGN-001 +epic_name: Autenticacion +phase: 1 +phase_name: Foundation +story_points: 40 +status: documented + +# ============================================================================= +# DOCUMENTACION +# ============================================================================= + +documentation: + + requirements: + - id: RF-AUTH-001 + file: ../requerimientos/RF-AUTH-001.md + title: Login con Email/Password + priority: P0 + status: migrated + description: | + El sistema debe permitir autenticacion mediante email y password. + Incluye validacion de credenciales, generacion de tokens y registro de sesion. + + - id: RF-AUTH-002 + file: ../requerimientos/RF-AUTH-002.md + title: Manejo de Tokens JWT + priority: P0 + status: migrated + description: | + Gestion de access tokens y refresh tokens JWT. + Incluye generacion, validacion, refresh y revocacion. + + - id: RF-AUTH-003 + file: ../requerimientos/RF-AUTH-003.md + title: Recuperacion de Password + priority: P1 + status: migrated + description: | + Flujo de recuperacion de password via email. + Incluye generacion de token, envio de email y reset. + + - id: RF-AUTH-004 + file: ../requerimientos/RF-AUTH-004.md + title: Proteccion Brute Force + priority: P1 + status: migrated + description: | + Proteccion contra ataques de fuerza bruta. + Rate limiting por IP y por email, bloqueo temporal. + + - id: RF-AUTH-005 + file: ../requerimientos/RF-AUTH-005.md + title: OAuth Social Login + priority: P2 + status: migrated + description: | + Login con proveedores OAuth (Google, Microsoft). + Vinculacion de cuentas sociales a cuenta local. + + - id: RF-AUTH-006 + file: ../requerimientos/RF-AUTH-005.md + title: Logout y Revocacion (incluido en RF-AUTH-005) + priority: P0 + status: migrated + description: | + Cierre de sesion y revocacion de tokens. + Logout de dispositivo actual o de todos los dispositivos. + + specifications: + - id: ET-AUTH-001 + file: ../especificaciones/ET-auth-backend.md + title: Backend Authentication + rf: [RF-AUTH-001, RF-AUTH-002, RF-AUTH-005] + status: migrated + components: + - AuthService + - TokenService + - AuthController + - JwtAuthGuard + + - id: ET-AUTH-002 + file: ../especificaciones/auth-domain.md + title: Domain Model Authentication + rf: [RF-AUTH-001, RF-AUTH-003] + status: migrated + components: + - Modelo de dominio Auth + + - id: ET-AUTH-003 + file: ../especificaciones/ET-AUTH-database.md + title: Database Authentication + rf: [RF-AUTH-001, RF-AUTH-002, RF-AUTH-004] + status: migrated + components: + - Schema core_auth + - Tablas y funciones + + user_stories: + - id: US-MGN001-001 + file: ../historias-usuario/US-MGN001-001.md + title: Login con Email/Password + rf: [RF-AUTH-001] + story_points: 8 + status: migrated + acceptance_criteria: 5 + + - id: US-MGN001-002 + file: ../historias-usuario/US-MGN001-002.md + title: Logout de Sesion + rf: [RF-AUTH-005] + story_points: 3 + status: migrated + acceptance_criteria: 3 + + - id: US-MGN001-003 + file: ../historias-usuario/US-MGN001-003.md + title: Recuperar Password + rf: [RF-AUTH-003] + story_points: 5 + status: migrated + acceptance_criteria: 4 + + - id: US-MGN001-004 + file: ../historias-usuario/US-MGN001-004.md + title: Refresh de Token + rf: [RF-AUTH-002] + story_points: 5 + status: migrated + acceptance_criteria: 3 + + backlog: + file: ../historias-usuario/BACKLOG-MGN001.md + status: migrated + +# ============================================================================= +# IMPLEMENTACION +# ============================================================================= + +implementation: + + database: + schema: core_auth + path: apps/database/ddl/schemas/core_auth/ + + tables: + - name: users_auth + file: apps/database/ddl/schemas/core_auth/tables/users_auth.sql + rf: RF-AUTH-001 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: tenant_id, type: UUID, fk: tenants} + - {name: user_id, type: UUID, fk: users} + - {name: email, type: VARCHAR(255), unique: true} + - {name: password_hash, type: VARCHAR(255)} + - {name: is_active, type: BOOLEAN} + - {name: email_verified_at, type: TIMESTAMPTZ} + - {name: last_login_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + indexes: + - idx_users_auth_email + - idx_users_auth_tenant + rls_policies: + - tenant_isolation + + - name: sessions + file: apps/database/ddl/schemas/core_auth/tables/sessions.sql + rf: RF-AUTH-002 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users_auth} + - {name: token_hash, type: VARCHAR(255)} + - {name: ip_address, type: INET} + - {name: user_agent, type: TEXT} + - {name: expires_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + + - name: refresh_tokens + file: apps/database/ddl/schemas/core_auth/tables/refresh_tokens.sql + rf: RF-AUTH-002 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users_auth} + - {name: token_hash, type: VARCHAR(255)} + - {name: expires_at, type: TIMESTAMPTZ} + - {name: revoked_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + + - name: password_resets + file: apps/database/ddl/schemas/core_auth/tables/password_resets.sql + rf: RF-AUTH-003 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users_auth} + - {name: token_hash, type: VARCHAR(255)} + - {name: expires_at, type: TIMESTAMPTZ} + - {name: used_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + + - name: login_attempts + file: apps/database/ddl/schemas/core_auth/tables/login_attempts.sql + rf: RF-AUTH-004 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: email, type: VARCHAR(255)} + - {name: ip_address, type: INET} + - {name: attempted_at, type: TIMESTAMPTZ} + - {name: success, type: BOOLEAN} + + - name: oauth_accounts + file: apps/database/ddl/schemas/core_auth/tables/oauth_accounts.sql + rf: RF-AUTH-005 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users_auth} + - {name: provider, type: VARCHAR(50)} + - {name: provider_user_id, type: VARCHAR(255)} + - {name: access_token, type: TEXT} + - {name: refresh_token, type: TEXT} + - {name: expires_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + + functions: + - name: validate_password + file: apps/database/ddl/schemas/core_auth/functions/validate_password.sql + rf: RF-AUTH-001 + status: pending + params: [user_id UUID, password TEXT] + returns: BOOLEAN + description: Valida password contra hash almacenado + + - name: cleanup_expired_sessions + file: apps/database/ddl/schemas/core_auth/functions/cleanup_sessions.sql + rf: RF-AUTH-002 + status: pending + params: [] + returns: INTEGER + description: Elimina sesiones expiradas, retorna cantidad eliminada + + triggers: + - name: trg_update_users_auth_timestamp + table: users_auth + event: BEFORE UPDATE + function: update_updated_at() + status: pending + + backend: + module: auth + path: apps/backend/src/modules/auth/ + framework: NestJS + + entities: + - name: UserAuth + file: apps/backend/src/modules/auth/entities/user-auth.entity.ts + rf: RF-AUTH-001 + status: pending + table: users_auth + + - name: Session + file: apps/backend/src/modules/auth/entities/session.entity.ts + rf: RF-AUTH-002 + status: pending + table: sessions + + - name: RefreshToken + file: apps/backend/src/modules/auth/entities/refresh-token.entity.ts + rf: RF-AUTH-002 + status: pending + table: refresh_tokens + + - name: PasswordReset + file: apps/backend/src/modules/auth/entities/password-reset.entity.ts + rf: RF-AUTH-003 + status: pending + table: password_resets + + - name: OAuthAccount + file: apps/backend/src/modules/auth/entities/oauth-account.entity.ts + rf: RF-AUTH-005 + status: pending + table: oauth_accounts + + services: + - name: AuthService + file: apps/backend/src/modules/auth/auth.service.ts + rf: [RF-AUTH-001, RF-AUTH-006] + status: pending + methods: + - {name: login, rf: RF-AUTH-001, description: "Valida credenciales y retorna tokens"} + - {name: logout, rf: RF-AUTH-006, description: "Revoca sesion actual"} + - {name: logoutAll, rf: RF-AUTH-006, description: "Revoca todas las sesiones"} + - {name: validateUser, rf: RF-AUTH-001, description: "Valida email y password"} + - {name: getProfile, rf: RF-AUTH-001, description: "Obtiene usuario autenticado"} + + - name: TokenService + file: apps/backend/src/modules/auth/token.service.ts + rf: [RF-AUTH-002] + status: pending + methods: + - {name: generateAccessToken, rf: RF-AUTH-002, description: "Genera JWT access token"} + - {name: generateRefreshToken, rf: RF-AUTH-002, description: "Genera refresh token"} + - {name: refreshTokens, rf: RF-AUTH-002, description: "Renueva par de tokens"} + - {name: revokeRefreshToken, rf: RF-AUTH-002, description: "Revoca refresh token"} + - {name: validateAccessToken, rf: RF-AUTH-002, description: "Valida JWT"} + + - name: PasswordService + file: apps/backend/src/modules/auth/password.service.ts + rf: [RF-AUTH-003] + status: pending + methods: + - {name: requestPasswordReset, rf: RF-AUTH-003, description: "Genera token y envia email"} + - {name: resetPassword, rf: RF-AUTH-003, description: "Cambia password con token"} + - {name: validateResetToken, rf: RF-AUTH-003, description: "Valida token de reset"} + + - name: OAuthService + file: apps/backend/src/modules/auth/oauth.service.ts + rf: [RF-AUTH-005] + status: pending + methods: + - {name: initiateOAuth, rf: RF-AUTH-005, description: "Inicia flujo OAuth"} + - {name: handleCallback, rf: RF-AUTH-005, description: "Procesa callback OAuth"} + - {name: linkAccount, rf: RF-AUTH-005, description: "Vincula cuenta OAuth"} + + controllers: + - name: AuthController + file: apps/backend/src/modules/auth/auth.controller.ts + status: pending + endpoints: + - method: POST + path: /api/v1/auth/login + rf: RF-AUTH-001 + dto_in: LoginDto + dto_out: TokenResponseDto + auth: false + description: Login con email y password + + - method: POST + path: /api/v1/auth/logout + rf: RF-AUTH-006 + dto_in: null + dto_out: MessageResponseDto + auth: true + description: Cerrar sesion actual + + - method: POST + path: /api/v1/auth/refresh + rf: RF-AUTH-002 + dto_in: RefreshTokenDto + dto_out: TokenResponseDto + auth: false + description: Refrescar tokens + + - method: POST + path: /api/v1/auth/forgot-password + rf: RF-AUTH-003 + dto_in: ForgotPasswordDto + dto_out: MessageResponseDto + auth: false + description: Solicitar recuperacion de password + + - method: POST + path: /api/v1/auth/reset-password + rf: RF-AUTH-003 + dto_in: ResetPasswordDto + dto_out: MessageResponseDto + auth: false + description: Restablecer password con token + + - method: GET + path: /api/v1/auth/me + rf: RF-AUTH-001 + dto_in: null + dto_out: UserProfileDto + auth: true + description: Obtener usuario autenticado + + - method: GET + path: /api/v1/auth/oauth/:provider + rf: RF-AUTH-005 + dto_in: null + dto_out: OAuthRedirectDto + auth: false + description: Iniciar OAuth flow + + dtos: + - name: LoginDto + file: apps/backend/src/modules/auth/dto/login.dto.ts + rf: RF-AUTH-001 + status: pending + fields: + - {name: email, type: string, validation: "IsEmail"} + - {name: password, type: string, validation: "MinLength(8)"} + - {name: remember_me, type: boolean, optional: true} + + - name: TokenResponseDto + file: apps/backend/src/modules/auth/dto/token-response.dto.ts + rf: RF-AUTH-002 + status: pending + fields: + - {name: access_token, type: string} + - {name: refresh_token, type: string} + - {name: expires_in, type: number} + - {name: token_type, type: string} + + - name: RefreshTokenDto + file: apps/backend/src/modules/auth/dto/refresh-token.dto.ts + rf: RF-AUTH-002 + status: pending + fields: + - {name: refresh_token, type: string, validation: "IsNotEmpty"} + + - name: ForgotPasswordDto + file: apps/backend/src/modules/auth/dto/forgot-password.dto.ts + rf: RF-AUTH-003 + status: pending + fields: + - {name: email, type: string, validation: "IsEmail"} + + - name: ResetPasswordDto + file: apps/backend/src/modules/auth/dto/reset-password.dto.ts + rf: RF-AUTH-003 + status: pending + fields: + - {name: token, type: string, validation: "IsNotEmpty"} + - {name: password, type: string, validation: "MinLength(8)"} + - {name: password_confirmation, type: string} + + guards: + - name: JwtAuthGuard + file: apps/backend/src/modules/auth/guards/jwt-auth.guard.ts + rf: RF-AUTH-002 + status: pending + description: Valida JWT en header Authorization + + - name: RefreshTokenGuard + file: apps/backend/src/modules/auth/guards/refresh-token.guard.ts + rf: RF-AUTH-002 + status: pending + description: Valida refresh token + + decorators: + - name: CurrentUser + file: apps/backend/src/modules/auth/decorators/current-user.decorator.ts + rf: RF-AUTH-001 + status: pending + description: Inyecta usuario actual del request + + - name: Public + file: apps/backend/src/modules/auth/decorators/public.decorator.ts + rf: RF-AUTH-001 + status: pending + description: Marca endpoint como publico (sin auth) + + frontend: + feature: auth + path: apps/frontend/src/features/auth/ + framework: React + + pages: + - name: LoginPage + file: apps/frontend/src/features/auth/pages/LoginPage.tsx + rf: RF-AUTH-001 + status: pending + route: /login + components: [LoginForm, SocialLoginButtons] + + - name: ForgotPasswordPage + file: apps/frontend/src/features/auth/pages/ForgotPasswordPage.tsx + rf: RF-AUTH-003 + status: pending + route: /forgot-password + components: [ForgotPasswordForm] + + - name: ResetPasswordPage + file: apps/frontend/src/features/auth/pages/ResetPasswordPage.tsx + rf: RF-AUTH-003 + status: pending + route: /reset-password/:token + components: [ResetPasswordForm] + + components: + - name: LoginForm + file: apps/frontend/src/features/auth/components/LoginForm.tsx + rf: RF-AUTH-001 + status: pending + description: Formulario de login con validacion + + - name: SocialLoginButtons + file: apps/frontend/src/features/auth/components/SocialLoginButtons.tsx + rf: RF-AUTH-005 + status: pending + description: Botones de login social (Google, Microsoft) + + - name: ForgotPasswordForm + file: apps/frontend/src/features/auth/components/ForgotPasswordForm.tsx + rf: RF-AUTH-003 + status: pending + description: Formulario solicitud de reset + + - name: ResetPasswordForm + file: apps/frontend/src/features/auth/components/ResetPasswordForm.tsx + rf: RF-AUTH-003 + status: pending + description: Formulario cambio de password + + stores: + - name: authStore + file: apps/frontend/src/features/auth/stores/authStore.ts + rf: [RF-AUTH-001, RF-AUTH-002] + status: pending + state: + - {name: user, type: "User | null"} + - {name: isAuthenticated, type: boolean} + - {name: isLoading, type: boolean} + - {name: error, type: "string | null"} + actions: + - {name: login, rf: RF-AUTH-001} + - {name: logout, rf: RF-AUTH-006} + - {name: refreshToken, rf: RF-AUTH-002} + - {name: getProfile, rf: RF-AUTH-001} + + api: + - name: authApi + file: apps/frontend/src/features/auth/api/authApi.ts + status: pending + methods: + - {name: login, endpoint: "POST /auth/login"} + - {name: logout, endpoint: "POST /auth/logout"} + - {name: refresh, endpoint: "POST /auth/refresh"} + - {name: forgotPassword, endpoint: "POST /auth/forgot-password"} + - {name: resetPassword, endpoint: "POST /auth/reset-password"} + - {name: getMe, endpoint: "GET /auth/me"} + + hooks: + - name: useAuth + file: apps/frontend/src/features/auth/hooks/useAuth.ts + status: pending + description: Hook para acceder a estado de auth + + - name: useRequireAuth + file: apps/frontend/src/features/auth/hooks/useRequireAuth.ts + status: pending + description: Hook para proteger rutas + +# ============================================================================= +# DEPENDENCIAS +# ============================================================================= + +dependencies: + depends_on: [] # Primer modulo, sin dependencias + + required_by: + - module: MGN-002 + type: hard + reason: Usuarios necesitan autenticacion + - module: MGN-003 + type: hard + reason: RBAC usa tokens JWT + - module: MGN-004 + type: hard + reason: Tenant ID en token + - module: ALL + type: hard + reason: Todos los modulos requieren auth + + external: + - name: bcrypt + version: "^5.1.0" + purpose: Hash de passwords + - name: jsonwebtoken + version: "^9.0.0" + purpose: Generacion/validacion JWT + - name: passport + version: "^0.7.0" + purpose: Estrategias de autenticacion + - name: @nestjs/jwt + version: "^10.0.0" + purpose: Integracion JWT con NestJS + +# ============================================================================= +# TESTS +# ============================================================================= + +tests: + unit: + - name: AuthService.spec.ts + file: apps/backend/src/modules/auth/__tests__/auth.service.spec.ts + status: pending + cases: 12 + rf: [RF-AUTH-001, RF-AUTH-006] + + - name: TokenService.spec.ts + file: apps/backend/src/modules/auth/__tests__/token.service.spec.ts + status: pending + cases: 8 + rf: [RF-AUTH-002] + + - name: PasswordService.spec.ts + file: apps/backend/src/modules/auth/__tests__/password.service.spec.ts + status: pending + cases: 6 + rf: [RF-AUTH-003] + + integration: + - name: auth.controller.e2e.spec.ts + file: apps/backend/test/auth/auth.controller.e2e.spec.ts + status: pending + cases: 10 + endpoints: + - POST /auth/login + - POST /auth/logout + - POST /auth/refresh + - GET /auth/me + + frontend: + - name: LoginForm.test.tsx + file: apps/frontend/src/features/auth/__tests__/LoginForm.test.tsx + status: pending + cases: 5 + rf: [RF-AUTH-001] + + coverage: + target: 80% + current: 0% + unit: 0% + integration: 0% + e2e: 0% + +# ============================================================================= +# METRICAS +# ============================================================================= + +metrics: + story_points: + estimated: 40 + actual: null + variance: null + + files: + database: 9 + backend: 22 + frontend: 14 + tests: 8 + total: 53 + + lines_of_code: + estimated: 2500 + actual: 0 + + complexity: + services: medium + database: low + frontend: low + +# ============================================================================= +# BUG FIXES +# ============================================================================= + +bug_fixes: [] + +# ============================================================================= +# CHANGELOG +# ============================================================================= + +changelog: + - version: "1.0.0" + date: null + changes: + - "Implementacion inicial de autenticacion" + - "Login con email/password" + - "Manejo de tokens JWT" + - "Proteccion brute force" + +# ============================================================================= +# HISTORIAL +# ============================================================================= + +history: + - date: "2025-12-05" + action: "Creacion de TRACEABILITY.yml" + author: Requirements-Analyst + changes: + - "Documentacion completa de trazabilidad" + - "Mapeo RF -> ET -> US -> Codigo" + - "Definicion de todos los componentes" diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/INDICE-RF-AUTH.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/INDICE-RF-AUTH.md new file mode 100644 index 0000000..a86dfb8 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/INDICE-RF-AUTH.md @@ -0,0 +1,188 @@ +# Indice de Requerimientos Funcionales - MGN-001 Auth + +## Resumen del Modulo + +| Campo | Valor | +|-------|-------| +| **Codigo** | MGN-001 | +| **Nombre** | Auth - Autenticacion | +| **Prioridad** | P0 - Critica | +| **Total RFs** | 5 | +| **Estado** | En documentacion | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +El modulo de autenticacion es el pilar fundamental de seguridad del ERP. Proporciona: + +- **Autenticacion**: Verificacion de identidad del usuario +- **Autorizacion**: Generacion de tokens con permisos +- **Gestion de Sesiones**: Control del ciclo de vida de sesiones +- **Seguridad**: Proteccion contra ataques comunes + +--- + +## Lista de Requerimientos Funcionales + +| ID | Nombre | Prioridad | Complejidad | Estado | Story Points | +|----|--------|-----------|-------------|--------|--------------| +| [RF-AUTH-001](./RF-AUTH-001.md) | Login con Email y Password | P0 | Media | Aprobado | 10 | +| [RF-AUTH-002](./RF-AUTH-002.md) | Generacion y Validacion JWT | P0 | Alta | Aprobado | 9 | +| [RF-AUTH-003](./RF-AUTH-003.md) | Refresh Token y Renovacion | P0 | Media | Aprobado | 10 | +| [RF-AUTH-004](./RF-AUTH-004.md) | Logout y Revocacion | P0 | Baja | Aprobado | 6 | +| [RF-AUTH-005](./RF-AUTH-005.md) | Recuperacion de Password | P1 | Media | Aprobado | 10 | + +**Total Story Points:** 45 + +--- + +## Grafo de Dependencias + +``` +RF-AUTH-001 (Login) + │ + ├──► RF-AUTH-002 (JWT Tokens) + │ │ + │ └──► RF-AUTH-003 (Refresh Token) + │ │ + │ └──► RF-AUTH-004 (Logout) + │ + └──► RF-AUTH-005 (Password Recovery) + │ + └──► RF-AUTH-004 (Logout) [logout-all] +``` + +### Orden de Implementacion Recomendado + +1. **RF-AUTH-001** - Login (base de todo) +2. **RF-AUTH-002** - JWT Tokens (generacion) +3. **RF-AUTH-003** - Refresh Token (renovacion) +4. **RF-AUTH-004** - Logout (cierre de sesion) +5. **RF-AUTH-005** - Password Recovery (recuperacion) + +--- + +## Endpoints del Modulo + +| Metodo | Endpoint | RF | Descripcion | +|--------|----------|-----|-------------| +| POST | `/api/v1/auth/login` | RF-AUTH-001 | Autenticar usuario | +| POST | `/api/v1/auth/refresh` | RF-AUTH-003 | Renovar tokens | +| POST | `/api/v1/auth/logout` | RF-AUTH-004 | Cerrar sesion | +| POST | `/api/v1/auth/logout-all` | RF-AUTH-004 | Cerrar todas las sesiones | +| POST | `/api/v1/auth/password/request-reset` | RF-AUTH-005 | Solicitar recuperacion | +| POST | `/api/v1/auth/password/reset` | RF-AUTH-005 | Cambiar password | +| GET | `/api/v1/auth/password/validate-token/:token` | RF-AUTH-005 | Validar token reset | + +--- + +## Tablas de Base de Datos + +| Tabla | RF | Descripcion | +|-------|-----|-------------| +| `users` | RF-AUTH-001 | Usuarios (existente, agregar columnas) | +| `refresh_tokens` | RF-AUTH-002, RF-AUTH-003 | Tokens de refresh | +| `revoked_tokens` | RF-AUTH-002 | Blacklist de tokens | +| `session_history` | RF-AUTH-001, RF-AUTH-004 | Historial de sesiones | +| `login_attempts` | RF-AUTH-001 | Control de intentos fallidos | +| `password_reset_tokens` | RF-AUTH-005 | Tokens de recuperacion | +| `password_history` | RF-AUTH-005 | Historial de passwords | + +--- + +## Criterios de Aceptacion Consolidados + +### Seguridad + +- [ ] Passwords hasheados con bcrypt (salt rounds = 12) +- [ ] Tokens JWT firmados con RS256 +- [ ] Refresh tokens en httpOnly cookies +- [ ] Access tokens con expiracion corta (15 min) +- [ ] Deteccion de token replay +- [ ] Rate limiting en todos los endpoints +- [ ] No revelar existencia de emails + +### Funcionalidad + +- [ ] Login con email/password funcional +- [ ] Generacion correcta de par de tokens +- [ ] Refresh automatico antes de expiracion +- [ ] Logout individual y global +- [ ] Recuperacion de password via email + +### Auditoria + +- [ ] Todos los logins registrados +- [ ] Todos los logouts registrados +- [ ] Intentos fallidos registrados +- [ ] Cambios de password registrados + +--- + +## Reglas de Negocio Transversales + +| ID | Regla | Aplica a | +|----|-------|----------| +| RN-T001 | Multi-tenancy: tenant_id obligatorio en tokens | Todos | +| RN-T002 | Usuarios pueden tener multiples sesiones | RF-001, RF-003 | +| RN-T003 | Maximo 5 sesiones activas por usuario | RF-001, RF-003 | +| RN-T004 | Bloqueo despues de 5 intentos fallidos | RF-001 | +| RN-T005 | Notificaciones de seguridad via email | RF-004, RF-005 | + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Database | 9 | +| Backend | 23 | +| Frontend | 13 | +| **Total** | **45** | + +--- + +## Riesgos Identificados + +| Riesgo | Probabilidad | Impacto | Mitigacion | +|--------|--------------|---------|------------| +| Vulnerabilidad en manejo de tokens | Media | Alto | Code review, testing seguridad | +| Performance en blacklist | Baja | Medio | Redis con TTL automatico | +| Email delivery failures | Media | Medio | Retry queue, logs | +| Session fixation | Baja | Alto | Regenerar tokens post-login | + +--- + +## Referencias + +### Documentacion Relacionada + +- [DDL-SPEC-core_auth.md](../../02-modelado/database-design/DDL-SPEC-core_auth.md) - Especificacion de base de datos +- [ET-auth-backend.md](../../02-modelado/especificaciones-tecnicas/ET-auth-backend.md) - Especificacion tecnica backend +- [TP-auth.md](../../04-test-plans/TP-auth.md) - Plan de pruebas + +### Directivas Aplicables + +- `DIRECTIVA-DOCUMENTACION-PRE-DESARROLLO.md` +- `DIRECTIVA-PATRONES-ODOO.md` +- `ESTANDARES-API-REST-GENERICO.md` + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 5 RFs | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-001.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-001.md new file mode 100644 index 0000000..01f27fd --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-001.md @@ -0,0 +1,234 @@ +# RF-AUTH-001: Login con Email y Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-AUTH-001 | +| **Modulo** | MGN-001 | +| **Nombre Modulo** | Auth - Autenticacion | +| **Prioridad** | P0 | +| **Complejidad** | Media | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los usuarios autenticarse utilizando su correo electronico y contraseña. Al autenticarse exitosamente, el sistema debe generar tokens JWT (access token y refresh token) que permitan al usuario acceder a los recursos protegidos del sistema. + +### Contexto de Negocio + +La autenticacion es la puerta de entrada al sistema ERP. Sin un mecanismo robusto de login, no es posible garantizar la seguridad de los datos ni el aislamiento multi-tenant. Este requerimiento es la base de toda la seguridad del sistema. + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe aceptar email y password como credenciales de login +- [x] **CA-002:** El sistema debe validar que el email exista en la base de datos +- [x] **CA-003:** El sistema debe verificar el password usando bcrypt +- [x] **CA-004:** El sistema debe generar un access token JWT con expiracion de 15 minutos +- [x] **CA-005:** El sistema debe generar un refresh token JWT con expiracion de 7 dias +- [x] **CA-006:** El sistema debe registrar el login en el historial de sesiones +- [x] **CA-007:** El sistema debe devolver error 401 si las credenciales son invalidas +- [x] **CA-008:** El sistema debe bloquear la cuenta despues de 5 intentos fallidos + +### Ejemplos de Verificacion + +```gherkin +Scenario: Login exitoso + Given un usuario registrado con email "user@example.com" y password "SecurePass123!" + When el usuario envia credenciales correctas al endpoint /api/v1/auth/login + Then el sistema responde con status 200 + And el body contiene accessToken y refreshToken + And se registra el login en session_history + +Scenario: Login fallido por password incorrecto + Given un usuario registrado con email "user@example.com" + When el usuario envia password incorrecto + Then el sistema responde con status 401 + And el mensaje es "Credenciales invalidas" + And se incrementa el contador de intentos fallidos + +Scenario: Cuenta bloqueada por intentos fallidos + Given un usuario con 5 intentos fallidos de login + When el usuario intenta hacer login nuevamente + Then el sistema responde con status 423 + And el mensaje indica que la cuenta esta bloqueada +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | El email debe ser unico por tenant | Constraint UNIQUE(tenant_id, email) | +| RN-002 | El password debe tener minimo 8 caracteres | Validacion en DTO | +| RN-003 | El password debe incluir mayuscula, minuscula, numero | Regex validation | +| RN-004 | Maximo 5 intentos fallidos antes de bloqueo | Contador en BD | +| RN-005 | El bloqueo dura 30 minutos | Campo locked_until en users | +| RN-006 | Los tokens deben incluir tenant_id en el payload | JWT payload | +| RN-007 | El access token expira en 15 minutos | JWT exp claim | +| RN-008 | El refresh token expira en 7 dias | JWT exp claim | + +### Excepciones + +- Si el usuario tiene 2FA habilitado, el login genera un token temporal y requiere verificacion adicional +- Los superadmins pueden acceder a multiples tenants (tenant_id opcional en su caso) + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Schema | usar | `core_auth` | +| Tabla | usar | `users` - verificar credenciales | +| Tabla | usar | `sessions` - registrar login | +| Tabla | crear | `login_attempts` - control de intentos | +| Columna | agregar | `users.failed_login_attempts` | +| Columna | agregar | `users.locked_until` | +| Indice | crear | `idx_users_email_tenant` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Service | crear | `AuthService.login()` | +| Service | crear | `TokenService.generateTokens()` | +| Controller | crear | `AuthController.login()` | +| DTO | crear | `LoginDto` | +| DTO | crear | `LoginResponseDto` | +| Endpoints | crear | `POST /api/v1/auth/login` | +| Guard | crear | `ThrottlerGuard` para rate limiting | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Pagina | crear | `LoginPage` | +| Componente | crear | `LoginForm` | +| Store | crear | `authStore` | +| Service | crear | `authService.login()` | +| Hook | crear | `useAuth` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| - | Ninguna (es el primer RF) | - | + +### Dependencias Relacionadas (No bloqueantes) + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-AUTH-002 | JWT Tokens | Genera tokens | +| RF-AUTH-003 | Refresh Token | Genera refresh token | +| RF-AUTH-004 | Logout | Usa misma sesion | + +--- + +## Mockups / Wireframes + +### Pantalla de Login + +``` ++------------------------------------------------------------------+ +| ERP SUITE | ++------------------------------------------------------------------+ +| | +| +-------------------------+ | +| | INICIAR SESION | | +| +-------------------------+ | +| | +| Email: | +| +-------------------------+ | +| | user@example.com | | +| +-------------------------+ | +| | +| Password: | +| +-------------------------+ | +| | •••••••••••• | | +| +-------------------------+ | +| | +| [ ] Recordarme | +| | +| [ INICIAR SESION ] | +| | +| Olvidaste tu password? | +| | ++------------------------------------------------------------------+ +``` + +### Estados de UI + +| Estado | Comportamiento | +|--------|----------------| +| Loading | Boton deshabilitado, spinner visible | +| Error | Toast rojo con mensaje de error | +| Success | Redirect a dashboard | +| Blocked | Mensaje de cuenta bloqueada con tiempo restante | + +--- + +## Datos de Prueba + +### Escenarios + +| Escenario | Datos Entrada | Resultado Esperado | +|-----------|---------------|-------------------| +| Happy path | email: "test@erp.com", password: "Test123!" | 200, tokens generados | +| Email no existe | email: "noexiste@erp.com" | 401, "Credenciales invalidas" | +| Password incorrecto | password: "wrongpass" | 401, "Credenciales invalidas" | +| Cuenta bloqueada | 5+ intentos fallidos | 423, "Cuenta bloqueada" | +| Email vacio | email: "" | 400, "Email es requerido" | +| Password muy corto | password: "123" | 400, "Password minimo 8 caracteres" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 2 | Tablas ya existen, solo columnas nuevas | +| Backend | 5 | Service, Controller, DTOs, Guards | +| Frontend | 3 | LoginPage, Form, Store | +| **Total** | **10** | | + +--- + +## Notas Adicionales + +- Usar bcrypt con salt rounds = 12 para hash de passwords +- Los tokens JWT deben firmarse con algoritmo RS256 (asymmetric) +- Implementar rate limiting: max 10 requests/minuto por IP +- Loguear todos los intentos de login (exitosos y fallidos) para auditoria +- Considerar implementar CAPTCHA despues de 3 intentos fallidos + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-002.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-002.md new file mode 100644 index 0000000..9abe890 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-002.md @@ -0,0 +1,264 @@ +# RF-AUTH-002: Generacion y Validacion de JWT Tokens + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-AUTH-002 | +| **Modulo** | MGN-001 | +| **Nombre Modulo** | Auth - Autenticacion | +| **Prioridad** | P0 | +| **Complejidad** | Alta | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe implementar un mecanismo de tokens JWT (JSON Web Tokens) para autenticar y autorizar las peticiones de los usuarios. Los tokens deben contener la informacion necesaria para identificar al usuario y su tenant, permitiendo el acceso a los recursos del sistema de forma segura y stateless. + +### Contexto de Negocio + +Los tokens JWT permiten autenticacion stateless, lo cual es esencial para: +- Escalabilidad horizontal del backend +- APIs REST verdaderamente stateless +- Soporte para multiples clientes (web, mobile, integraciones) +- Aislamiento multi-tenant mediante tenant_id en el payload + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe generar access tokens con expiracion de 15 minutos +- [x] **CA-002:** El sistema debe generar refresh tokens con expiracion de 7 dias +- [x] **CA-003:** El payload del token debe incluir: userId, tenantId, email, roles +- [x] **CA-004:** Los tokens deben firmarse con algoritmo RS256 (asymmetric keys) +- [x] **CA-005:** El sistema debe validar la firma del token en cada request +- [x] **CA-006:** El sistema debe rechazar tokens expirados con error 401 +- [x] **CA-007:** El sistema debe rechazar tokens con firma invalida con error 401 +- [x] **CA-008:** El sistema debe extraer el usuario del token y adjuntarlo al request + +### Ejemplos de Verificacion + +```gherkin +Scenario: Validacion de token valido + Given un usuario autenticado con un access token valido + When el usuario hace una peticion a un endpoint protegido + Then el sistema valida la firma del token + And extrae el userId y tenantId del payload + And permite el acceso al recurso + +Scenario: Token expirado + Given un usuario con un access token expirado + When el usuario hace una peticion a un endpoint protegido + Then el sistema responde con status 401 + And el mensaje es "Token expirado" + And el header incluye WWW-Authenticate: Bearer error="token_expired" + +Scenario: Token con firma invalida + Given un token modificado o con firma incorrecta + When se intenta acceder a un endpoint protegido + Then el sistema responde con status 401 + And el mensaje es "Token invalido" +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Access token expira en 15 minutos | JWT exp claim | +| RN-002 | Refresh token expira en 7 dias | JWT exp claim | +| RN-003 | Los tokens usan algoritmo RS256 | Asymmetric signing | +| RN-004 | El payload incluye jti (JWT ID) unico | UUID v4 | +| RN-005 | El issuer (iss) debe ser "erp-core" | JWT iss claim | +| RN-006 | El audience (aud) debe ser "erp-api" | JWT aud claim | +| RN-007 | El tenant_id es obligatorio (excepto superadmin) | Validacion en middleware | + +### Estructura del JWT Payload + +```json +{ + "sub": "user-uuid", // Subject: User ID + "tid": "tenant-uuid", // Tenant ID + "email": "user@example.com", // Email del usuario + "roles": ["admin", "user"], // Roles del usuario + "permissions": ["read", "write"], // Permisos directos + "iat": 1701792000, // Issued At + "exp": 1701792900, // Expiration (15 min) + "iss": "erp-core", // Issuer + "aud": "erp-api", // Audience + "jti": "unique-token-id" // JWT ID +} +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | crear | `refresh_tokens` - almacenar refresh tokens | +| Tabla | crear | `revoked_tokens` - tokens revocados | +| Columna | - | `refresh_tokens.token_hash` (hash del token) | +| Columna | - | `refresh_tokens.expires_at` | +| Columna | - | `refresh_tokens.device_info` | +| Indice | crear | `idx_refresh_tokens_user` | +| Indice | crear | `idx_revoked_tokens_jti` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Service | crear | `TokenService` | +| Method | crear | `generateAccessToken()` | +| Method | crear | `generateRefreshToken()` | +| Method | crear | `validateToken()` | +| Method | crear | `decodeToken()` | +| Guard | crear | `JwtAuthGuard` | +| Middleware | crear | `TokenMiddleware` | +| Config | crear | JWT keys (public/private) | +| Interface | crear | `JwtPayload` | +| Interface | crear | `TokenPair` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Service | crear | `tokenService` | +| Method | - | `getAccessToken()` | +| Method | - | `setTokens()` | +| Method | - | `clearTokens()` | +| Method | - | `isTokenExpired()` | +| Interceptor | crear | Axios interceptor para adjuntar token | +| Storage | usar | localStorage/sessionStorage para tokens | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-AUTH-001 | Login | Genera los tokens | + +### Dependencias Relacionadas + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-AUTH-003 | Refresh Token | Usa refresh token | +| RF-AUTH-004 | Logout | Revoca tokens | + +--- + +## Especificaciones Tecnicas + +### Generacion de Claves RS256 + +```bash +# Generar clave privada +openssl genrsa -out private.key 2048 + +# Extraer clave publica +openssl rsa -in private.key -pubout -out public.key +``` + +### Configuracion de Tokens + +```typescript +// config/jwt.config.ts +export const jwtConfig = { + accessToken: { + algorithm: 'RS256', + expiresIn: '15m', + issuer: 'erp-core', + audience: 'erp-api', + }, + refreshToken: { + algorithm: 'RS256', + expiresIn: '7d', + issuer: 'erp-core', + audience: 'erp-api', + }, +}; +``` + +### Ejemplo de Token Generado + +``` +Header: +{ + "alg": "RS256", + "typ": "JWT" +} + +Payload: +{ + "sub": "550e8400-e29b-41d4-a716-446655440000", + "tid": "tenant-123", + "email": "user@example.com", + "roles": ["admin"], + "iat": 1701792000, + "exp": 1701792900, + "iss": "erp-core", + "aud": "erp-api", + "jti": "abc123" +} +``` + +--- + +## Datos de Prueba + +| Escenario | Token | Resultado | +|-----------|-------|-----------| +| Token valido | JWT firmado correctamente | 200, acceso permitido | +| Token expirado | exp < now | 401, "Token expirado" | +| Firma invalida | Token modificado | 401, "Token invalido" | +| Sin token | Header Authorization vacio | 401, "Token requerido" | +| Formato incorrecto | "Bearer abc123" (no JWT) | 401, "Token malformado" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 2 | Tablas refresh_tokens, revoked_tokens | +| Backend | 5 | TokenService, Guards, Middleware | +| Frontend | 2 | Token storage e interceptors | +| **Total** | **9** | | + +--- + +## Notas Adicionales + +- Las claves privadas deben almacenarse en variables de entorno o secrets manager +- Considerar rotacion de claves cada 90 dias +- Implementar JWK (JSON Web Key) endpoint para distribuir clave publica +- El refresh token NO debe almacenarse en localStorage (usar httpOnly cookie) +- Implementar token blacklist en Redis para logout inmediato + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-003.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-003.md new file mode 100644 index 0000000..e734942 --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-003.md @@ -0,0 +1,261 @@ +# RF-AUTH-003: Refresh Token y Renovacion de Sesion + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-AUTH-003 | +| **Modulo** | MGN-001 | +| **Nombre Modulo** | Auth - Autenticacion | +| **Prioridad** | P0 | +| **Complejidad** | Media | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir renovar el access token utilizando un refresh token valido, sin requerir que el usuario vuelva a ingresar sus credenciales. Esto permite mantener sesiones de larga duracion de forma segura, mientras los access tokens tienen vida corta. + +### Contexto de Negocio + +Los access tokens tienen vida corta (15 minutos) por seguridad. Sin un mecanismo de refresh, los usuarios tendrian que re-autenticarse constantemente, lo cual afecta negativamente la experiencia de usuario. El refresh token permite mantener la sesion activa hasta 7 dias sin comprometer la seguridad. + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe aceptar un refresh token valido y generar nuevos tokens +- [x] **CA-002:** El nuevo access token debe tener los mismos claims que el original +- [x] **CA-003:** El refresh token usado debe invalidarse (rotacion de tokens) +- [x] **CA-004:** Se debe generar un nuevo refresh token con cada renovacion +- [x] **CA-005:** El sistema debe rechazar refresh tokens expirados con error 401 +- [x] **CA-006:** El sistema debe rechazar refresh tokens revocados con error 401 +- [x] **CA-007:** El sistema debe detectar y prevenir reuso de refresh tokens (token replay) +- [x] **CA-008:** El frontend debe renovar automaticamente antes de que expire el access token + +### Ejemplos de Verificacion + +```gherkin +Scenario: Renovacion exitosa de tokens + Given un usuario con refresh token valido + When el usuario envia el refresh token a /api/v1/auth/refresh + Then el sistema invalida el refresh token anterior + And genera un nuevo par de tokens (access + refresh) + And responde con status 200 y los nuevos tokens + +Scenario: Refresh token expirado + Given un usuario con refresh token expirado + When el usuario intenta renovar tokens + Then el sistema responde con status 401 + And el mensaje es "Refresh token expirado" + And el usuario debe hacer login nuevamente + +Scenario: Deteccion de token replay (reuso) + Given un refresh token que ya fue usado para renovar + When alguien intenta usar ese mismo refresh token + Then el sistema detecta el reuso + And invalida TODOS los tokens del usuario (seguridad) + And responde con status 401 + And el mensaje es "Sesion comprometida, por favor inicie sesion" +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Refresh token valido por 7 dias | JWT exp claim | +| RN-002 | Cada refresh genera nuevo refresh token (rotacion) | Token replacement | +| RN-003 | Refresh token usado se invalida inmediatamente | Marcar como usado en BD | +| RN-004 | Reuso de refresh token invalida toda la familia | Revocar todos tokens del usuario | +| RN-005 | Maximo 5 sesiones activas por usuario | Contador de sesiones | +| RN-006 | El refresh se hace 1 minuto antes de expiracion | Frontend timer | + +### Token Family (Familia de Tokens) + +Cada refresh token pertenece a una "familia" que se origina en un login. Si se detecta reuso de un token de esa familia, toda la familia se invalida. + +``` +Login -> RT1 -> RT2 -> RT3 (familia activa) + ↳ RT2 reusado? -> Invalida RT1, RT2, RT3 +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | modificar | `refresh_tokens` - agregar campos | +| Columna | agregar | `family_id` UUID - familia del token | +| Columna | agregar | `is_used` BOOLEAN - si ya fue usado | +| Columna | agregar | `used_at` TIMESTAMPTZ - cuando se uso | +| Columna | agregar | `replaced_by` UUID - token que lo reemplazo | +| Indice | crear | `idx_refresh_tokens_family` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | crear | `AuthController.refresh()` | +| Method | crear | `TokenService.refreshTokens()` | +| Method | crear | `TokenService.detectTokenReuse()` | +| Method | crear | `TokenService.revokeTokenFamily()` | +| DTO | crear | `RefreshTokenDto` | +| DTO | crear | `TokenResponseDto` | +| Endpoint | crear | `POST /api/v1/auth/refresh` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Service | modificar | `tokenService.refreshTokens()` | +| Interceptor | crear | Auto-refresh interceptor | +| Timer | crear | Refresh timer (1 min antes de exp) | +| Handler | crear | Token expiration handler | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-AUTH-001 | Login | Genera tokens iniciales | +| RF-AUTH-002 | JWT Tokens | Estructura de tokens | + +### Dependencias Relacionadas + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-AUTH-004 | Logout | Revoca refresh tokens | + +--- + +## Especificaciones Tecnicas + +### Flujo de Refresh + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ 1. Frontend detecta que access token expira pronto │ +│ (1 minuto antes de exp) │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 2. Frontend envia refresh token a POST /api/v1/auth/refresh │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 3. Backend valida refresh token │ +│ - Verifica firma │ +│ - Verifica expiracion │ +│ - Verifica que no este usado (is_used = false) │ +│ - Verifica que no este revocado │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 4. Si es valido: │ +│ - Marca token actual como usado (is_used = true) │ +│ - Genera nuevo access token │ +│ - Genera nuevo refresh token (misma family_id) │ +│ - Actualiza replaced_by del token anterior │ +│ - Retorna nuevos tokens │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 5. Frontend almacena nuevos tokens │ +│ - Actualiza access token en memoria/storage │ +│ - Actualiza refresh token en httpOnly cookie │ +│ - Reinicia timer de refresh │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Deteccion de Token Replay + +```typescript +async refreshTokens(refreshToken: string): Promise { + const decoded = this.decodeToken(refreshToken); + const storedToken = await this.refreshTokenRepo.findOne({ + where: { jti: decoded.jti } + }); + + // Detectar reuso + if (storedToken.isUsed) { + // ALERTA: Token replay detectado + await this.revokeTokenFamily(storedToken.familyId); + throw new UnauthorizedException('Sesion comprometida'); + } + + // Marcar como usado + storedToken.isUsed = true; + storedToken.usedAt = new Date(); + + // Generar nuevos tokens + const newTokens = await this.generateTokenPair(decoded.sub, decoded.tid); + + // Vincular tokens + storedToken.replacedBy = newTokens.refreshTokenId; + await this.refreshTokenRepo.save(storedToken); + + return newTokens; +} +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Refresh exitoso | Refresh token valido | 200, nuevos tokens | +| Token expirado | RT con exp < now | 401, "Token expirado" | +| Token ya usado | RT con is_used = true | 401, "Sesion comprometida" | +| Token revocado | RT en revoked_tokens | 401, "Token revocado" | +| Sin refresh token | Body vacio | 400, "Refresh token requerido" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 2 | Columnas adicionales en refresh_tokens | +| Backend | 5 | Logica de rotacion y deteccion reuso | +| Frontend | 3 | Auto-refresh interceptor y timer | +| **Total** | **10** | | + +--- + +## Notas Adicionales + +- El refresh token debe enviarse en httpOnly cookie, no en body (previene XSS) +- Considerar sliding window: extender expiracion si hay actividad +- Implementar rate limiting en endpoint de refresh (max 1 req/segundo) +- Loguear todos los refreshes para auditoria +- En caso de breach, proporcionar endpoint para revocar todas las sesiones + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-004.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-004.md new file mode 100644 index 0000000..3371fbf --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-004.md @@ -0,0 +1,288 @@ +# RF-AUTH-004: Logout y Revocacion de Sesion + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-AUTH-004 | +| **Modulo** | MGN-001 | +| **Nombre Modulo** | Auth - Autenticacion | +| **Prioridad** | P0 | +| **Complejidad** | Baja | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los usuarios cerrar su sesion de forma segura, revocando todos los tokens asociados (access token y refresh token). Esto garantiza que los tokens no puedan ser reutilizados despues del logout, incluso si no han expirado. + +### Contexto de Negocio + +El logout seguro es esencial para: +- Proteger cuentas en dispositivos compartidos +- Cumplir con politicas de seguridad corporativas +- Permitir al usuario revocar acceso si sospecha compromiso +- Terminar sesiones en dispositivos perdidos o robados + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe aceptar el refresh token para identificar la sesion a cerrar +- [x] **CA-002:** El sistema debe invalidar el refresh token en la base de datos +- [x] **CA-003:** El sistema debe agregar el access token actual a la blacklist +- [x] **CA-004:** El sistema debe eliminar la cookie httpOnly del refresh token +- [x] **CA-005:** El sistema debe responder con 200 OK en logout exitoso +- [x] **CA-006:** El sistema debe registrar el logout en el historial de sesiones +- [x] **CA-007:** El sistema debe permitir logout de todas las sesiones (logout global) +- [x] **CA-008:** El frontend debe limpiar tokens de memoria/storage + +### Ejemplos de Verificacion + +```gherkin +Scenario: Logout exitoso + Given un usuario autenticado con sesion activa + When el usuario hace POST /api/v1/auth/logout + Then el sistema revoca el refresh token actual + And agrega el access token a la blacklist + And elimina la cookie del refresh token + And responde con status 200 + And registra el evento en session_history + +Scenario: Logout de todas las sesiones + Given un usuario con multiples sesiones activas en diferentes dispositivos + When el usuario hace POST /api/v1/auth/logout-all + Then el sistema revoca TODOS los refresh tokens del usuario + And invalida toda la familia de tokens + And responde con status 200 + And el usuario es forzado a re-autenticarse en todos los dispositivos + +Scenario: Logout con token ya expirado + Given un usuario con access token expirado pero refresh token valido + When el usuario intenta hacer logout + Then el sistema permite el logout usando solo el refresh token + And responde con status 200 +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | El logout revoca la sesion actual unicamente | Por defecto solo sesion actual | +| RN-002 | Logout-all revoca todas las sesiones del usuario | Parametro all=true | +| RN-003 | Los tokens revocados se almacenan hasta su expiracion natural | Cleanup job posterior | +| RN-004 | El access token se blacklistea en Redis/memoria | TTL = tiempo restante de exp | +| RN-005 | El logout debe funcionar aunque el access token este expirado | Usar refresh token | +| RN-006 | El evento de logout se registra para auditoria | session_history.action = 'logout' | + +### Blacklist de Tokens + +Para invalidacion inmediata de access tokens (que son stateless), se usa una blacklist: + +``` +Token activo + logout → jti agregado a blacklist +Validacion de token → verificar si jti esta en blacklist +Blacklist TTL → igual al tiempo restante del token +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | usar | `refresh_tokens` - marcar como revocado | +| Tabla | usar | `session_history` - registrar logout | +| Columna | agregar | `refresh_tokens.revoked_at` TIMESTAMPTZ | +| Columna | agregar | `refresh_tokens.revoked_reason` VARCHAR(50) | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | crear | `AuthController.logout()` | +| Controller | crear | `AuthController.logoutAll()` | +| Method | crear | `TokenService.revokeRefreshToken()` | +| Method | crear | `TokenService.revokeAllUserTokens()` | +| Method | crear | `TokenService.blacklistAccessToken()` | +| Service | crear | `BlacklistService` (Redis) | +| Endpoint | crear | `POST /api/v1/auth/logout` | +| Endpoint | crear | `POST /api/v1/auth/logout-all` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Service | modificar | `authService.logout()` | +| Store | modificar | `authStore.clearSession()` | +| Method | crear | `tokenService.clearAllTokens()` | +| Interceptor | modificar | Redirect a login en 401 post-logout | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-AUTH-001 | Login | Crea la sesion a cerrar | +| RF-AUTH-002 | JWT Tokens | Tokens a revocar | +| RF-AUTH-003 | Refresh Token | Token a invalidar | + +### Dependencias Relacionadas + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-AUTH-005 | Password Recovery | Puede forzar logout-all | + +--- + +## Especificaciones Tecnicas + +### Flujo de Logout + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ 1. Frontend llama POST /api/v1/auth/logout │ +│ - Envia refresh token en cookie httpOnly │ +│ - Envia access token en header Authorization │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 2. Backend extrae tokens │ +│ - Decodifica refresh token para obtener jti │ +│ - Decodifica access token para obtener jti │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 3. Revoca refresh token en BD │ +│ - UPDATE refresh_tokens SET │ +│ revoked_at = NOW(), │ +│ revoked_reason = 'user_logout' │ +│ WHERE jti = :refresh_jti │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 4. Blacklistea access token en Redis │ +│ - SET blacklist:{access_jti} = 1 │ +│ - EXPIRE blacklist:{access_jti} {remaining_ttl} │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 5. Elimina cookie de refresh token │ +│ - Set-Cookie: refresh_token=; Max-Age=0; HttpOnly │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 6. Registra evento en session_history │ +│ - INSERT INTO session_history (user_id, action, ...) │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 7. Responde al frontend │ +│ - Status 200 OK │ +│ - Body: { message: "Sesion cerrada exitosamente" } │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Blacklist Service (Redis) + +```typescript +@Injectable() +export class BlacklistService { + constructor(private redis: RedisService) {} + + async blacklistToken(jti: string, expiresIn: number): Promise { + const key = `blacklist:${jti}`; + await this.redis.set(key, '1', 'EX', expiresIn); + } + + async isBlacklisted(jti: string): Promise { + const key = `blacklist:${jti}`; + const result = await this.redis.get(key); + return result !== null; + } +} +``` + +### Logout All (Logout Global) + +```typescript +async logoutAll(userId: string): Promise { + // Revocar todos los refresh tokens del usuario + await this.refreshTokenRepo.update( + { userId, revokedAt: IsNull() }, + { revokedAt: new Date(), revokedReason: 'logout_all' } + ); + + // Blacklistear todos los access tokens activos + // (requiere tracking de tokens activos o usar family_id) + await this.blacklistUserTokens(userId); + + // Registrar evento + await this.sessionHistoryService.record({ + userId, + action: 'logout_all', + metadata: { reason: 'user_requested' } + }); +} +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Logout exitoso | Token valido | 200, sesion cerrada | +| Logout sin token | Sin Authorization | 401, "Token requerido" | +| Logout token expirado | Access expirado, refresh valido | 200, permite logout | +| Logout-all | all=true | 200, todas sesiones cerradas | +| Logout token ya revocado | Refresh ya revocado | 200, idempotente | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 1 | Columnas adicionales | +| Backend | 3 | Controller, Services, Redis | +| Frontend | 2 | Limpieza de estado | +| **Total** | **6** | | + +--- + +## Notas Adicionales + +- Implementar logout como operacion idempotente (no falla si ya esta logged out) +- Considerar endpoint para logout de sesion especifica por device_id +- El blacklist en Redis debe tener alta disponibilidad +- Cleanup job para eliminar tokens revocados expirados de BD +- Notificar al usuario via email si se hace logout-all (seguridad) + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-005.md b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-005.md new file mode 100644 index 0000000..977ec6b --- /dev/null +++ b/docs/01-fase-foundation/MGN-001-auth/requerimientos/RF-AUTH-005.md @@ -0,0 +1,345 @@ +# RF-AUTH-005: Recuperacion de Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-AUTH-005 | +| **Modulo** | MGN-001 | +| **Nombre Modulo** | Auth - Autenticacion | +| **Prioridad** | P1 | +| **Complejidad** | Media | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los usuarios recuperar el acceso a su cuenta cuando olvidan su contraseña. El proceso incluye solicitar un enlace de recuperacion por email, validar el token de recuperacion, y establecer una nueva contraseña de forma segura. + +### Contexto de Negocio + +La recuperacion de password es un proceso critico que debe balancear: +- Usabilidad: El usuario debe poder recuperar acceso facilmente +- Seguridad: El proceso no debe permitir acceso no autorizado +- Cumplimiento: Debe registrarse para auditoria y prevencion de abuso + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe generar un token unico de recuperacion con expiracion de 1 hora +- [x] **CA-002:** El sistema debe enviar email con enlace de recuperacion +- [x] **CA-003:** El sistema debe validar el token antes de permitir cambio de password +- [x] **CA-004:** El sistema debe invalidar el token despues de un uso exitoso +- [x] **CA-005:** El sistema debe invalidar el token despues de 3 intentos fallidos +- [x] **CA-006:** El sistema debe aplicar las mismas reglas de complejidad al nuevo password +- [x] **CA-007:** El sistema debe forzar logout de todas las sesiones al cambiar password +- [x] **CA-008:** El sistema debe notificar al usuario via email que su password fue cambiado +- [x] **CA-009:** El sistema NO debe revelar si el email existe o no (seguridad) + +### Ejemplos de Verificacion + +```gherkin +Scenario: Solicitud de recuperacion exitosa + Given un usuario registrado con email "user@example.com" + When el usuario solicita recuperacion de password + Then el sistema genera un token de recuperacion + And envia email con enlace de recuperacion + And responde con mensaje generico "Si el email existe, recibiras instrucciones" + And el token expira en 1 hora + +Scenario: Cambio de password exitoso + Given un usuario con token de recuperacion valido + When el usuario envia nuevo password cumpliendo requisitos + Then el sistema actualiza el password hasheado + And invalida el token de recuperacion + And cierra todas las sesiones activas del usuario + And envia email confirmando el cambio + And responde con status 200 + +Scenario: Token de recuperacion expirado + Given un token de recuperacion emitido hace mas de 1 hora + When el usuario intenta usarlo para cambiar password + Then el sistema responde con status 400 + And el mensaje es "Token de recuperacion expirado" + +Scenario: Email no registrado (seguridad) + Given un email que NO existe en el sistema + When alguien solicita recuperacion para ese email + Then el sistema responde con el mismo mensaje generico + And NO envia ningun email + And NO revela que el email no existe +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | El token de recuperacion expira en 1 hora | Campo expires_at | +| RN-002 | Solo un token activo por usuario | Invalida tokens anteriores | +| RN-003 | Maximo 3 solicitudes por hora por email | Rate limiting | +| RN-004 | El nuevo password no puede ser igual al anterior | Comparar hashes | +| RN-005 | El nuevo password debe cumplir politica de complejidad | Min 8 chars, mayus, minus, numero | +| RN-006 | Cambio de password fuerza logout-all | Seguridad | +| RN-007 | Respuesta generica para solicitud (no revelar existencia) | Mensaje fijo | +| RN-008 | Token de uso unico | Invalida inmediatamente despues de uso | + +### Politica de Complejidad de Password + +``` +- Minimo 8 caracteres +- Al menos 1 letra mayuscula +- Al menos 1 letra minuscula +- Al menos 1 numero +- Al menos 1 caracter especial (!@#$%^&*) +- No puede contener el email del usuario +- No puede ser igual a los ultimos 5 passwords +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | crear | `password_reset_tokens` | +| Columna | - | `id` UUID PK | +| Columna | - | `user_id` UUID FK → users | +| Columna | - | `token_hash` VARCHAR(255) | +| Columna | - | `expires_at` TIMESTAMPTZ | +| Columna | - | `used_at` TIMESTAMPTZ NULL | +| Columna | - | `attempts` INTEGER DEFAULT 0 | +| Columna | - | `created_at` TIMESTAMPTZ | +| Tabla | crear | `password_history` - historial de passwords | +| Indice | crear | `idx_password_reset_tokens_user` | +| Indice | crear | `idx_password_reset_tokens_expires` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | crear | `AuthController.requestPasswordReset()` | +| Controller | crear | `AuthController.resetPassword()` | +| Method | crear | `PasswordService.generateResetToken()` | +| Method | crear | `PasswordService.validateResetToken()` | +| Method | crear | `PasswordService.resetPassword()` | +| Method | crear | `PasswordService.validatePasswordPolicy()` | +| DTO | crear | `RequestPasswordResetDto` | +| DTO | crear | `ResetPasswordDto` | +| Service | usar | `EmailService.sendPasswordResetEmail()` | +| Endpoint | crear | `POST /api/v1/auth/password/request-reset` | +| Endpoint | crear | `POST /api/v1/auth/password/reset` | +| Endpoint | crear | `GET /api/v1/auth/password/validate-token/:token` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Pagina | crear | `ForgotPasswordPage` | +| Pagina | crear | `ResetPasswordPage` | +| Componente | crear | `ForgotPasswordForm` | +| Componente | crear | `ResetPasswordForm` | +| Componente | crear | `PasswordStrengthIndicator` | +| Service | crear | `passwordService.requestReset()` | +| Service | crear | `passwordService.resetPassword()` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-AUTH-001 | Login | Estructura de usuarios | +| RF-AUTH-004 | Logout | Logout-all despues de cambio | + +### Dependencias Externas + +| Servicio | Descripcion | +|----------|-------------| +| Email Service | Envio de emails transaccionales | +| Template Engine | Templates de email | + +--- + +## Especificaciones Tecnicas + +### Flujo de Recuperacion + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ FASE 1: SOLICITUD DE RECUPERACION │ +├─────────────────────────────────────────────────────────────────┤ +│ 1. Usuario ingresa email en formulario │ +│ 2. Frontend POST /api/v1/auth/password/request-reset │ +│ 3. Backend busca usuario por email │ +│ - Si existe: genera token, envia email │ +│ - Si no existe: no hace nada (seguridad) │ +│ 4. Backend responde con mensaje generico │ +│ "Si el email esta registrado, recibiras instrucciones" │ +└─────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ FASE 2: EMAIL DE RECUPERACION │ +├─────────────────────────────────────────────────────────────────┤ +│ 1. Usuario recibe email con enlace │ +│ https://app.erp.com/reset-password?token={token} │ +│ 2. El enlace incluye token de uso unico (NO el hash) │ +│ 3. El token tiene validez de 1 hora │ +└─────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ FASE 3: VALIDACION DE TOKEN │ +├─────────────────────────────────────────────────────────────────┤ +│ 1. Usuario hace clic en enlace │ +│ 2. Frontend GET /api/v1/auth/password/validate-token/:token │ +│ 3. Backend valida: │ +│ - Token existe │ +│ - Token no expirado │ +│ - Token no usado │ +│ - Intentos < 3 │ +│ 4. Si valido: muestra formulario de nuevo password │ +│ Si invalido: muestra error apropiado │ +└─────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ FASE 4: CAMBIO DE PASSWORD │ +├─────────────────────────────────────────────────────────────────┤ +│ 1. Usuario ingresa nuevo password (2 veces) │ +│ 2. Frontend POST /api/v1/auth/password/reset │ +│ Body: { token, newPassword } │ +│ 3. Backend: │ +│ a. Valida token nuevamente │ +│ b. Valida politica de password │ +│ c. Verifica no sea igual a anteriores │ +│ d. Hashea nuevo password │ +│ e. Actualiza users.password_hash │ +│ f. Marca token como usado │ +│ g. Guarda en password_history │ +│ h. Ejecuta logout-all │ +│ i. Envia email de confirmacion │ +│ 4. Responde 200 OK │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Generacion de Token Seguro + +```typescript +async generateResetToken(email: string): Promise { + const user = await this.userRepo.findByEmail(email); + + // IMPORTANTE: No revelar si el usuario existe + if (!user) { + // Log para auditoria pero no revelar al cliente + this.logger.warn(`Password reset requested for non-existent email: ${email}`); + return; // Respuesta identica a caso exitoso + } + + // Invalida tokens anteriores + await this.passwordResetRepo.invalidateUserTokens(user.id); + + // Genera token seguro (32 bytes = 256 bits) + const token = crypto.randomBytes(32).toString('hex'); + const tokenHash = await bcrypt.hash(token, 10); + + // Guarda en BD + await this.passwordResetRepo.create({ + userId: user.id, + tokenHash, + expiresAt: addHours(new Date(), 1), + attempts: 0, + }); + + // Envia email (async, no bloquea respuesta) + await this.emailService.sendPasswordResetEmail(user.email, token); +} +``` + +### Template de Email + +```html +

Recuperacion de Contraseña

+

Hola {{userName}},

+

Recibimos una solicitud para restablecer tu contraseña.

+

Haz clic en el siguiente enlace para crear una nueva contraseña:

+Restablecer Contraseña +

Este enlace expira en 1 hora.

+

Si no solicitaste este cambio, ignora este email.

+

Por seguridad, nunca compartas este enlace.

+``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Solicitud email existente | email: "test@erp.com" | 200, email enviado | +| Solicitud email no existe | email: "noexiste@erp.com" | 200, mensaje generico (no revela) | +| Token valido | Token < 1 hora | 200, permite cambio | +| Token expirado | Token > 1 hora | 400, "Token expirado" | +| Token usado | Token ya utilizado | 400, "Token ya utilizado" | +| Password debil | "123456" | 400, "Password no cumple requisitos" | +| Password igual anterior | Mismo que actual | 400, "No puede ser igual al anterior" | +| Demasiados intentos | 3+ intentos fallidos | 400, "Token invalidado" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 2 | Tablas password_reset_tokens, password_history | +| Backend | 5 | Services, validaciones, email | +| Frontend | 3 | Formularios, validacion, UX | +| **Total** | **10** | | + +--- + +## Notas Adicionales + +- Usar crypto.randomBytes para generacion de tokens (no UUID) +- Almacenar solo el HASH del token, no el token plano +- Implementar rate limiting estricto para prevenir enumeracion de emails +- Los enlaces de reset deben ser HTTPS obligatoriamente +- Considerar CAPTCHA para solicitudes de recuperacion +- Implementar honeypot para detectar bots +- El email de confirmacion de cambio debe incluir IP y timestamp + +--- + +## Consideraciones de Seguridad + +| Amenaza | Mitigacion | +|---------|------------| +| Enumeracion de emails | Respuesta identica para email existe/no existe | +| Fuerza bruta en token | Token de 256 bits, max 3 intentos | +| Intercepcion de email | HTTPS, token de uso unico | +| Session fixation | Logout-all despues de cambio | +| Password spraying | Rate limiting, CAPTCHA | + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/README.md b/docs/01-fase-foundation/MGN-002-users/README.md new file mode 100644 index 0000000..c71d12b --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/README.md @@ -0,0 +1,88 @@ +# MGN-002: Usuarios + +## Metadata + +| Campo | Valor | +|-------|-------| +| **ID** | MGN-002 | +| **Nombre** | Usuarios | +| **Fase** | 01 - Foundation | +| **Prioridad** | P0 (Critico) | +| **Story Points** | 35 SP | +| **Estado** | Documentado | +| **Dependencias** | MGN-001 | + +--- + +## Descripcion + +Gestion completa de usuarios del sistema ERP. Permite crear, modificar, consultar y desactivar usuarios, asi como gestionar sus perfiles y preferencias personalizadas. + +--- + +## Objetivos + +1. Proveer CRUD completo de usuarios +2. Gestionar perfiles extendidos (bio, company, etc.) +3. Permitir personalizacion via preferencias +4. Soportar busqueda eficiente de usuarios +5. Implementar soft delete para trazabilidad + +--- + +## Alcance + +### Incluido + +- CRUD de usuarios (create, read, update, soft delete) +- Gestion de perfil extendido +- Preferencias de usuario (tema, idioma, notificaciones) +- Busqueda y filtrado de usuarios +- Activacion/desactivacion de cuentas + +### Excluido + +- Autenticacion (ver MGN-001 Auth) +- Asignacion de roles (ver MGN-003 Roles) +- Gestion de tenants (ver MGN-004 Tenants) + +--- + +## Endpoints API + +| Metodo | Path | Descripcion | +|--------|------|-------------| +| GET | `/api/v1/users` | Listar usuarios | +| GET | `/api/v1/users/:id` | Obtener usuario | +| POST | `/api/v1/users` | Crear usuario | +| PATCH | `/api/v1/users/:id` | Actualizar usuario | +| DELETE | `/api/v1/users/:id` | Soft delete | +| GET | `/api/v1/users/:id/profile` | Obtener perfil | +| PATCH | `/api/v1/users/:id/profile` | Actualizar perfil | +| GET | `/api/v1/users/:id/preferences` | Obtener preferencias | +| PATCH | `/api/v1/users/:id/preferences` | Actualizar preferencias | +| POST | `/api/v1/users/:id/activate` | Activar usuario | +| POST | `/api/v1/users/:id/deactivate` | Desactivar usuario | +| GET | `/api/v1/users/search` | Buscar usuarios | + +--- + +## Tablas de Base de Datos + +| Tabla | Descripcion | +|-------|-------------| +| `users` | Datos basicos de usuarios | +| `user_profiles` | Perfil extendido (1:1) | +| `user_preferences` | Preferencias personales (1:1) | + +--- + +## Documentacion + +- **Mapa del modulo:** [_MAP.md](./_MAP.md) +- **Trazabilidad:** [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-002-users/_MAP.md b/docs/01-fase-foundation/MGN-002-users/_MAP.md new file mode 100644 index 0000000..7498ca0 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/_MAP.md @@ -0,0 +1,110 @@ +# _MAP: MGN-002 - Usuarios + +**Modulo:** MGN-002 +**Nombre:** Usuarios +**Fase:** 01 - Foundation +**Story Points:** 35 SP +**Estado:** Migrado GAMILIT +**Ultima actualizacion:** 2025-12-05 + +--- + +## Resumen + +Gestion completa de usuarios del sistema incluyendo CRUD, perfiles, preferencias, activacion/desactivacion y busqueda. + +--- + +## Metricas + +| Metrica | Valor | +|---------|-------| +| Story Points | 35 SP | +| Requerimientos (RF) | 5 | +| Especificaciones (ET) | 2 | +| User Stories (US) | 4 | +| Tablas DB | 3 | +| Endpoints API | 14 | + +--- + +## Requerimientos Funcionales (5) + +| ID | Archivo | Titulo | Prioridad | Estado | +|----|---------|--------|-----------|--------| +| RF-USER-001 | [RF-USER-001.md](./requerimientos/RF-USER-001.md) | CRUD de Usuarios | P0 | Migrado | +| RF-USER-002 | [RF-USER-002.md](./requerimientos/RF-USER-002.md) | Perfil de Usuario | P0 | Migrado | +| RF-USER-003 | [RF-USER-003.md](./requerimientos/RF-USER-003.md) | Preferencias | P1 | Migrado | +| RF-USER-004 | [RF-USER-004.md](./requerimientos/RF-USER-004.md) | Activacion/Desactivacion | P1 | Migrado | +| RF-USER-005 | [RF-USER-005.md](./requerimientos/RF-USER-005.md) | Busqueda de Usuarios | P1 | Migrado | + +**Indice:** [INDICE-RF-USER.md](./requerimientos/INDICE-RF-USER.md) + +--- + +## Especificaciones Tecnicas (2) + +| ID | Archivo | Titulo | RF Asociados | Estado | +|----|---------|--------|--------------|--------| +| ET-USERS-001 | [ET-users-backend.md](./especificaciones/ET-users-backend.md) | Backend Users | RF-USER-001 a RF-USER-005 | Migrado | +| ET-USERS-002 | [ET-USER-database.md](./especificaciones/ET-USER-database.md) | Database Users | RF-USER-001 a RF-USER-003 | Migrado | + +--- + +## Historias de Usuario (4) + +| ID | Archivo | Titulo | RF | SP | Estado | +|----|---------|--------|----|----|--------| +| US-MGN002-001 | [US-MGN002-001.md](./historias-usuario/US-MGN002-001.md) | Crear Usuario | RF-USER-001 | 5 | Migrado | +| US-MGN002-002 | [US-MGN002-002.md](./historias-usuario/US-MGN002-002.md) | Editar Usuario | RF-USER-001 | 3 | Migrado | +| US-MGN002-003 | [US-MGN002-003.md](./historias-usuario/US-MGN002-003.md) | Gestionar Perfil | RF-USER-002 | 5 | Migrado | +| US-MGN002-004 | [US-MGN002-004.md](./historias-usuario/US-MGN002-004.md) | Configurar Preferencias | RF-USER-003 | 3 | Migrado | + +**Backlog:** [BACKLOG-MGN002.md](./historias-usuario/BACKLOG-MGN002.md) + +--- + +## Implementacion + +### Database + +| Objeto | Tipo | Schema | +|--------|------|--------| +| users | Tabla | core_users | +| user_profiles | Tabla | core_users | +| user_preferences | Tabla | core_users | + +### Backend + +| Objeto | Tipo | Path | +|--------|------|------| +| UsersModule | Module | src/modules/users/ | +| UsersService | Service | src/modules/users/users.service.ts | +| UsersController | Controller | src/modules/users/users.controller.ts | + +### Frontend + +| Objeto | Tipo | Path | +|--------|------|------| +| UsersPage | Page | src/features/users/pages/UsersPage.tsx | +| UserDetailPage | Page | src/features/users/pages/UserDetailPage.tsx | +| ProfilePage | Page | src/features/users/pages/ProfilePage.tsx | + +--- + +## Dependencias + +**Depende de:** MGN-001 (Auth) + +**Requerido por:** MGN-003 (Roles), MGN-004 (Tenants), MGN-011 (RRHH) + +--- + +## Trazabilidad + +Ver: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-USER-database.md b/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-USER-database.md new file mode 100644 index 0000000..1c5189e --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-USER-database.md @@ -0,0 +1,847 @@ +# DDL-SPEC: Schema core_users + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Schema** | core_users | +| **Modulo** | MGN-002 | +| **Version** | 1.0 | +| **Estado** | En Diseño | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +El schema `core_users` contiene la tabla principal de usuarios y todas las tablas relacionadas con la gestion de perfiles, preferencias y cambios de identidad. Es el schema central de identidad del sistema. + +### Alcance + +- Tabla principal de usuarios +- Avatares e historial de imagenes +- Solicitudes de cambio de email +- Preferencias de usuario +- Activacion de cuentas + +> **Nota:** El historial de passwords reside en `core_auth.password_history` por coherencia con el modulo de autenticacion. + +--- + +## Diagrama Entidad-Relacion + +```mermaid +erDiagram + tenants ||--o{ users : "contains" + users ||--o| user_preferences : "has" + users ||--o{ user_avatars : "uploads" + users ||--o{ email_change_requests : "requests" + users ||--o{ user_activation_tokens : "receives" + users }o--o{ user_roles : "has" + roles ||--o{ user_roles : "assigned to" + + users { + uuid id PK + uuid tenant_id FK + varchar email UK + varchar password_hash + varchar first_name + varchar last_name + varchar phone + varchar avatar_url + varchar avatar_thumbnail_url + enum status + boolean is_active + timestamptz email_verified_at + timestamptz last_login_at + integer failed_login_attempts + timestamptz locked_until + jsonb metadata + timestamptz created_at + uuid created_by FK + timestamptz updated_at + uuid updated_by FK + timestamptz deleted_at + uuid deleted_by FK + } + + user_preferences { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar language + varchar timezone + varchar date_format + varchar time_format + varchar theme + boolean sidebar_collapsed + boolean compact_mode + varchar font_size + jsonb notifications + jsonb dashboard + jsonb metadata + timestamptz created_at + timestamptz updated_at + } + + user_avatars { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar original_url + varchar main_url + varchar thumbnail_url + varchar mime_type + integer file_size + boolean is_current + timestamptz created_at + } + + email_change_requests { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar current_email + varchar new_email + varchar token_hash + timestamptz expires_at + timestamptz completed_at + timestamptz created_at + } + + user_activation_tokens { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar token_hash + timestamptz expires_at + timestamptz used_at + timestamptz created_at + } + + user_roles { + uuid id PK + uuid user_id FK + uuid role_id FK + uuid tenant_id FK + timestamptz created_at + uuid created_by FK + } + + roles { + uuid id PK + uuid tenant_id FK + varchar name + varchar description + boolean is_system + timestamptz created_at + } +``` + +--- + +## Tablas + +### 1. users + +Tabla principal que almacena la informacion de todos los usuarios del sistema. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK → core_tenants.tenants | +| `email` | VARCHAR(255) | NOT NULL | - | Email unico por tenant | +| `password_hash` | VARCHAR(255) | NOT NULL | - | Hash bcrypt del password | +| `first_name` | VARCHAR(100) | NOT NULL | - | Nombre | +| `last_name` | VARCHAR(100) | NOT NULL | - | Apellido | +| `phone` | VARCHAR(20) | NULL | - | Telefono E.164 | +| `avatar_url` | VARCHAR(500) | NULL | - | URL avatar principal | +| `avatar_thumbnail_url` | VARCHAR(500) | NULL | - | URL thumbnail 50x50 | +| `status` | user_status | NOT NULL | 'pending_activation' | Estado del usuario | +| `is_active` | BOOLEAN | NOT NULL | false | Si puede operar | +| `email_verified_at` | TIMESTAMPTZ | NULL | - | Cuando verifico email | +| `last_login_at` | TIMESTAMPTZ | NULL | - | Ultimo login | +| `failed_login_attempts` | INTEGER | NOT NULL | 0 | Intentos fallidos | +| `locked_until` | TIMESTAMPTZ | NULL | - | Bloqueado hasta | +| `metadata` | JSONB | NULL | '{}' | Datos adicionales | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `created_by` | UUID | NULL | - | Usuario que creo | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Ultima actualizacion | +| `updated_by` | UUID | NULL | - | Usuario que actualizo | +| `deleted_at` | TIMESTAMPTZ | NULL | - | Soft delete timestamp | +| `deleted_by` | UUID | NULL | - | Usuario que elimino | + +#### Enum user_status + +```sql +CREATE TYPE core_users.user_status AS ENUM ( + 'pending_activation', + 'active', + 'inactive', + 'locked' +); +``` + +#### Constraints + +```sql +-- Primary Key +CONSTRAINT pk_users PRIMARY KEY (id), + +-- Unique (email unico por tenant, excluyendo eliminados) +CONSTRAINT uk_users_tenant_email UNIQUE (tenant_id, email) WHERE deleted_at IS NULL, + +-- Foreign Keys +CONSTRAINT fk_users_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_users_created_by + FOREIGN KEY (created_by) REFERENCES core_users.users(id) ON DELETE SET NULL, +CONSTRAINT fk_users_updated_by + FOREIGN KEY (updated_by) REFERENCES core_users.users(id) ON DELETE SET NULL, +CONSTRAINT fk_users_deleted_by + FOREIGN KEY (deleted_by) REFERENCES core_users.users(id) ON DELETE SET NULL, + +-- Check +CONSTRAINT chk_users_email_format + CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'), +CONSTRAINT chk_users_phone_format + CHECK (phone IS NULL OR phone ~* '^\+[0-9]{10,15}$'), +CONSTRAINT chk_users_failed_attempts + CHECK (failed_login_attempts >= 0) +``` + +#### Indices + +```sql +CREATE INDEX idx_users_tenant_id ON core_users.users(tenant_id); +CREATE INDEX idx_users_email ON core_users.users(email); +CREATE INDEX idx_users_status ON core_users.users(status) WHERE deleted_at IS NULL; +CREATE INDEX idx_users_is_active ON core_users.users(is_active) WHERE deleted_at IS NULL; +CREATE INDEX idx_users_created_at ON core_users.users(created_at DESC); +CREATE INDEX idx_users_full_name ON core_users.users(tenant_id, first_name, last_name) WHERE deleted_at IS NULL; +CREATE INDEX idx_users_not_deleted ON core_users.users(tenant_id) WHERE deleted_at IS NULL; +``` + +--- + +### 2. user_preferences + +Almacena las preferencias personalizadas de cada usuario. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → users (UNIQUE) | +| `tenant_id` | UUID | NOT NULL | - | FK → tenants | +| `language` | VARCHAR(5) | NOT NULL | 'es' | Codigo idioma ISO | +| `timezone` | VARCHAR(50) | NOT NULL | 'America/Mexico_City' | IANA timezone | +| `date_format` | VARCHAR(20) | NOT NULL | 'DD/MM/YYYY' | Formato fecha | +| `time_format` | VARCHAR(5) | NOT NULL | '24h' | 12h o 24h | +| `currency` | VARCHAR(3) | NOT NULL | 'MXN' | Moneda ISO 4217 | +| `number_format` | VARCHAR(10) | NOT NULL | 'es-MX' | Formato numeros | +| `theme` | VARCHAR(10) | NOT NULL | 'system' | light, dark, system | +| `sidebar_collapsed` | BOOLEAN | NOT NULL | false | Sidebar colapsado | +| `compact_mode` | BOOLEAN | NOT NULL | false | Modo compacto | +| `font_size` | VARCHAR(10) | NOT NULL | 'medium' | small, medium, large | +| `notifications` | JSONB | NOT NULL | '{}' | Config notificaciones | +| `dashboard` | JSONB | NOT NULL | '{}' | Config dashboard | +| `metadata` | JSONB | NULL | '{}' | Datos adicionales | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Ultima actualizacion | + +#### Constraints + +```sql +CONSTRAINT pk_user_preferences PRIMARY KEY (id), +CONSTRAINT uk_user_preferences_user UNIQUE (user_id), +CONSTRAINT fk_user_preferences_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_user_preferences_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT chk_user_preferences_language + CHECK (language IN ('es', 'en', 'pt')), +CONSTRAINT chk_user_preferences_theme + CHECK (theme IN ('light', 'dark', 'system')), +CONSTRAINT chk_user_preferences_font_size + CHECK (font_size IN ('small', 'medium', 'large')), +CONSTRAINT chk_user_preferences_time_format + CHECK (time_format IN ('12h', '24h')) +``` + +#### Indices + +```sql +CREATE INDEX idx_user_preferences_user_id ON core_users.user_preferences(user_id); +CREATE INDEX idx_user_preferences_tenant_id ON core_users.user_preferences(tenant_id); +``` + +--- + +### 3. user_avatars + +Historial de avatares subidos por usuarios. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → users | +| `tenant_id` | UUID | NOT NULL | - | FK → tenants | +| `original_url` | VARCHAR(500) | NOT NULL | - | URL original | +| `main_url` | VARCHAR(500) | NOT NULL | - | URL 200x200 | +| `thumbnail_url` | VARCHAR(500) | NOT NULL | - | URL 50x50 | +| `mime_type` | VARCHAR(50) | NOT NULL | - | image/jpeg, etc | +| `file_size` | INTEGER | NOT NULL | - | Tamano en bytes | +| `is_current` | BOOLEAN | NOT NULL | true | Si es el actual | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha subida | + +#### Constraints + +```sql +CONSTRAINT pk_user_avatars PRIMARY KEY (id), +CONSTRAINT fk_user_avatars_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_user_avatars_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT chk_user_avatars_mime_type + CHECK (mime_type IN ('image/jpeg', 'image/png', 'image/webp')), +CONSTRAINT chk_user_avatars_file_size + CHECK (file_size > 0 AND file_size <= 10485760) -- 10MB max +``` + +#### Indices + +```sql +CREATE INDEX idx_user_avatars_user_id ON core_users.user_avatars(user_id); +CREATE INDEX idx_user_avatars_current ON core_users.user_avatars(user_id) WHERE is_current = true; +``` + +--- + +### 4. email_change_requests + +Solicitudes de cambio de email pendientes. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → users | +| `tenant_id` | UUID | NOT NULL | - | FK → tenants | +| `current_email` | VARCHAR(255) | NOT NULL | - | Email actual | +| `new_email` | VARCHAR(255) | NOT NULL | - | Nuevo email | +| `token_hash` | VARCHAR(255) | NOT NULL | - | Hash del token | +| `expires_at` | TIMESTAMPTZ | NOT NULL | - | Expiracion (24h) | +| `completed_at` | TIMESTAMPTZ | NULL | - | Cuando se completo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha solicitud | + +#### Constraints + +```sql +CONSTRAINT pk_email_change_requests PRIMARY KEY (id), +CONSTRAINT fk_email_change_requests_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_email_change_requests_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE +``` + +#### Indices + +```sql +CREATE INDEX idx_email_change_requests_user ON core_users.email_change_requests(user_id); +CREATE INDEX idx_email_change_requests_active ON core_users.email_change_requests(user_id) + WHERE completed_at IS NULL AND expires_at > NOW(); +``` + +--- + +### 5. user_activation_tokens + +Tokens para activacion de cuentas nuevas. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → users | +| `tenant_id` | UUID | NOT NULL | - | FK → tenants | +| `token_hash` | VARCHAR(255) | NOT NULL | - | Hash del token | +| `expires_at` | TIMESTAMPTZ | NOT NULL | - | Expiracion (24h) | +| `used_at` | TIMESTAMPTZ | NULL | - | Cuando se uso | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | + +#### Constraints + +```sql +CONSTRAINT pk_user_activation_tokens PRIMARY KEY (id), +CONSTRAINT fk_user_activation_tokens_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_user_activation_tokens_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE +``` + +#### Indices + +```sql +CREATE INDEX idx_user_activation_tokens_user ON core_users.user_activation_tokens(user_id); +CREATE INDEX idx_user_activation_tokens_active ON core_users.user_activation_tokens(user_id) + WHERE used_at IS NULL AND expires_at > NOW(); +``` + +--- + +### 6. user_roles (Junction Table) + +Relacion muchos-a-muchos entre usuarios y roles. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `user_id` | UUID | NOT NULL | - | FK → users | +| `role_id` | UUID | NOT NULL | - | FK → roles | +| `tenant_id` | UUID | NOT NULL | - | FK → tenants | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha asignacion | +| `created_by` | UUID | NULL | - | Quien asigno | + +#### Constraints + +```sql +CONSTRAINT pk_user_roles PRIMARY KEY (id), +CONSTRAINT uk_user_roles UNIQUE (user_id, role_id), +CONSTRAINT fk_user_roles_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, +CONSTRAINT fk_user_roles_role + FOREIGN KEY (role_id) REFERENCES core_roles.roles(id) ON DELETE CASCADE, +CONSTRAINT fk_user_roles_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_user_roles_created_by + FOREIGN KEY (created_by) REFERENCES core_users.users(id) ON DELETE SET NULL +``` + +#### Indices + +```sql +CREATE INDEX idx_user_roles_user ON core_users.user_roles(user_id); +CREATE INDEX idx_user_roles_role ON core_users.user_roles(role_id); +CREATE INDEX idx_user_roles_tenant ON core_users.user_roles(tenant_id); +``` + +--- + +## Row Level Security (RLS) + +### Politicas de Seguridad + +```sql +-- Habilitar RLS +ALTER TABLE core_users.users ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_users.user_preferences ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_users.user_avatars ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_users.email_change_requests ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_users.user_activation_tokens ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_users.user_roles ENABLE ROW LEVEL SECURITY; + +-- Politica: Usuarios solo ven usuarios de su tenant +CREATE POLICY tenant_isolation_users ON core_users.users + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +-- Politica: Usuario ve su propio perfil o es admin +CREATE POLICY self_or_admin_users ON core_users.users + FOR SELECT + USING ( + id = current_setting('app.current_user_id')::uuid + OR current_setting('app.is_admin')::boolean = true + ); + +-- Politica: Solo el usuario ve sus preferencias +CREATE POLICY owner_only_preferences ON core_users.user_preferences + FOR ALL + USING (user_id = current_setting('app.current_user_id')::uuid); + +-- Politica: Solo el usuario ve sus avatares +CREATE POLICY owner_only_avatars ON core_users.user_avatars + FOR ALL + USING (user_id = current_setting('app.current_user_id')::uuid); + +-- Politica: Solo el usuario ve sus solicitudes de cambio +CREATE POLICY owner_only_email_changes ON core_users.email_change_requests + FOR ALL + USING (user_id = current_setting('app.current_user_id')::uuid); +``` + +--- + +## Triggers + +### 1. Actualizar updated_at automaticamente + +```sql +CREATE OR REPLACE FUNCTION core_users.update_updated_at() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = NOW(); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_users_updated_at +BEFORE UPDATE ON core_users.users +FOR EACH ROW +EXECUTE FUNCTION core_users.update_updated_at(); + +CREATE TRIGGER trg_user_preferences_updated_at +BEFORE UPDATE ON core_users.user_preferences +FOR EACH ROW +EXECUTE FUNCTION core_users.update_updated_at(); +``` + +### 2. Crear preferencias por defecto al crear usuario + +```sql +CREATE OR REPLACE FUNCTION core_users.create_default_preferences() +RETURNS TRIGGER AS $$ +BEGIN + INSERT INTO core_users.user_preferences (user_id, tenant_id) + VALUES (NEW.id, NEW.tenant_id); + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_create_default_preferences +AFTER INSERT ON core_users.users +FOR EACH ROW +EXECUTE FUNCTION core_users.create_default_preferences(); +``` + +### 3. Marcar avatar anterior como no actual + +```sql +CREATE OR REPLACE FUNCTION core_users.update_current_avatar() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.is_current = true THEN + UPDATE core_users.user_avatars + SET is_current = false + WHERE user_id = NEW.user_id + AND id != NEW.id + AND is_current = true; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_update_current_avatar +AFTER INSERT OR UPDATE ON core_users.user_avatars +FOR EACH ROW +WHEN (NEW.is_current = true) +EXECUTE FUNCTION core_users.update_current_avatar(); +``` + +### 4. Sincronizar avatar_url en users + +```sql +CREATE OR REPLACE FUNCTION core_users.sync_avatar_url() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.is_current = true THEN + UPDATE core_users.users + SET avatar_url = NEW.main_url, + avatar_thumbnail_url = NEW.thumbnail_url + WHERE id = NEW.user_id; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_sync_avatar_url +AFTER INSERT OR UPDATE ON core_users.user_avatars +FOR EACH ROW +WHEN (NEW.is_current = true) +EXECUTE FUNCTION core_users.sync_avatar_url(); +``` + +--- + +## Funciones de Utilidad + +### 1. Buscar usuarios por texto + +```sql +CREATE OR REPLACE FUNCTION core_users.search_users( + p_tenant_id UUID, + p_search TEXT, + p_limit INTEGER DEFAULT 20, + p_offset INTEGER DEFAULT 0 +) +RETURNS TABLE ( + id UUID, + email VARCHAR, + first_name VARCHAR, + last_name VARCHAR, + status user_status, + avatar_thumbnail_url VARCHAR +) AS $$ +BEGIN + RETURN QUERY + SELECT + u.id, + u.email, + u.first_name, + u.last_name, + u.status, + u.avatar_thumbnail_url + FROM core_users.users u + WHERE u.tenant_id = p_tenant_id + AND u.deleted_at IS NULL + AND ( + u.email ILIKE '%' || p_search || '%' + OR u.first_name ILIKE '%' || p_search || '%' + OR u.last_name ILIKE '%' || p_search || '%' + OR CONCAT(u.first_name, ' ', u.last_name) ILIKE '%' || p_search || '%' + ) + ORDER BY u.first_name, u.last_name + LIMIT p_limit + OFFSET p_offset; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### 2. Obtener usuario con roles + +```sql +CREATE OR REPLACE FUNCTION core_users.get_user_with_roles(p_user_id UUID) +RETURNS TABLE ( + user_data JSONB, + roles JSONB +) AS $$ +BEGIN + RETURN QUERY + SELECT + to_jsonb(u.*) - 'password_hash' AS user_data, + COALESCE( + jsonb_agg( + jsonb_build_object('id', r.id, 'name', r.name) + ) FILTER (WHERE r.id IS NOT NULL), + '[]'::jsonb + ) AS roles + FROM core_users.users u + LEFT JOIN core_users.user_roles ur ON u.id = ur.user_id + LEFT JOIN core_roles.roles r ON ur.role_id = r.id + WHERE u.id = p_user_id + GROUP BY u.id; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +--- + +## Scripts de Migracion + +### Crear Schema + +```sql +-- 001_create_schema_core_users.sql +CREATE SCHEMA IF NOT EXISTS core_users; + +COMMENT ON SCHEMA core_users IS 'Schema para gestion de usuarios, perfiles y preferencias'; + +-- Crear enum +CREATE TYPE core_users.user_status AS ENUM ( + 'pending_activation', + 'active', + 'inactive', + 'locked' +); +``` + +### Crear Tablas + +```sql +-- 002_create_tables_core_users.sql + +-- users +CREATE TABLE IF NOT EXISTS core_users.users ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL, + email VARCHAR(255) NOT NULL, + password_hash VARCHAR(255) NOT NULL, + first_name VARCHAR(100) NOT NULL, + last_name VARCHAR(100) NOT NULL, + phone VARCHAR(20), + avatar_url VARCHAR(500), + avatar_thumbnail_url VARCHAR(500), + status core_users.user_status NOT NULL DEFAULT 'pending_activation', + is_active BOOLEAN NOT NULL DEFAULT false, + email_verified_at TIMESTAMPTZ, + last_login_at TIMESTAMPTZ, + failed_login_attempts INTEGER NOT NULL DEFAULT 0, + locked_until TIMESTAMPTZ, + metadata JSONB DEFAULT '{}', + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID, + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_by UUID, + deleted_at TIMESTAMPTZ, + deleted_by UUID, + + CONSTRAINT uk_users_tenant_email UNIQUE (tenant_id, email), + CONSTRAINT chk_users_email_format + CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'), + CONSTRAINT chk_users_phone_format + CHECK (phone IS NULL OR phone ~* '^\+[0-9]{10,15}$'), + CONSTRAINT chk_users_failed_attempts + CHECK (failed_login_attempts >= 0) +); + +-- user_preferences +CREATE TABLE IF NOT EXISTS core_users.user_preferences ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL UNIQUE, + tenant_id UUID NOT NULL, + language VARCHAR(5) NOT NULL DEFAULT 'es', + timezone VARCHAR(50) NOT NULL DEFAULT 'America/Mexico_City', + date_format VARCHAR(20) NOT NULL DEFAULT 'DD/MM/YYYY', + time_format VARCHAR(5) NOT NULL DEFAULT '24h', + currency VARCHAR(3) NOT NULL DEFAULT 'MXN', + number_format VARCHAR(10) NOT NULL DEFAULT 'es-MX', + theme VARCHAR(10) NOT NULL DEFAULT 'system', + sidebar_collapsed BOOLEAN NOT NULL DEFAULT false, + compact_mode BOOLEAN NOT NULL DEFAULT false, + font_size VARCHAR(10) NOT NULL DEFAULT 'medium', + notifications JSONB NOT NULL DEFAULT '{}', + dashboard JSONB NOT NULL DEFAULT '{}', + metadata JSONB DEFAULT '{}', + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT fk_user_preferences_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, + CONSTRAINT chk_user_preferences_language + CHECK (language IN ('es', 'en', 'pt')), + CONSTRAINT chk_user_preferences_theme + CHECK (theme IN ('light', 'dark', 'system')), + CONSTRAINT chk_user_preferences_font_size + CHECK (font_size IN ('small', 'medium', 'large')), + CONSTRAINT chk_user_preferences_time_format + CHECK (time_format IN ('12h', '24h')) +); + +-- user_avatars +CREATE TABLE IF NOT EXISTS core_users.user_avatars ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + original_url VARCHAR(500) NOT NULL, + main_url VARCHAR(500) NOT NULL, + thumbnail_url VARCHAR(500) NOT NULL, + mime_type VARCHAR(50) NOT NULL, + file_size INTEGER NOT NULL, + is_current BOOLEAN NOT NULL DEFAULT true, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT fk_user_avatars_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, + CONSTRAINT chk_user_avatars_mime_type + CHECK (mime_type IN ('image/jpeg', 'image/png', 'image/webp')), + CONSTRAINT chk_user_avatars_file_size + CHECK (file_size > 0 AND file_size <= 10485760) +); + +-- email_change_requests +CREATE TABLE IF NOT EXISTS core_users.email_change_requests ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + current_email VARCHAR(255) NOT NULL, + new_email VARCHAR(255) NOT NULL, + token_hash VARCHAR(255) NOT NULL, + expires_at TIMESTAMPTZ NOT NULL, + completed_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT fk_email_change_requests_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE +); + +-- user_activation_tokens +CREATE TABLE IF NOT EXISTS core_users.user_activation_tokens ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + tenant_id UUID NOT NULL, + token_hash VARCHAR(255) NOT NULL, + expires_at TIMESTAMPTZ NOT NULL, + used_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT fk_user_activation_tokens_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE +); + +-- user_roles +CREATE TABLE IF NOT EXISTS core_users.user_roles ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL, + role_id UUID NOT NULL, + tenant_id UUID NOT NULL, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + created_by UUID, + + CONSTRAINT uk_user_roles UNIQUE (user_id, role_id), + CONSTRAINT fk_user_roles_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE CASCADE, + CONSTRAINT fk_user_roles_created_by + FOREIGN KEY (created_by) REFERENCES core_users.users(id) ON DELETE SET NULL +); +``` + +--- + +## Consideraciones de Performance + +| Tabla | Volumen Esperado | Estrategia | +|-------|------------------|------------| +| users | Medio (miles) | Indices por tenant, paginacion | +| user_preferences | 1:1 con users | Join eficiente por PK | +| user_avatars | Bajo (1-5 por user) | Cleanup de antiguos | +| email_change_requests | Bajo | TTL cleanup | +| user_activation_tokens | Bajo | TTL cleanup | +| user_roles | Bajo (1-5 por user) | Indices compuestos | + +--- + +## Notas de Seguridad + +1. **Nunca exponer password_hash** - Excluir en queries SELECT +2. **RLS obligatorio** - Aislamiento por tenant +3. **Soft delete** - Mantener historial para auditoria +4. **Tokens hasheados** - No almacenar tokens planos +5. **Validacion de email** - Prevenir inyeccion + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| DBA | - | - | [ ] | +| Tech Lead | - | - | [ ] | +| Security | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-users-backend.md b/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-users-backend.md new file mode 100644 index 0000000..5322775 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/especificaciones/ET-users-backend.md @@ -0,0 +1,1247 @@ +# Especificacion Tecnica Backend - MGN-002 Users + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-002 | +| **Nombre** | Users - Gestion de Usuarios | +| **Version** | 1.0 | +| **Framework** | NestJS | +| **Estado** | En Diseño | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Estructura del Modulo + +``` +src/modules/users/ +├── users.module.ts +├── controllers/ +│ ├── users.controller.ts +│ └── profile.controller.ts +├── services/ +│ ├── users.service.ts +│ ├── profile.service.ts +│ ├── avatar.service.ts +│ └── preferences.service.ts +├── dto/ +│ ├── create-user.dto.ts +│ ├── update-user.dto.ts +│ ├── user-response.dto.ts +│ ├── user-list-query.dto.ts +│ ├── update-profile.dto.ts +│ ├── profile-response.dto.ts +│ ├── change-password.dto.ts +│ ├── request-email-change.dto.ts +│ └── update-preferences.dto.ts +├── entities/ +│ ├── user.entity.ts +│ ├── user-preference.entity.ts +│ ├── user-avatar.entity.ts +│ ├── email-change-request.entity.ts +│ └── user-activation-token.entity.ts +├── interfaces/ +│ ├── user-status.enum.ts +│ └── user-preferences.interface.ts +└── guards/ + └── user-owner.guard.ts +``` + +--- + +## Entidades + +### User Entity + +```typescript +// entities/user.entity.ts +import { + Entity, PrimaryGeneratedColumn, Column, ManyToOne, OneToMany, + OneToOne, CreateDateColumn, UpdateDateColumn, Index, DeleteDateColumn +} from 'typeorm'; +import { Tenant } from '../../tenants/entities/tenant.entity'; +import { UserPreference } from './user-preference.entity'; +import { UserAvatar } from './user-avatar.entity'; +import { UserRole } from '../../roles/entities/user-role.entity'; +import { UserStatus } from '../interfaces/user-status.enum'; + +@Entity({ schema: 'core_users', name: 'users' }) +@Index(['tenantId', 'email'], { unique: true, where: '"deleted_at" IS NULL' }) +export class User { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'tenant_id', type: 'uuid' }) + tenantId: string; + + @ManyToOne(() => Tenant, { onDelete: 'CASCADE' }) + tenant: Tenant; + + @Column({ type: 'varchar', length: 255 }) + email: string; + + @Column({ name: 'password_hash', type: 'varchar', length: 255, select: false }) + passwordHash: string; + + @Column({ name: 'first_name', type: 'varchar', length: 100 }) + firstName: string; + + @Column({ name: 'last_name', type: 'varchar', length: 100 }) + lastName: string; + + @Column({ type: 'varchar', length: 20, nullable: true }) + phone: string | null; + + @Column({ name: 'avatar_url', type: 'varchar', length: 500, nullable: true }) + avatarUrl: string | null; + + @Column({ name: 'avatar_thumbnail_url', type: 'varchar', length: 500, nullable: true }) + avatarThumbnailUrl: string | null; + + @Column({ type: 'enum', enum: UserStatus, default: UserStatus.PENDING_ACTIVATION }) + status: UserStatus; + + @Column({ name: 'is_active', type: 'boolean', default: false }) + isActive: boolean; + + @Column({ name: 'email_verified_at', type: 'timestamptz', nullable: true }) + emailVerifiedAt: Date | null; + + @Column({ name: 'last_login_at', type: 'timestamptz', nullable: true }) + lastLoginAt: Date | null; + + @Column({ name: 'failed_login_attempts', type: 'integer', default: 0 }) + failedLoginAttempts: number; + + @Column({ name: 'locked_until', type: 'timestamptz', nullable: true }) + lockedUntil: Date | null; + + @Column({ type: 'jsonb', default: {} }) + metadata: Record; + + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @Column({ name: 'created_by', type: 'uuid', nullable: true }) + createdBy: string | null; + + @UpdateDateColumn({ name: 'updated_at', type: 'timestamptz' }) + updatedAt: Date; + + @Column({ name: 'updated_by', type: 'uuid', nullable: true }) + updatedBy: string | null; + + @DeleteDateColumn({ name: 'deleted_at', type: 'timestamptz' }) + deletedAt: Date | null; + + @Column({ name: 'deleted_by', type: 'uuid', nullable: true }) + deletedBy: string | null; + + // Relations + @OneToOne(() => UserPreference, (pref) => pref.user) + preferences: UserPreference; + + @OneToMany(() => UserAvatar, (avatar) => avatar.user) + avatars: UserAvatar[]; + + @OneToMany(() => UserRole, (userRole) => userRole.user) + userRoles: UserRole[]; + + // Virtual property + get fullName(): string { + return `${this.firstName} ${this.lastName}`; + } +} +``` + +### UserPreference Entity + +```typescript +// entities/user-preference.entity.ts +@Entity({ schema: 'core_users', name: 'user_preferences' }) +export class UserPreference { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'user_id', type: 'uuid' }) + userId: string; + + @OneToOne(() => User, (user) => user.preferences, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'user_id' }) + user: User; + + @Column({ name: 'tenant_id', type: 'uuid' }) + tenantId: string; + + @Column({ type: 'varchar', length: 5, default: 'es' }) + language: string; + + @Column({ type: 'varchar', length: 50, default: 'America/Mexico_City' }) + timezone: string; + + @Column({ name: 'date_format', type: 'varchar', length: 20, default: 'DD/MM/YYYY' }) + dateFormat: string; + + @Column({ name: 'time_format', type: 'varchar', length: 5, default: '24h' }) + timeFormat: string; + + @Column({ type: 'varchar', length: 3, default: 'MXN' }) + currency: string; + + @Column({ name: 'number_format', type: 'varchar', length: 10, default: 'es-MX' }) + numberFormat: string; + + @Column({ type: 'varchar', length: 10, default: 'system' }) + theme: string; + + @Column({ name: 'sidebar_collapsed', type: 'boolean', default: false }) + sidebarCollapsed: boolean; + + @Column({ name: 'compact_mode', type: 'boolean', default: false }) + compactMode: boolean; + + @Column({ name: 'font_size', type: 'varchar', length: 10, default: 'medium' }) + fontSize: string; + + @Column({ type: 'jsonb', default: {} }) + notifications: NotificationPreferences; + + @Column({ type: 'jsonb', default: {} }) + dashboard: DashboardPreferences; + + @Column({ type: 'jsonb', default: {} }) + metadata: Record; + + @CreateDateColumn({ name: 'created_at', type: 'timestamptz' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at', type: 'timestamptz' }) + updatedAt: Date; +} +``` + +### UserStatus Enum + +```typescript +// interfaces/user-status.enum.ts +export enum UserStatus { + PENDING_ACTIVATION = 'pending_activation', + ACTIVE = 'active', + INACTIVE = 'inactive', + LOCKED = 'locked', +} +``` + +--- + +## DTOs + +### CreateUserDto + +```typescript +// dto/create-user.dto.ts +import { + IsEmail, IsString, MinLength, MaxLength, IsOptional, + IsArray, IsUUID, Matches +} from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; + +export class CreateUserDto { + @ApiProperty({ example: 'john.doe@example.com' }) + @IsEmail({}, { message: 'Email invalido' }) + email: string; + + @ApiProperty({ example: 'Juan', minLength: 2, maxLength: 100 }) + @IsString() + @MinLength(2, { message: 'Nombre debe tener al menos 2 caracteres' }) + @MaxLength(100, { message: 'Nombre no puede exceder 100 caracteres' }) + firstName: string; + + @ApiProperty({ example: 'Perez', minLength: 2, maxLength: 100 }) + @IsString() + @MinLength(2, { message: 'Apellido debe tener al menos 2 caracteres' }) + @MaxLength(100, { message: 'Apellido no puede exceder 100 caracteres' }) + lastName: string; + + @ApiPropertyOptional({ example: '+521234567890' }) + @IsOptional() + @Matches(/^\+[0-9]{10,15}$/, { message: 'Telefono debe estar en formato E.164' }) + phone?: string; + + @ApiPropertyOptional({ type: [String], example: ['role-uuid-1'] }) + @IsOptional() + @IsArray() + @IsUUID('4', { each: true }) + roleIds?: string[]; + + @ApiPropertyOptional() + @IsOptional() + metadata?: Record; +} +``` + +### UpdateUserDto + +```typescript +// dto/update-user.dto.ts +import { PartialType, OmitType } from '@nestjs/swagger'; +import { IsEnum, IsBoolean, IsOptional } from 'class-validator'; +import { CreateUserDto } from './create-user.dto'; +import { UserStatus } from '../interfaces/user-status.enum'; + +export class UpdateUserDto extends PartialType( + OmitType(CreateUserDto, ['email'] as const), +) { + @IsOptional() + @IsEnum(UserStatus) + status?: UserStatus; + + @IsOptional() + @IsBoolean() + isActive?: boolean; +} +``` + +### UserResponseDto + +```typescript +// dto/user-response.dto.ts +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; +import { UserStatus } from '../interfaces/user-status.enum'; + +export class UserResponseDto { + @ApiProperty() + id: string; + + @ApiProperty() + email: string; + + @ApiProperty() + firstName: string; + + @ApiProperty() + lastName: string; + + @ApiProperty() + fullName: string; + + @ApiPropertyOptional() + phone?: string; + + @ApiPropertyOptional() + avatarUrl?: string; + + @ApiPropertyOptional() + avatarThumbnailUrl?: string; + + @ApiProperty({ enum: UserStatus }) + status: UserStatus; + + @ApiProperty() + isActive: boolean; + + @ApiPropertyOptional() + emailVerifiedAt?: Date; + + @ApiPropertyOptional() + lastLoginAt?: Date; + + @ApiProperty() + createdAt: Date; + + @ApiProperty() + updatedAt: Date; + + @ApiPropertyOptional() + roles?: { id: string; name: string }[]; +} +``` + +### UserListQueryDto + +```typescript +// dto/user-list-query.dto.ts +import { IsOptional, IsString, IsEnum, IsInt, Min, Max } from 'class-validator'; +import { Type } from 'class-transformer'; +import { ApiPropertyOptional } from '@nestjs/swagger'; +import { UserStatus } from '../interfaces/user-status.enum'; + +export class UserListQueryDto { + @ApiPropertyOptional({ default: 1 }) + @IsOptional() + @Type(() => Number) + @IsInt() + @Min(1) + page?: number = 1; + + @ApiPropertyOptional({ default: 20, maximum: 100 }) + @IsOptional() + @Type(() => Number) + @IsInt() + @Min(1) + @Max(100) + limit?: number = 20; + + @ApiPropertyOptional() + @IsOptional() + @IsString() + search?: string; + + @ApiPropertyOptional({ enum: UserStatus }) + @IsOptional() + @IsEnum(UserStatus) + status?: UserStatus; + + @ApiPropertyOptional() + @IsOptional() + @IsString() + roleId?: string; + + @ApiPropertyOptional({ enum: ['createdAt', 'firstName', 'lastName', 'email'] }) + @IsOptional() + @IsString() + sortBy?: string = 'createdAt'; + + @ApiPropertyOptional({ enum: ['ASC', 'DESC'] }) + @IsOptional() + @IsString() + sortOrder?: 'ASC' | 'DESC' = 'DESC'; +} +``` + +### UpdateProfileDto + +```typescript +// dto/update-profile.dto.ts +import { IsString, MinLength, MaxLength, IsOptional, Matches } from 'class-validator'; +import { ApiPropertyOptional } from '@nestjs/swagger'; + +export class UpdateProfileDto { + @ApiPropertyOptional({ example: 'Juan' }) + @IsOptional() + @IsString() + @MinLength(2) + @MaxLength(100) + firstName?: string; + + @ApiPropertyOptional({ example: 'Perez' }) + @IsOptional() + @IsString() + @MinLength(2) + @MaxLength(100) + lastName?: string; + + @ApiPropertyOptional({ example: '+521234567890' }) + @IsOptional() + @Matches(/^\+[0-9]{10,15}$/, { message: 'Telefono debe estar en formato E.164' }) + phone?: string; +} +``` + +### ChangePasswordDto + +```typescript +// dto/change-password.dto.ts +import { IsString, MinLength, MaxLength, Matches, IsBoolean, IsOptional } from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; + +export class ChangePasswordDto { + @ApiProperty() + @IsString() + currentPassword: string; + + @ApiProperty({ minLength: 8 }) + @IsString() + @MinLength(8, { message: 'Password debe tener al menos 8 caracteres' }) + @MaxLength(128) + @Matches( + /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]/, + { message: 'Password debe incluir mayuscula, minuscula, numero y caracter especial' }, + ) + newPassword: string; + + @ApiProperty() + @IsString() + confirmPassword: string; + + @ApiPropertyOptional({ default: false }) + @IsOptional() + @IsBoolean() + logoutOtherSessions?: boolean = false; +} +``` + +### RequestEmailChangeDto + +```typescript +// dto/request-email-change.dto.ts +import { IsEmail, IsString } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class RequestEmailChangeDto { + @ApiProperty({ example: 'newemail@example.com' }) + @IsEmail({}, { message: 'Email invalido' }) + newEmail: string; + + @ApiProperty() + @IsString() + currentPassword: string; +} +``` + +### UpdatePreferencesDto + +```typescript +// dto/update-preferences.dto.ts +import { IsString, IsBoolean, IsOptional, IsIn, ValidateNested } from 'class-validator'; +import { Type } from 'class-transformer'; +import { ApiPropertyOptional } from '@nestjs/swagger'; + +class NotificationEmailDto { + @IsOptional() + @IsBoolean() + enabled?: boolean; + + @IsOptional() + @IsIn(['instant', 'daily', 'weekly']) + digest?: string; + + @IsOptional() + @IsBoolean() + marketing?: boolean; + + @IsOptional() + @IsBoolean() + security?: boolean; + + @IsOptional() + @IsBoolean() + updates?: boolean; +} + +class NotificationsDto { + @IsOptional() + @ValidateNested() + @Type(() => NotificationEmailDto) + email?: NotificationEmailDto; + + @IsOptional() + push?: { enabled?: boolean; sound?: boolean }; + + @IsOptional() + inApp?: { enabled?: boolean; desktop?: boolean }; +} + +export class UpdatePreferencesDto { + @ApiPropertyOptional({ enum: ['es', 'en', 'pt'] }) + @IsOptional() + @IsIn(['es', 'en', 'pt']) + language?: string; + + @ApiPropertyOptional() + @IsOptional() + @IsString() + timezone?: string; + + @ApiPropertyOptional({ enum: ['DD/MM/YYYY', 'MM/DD/YYYY', 'YYYY-MM-DD'] }) + @IsOptional() + @IsIn(['DD/MM/YYYY', 'MM/DD/YYYY', 'YYYY-MM-DD']) + dateFormat?: string; + + @ApiPropertyOptional({ enum: ['12h', '24h'] }) + @IsOptional() + @IsIn(['12h', '24h']) + timeFormat?: string; + + @ApiPropertyOptional({ enum: ['light', 'dark', 'system'] }) + @IsOptional() + @IsIn(['light', 'dark', 'system']) + theme?: string; + + @ApiPropertyOptional() + @IsOptional() + @IsBoolean() + sidebarCollapsed?: boolean; + + @ApiPropertyOptional() + @IsOptional() + @IsBoolean() + compactMode?: boolean; + + @ApiPropertyOptional({ enum: ['small', 'medium', 'large'] }) + @IsOptional() + @IsIn(['small', 'medium', 'large']) + fontSize?: string; + + @ApiPropertyOptional() + @IsOptional() + @ValidateNested() + @Type(() => NotificationsDto) + notifications?: NotificationsDto; + + @ApiPropertyOptional() + @IsOptional() + dashboard?: { defaultView?: string; widgets?: string[] }; +} +``` + +--- + +## Endpoints + +### Resumen de Endpoints + +#### Gestion de Usuarios (Admin) + +| Metodo | Ruta | Descripcion | Permisos | +|--------|------|-------------|----------| +| POST | `/api/v1/users` | Crear usuario | users:create | +| GET | `/api/v1/users` | Listar usuarios | users:read | +| GET | `/api/v1/users/:id` | Obtener usuario | users:read | +| PATCH | `/api/v1/users/:id` | Actualizar usuario | users:update | +| DELETE | `/api/v1/users/:id` | Eliminar usuario | users:delete | +| POST | `/api/v1/users/:id/activate` | Activar usuario | users:update | +| POST | `/api/v1/users/:id/deactivate` | Desactivar usuario | users:update | +| POST | `/api/v1/users/:id/resend-invitation` | Reenviar invitacion | users:update | + +#### Perfil Personal (Self-service) + +| Metodo | Ruta | Descripcion | +|--------|------|-------------| +| GET | `/api/v1/users/me` | Obtener mi perfil | +| PATCH | `/api/v1/users/me` | Actualizar mi perfil | +| POST | `/api/v1/users/me/avatar` | Subir avatar | +| DELETE | `/api/v1/users/me/avatar` | Eliminar avatar | +| POST | `/api/v1/users/me/password` | Cambiar password | +| POST | `/api/v1/users/me/email/request-change` | Solicitar cambio email | +| GET | `/api/v1/users/email/verify-change` | Verificar cambio email | +| GET | `/api/v1/users/me/preferences` | Obtener preferencias | +| PATCH | `/api/v1/users/me/preferences` | Actualizar preferencias | +| POST | `/api/v1/users/me/preferences/reset` | Reset preferencias | + +--- + +## Controllers + +### UsersController (Admin) + +```typescript +// controllers/users.controller.ts +@ApiTags('Users') +@Controller('api/v1/users') +@UseGuards(JwtAuthGuard, RolesGuard) +export class UsersController { + constructor(private readonly usersService: UsersService) {} + + @Post() + @Permissions('users:create') + @ApiOperation({ summary: 'Crear nuevo usuario' }) + @ApiResponse({ status: 201, type: UserResponseDto }) + async create( + @Body() dto: CreateUserDto, + @CurrentUser() currentUser: JwtPayload, + ): Promise { + return this.usersService.create(dto, currentUser); + } + + @Get() + @Permissions('users:read') + @ApiOperation({ summary: 'Listar usuarios' }) + @ApiResponse({ status: 200, type: PaginatedResponse }) + async findAll( + @Query() query: UserListQueryDto, + @CurrentUser() currentUser: JwtPayload, + ): Promise> { + return this.usersService.findAll(query, currentUser.tid); + } + + @Get(':id') + @Permissions('users:read') + @ApiOperation({ summary: 'Obtener usuario por ID' }) + @ApiResponse({ status: 200, type: UserResponseDto }) + async findOne( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser() currentUser: JwtPayload, + ): Promise { + return this.usersService.findOne(id, currentUser.tid); + } + + @Patch(':id') + @Permissions('users:update') + @ApiOperation({ summary: 'Actualizar usuario' }) + @ApiResponse({ status: 200, type: UserResponseDto }) + async update( + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: UpdateUserDto, + @CurrentUser() currentUser: JwtPayload, + ): Promise { + return this.usersService.update(id, dto, currentUser); + } + + @Delete(':id') + @Permissions('users:delete') + @ApiOperation({ summary: 'Eliminar usuario (soft delete)' }) + @ApiResponse({ status: 200 }) + async remove( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser() currentUser: JwtPayload, + ): Promise<{ message: string }> { + return this.usersService.remove(id, currentUser); + } + + @Post(':id/activate') + @Permissions('users:update') + @ApiOperation({ summary: 'Activar usuario' }) + async activate( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser() currentUser: JwtPayload, + ): Promise { + return this.usersService.activate(id, currentUser); + } + + @Post(':id/deactivate') + @Permissions('users:update') + @ApiOperation({ summary: 'Desactivar usuario' }) + async deactivate( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser() currentUser: JwtPayload, + ): Promise { + return this.usersService.deactivate(id, currentUser); + } +} +``` + +### ProfileController (Self-service) + +```typescript +// controllers/profile.controller.ts +@ApiTags('Profile') +@Controller('api/v1/users') +@UseGuards(JwtAuthGuard) +export class ProfileController { + constructor( + private readonly profileService: ProfileService, + private readonly avatarService: AvatarService, + private readonly preferencesService: PreferencesService, + ) {} + + @Get('me') + @ApiOperation({ summary: 'Obtener mi perfil' }) + @ApiResponse({ status: 200, type: ProfileResponseDto }) + async getProfile(@CurrentUser() user: JwtPayload): Promise { + return this.profileService.getProfile(user.sub); + } + + @Patch('me') + @ApiOperation({ summary: 'Actualizar mi perfil' }) + @ApiResponse({ status: 200, type: ProfileResponseDto }) + async updateProfile( + @Body() dto: UpdateProfileDto, + @CurrentUser() user: JwtPayload, + ): Promise { + return this.profileService.updateProfile(user.sub, dto); + } + + @Post('me/avatar') + @UseInterceptors(FileInterceptor('avatar', avatarUploadOptions)) + @ApiOperation({ summary: 'Subir avatar' }) + @ApiConsumes('multipart/form-data') + async uploadAvatar( + @UploadedFile() file: Express.Multer.File, + @CurrentUser() user: JwtPayload, + ): Promise<{ avatarUrl: string; avatarThumbnailUrl: string }> { + return this.avatarService.upload(user.sub, file); + } + + @Delete('me/avatar') + @ApiOperation({ summary: 'Eliminar avatar' }) + async deleteAvatar(@CurrentUser() user: JwtPayload): Promise<{ message: string }> { + await this.avatarService.delete(user.sub); + return { message: 'Avatar eliminado' }; + } + + @Post('me/password') + @ApiOperation({ summary: 'Cambiar password' }) + async changePassword( + @Body() dto: ChangePasswordDto, + @CurrentUser() user: JwtPayload, + ): Promise<{ message: string; sessionsInvalidated?: number }> { + return this.profileService.changePassword(user.sub, dto); + } + + @Post('me/email/request-change') + @ApiOperation({ summary: 'Solicitar cambio de email' }) + async requestEmailChange( + @Body() dto: RequestEmailChangeDto, + @CurrentUser() user: JwtPayload, + ): Promise<{ message: string; expiresAt: Date }> { + return this.profileService.requestEmailChange(user.sub, dto); + } + + @Get('email/verify-change') + @Public() + @ApiOperation({ summary: 'Verificar cambio de email' }) + async verifyEmailChange( + @Query('token') token: string, + @Res() res: Response, + ): Promise { + await this.profileService.verifyEmailChange(token); + res.redirect('/login?emailChanged=true'); + } + + @Get('me/preferences') + @ApiOperation({ summary: 'Obtener preferencias' }) + async getPreferences(@CurrentUser() user: JwtPayload): Promise { + return this.preferencesService.getPreferences(user.sub); + } + + @Patch('me/preferences') + @ApiOperation({ summary: 'Actualizar preferencias' }) + async updatePreferences( + @Body() dto: UpdatePreferencesDto, + @CurrentUser() user: JwtPayload, + ): Promise { + return this.preferencesService.updatePreferences(user.sub, dto); + } + + @Post('me/preferences/reset') + @ApiOperation({ summary: 'Resetear preferencias a valores por defecto' }) + async resetPreferences(@CurrentUser() user: JwtPayload): Promise { + return this.preferencesService.resetPreferences(user.sub); + } +} +``` + +--- + +## Services + +### UsersService + +```typescript +// services/users.service.ts +@Injectable() +export class UsersService { + constructor( + @InjectRepository(User) + private readonly userRepository: Repository, + @InjectRepository(UserRole) + private readonly userRoleRepository: Repository, + private readonly emailService: EmailService, + private readonly activationService: ActivationService, + ) {} + + async create(dto: CreateUserDto, currentUser: JwtPayload): Promise { + const tenantId = currentUser.tid; + + // Verificar email unico + const existing = await this.userRepository.findOne({ + where: { tenantId, email: dto.email.toLowerCase() }, + }); + if (existing) { + throw new ConflictException('El email ya esta registrado'); + } + + // Crear usuario + const user = this.userRepository.create({ + ...dto, + email: dto.email.toLowerCase(), + tenantId, + passwordHash: await this.generateTemporaryPassword(), + status: UserStatus.PENDING_ACTIVATION, + isActive: false, + createdBy: currentUser.sub, + }); + + await this.userRepository.save(user); + + // Asignar roles + if (dto.roleIds?.length) { + await this.assignRoles(user.id, dto.roleIds, tenantId, currentUser.sub); + } + + // Generar token de activacion y enviar email + const activationToken = await this.activationService.generateToken(user.id, tenantId); + await this.emailService.sendInvitationEmail(user.email, activationToken, user.firstName); + + return this.toResponseDto(user); + } + + async findAll(query: UserListQueryDto, tenantId: string): Promise> { + const { page, limit, search, status, roleId, sortBy, sortOrder } = query; + + const qb = this.userRepository + .createQueryBuilder('user') + .leftJoinAndSelect('user.userRoles', 'userRole') + .leftJoinAndSelect('userRole.role', 'role') + .where('user.tenantId = :tenantId', { tenantId }) + .andWhere('user.deletedAt IS NULL'); + + // Filtros + if (search) { + qb.andWhere( + '(user.email ILIKE :search OR user.firstName ILIKE :search OR user.lastName ILIKE :search)', + { search: `%${search}%` }, + ); + } + if (status) { + qb.andWhere('user.status = :status', { status }); + } + if (roleId) { + qb.andWhere('userRole.roleId = :roleId', { roleId }); + } + + // Ordenamiento + qb.orderBy(`user.${sortBy}`, sortOrder); + + // Paginacion + const total = await qb.getCount(); + const users = await qb + .skip((page - 1) * limit) + .take(limit) + .getMany(); + + return { + data: users.map(this.toResponseDto), + meta: { + total, + page, + limit, + totalPages: Math.ceil(total / limit), + hasNext: page * limit < total, + hasPrev: page > 1, + }, + }; + } + + async findOne(id: string, tenantId: string): Promise { + const user = await this.userRepository.findOne({ + where: { id, tenantId }, + relations: ['userRoles', 'userRoles.role'], + }); + + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + return this.toResponseDto(user); + } + + async update(id: string, dto: UpdateUserDto, currentUser: JwtPayload): Promise { + const user = await this.userRepository.findOne({ + where: { id, tenantId: currentUser.tid }, + }); + + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + Object.assign(user, { + ...dto, + updatedBy: currentUser.sub, + }); + + await this.userRepository.save(user); + + // Actualizar roles si se proporcionan + if (dto.roleIds !== undefined) { + await this.userRoleRepository.delete({ userId: id }); + if (dto.roleIds.length) { + await this.assignRoles(id, dto.roleIds, currentUser.tid, currentUser.sub); + } + } + + return this.findOne(id, currentUser.tid); + } + + async remove(id: string, currentUser: JwtPayload): Promise<{ message: string }> { + if (id === currentUser.sub) { + throw new BadRequestException('No puedes eliminarte a ti mismo'); + } + + const user = await this.userRepository.findOne({ + where: { id, tenantId: currentUser.tid }, + }); + + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + // Soft delete + user.deletedAt = new Date(); + user.deletedBy = currentUser.sub; + user.isActive = false; + user.status = UserStatus.INACTIVE; + + await this.userRepository.save(user); + + return { message: 'Usuario eliminado exitosamente' }; + } + + async activate(id: string, currentUser: JwtPayload): Promise { + const user = await this.userRepository.findOne({ + where: { id, tenantId: currentUser.tid }, + }); + + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + user.status = UserStatus.ACTIVE; + user.isActive = true; + user.updatedBy = currentUser.sub; + + await this.userRepository.save(user); + + return this.toResponseDto(user); + } + + async deactivate(id: string, currentUser: JwtPayload): Promise { + if (id === currentUser.sub) { + throw new BadRequestException('No puedes desactivarte a ti mismo'); + } + + const user = await this.userRepository.findOne({ + where: { id, tenantId: currentUser.tid }, + }); + + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + user.status = UserStatus.INACTIVE; + user.isActive = false; + user.updatedBy = currentUser.sub; + + await this.userRepository.save(user); + + return this.toResponseDto(user); + } + + private async assignRoles( + userId: string, + roleIds: string[], + tenantId: string, + createdBy: string, + ): Promise { + const userRoles = roleIds.map((roleId) => ({ + userId, + roleId, + tenantId, + createdBy, + })); + + await this.userRoleRepository.save(userRoles); + } + + private toResponseDto(user: User): UserResponseDto { + return { + id: user.id, + email: user.email, + firstName: user.firstName, + lastName: user.lastName, + fullName: `${user.firstName} ${user.lastName}`, + phone: user.phone, + avatarUrl: user.avatarUrl, + avatarThumbnailUrl: user.avatarThumbnailUrl, + status: user.status, + isActive: user.isActive, + emailVerifiedAt: user.emailVerifiedAt, + lastLoginAt: user.lastLoginAt, + createdAt: user.createdAt, + updatedAt: user.updatedAt, + roles: user.userRoles?.map((ur) => ({ + id: ur.role.id, + name: ur.role.name, + })), + }; + } +} +``` + +### AvatarService + +```typescript +// services/avatar.service.ts +@Injectable() +export class AvatarService { + constructor( + @InjectRepository(User) + private readonly userRepository: Repository, + @InjectRepository(UserAvatar) + private readonly avatarRepository: Repository, + private readonly storageService: StorageService, + ) {} + + async upload(userId: string, file: Express.Multer.File): Promise { + // Validar archivo + this.validateFile(file); + + const user = await this.userRepository.findOne({ where: { id: userId } }); + if (!user) { + throw new NotFoundException('Usuario no encontrado'); + } + + const timestamp = Date.now(); + const basePath = `avatars/${userId}`; + + // Procesar imagenes + const mainBuffer = await sharp(file.buffer) + .resize(200, 200, { fit: 'cover' }) + .jpeg({ quality: 85 }) + .toBuffer(); + + const thumbBuffer = await sharp(file.buffer) + .resize(50, 50, { fit: 'cover' }) + .jpeg({ quality: 80 }) + .toBuffer(); + + // Subir a storage + const originalUrl = await this.storageService.upload( + `${basePath}/${timestamp}-original.${this.getExtension(file.mimetype)}`, + file.buffer, + ); + const mainUrl = await this.storageService.upload( + `${basePath}/${timestamp}-200.jpg`, + mainBuffer, + ); + const thumbUrl = await this.storageService.upload( + `${basePath}/${timestamp}-50.jpg`, + thumbBuffer, + ); + + // Marcar avatares anteriores como no actuales + await this.avatarRepository.update( + { userId, isCurrent: true }, + { isCurrent: false }, + ); + + // Guardar registro + await this.avatarRepository.save({ + userId, + tenantId: user.tenantId, + originalUrl, + mainUrl, + thumbnailUrl: thumbUrl, + mimeType: file.mimetype, + fileSize: file.size, + isCurrent: true, + }); + + // Actualizar usuario + await this.userRepository.update(userId, { + avatarUrl: mainUrl, + avatarThumbnailUrl: thumbUrl, + }); + + return { avatarUrl: mainUrl, avatarThumbnailUrl: thumbUrl }; + } + + async delete(userId: string): Promise { + await this.avatarRepository.update( + { userId, isCurrent: true }, + { isCurrent: false }, + ); + + await this.userRepository.update(userId, { + avatarUrl: null, + avatarThumbnailUrl: null, + }); + } + + private validateFile(file: Express.Multer.File): void { + const allowedMimeTypes = ['image/jpeg', 'image/png', 'image/webp']; + const maxSize = 10 * 1024 * 1024; // 10MB + + if (!allowedMimeTypes.includes(file.mimetype)) { + throw new BadRequestException('Formato de imagen no permitido'); + } + + if (file.size > maxSize) { + throw new BadRequestException('Imagen excede tamaño maximo (10MB)'); + } + } + + private getExtension(mimeType: string): string { + const map: Record = { + 'image/jpeg': 'jpg', + 'image/png': 'png', + 'image/webp': 'webp', + }; + return map[mimeType] || 'jpg'; + } +} +``` + +--- + +## Module Configuration + +```typescript +// users.module.ts +@Module({ + imports: [ + TypeOrmModule.forFeature([ + User, + UserPreference, + UserAvatar, + EmailChangeRequest, + UserActivationToken, + UserRole, + ]), + AuthModule, + RolesModule, + EmailModule, + StorageModule, + ], + controllers: [UsersController, ProfileController], + providers: [ + UsersService, + ProfileService, + AvatarService, + PreferencesService, + ActivationService, + ], + exports: [UsersService], +}) +export class UsersModule {} +``` + +--- + +## Manejo de Errores + +| Codigo | Constante | Descripcion | +|--------|-----------|-------------| +| USER001 | EMAIL_EXISTS | Email ya registrado | +| USER002 | USER_NOT_FOUND | Usuario no encontrado | +| USER003 | CANNOT_DELETE_SELF | No puede eliminarse a si mismo | +| USER004 | CANNOT_DEACTIVATE_SELF | No puede desactivarse a si mismo | +| USER005 | INVALID_FILE_TYPE | Tipo de archivo no permitido | +| USER006 | FILE_TOO_LARGE | Archivo excede limite | +| USER007 | PASSWORD_INCORRECT | Password actual incorrecto | +| USER008 | PASSWORD_MISMATCH | Passwords no coinciden | +| USER009 | PASSWORD_REUSED | Password ya usado anteriormente | +| USER010 | EMAIL_CHANGE_PENDING | Ya hay solicitud de cambio pendiente | +| USER011 | TOKEN_EXPIRED | Token expirado | +| USER012 | EMAIL_NOT_AVAILABLE | Nuevo email ya existe | + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Tech Lead | - | - | [ ] | +| Backend Lead | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/BACKLOG-MGN002.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/BACKLOG-MGN002.md new file mode 100644 index 0000000..a4e5267 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/BACKLOG-MGN002.md @@ -0,0 +1,138 @@ +# Backlog del Modulo MGN-002: Users + +## Resumen + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-002 | +| **Nombre** | Users - Gestion de Usuarios | +| **Total User Stories** | 4 | +| **Total Story Points** | 21 | +| **Estado** | En documentacion | +| **Fecha** | 2025-12-05 | + +--- + +## User Stories + +### Sprint 2 - Core Users (16 SP) + +| ID | Nombre | SP | Prioridad | Estado | +|----|--------|-----|-----------|--------| +| [US-MGN002-001](./US-MGN002-001.md) | CRUD de Usuarios (Admin) | 8 | P0 | Ready | +| [US-MGN002-002](./US-MGN002-002.md) | Perfil de Usuario | 5 | P1 | Ready | +| [US-MGN002-003](./US-MGN002-003.md) | Cambio de Password | 3 | P0 | Ready | + +### Sprint 3 - Personalization (5 SP) + +| ID | Nombre | SP | Prioridad | Estado | +|----|--------|-----|-----------|--------| +| [US-MGN002-004](./US-MGN002-004.md) | Preferencias de Usuario | 5 | P2 | Ready | + +--- + +## Stories Adicionales (No incluidas en scope inicial) + +| ID | Nombre | SP | Prioridad | Estado | +|----|--------|-----|-----------|--------| +| US-MGN002-005 | Cambio de Email | 5 | P1 | Backlog | +| US-MGN002-006 | Activacion de Cuenta | 3 | P0 | Backlog | +| US-MGN002-007 | Export de Usuarios (CSV) | 3 | P2 | Backlog | +| US-MGN002-008 | Import de Usuarios (CSV) | 5 | P2 | Backlog | + +--- + +## Roadmap Visual + +``` +Sprint 2 Sprint 3 +├─────────────────────────────────┼─────────────────────────────────┤ +│ US-001: CRUD Usuarios [8 SP] │ US-004: Preferencias [5 SP] │ +│ US-002: Perfil [5 SP] │ │ +│ US-003: Cambio Password [3 SP] │ │ +├─────────────────────────────────┼─────────────────────────────────┤ +│ Total: 16 SP │ Total: 5 SP │ +└─────────────────────────────────┴─────────────────────────────────┘ +``` + +--- + +## Dependencias entre Stories + +``` +RF-AUTH-001 (Login) ─────────────────────────────────────────┐ + │ │ + ▼ │ +US-MGN002-001 (CRUD Admin) ──────────────────────────────────┤ + │ │ + ├──────────────────────────────────────────┐ │ + │ │ │ + ▼ ▼ │ +US-MGN002-002 (Perfil) US-MGN002-003 (Pass) │ + │ │ + └───────────────────────┬──────────────────────────────┘ + │ + ▼ + US-MGN002-004 (Preferencias) +``` + +--- + +## Criterios de Aceptacion del Modulo + +### Funcionalidad + +- [ ] Admins pueden crear, listar, editar y eliminar usuarios +- [ ] Usuarios pueden ver y editar su propio perfil +- [ ] Usuarios pueden cambiar su password +- [ ] Usuarios pueden subir avatar +- [ ] Usuarios pueden configurar preferencias + +### Seguridad + +- [ ] Soft delete en lugar de hard delete +- [ ] Solo admins gestionan otros usuarios +- [ ] Password actual requerido para cambios sensibles +- [ ] Historial de passwords para evitar reuso +- [ ] RBAC en todos los endpoints admin + +### UX + +- [ ] Paginacion y filtros en listados +- [ ] Busqueda por nombre y email +- [ ] Avatar con resize automatico +- [ ] Preferencias aplicadas inmediatamente + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Database | 6 | +| Backend | 15 | +| Frontend | 16 | +| **Total** | **37** | + +> Nota: Esta estimacion corresponde a los 5 RFs completos, no solo las 4 US principales. + +--- + +## Definition of Done del Modulo + +- [ ] Todas las User Stories completadas +- [ ] Tests unitarios > 80% coverage +- [ ] Tests e2e pasando +- [ ] Documentacion Swagger completa +- [ ] Code review aprobado +- [ ] Security review aprobado +- [ ] Despliegue en staging exitoso +- [ ] UAT aprobado + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 US | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-001.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-001.md new file mode 100644 index 0000000..b446f8b --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-001.md @@ -0,0 +1,219 @@ +# US-MGN002-001: CRUD de Usuarios (Admin) + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN002-001 | +| **Modulo** | MGN-002 Users | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** administrador del sistema +**Quiero** poder crear, ver, editar y eliminar usuarios +**Para** gestionar el acceso de los empleados a la plataforma ERP + +--- + +## Criterios de Aceptacion + +### Escenario 1: Crear usuario exitosamente + +```gherkin +Given un administrador autenticado con permiso "users:create" +When crea un usuario con: + | email | nuevo@empresa.com | + | firstName | Juan | + | lastName | Perez | + | roleIds | [admin-role-id] | +Then el sistema crea el usuario con status "pending_activation" + And envia email de invitacion al usuario + And responde con status 201 + And el body contiene el usuario creado sin password +``` + +### Escenario 2: Listar usuarios con paginacion + +```gherkin +Given 50 usuarios en el tenant actual +When el admin solicita GET /api/v1/users?page=2&limit=10 +Then el sistema retorna usuarios 11-20 + And incluye meta con total, pages, hasNext, hasPrev +``` + +### Escenario 3: Buscar usuarios por texto + +```gherkin +Given usuarios con nombres "Juan", "Juana", "Pedro" +When el admin busca con search="juan" +Then el sistema retorna "Juan" y "Juana" + And no retorna "Pedro" +``` + +### Escenario 4: Soft delete de usuario + +```gherkin +Given un usuario activo con id "user-123" +When el admin elimina el usuario +Then el campo deleted_at se establece + And el campo deleted_by tiene el ID del admin + And el usuario no aparece en listados + And el usuario no puede hacer login +``` + +### Escenario 5: No puede eliminarse a si mismo + +```gherkin +Given un admin con id "admin-123" +When intenta eliminar su propio usuario +Then el sistema responde con status 400 + And el mensaje es "No puedes eliminarte a ti mismo" +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Usuarios [+ Nuevo Usuario] | ++------------------------------------------------------------------+ +| Buscar: [___________________] [Filtros ▼] | ++------------------------------------------------------------------+ +| ☐ | Avatar | Nombre | Email | Estado | Roles | +|---|--------|---------------|--------------------|---------|----- | +| ☐ | 👤 | Juan Perez | juan@empresa.com | Activo | Admin| +| ☐ | 👤 | Maria Lopez | maria@empresa.com | Activo | User | +| ☐ | 👤 | Pedro Garcia | pedro@empresa.com | Inactivo| User | ++------------------------------------------------------------------+ +| Mostrando 1-10 de 50 [< Anterior] [Siguiente >]| ++------------------------------------------------------------------+ + +Modal: Crear Usuario +┌──────────────────────────────────────────────────────────────────┐ +│ NUEVO USUARIO │ +├──────────────────────────────────────────────────────────────────┤ +│ Email* [_______________________________] │ +│ Nombre* [_______________________________] │ +│ Apellido* [_______________________________] │ +│ Telefono [_______________________________] │ +│ Roles [Select roles... ▼] │ +│ ☑ Admin ☐ Manager ☐ User │ +│ │ +│ [ Cancelar ] [ Crear Usuario ] │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Crear usuario +POST /api/v1/users +{ + "email": "nuevo@empresa.com", + "firstName": "Juan", + "lastName": "Perez", + "phone": "+521234567890", + "roleIds": ["role-uuid"] +} + +// Response 201 +{ + "id": "user-uuid", + "email": "nuevo@empresa.com", + "firstName": "Juan", + "lastName": "Perez", + "status": "pending_activation", + "isActive": false, + "createdAt": "2025-12-05T10:00:00Z", + "roles": [{ "id": "role-uuid", "name": "admin" }] +} + +// Listar usuarios +GET /api/v1/users?page=1&limit=20&search=juan&status=active&sortBy=createdAt&sortOrder=DESC + +// Response 200 +{ + "data": [...], + "meta": { + "total": 50, + "page": 1, + "limit": 20, + "totalPages": 3, + "hasNext": true, + "hasPrev": false + } +} +``` + +### Permisos Requeridos + +| Accion | Permiso | +|--------|---------| +| Crear | users:create | +| Listar | users:read | +| Ver detalle | users:read | +| Actualizar | users:update | +| Eliminar | users:delete | +| Activar/Desactivar | users:update | + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/users implementado +- [ ] Endpoint GET /api/v1/users con paginacion y filtros +- [ ] Endpoint GET /api/v1/users/:id +- [ ] Endpoint PATCH /api/v1/users/:id +- [ ] Endpoint DELETE /api/v1/users/:id (soft delete) +- [ ] Validaciones de permisos (RBAC) +- [ ] Email de invitacion enviado +- [ ] Frontend: UsersListPage con tabla +- [ ] Frontend: Modal crear/editar usuario +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Code review aprobado + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-AUTH-001 | Login para autenticacion | +| RF-ROLE-001 | Roles para asignacion | +| EmailService | Para enviar invitaciones | + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: CRUD endpoints | 6h | +| Backend: Paginacion y filtros | 3h | +| Backend: Tests | 3h | +| Frontend: UsersListPage | 4h | +| Frontend: UserForm modal | 3h | +| Frontend: Tests | 2h | +| **Total** | **21h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-002.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-002.md new file mode 100644 index 0000000..d880c16 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-002.md @@ -0,0 +1,225 @@ +# US-MGN002-002: Perfil de Usuario + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN002-002 | +| **Modulo** | MGN-002 Users | +| **Sprint** | Sprint 2 | +| **Prioridad** | P1 - Alta | +| **Story Points** | 5 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema +**Quiero** poder ver y editar mi informacion personal +**Para** mantener mis datos actualizados y personalizar mi experiencia + +--- + +## Criterios de Aceptacion + +### Escenario 1: Ver mi perfil + +```gherkin +Given un usuario autenticado +When accede a GET /api/v1/users/me +Then el sistema retorna su perfil completo + And incluye firstName, lastName, email, phone + And incluye avatarUrl, avatarThumbnailUrl + And incluye createdAt, lastLoginAt + And incluye sus roles asignados + And NO incluye passwordHash +``` + +### Escenario 2: Actualizar nombre + +```gherkin +Given un usuario autenticado con nombre "Juan" +When actualiza su nombre a "Carlos" +Then el sistema guarda el cambio + And responde con el perfil actualizado + And firstName es "Carlos" +``` + +### Escenario 3: Subir avatar + +```gherkin +Given un usuario autenticado + And una imagen JPG de 2MB +When sube la imagen como avatar +Then el sistema redimensiona a 200x200 px + And genera thumbnail de 50x50 px + And actualiza avatarUrl en su perfil + And responde con las URLs generadas +``` + +### Escenario 4: Avatar muy grande + +```gherkin +Given un usuario autenticado + And una imagen de 15MB +When intenta subir como avatar +Then el sistema responde con status 400 + And el mensaje es "Imagen excede tamaño maximo (10MB)" +``` + +### Escenario 5: Eliminar avatar + +```gherkin +Given un usuario con avatar +When elimina su avatar +Then avatarUrl se establece a null + And avatarThumbnailUrl se establece a null + And el avatar anterior se marca como no actual +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Mi Perfil | ++------------------------------------------------------------------+ +| | +| +-------+ | +| | | Juan Perez | +| | FOTO | juan@empresa.com | +| | | Admin, Manager | +| +-------+ | +| [Cambiar foto] | +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ INFORMACION PERSONAL │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ Nombre [Juan ] │ | +| │ Apellido [Perez ] │ | +| │ Telefono [+521234567890 ] │ | +| │ Email juan@empresa.com [Cambiar email] │ | +| │ │ | +| │ [ Cancelar ] [ Guardar Cambios ] │ | +| └─────────────────────────────────────────────────────────┘ | +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ SEGURIDAD │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ Contraseña •••••••• [Cambiar contraseña] │ | +| │ Ultimo login 05/12/2025 10:30 │ | +| │ Miembro desde 01/01/2025 │ | +| └─────────────────────────────────────────────────────────┘ | ++------------------------------------------------------------------+ + +Modal: Subir Avatar +┌──────────────────────────────────────────────────────────────────┐ +│ CAMBIAR FOTO │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ +------------------+ │ +│ | | Arrastra una imagen o │ +│ | [ + ] | [Selecciona archivo] │ +│ | | │ +│ +------------------+ Formatos: JPG, PNG, WebP │ +│ Tamaño max: 10MB │ +│ │ +│ [ Cancelar ] [ Subir ] │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Obtener perfil +GET /api/v1/users/me + +// Response 200 +{ + "id": "user-uuid", + "email": "juan@empresa.com", + "firstName": "Juan", + "lastName": "Perez", + "phone": "+521234567890", + "avatarUrl": "https://storage.../avatar-200.jpg", + "avatarThumbnailUrl": "https://storage.../avatar-50.jpg", + "status": "active", + "emailVerifiedAt": "2025-01-01T00:00:00Z", + "lastLoginAt": "2025-12-05T10:30:00Z", + "createdAt": "2025-01-01T00:00:00Z", + "roles": [{ "id": "...", "name": "admin" }] +} + +// Actualizar perfil +PATCH /api/v1/users/me +{ + "firstName": "Carlos", + "lastName": "Lopez", + "phone": "+521234567890" +} + +// Subir avatar +POST /api/v1/users/me/avatar +Content-Type: multipart/form-data +avatar: [file] + +// Response 200 +{ + "avatarUrl": "https://storage.../avatar-200.jpg", + "avatarThumbnailUrl": "https://storage.../avatar-50.jpg" +} +``` + +### Validaciones de Avatar + +| Validacion | Valor | +|------------|-------| +| Formatos | image/jpeg, image/png, image/webp | +| Tamaño max | 10MB | +| Resize main | 200x200 px | +| Resize thumb | 50x50 px | + +--- + +## Definicion de Done + +- [ ] Endpoint GET /api/v1/users/me +- [ ] Endpoint PATCH /api/v1/users/me +- [ ] Endpoint POST /api/v1/users/me/avatar +- [ ] Endpoint DELETE /api/v1/users/me/avatar +- [ ] Procesamiento de imagen con Sharp +- [ ] Upload a storage (S3/local) +- [ ] Frontend: ProfilePage +- [ ] Frontend: AvatarUploader component +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Profile endpoints | 3h | +| Backend: Avatar upload + resize | 4h | +| Backend: Tests | 2h | +| Frontend: ProfilePage | 4h | +| Frontend: AvatarUploader | 3h | +| Frontend: Tests | 2h | +| **Total** | **18h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-003.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-003.md new file mode 100644 index 0000000..5ce1d05 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-003.md @@ -0,0 +1,203 @@ +# US-MGN002-003: Cambio de Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN002-003 | +| **Modulo** | MGN-002 Users | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 3 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema +**Quiero** poder cambiar mi contraseña +**Para** mantener mi cuenta segura y cumplir con politicas de rotacion + +--- + +## Criterios de Aceptacion + +### Escenario 1: Cambio exitoso + +```gherkin +Given un usuario autenticado +When proporciona password actual correcto "OldPass123!" + And nuevo password "NewPass456!" cumple requisitos +Then el sistema actualiza el password + And guarda hash en password_history + And envia email de notificacion + And responde con status 200 +``` + +### Escenario 2: Password actual incorrecto + +```gherkin +Given un usuario autenticado +When proporciona password actual incorrecto +Then el sistema responde con status 400 + And el mensaje es "Password actual incorrecto" +``` + +### Escenario 3: Nuevo password no cumple requisitos + +```gherkin +Given un usuario autenticado +When el nuevo password es "abc123" +Then el sistema responde con status 400 + And lista los requisitos no cumplidos: + | Debe tener al menos 8 caracteres | + | Debe incluir una mayuscula | + | Debe incluir caracter especial | +``` + +### Escenario 4: Password reutilizado + +```gherkin +Given un usuario que uso "MiPass123!" hace 2 meses +When intenta cambiar a "MiPass123!" +Then el sistema responde con status 400 + And el mensaje es "No puedes usar un password que hayas usado anteriormente" +``` + +### Escenario 5: Cerrar otras sesiones + +```gherkin +Given un usuario con 3 sesiones activas +When cambia password con logoutOtherSessions=true +Then el sistema actualiza el password + And invalida las otras 2 sesiones + And la sesion actual permanece activa + And responde con sessionsInvalidated: 2 +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Cambiar Contraseña | ++------------------------------------------------------------------+ +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ CAMBIAR CONTRASEÑA │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ │ | +| │ Contraseña actual │ | +| │ [••••••••••••••••••• ] 👁 │ | +| │ │ | +| │ Nueva contraseña │ | +| │ [••••••••••••••••••• ] 👁 │ | +| │ [████████████░░░░░░░░] Fuerte │ | +| │ │ | +| │ ✓ Minimo 8 caracteres │ | +| │ ✓ Al menos una mayuscula │ | +| │ ✓ Al menos una minuscula │ | +| │ ✗ Al menos un numero │ | +| │ ✗ Al menos un caracter especial │ | +| │ │ | +| │ Confirmar nueva contraseña │ | +| │ [••••••••••••••••••• ] 👁 │ | +| │ │ | +| │ ☐ Cerrar sesion en otros dispositivos │ | +| │ │ | +| │ [ Cancelar ] [ Cambiar Contraseña ] │ | +| └─────────────────────────────────────────────────────────┘ | +| | ++------------------------------------------------------------------+ +``` + +--- + +## Notas Tecnicas + +### API Endpoint + +```typescript +POST /api/v1/users/me/password +{ + "currentPassword": "OldPass123!", + "newPassword": "NewPass456!", + "confirmPassword": "NewPass456!", + "logoutOtherSessions": true +} + +// Response 200 +{ + "message": "Password actualizado exitosamente", + "sessionsInvalidated": 2 +} + +// Response 400 - Password incorrecto +{ + "statusCode": 400, + "message": "Password actual incorrecto" +} + +// Response 400 - No cumple politica +{ + "statusCode": 400, + "message": "El password no cumple los requisitos", + "errors": [ + "Debe incluir al menos una mayuscula", + "Debe incluir al menos un caracter especial" + ] +} +``` + +### Politica de Password + +``` +- Minimo 8 caracteres +- Maximo 128 caracteres +- Al menos 1 mayuscula +- Al menos 1 minuscula +- Al menos 1 numero +- Al menos 1 caracter especial (!@#$%^&*) +- No puede contener el email +- No puede ser igual a los ultimos 5 +``` + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/users/me/password +- [ ] Validacion de password actual +- [ ] Validacion de politica de complejidad +- [ ] Verificacion contra historial (5 anteriores) +- [ ] Opcion de cerrar otras sesiones +- [ ] Email de notificacion enviado +- [ ] Frontend: ChangePasswordForm +- [ ] Frontend: PasswordStrengthIndicator +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Endpoint | 2h | +| Backend: Validaciones | 2h | +| Backend: Tests | 1h | +| Frontend: Form + indicator | 3h | +| Frontend: Tests | 1h | +| **Total** | **9h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-004.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-004.md new file mode 100644 index 0000000..3408e03 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-004.md @@ -0,0 +1,222 @@ +# US-MGN002-004: Preferencias de Usuario + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN002-004 | +| **Modulo** | MGN-002 Users | +| **Sprint** | Sprint 3 | +| **Prioridad** | P2 - Media | +| **Story Points** | 5 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema +**Quiero** poder configurar mis preferencias personales +**Para** personalizar mi experiencia en la plataforma + +--- + +## Criterios de Aceptacion + +### Escenario 1: Obtener preferencias + +```gherkin +Given un usuario autenticado +When accede a GET /api/v1/users/me/preferences +Then el sistema retorna sus preferencias + And si no tiene preferencias, retorna defaults del tenant +``` + +### Escenario 2: Cambiar idioma + +```gherkin +Given un usuario con idioma "es" +When cambia a idioma "en" +Then el sistema guarda la preferencia + And la interfaz cambia a ingles inmediatamente +``` + +### Escenario 3: Cambiar tema + +```gherkin +Given un usuario con tema "light" +When activa tema "dark" +Then la interfaz cambia a colores oscuros + And la preferencia persiste entre sesiones +``` + +### Escenario 4: Configurar notificaciones + +```gherkin +Given un usuario con notificaciones de marketing activas +When desactiva notificaciones de marketing +Then deja de recibir ese tipo de emails + And mantiene otras notificaciones activas +``` + +### Escenario 5: Reset preferencias + +```gherkin +Given un usuario con preferencias personalizadas +When ejecuta reset de preferencias +Then todas sus preferencias vuelven a defaults del tenant +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Preferencias | ++------------------------------------------------------------------+ +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ IDIOMA Y REGION │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ Idioma [Español ▼] │ | +| │ Zona horaria [America/Mexico_City ▼] │ | +| │ Formato fecha [DD/MM/YYYY ▼] │ | +| │ Formato hora [24 horas ▼] │ | +| │ Moneda [MXN - Peso Mexicano ▼] │ | +| └─────────────────────────────────────────────────────────┘ | +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ APARIENCIA │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ Tema [☀️ Claro] [🌙 Oscuro] [💻 Sistema] │ | +| │ Tamaño fuente [Pequeño] [Mediano] [Grande] │ | +| │ ☐ Modo compacto │ | +| │ ☐ Sidebar colapsado por defecto │ | +| └─────────────────────────────────────────────────────────┘ | +| | +| ┌─────────────────────────────────────────────────────────┐ | +| │ NOTIFICACIONES │ | +| ├─────────────────────────────────────────────────────────┤ | +| │ Email │ | +| │ ☑ Habilitado Frecuencia: [Diario ▼] │ | +| │ ☑ Alertas de seguridad │ | +| │ ☑ Actualizaciones del sistema │ | +| │ ☐ Comunicaciones de marketing │ | +| │ │ | +| │ Push │ | +| │ ☑ Habilitado │ | +| │ ☑ Sonido de notificacion │ | +| │ │ | +| │ In-App │ | +| │ ☑ Habilitado │ | +| │ ☐ Notificaciones de escritorio │ | +| └─────────────────────────────────────────────────────────┘ | +| | +| [Restaurar valores predeterminados] [ Guardar Cambios ] | ++------------------------------------------------------------------+ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Obtener preferencias +GET /api/v1/users/me/preferences + +// Response 200 +{ + "language": "es", + "timezone": "America/Mexico_City", + "dateFormat": "DD/MM/YYYY", + "timeFormat": "24h", + "currency": "MXN", + "numberFormat": "es-MX", + "theme": "dark", + "sidebarCollapsed": false, + "compactMode": false, + "fontSize": "medium", + "notifications": { + "email": { + "enabled": true, + "digest": "daily", + "marketing": false, + "security": true, + "updates": true + }, + "push": { "enabled": true, "sound": true }, + "inApp": { "enabled": true, "desktop": false } + }, + "dashboard": { + "defaultView": "overview", + "widgets": ["sales", "inventory"] + } +} + +// Actualizar preferencias (parcial) +PATCH /api/v1/users/me/preferences +{ + "theme": "light", + "notifications": { + "email": { "marketing": false } + } +} + +// Reset preferencias +POST /api/v1/users/me/preferences/reset +``` + +### Aplicacion en Frontend + +```typescript +// Al cambiar tema +useEffect(() => { + document.documentElement.setAttribute('data-theme', preferences.theme); +}, [preferences.theme]); + +// Al cambiar idioma +useEffect(() => { + i18n.changeLanguage(preferences.language); +}, [preferences.language]); +``` + +--- + +## Definicion de Done + +- [ ] Endpoint GET /api/v1/users/me/preferences +- [ ] Endpoint PATCH /api/v1/users/me/preferences +- [ ] Endpoint POST /api/v1/users/me/preferences/reset +- [ ] Deep merge para actualizaciones parciales +- [ ] Frontend: PreferencesPage con todas las secciones +- [ ] Frontend: Aplicacion inmediata de cambios (tema, idioma) +- [ ] Frontend: PreferencesContext para estado global +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Endpoints | 3h | +| Backend: Deep merge logic | 1h | +| Backend: Tests | 2h | +| Frontend: PreferencesPage | 5h | +| Frontend: Theme/Language context | 3h | +| Frontend: Tests | 2h | +| **Total** | **16h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-005.md b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-005.md new file mode 100644 index 0000000..18cb1a6 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/historias-usuario/US-MGN002-005.md @@ -0,0 +1,286 @@ +# US-MGN002-005: Cambio de Email + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN002-005 | +| **Modulo** | MGN-002 Users | +| **Sprint** | Sprint 3 | +| **Prioridad** | P1 - Alta | +| **Story Points** | 6 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-06 | +| **RF Asociado** | RF-USER-003 | + +--- + +## Historia de Usuario + +**Como** usuario autenticado del sistema +**Quiero** poder cambiar mi direccion de email de forma segura +**Para** mantener mi cuenta actualizada y proteger el acceso a mi informacion + +--- + +## Descripcion + +El usuario necesita un proceso seguro para cambiar su email registrado. El sistema debe verificar la identidad del usuario con su password actual y validar la propiedad del nuevo email antes de aplicar el cambio. Esto protege contra cambios no autorizados. + +### Contexto + +- El email es el identificador principal de login +- Se usa para recuperacion de password y notificaciones +- Requiere doble verificacion por seguridad (password + email) +- Todas las sesiones se invalidan despues del cambio + +--- + +## Criterios de Aceptacion + +### Escenario 1: Solicitar cambio de email exitosamente + +```gherkin +Given un usuario autenticado con email "viejo@empresa.com" +When solicita cambiar a "nuevo@empresa.com" + And confirma con su password actual + And el nuevo email no esta registrado +Then el sistema genera token de verificacion + And envia email de verificacion a "nuevo@empresa.com" + And el email actual permanece sin cambios + And responde con status 200 + And el body contiene "expiresAt" con fecha +24h +``` + +### Escenario 2: Verificar nuevo email + +```gherkin +Given un usuario con solicitud de cambio pendiente + And un token de verificacion valido (< 24 horas) +When hace clic en enlace de verificacion +Then el sistema actualiza el email del usuario + And invalida todas las sesiones activas + And envia notificacion al email anterior + And redirige al login con mensaje de exito +``` + +### Escenario 3: Nuevo email ya registrado + +```gherkin +Given un email "existente@empresa.com" ya en uso +When un usuario intenta cambiar a ese email +Then el sistema responde con status 409 + And el mensaje es "Email no disponible" +``` + +### Escenario 4: Password incorrecto + +```gherkin +Given un usuario autenticado +When solicita cambio de email con password incorrecto +Then el sistema responde con status 400 + And el mensaje es "Password incorrecto" + And no se crea solicitud de cambio +``` + +### Escenario 5: Token de verificacion expirado + +```gherkin +Given un token de verificacion emitido hace mas de 24 horas +When el usuario intenta usarlo +Then el sistema responde con status 400 + And el mensaje es "Token expirado, solicita nuevo cambio" +``` + +### Escenario 6: Cancelar solicitud pendiente + +```gherkin +Given un usuario con cambio de email pendiente +When solicita un nuevo cambio +Then la solicitud anterior se invalida + And se crea nueva solicitud con nuevo token +``` + +--- + +## Mockup / Wireframe + +``` +Pagina: Mi Perfil - Seccion Email +┌──────────────────────────────────────────────────────────────────┐ +│ Email actual: juan@empresa.com │ +│ [Cambiar Email] │ +└──────────────────────────────────────────────────────────────────┘ + +Modal: Cambiar Email +┌──────────────────────────────────────────────────────────────────┐ +│ CAMBIAR EMAIL │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ Email actual juan@empresa.com (no editable) │ +│ │ +│ Nuevo email* [_______________________________] │ +│ │ +│ Confirmar password* [_______________________________] │ +│ │ +│ ⚠️ Se enviara un link de verificacion al nuevo email. │ +│ Tu email no cambiara hasta que verifiques el enlace. │ +│ Todas tus sesiones seran cerradas despues del cambio. │ +│ │ +│ [ Cancelar ] [ Enviar Verificacion ] │ +└──────────────────────────────────────────────────────────────────┘ + +Pagina: Verificacion Exitosa +┌──────────────────────────────────────────────────────────────────┐ +│ │ +│ ✅ Email Actualizado │ +│ │ +│ Tu email ha sido cambiado a: nuevo@empresa.com │ +│ │ +│ Por seguridad, todas tus sesiones han sido cerradas. │ +│ │ +│ [ Ir al Login ] │ +│ │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Solicitar cambio de email +POST /api/v1/users/me/email/request-change +{ + "newEmail": "nuevo@empresa.com", + "currentPassword": "MiPasswordActual123!" +} + +// Response 200 +{ + "message": "Se ha enviado un email de verificacion a nuevo@empresa.com", + "expiresAt": "2025-12-07T10:30:00Z" +} + +// Response 400 - Password incorrecto +{ + "statusCode": 400, + "message": "Password incorrecto" +} + +// Response 409 - Email existe +{ + "statusCode": 409, + "message": "Email no disponible" +} + +// Verificar cambio de email +GET /api/v1/users/email/verify-change?token=abc123... + +// Response 200 (redirect) +// Redirect to: /login?emailChanged=true + +// Response 400 - Token invalido +{ + "statusCode": 400, + "message": "Token invalido o expirado" +} +``` + +### Permisos Requeridos + +| Accion | Permiso | +|--------|---------| +| Solicitar cambio | Autenticado (propio email) | +| Verificar cambio | Token valido | + +### Schema de Base de Datos + +```sql +CREATE TABLE core_users.email_change_requests ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES core_users.users(id), + tenant_id UUID NOT NULL REFERENCES core_tenants.tenants(id), + current_email VARCHAR(255) NOT NULL, + new_email VARCHAR(255) NOT NULL, + token_hash VARCHAR(255) NOT NULL, + expires_at TIMESTAMPTZ NOT NULL, + completed_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + + CONSTRAINT uq_pending_email_change UNIQUE (user_id, completed_at) + WHERE completed_at IS NULL +); + +CREATE INDEX idx_email_change_user ON core_users.email_change_requests(user_id); +CREATE INDEX idx_email_change_token ON core_users.email_change_requests(token_hash); +``` + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/users/me/email/request-change implementado +- [ ] Endpoint GET /api/v1/users/email/verify-change implementado +- [ ] Tabla email_change_requests creada con RLS +- [ ] Validacion de password actual +- [ ] Validacion de email unico en tenant +- [ ] Generacion de token seguro (32 bytes hex) +- [ ] Envio de email de verificacion +- [ ] Envio de notificacion al email anterior +- [ ] Invalidacion de sesiones post-cambio +- [ ] Frontend: ChangeEmailForm integrado en perfil +- [ ] Frontend: Pagina de verificacion exitosa +- [ ] Tests unitarios (>80% coverage) +- [ ] Tests e2e pasando +- [ ] Code review aprobado + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-USER-001 | CRUD Usuarios (tabla users) | +| RF-AUTH-001 | Login para autenticacion | +| RF-AUTH-004 | Logout para invalidar sesiones | +| EmailService | Para enviar verificacion | + +--- + +## Estimacion + +| Tarea | Story Points | +|-------|--------------| +| Database: Tabla email_change_requests | 1 | +| Backend: Endpoint request-change | 1.5 | +| Backend: Endpoint verify-change | 1.5 | +| Backend: Tests | 1 | +| Frontend: ChangeEmailForm | 0.5 | +| Frontend: Pagina verificacion | 0.5 | +| **Total** | **6** | + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Requiere password actual | Verificacion bcrypt | +| RN-002 | Nuevo email unico en tenant | UNIQUE constraint | +| RN-003 | Token expira en 24 horas | expires_at check | +| RN-004 | Una solicitud activa a la vez | Invalidar anteriores | +| RN-005 | Notificar email anterior | Email de seguridad | +| RN-006 | Logout-all post-cambio | Revocar tokens | +| RN-007 | Formato email valido | Regex validation | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-06 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-002-users/implementacion/TRACEABILITY.yml b/docs/01-fase-foundation/MGN-002-users/implementacion/TRACEABILITY.yml new file mode 100644 index 0000000..fb4389f --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/implementacion/TRACEABILITY.yml @@ -0,0 +1,513 @@ +# TRACEABILITY.yml - MGN-002: Usuarios +# Matriz de trazabilidad: Documentacion -> Codigo +# Ubicacion: docs/01-fase-foundation/MGN-002-users/implementacion/ + +epic_code: MGN-002 +epic_name: Usuarios +phase: 1 +phase_name: Foundation +story_points: 35 +status: documented + +# ============================================================================= +# DOCUMENTACION +# ============================================================================= + +documentation: + + requirements: + - id: RF-USER-001 + file: ../requerimientos/RF-USER-001.md + title: CRUD de Usuarios + priority: P0 + status: migrated + description: | + Crear, leer, actualizar y eliminar usuarios del sistema. + Incluye soft delete para mantener trazabilidad. + + - id: RF-USER-002 + file: ../requerimientos/RF-USER-002.md + title: Perfil de Usuario + priority: P0 + status: migrated + description: | + Gestion de perfil extendido: bio, empresa, cargo, + direccion, links sociales. + + - id: RF-USER-003 + file: ../requerimientos/RF-USER-003.md + title: Cambio de Email + priority: P1 + status: migrated + description: | + Proceso seguro para cambiar email del usuario. + Requiere verificacion del nuevo email antes del cambio. + + - id: RF-USER-004 + file: ../requerimientos/RF-USER-004.md + title: Cambio de Password + priority: P1 + status: migrated + description: | + Permitir al usuario cambiar su password. + Requiere confirmacion del password actual. + + - id: RF-USER-005 + file: ../requerimientos/RF-USER-005.md + title: Preferencias de Usuario + priority: P1 + status: migrated + description: | + Personalizacion: tema, idioma, formato fecha, + configuracion de notificaciones. + + requirements_index: + file: ../requerimientos/INDICE-RF-USER.md + status: migrated + + specifications: + - id: ET-USERS-001 + file: ../especificaciones/ET-users-backend.md + title: Backend Users + rf: [RF-USER-001, RF-USER-002, RF-USER-003, RF-USER-004, RF-USER-005] + status: migrated + + - id: ET-USERS-002 + file: ../especificaciones/ET-USER-database.md + title: Database Users + rf: [RF-USER-001, RF-USER-002, RF-USER-003] + status: migrated + + user_stories: + - id: US-MGN002-001 + file: ../historias-usuario/US-MGN002-001.md + title: Crear Usuario + rf: [RF-USER-001] + story_points: 5 + status: migrated + + - id: US-MGN002-002 + file: ../historias-usuario/US-MGN002-002.md + title: Editar Usuario + rf: [RF-USER-001] + story_points: 3 + status: migrated + + - id: US-MGN002-003 + file: ../historias-usuario/US-MGN002-003.md + title: Gestionar Perfil + rf: [RF-USER-002] + story_points: 5 + status: migrated + + - id: US-MGN002-004 + file: ../historias-usuario/US-MGN002-004.md + title: Configurar Preferencias + rf: [RF-USER-005] + story_points: 3 + status: migrated + + - id: US-MGN002-005 + file: ../historias-usuario/US-MGN002-005.md + title: Cambio de Email + rf: [RF-USER-003] + story_points: 6 + status: ready + + backlog: + file: ../historias-usuario/BACKLOG-MGN002.md + status: migrated + +# ============================================================================= +# IMPLEMENTACION +# ============================================================================= + +implementation: + + database: + schema: core_users + path: apps/database/ddl/schemas/core_users/ + + tables: + - name: users + file: apps/database/ddl/schemas/core_users/tables/users.sql + rf: RF-USERS-001 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: tenant_id, type: UUID, fk: tenants} + - {name: first_name, type: VARCHAR(100)} + - {name: last_name, type: VARCHAR(100)} + - {name: display_name, type: VARCHAR(200)} + - {name: avatar_url, type: TEXT} + - {name: phone, type: VARCHAR(20)} + - {name: timezone, type: VARCHAR(50)} + - {name: locale, type: VARCHAR(10)} + - {name: is_active, type: BOOLEAN} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + - {name: deleted_at, type: TIMESTAMPTZ} + indexes: + - idx_users_tenant + - idx_users_name_search + rls_policies: + - tenant_isolation + + - name: user_profiles + file: apps/database/ddl/schemas/core_users/tables/user_profiles.sql + rf: RF-USERS-002 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users, unique: true} + - {name: bio, type: TEXT} + - {name: company, type: VARCHAR(200)} + - {name: job_title, type: VARCHAR(100)} + - {name: address, type: JSONB} + - {name: social_links, type: JSONB} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + + - name: user_preferences + file: apps/database/ddl/schemas/core_users/tables/user_preferences.sql + rf: RF-USERS-003 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: user_id, type: UUID, fk: users, unique: true} + - {name: theme, type: VARCHAR(20)} + - {name: notifications_email, type: BOOLEAN} + - {name: notifications_push, type: BOOLEAN} + - {name: language, type: VARCHAR(10)} + - {name: date_format, type: VARCHAR(20)} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + + backend: + module: users + path: apps/backend/src/modules/users/ + framework: NestJS + + entities: + - name: User + file: apps/backend/src/modules/users/entities/user.entity.ts + rf: RF-USERS-001 + status: pending + table: users + + - name: UserProfile + file: apps/backend/src/modules/users/entities/user-profile.entity.ts + rf: RF-USERS-002 + status: pending + table: user_profiles + + - name: UserPreferences + file: apps/backend/src/modules/users/entities/user-preferences.entity.ts + rf: RF-USERS-003 + status: pending + table: user_preferences + + services: + - name: UsersService + file: apps/backend/src/modules/users/users.service.ts + rf: [RF-USERS-001, RF-USERS-004, RF-USERS-005] + status: pending + methods: + - {name: create, rf: RF-USERS-001} + - {name: findAll, rf: RF-USERS-001} + - {name: findOne, rf: RF-USERS-001} + - {name: update, rf: RF-USERS-001} + - {name: remove, rf: RF-USERS-001} + - {name: activate, rf: RF-USERS-004} + - {name: deactivate, rf: RF-USERS-004} + - {name: search, rf: RF-USERS-005} + + - name: ProfileService + file: apps/backend/src/modules/users/profile.service.ts + rf: [RF-USERS-002] + status: pending + methods: + - {name: getProfile, rf: RF-USERS-002} + - {name: updateProfile, rf: RF-USERS-002} + - {name: uploadAvatar, rf: RF-USERS-002} + + - name: PreferencesService + file: apps/backend/src/modules/users/preferences.service.ts + rf: [RF-USERS-003] + status: pending + methods: + - {name: getPreferences, rf: RF-USERS-003} + - {name: updatePreferences, rf: RF-USERS-003} + + controllers: + - name: UsersController + file: apps/backend/src/modules/users/users.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/users + rf: RF-USERS-001 + description: Listar usuarios con paginacion + + - method: GET + path: /api/v1/users/:id + rf: RF-USERS-001 + description: Obtener usuario por ID + + - method: POST + path: /api/v1/users + rf: RF-USERS-001 + description: Crear nuevo usuario + + - method: PATCH + path: /api/v1/users/:id + rf: RF-USERS-001 + description: Actualizar usuario + + - method: DELETE + path: /api/v1/users/:id + rf: RF-USERS-001 + description: Soft delete usuario + + - method: GET + path: /api/v1/users/:id/profile + rf: RF-USERS-002 + description: Obtener perfil + + - method: PATCH + path: /api/v1/users/:id/profile + rf: RF-USERS-002 + description: Actualizar perfil + + - method: POST + path: /api/v1/users/:id/avatar + rf: RF-USERS-002 + description: Subir avatar + + - method: GET + path: /api/v1/users/:id/preferences + rf: RF-USERS-003 + description: Obtener preferencias + + - method: PATCH + path: /api/v1/users/:id/preferences + rf: RF-USERS-003 + description: Actualizar preferencias + + - method: POST + path: /api/v1/users/:id/activate + rf: RF-USERS-004 + description: Activar usuario + + - method: POST + path: /api/v1/users/:id/deactivate + rf: RF-USERS-004 + description: Desactivar usuario + + - method: GET + path: /api/v1/users/search + rf: RF-USERS-005 + description: Buscar usuarios + + dtos: + - name: CreateUserDto + file: apps/backend/src/modules/users/dto/create-user.dto.ts + rf: RF-USERS-001 + status: pending + + - name: UpdateUserDto + file: apps/backend/src/modules/users/dto/update-user.dto.ts + rf: RF-USERS-001 + status: pending + + - name: UserFilterDto + file: apps/backend/src/modules/users/dto/user-filter.dto.ts + rf: RF-USERS-005 + status: pending + + - name: UpdateProfileDto + file: apps/backend/src/modules/users/dto/update-profile.dto.ts + rf: RF-USERS-002 + status: pending + + - name: UpdatePreferencesDto + file: apps/backend/src/modules/users/dto/update-preferences.dto.ts + rf: RF-USERS-003 + status: pending + + frontend: + feature: users + path: apps/frontend/src/features/users/ + framework: React + + pages: + - name: UsersPage + file: apps/frontend/src/features/users/pages/UsersPage.tsx + rf: RF-USERS-001 + status: pending + route: /users + + - name: UserDetailPage + file: apps/frontend/src/features/users/pages/UserDetailPage.tsx + rf: RF-USERS-001 + status: pending + route: /users/:id + + - name: ProfilePage + file: apps/frontend/src/features/users/pages/ProfilePage.tsx + rf: RF-USERS-002 + status: pending + route: /profile + + - name: PreferencesPage + file: apps/frontend/src/features/users/pages/PreferencesPage.tsx + rf: RF-USERS-003 + status: pending + route: /settings/preferences + + components: + - name: UserTable + file: apps/frontend/src/features/users/components/UserTable.tsx + rf: RF-USERS-001 + status: pending + + - name: UserForm + file: apps/frontend/src/features/users/components/UserForm.tsx + rf: RF-USERS-001 + status: pending + + - name: ProfileForm + file: apps/frontend/src/features/users/components/ProfileForm.tsx + rf: RF-USERS-002 + status: pending + + - name: AvatarUpload + file: apps/frontend/src/features/users/components/AvatarUpload.tsx + rf: RF-USERS-002 + status: pending + + - name: PreferencesForm + file: apps/frontend/src/features/users/components/PreferencesForm.tsx + rf: RF-USERS-003 + status: pending + + - name: UserSearchInput + file: apps/frontend/src/features/users/components/UserSearchInput.tsx + rf: RF-USERS-005 + status: pending + + stores: + - name: usersStore + file: apps/frontend/src/features/users/stores/usersStore.ts + rf: [RF-USERS-001, RF-USERS-005] + status: pending + state: + - {name: users, type: "User[]"} + - {name: selectedUser, type: "User | null"} + - {name: isLoading, type: boolean} + - {name: pagination, type: PaginationState} + actions: + - fetchUsers + - createUser + - updateUser + - deleteUser + - searchUsers + + api: + - name: usersApi + file: apps/frontend/src/features/users/api/usersApi.ts + status: pending + methods: + - {name: getUsers, endpoint: "GET /users"} + - {name: getUser, endpoint: "GET /users/:id"} + - {name: createUser, endpoint: "POST /users"} + - {name: updateUser, endpoint: "PATCH /users/:id"} + - {name: deleteUser, endpoint: "DELETE /users/:id"} + - {name: getProfile, endpoint: "GET /users/:id/profile"} + - {name: updateProfile, endpoint: "PATCH /users/:id/profile"} + - {name: getPreferences, endpoint: "GET /users/:id/preferences"} + - {name: updatePreferences, endpoint: "PATCH /users/:id/preferences"} + - {name: searchUsers, endpoint: "GET /users/search"} + +# ============================================================================= +# DEPENDENCIAS +# ============================================================================= + +dependencies: + depends_on: + - module: MGN-001 + type: hard + reason: Usuarios requieren autenticacion + + required_by: + - module: MGN-003 + type: hard + reason: Roles se asignan a usuarios + - module: MGN-004 + type: hard + reason: Usuarios pertenecen a tenants + - module: MGN-011 + type: soft + reason: HR extiende usuarios como empleados + - module: MGN-019 + type: soft + reason: Audit registra acciones de usuarios + +# ============================================================================= +# TESTS +# ============================================================================= + +tests: + unit: + - name: UsersService.spec.ts + file: apps/backend/src/modules/users/__tests__/users.service.spec.ts + status: pending + cases: 15 + rf: [RF-USERS-001, RF-USERS-004, RF-USERS-005] + + - name: ProfileService.spec.ts + file: apps/backend/src/modules/users/__tests__/profile.service.spec.ts + status: pending + cases: 6 + rf: [RF-USERS-002] + + integration: + - name: users.controller.e2e.spec.ts + file: apps/backend/test/users/users.controller.e2e.spec.ts + status: pending + cases: 14 + + frontend: + - name: UserForm.test.tsx + file: apps/frontend/src/features/users/__tests__/UserForm.test.tsx + status: pending + cases: 6 + + coverage: + target: 80% + current: 0% + +# ============================================================================= +# METRICAS +# ============================================================================= + +metrics: + story_points: + estimated: 35 + actual: null + + files: + database: 4 + backend: 15 + frontend: 12 + tests: 6 + total: 37 + +# ============================================================================= +# HISTORIAL +# ============================================================================= + +history: + - date: "2025-12-05" + action: "Creacion de TRACEABILITY.yml" + author: Requirements-Analyst diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/INDICE-RF-USER.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/INDICE-RF-USER.md new file mode 100644 index 0000000..085d686 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/INDICE-RF-USER.md @@ -0,0 +1,260 @@ +# Indice de Requerimientos Funcionales - MGN-002 Users + +## Resumen del Modulo + +| Campo | Valor | +|-------|-------| +| **Codigo** | MGN-002 | +| **Nombre** | Users - Gestion de Usuarios | +| **Prioridad** | P0 - Critica | +| **Total RFs** | 5 | +| **Estado** | En documentacion | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +El modulo de usuarios gestiona el ciclo de vida completo de los usuarios del sistema, incluyendo: + +- **CRUD de Usuarios**: Crear, listar, actualizar y eliminar usuarios (admin) +- **Perfil Personal**: Cada usuario gestiona su propia informacion +- **Cambio de Email**: Proceso seguro con verificacion +- **Cambio de Password**: Autoservicio con validaciones +- **Preferencias**: Personalizacion de la experiencia + +--- + +## Lista de Requerimientos Funcionales + +| ID | Nombre | Prioridad | Complejidad | Estado | Story Points | +|----|--------|-----------|-------------|--------|--------------| +| [RF-USER-001](./RF-USER-001.md) | CRUD de Usuarios | P0 | Media | Aprobado | 13 | +| [RF-USER-002](./RF-USER-002.md) | Perfil de Usuario | P1 | Baja | Aprobado | 7 | +| [RF-USER-003](./RF-USER-003.md) | Cambio de Email | P1 | Media | Aprobado | 6 | +| [RF-USER-004](./RF-USER-004.md) | Cambio de Password | P0 | Baja | Aprobado | 4 | +| [RF-USER-005](./RF-USER-005.md) | Preferencias de Usuario | P2 | Baja | Aprobado | 7 | + +**Total Story Points:** 37 + +--- + +## Grafo de Dependencias + +``` +RF-AUTH-001 (Login) + │ + ▼ +RF-USER-001 (CRUD Usuarios) ─────────────────────────┐ + │ │ + ├──────────────────┬──────────────────┐ │ + │ │ │ │ + ▼ ▼ ▼ │ +RF-USER-002 RF-USER-003 RF-USER-004 │ +(Perfil) (Cambio Email) (Cambio Pass) │ + │ │ │ + └────────┬─────────┘ │ + │ │ + ▼ │ + RF-USER-005 ◄───────────────────────────────┘ + (Preferencias) +``` + +### Orden de Implementacion Recomendado + +1. **RF-USER-001** - CRUD de usuarios (base) +2. **RF-USER-004** - Cambio de password (seguridad basica) +3. **RF-USER-002** - Perfil de usuario (autoservicio) +4. **RF-USER-003** - Cambio de email (proceso complejo) +5. **RF-USER-005** - Preferencias (personalizacion) + +--- + +## Endpoints del Modulo + +### Gestion de Usuarios (Admin) + +| Metodo | Endpoint | RF | Descripcion | Permisos | +|--------|----------|-----|-------------|----------| +| POST | `/api/v1/users` | RF-USER-001 | Crear usuario | users:create | +| GET | `/api/v1/users` | RF-USER-001 | Listar usuarios | users:read | +| GET | `/api/v1/users/:id` | RF-USER-001 | Obtener usuario | users:read | +| PATCH | `/api/v1/users/:id` | RF-USER-001 | Actualizar usuario | users:update | +| DELETE | `/api/v1/users/:id` | RF-USER-001 | Eliminar usuario | users:delete | +| POST | `/api/v1/users/:id/activate` | RF-USER-001 | Activar usuario | users:update | +| POST | `/api/v1/users/:id/deactivate` | RF-USER-001 | Desactivar usuario | users:update | + +### Perfil Personal (Self-service) + +| Metodo | Endpoint | RF | Descripcion | +|--------|----------|-----|-------------| +| GET | `/api/v1/users/me` | RF-USER-002 | Obtener mi perfil | +| PATCH | `/api/v1/users/me` | RF-USER-002 | Actualizar mi perfil | +| POST | `/api/v1/users/me/avatar` | RF-USER-002 | Subir avatar | +| DELETE | `/api/v1/users/me/avatar` | RF-USER-002 | Eliminar avatar | +| POST | `/api/v1/users/me/email/request-change` | RF-USER-003 | Solicitar cambio email | +| GET | `/api/v1/users/email/verify-change` | RF-USER-003 | Verificar cambio email | +| POST | `/api/v1/users/me/password` | RF-USER-004 | Cambiar password | +| GET | `/api/v1/users/me/preferences` | RF-USER-005 | Obtener preferencias | +| PATCH | `/api/v1/users/me/preferences` | RF-USER-005 | Actualizar preferencias | +| POST | `/api/v1/users/me/preferences/reset` | RF-USER-005 | Reset preferencias | + +--- + +## Tablas de Base de Datos + +| Tabla | Schema | RF | Descripcion | +|-------|--------|-----|-------------| +| `users` | core_users | RF-USER-001 | Tabla principal de usuarios | +| `user_avatars` | core_users | RF-USER-002 | Historial de avatares | +| `email_change_requests` | core_users | RF-USER-003 | Solicitudes de cambio email | +| `password_history` | core_auth | RF-USER-004 | Historial de passwords | +| `user_preferences` | core_users | RF-USER-005 | Preferencias por usuario | + +--- + +## Modelo de Datos Principal + +```mermaid +erDiagram + users ||--o| user_preferences : "has" + users ||--o{ user_avatars : "has" + users ||--o{ email_change_requests : "requests" + users ||--o{ password_history : "has" + users }o--|| tenants : "belongs to" + + users { + uuid id PK + uuid tenant_id FK + varchar email + varchar password_hash + varchar first_name + varchar last_name + varchar phone + varchar avatar_url + enum status + boolean is_active + timestamptz email_verified_at + timestamptz last_login_at + integer failed_login_attempts + timestamptz locked_until + jsonb metadata + timestamptz created_at + uuid created_by + timestamptz updated_at + uuid updated_by + timestamptz deleted_at + uuid deleted_by + } + + user_preferences { + uuid id PK + uuid user_id FK + uuid tenant_id FK + varchar language + varchar timezone + varchar date_format + varchar time_format + varchar theme + jsonb notifications + jsonb dashboard + timestamptz updated_at + } +``` + +--- + +## Estados de Usuario + +| Estado | Descripcion | Puede Login | +|--------|-------------|-------------| +| `pending_activation` | Recien creado, esperando activacion | No | +| `active` | Usuario activo y funcional | Si | +| `inactive` | Desactivado por admin | No | +| `locked` | Bloqueado por intentos fallidos | No | +| `deleted` | Soft deleted | No | + +--- + +## Criterios de Aceptacion Consolidados + +### Seguridad + +- [ ] Soft delete en lugar de hard delete +- [ ] Solo admins gestionan otros usuarios +- [ ] Email verificado antes de cambio efectivo +- [ ] Password actual requerido para cambios sensibles +- [ ] Historial de passwords para evitar reuso +- [ ] Rate limiting en operaciones sensibles + +### Funcionalidad + +- [ ] CRUD completo con paginacion y filtros +- [ ] Perfil autoservicio funcional +- [ ] Avatar upload con resize automatico +- [ ] Cambio de email con doble verificacion +- [ ] Cambio de password con politica de complejidad +- [ ] Preferencias persistentes y aplicadas + +### Auditoria + +- [ ] created_by/updated_by en todas las operaciones +- [ ] deleted_by en soft deletes +- [ ] Historial de cambios de email +- [ ] Historial de passwords + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Database | 6 | +| Backend | 15 | +| Frontend | 16 | +| **Total** | **37** | + +--- + +## Riesgos Identificados + +| Riesgo | Probabilidad | Impacto | Mitigacion | +|--------|--------------|---------|------------| +| Spam de cambio de email | Media | Bajo | Rate limiting 3/dia | +| Storage de avatares lleno | Baja | Medio | Cleanup job, limites | +| Performance en listados | Media | Medio | Paginacion, indices | +| Enumeracion de usuarios | Baja | Alto | Permisos estrictos | + +--- + +## Referencias + +### Documentacion Relacionada + +- [DDL-SPEC-core_users.md](../../02-modelado/database-design/DDL-SPEC-core_users.md) - Especificacion de base de datos +- [ET-users-backend.md](../../02-modelado/especificaciones-tecnicas/ET-users-backend.md) - Especificacion tecnica backend +- [TP-users.md](../../04-test-plans/TP-users.md) - Plan de pruebas + +### Dependencias con Otros Modulos + +- **MGN-001 (Auth)**: Autenticacion y tokens +- **MGN-003 (Roles)**: Asignacion de roles a usuarios +- **MGN-004 (Tenants)**: Aislamiento multi-tenant + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 5 RFs | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-001.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-001.md new file mode 100644 index 0000000..9bfbf7e --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-001.md @@ -0,0 +1,333 @@ +# RF-USER-001: CRUD de Usuarios + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-USER-001 | +| **Modulo** | MGN-002 | +| **Nombre Modulo** | Users - Gestion de Usuarios | +| **Prioridad** | P0 | +| **Complejidad** | Media | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir la gestion completa del ciclo de vida de usuarios, incluyendo crear, leer, actualizar y eliminar (soft delete) usuarios dentro de un tenant. Solo usuarios con permisos administrativos pueden gestionar otros usuarios. + +### Contexto de Negocio + +La gestion de usuarios es fundamental para: +- Controlar quien accede al sistema +- Asignar roles y permisos apropiados +- Mantener registro de empleados/usuarios del tenant +- Cumplir con politicas de seguridad y auditoria + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El sistema debe permitir crear usuarios con datos basicos (email, nombre, apellido) +- [x] **CA-002:** El sistema debe generar password temporal o enviar invitacion por email +- [x] **CA-003:** El sistema debe validar unicidad de email dentro del tenant +- [x] **CA-004:** El sistema debe permitir listar usuarios con paginacion y filtros +- [x] **CA-005:** El sistema debe permitir buscar usuarios por nombre, email o rol +- [x] **CA-006:** El sistema debe permitir actualizar datos de usuario +- [x] **CA-007:** El sistema debe implementar soft delete (no eliminar fisicamente) +- [x] **CA-008:** El sistema debe permitir activar/desactivar usuarios +- [x] **CA-009:** El sistema debe registrar quien creo/modifico cada usuario (auditoria) +- [x] **CA-010:** Solo admins pueden crear/modificar/eliminar usuarios + +### Ejemplos de Verificacion + +```gherkin +Scenario: Crear usuario exitosamente + Given un administrador autenticado + When crea un nuevo usuario con email "nuevo@empresa.com" + And nombre "Juan" y apellido "Perez" + Then el sistema crea el usuario con estado "pending_activation" + And envia email de invitacion al usuario + And registra created_by con el ID del admin + And responde con status 201 + +Scenario: Crear usuario con email duplicado + Given un usuario existente con email "existente@empresa.com" + When un admin intenta crear otro usuario con el mismo email + Then el sistema responde con status 409 + And el mensaje es "El email ya esta registrado" + +Scenario: Listar usuarios con filtros + Given 50 usuarios en el sistema + When un admin solicita GET /api/v1/users?page=1&limit=10&role=admin + Then el sistema retorna los primeros 10 usuarios con rol admin + And incluye metadata de paginacion (total, pages, hasNext) + +Scenario: Soft delete de usuario + Given un usuario activo con ID "user-123" + When un admin elimina el usuario + Then el campo deleted_at se establece con la fecha actual + And el campo deleted_by se establece con el ID del admin + And el usuario ya no aparece en listados normales + And el usuario no puede hacer login +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Email unico por tenant | UNIQUE(tenant_id, email) | +| RN-002 | Email en formato valido | Regex validation | +| RN-003 | Nombre y apellido requeridos | NOT NULL, min 2 chars | +| RN-004 | Soft delete en lugar de hard delete | deleted_at NOT NULL | +| RN-005 | Solo admins gestionan usuarios | RBAC permission check | +| RN-006 | Usuario no puede eliminarse a si mismo | Validacion en backend | +| RN-007 | Password temporal expira en 24 horas | Validacion en activacion | +| RN-008 | Auditoria de cambios obligatoria | created_by, updated_by | + +### Estados de Usuario + +``` + ┌─────────────────┐ + │ CREATED │ + │ (pending_activ) │ + └────────┬────────┘ + │ Usuario activa cuenta + ▼ +┌─────────────┐ ┌─────────────────┐ ┌─────────────┐ +│ LOCKED │◄────►│ ACTIVE │◄────►│ INACTIVE │ +│ (bloqueado) │ │ (activo) │ │ (inactivo) │ +└─────────────┘ └────────┬────────┘ └─────────────┘ + │ Admin elimina + ▼ + ┌─────────────────┐ + │ DELETED │ + │ (soft delete) │ + └─────────────────┘ +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Schema | crear | `core_users` | +| Tabla | crear | `users` - tabla principal | +| Columna | - | `id` UUID PK | +| Columna | - | `tenant_id` UUID FK | +| Columna | - | `email` VARCHAR(255) | +| Columna | - | `password_hash` VARCHAR(255) | +| Columna | - | `first_name` VARCHAR(100) | +| Columna | - | `last_name` VARCHAR(100) | +| Columna | - | `phone` VARCHAR(20) | +| Columna | - | `status` ENUM | +| Columna | - | `is_active` BOOLEAN | +| Columna | - | `email_verified_at` TIMESTAMPTZ | +| Columna | - | `last_login_at` TIMESTAMPTZ | +| Columna | - | `failed_login_attempts` INTEGER | +| Columna | - | `locked_until` TIMESTAMPTZ | +| Columna | - | `created_by` UUID FK | +| Columna | - | `updated_by` UUID FK | +| Columna | - | `deleted_at` TIMESTAMPTZ | +| Columna | - | `deleted_by` UUID FK | +| Indice | crear | `idx_users_tenant_email` UNIQUE | +| Indice | crear | `idx_users_tenant_status` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | crear | `UsersController` | +| Service | crear | `UsersService` | +| Method | crear | `create()` | +| Method | crear | `findAll()` | +| Method | crear | `findOne()` | +| Method | crear | `update()` | +| Method | crear | `remove()` (soft delete) | +| Method | crear | `activate()` | +| Method | crear | `deactivate()` | +| DTO | crear | `CreateUserDto` | +| DTO | crear | `UpdateUserDto` | +| DTO | crear | `UserResponseDto` | +| DTO | crear | `UserListQueryDto` | +| Guard | usar | `RolesGuard` | +| Endpoint | crear | `POST /api/v1/users` | +| Endpoint | crear | `GET /api/v1/users` | +| Endpoint | crear | `GET /api/v1/users/:id` | +| Endpoint | crear | `PATCH /api/v1/users/:id` | +| Endpoint | crear | `DELETE /api/v1/users/:id` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Pagina | crear | `UsersListPage` | +| Pagina | crear | `UserDetailPage` | +| Pagina | crear | `UserCreatePage` | +| Pagina | crear | `UserEditPage` | +| Componente | crear | `UsersTable` | +| Componente | crear | `UserForm` | +| Componente | crear | `UserCard` | +| Service | crear | `usersService` | +| Store | crear | `usersStore` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-AUTH-001 | Login | Para autenticacion | +| RF-AUTH-002 | JWT Tokens | Para autorizacion | + +### Dependencias Relacionadas + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-USER-002 | Perfil de usuario | Extiende datos de usuario | +| RF-ROLE-001 | Asignacion de roles | Usa tabla users | + +--- + +## Especificaciones Tecnicas + +### Modelo de Datos Simplificado + +```typescript +interface User { + id: string; + tenantId: string; + email: string; + passwordHash: string; + firstName: string; + lastName: string; + phone?: string; + avatarUrl?: string; + status: UserStatus; + isActive: boolean; + emailVerifiedAt?: Date; + lastLoginAt?: Date; + failedLoginAttempts: number; + lockedUntil?: Date; + metadata?: Record; + createdAt: Date; + createdBy?: string; + updatedAt: Date; + updatedBy?: string; + deletedAt?: Date; + deletedBy?: string; +} + +enum UserStatus { + PENDING_ACTIVATION = 'pending_activation', + ACTIVE = 'active', + INACTIVE = 'inactive', + LOCKED = 'locked', +} +``` + +### Flujo de Creacion de Usuario + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ 1. Admin envia POST /api/v1/users │ +│ Body: { email, firstName, lastName, roleIds } │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 2. Validaciones │ +│ - Email formato valido │ +│ - Email no existe en tenant │ +│ - Admin tiene permiso users:create │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 3. Crear usuario │ +│ - status = 'pending_activation' │ +│ - is_active = false │ +│ - created_by = admin.id │ +│ - Generar activation token │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 4. Asignar roles │ +│ - Insertar en user_roles │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 5. Enviar email de invitacion │ +│ - Link: /activate?token={activation_token} │ +│ - Token expira en 24 horas │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 6. Responder con usuario creado │ +│ - Status 201 │ +│ - Body: UserResponseDto (sin password) │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Crear usuario valido | email, firstName, lastName | 201, usuario creado | +| Email duplicado | email existente | 409, "Email ya registrado" | +| Email invalido | "notanemail" | 400, "Email invalido" | +| Sin permiso | Usuario no admin | 403, "Permiso denegado" | +| Listar usuarios | page=1, limit=10 | 200, lista paginada | +| Buscar por email | search=john@ | 200, usuarios filtrados | +| Actualizar usuario | PATCH con datos | 200, usuario actualizado | +| Soft delete | DELETE /users/:id | 200, deleted_at set | +| Eliminar a si mismo | DELETE propio ID | 400, "No puede eliminarse" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 3 | Schema y tabla users | +| Backend | 5 | CRUD completo con validaciones | +| Frontend | 5 | 4 paginas, componentes, store | +| **Total** | **13** | | + +--- + +## Notas Adicionales + +- Implementar soft delete para mantener integridad referencial +- El email de invitacion debe usar template personalizable +- Considerar bulk import de usuarios via CSV +- Implementar export de lista de usuarios +- Los usuarios eliminados se pueden restaurar (admin) + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-002.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-002.md new file mode 100644 index 0000000..e4269d1 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-002.md @@ -0,0 +1,314 @@ +# RF-USER-002: Perfil de Usuario + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-USER-002 | +| **Modulo** | MGN-002 | +| **Nombre Modulo** | Users - Gestion de Usuarios | +| **Prioridad** | P1 | +| **Complejidad** | Baja | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a cada usuario ver y editar su propio perfil, incluyendo informacion personal, foto de perfil y datos de contacto. A diferencia del CRUD de usuarios (RF-USER-001), el perfil es autoservicio - cada usuario gestiona su propia informacion. + +### Contexto de Negocio + +El perfil de usuario permite: +- Personalizacion de la experiencia +- Informacion de contacto actualizada +- Identidad visual mediante avatar +- Datos para notificaciones y comunicacion + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El usuario debe poder ver su perfil completo +- [x] **CA-002:** El usuario debe poder editar nombre y apellido +- [x] **CA-003:** El usuario debe poder editar telefono +- [x] **CA-004:** El usuario debe poder subir foto de perfil (avatar) +- [x] **CA-005:** El usuario NO debe poder cambiar su email directamente +- [x] **CA-006:** El sistema debe validar formato de telefono +- [x] **CA-007:** El sistema debe redimensionar imagenes de avatar automaticamente +- [x] **CA-008:** El perfil debe mostrar informacion de la cuenta (fecha registro, ultimo login) + +### Ejemplos de Verificacion + +```gherkin +Scenario: Ver perfil propio + Given un usuario autenticado + When accede a GET /api/v1/users/me + Then el sistema retorna su perfil completo + And incluye firstName, lastName, email, phone, avatarUrl + And incluye createdAt, lastLoginAt + And NO incluye passwordHash ni datos sensibles + +Scenario: Actualizar nombre + Given un usuario autenticado + When actualiza su nombre a "Carlos" + Then el sistema guarda el cambio + And updated_by se establece con su propio ID + And responde con el perfil actualizado + +Scenario: Subir avatar + Given un usuario autenticado + And una imagen JPG de 2MB + When sube la imagen como avatar + Then el sistema redimensiona a 200x200 px + And genera thumbnail de 50x50 px + And almacena en storage (S3/local) + And actualiza avatarUrl en el usuario + +Scenario: Imagen muy grande + Given un usuario autenticado + And una imagen de 15MB + When intenta subir como avatar + Then el sistema responde con status 400 + And el mensaje es "Imagen excede tamaño maximo (10MB)" +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Solo el propio usuario edita su perfil | user.id == request.userId | +| RN-002 | Email no editable desde perfil | Campo readonly | +| RN-003 | Avatar max 10MB | File size validation | +| RN-004 | Formatos permitidos: JPG, PNG, WebP | MIME type check | +| RN-005 | Avatar redimensionado a 200x200 | Image processing | +| RN-006 | Telefono formato E.164 | Regex +[0-9]{10,15} | +| RN-007 | Nombre min 2, max 100 caracteres | String validation | + +### Campos Editables vs No Editables + +| Campo | Editable | Notas | +|-------|----------|-------| +| firstName | Si | Min 2 chars | +| lastName | Si | Min 2 chars | +| phone | Si | Formato E.164 | +| avatarUrl | Si | Via upload | +| email | No | Requiere proceso separado | +| status | No | Solo admin | +| roles | No | Solo admin | +| tenantId | No | Inmutable | + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | usar | `users` - ya existe | +| Columna | agregar | `avatar_url` VARCHAR(500) | +| Columna | agregar | `avatar_thumbnail_url` VARCHAR(500) | +| Tabla | crear | `user_avatars` - historial de avatares | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | agregar | `UsersController.getProfile()` | +| Controller | agregar | `UsersController.updateProfile()` | +| Controller | agregar | `UsersController.uploadAvatar()` | +| Method | crear | `UsersService.getProfile()` | +| Method | crear | `UsersService.updateProfile()` | +| Method | crear | `AvatarService.upload()` | +| Method | crear | `AvatarService.resize()` | +| DTO | crear | `UpdateProfileDto` | +| DTO | crear | `ProfileResponseDto` | +| Endpoint | crear | `GET /api/v1/users/me` | +| Endpoint | crear | `PATCH /api/v1/users/me` | +| Endpoint | crear | `POST /api/v1/users/me/avatar` | +| Endpoint | crear | `DELETE /api/v1/users/me/avatar` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Pagina | crear | `ProfilePage` | +| Componente | crear | `ProfileForm` | +| Componente | crear | `AvatarUploader` | +| Componente | crear | `AvatarCropper` | +| Service | crear | `profileService` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-USER-001 | CRUD Usuarios | Tabla users | +| RF-AUTH-001 | Login | Autenticacion | + +### Dependencias Externas + +| Servicio | Descripcion | +|----------|-------------| +| Storage | S3, MinIO o filesystem para avatares | +| Image Processing | Sharp o similar para resize | + +--- + +## Especificaciones Tecnicas + +### Endpoint GET /api/v1/users/me + +```typescript +// Response 200 +{ + "id": "uuid", + "email": "user@example.com", + "firstName": "Juan", + "lastName": "Perez", + "phone": "+521234567890", + "avatarUrl": "https://storage.erp.com/avatars/uuid-200.jpg", + "avatarThumbnailUrl": "https://storage.erp.com/avatars/uuid-50.jpg", + "status": "active", + "emailVerifiedAt": "2025-01-01T00:00:00Z", + "lastLoginAt": "2025-12-05T10:30:00Z", + "createdAt": "2025-01-01T00:00:00Z", + "tenant": { + "id": "tenant-uuid", + "name": "Empresa XYZ" + }, + "roles": [ + { "id": "role-uuid", "name": "admin" } + ] +} +``` + +### Endpoint PATCH /api/v1/users/me + +```typescript +// Request +{ + "firstName": "Carlos", + "lastName": "Lopez", + "phone": "+521234567890" +} + +// Response 200 +{ + // ProfileResponseDto actualizado +} +``` + +### Endpoint POST /api/v1/users/me/avatar + +```typescript +// Request +// Content-Type: multipart/form-data +// Field: avatar (file) + +// Response 200 +{ + "avatarUrl": "https://storage.erp.com/avatars/uuid-200.jpg", + "avatarThumbnailUrl": "https://storage.erp.com/avatars/uuid-50.jpg" +} +``` + +### Procesamiento de Avatar + +```typescript +// avatar.service.ts +async uploadAvatar(userId: string, file: Express.Multer.File): Promise { + // 1. Validar archivo + this.validateFile(file); // size, mime type + + // 2. Generar nombres unicos + const filename = `${userId}-${Date.now()}`; + + // 3. Procesar imagen + const mainBuffer = await sharp(file.buffer) + .resize(200, 200, { fit: 'cover' }) + .jpeg({ quality: 85 }) + .toBuffer(); + + const thumbBuffer = await sharp(file.buffer) + .resize(50, 50, { fit: 'cover' }) + .jpeg({ quality: 80 }) + .toBuffer(); + + // 4. Subir a storage + const mainUrl = await this.storage.upload(`avatars/${filename}-200.jpg`, mainBuffer); + const thumbUrl = await this.storage.upload(`avatars/${filename}-50.jpg`, thumbBuffer); + + // 5. Eliminar avatar anterior (opcional) + await this.deleteOldAvatar(userId); + + // 6. Actualizar usuario + await this.usersRepository.update(userId, { + avatarUrl: mainUrl, + avatarThumbnailUrl: thumbUrl, + }); + + return { avatarUrl: mainUrl, avatarThumbnailUrl: thumbUrl }; +} +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Ver perfil | GET /users/me | 200, perfil completo | +| Actualizar nombre | firstName: "Carlos" | 200, actualizado | +| Telefono invalido | phone: "123" | 400, "Formato invalido" | +| Avatar JPG valido | imagen 1MB | 200, URLs generadas | +| Avatar muy grande | imagen 15MB | 400, "Excede limite" | +| Avatar formato invalido | archivo .pdf | 400, "Formato no permitido" | +| Eliminar avatar | DELETE /users/me/avatar | 200, avatar eliminado | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 1 | Columnas avatar | +| Backend | 3 | Profile endpoints + avatar | +| Frontend | 3 | Profile page + avatar uploader | +| **Total** | **7** | | + +--- + +## Notas Adicionales + +- Considerar CDN para servir avatares +- Implementar cache de avatares +- Avatar por defecto basado en iniciales (fallback) +- Considerar gravatar como fallback +- Rate limiting en upload de avatares + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-003.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-003.md new file mode 100644 index 0000000..f28aafc --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-003.md @@ -0,0 +1,332 @@ +# RF-USER-003: Cambio de Email + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-USER-003 | +| **Modulo** | MGN-002 | +| **Nombre Modulo** | Users - Gestion de Usuarios | +| **Prioridad** | P1 | +| **Complejidad** | Media | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los usuarios cambiar su direccion de email de forma segura, requiriendo verificacion del nuevo email antes de completar el cambio. Este proceso protege contra cambios no autorizados y mantiene la integridad de las comunicaciones. + +### Contexto de Negocio + +El cambio de email es sensible porque: +- El email es el identificador principal de login +- Se usa para recuperacion de password +- Se usa para notificaciones importantes +- Debe ser verificado antes del cambio efectivo + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El usuario debe poder solicitar cambio de email +- [x] **CA-002:** El sistema debe enviar verificacion al NUEVO email +- [x] **CA-003:** El cambio no se aplica hasta verificar el nuevo email +- [x] **CA-004:** El sistema debe validar que el nuevo email no exista en el tenant +- [x] **CA-005:** El token de verificacion expira en 24 horas +- [x] **CA-006:** El sistema debe notificar al email ANTERIOR sobre el cambio +- [x] **CA-007:** El usuario debe confirmar con su password actual +- [x] **CA-008:** Despues del cambio, todas las sesiones se invalidan + +### Ejemplos de Verificacion + +```gherkin +Scenario: Solicitar cambio de email + Given un usuario con email "viejo@empresa.com" + When solicita cambiar a "nuevo@empresa.com" + And confirma con su password actual + Then el sistema valida que "nuevo@empresa.com" no existe + And genera token de verificacion + And envia email de verificacion a "nuevo@empresa.com" + And el email actual permanece sin cambios + And responde con status 200 + +Scenario: Verificar nuevo email + Given una solicitud de cambio pendiente + And un token de verificacion valido + When el usuario hace clic en el link de verificacion + Then el sistema actualiza el email del usuario + And invalida todas las sesiones activas + And envia notificacion al email anterior + And redirige al login + +Scenario: Token de verificacion expirado + Given un token de verificacion de mas de 24 horas + When el usuario intenta usarlo + Then el sistema responde con error + And el mensaje es "Token expirado, solicita nuevo cambio" + +Scenario: Nuevo email ya existe + Given un email "existente@empresa.com" ya registrado + When un usuario intenta cambiar a ese email + Then el sistema responde con status 409 + And el mensaje es "Email no disponible" +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Requiere password actual para solicitar cambio | Verificacion bcrypt | +| RN-002 | Nuevo email debe ser unico en tenant | UNIQUE constraint | +| RN-003 | Token de verificacion expira en 24 horas | expires_at check | +| RN-004 | Solo una solicitud activa a la vez | Invalidar anteriores | +| RN-005 | Notificar al email anterior | Email de seguridad | +| RN-006 | Logout-all despues del cambio | Revocar tokens | +| RN-007 | Nuevo email formato valido | Regex validation | + +### Flujo de Cambio de Email + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ 1. Usuario solicita cambio │ +│ POST /api/v1/users/me/email/request-change │ +│ Body: { newEmail, currentPassword } │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 2. Validaciones │ +│ - Password correcto │ +│ - Nuevo email formato valido │ +│ - Nuevo email no existe en tenant │ +│ - No hay solicitud pendiente │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 3. Crear solicitud │ +│ - Guardar en email_change_requests │ +│ - Generar token (32 bytes, hex) │ +│ - expires_at = now + 24 hours │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 4. Enviar email de verificacion │ +│ To: nuevo@email.com │ +│ Link: /verify-email-change?token={token} │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 5. Usuario hace clic en link │ +│ GET /api/v1/users/email/verify-change?token={token} │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 6. Aplicar cambio │ +│ - Actualizar users.email │ +│ - Marcar solicitud como completada │ +│ - Invalidar todas las sesiones │ +│ - Enviar notificacion al email anterior │ +└───────────────────────────┬─────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────┐ +│ 7. Redirigir al login │ +│ - Usuario debe iniciar sesion con nuevo email │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | crear | `email_change_requests` | +| Columna | - | `id` UUID PK | +| Columna | - | `user_id` UUID FK | +| Columna | - | `tenant_id` UUID FK | +| Columna | - | `current_email` VARCHAR(255) | +| Columna | - | `new_email` VARCHAR(255) | +| Columna | - | `token_hash` VARCHAR(255) | +| Columna | - | `expires_at` TIMESTAMPTZ | +| Columna | - | `completed_at` TIMESTAMPTZ | +| Columna | - | `created_at` TIMESTAMPTZ | +| Indice | crear | `idx_email_change_user` | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | agregar | `UsersController.requestEmailChange()` | +| Controller | agregar | `UsersController.verifyEmailChange()` | +| Method | crear | `UsersService.requestEmailChange()` | +| Method | crear | `UsersService.verifyEmailChange()` | +| DTO | crear | `RequestEmailChangeDto` | +| Entity | crear | `EmailChangeRequest` | +| Endpoint | crear | `POST /api/v1/users/me/email/request-change` | +| Endpoint | crear | `GET /api/v1/users/email/verify-change` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Componente | crear | `ChangeEmailForm` | +| Pagina | crear | `VerifyEmailChangePage` | +| Modal | crear | `ConfirmPasswordModal` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-USER-001 | CRUD Usuarios | Tabla users | +| RF-AUTH-004 | Logout | Para logout-all | + +### Dependencias Externas + +| Servicio | Descripcion | +|----------|-------------| +| Email Service | Envio de verificacion | + +--- + +## Especificaciones Tecnicas + +### Endpoint POST /api/v1/users/me/email/request-change + +```typescript +// Request +{ + "newEmail": "nuevo@empresa.com", + "currentPassword": "MiPasswordActual123!" +} + +// Response 200 +{ + "message": "Se ha enviado un email de verificacion a nuevo@empresa.com", + "expiresAt": "2025-12-06T10:30:00Z" +} + +// Response 400 - Password incorrecto +{ + "statusCode": 400, + "message": "Password incorrecto" +} + +// Response 409 - Email existe +{ + "statusCode": 409, + "message": "Email no disponible" +} +``` + +### Endpoint GET /api/v1/users/email/verify-change + +```typescript +// Request +GET /api/v1/users/email/verify-change?token=abc123... + +// Response 200 (redirect) +// Redirect to: /login?emailChanged=true + +// Response 400 - Token invalido +{ + "statusCode": 400, + "message": "Token invalido o expirado" +} +``` + +### Template de Email - Verificacion + +```html +Asunto: Verifica tu nuevo email - ERP Suite + +

Hola {{firstName}},

+ +

Recibimos una solicitud para cambiar tu email de:

+

{{currentEmail}} a {{newEmail}}

+ +

Haz clic en el siguiente enlace para confirmar el cambio:

+Verificar nuevo email + +

Este enlace expira en 24 horas.

+ +

Si no solicitaste este cambio, ignora este email y considera +cambiar tu password por seguridad.

+``` + +### Template de Email - Notificacion al Email Anterior + +```html +Asunto: Tu email ha sido cambiado - ERP Suite + +

Hola {{firstName}},

+ +

Te informamos que el email de tu cuenta ha sido cambiado.

+ +

Email anterior: {{oldEmail}}

+

Email nuevo: {{newEmail}}

+

Fecha: {{changeDate}}

+ +

Si no realizaste este cambio, contacta inmediatamente a soporte.

+``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Solicitud valida | newEmail, password correcto | 200, email enviado | +| Password incorrecto | password erroneo | 400, "Password incorrecto" | +| Email ya existe | email de otro usuario | 409, "Email no disponible" | +| Email invalido | "notanemail" | 400, "Email invalido" | +| Verificar token valido | token < 24h | 200, email cambiado | +| Token expirado | token > 24h | 400, "Token expirado" | +| Token ya usado | solicitud completada | 400, "Token ya utilizado" | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 1 | Tabla email_change_requests | +| Backend | 3 | Endpoints, validaciones, emails | +| Frontend | 2 | Form y pagina verificacion | +| **Total** | **6** | | + +--- + +## Notas Adicionales + +- Considerar periodo de gracia donde se puede revertir el cambio +- Implementar notificacion push ademas de email +- Rate limiting en solicitudes (max 3 por dia) +- Log de todos los cambios de email para auditoria + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-004.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-004.md new file mode 100644 index 0000000..5c7d002 --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-004.md @@ -0,0 +1,362 @@ +# RF-USER-004: Cambio de Password + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-USER-004 | +| **Modulo** | MGN-002 | +| **Nombre Modulo** | Users - Gestion de Usuarios | +| **Prioridad** | P0 | +| **Complejidad** | Baja | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los usuarios cambiar su contraseña de forma segura, requiriendo la contraseña actual para autorizar el cambio. Este proceso es diferente a la recuperacion de password (RF-AUTH-005) ya que el usuario conoce su password actual. + +### Contexto de Negocio + +El cambio de password es necesario para: +- Cumplir con politicas de rotacion de passwords +- Responder a sospechas de compromiso +- Buenas practicas de seguridad +- Requisitos de compliance + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El usuario debe proporcionar su password actual para cambiar +- [x] **CA-002:** El nuevo password debe cumplir politica de complejidad +- [x] **CA-003:** El nuevo password no puede ser igual a los ultimos 5 +- [x] **CA-004:** El sistema debe invalidar todas las otras sesiones (opcional) +- [x] **CA-005:** El sistema debe notificar via email del cambio +- [x] **CA-006:** El sistema debe registrar el cambio en password_history +- [x] **CA-007:** La sesion actual puede mantenerse activa + +### Ejemplos de Verificacion + +```gherkin +Scenario: Cambio de password exitoso + Given un usuario autenticado + When proporciona password actual correcto + And nuevo password "NuevoPass123!" + And el nuevo password cumple requisitos + Then el sistema actualiza el password + And guarda en password_history + And envia email de notificacion + And opcionalmente invalida otras sesiones + And responde con status 200 + +Scenario: Password actual incorrecto + Given un usuario autenticado + When proporciona password actual incorrecto + Then el sistema responde con status 400 + And el mensaje es "Password actual incorrecto" + +Scenario: Nuevo password no cumple requisitos + Given un usuario autenticado + When el nuevo password es "abc123" + Then el sistema responde con status 400 + And lista los requisitos no cumplidos + +Scenario: Password igual a anterior + Given un usuario que uso "MiPass123!" hace 2 meses + When intenta cambiar a "MiPass123!" nuevamente + Then el sistema responde con status 400 + And el mensaje es "No puedes reusar passwords anteriores" +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Password actual requerido | Verificacion bcrypt | +| RN-002 | Nuevo password min 8 caracteres | String length | +| RN-003 | Nuevo password requiere mayuscula | Regex [A-Z] | +| RN-004 | Nuevo password requiere minuscula | Regex [a-z] | +| RN-005 | Nuevo password requiere numero | Regex [0-9] | +| RN-006 | Nuevo password requiere especial | Regex [@$!%*?&] | +| RN-007 | No reusar ultimos 5 passwords | Check password_history | +| RN-008 | Nuevo != Actual | Comparacion | + +### Politica de Password + +``` +Requisitos minimos: +├── Longitud: 8-128 caracteres +├── Al menos 1 mayuscula (A-Z) +├── Al menos 1 minuscula (a-z) +├── Al menos 1 numero (0-9) +├── Al menos 1 caracter especial (!@#$%^&*) +├── No puede contener el email del usuario +└── No puede ser igual a los ultimos 5 passwords +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | usar | `users` - actualizar password_hash | +| Tabla | usar | `password_history` - registrar cambio | +| Tabla | usar | `session_history` - registrar evento | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | agregar | `UsersController.changePassword()` | +| Method | crear | `UsersService.changePassword()` | +| Method | usar | `PasswordService.validatePolicy()` | +| Method | usar | `PasswordService.checkHistory()` | +| DTO | crear | `ChangePasswordDto` | +| Endpoint | crear | `POST /api/v1/users/me/password` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Componente | crear | `ChangePasswordForm` | +| Componente | usar | `PasswordStrengthIndicator` | +| Pagina | agregar | Seccion en ProfilePage | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-USER-001 | CRUD Usuarios | Tabla users | +| RF-AUTH-001 | Login | Autenticacion | + +### Reutiliza de + +| ID | Requerimiento | Elementos | +|----|---------------|-----------| +| RF-AUTH-005 | Password Recovery | password_history, validaciones | + +--- + +## Especificaciones Tecnicas + +### Endpoint POST /api/v1/users/me/password + +```typescript +// Request +{ + "currentPassword": "MiPasswordActual123!", + "newPassword": "MiNuevoPassword456!", + "confirmPassword": "MiNuevoPassword456!", + "logoutOtherSessions": true // opcional, default false +} + +// Response 200 +{ + "message": "Password actualizado exitosamente", + "sessionsInvalidated": 2 // si logoutOtherSessions = true +} + +// Response 400 - Password actual incorrecto +{ + "statusCode": 400, + "message": "Password actual incorrecto" +} + +// Response 400 - No cumple politica +{ + "statusCode": 400, + "message": "El password no cumple los requisitos", + "errors": [ + "Debe incluir al menos una mayuscula", + "Debe incluir al menos un caracter especial" + ] +} + +// Response 400 - Password reutilizado +{ + "statusCode": 400, + "message": "No puedes usar un password que hayas usado anteriormente" +} +``` + +### Implementacion del Service + +```typescript +// users.service.ts +async changePassword( + userId: string, + dto: ChangePasswordDto, +): Promise { + const user = await this.usersRepository.findOne({ where: { id: userId } }); + + // 1. Verificar password actual + const isCurrentValid = await bcrypt.compare(dto.currentPassword, user.passwordHash); + if (!isCurrentValid) { + throw new BadRequestException('Password actual incorrecto'); + } + + // 2. Verificar que nuevo != actual + if (dto.currentPassword === dto.newPassword) { + throw new BadRequestException('El nuevo password debe ser diferente al actual'); + } + + // 3. Validar confirmacion + if (dto.newPassword !== dto.confirmPassword) { + throw new BadRequestException('Los passwords no coinciden'); + } + + // 4. Validar politica de password + const policyErrors = this.passwordService.validatePolicy(dto.newPassword, user.email); + if (policyErrors.length > 0) { + throw new BadRequestException({ + message: 'El password no cumple los requisitos', + errors: policyErrors, + }); + } + + // 5. Verificar historial + const isReused = await this.passwordService.isPasswordReused(userId, dto.newPassword); + if (isReused) { + throw new BadRequestException('No puedes usar un password que hayas usado anteriormente'); + } + + // 6. Hashear nuevo password + const newHash = await bcrypt.hash(dto.newPassword, 12); + + // 7. Guardar en historial + await this.passwordHistoryRepository.save({ + userId, + tenantId: user.tenantId, + passwordHash: newHash, + }); + + // 8. Actualizar usuario + await this.usersRepository.update(userId, { + passwordHash: newHash, + updatedBy: userId, + }); + + // 9. Registrar evento + await this.sessionHistoryRepository.save({ + userId, + tenantId: user.tenantId, + action: 'password_change', + }); + + // 10. Invalidar otras sesiones si se solicita + let sessionsInvalidated = 0; + if (dto.logoutOtherSessions) { + sessionsInvalidated = await this.tokenService.revokeAllUserTokens( + userId, + 'password_change', + ); + } + + // 11. Enviar email de notificacion + await this.emailService.sendPasswordChangedEmail(user.email, user.firstName); + + return { + message: 'Password actualizado exitosamente', + sessionsInvalidated, + }; +} +``` + +### Validacion de Politica + +```typescript +// password.service.ts +validatePolicy(password: string, email: string): string[] { + const errors: string[] = []; + + if (password.length < 8) { + errors.push('Debe tener al menos 8 caracteres'); + } + if (password.length > 128) { + errors.push('No puede exceder 128 caracteres'); + } + if (!/[A-Z]/.test(password)) { + errors.push('Debe incluir al menos una mayuscula'); + } + if (!/[a-z]/.test(password)) { + errors.push('Debe incluir al menos una minuscula'); + } + if (!/[0-9]/.test(password)) { + errors.push('Debe incluir al menos un numero'); + } + if (!/[!@#$%^&*()_+\-=\[\]{}|;:,.<>?]/.test(password)) { + errors.push('Debe incluir al menos un caracter especial'); + } + if (password.toLowerCase().includes(email.split('@')[0].toLowerCase())) { + errors.push('No puede contener tu nombre de usuario'); + } + + return errors; +} +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Cambio exitoso | currentPassword correcto, newPassword valido | 200, actualizado | +| Password actual incorrecto | currentPassword erroneo | 400, "Password actual incorrecto" | +| Passwords no coinciden | newPassword != confirmPassword | 400, "No coinciden" | +| Password muy corto | newPassword: "Ab1!" | 400, "Min 8 caracteres" | +| Sin mayuscula | newPassword: "password123!" | 400, "Requiere mayuscula" | +| Password reutilizado | newPassword en historial | 400, "No reusar" | +| Con logout otras sesiones | logoutOtherSessions: true | 200, sesiones cerradas | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 0 | Usa tablas existentes | +| Backend | 2 | Endpoint + validaciones | +| Frontend | 2 | Form + strength indicator | +| **Total** | **4** | | + +--- + +## Notas Adicionales + +- Considerar forzar cambio de password cada N dias (configurable) +- Implementar indicador de fuerza de password en tiempo real +- Rate limiting: max 3 intentos por hora +- Log detallado para auditoria de seguridad +- Considerar 2FA antes de cambio de password (futuro) + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-005.md b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-005.md new file mode 100644 index 0000000..ec85a0d --- /dev/null +++ b/docs/01-fase-foundation/MGN-002-users/requerimientos/RF-USER-005.md @@ -0,0 +1,370 @@ +# RF-USER-005: Preferencias de Usuario + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-USER-005 | +| **Modulo** | MGN-002 | +| **Nombre Modulo** | Users - Gestion de Usuarios | +| **Prioridad** | P2 | +| **Complejidad** | Baja | +| **Estado** | Aprobado | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a cada usuario configurar sus preferencias personales, incluyendo idioma, zona horaria, formato de fecha/hora, tema visual y preferencias de notificaciones. Estas configuraciones personalizan la experiencia del usuario sin afectar a otros usuarios del tenant. + +### Contexto de Negocio + +Las preferencias de usuario permiten: +- Experiencia personalizada por usuario +- Soporte multi-idioma +- Adaptacion a zonas horarias locales +- Control sobre notificaciones recibidas +- Accesibilidad (tema oscuro, tamano de fuente) + +--- + +## Criterios de Aceptacion + +- [x] **CA-001:** El usuario debe poder seleccionar idioma preferido +- [x] **CA-002:** El usuario debe poder configurar zona horaria +- [x] **CA-003:** El usuario debe poder elegir formato de fecha (DD/MM/YYYY, MM/DD/YYYY, etc.) +- [x] **CA-004:** El usuario debe poder elegir formato de hora (12h, 24h) +- [x] **CA-005:** El usuario debe poder elegir tema (claro, oscuro, sistema) +- [x] **CA-006:** El usuario debe poder configurar preferencias de notificaciones +- [x] **CA-007:** Las preferencias deben aplicarse inmediatamente +- [x] **CA-008:** Las preferencias deben persistir entre sesiones + +### Ejemplos de Verificacion + +```gherkin +Scenario: Cambiar idioma + Given un usuario con idioma "es" (español) + When cambia su preferencia a "en" (ingles) + Then el sistema guarda la preferencia + And la interfaz cambia a ingles inmediatamente + And las fechas se formatean en ingles + +Scenario: Configurar zona horaria + Given un usuario en Mexico (America/Mexico_City) + When configura su zona horaria + Then todas las fechas/horas se muestran en esa zona + And los eventos del calendario se ajustan + +Scenario: Preferencias de notificaciones + Given un usuario con notificaciones por email activadas + When desactiva "notificaciones de marketing" + Then deja de recibir ese tipo de emails + And mantiene otras notificaciones activas + +Scenario: Tema oscuro + Given un usuario con tema claro + When activa tema oscuro + Then la interfaz cambia a colores oscuros + And la preferencia se mantiene al recargar +``` + +--- + +## Reglas de Negocio + +| ID | Regla | Validacion | +|----|-------|------------| +| RN-001 | Idiomas soportados: es, en, pt | Enum validation | +| RN-002 | Zona horaria debe ser valida IANA | Timezone validation | +| RN-003 | Preferencias son por usuario, no por tenant | user_id scope | +| RN-004 | Valores por defecto del tenant si no hay preferencia | Fallback logic | +| RN-005 | Tema "sistema" sigue preferencia del OS | CSS media query | + +### Preferencias Disponibles + +```typescript +interface UserPreferences { + // Localizacion + language: 'es' | 'en' | 'pt'; + timezone: string; // IANA timezone + dateFormat: 'DD/MM/YYYY' | 'MM/DD/YYYY' | 'YYYY-MM-DD'; + timeFormat: '12h' | '24h'; + currency: string; // ISO 4217 + numberFormat: 'es-MX' | 'en-US' | 'pt-BR'; + + // Apariencia + theme: 'light' | 'dark' | 'system'; + sidebarCollapsed: boolean; + compactMode: boolean; + fontSize: 'small' | 'medium' | 'large'; + + // Notificaciones + notifications: { + email: { + enabled: boolean; + digest: 'instant' | 'daily' | 'weekly'; + marketing: boolean; + security: boolean; + updates: boolean; + }; + push: { + enabled: boolean; + sound: boolean; + }; + inApp: { + enabled: boolean; + desktop: boolean; + }; + }; + + // Dashboard + dashboard: { + defaultView: string; + widgets: string[]; + }; +} +``` + +--- + +## Impacto en Capas + +### Database + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Tabla | crear | `user_preferences` | +| Columna | - | `id` UUID PK | +| Columna | - | `user_id` UUID FK UNIQUE | +| Columna | - | `tenant_id` UUID FK | +| Columna | - | `language` VARCHAR(5) | +| Columna | - | `timezone` VARCHAR(50) | +| Columna | - | `date_format` VARCHAR(20) | +| Columna | - | `time_format` VARCHAR(5) | +| Columna | - | `theme` VARCHAR(10) | +| Columna | - | `notifications` JSONB | +| Columna | - | `dashboard` JSONB | +| Columna | - | `metadata` JSONB | +| Columna | - | `updated_at` TIMESTAMPTZ | + +### Backend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Controller | crear | `PreferencesController` | +| Service | crear | `PreferencesService` | +| Method | crear | `getPreferences()` | +| Method | crear | `updatePreferences()` | +| Method | crear | `resetPreferences()` | +| DTO | crear | `UpdatePreferencesDto` | +| DTO | crear | `PreferencesResponseDto` | +| Entity | crear | `UserPreferences` | +| Endpoint | crear | `GET /api/v1/users/me/preferences` | +| Endpoint | crear | `PATCH /api/v1/users/me/preferences` | +| Endpoint | crear | `POST /api/v1/users/me/preferences/reset` | + +### Frontend + +| Elemento | Accion | Descripcion | +|----------|--------|-------------| +| Pagina | crear | `PreferencesPage` | +| Componente | crear | `LanguageSelector` | +| Componente | crear | `TimezoneSelector` | +| Componente | crear | `ThemeToggle` | +| Componente | crear | `NotificationSettings` | +| Store | crear | `preferencesStore` | +| Hook | crear | `usePreferences` | +| Context | crear | `PreferencesContext` | + +--- + +## Dependencias + +### Depende de (Bloqueantes) + +| ID | Requerimiento | Estado | +|----|---------------|--------| +| RF-USER-001 | CRUD Usuarios | Tabla users | + +### Dependencias Relacionadas + +| ID | Requerimiento | Relacion | +|----|---------------|----------| +| RF-SETTINGS-001 | Tenant Settings | Valores por defecto | + +--- + +## Especificaciones Tecnicas + +### Endpoint GET /api/v1/users/me/preferences + +```typescript +// Response 200 +{ + "language": "es", + "timezone": "America/Mexico_City", + "dateFormat": "DD/MM/YYYY", + "timeFormat": "24h", + "currency": "MXN", + "numberFormat": "es-MX", + "theme": "dark", + "sidebarCollapsed": false, + "compactMode": false, + "fontSize": "medium", + "notifications": { + "email": { + "enabled": true, + "digest": "daily", + "marketing": false, + "security": true, + "updates": true + }, + "push": { + "enabled": true, + "sound": true + }, + "inApp": { + "enabled": true, + "desktop": false + } + }, + "dashboard": { + "defaultView": "overview", + "widgets": ["sales", "inventory", "tasks"] + } +} +``` + +### Endpoint PATCH /api/v1/users/me/preferences + +```typescript +// Request - Actualizacion parcial +{ + "theme": "light", + "notifications": { + "email": { + "marketing": false + } + } +} + +// Response 200 +{ + // PreferencesResponseDto completo actualizado +} +``` + +### Merge de Preferencias + +```typescript +// preferences.service.ts +async updatePreferences( + userId: string, + updates: Partial, +): Promise { + let preferences = await this.preferencesRepository.findOne({ + where: { userId }, + }); + + if (!preferences) { + // Crear con defaults del tenant + const tenantDefaults = await this.getTenantDefaults(userId); + preferences = this.preferencesRepository.create({ + userId, + ...tenantDefaults, + }); + } + + // Deep merge para objetos anidados (notifications, dashboard) + const merged = deepMerge(preferences, updates); + + return this.preferencesRepository.save(merged); +} +``` + +### Aplicacion en Frontend + +```typescript +// PreferencesContext.tsx +export const PreferencesProvider: React.FC = ({ children }) => { + const [preferences, setPreferences] = useState(null); + + useEffect(() => { + loadPreferences(); + }, []); + + useEffect(() => { + if (preferences) { + // Aplicar tema + document.documentElement.setAttribute('data-theme', preferences.theme); + + // Aplicar idioma + i18n.changeLanguage(preferences.language); + + // Configurar moment/dayjs timezone + dayjs.tz.setDefault(preferences.timezone); + } + }, [preferences]); + + return ( + + {children} + + ); +}; +``` + +--- + +## Datos de Prueba + +| Escenario | Entrada | Resultado | +|-----------|---------|-----------| +| Obtener preferencias | GET /preferences | 200, preferencias o defaults | +| Cambiar idioma | language: "en" | 200, idioma actualizado | +| Zona horaria invalida | timezone: "Invalid/Zone" | 400, "Zona horaria invalida" | +| Tema valido | theme: "dark" | 200, tema actualizado | +| Tema invalido | theme: "purple" | 400, "Valor no permitido" | +| Desactivar notificaciones | notifications.email.enabled: false | 200, actualizado | +| Reset preferencias | POST /reset | 200, defaults del tenant | + +--- + +## Estimacion + +| Capa | Story Points | Notas | +|------|--------------|-------| +| Database | 1 | Tabla user_preferences | +| Backend | 2 | CRUD preferencias | +| Frontend | 4 | UI de configuracion + contexto | +| **Total** | **7** | | + +--- + +## Notas Adicionales + +- Las preferencias se cargan al inicio de sesion y se cachean +- Cambios de tema deben ser instantaneos (sin reload) +- Considerar preferencias sincronizadas entre dispositivos +- Exportar/importar preferencias para usuarios +- Preferencias de accesibilidad (alto contraste, reducir animaciones) + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Analista | System | 2025-12-05 | [x] | +| Tech Lead | - | - | [ ] | +| Product Owner | - | - | [ ] | diff --git a/docs/01-fase-foundation/MGN-003-roles/README.md b/docs/01-fase-foundation/MGN-003-roles/README.md new file mode 100644 index 0000000..36b651b --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/README.md @@ -0,0 +1,97 @@ +# MGN-003: Roles y Permisos + +## Metadata + +| Campo | Valor | +|-------|-------| +| **ID** | MGN-003 | +| **Nombre** | Roles y Permisos (RBAC) | +| **Fase** | 01 - Foundation | +| **Prioridad** | P0 (Critico) | +| **Story Points** | 40 SP | +| **Estado** | Documentado | +| **Dependencias** | MGN-001, MGN-002 | + +--- + +## Descripcion + +Sistema de control de acceso basado en roles (Role-Based Access Control) que permite: + +- Definir roles con conjuntos de permisos +- Crear permisos granulares por modulo/accion/recurso +- Asignar multiples roles a usuarios +- Verificar permisos en tiempo de ejecucion +- Roles de sistema predefinidos (admin, user, etc.) + +--- + +## Modelo de Permisos + +``` +Permission = module:action:resource + +Ejemplos: +- users:read:all -> Leer todos los usuarios +- users:read:own -> Leer solo su usuario +- users:write:all -> Escribir todos los usuarios +- sales:create:orders -> Crear ordenes de venta +- reports:export:* -> Exportar cualquier reporte +``` + +--- + +## Roles de Sistema + +| Rol | Descripcion | Permisos | +|-----|-------------|----------| +| super_admin | Administrador global | Todos (*:*:*) | +| tenant_admin | Admin de tenant | Todos en su tenant | +| user | Usuario basico | Lectura propia | + +--- + +## Endpoints API + +| Metodo | Path | Descripcion | +|--------|------|-------------| +| GET | `/api/v1/roles` | Listar roles | +| POST | `/api/v1/roles` | Crear rol | +| GET | `/api/v1/roles/:id` | Obtener rol | +| PATCH | `/api/v1/roles/:id` | Actualizar rol | +| DELETE | `/api/v1/roles/:id` | Eliminar rol | +| GET | `/api/v1/permissions` | Listar permisos | +| POST | `/api/v1/users/:id/roles` | Asignar rol a usuario | +| DELETE | `/api/v1/users/:id/roles/:roleId` | Quitar rol | +| GET | `/api/v1/users/:id/permissions` | Permisos de usuario | + +--- + +## Guards y Decoradores + +```typescript +// Decorador de roles +@Roles('admin', 'manager') +@Get('admin-only') +adminEndpoint() {} + +// Decorador de permisos +@RequirePermission('users', 'read', 'all') +@Get('users') +getUsers() {} + +// Guard combinado +@UseGuards(JwtAuthGuard, RolesGuard, PermissionsGuard) +``` + +--- + +## Documentacion + +- **Mapa del modulo:** [_MAP.md](./_MAP.md) +- **Trazabilidad:** [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-003-roles/_MAP.md b/docs/01-fase-foundation/MGN-003-roles/_MAP.md new file mode 100644 index 0000000..86ff76c --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/_MAP.md @@ -0,0 +1,114 @@ +# _MAP: MGN-003 - Roles y Permisos + +**Modulo:** MGN-003 +**Nombre:** Roles y Permisos (RBAC) +**Fase:** 01 - Foundation +**Story Points:** 40 SP +**Estado:** Migrado GAMILIT +**Ultima actualizacion:** 2025-12-05 + +--- + +## Resumen + +Sistema de control de acceso basado en roles (RBAC) que permite definir roles, permisos granulares y asignarlos a usuarios. + +--- + +## Metricas + +| Metrica | Valor | +|---------|-------| +| Story Points | 40 SP | +| Requerimientos (RF) | 4 | +| Especificaciones (ET) | 2 | +| User Stories (US) | 4 | +| Tablas DB | 4 | +| Endpoints API | 10 | + +--- + +## Requerimientos Funcionales (4) + +| ID | Archivo | Titulo | Prioridad | Estado | +|----|---------|--------|-----------|--------| +| RF-ROLE-001 | [RF-ROLE-001.md](./requerimientos/RF-ROLE-001.md) | Gestion de Roles | P0 | Migrado | +| RF-ROLE-002 | [RF-ROLE-002.md](./requerimientos/RF-ROLE-002.md) | Gestion de Permisos | P0 | Migrado | +| RF-ROLE-003 | [RF-ROLE-003.md](./requerimientos/RF-ROLE-003.md) | Asignacion Usuario-Rol | P0 | Migrado | +| RF-ROLE-004 | [RF-ROLE-004.md](./requerimientos/RF-ROLE-004.md) | Verificacion Permisos | P0 | Migrado | + +**Indice:** [INDICE-RF-ROLE.md](./requerimientos/INDICE-RF-ROLE.md) + +--- + +## Especificaciones Tecnicas (2) + +| ID | Archivo | Titulo | RF Asociados | Estado | +|----|---------|--------|--------------|--------| +| ET-RBAC-001 | [ET-rbac-backend.md](./especificaciones/ET-rbac-backend.md) | Backend RBAC | RF-ROLE-001 a RF-ROLE-004 | Migrado | +| ET-RBAC-002 | [ET-RBAC-database.md](./especificaciones/ET-RBAC-database.md) | Database RBAC | RF-ROLE-001 a RF-ROLE-004 | Migrado | + +--- + +## Historias de Usuario (4) + +| ID | Archivo | Titulo | RF | SP | Estado | +|----|---------|--------|----|----|--------| +| US-MGN003-001 | [US-MGN003-001.md](./historias-usuario/US-MGN003-001.md) | Crear Rol | RF-ROLE-001 | 5 | Migrado | +| US-MGN003-002 | [US-MGN003-002.md](./historias-usuario/US-MGN003-002.md) | Asignar Permisos | RF-ROLE-002 | 8 | Migrado | +| US-MGN003-003 | [US-MGN003-003.md](./historias-usuario/US-MGN003-003.md) | Asignar Rol a Usuario | RF-ROLE-003 | 5 | Migrado | +| US-MGN003-004 | [US-MGN003-004.md](./historias-usuario/US-MGN003-004.md) | Verificar Permiso | RF-ROLE-004 | 8 | Migrado | + +**Backlog:** [BACKLOG-MGN003.md](./historias-usuario/BACKLOG-MGN003.md) + +--- + +## Implementacion + +### Database + +| Objeto | Tipo | Schema | +|--------|------|--------| +| roles | Tabla | core_rbac | +| permissions | Tabla | core_rbac | +| role_permissions | Tabla | core_rbac | +| user_roles | Tabla | core_rbac | +| user_has_permission | Funcion | core_rbac | +| get_user_permissions | Funcion | core_rbac | + +### Backend + +| Objeto | Tipo | Path | +|--------|------|------| +| RolesModule | Module | src/modules/roles/ | +| RolesService | Service | src/modules/roles/roles.service.ts | +| PermissionsService | Service | src/modules/roles/permissions.service.ts | +| RolesGuard | Guard | src/modules/roles/guards/roles.guard.ts | +| PermissionsGuard | Guard | src/modules/roles/guards/permissions.guard.ts | + +### Frontend + +| Objeto | Tipo | Path | +|--------|------|------| +| RolesPage | Page | src/features/roles/pages/RolesPage.tsx | +| RoleDetailPage | Page | src/features/roles/pages/RoleDetailPage.tsx | +| PermissionsPage | Page | src/features/roles/pages/PermissionsPage.tsx | + +--- + +## Dependencias + +**Depende de:** MGN-001 (Auth), MGN-002 (Users) + +**Requerido por:** Todos los modulos de negocio usan permisos + +--- + +## Trazabilidad + +Ver: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-RBAC-database.md b/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-RBAC-database.md new file mode 100644 index 0000000..88880c3 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-RBAC-database.md @@ -0,0 +1,694 @@ +# DDL Specification: core_rbac Schema + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Schema** | core_rbac | +| **Modulo** | MGN-003 Roles/RBAC | +| **Version** | 1.0 | +| **Fecha** | 2025-12-05 | +| **Estado** | Ready | + +--- + +## Diagrama ER + +```mermaid +erDiagram + roles ||--o{ role_permissions : has + roles ||--o{ user_roles : assigned_to + permissions ||--o{ role_permissions : granted_to + users ||--o{ user_roles : has + tenants ||--o{ roles : owns + + roles { + uuid id PK + uuid tenant_id FK + string name + string slug + string description + boolean is_built_in + boolean is_active + timestamp created_at + timestamp updated_at + uuid created_by FK + uuid updated_by FK + timestamp deleted_at + uuid deleted_by FK + } + + permissions { + uuid id PK + string code UK + string name + string description + string module + string parent_code FK + boolean is_deprecated + int sort_order + timestamp created_at + } + + role_permissions { + uuid id PK + uuid role_id FK + uuid permission_id FK + timestamp created_at + uuid created_by FK + } + + user_roles { + uuid id PK + uuid user_id FK + uuid role_id FK + timestamp assigned_at + uuid assigned_by FK + timestamp expires_at + } +``` + +--- + +## Tablas + +### 1. roles + +Almacena los roles del sistema, tanto built-in como personalizados por tenant. + +```sql +CREATE TABLE core_rbac.roles ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES core_tenants.tenants(id), + name VARCHAR(50) NOT NULL, + slug VARCHAR(50) NOT NULL, + description VARCHAR(500), + is_built_in BOOLEAN NOT NULL DEFAULT false, + is_active BOOLEAN NOT NULL DEFAULT true, + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES core_users.users(id), + updated_by UUID REFERENCES core_users.users(id), + deleted_at TIMESTAMPTZ, + deleted_by UUID REFERENCES core_users.users(id), + + CONSTRAINT uq_roles_tenant_name UNIQUE (tenant_id, name) WHERE deleted_at IS NULL, + CONSTRAINT uq_roles_tenant_slug UNIQUE (tenant_id, slug) WHERE deleted_at IS NULL, + CONSTRAINT chk_roles_name_length CHECK (char_length(name) >= 3), + CONSTRAINT chk_roles_slug_format CHECK (slug ~ '^[a-z0-9_-]+$') +); + +-- Indices +CREATE INDEX idx_roles_tenant_id ON core_rbac.roles(tenant_id) WHERE deleted_at IS NULL; +CREATE INDEX idx_roles_slug ON core_rbac.roles(slug) WHERE deleted_at IS NULL; +CREATE INDEX idx_roles_is_built_in ON core_rbac.roles(is_built_in); +CREATE INDEX idx_roles_created_at ON core_rbac.roles(created_at DESC); + +-- Trigger para updated_at +CREATE TRIGGER trg_roles_updated_at + BEFORE UPDATE ON core_rbac.roles + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); + +-- Comentarios +COMMENT ON TABLE core_rbac.roles IS 'Roles del sistema para RBAC'; +COMMENT ON COLUMN core_rbac.roles.is_built_in IS 'true para roles del sistema (admin, user, etc.)'; +COMMENT ON COLUMN core_rbac.roles.slug IS 'Identificador URL-friendly, unico por tenant'; +``` + +--- + +### 2. permissions + +Catalogo maestro de permisos del sistema. Son globales (no por tenant). + +```sql +CREATE TABLE core_rbac.permissions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(100) NOT NULL UNIQUE, + name VARCHAR(100) NOT NULL, + description VARCHAR(500), + module VARCHAR(50) NOT NULL, + parent_code VARCHAR(100) REFERENCES core_rbac.permissions(code), + is_deprecated BOOLEAN NOT NULL DEFAULT false, + sort_order INT NOT NULL DEFAULT 0, + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_permissions_code_format CHECK (code ~ '^[a-z]+:[a-z_]+(:?:[a-z_]+)?$|^[a-z]+:\*$') +); + +-- Indices +CREATE INDEX idx_permissions_module ON core_rbac.permissions(module); +CREATE INDEX idx_permissions_parent ON core_rbac.permissions(parent_code); +CREATE INDEX idx_permissions_deprecated ON core_rbac.permissions(is_deprecated); + +-- Comentarios +COMMENT ON TABLE core_rbac.permissions IS 'Catalogo de permisos del sistema'; +COMMENT ON COLUMN core_rbac.permissions.code IS 'Formato: modulo:accion o modulo:recurso:accion'; +COMMENT ON COLUMN core_rbac.permissions.parent_code IS 'Para permisos wildcard (users:* -> users:read)'; +``` + +--- + +### 3. role_permissions + +Tabla de union entre roles y permisos (M:N). + +```sql +CREATE TABLE core_rbac.role_permissions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + role_id UUID NOT NULL REFERENCES core_rbac.roles(id) ON DELETE CASCADE, + permission_id UUID NOT NULL REFERENCES core_rbac.permissions(id) ON DELETE CASCADE, + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_by UUID REFERENCES core_users.users(id), + + CONSTRAINT uq_role_permissions UNIQUE (role_id, permission_id) +); + +-- Indices +CREATE INDEX idx_role_permissions_role ON core_rbac.role_permissions(role_id); +CREATE INDEX idx_role_permissions_permission ON core_rbac.role_permissions(permission_id); + +-- Comentarios +COMMENT ON TABLE core_rbac.role_permissions IS 'Asignacion de permisos a roles'; +``` + +--- + +### 4. user_roles + +Tabla de union entre usuarios y roles (M:N). + +```sql +CREATE TABLE core_rbac.user_roles ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id UUID NOT NULL REFERENCES core_users.users(id) ON DELETE CASCADE, + role_id UUID NOT NULL REFERENCES core_rbac.roles(id) ON DELETE CASCADE, + assigned_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + assigned_by UUID REFERENCES core_users.users(id), + expires_at TIMESTAMPTZ, + + CONSTRAINT uq_user_roles UNIQUE (user_id, role_id) +); + +-- Indices +CREATE INDEX idx_user_roles_user ON core_rbac.user_roles(user_id); +CREATE INDEX idx_user_roles_role ON core_rbac.user_roles(role_id); +CREATE INDEX idx_user_roles_expires ON core_rbac.user_roles(expires_at) WHERE expires_at IS NOT NULL; + +-- Comentarios +COMMENT ON TABLE core_rbac.user_roles IS 'Asignacion de roles a usuarios'; +COMMENT ON COLUMN core_rbac.user_roles.expires_at IS 'Roles temporales con fecha de expiracion'; +``` + +--- + +## Data Seed: Roles Built-in + +```sql +-- Roles del sistema (se crean para cada tenant nuevo) +-- Ref: Odoo base_groups.xml - group_user, group_portal, group_public, group_system, group_erp_manager +INSERT INTO core_rbac.roles (tenant_id, name, slug, description, is_built_in) VALUES + (:tenant_id, 'Super Administrador', 'super_admin', 'Acceso total al sistema (Ref: Odoo group_system)', true), + (:tenant_id, 'Propietario', 'tenant_owner', 'Propietario de la cuenta, gestiona billing y usuarios (MGN-015)', true), + (:tenant_id, 'Administrador', 'admin', 'Gestion completa del tenant (Ref: Odoo group_erp_manager)', true), + (:tenant_id, 'Gerente', 'manager', 'Supervision operativa y reportes', true), + (:tenant_id, 'Usuario', 'user', 'Acceso basico al sistema (Ref: Odoo group_user)', true), + (:tenant_id, 'Agente WhatsApp', 'whatsapp_agent', 'Atiende conversaciones de WhatsApp (MGN-017)', true), + (:tenant_id, 'Usuario Portal', 'portal_user', 'Usuario externo con acceso limitado (Ref: Odoo group_portal)', true), + (:tenant_id, 'Invitado', 'guest', 'Acceso de solo lectura limitado (Ref: Odoo group_public)', true); +``` + +--- + +## Data Seed: Permisos del Sistema + +```sql +-- Permisos de Auth (MGN-001) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('auth:sessions:read', 'Ver sesiones', 'Ver sesiones activas del usuario', 'auth', 10), + ('auth:sessions:revoke', 'Revocar sesiones', 'Cerrar sesiones activas', 'auth', 20); + +-- Permisos de Users (MGN-002) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('users:*', 'Todos los permisos de usuarios', 'Acceso completo a gestion de usuarios', 'users', 0), + ('users:read', 'Leer usuarios', 'Ver listado y detalle de usuarios', 'users', 10), + ('users:create', 'Crear usuarios', 'Crear nuevos usuarios', 'users', 20), + ('users:update', 'Actualizar usuarios', 'Modificar datos de usuarios', 'users', 30), + ('users:delete', 'Eliminar usuarios', 'Eliminar usuarios (soft delete)', 'users', 40), + ('users:activate', 'Activar/Desactivar', 'Cambiar estado de usuarios', 'users', 50), + ('users:export', 'Exportar usuarios', 'Exportar lista de usuarios a CSV', 'users', 60), + ('users:import', 'Importar usuarios', 'Importar usuarios desde CSV', 'users', 70); + +-- Establecer parent para wildcards +UPDATE core_rbac.permissions SET parent_code = 'users:*' WHERE module = 'users' AND code != 'users:*'; + +-- Permisos de Roles (MGN-003) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('roles:*', 'Todos los permisos de roles', 'Acceso completo a gestion de roles', 'roles', 0), + ('roles:read', 'Leer roles', 'Ver listado y detalle de roles', 'roles', 10), + ('roles:create', 'Crear roles', 'Crear nuevos roles personalizados', 'roles', 20), + ('roles:update', 'Actualizar roles', 'Modificar roles existentes', 'roles', 30), + ('roles:delete', 'Eliminar roles', 'Eliminar roles personalizados', 'roles', 40), + ('roles:assign', 'Asignar roles', 'Asignar roles a usuarios', 'roles', 50), + ('permissions:read', 'Ver permisos', 'Ver catalogo de permisos', 'roles', 60); + +UPDATE core_rbac.permissions SET parent_code = 'roles:*' WHERE module = 'roles' AND code NOT IN ('roles:*', 'permissions:read'); + +-- Permisos de Tenants (MGN-004) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('tenants:read', 'Ver tenant', 'Ver configuracion del tenant', 'tenants', 10), + ('tenants:update', 'Actualizar tenant', 'Modificar configuracion del tenant', 'tenants', 20), + ('tenants:billing', 'Facturacion', 'Gestionar facturacion del tenant', 'tenants', 30); + +-- Permisos de Settings (MGN-006) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('settings:read', 'Ver configuracion', 'Ver configuracion del sistema', 'settings', 10), + ('settings:update', 'Modificar configuracion', 'Cambiar configuracion del sistema', 'settings', 20); + +-- Permisos de Audit (MGN-007) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('audit:read', 'Ver auditoria', 'Ver logs de auditoria', 'audit', 10), + ('audit:export', 'Exportar auditoria', 'Exportar logs de auditoria', 'audit', 20); + +-- Permisos de Reports (MGN-009) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('reports:*', 'Todos los permisos de reportes', 'Acceso completo a reportes', 'reports', 0), + ('reports:read', 'Ver reportes', 'Ver reportes del sistema', 'reports', 10), + ('reports:create', 'Crear reportes', 'Crear reportes personalizados', 'reports', 20), + ('reports:export', 'Exportar reportes', 'Exportar reportes a PDF/Excel', 'reports', 30), + ('reports:schedule', 'Programar reportes', 'Programar envio de reportes', 'reports', 40); + +UPDATE core_rbac.permissions SET parent_code = 'reports:*' WHERE module = 'reports' AND code != 'reports:*'; + +-- Permisos de Financial (MGN-010) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('financial:*', 'Todos los permisos financieros', 'Acceso completo a modulo financiero', 'financial', 0), + ('financial:accounts:read', 'Ver cuentas', 'Ver plan de cuentas', 'financial', 10), + ('financial:accounts:manage', 'Gestionar cuentas', 'Administrar plan de cuentas', 'financial', 20), + ('financial:transactions:read', 'Ver transacciones', 'Ver movimientos contables', 'financial', 30), + ('financial:transactions:create', 'Crear transacciones', 'Registrar movimientos', 'financial', 40), + ('financial:transactions:approve', 'Aprobar transacciones', 'Aprobar movimientos pendientes', 'financial', 50), + ('financial:reports:read', 'Reportes financieros', 'Ver reportes financieros', 'financial', 60); + +UPDATE core_rbac.permissions SET parent_code = 'financial:*' WHERE module = 'financial' AND code != 'financial:*'; + +-- Permisos de Inventory (MGN-011) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('inventory:*', 'Todos los permisos de inventario', 'Acceso completo a inventario', 'inventory', 0), + ('inventory:products:read', 'Ver productos', 'Ver catalogo de productos', 'inventory', 10), + ('inventory:products:create', 'Crear productos', 'Agregar productos al catalogo', 'inventory', 20), + ('inventory:products:update', 'Actualizar productos', 'Modificar productos', 'inventory', 30), + ('inventory:products:delete', 'Eliminar productos', 'Eliminar productos del catalogo', 'inventory', 40), + ('inventory:stock:read', 'Ver stock', 'Ver niveles de inventario', 'inventory', 50), + ('inventory:stock:adjust', 'Ajustar stock', 'Realizar ajustes de inventario', 'inventory', 60), + ('inventory:movements:read', 'Ver movimientos', 'Ver historial de movimientos', 'inventory', 70), + ('inventory:movements:create', 'Crear movimientos', 'Registrar entradas/salidas', 'inventory', 80); + +UPDATE core_rbac.permissions SET parent_code = 'inventory:*' WHERE module = 'inventory' AND code != 'inventory:*'; + +-- Permisos de Portal (para usuarios externos) - Ref: Odoo portal module +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('portal:profile:read', 'Ver perfil propio', 'Ver datos del propio perfil', 'portal', 10), + ('portal:profile:update', 'Actualizar perfil propio', 'Modificar datos del propio perfil', 'portal', 20), + ('portal:documents:read', 'Ver documentos propios', 'Ver documentos asociados al usuario', 'portal', 30), + ('portal:orders:read', 'Ver ordenes propias', 'Ver historial de ordenes', 'portal', 40), + ('portal:invoices:read', 'Ver facturas propias', 'Ver facturas emitidas', 'portal', 50), + ('portal:tickets:read', 'Ver tickets propios', 'Ver tickets de soporte', 'portal', 60), + ('portal:tickets:create', 'Crear tickets', 'Crear nuevos tickets de soporte', 'portal', 70); + +-- Permisos de Billing (MGN-015) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('billing:*', 'Todos los permisos de billing', 'Acceso completo a facturacion SaaS', 'billing', 0), + ('billing:subscription:read', 'Ver suscripcion', 'Ver plan y suscripcion actual', 'billing', 10), + ('billing:subscription:manage', 'Gestionar suscripcion', 'Cambiar plan, cancelar, reactivar', 'billing', 20), + ('billing:seats:manage', 'Gestionar asientos', 'Agregar/remover usuarios del plan', 'billing', 30), + ('billing:payment_methods:read', 'Ver metodos de pago', 'Ver tarjetas y metodos guardados', 'billing', 40), + ('billing:payment_methods:manage', 'Gestionar metodos de pago', 'Agregar/eliminar metodos de pago', 'billing', 50), + ('billing:invoices:read', 'Ver facturas SaaS', 'Ver historial de facturas de la plataforma', 'billing', 60), + ('billing:invoices:download', 'Descargar facturas', 'Descargar PDF/CFDI de facturas', 'billing', 70), + ('billing:usage:read', 'Ver uso', 'Ver metricas de consumo del plan', 'billing', 80); + +UPDATE core_rbac.permissions SET parent_code = 'billing:*' WHERE module = 'billing' AND code != 'billing:*'; + +-- Permisos de Payment Integrations (MGN-016) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('payments:*', 'Todos los permisos de pagos', 'Acceso completo a integraciones de pago', 'payments', 0), + ('payments:providers:read', 'Ver proveedores', 'Ver integraciones de pago configuradas', 'payments', 10), + ('payments:providers:configure', 'Configurar proveedores', 'Conectar MercadoPago, Clip, Stripe', 'payments', 20), + ('payments:terminals:read', 'Ver terminales', 'Ver terminales registradas', 'payments', 30), + ('payments:terminals:manage', 'Gestionar terminales', 'Agregar/configurar terminales', 'payments', 40), + ('payments:transactions:read', 'Ver transacciones', 'Ver historial de cobros', 'payments', 50), + ('payments:transactions:process', 'Procesar pagos', 'Cobrar en terminal/gateway', 'payments', 60), + ('payments:transactions:refund', 'Reembolsar', 'Procesar devoluciones', 'payments', 70), + ('payments:reconciliation:read', 'Ver conciliacion', 'Ver estado de conciliacion', 'payments', 80), + ('payments:reconciliation:manage', 'Gestionar conciliacion', 'Conciliar transacciones', 'payments', 90); + +UPDATE core_rbac.permissions SET parent_code = 'payments:*' WHERE module = 'payments' AND code != 'payments:*'; + +-- Permisos de WhatsApp (MGN-017) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('whatsapp:*', 'Todos los permisos de WhatsApp', 'Acceso completo a WhatsApp Business', 'whatsapp', 0), + ('whatsapp:accounts:read', 'Ver cuentas', 'Ver cuentas de WhatsApp conectadas', 'whatsapp', 10), + ('whatsapp:accounts:configure', 'Configurar cuentas', 'Conectar/desconectar cuentas WA', 'whatsapp', 20), + ('whatsapp:templates:read', 'Ver templates', 'Ver plantillas de mensajes', 'whatsapp', 30), + ('whatsapp:templates:manage', 'Gestionar templates', 'Crear/editar plantillas', 'whatsapp', 40), + ('whatsapp:conversations:read', 'Ver conversaciones', 'Ver inbox de mensajes', 'whatsapp', 50), + ('whatsapp:conversations:reply', 'Responder mensajes', 'Enviar mensajes en conversaciones', 'whatsapp', 60), + ('whatsapp:conversations:assign', 'Asignar conversaciones', 'Asignar a otros agentes', 'whatsapp', 70), + ('whatsapp:bulk:send', 'Envio masivo', 'Enviar campanas de marketing', 'whatsapp', 80), + ('whatsapp:chatbot:read', 'Ver chatbot', 'Ver flujos de chatbot', 'whatsapp', 90), + ('whatsapp:chatbot:manage', 'Gestionar chatbot', 'Crear/editar flujos', 'whatsapp', 100), + ('whatsapp:analytics:read', 'Ver analiticas', 'Ver metricas de WhatsApp', 'whatsapp', 110); + +UPDATE core_rbac.permissions SET parent_code = 'whatsapp:*' WHERE module = 'whatsapp' AND code != 'whatsapp:*'; + +-- Permisos de AI Agents (MGN-018) +INSERT INTO core_rbac.permissions (code, name, description, module, sort_order) VALUES + ('ai_agents:*', 'Todos los permisos de IA', 'Acceso completo a agentes de IA', 'ai_agents', 0), + ('ai_agents:agents:read', 'Ver agentes', 'Ver agentes configurados', 'ai_agents', 10), + ('ai_agents:agents:manage', 'Gestionar agentes', 'Crear/editar/eliminar agentes', 'ai_agents', 20), + ('ai_agents:kb:read', 'Ver bases de conocimiento', 'Ver KBs del tenant', 'ai_agents', 30), + ('ai_agents:kb:manage', 'Gestionar KB', 'Crear/editar KBs y documentos', 'ai_agents', 40), + ('ai_agents:kb:upload', 'Subir documentos', 'Agregar documentos a KB', 'ai_agents', 50), + ('ai_agents:tools:read', 'Ver herramientas', 'Ver tools disponibles', 'ai_agents', 60), + ('ai_agents:tools:manage', 'Gestionar herramientas', 'Configurar tools para agentes', 'ai_agents', 70), + ('ai_agents:conversations:read', 'Ver conversaciones IA', 'Ver historial de chats con IA', 'ai_agents', 80), + ('ai_agents:feedback:read', 'Ver feedback', 'Ver calificaciones de respuestas', 'ai_agents', 90), + ('ai_agents:feedback:manage', 'Gestionar feedback', 'Corregir/entrenar agente', 'ai_agents', 100), + ('ai_agents:analytics:read', 'Ver analiticas IA', 'Ver metricas de agentes', 'ai_agents', 110), + ('ai_agents:usage:read', 'Ver consumo tokens', 'Ver uso de tokens de IA', 'ai_agents', 120); + +UPDATE core_rbac.permissions SET parent_code = 'ai_agents:*' WHERE module = 'ai_agents' AND code != 'ai_agents:*'; +``` + +--- + +## Data Seed: Permisos por Rol Built-in + +```sql +-- Funcion helper para asignar permisos +CREATE OR REPLACE FUNCTION core_rbac.assign_permissions_to_role( + p_tenant_id UUID, + p_role_slug VARCHAR, + p_permission_codes TEXT[] +) RETURNS void AS $$ +DECLARE + v_role_id UUID; + v_permission_id UUID; + v_code TEXT; +BEGIN + SELECT id INTO v_role_id FROM core_rbac.roles + WHERE tenant_id = p_tenant_id AND slug = p_role_slug; + + FOREACH v_code IN ARRAY p_permission_codes LOOP + SELECT id INTO v_permission_id FROM core_rbac.permissions WHERE code = v_code; + IF v_permission_id IS NOT NULL THEN + INSERT INTO core_rbac.role_permissions (role_id, permission_id) + VALUES (v_role_id, v_permission_id) + ON CONFLICT DO NOTHING; + END IF; + END LOOP; +END; +$$ LANGUAGE plpgsql; + +-- Super Admin: Todos los permisos (wildcard) +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'super_admin', ARRAY[ + 'users:*', 'roles:*', 'permissions:read', 'tenants:read', 'tenants:update', 'tenants:billing', + 'settings:read', 'settings:update', 'audit:read', 'audit:export', + 'reports:*', 'financial:*', 'inventory:*', + 'billing:*', 'payments:*', 'whatsapp:*', 'ai_agents:*' +]); + +-- Tenant Owner: Propietario de cuenta (MGN-015) +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'tenant_owner', ARRAY[ + 'users:*', 'roles:read', 'roles:assign', + 'tenants:read', 'tenants:update', 'tenants:billing', + 'billing:*', + 'payments:providers:read', 'payments:providers:configure', + 'whatsapp:accounts:read', 'whatsapp:accounts:configure', 'whatsapp:analytics:read', + 'ai_agents:agents:read', 'ai_agents:usage:read', 'ai_agents:analytics:read' +]); + +-- Admin: Gestion del tenant +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'admin', ARRAY[ + 'users:*', 'roles:read', 'roles:create', 'roles:update', 'roles:delete', 'roles:assign', + 'permissions:read', 'tenants:read', 'tenants:update', + 'settings:read', 'settings:update', 'audit:read', + 'reports:read', 'reports:export', + 'payments:*', 'whatsapp:*', 'ai_agents:*' +]); + +-- Manager: Supervision +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'manager', ARRAY[ + 'users:read', 'roles:read', 'permissions:read', + 'audit:read', 'reports:read', 'reports:export', + 'financial:accounts:read', 'financial:transactions:read', 'financial:reports:read', + 'inventory:products:read', 'inventory:stock:read', 'inventory:movements:read', + 'payments:transactions:read', 'payments:reconciliation:read', + 'whatsapp:conversations:read', 'whatsapp:analytics:read', + 'ai_agents:conversations:read', 'ai_agents:feedback:read', 'ai_agents:analytics:read' +]); + +-- User: Acceso basico +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'user', ARRAY[ + 'reports:read', + 'payments:transactions:read' +]); + +-- WhatsApp Agent: Atiende conversaciones (MGN-017) +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'whatsapp_agent', ARRAY[ + 'whatsapp:conversations:read', 'whatsapp:conversations:reply', + 'whatsapp:templates:read' +]); + +-- Portal User: Acceso limitado para usuarios externos (Ref: Odoo group_portal) +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'portal_user', ARRAY[ + 'portal:profile:read', 'portal:profile:update', + 'portal:documents:read', 'portal:orders:read', + 'portal:invoices:read', 'portal:tickets:read', 'portal:tickets:create' +]); + +-- Guest: Solo lectura minima (Ref: Odoo group_public) +SELECT core_rbac.assign_permissions_to_role(:tenant_id, 'guest', ARRAY[ + -- Sin permisos especificos, solo acceso a dashboard publico +]); +``` + +--- + +## Row Level Security (RLS) + +```sql +-- Habilitar RLS +ALTER TABLE core_rbac.roles ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_rbac.role_permissions ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_rbac.user_roles ENABLE ROW LEVEL SECURITY; + +-- Politicas para roles +CREATE POLICY roles_tenant_isolation ON core_rbac.roles + FOR ALL + USING (tenant_id = current_setting('app.tenant_id')::uuid); + +CREATE POLICY roles_select_built_in ON core_rbac.roles + FOR SELECT + USING (is_built_in = true); + +-- Politicas para role_permissions (via rol) +CREATE POLICY role_permissions_tenant_isolation ON core_rbac.role_permissions + FOR ALL + USING ( + role_id IN ( + SELECT id FROM core_rbac.roles + WHERE tenant_id = current_setting('app.tenant_id')::uuid + ) + ); + +-- Politicas para user_roles (via usuario) +CREATE POLICY user_roles_tenant_isolation ON core_rbac.user_roles + FOR ALL + USING ( + user_id IN ( + SELECT id FROM core_users.users + WHERE tenant_id = current_setting('app.tenant_id')::uuid + ) + ); +``` + +--- + +## Funciones de Utilidad + +### Verificar Permiso de Usuario + +```sql +CREATE OR REPLACE FUNCTION core_rbac.user_has_permission( + p_user_id UUID, + p_permission_code VARCHAR +) RETURNS BOOLEAN AS $$ +DECLARE + v_has_permission BOOLEAN; + v_module VARCHAR; +BEGIN + -- Verificar permiso directo + SELECT EXISTS ( + SELECT 1 + FROM core_rbac.user_roles ur + JOIN core_rbac.role_permissions rp ON rp.role_id = ur.role_id + JOIN core_rbac.permissions p ON p.id = rp.permission_id + WHERE ur.user_id = p_user_id + AND (ur.expires_at IS NULL OR ur.expires_at > NOW()) + AND p.code = p_permission_code + ) INTO v_has_permission; + + IF v_has_permission THEN + RETURN true; + END IF; + + -- Verificar wildcard del modulo + v_module := split_part(p_permission_code, ':', 1); + + SELECT EXISTS ( + SELECT 1 + FROM core_rbac.user_roles ur + JOIN core_rbac.role_permissions rp ON rp.role_id = ur.role_id + JOIN core_rbac.permissions p ON p.id = rp.permission_id + WHERE ur.user_id = p_user_id + AND (ur.expires_at IS NULL OR ur.expires_at > NOW()) + AND p.code = v_module || ':*' + ) INTO v_has_permission; + + RETURN v_has_permission; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### Obtener Permisos Efectivos de Usuario + +```sql +CREATE OR REPLACE FUNCTION core_rbac.get_user_permissions( + p_user_id UUID +) RETURNS TABLE (permission_code VARCHAR, source_role VARCHAR) AS $$ +BEGIN + RETURN QUERY + SELECT DISTINCT p.code, r.name + FROM core_rbac.user_roles ur + JOIN core_rbac.roles r ON r.id = ur.role_id + JOIN core_rbac.role_permissions rp ON rp.role_id = r.id + JOIN core_rbac.permissions p ON p.id = rp.permission_id + WHERE ur.user_id = p_user_id + AND (ur.expires_at IS NULL OR ur.expires_at > NOW()) + AND r.is_active = true + AND p.is_deprecated = false + ORDER BY p.code; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +--- + +## Vistas + +### Vista: Roles con Conteo de Usuarios + +```sql +CREATE VIEW core_rbac.vw_roles_summary AS +SELECT + r.id, + r.tenant_id, + r.name, + r.slug, + r.description, + r.is_built_in, + r.is_active, + COUNT(DISTINCT ur.user_id) AS users_count, + COUNT(DISTINCT rp.permission_id) AS permissions_count, + r.created_at +FROM core_rbac.roles r +LEFT JOIN core_rbac.user_roles ur ON ur.role_id = r.id +LEFT JOIN core_rbac.role_permissions rp ON rp.role_id = r.id +WHERE r.deleted_at IS NULL +GROUP BY r.id; +``` + +### Vista: Permisos Agrupados por Modulo + +```sql +CREATE VIEW core_rbac.vw_permissions_by_module AS +SELECT + module, + jsonb_agg( + jsonb_build_object( + 'id', id, + 'code', code, + 'name', name, + 'description', description, + 'isDeprecated', is_deprecated + ) ORDER BY sort_order + ) AS permissions +FROM core_rbac.permissions +WHERE is_deprecated = false +GROUP BY module +ORDER BY module; +``` + +--- + +## Resumen de Tablas + +| Tabla | Columnas | Descripcion | +|-------|----------|-------------| +| roles | 12 | Roles del sistema (built-in y custom) | +| permissions | 9 | Catalogo maestro de permisos | +| role_permissions | 5 | Union M:N roles-permisos | +| user_roles | 6 | Union M:N usuarios-roles | + +**Total: 4 tablas, 32 columnas** + +--- + +## Resumen de Roles Built-in + +| Rol | Slug | Descripcion | +|-----|------|-------------| +| Super Administrador | super_admin | Acceso total al sistema | +| Propietario | tenant_owner | Gestiona billing y usuarios (MGN-015) | +| Administrador | admin | Gestion completa del tenant | +| Gerente | manager | Supervision operativa y reportes | +| Usuario | user | Acceso basico al sistema | +| Agente WhatsApp | whatsapp_agent | Atiende conversaciones (MGN-017) | +| Usuario Portal | portal_user | Usuario externo con acceso limitado | +| Invitado | guest | Solo lectura limitada | + +--- + +## Resumen de Permisos por Modulo + +| Modulo | Permisos | Descripcion | +|--------|----------|-------------| +| auth | 2 | Sesiones y tokens | +| users | 8 | Gestion de usuarios | +| roles | 7 | Roles y permisos | +| tenants | 3 | Configuracion tenant | +| settings | 2 | Configuracion sistema | +| audit | 2 | Logs de auditoria | +| reports | 5 | Reportes | +| financial | 7 | Modulo financiero | +| inventory | 9 | Inventario | +| portal | 7 | Usuarios externos | +| billing | 9 | Billing SaaS (MGN-015) | +| payments | 10 | Pagos POS (MGN-016) | +| whatsapp | 12 | WhatsApp Business (MGN-017) | +| ai_agents | 13 | AI Agents (MGN-018) | + +**Total: 96 permisos** + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | +| 1.1 | 2025-12-05 | System | Agregar rol portal_user y permisos portal:* (Ref: Odoo group_portal) | +| 1.2 | 2025-12-05 | System | Roles: tenant_owner, whatsapp_agent. Permisos: billing:*, payments:*, whatsapp:*, ai_agents:* (MGN-015/016/017/018) | diff --git a/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-rbac-backend.md b/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-rbac-backend.md new file mode 100644 index 0000000..83e9e85 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/especificaciones/ET-rbac-backend.md @@ -0,0 +1,1274 @@ +# Especificacion Tecnica: RBAC Backend + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-003 Roles/RBAC | +| **Componente** | Backend API | +| **Framework** | NestJS | +| **Version** | 1.0 | +| **Fecha** | 2025-12-05 | + +--- + +## Arquitectura + +``` +src/ +├── modules/ +│ └── rbac/ +│ ├── rbac.module.ts +│ ├── controllers/ +│ │ ├── roles.controller.ts +│ │ └── permissions.controller.ts +│ ├── services/ +│ │ ├── roles.service.ts +│ │ ├── permissions.service.ts +│ │ └── rbac-cache.service.ts +│ ├── guards/ +│ │ ├── rbac.guard.ts +│ │ └── owner.guard.ts +│ ├── decorators/ +│ │ ├── permissions.decorator.ts +│ │ ├── roles.decorator.ts +│ │ └── public.decorator.ts +│ ├── dto/ +│ │ ├── create-role.dto.ts +│ │ ├── update-role.dto.ts +│ │ ├── assign-roles.dto.ts +│ │ └── ... +│ ├── entities/ +│ │ ├── role.entity.ts +│ │ ├── permission.entity.ts +│ │ ├── role-permission.entity.ts +│ │ └── user-role.entity.ts +│ └── interfaces/ +│ └── permission-metadata.interface.ts +``` + +--- + +## Entidades + +### Role Entity + +```typescript +// entities/role.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + ManyToMany, + JoinTable, + OneToMany, + ManyToOne, + CreateDateColumn, + UpdateDateColumn, + DeleteDateColumn, +} from 'typeorm'; +import { Permission } from './permission.entity'; +import { UserRole } from './user-role.entity'; +import { User } from '../../users/entities/user.entity'; +import { Tenant } from '../../tenants/entities/tenant.entity'; + +@Entity({ schema: 'core_rbac', name: 'roles' }) +export class Role { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'tenant_id' }) + tenantId: string; + + @ManyToOne(() => Tenant) + tenant: Tenant; + + @Column({ length: 50 }) + name: string; + + @Column({ length: 50 }) + slug: string; + + @Column({ length: 500, nullable: true }) + description: string; + + @Column({ name: 'is_built_in', default: false }) + isBuiltIn: boolean; + + @Column({ name: 'is_active', default: true }) + isActive: boolean; + + @ManyToMany(() => Permission) + @JoinTable({ + name: 'role_permissions', + schema: 'core_rbac', + joinColumn: { name: 'role_id' }, + inverseJoinColumn: { name: 'permission_id' }, + }) + permissions: Permission[]; + + @OneToMany(() => UserRole, (userRole) => userRole.role) + userRoles: UserRole[]; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; + + @Column({ name: 'created_by', nullable: true }) + createdBy: string; + + @ManyToOne(() => User) + createdByUser: User; + + @Column({ name: 'updated_by', nullable: true }) + updatedBy: string; + + @DeleteDateColumn({ name: 'deleted_at' }) + deletedAt: Date; + + @Column({ name: 'deleted_by', nullable: true }) + deletedBy: string; + + // Virtual: count of users + usersCount?: number; +} +``` + +### Permission Entity + +```typescript +// entities/permission.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + ManyToOne, + CreateDateColumn, +} from 'typeorm'; + +@Entity({ schema: 'core_rbac', name: 'permissions' }) +export class Permission { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ length: 100, unique: true }) + code: string; + + @Column({ length: 100 }) + name: string; + + @Column({ length: 500, nullable: true }) + description: string; + + @Column({ length: 50 }) + module: string; + + @Column({ name: 'parent_code', nullable: true }) + parentCode: string; + + @ManyToOne(() => Permission) + parent: Permission; + + @Column({ name: 'is_deprecated', default: false }) + isDeprecated: boolean; + + @Column({ name: 'sort_order', default: 0 }) + sortOrder: number; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; +} +``` + +### UserRole Entity + +```typescript +// entities/user-role.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + ManyToOne, + CreateDateColumn, +} from 'typeorm'; +import { User } from '../../users/entities/user.entity'; +import { Role } from './role.entity'; + +@Entity({ schema: 'core_rbac', name: 'user_roles' }) +export class UserRole { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'user_id' }) + userId: string; + + @ManyToOne(() => User) + user: User; + + @Column({ name: 'role_id' }) + roleId: string; + + @ManyToOne(() => Role) + role: Role; + + @CreateDateColumn({ name: 'assigned_at' }) + assignedAt: Date; + + @Column({ name: 'assigned_by', nullable: true }) + assignedBy: string; + + @Column({ name: 'expires_at', nullable: true }) + expiresAt: Date; +} +``` + +--- + +## DTOs + +### Create Role DTO + +```typescript +// dto/create-role.dto.ts +import { + IsString, + IsOptional, + IsArray, + IsUUID, + MinLength, + MaxLength, + Matches, + ArrayMinSize, +} from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; + +export class CreateRoleDto { + @ApiProperty({ + description: 'Nombre del rol', + example: 'Vendedor', + minLength: 3, + maxLength: 50, + }) + @IsString() + @MinLength(3) + @MaxLength(50) + name: string; + + @ApiPropertyOptional({ + description: 'Descripcion del rol', + example: 'Equipo de ventas', + maxLength: 500, + }) + @IsOptional() + @IsString() + @MaxLength(500) + description?: string; + + @ApiProperty({ + description: 'IDs de permisos a asignar', + example: ['uuid-1', 'uuid-2'], + type: [String], + }) + @IsArray() + @IsUUID('4', { each: true }) + @ArrayMinSize(1) + permissionIds: string[]; +} +``` + +### Update Role DTO + +```typescript +// dto/update-role.dto.ts +import { PartialType, OmitType } from '@nestjs/swagger'; +import { CreateRoleDto } from './create-role.dto'; +import { IsOptional, IsBoolean } from 'class-validator'; + +export class UpdateRoleDto extends PartialType(CreateRoleDto) { + @IsOptional() + @IsBoolean() + isActive?: boolean; +} +``` + +### Assign Roles DTO + +```typescript +// dto/assign-roles.dto.ts +import { IsArray, IsUUID, ArrayMinSize } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class AssignRolesDto { + @ApiProperty({ + description: 'IDs de roles a asignar', + example: ['role-uuid-1', 'role-uuid-2'], + type: [String], + }) + @IsArray() + @IsUUID('4', { each: true }) + @ArrayMinSize(1) + roleIds: string[]; +} +``` + +### Assign Users to Role DTO + +```typescript +// dto/assign-users.dto.ts +import { IsArray, IsUUID, ArrayMinSize } from 'class-validator'; +import { ApiProperty } from '@nestjs/swagger'; + +export class AssignUsersToRoleDto { + @ApiProperty({ + description: 'IDs de usuarios a asignar al rol', + example: ['user-uuid-1', 'user-uuid-2'], + type: [String], + }) + @IsArray() + @IsUUID('4', { each: true }) + @ArrayMinSize(1) + userIds: string[]; +} +``` + +### Role Query DTO + +```typescript +// dto/role-query.dto.ts +import { IsOptional, IsString, IsEnum, IsBoolean } from 'class-validator'; +import { Transform } from 'class-transformer'; +import { PaginationDto } from '../../../common/dto/pagination.dto'; + +export enum RoleType { + ALL = 'all', + BUILT_IN = 'builtin', + CUSTOM = 'custom', +} + +export class RoleQueryDto extends PaginationDto { + @IsOptional() + @IsString() + search?: string; + + @IsOptional() + @IsEnum(RoleType) + type?: RoleType = RoleType.ALL; + + @IsOptional() + @Transform(({ value }) => value === 'true') + @IsBoolean() + includeInactive?: boolean = false; +} +``` + +--- + +## Response DTOs + +### Role Response DTO + +```typescript +// dto/role-response.dto.ts +import { ApiProperty } from '@nestjs/swagger'; + +export class RoleResponseDto { + @ApiProperty() + id: string; + + @ApiProperty() + name: string; + + @ApiProperty() + slug: string; + + @ApiProperty() + description: string; + + @ApiProperty() + isBuiltIn: boolean; + + @ApiProperty() + isActive: boolean; + + @ApiProperty() + usersCount: number; + + @ApiProperty() + permissionsCount: number; + + @ApiProperty() + createdAt: Date; +} + +export class RoleDetailResponseDto extends RoleResponseDto { + @ApiProperty({ type: [PermissionGroupDto] }) + permissions: PermissionGroupDto[]; +} + +export class PermissionGroupDto { + @ApiProperty() + module: string; + + @ApiProperty() + moduleName: string; + + @ApiProperty({ type: [PermissionDto] }) + permissions: PermissionDto[]; +} + +export class PermissionDto { + @ApiProperty() + id: string; + + @ApiProperty() + code: string; + + @ApiProperty() + name: string; + + @ApiProperty() + description: string; +} +``` + +### Effective Permissions Response + +```typescript +// dto/effective-permissions.dto.ts +export class EffectivePermissionsDto { + @ApiProperty({ description: 'Roles del usuario' }) + roles: string[]; + + @ApiProperty({ description: 'Permisos directos de los roles' }) + direct: string[]; + + @ApiProperty({ description: 'Permisos heredados via wildcards' }) + inherited: string[]; + + @ApiProperty({ description: 'Todos los permisos efectivos' }) + all: string[]; +} +``` + +--- + +## Servicios + +### Roles Service + +```typescript +// services/roles.service.ts +import { Injectable, BadRequestException, ConflictException, NotFoundException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, In, Like, Not, IsNull } from 'typeorm'; +import { Role } from '../entities/role.entity'; +import { Permission } from '../entities/permission.entity'; +import { UserRole } from '../entities/user-role.entity'; +import { CreateRoleDto, UpdateRoleDto, RoleQueryDto, RoleType } from '../dto'; +import { RbacCacheService } from './rbac-cache.service'; +import { slugify } from '../../../common/utils/slugify'; + +@Injectable() +export class RolesService { + constructor( + @InjectRepository(Role) + private roleRepository: Repository, + @InjectRepository(Permission) + private permissionRepository: Repository, + @InjectRepository(UserRole) + private userRoleRepository: Repository, + private cacheService: RbacCacheService, + ) {} + + async create(tenantId: string, dto: CreateRoleDto, userId: string): Promise { + // Validar nombre unico + const existing = await this.roleRepository.findOne({ + where: { tenantId, name: dto.name }, + }); + if (existing) { + throw new ConflictException('Ya existe un rol con este nombre'); + } + + // Validar limite de roles por tenant + const count = await this.roleRepository.count({ + where: { tenantId, isBuiltIn: false }, + }); + if (count >= 50) { + throw new BadRequestException('Limite de roles alcanzado (50)'); + } + + // Validar permisos existen + const permissions = await this.permissionRepository.findBy({ + id: In(dto.permissionIds), + }); + if (permissions.length !== dto.permissionIds.length) { + throw new BadRequestException('Algunos permisos no existen'); + } + + // Crear rol + const role = this.roleRepository.create({ + tenantId, + name: dto.name, + slug: slugify(dto.name), + description: dto.description, + permissions, + createdBy: userId, + }); + + return this.roleRepository.save(role); + } + + async findAll(tenantId: string, query: RoleQueryDto) { + const qb = this.roleRepository + .createQueryBuilder('role') + .leftJoin('role.userRoles', 'ur') + .leftJoin('role.permissions', 'p') + .select([ + 'role.id', + 'role.name', + 'role.slug', + 'role.description', + 'role.isBuiltIn', + 'role.isActive', + 'role.createdAt', + ]) + .addSelect('COUNT(DISTINCT ur.userId)', 'usersCount') + .addSelect('COUNT(DISTINCT p.id)', 'permissionsCount') + .where('role.tenantId = :tenantId', { tenantId }) + .groupBy('role.id'); + + // Filtro por tipo + if (query.type === RoleType.BUILT_IN) { + qb.andWhere('role.isBuiltIn = true'); + } else if (query.type === RoleType.CUSTOM) { + qb.andWhere('role.isBuiltIn = false'); + } + + // Filtro por activo + if (!query.includeInactive) { + qb.andWhere('role.isActive = true'); + } + + // Busqueda + if (query.search) { + qb.andWhere('(role.name ILIKE :search OR role.description ILIKE :search)', { + search: `%${query.search}%`, + }); + } + + // Ordenar: built-in primero, luego por nombre + qb.orderBy('role.isBuiltIn', 'DESC').addOrderBy('role.name', 'ASC'); + + // Paginacion + const total = await qb.getCount(); + const data = await qb + .offset((query.page - 1) * query.limit) + .limit(query.limit) + .getRawAndEntities(); + + return { + data: data.entities.map((role, i) => ({ + ...role, + usersCount: parseInt(data.raw[i].usersCount), + permissionsCount: parseInt(data.raw[i].permissionsCount), + })), + meta: { + total, + page: query.page, + limit: query.limit, + totalPages: Math.ceil(total / query.limit), + hasNext: query.page * query.limit < total, + hasPrev: query.page > 1, + }, + }; + } + + async findOne(tenantId: string, id: string): Promise { + const role = await this.roleRepository.findOne({ + where: { id, tenantId }, + relations: ['permissions'], + }); + + if (!role) { + throw new NotFoundException('Rol no encontrado'); + } + + // Agregar conteo de usuarios + const usersCount = await this.userRoleRepository.count({ + where: { roleId: id }, + }); + role.usersCount = usersCount; + + return role; + } + + async update( + tenantId: string, + id: string, + dto: UpdateRoleDto, + userId: string, + ): Promise { + const role = await this.findOne(tenantId, id); + + // Validar si es built-in + if (role.isBuiltIn) { + // Solo permitir agregar permisos, no quitar ni cambiar nombre + if (dto.name && dto.name !== role.name) { + throw new BadRequestException('No se puede cambiar el nombre de roles del sistema'); + } + if (dto.permissionIds) { + // Validar que solo se agregan, no se quitan + const currentPermIds = role.permissions.map(p => p.id); + const removedPerms = currentPermIds.filter(id => !dto.permissionIds.includes(id)); + if (removedPerms.length > 0) { + throw new BadRequestException('No se pueden quitar permisos de roles del sistema'); + } + } + } + + // Validar nombre unico si cambio + if (dto.name && dto.name !== role.name) { + const existing = await this.roleRepository.findOne({ + where: { tenantId, name: dto.name, id: Not(id) }, + }); + if (existing) { + throw new ConflictException('Ya existe un rol con este nombre'); + } + role.name = dto.name; + role.slug = slugify(dto.name); + } + + if (dto.description !== undefined) { + role.description = dto.description; + } + + if (dto.isActive !== undefined && !role.isBuiltIn) { + role.isActive = dto.isActive; + } + + if (dto.permissionIds) { + const permissions = await this.permissionRepository.findBy({ + id: In(dto.permissionIds), + }); + role.permissions = permissions; + } + + role.updatedBy = userId; + + const updated = await this.roleRepository.save(role); + + // Invalidar cache de usuarios con este rol + await this.invalidateCacheForRole(id); + + return updated; + } + + async remove( + tenantId: string, + id: string, + userId: string, + reassignTo?: string, + ): Promise { + const role = await this.findOne(tenantId, id); + + if (role.isBuiltIn) { + throw new BadRequestException('No se pueden eliminar roles del sistema'); + } + + // Reasignar usuarios si se especifico + if (reassignTo && role.usersCount > 0) { + const targetRole = await this.findOne(tenantId, reassignTo); + await this.userRoleRepository.update( + { roleId: id }, + { roleId: targetRole.id }, + ); + } else if (role.usersCount > 0) { + // Eliminar asignaciones + await this.userRoleRepository.delete({ roleId: id }); + } + + // Soft delete + role.deletedBy = userId; + await this.roleRepository.save(role); + await this.roleRepository.softDelete(id); + + // Invalidar cache + await this.invalidateCacheForRole(id); + } + + private async invalidateCacheForRole(roleId: string): Promise { + const userRoles = await this.userRoleRepository.find({ + where: { roleId }, + select: ['userId'], + }); + + for (const ur of userRoles) { + await this.cacheService.invalidateUserPermissions(ur.userId); + } + } +} +``` + +### Permissions Service + +```typescript +// services/permissions.service.ts +import { Injectable } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, In } from 'typeorm'; +import { Permission } from '../entities/permission.entity'; +import { UserRole } from '../entities/user-role.entity'; +import { RbacCacheService } from './rbac-cache.service'; + +@Injectable() +export class PermissionsService { + private moduleNames: Record = { + auth: 'Autenticacion', + users: 'Gestion de Usuarios', + roles: 'Roles y Permisos', + tenants: 'Multi-Tenancy', + settings: 'Configuracion', + audit: 'Auditoria', + reports: 'Reportes', + financial: 'Modulo Financiero', + inventory: 'Inventario', + }; + + constructor( + @InjectRepository(Permission) + private permissionRepository: Repository, + @InjectRepository(UserRole) + private userRoleRepository: Repository, + private cacheService: RbacCacheService, + ) {} + + async findAll(search?: string): Promise { + let qb = this.permissionRepository + .createQueryBuilder('p') + .where('p.isDeprecated = false') + .orderBy('p.module', 'ASC') + .addOrderBy('p.sortOrder', 'ASC'); + + if (search) { + qb = qb.andWhere( + '(p.code ILIKE :search OR p.name ILIKE :search)', + { search: `%${search}%` }, + ); + } + + const permissions = await qb.getMany(); + + // Agrupar por modulo + const grouped = new Map(); + for (const perm of permissions) { + if (!grouped.has(perm.module)) { + grouped.set(perm.module, []); + } + grouped.get(perm.module).push(perm); + } + + return Array.from(grouped.entries()).map(([module, perms]) => ({ + module, + moduleName: this.moduleNames[module] || module, + permissions: perms.map(p => ({ + id: p.id, + code: p.code, + name: p.name, + description: p.description, + })), + })); + } + + async getEffectivePermissions(userId: string): Promise { + // Intentar desde cache + const cached = await this.cacheService.getUserPermissions(userId); + if (cached) { + return cached; + } + + // Obtener roles del usuario + const userRoles = await this.userRoleRepository.find({ + where: { userId }, + relations: ['role', 'role.permissions'], + }); + + const roles = userRoles + .filter(ur => !ur.expiresAt || ur.expiresAt > new Date()) + .filter(ur => ur.role.isActive) + .map(ur => ur.role.slug); + + // Recolectar permisos directos + const directPerms = new Set(); + for (const ur of userRoles) { + if (ur.role.isActive) { + for (const perm of ur.role.permissions) { + directPerms.add(perm.code); + } + } + } + + // Expandir wildcards + const allPerms = await this.expandWildcards(Array.from(directPerms)); + + // Calcular heredados + const inherited = allPerms.filter(p => !directPerms.has(p)); + + const result: EffectivePermissionsDto = { + roles, + direct: Array.from(directPerms), + inherited, + all: allPerms, + }; + + // Guardar en cache + await this.cacheService.setUserPermissions(userId, result); + + return result; + } + + async userHasPermission(userId: string, permission: string): Promise { + const effective = await this.getEffectivePermissions(userId); + return effective.all.includes(permission); + } + + async userHasAnyPermission(userId: string, permissions: string[]): Promise { + const effective = await this.getEffectivePermissions(userId); + return permissions.some(p => effective.all.includes(p)); + } + + async userHasAllPermissions(userId: string, permissions: string[]): Promise { + const effective = await this.getEffectivePermissions(userId); + return permissions.every(p => effective.all.includes(p)); + } + + private async expandWildcards(permissions: string[]): Promise { + const result = new Set(permissions); + + // Encontrar wildcards + const wildcards = permissions.filter(p => p.endsWith(':*')); + + if (wildcards.length === 0) { + return Array.from(result); + } + + // Obtener permisos hijos de wildcards + for (const wildcard of wildcards) { + const module = wildcard.replace(':*', ''); + const children = await this.permissionRepository.find({ + where: { module, isDeprecated: false }, + }); + children.forEach(c => result.add(c.code)); + } + + return Array.from(result); + } +} +``` + +### RBAC Cache Service + +```typescript +// services/rbac-cache.service.ts +import { Injectable, Inject } from '@nestjs/common'; +import { CACHE_MANAGER } from '@nestjs/cache-manager'; +import { Cache } from 'cache-manager'; +import { EffectivePermissionsDto } from '../dto'; + +@Injectable() +export class RbacCacheService { + private readonly CACHE_TTL = 300000; // 5 minutos + private readonly PREFIX = 'rbac:permissions:'; + + constructor(@Inject(CACHE_MANAGER) private cache: Cache) {} + + async getUserPermissions(userId: string): Promise { + const key = `${this.PREFIX}${userId}`; + return this.cache.get(key); + } + + async setUserPermissions( + userId: string, + permissions: EffectivePermissionsDto, + ): Promise { + const key = `${this.PREFIX}${userId}`; + await this.cache.set(key, permissions, this.CACHE_TTL); + } + + async invalidateUserPermissions(userId: string): Promise { + const key = `${this.PREFIX}${userId}`; + await this.cache.del(key); + } + + async invalidateAll(): Promise { + // En produccion: usar patron de keys o pub/sub + // await this.cache.reset(); + } +} +``` + +--- + +## Guards y Decoradores + +### Decoradores + +```typescript +// decorators/permissions.decorator.ts +import { SetMetadata } from '@nestjs/common'; + +export const PERMISSIONS_KEY = 'permissions'; +export const PERMISSION_MODE_KEY = 'permissionMode'; + +export interface PermissionMetadata { + permissions: string[]; + mode: 'AND' | 'OR'; +} + +export const Permissions = (...permissions: string[]) => + SetMetadata(PERMISSIONS_KEY, { permissions, mode: 'AND' } as PermissionMetadata); + +export const AnyPermission = (...permissions: string[]) => + SetMetadata(PERMISSIONS_KEY, { permissions, mode: 'OR' } as PermissionMetadata); + +// decorators/roles.decorator.ts +export const ROLES_KEY = 'roles'; +export const Roles = (...roles: string[]) => SetMetadata(ROLES_KEY, roles); + +// decorators/public.decorator.ts +export const IS_PUBLIC_KEY = 'isPublic'; +export const Public = () => SetMetadata(IS_PUBLIC_KEY, true); + +// decorators/owner-or-permission.decorator.ts +export const OWNER_OR_PERMISSION_KEY = 'ownerOrPermission'; +export const OwnerOrPermission = (permission: string) => + SetMetadata(OWNER_OR_PERMISSION_KEY, permission); +``` + +### RBAC Guard + +```typescript +// guards/rbac.guard.ts +import { + Injectable, + CanActivate, + ExecutionContext, + ForbiddenException, + Logger, +} from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { PermissionsService } from '../services/permissions.service'; +import { + IS_PUBLIC_KEY, + PERMISSIONS_KEY, + ROLES_KEY, + PermissionMetadata, +} from '../decorators'; + +@Injectable() +export class RbacGuard implements CanActivate { + private readonly logger = new Logger(RbacGuard.name); + + constructor( + private reflector: Reflector, + private permissionsService: PermissionsService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + // Verificar si es ruta publica + const isPublic = this.reflector.getAllAndOverride(IS_PUBLIC_KEY, [ + context.getHandler(), + context.getClass(), + ]); + if (isPublic) return true; + + const request = context.switchToHttp().getRequest(); + const user = request.user; + + if (!user) { + throw new ForbiddenException('No autenticado'); + } + + // Super Admin bypass + const effectivePerms = await this.permissionsService.getEffectivePermissions(user.id); + if (effectivePerms.roles.includes('super_admin')) { + return true; + } + + // Verificar roles requeridos + const requiredRoles = this.reflector.getAllAndOverride(ROLES_KEY, [ + context.getHandler(), + context.getClass(), + ]); + if (requiredRoles && requiredRoles.length > 0) { + const hasRole = requiredRoles.some(role => effectivePerms.roles.includes(role)); + if (!hasRole) { + this.logDenied(user.id, request, 'roles', requiredRoles); + throw new ForbiddenException('No tienes permiso para realizar esta accion'); + } + } + + // Verificar permisos requeridos + const permMetadata = this.reflector.getAllAndOverride( + PERMISSIONS_KEY, + [context.getHandler(), context.getClass()], + ); + + if (!permMetadata) return true; + + const { permissions, mode } = permMetadata; + + let hasPermission: boolean; + if (mode === 'AND') { + hasPermission = await this.permissionsService.userHasAllPermissions( + user.id, + permissions, + ); + } else { + hasPermission = await this.permissionsService.userHasAnyPermission( + user.id, + permissions, + ); + } + + if (!hasPermission) { + this.logDenied(user.id, request, 'permissions', permissions); + throw new ForbiddenException('No tienes permiso para realizar esta accion'); + } + + // Adjuntar permisos al request para uso posterior + request.userPermissions = effectivePerms; + + return true; + } + + private logDenied( + userId: string, + request: any, + type: string, + required: string[], + ): void { + this.logger.warn({ + message: 'Access denied', + userId, + endpoint: `${request.method} ${request.url}`, + requiredType: type, + required, + timestamp: new Date().toISOString(), + }); + } +} +``` + +### Owner Guard + +```typescript +// guards/owner.guard.ts +import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { OWNER_OR_PERMISSION_KEY } from '../decorators'; +import { PermissionsService } from '../services/permissions.service'; + +@Injectable() +export class OwnerGuard implements CanActivate { + constructor( + private reflector: Reflector, + private permissionsService: PermissionsService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const permission = this.reflector.get( + OWNER_OR_PERMISSION_KEY, + context.getHandler(), + ); + + if (!permission) return true; + + const request = context.switchToHttp().getRequest(); + const user = request.user; + const resourceId = request.params.id; + + // Verificar si tiene permiso + const hasPermission = await this.permissionsService.userHasPermission( + user.id, + permission, + ); + if (hasPermission) return true; + + // Verificar si es owner + return user.id === resourceId; + } +} +``` + +--- + +## Controllers + +### Roles Controller + +```typescript +// controllers/roles.controller.ts +import { + Controller, + Get, + Post, + Patch, + Delete, + Body, + Param, + Query, + UseGuards, + ParseUUIDPipe, +} from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard'; +import { TenantGuard } from '../../tenants/guards/tenant.guard'; +import { RbacGuard } from '../guards/rbac.guard'; +import { Permissions } from '../decorators'; +import { CurrentUser } from '../../auth/decorators/current-user.decorator'; +import { CurrentTenant } from '../../tenants/decorators/current-tenant.decorator'; +import { RolesService } from '../services/roles.service'; +import { CreateRoleDto, UpdateRoleDto, RoleQueryDto } from '../dto'; + +@ApiTags('Roles') +@ApiBearerAuth() +@Controller('api/v1/roles') +@UseGuards(JwtAuthGuard, TenantGuard, RbacGuard) +export class RolesController { + constructor(private rolesService: RolesService) {} + + @Post() + @Permissions('roles:create') + @ApiOperation({ summary: 'Crear un nuevo rol' }) + create( + @CurrentTenant() tenantId: string, + @CurrentUser('id') userId: string, + @Body() dto: CreateRoleDto, + ) { + return this.rolesService.create(tenantId, dto, userId); + } + + @Get() + @Permissions('roles:read') + @ApiOperation({ summary: 'Listar roles' }) + findAll( + @CurrentTenant() tenantId: string, + @Query() query: RoleQueryDto, + ) { + return this.rolesService.findAll(tenantId, query); + } + + @Get(':id') + @Permissions('roles:read') + @ApiOperation({ summary: 'Obtener detalle de un rol' }) + findOne( + @CurrentTenant() tenantId: string, + @Param('id', ParseUUIDPipe) id: string, + ) { + return this.rolesService.findOne(tenantId, id); + } + + @Patch(':id') + @Permissions('roles:update') + @ApiOperation({ summary: 'Actualizar un rol' }) + update( + @CurrentTenant() tenantId: string, + @CurrentUser('id') userId: string, + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: UpdateRoleDto, + ) { + return this.rolesService.update(tenantId, id, dto, userId); + } + + @Delete(':id') + @Permissions('roles:delete') + @ApiOperation({ summary: 'Eliminar un rol' }) + remove( + @CurrentTenant() tenantId: string, + @CurrentUser('id') userId: string, + @Param('id', ParseUUIDPipe) id: string, + @Query('reassignTo') reassignTo?: string, + ) { + return this.rolesService.remove(tenantId, id, userId, reassignTo); + } + + @Get(':id/users') + @Permissions('roles:read') + @ApiOperation({ summary: 'Listar usuarios de un rol' }) + findUsers( + @CurrentTenant() tenantId: string, + @Param('id', ParseUUIDPipe) id: string, + @Query() query: PaginationDto, + ) { + return this.rolesService.findUsers(tenantId, id, query); + } + + @Post(':id/users') + @Permissions('roles:assign') + @ApiOperation({ summary: 'Asignar rol a usuarios' }) + assignUsers( + @CurrentTenant() tenantId: string, + @CurrentUser('id') userId: string, + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: AssignUsersToRoleDto, + ) { + return this.rolesService.assignUsers(tenantId, id, dto.userIds, userId); + } +} +``` + +### Permissions Controller + +```typescript +// controllers/permissions.controller.ts +import { Controller, Get, Query, UseGuards } from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard'; +import { RbacGuard } from '../guards/rbac.guard'; +import { Permissions } from '../decorators'; +import { PermissionsService } from '../services/permissions.service'; + +@ApiTags('Permissions') +@ApiBearerAuth() +@Controller('api/v1/permissions') +@UseGuards(JwtAuthGuard, RbacGuard) +export class PermissionsController { + constructor(private permissionsService: PermissionsService) {} + + @Get() + @Permissions('permissions:read') + @ApiOperation({ summary: 'Listar permisos agrupados por modulo' }) + findAll(@Query('search') search?: string) { + return this.permissionsService.findAll(search); + } +} +``` + +--- + +## Endpoints Summary + +| Metodo | Endpoint | Permiso | Descripcion | +|--------|----------|---------|-------------| +| POST | /api/v1/roles | roles:create | Crear rol | +| GET | /api/v1/roles | roles:read | Listar roles | +| GET | /api/v1/roles/:id | roles:read | Detalle de rol | +| PATCH | /api/v1/roles/:id | roles:update | Actualizar rol | +| DELETE | /api/v1/roles/:id | roles:delete | Eliminar rol | +| GET | /api/v1/roles/:id/users | roles:read | Usuarios del rol | +| POST | /api/v1/roles/:id/users | roles:assign | Asignar usuarios | +| GET | /api/v1/permissions | permissions:read | Listar permisos | +| PUT | /api/v1/users/:id/roles | roles:assign | Asignar roles a usuario | +| GET | /api/v1/users/:id/permissions | - | Permisos efectivos | + +**Total: 10 endpoints** + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/historias-usuario/BACKLOG-MGN003.md b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/BACKLOG-MGN003.md new file mode 100644 index 0000000..09b5bb1 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/BACKLOG-MGN003.md @@ -0,0 +1,177 @@ +# Backlog del Modulo MGN-003: Roles/RBAC + +## Resumen + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-003 | +| **Nombre** | Roles/RBAC - Control de Acceso | +| **Total User Stories** | 4 | +| **Total Story Points** | 29 | +| **Estado** | En documentacion | +| **Fecha** | 2025-12-05 | + +--- + +## User Stories + +### Sprint 2 - Core RBAC (29 SP) + +| ID | Nombre | SP | Prioridad | Estado | +|----|--------|-----|-----------|--------| +| [US-MGN003-001](./US-MGN003-001.md) | CRUD de Roles | 8 | P0 | Ready | +| [US-MGN003-002](./US-MGN003-002.md) | Gestion de Permisos | 5 | P0 | Ready | +| [US-MGN003-003](./US-MGN003-003.md) | Asignacion Roles-Usuarios | 8 | P0 | Ready | +| [US-MGN003-004](./US-MGN003-004.md) | Control de Acceso RBAC | 8 | P0 | Ready | + +--- + +## Stories Adicionales (No incluidas en scope inicial) + +| ID | Nombre | SP | Prioridad | Estado | +|----|--------|-----|-----------|--------| +| US-MGN003-005 | Roles Temporales | 3 | P2 | Backlog | +| US-MGN003-006 | Herencia de Roles | 5 | P2 | Backlog | +| US-MGN003-007 | Auditoria de Cambios RBAC | 3 | P1 | Backlog | +| US-MGN003-008 | Permisos Contextuales | 5 | P2 | Backlog | + +--- + +## Roadmap Visual + +``` +Sprint 2 +├─────────────────────────────────────────────────────────────────┤ +│ US-001: CRUD de Roles [8 SP] │ +│ US-002: Gestion de Permisos [5 SP] │ +│ US-003: Asignacion Roles-Usuarios [8 SP] │ +│ US-004: Control de Acceso RBAC [8 SP] │ +├─────────────────────────────────────────────────────────────────┤ +│ Total: 29 SP │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Dependencias entre Stories + +``` + ┌─────────────────┐ + │ MGN-001 Auth │ + │ (JWT/Login) │ + └────────┬────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ US-MGN003-002 │ + │ Gestion de Permisos │ + │ (Catalogo de permisos) │ + └────────────┬─────────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ US-MGN003-001 │ + │ CRUD de Roles │ + │ (Roles con permisos) │ + └────────────┬─────────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ US-MGN003-003 │ + │ Asignacion Roles │ + │ (Usuarios con roles) │ + └────────────┬─────────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ US-MGN003-004 │ + │ Control de Acceso │ + │ (Guards y decoradores) │ + └────────────┬─────────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ Todos los endpoints │ + │ del sistema usan RBAC │ + └──────────────────────────┘ +``` + +--- + +## Criterios de Aceptacion del Modulo + +### Funcionalidad + +- [ ] Admins pueden crear, listar, editar y eliminar roles personalizados +- [ ] Roles built-in no pueden eliminarse ni modificarse (solo extender) +- [ ] Permisos se muestran agrupados por modulo +- [ ] Usuarios pueden tener multiples roles +- [ ] Permisos efectivos son la union de todos los roles +- [ ] Wildcards funcionan correctamente (users:* -> users:read, etc.) +- [ ] Control de acceso en TODOS los endpoints protegidos + +### Seguridad + +- [ ] Solo super_admin puede asignar rol super_admin +- [ ] Al menos un super_admin debe existir siempre +- [ ] Errores 403 no revelan que permiso falta +- [ ] Logs de acceso denegado para auditoria +- [ ] Cache de permisos se invalida al cambiar roles + +### Performance + +- [ ] Permisos cacheados por 5 minutos +- [ ] Validacion de permisos < 10ms (desde cache) +- [ ] Invalidacion de cache inmediata + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Backend: Endpoints | 10 | +| Backend: Guards/Decorators | 8 | +| Backend: Cache | 4 | +| Backend: Tests | 7 | +| Frontend: Pages | 8 | +| Frontend: Components | 6 | +| Frontend: Tests | 5 | +| **Total** | **48** | + +> Nota: Las 4 US principales suman 29 SP. La estimacion detallada de 48 SP incluye integracion y overhead. + +--- + +## Definition of Done del Modulo + +- [ ] Todas las User Stories completadas +- [ ] Permisos seeded en base de datos +- [ ] Roles built-in creados para cada tenant +- [ ] Guards aplicados a todos los endpoints existentes +- [ ] Tests unitarios > 80% coverage +- [ ] Tests e2e de flujos RBAC +- [ ] Documentacion Swagger completa +- [ ] Code review aprobado +- [ ] Security review aprobado +- [ ] Despliegue en staging exitoso +- [ ] UAT aprobado + +--- + +## Riesgos y Mitigaciones + +| Riesgo | Impacto | Probabilidad | Mitigacion | +|--------|---------|--------------|------------| +| Performance de validacion | Alto | Media | Cache de permisos | +| Cache desincronizado | Alto | Baja | Invalidacion inmediata | +| Configuracion incorrecta | Medio | Media | Tests exhaustivos | +| Bloqueo de usuarios | Alto | Baja | Super Admin bypass | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 US | diff --git a/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-001.md b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-001.md new file mode 100644 index 0000000..72cbe99 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-001.md @@ -0,0 +1,162 @@ +# US-MGN003-001: CRUD de Roles + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN003-001 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** administrador del sistema +**Quiero** poder crear, ver, editar y eliminar roles +**Para** gestionar los niveles de acceso de los usuarios a las funcionalidades del sistema + +--- + +## Criterios de Aceptacion + +### Escenario 1: Crear rol exitosamente + +```gherkin +Given un admin autenticado con permiso "roles:create" +When crea un rol con: + | name | Vendedor | + | description | Equipo de ventas | + | permissions | [sales:*, users:read] | +Then el sistema crea el rol + And el rol tiene slug "vendedor" + And el rol tiene isBuiltIn = false + And responde con status 201 +``` + +### Escenario 2: Listar roles con paginacion + +```gherkin +Given 12 roles en el tenant (5 built-in + 7 custom) +When el admin solicita GET /api/v1/roles?page=1&limit=10 +Then el sistema retorna 10 roles + And roles built-in aparecen primero + And incluye usersCount y permissionsCount por rol + And incluye meta con total=12 +``` + +### Escenario 3: No crear rol con nombre duplicado + +```gherkin +Given un rol existente con nombre "Vendedor" +When el admin intenta crear otro rol "Vendedor" +Then el sistema responde con status 409 + And el mensaje es "Ya existe un rol con este nombre" +``` + +### Escenario 4: No eliminar rol del sistema + +```gherkin +Given el rol built-in "admin" +When el admin intenta eliminarlo +Then el sistema responde con status 400 + And el mensaje es "No se pueden eliminar roles del sistema" +``` + +### Escenario 5: Soft delete con reasignacion + +```gherkin +Given rol "Vendedor" con 5 usuarios asignados +When admin elimina el rol con reassignTo="user" +Then el rol tiene deleted_at establecido + And los 5 usuarios ahora tienen rol "user" + And el rol no aparece en listados normales +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Roles [+ Nuevo Rol] | ++------------------------------------------------------------------+ +| Buscar: [___________________] [Tipo: Todos ▼] | ++------------------------------------------------------------------+ +| | Nombre | Descripcion | Permisos | Usuarios | ⚙ | +|---|-----------------|--------------------|-----------|---------|----| +| 🔒| Super Admin | Acceso total | 45 | 1 | 👁 | +| 🔒| Admin | Gestion tenant | 32 | 3 | 👁 | +| 🔒| Manager | Supervision | 18 | 5 | 👁 | +| 🔒| User | Acceso basico | 8 | 42 | 👁 | +| | Vendedor | Equipo de ventas | 12 | 8 | ✏🗑| +| | Contador | Area contable | 15 | 2 | ✏🗑| ++------------------------------------------------------------------+ + +🔒 = Rol del sistema (built-in), no editable/eliminable +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +POST /api/v1/roles +GET /api/v1/roles?page=1&limit=10&type=custom&search=vend +GET /api/v1/roles/:id +PATCH /api/v1/roles/:id +DELETE /api/v1/roles/:id?reassignTo=other-role-id +``` + +### Validaciones + +| Campo | Regla | +|-------|-------| +| name | 3-50 chars, unico en tenant | +| description | Max 500 chars | +| permissionIds | Array min 1 | + +--- + +## Definicion de Done + +- [ ] Endpoint POST /api/v1/roles +- [ ] Endpoint GET /api/v1/roles con paginacion +- [ ] Endpoint GET /api/v1/roles/:id +- [ ] Endpoint PATCH /api/v1/roles/:id +- [ ] Endpoint DELETE /api/v1/roles/:id +- [ ] Validacion de roles built-in +- [ ] Frontend: RolesListPage +- [ ] Frontend: CreateRoleModal +- [ ] Frontend: EditRoleModal +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: CRUD endpoints | 5h | +| Backend: Validaciones | 2h | +| Backend: Tests | 2h | +| Frontend: RolesListPage | 4h | +| Frontend: RoleForm | 4h | +| Frontend: Tests | 2h | +| **Total** | **19h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-002.md b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-002.md new file mode 100644 index 0000000..aaf1b44 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-002.md @@ -0,0 +1,177 @@ +# US-MGN003-002: Gestion de Permisos + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN003-002 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 5 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** administrador del sistema +**Quiero** ver el catalogo de permisos disponibles agrupados por modulo +**Para** asignar los permisos correctos a cada rol + +--- + +## Criterios de Aceptacion + +### Escenario 1: Listar permisos agrupados + +```gherkin +Given un admin autenticado con permiso "permissions:read" +When accede a GET /api/v1/permissions +Then el sistema retorna permisos agrupados por modulo + And cada modulo incluye nombre y lista de permisos + And cada permiso incluye code, name, description + And no incluye permisos deprecados +``` + +### Escenario 2: Buscar permisos + +```gherkin +Given 40 permisos en el sistema +When el admin busca "users" +Then el sistema retorna solo permisos que contienen "users" + And mantiene agrupacion por modulo + And la busqueda es case-insensitive +``` + +### Escenario 3: Mostrar permisos en selector + +```gherkin +Given admin creando un nuevo rol +When ve el selector de permisos +Then los permisos estan agrupados por modulo + And puede expandir/colapsar cada modulo + And puede seleccionar multiples permisos + And puede seleccionar "todos" de un modulo +``` + +### Escenario 4: Wildcard en permisos + +```gherkin +Given un rol con permiso "users:*" +When se visualizan los permisos del rol +Then aparece "users:*" como seleccionado + And indica que incluye todos los permisos de usuarios + And los permisos individuales aparecen como "incluidos" +``` + +--- + +## Mockup / Wireframe + +``` +Selector de Permisos (en modal de crear/editar rol) +┌────────────────────────────────────────────────────────────────┐ +│ Buscar permisos: [________________] [Seleccionar todos] │ +├────────────────────────────────────────────────────────────────┤ +│ │ +│ ▼ Gestion de Usuarios (7 permisos) [☑ Todos] │ +│ ┌──────────────────────────────────────────────────────────┐│ +│ │ ☑ users:read - Leer usuarios ││ +│ │ ☑ users:create - Crear usuarios ││ +│ │ ☐ users:update - Actualizar usuarios ││ +│ │ ☐ users:delete - Eliminar usuarios ││ +│ │ ☐ users:activate - Activar/Desactivar usuarios ││ +│ │ ☐ users:export - Exportar lista de usuarios ││ +│ │ ☐ users:import - Importar usuarios ││ +│ └──────────────────────────────────────────────────────────┘│ +│ │ +│ ▶ Roles y Permisos (6 permisos) [☐ Todos] │ +│ │ +│ ▶ Inventario (9 permisos) [☐ Todos] │ +│ │ +│ ▶ Modulo Financiero (7 permisos) [☐ Todos] │ +│ │ +├────────────────────────────────────────────────────────────────┤ +│ Permisos seleccionados: 2 │ +└────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +GET /api/v1/permissions?search=users + +// Response +{ + "data": [ + { + "module": "users", + "moduleName": "Gestion de Usuarios", + "permissions": [ + { + "id": "uuid", + "code": "users:read", + "name": "Leer usuarios", + "description": "Ver listado y detalle de usuarios" + }, + // ... + ] + } + ] +} +``` + +### Permisos por Modulo + +| Modulo | Cantidad | Ejemplo | +|--------|----------|---------| +| auth | 2 | auth:sessions:read | +| users | 7 | users:read, users:create | +| roles | 6 | roles:read, roles:assign | +| tenants | 3 | tenants:read | +| settings | 2 | settings:update | +| audit | 2 | audit:read | +| reports | 4 | reports:export | +| financial | 7 | financial:transactions:create | +| inventory | 9 | inventory:products:read | + +--- + +## Definicion de Done + +- [ ] Endpoint GET /api/v1/permissions +- [ ] Busqueda por texto +- [ ] Agrupacion por modulo +- [ ] Frontend: PermissionSelector component +- [ ] Frontend: Expand/collapse por modulo +- [ ] Frontend: Seleccion multiple +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Endpoint | 2h | +| Backend: Agrupacion | 1h | +| Backend: Tests | 1h | +| Frontend: PermissionSelector | 5h | +| Frontend: Tests | 2h | +| **Total** | **11h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-003.md b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-003.md new file mode 100644 index 0000000..6c1fdcf --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-003.md @@ -0,0 +1,211 @@ +# US-MGN003-003: Asignacion de Roles a Usuarios + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN003-003 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** administrador del sistema +**Quiero** poder asignar y quitar roles a los usuarios +**Para** controlar que acciones puede realizar cada usuario en el sistema + +--- + +## Criterios de Aceptacion + +### Escenario 1: Asignar rol a usuario + +```gherkin +Given un usuario "juan@empresa.com" con rol "user" + And un rol "vendedor" disponible +When el admin asigna rol "vendedor" al usuario +Then el usuario tiene roles ["user", "vendedor"] + And el usuario tiene permisos de ambos roles combinados + And se registra en auditoria quien hizo la asignacion +``` + +### Escenario 2: Quitar rol de usuario + +```gherkin +Given un usuario con roles ["admin", "manager"] +When el admin quita el rol "manager" +Then el usuario solo tiene rol ["admin"] + And pierde los permisos exclusivos de "manager" + And los cambios son inmediatos +``` + +### Escenario 3: Asignacion masiva + +```gherkin +Given 10 usuarios seleccionados + And rol "vendedor" disponible +When el admin asigna "vendedor" a todos +Then los 10 usuarios tienen rol "vendedor" agregado + And responde con resumen: { success: 10, failed: 0 } +``` + +### Escenario 4: Proteccion de super_admin + +```gherkin +Given un admin autenticado (no super_admin) +When intenta asignar rol "super_admin" a un usuario +Then el sistema responde con status 403 + And el mensaje es "Solo Super Admin puede asignar este rol" +``` + +### Escenario 5: No quitar ultimo super_admin + +```gherkin +Given solo 1 usuario con rol "super_admin" +When se intenta quitar el rol +Then el sistema responde con status 400 + And el mensaje es "Debe existir al menos un Super Admin" +``` + +### Escenario 6: Ver permisos efectivos + +```gherkin +Given usuario con roles ["admin", "vendedor"] +When consulta GET /api/v1/users/:id/permissions +Then retorna union de permisos de ambos roles + And indica cuales son directos y cuales heredados +``` + +--- + +## Mockup / Wireframe + +``` +Modal: Gestionar Roles de Usuario +┌──────────────────────────────────────────────────────────────────┐ +│ ROLES DE: Juan Perez (juan@empresa.com) │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ Selecciona los roles para este usuario: │ +│ │ +│ ┌────────────────────────────────────────────────────────────┐ │ +│ │ 🔒 Super Admin Acceso total al sistema [ ] │ │ +│ │ 🔒 Admin Gestion completa del tenant [✓] │ │ +│ │ 🔒 Manager Supervision operativa [ ] │ │ +│ │ 🔒 User Acceso basico [✓] │ │ +│ │ Vendedor Equipo de ventas [✓] │ │ +│ │ Contador Area contable [ ] │ │ +│ │ Almacenista Gestion de inventario [ ] │ │ +│ └────────────────────────────────────────────────────────────┘ │ +│ │ +│ Roles seleccionados: 3 (Admin, User, Vendedor) │ +│ Permisos efectivos: 45 permisos │ +│ │ +│ [Ver detalle de permisos] │ +│ │ +│ [ Cancelar ] [ Guardar Cambios ] │ +└──────────────────────────────────────────────────────────────────┘ + +Vista: Usuarios de un Rol (desde detalle de rol) +┌──────────────────────────────────────────────────────────────────┐ +│ Rol: Vendedor [+ Agregar Usuarios]│ +├──────────────────────────────────────────────────────────────────┤ +│ Usuarios con este rol (8): │ +│ │ +│ | Avatar | Nombre | Email | Desde | ⚙ | +│ |--------|----------------|--------------------|-----------|----| +│ | 👤 | Carlos Lopez | carlos@empresa.com | 01/12/2025 | 🗑| +│ | 👤 | Maria Garcia | maria@empresa.com | 15/11/2025 | 🗑| +│ | 👤 | Pedro Martinez | pedro@empresa.com | 10/11/2025 | 🗑| +│ │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Desde usuario - asignar roles +PUT /api/v1/users/:userId/roles +{ "roleIds": ["role-1", "role-2"] } + +// Desde rol - asignar usuarios +POST /api/v1/roles/:roleId/users +{ "userIds": ["user-1", "user-2"] } + +// Ver usuarios de un rol +GET /api/v1/roles/:roleId/users + +// Ver permisos efectivos +GET /api/v1/users/:userId/permissions +``` + +### Respuestas + +```typescript +// Asignacion exitosa +{ + "userId": "user-uuid", + "roles": ["admin", "vendedor"], + "effectivePermissions": ["users:*", "sales:*", ...] +} + +// Asignacion masiva +{ + "results": { + "success": ["user-1", "user-2"], + "failed": [ + { "userId": "user-3", "reason": "Usuario no encontrado" } + ] + } +} +``` + +--- + +## Definicion de Done + +- [ ] Endpoint PUT /api/v1/users/:id/roles +- [ ] Endpoint POST /api/v1/roles/:id/users +- [ ] Endpoint GET /api/v1/roles/:id/users +- [ ] Endpoint GET /api/v1/users/:id/permissions +- [ ] Proteccion de rol super_admin +- [ ] Validacion de ultimo super_admin +- [ ] Calculo de permisos efectivos +- [ ] Frontend: RoleAssignmentModal +- [ ] Frontend: UsersOfRole view +- [ ] Tests unitarios +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Endpoints | 4h | +| Backend: Validaciones | 2h | +| Backend: Permisos efectivos | 2h | +| Backend: Tests | 2h | +| Frontend: RoleAssignmentModal | 4h | +| Frontend: BulkAssignment | 2h | +| Frontend: Tests | 2h | +| **Total** | **18h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-004.md b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-004.md new file mode 100644 index 0000000..86c1cae --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/historias-usuario/US-MGN003-004.md @@ -0,0 +1,230 @@ +# US-MGN003-004: Control de Acceso RBAC + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN003-004 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Sprint** | Sprint 2 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Estado** | Ready | +| **Autor** | System | +| **Fecha** | 2025-12-05 | + +--- + +## Historia de Usuario + +**Como** desarrollador del sistema +**Quiero** que el sistema valide automaticamente los permisos en cada request +**Para** garantizar que los usuarios solo accedan a funcionalidades autorizadas + +--- + +## Criterios de Aceptacion + +### Escenario 1: Acceso con permiso valido + +```gherkin +Given un usuario con permiso "users:read" + And endpoint GET /api/v1/users requiere "users:read" +When el usuario hace la solicitud +Then el sistema permite el acceso + And retorna status 200 con los datos +``` + +### Escenario 2: Acceso denegado + +```gherkin +Given un usuario con permiso "users:read" solamente + And endpoint DELETE /api/v1/users/:id requiere "users:delete" +When el usuario intenta eliminar +Then el sistema retorna status 403 + And el mensaje es "No tienes permiso para realizar esta accion" + And NO revela que permiso falta (seguridad) +``` + +### Escenario 3: Wildcard permite acceso + +```gherkin +Given un usuario con permiso "users:*" + And endpoint requiere "users:delete" +When el usuario hace la solicitud +Then el sistema permite el acceso + And wildcard cubre el permiso especifico +``` + +### Escenario 4: Super Admin bypass + +```gherkin +Given un usuario con rol "super_admin" + And endpoint requiere "cualquier:permiso" +When el usuario hace la solicitud +Then el sistema permite el acceso + And no valida permisos especificos +``` + +### Escenario 5: Permisos alternativos (OR) + +```gherkin +Given endpoint con @AnyPermission('users:update', 'users:admin') + And usuario tiene solo "users:admin" +When el usuario hace la solicitud +Then el sistema permite el acceso + And basta con tener UNO de los permisos +``` + +### Escenario 6: Owner puede acceder + +```gherkin +Given endpoint PATCH /api/v1/users/:id con @OwnerOrPermission('users:update') + And usuario accede a su propio perfil (id = su id) + And usuario NO tiene permiso "users:update" +When el usuario actualiza su perfil +Then el sistema permite el acceso + And ser owner del recurso es suficiente +``` + +### Escenario 7: Cache de permisos + +```gherkin +Given permisos de usuario cacheados +When el admin cambia roles del usuario +Then el cache se invalida inmediatamente + And siguiente request recalcula permisos +``` + +--- + +## Mockup / Wireframe + +``` +Flujo de validacion (interno del sistema): + +┌─────────────────────────────────────────────────────────────────┐ +│ Request HTTP │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────┐ │ +│ │ 1. JwtAuthGuard │ │ +│ │ - Valida token JWT │ │ +│ │ - Extrae usuario del token │ │ +│ └─────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────┐ │ +│ │ 2. TenantGuard │ │ +│ │ - Verifica tenant del usuario │ │ +│ │ - Aplica contexto de tenant │ │ +│ └─────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────┐ │ +│ │ 3. RbacGuard │ │ +│ │ - Lee decoradores @Permissions, @Roles │ │ +│ │ - Obtiene permisos efectivos (cache 5min) │ │ +│ │ - Valida segun modo (AND/OR) │ │ +│ │ - Super Admin bypass │ │ +│ └─────────────────────────────────────────────────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────────────────────────────────┐ │ +│ │ 4. Controller │ │ +│ │ - Ejecuta logica de negocio │ │ +│ └─────────────────────────────────────────────────────────┘ │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### Decoradores Disponibles + +```typescript +// Requiere TODOS los permisos (AND) +@Permissions('users:read', 'users:update') + +// Requiere AL MENOS UNO (OR) +@AnyPermission('users:update', 'users:admin') + +// Requiere uno de los roles +@Roles('admin', 'manager') + +// Ruta publica (sin auth) +@Public() + +// Owner o permiso +@OwnerOrPermission('users:update') +``` + +### Uso en Controllers + +```typescript +@Controller('api/v1/users') +@UseGuards(JwtAuthGuard, TenantGuard, RbacGuard) +export class UsersController { + + @Get() + @Permissions('users:read') + findAll() { } + + @Delete(':id') + @Permissions('users:delete') + remove() { } + + @Patch(':id') + @OwnerOrPermission('users:update') + update() { } +} +``` + +### Cache de Permisos + +```typescript +// TTL: 5 minutos +// Key: rbac:permissions:{userId} +// Invalidacion: al cambiar roles del usuario +``` + +--- + +## Definicion de Done + +- [ ] Decoradores @Permissions, @AnyPermission, @Roles +- [ ] Decorador @Public para rutas sin auth +- [ ] Decorador @OwnerOrPermission +- [ ] RbacGuard implementado +- [ ] OwnerGuard implementado +- [ ] Cache de permisos en Redis +- [ ] Invalidacion de cache automatica +- [ ] Log de accesos denegados +- [ ] Tests unitarios para guards +- [ ] Tests de integracion RBAC +- [ ] Code review aprobado + +--- + +## Estimacion + +| Tarea | Horas | +|-------|-------| +| Backend: Decoradores | 2h | +| Backend: RbacGuard | 4h | +| Backend: OwnerGuard | 2h | +| Backend: Cache service | 2h | +| Backend: Invalidacion cache | 2h | +| Backend: Tests guards | 3h | +| Backend: Tests integracion | 3h | +| **Total** | **18h** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/implementacion/TRACEABILITY.yml b/docs/01-fase-foundation/MGN-003-roles/implementacion/TRACEABILITY.yml new file mode 100644 index 0000000..402c4e2 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/implementacion/TRACEABILITY.yml @@ -0,0 +1,488 @@ +# TRACEABILITY.yml - MGN-003: Roles y Permisos +# Matriz de trazabilidad: Documentacion -> Codigo +# Ubicacion: docs/01-fase-foundation/MGN-003-roles/implementacion/ + +epic_code: MGN-003 +epic_name: Roles y Permisos +phase: 1 +phase_name: Foundation +story_points: 40 +status: documented + +# ============================================================================= +# DOCUMENTACION +# ============================================================================= + +documentation: + + requirements: + - id: RF-ROLE-001 + file: ../requerimientos/RF-ROLE-001.md + title: Gestion de Roles + priority: P0 + status: migrated + description: | + CRUD de roles con nombre, descripcion y estado. + Roles de sistema vs roles personalizados. + + - id: RF-ROLE-002 + file: ../requerimientos/RF-ROLE-002.md + title: Gestion de Permisos + priority: P0 + status: migrated + description: | + Definicion de permisos granulares: module:action:resource. + Asignacion de permisos a roles. + + - id: RF-ROLE-003 + file: ../requerimientos/RF-ROLE-003.md + title: Asignacion Usuario-Rol + priority: P0 + status: migrated + description: | + Asignar uno o mas roles a usuarios. + Un usuario hereda todos los permisos de sus roles. + + - id: RF-ROLE-004 + file: ../requerimientos/RF-ROLE-004.md + title: Verificacion de Permisos + priority: P0 + status: migrated + description: | + Verificar en runtime si usuario tiene permiso especifico. + Guards y decoradores para proteger endpoints. + + requirements_index: + file: ../requerimientos/INDICE-RF-ROLE.md + status: migrated + + specifications: + - id: ET-RBAC-001 + file: ../especificaciones/ET-rbac-backend.md + title: Backend RBAC + rf: [RF-ROLE-001, RF-ROLE-002, RF-ROLE-003, RF-ROLE-004] + status: migrated + + - id: ET-RBAC-002 + file: ../especificaciones/ET-RBAC-database.md + title: Database RBAC + rf: [RF-ROLE-001, RF-ROLE-002, RF-ROLE-003, RF-ROLE-004] + status: migrated + + user_stories: + - id: US-MGN003-001 + file: ../historias-usuario/US-MGN003-001.md + title: Crear Rol + rf: [RF-ROLE-001] + story_points: 5 + status: migrated + + - id: US-MGN003-002 + file: ../historias-usuario/US-MGN003-002.md + title: Asignar Permisos a Rol + rf: [RF-ROLE-002] + story_points: 8 + status: migrated + + - id: US-MGN003-003 + file: ../historias-usuario/US-MGN003-003.md + title: Asignar Rol a Usuario + rf: [RF-ROLE-003] + story_points: 5 + status: migrated + + - id: US-MGN003-004 + file: ../historias-usuario/US-MGN003-004.md + title: Verificar Permiso en Endpoint + rf: [RF-ROLE-004] + story_points: 8 + status: migrated + + backlog: + file: ../historias-usuario/BACKLOG-MGN003.md + status: migrated + +# ============================================================================= +# IMPLEMENTACION +# ============================================================================= + +implementation: + + database: + schema: core_rbac + path: apps/database/ddl/schemas/core_rbac/ + + tables: + - name: roles + file: apps/database/ddl/schemas/core_rbac/tables/roles.sql + rf: RF-RBAC-001 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: tenant_id, type: UUID, fk: tenants} + - {name: name, type: VARCHAR(100)} + - {name: slug, type: VARCHAR(100)} + - {name: description, type: TEXT} + - {name: is_system, type: BOOLEAN, default: false} + - {name: is_active, type: BOOLEAN, default: true} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + indexes: + - {name: idx_roles_tenant_slug, unique: true} + rls_policies: + - tenant_isolation + + - name: permissions + file: apps/database/ddl/schemas/core_rbac/tables/permissions.sql + rf: RF-RBAC-002 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: module, type: VARCHAR(50)} + - {name: action, type: VARCHAR(50)} + - {name: resource, type: VARCHAR(100)} + - {name: description, type: TEXT} + - {name: created_at, type: TIMESTAMPTZ} + indexes: + - {name: idx_permissions_unique, columns: [module, action, resource], unique: true} + + - name: role_permissions + file: apps/database/ddl/schemas/core_rbac/tables/role_permissions.sql + rf: RF-RBAC-002 + status: pending + columns: + - {name: role_id, type: UUID, fk: roles} + - {name: permission_id, type: UUID, fk: permissions} + - {name: created_at, type: TIMESTAMPTZ} + constraints: + - {type: pk, columns: [role_id, permission_id]} + + - name: user_roles + file: apps/database/ddl/schemas/core_rbac/tables/user_roles.sql + rf: RF-RBAC-003 + status: pending + columns: + - {name: user_id, type: UUID, fk: users} + - {name: role_id, type: UUID, fk: roles} + - {name: assigned_at, type: TIMESTAMPTZ} + - {name: assigned_by, type: UUID, fk: users} + constraints: + - {type: pk, columns: [user_id, role_id]} + + functions: + - name: user_has_permission + file: apps/database/ddl/schemas/core_rbac/functions/user_has_permission.sql + rf: RF-RBAC-004 + status: pending + params: [p_user_id UUID, p_module VARCHAR, p_action VARCHAR, p_resource VARCHAR] + returns: BOOLEAN + description: Verifica si usuario tiene permiso especifico via roles + + - name: get_user_permissions + file: apps/database/ddl/schemas/core_rbac/functions/get_user_permissions.sql + rf: RF-RBAC-004 + status: pending + params: [p_user_id UUID] + returns: TABLE + description: Retorna todos los permisos del usuario + + - name: seed_system_roles + file: apps/database/ddl/schemas/core_rbac/functions/seed_system_roles.sql + rf: RF-RBAC-005 + status: pending + params: [p_tenant_id UUID] + returns: VOID + description: Crea roles de sistema para nuevo tenant + + backend: + module: roles + path: apps/backend/src/modules/roles/ + framework: NestJS + + entities: + - name: Role + file: apps/backend/src/modules/roles/entities/role.entity.ts + rf: RF-RBAC-001 + status: pending + + - name: Permission + file: apps/backend/src/modules/roles/entities/permission.entity.ts + rf: RF-RBAC-002 + status: pending + + - name: RolePermission + file: apps/backend/src/modules/roles/entities/role-permission.entity.ts + rf: RF-RBAC-002 + status: pending + + - name: UserRole + file: apps/backend/src/modules/roles/entities/user-role.entity.ts + rf: RF-RBAC-003 + status: pending + + services: + - name: RolesService + file: apps/backend/src/modules/roles/roles.service.ts + rf: [RF-RBAC-001, RF-RBAC-005] + status: pending + methods: + - {name: create, rf: RF-RBAC-001} + - {name: findAll, rf: RF-RBAC-001} + - {name: findOne, rf: RF-RBAC-001} + - {name: update, rf: RF-RBAC-001} + - {name: remove, rf: RF-RBAC-001} + - {name: getSystemRoles, rf: RF-RBAC-005} + + - name: PermissionsService + file: apps/backend/src/modules/roles/permissions.service.ts + rf: [RF-RBAC-002, RF-RBAC-004] + status: pending + methods: + - {name: findAll, rf: RF-RBAC-002} + - {name: findByModule, rf: RF-RBAC-002} + - {name: assignToRole, rf: RF-RBAC-002} + - {name: removeFromRole, rf: RF-RBAC-002} + - {name: getUserPermissions, rf: RF-RBAC-004} + - {name: hasPermission, rf: RF-RBAC-004} + + - name: UserRolesService + file: apps/backend/src/modules/roles/user-roles.service.ts + rf: [RF-RBAC-003] + status: pending + methods: + - {name: assignRole, rf: RF-RBAC-003} + - {name: removeRole, rf: RF-RBAC-003} + - {name: getUserRoles, rf: RF-RBAC-003} + + controllers: + - name: RolesController + file: apps/backend/src/modules/roles/roles.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/roles + rf: RF-RBAC-001 + description: Listar roles + + - method: POST + path: /api/v1/roles + rf: RF-RBAC-001 + description: Crear rol + + - method: GET + path: /api/v1/roles/:id + rf: RF-RBAC-001 + description: Obtener rol + + - method: PATCH + path: /api/v1/roles/:id + rf: RF-RBAC-001 + description: Actualizar rol + + - method: DELETE + path: /api/v1/roles/:id + rf: RF-RBAC-001 + description: Eliminar rol + + - method: GET + path: /api/v1/roles/:id/permissions + rf: RF-RBAC-002 + description: Permisos del rol + + - method: POST + path: /api/v1/roles/:id/permissions + rf: RF-RBAC-002 + description: Asignar permiso + + - method: DELETE + path: /api/v1/roles/:id/permissions/:permissionId + rf: RF-RBAC-002 + description: Quitar permiso + + - name: PermissionsController + file: apps/backend/src/modules/roles/permissions.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/permissions + rf: RF-RBAC-002 + description: Listar permisos disponibles + + - method: GET + path: /api/v1/permissions/modules + rf: RF-RBAC-002 + description: Listar modulos + + guards: + - name: RolesGuard + file: apps/backend/src/modules/roles/guards/roles.guard.ts + rf: RF-RBAC-004 + status: pending + description: Verifica que usuario tenga rol requerido + + - name: PermissionsGuard + file: apps/backend/src/modules/roles/guards/permissions.guard.ts + rf: RF-RBAC-004 + status: pending + description: Verifica que usuario tenga permiso requerido + + decorators: + - name: Roles + file: apps/backend/src/modules/roles/decorators/roles.decorator.ts + rf: RF-RBAC-004 + status: pending + usage: "@Roles('admin', 'manager')" + + - name: Permissions + file: apps/backend/src/modules/roles/decorators/permissions.decorator.ts + rf: RF-RBAC-004 + status: pending + usage: "@Permissions('users:read:all')" + + - name: RequirePermission + file: apps/backend/src/modules/roles/decorators/require-permission.decorator.ts + rf: RF-RBAC-004 + status: pending + usage: "@RequirePermission('users', 'write', 'all')" + + frontend: + feature: roles + path: apps/frontend/src/features/roles/ + framework: React + + pages: + - name: RolesPage + file: apps/frontend/src/features/roles/pages/RolesPage.tsx + rf: RF-RBAC-001 + status: pending + route: /settings/roles + + - name: RoleDetailPage + file: apps/frontend/src/features/roles/pages/RoleDetailPage.tsx + rf: [RF-RBAC-001, RF-RBAC-002] + status: pending + route: /settings/roles/:id + + - name: PermissionsPage + file: apps/frontend/src/features/roles/pages/PermissionsPage.tsx + rf: RF-RBAC-002 + status: pending + route: /settings/permissions + + components: + - name: RoleTable + file: apps/frontend/src/features/roles/components/RoleTable.tsx + rf: RF-RBAC-001 + status: pending + + - name: RoleForm + file: apps/frontend/src/features/roles/components/RoleForm.tsx + rf: RF-RBAC-001 + status: pending + + - name: PermissionMatrix + file: apps/frontend/src/features/roles/components/PermissionMatrix.tsx + rf: RF-RBAC-002 + status: pending + description: Matriz visual para asignar permisos a rol + + - name: UserRoleAssignment + file: apps/frontend/src/features/roles/components/UserRoleAssignment.tsx + rf: RF-RBAC-003 + status: pending + + stores: + - name: rolesStore + file: apps/frontend/src/features/roles/stores/rolesStore.ts + rf: [RF-RBAC-001, RF-RBAC-002] + status: pending + + hooks: + - name: usePermission + file: apps/frontend/src/features/roles/hooks/usePermission.ts + rf: RF-RBAC-004 + status: pending + description: Hook para verificar permisos en frontend + + - name: useHasRole + file: apps/frontend/src/features/roles/hooks/useHasRole.ts + rf: RF-RBAC-004 + status: pending + description: Hook para verificar roles en frontend + +# ============================================================================= +# DEPENDENCIAS +# ============================================================================= + +dependencies: + depends_on: + - module: MGN-001 + type: hard + reason: RBAC usa tokens JWT + - module: MGN-002 + type: hard + reason: Roles se asignan a usuarios + + required_by: + - module: MGN-004 + type: soft + reason: Tenants tienen roles por defecto + - module: ALL_BUSINESS + type: hard + reason: Todos los modulos usan permisos + +# ============================================================================= +# TESTS +# ============================================================================= + +tests: + unit: + - name: RolesService.spec.ts + file: apps/backend/src/modules/roles/__tests__/roles.service.spec.ts + status: pending + cases: 10 + + - name: PermissionsService.spec.ts + file: apps/backend/src/modules/roles/__tests__/permissions.service.spec.ts + status: pending + cases: 12 + + - name: RolesGuard.spec.ts + file: apps/backend/src/modules/roles/__tests__/roles.guard.spec.ts + status: pending + cases: 8 + + integration: + - name: roles.controller.e2e.spec.ts + file: apps/backend/test/roles/roles.controller.e2e.spec.ts + status: pending + cases: 12 + + coverage: + target: 80% + current: 0% + +# ============================================================================= +# METRICAS +# ============================================================================= + +metrics: + story_points: + estimated: 40 + actual: null + + files: + database: 7 + backend: 18 + frontend: 10 + tests: 6 + total: 41 + +# ============================================================================= +# HISTORIAL +# ============================================================================= + +history: + - date: "2025-12-05" + action: "Creacion de TRACEABILITY.yml" + author: Requirements-Analyst diff --git a/docs/01-fase-foundation/MGN-003-roles/requerimientos/INDICE-RF-ROLE.md b/docs/01-fase-foundation/MGN-003-roles/requerimientos/INDICE-RF-ROLE.md new file mode 100644 index 0000000..f63ffb9 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/requerimientos/INDICE-RF-ROLE.md @@ -0,0 +1,221 @@ +# Indice de Requerimientos Funcionales - MGN-003 Roles/RBAC + +## Resumen del Modulo + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-003 | +| **Nombre** | Roles y RBAC | +| **Descripcion** | Control de acceso basado en roles | +| **Total RFs** | 4 | +| **Story Points** | 64 | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Lista de Requerimientos + +| ID | Nombre | Prioridad | SP | Estado | +|----|--------|-----------|-----|--------| +| [RF-ROLE-001](./RF-ROLE-001.md) | CRUD de Roles | P0 | 20 | Ready | +| [RF-ROLE-002](./RF-ROLE-002.md) | Gestion de Permisos | P0 | 12 | Ready | +| [RF-ROLE-003](./RF-ROLE-003.md) | Asignacion de Roles a Usuarios | P0 | 17 | Ready | +| [RF-ROLE-004](./RF-ROLE-004.md) | Guards y Middlewares RBAC | P0 | 15 | Ready | + +--- + +## Diagrama de Dependencias + +``` + ┌─────────────────┐ + │ RF-AUTH-001 │ + │ (Login/JWT) │ + └────────┬────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ MGN-003: Roles/RBAC │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ ┌─────────────────┐ ┌─────────────────┐ │ +│ │ RF-ROLE-002 │◄─────────│ RF-ROLE-001 │ │ +│ │ Permisos │ │ CRUD Roles │ │ +│ └────────┬────────┘ └────────┬────────┘ │ +│ │ │ │ +│ │ ┌──────────────────┘ │ +│ │ │ │ +│ ▼ ▼ │ +│ ┌─────────────────────────────┐ │ +│ │ RF-ROLE-003 │ │ +│ │ Asignacion Roles-Usuarios │ │ +│ └─────────────┬───────────────┘ │ +│ │ │ +│ ▼ │ +│ ┌─────────────────────────────┐ │ +│ │ RF-ROLE-004 │ │ +│ │ Guards y Middlewares │ │ +│ └─────────────────────────────┘ │ +│ │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ + ┌──────────────────────────┐ + │ Todos los endpoints │ + │ del sistema usan RBAC │ + └──────────────────────────┘ +``` + +--- + +## Arquitectura del Sistema RBAC + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ RBAC Architecture │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ ┌─────────┐ ┌─────────┐ ┌─────────────┐ │ +│ │ User │──────│ Role │──────│ Permission │ │ +│ └─────────┘ M:N └─────────┘ M:N └─────────────┘ │ +│ │ +│ Un usuario puede tener multiples roles │ +│ Un rol puede tener multiples permisos │ +│ Permisos efectivos = Union de permisos de todos los roles │ +│ │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ Formato de Permisos: modulo:accion │ +│ modulo:recurso:accion │ +│ │ +│ Wildcards: users:* (todas las acciones) │ +│ inventory:products:* │ +│ │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ Flujo de Validacion: │ +│ │ +│ Request → JwtGuard → TenantGuard → RbacGuard → Controller │ +│ │ │ +│ ▼ │ +│ ┌─────────────┐ │ +│ │ Cache │ │ +│ │ (5 min) │ │ +│ └─────────────┘ │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Roles del Sistema (Built-in) + +| Rol | Slug | Permisos Base | Modificable | +|-----|------|---------------|-------------| +| Super Administrador | super_admin | Todos (*) | No | +| Administrador | admin | Gestion tenant | Solo extender | +| Gerente | manager | Lectura + reportes | Solo extender | +| Usuario | user | Acceso basico | Solo extender | +| Invitado | guest | Solo dashboard | Solo extender | + +--- + +## Catalogo de Permisos por Modulo + +### MGN-001 Auth (2 permisos) +- `auth:sessions:read` +- `auth:sessions:revoke` + +### MGN-002 Users (7 permisos) +- `users:read`, `users:create`, `users:update`, `users:delete` +- `users:activate`, `users:export`, `users:import` + +### MGN-003 Roles (6 permisos) +- `roles:read`, `roles:create`, `roles:update`, `roles:delete` +- `roles:assign`, `permissions:read` + +### MGN-004 Tenants (3 permisos) +- `tenants:read`, `tenants:update`, `tenants:billing` + +### MGN-006 Settings (2 permisos) +- `settings:read`, `settings:update` + +### MGN-007 Audit (2 permisos) +- `audit:read`, `audit:export` + +### MGN-009 Reports (4 permisos) +- `reports:read`, `reports:create`, `reports:export`, `reports:schedule` + +### MGN-010 Financial (6 permisos) +- `financial:accounts:read`, `financial:accounts:manage` +- `financial:transactions:read`, `financial:transactions:create`, `financial:transactions:approve` +- `financial:reports:read` + +### MGN-011 Inventory (8 permisos) +- `inventory:products:read`, `inventory:products:create`, `inventory:products:update`, `inventory:products:delete` +- `inventory:stock:read`, `inventory:stock:adjust` +- `inventory:movements:read`, `inventory:movements:create` + +**Total: ~40 permisos base** + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Backend: Endpoints | 15 | +| Backend: Guards/Decorators | 10 | +| Backend: Logica permisos | 8 | +| Backend: Cache | 4 | +| Backend: Tests | 10 | +| Frontend: RolesPage | 6 | +| Frontend: PermissionSelector | 4 | +| Frontend: RoleAssignment | 5 | +| Frontend: Tests | 6 | +| **Total** | **68 SP** | + +> Nota: Los 64 SP indicados en resumen corresponden a la suma de RF individuales. +> La estimacion detallada es de 68 SP incluyendo integracion. + +--- + +## Definition of Done del Modulo + +- [ ] RF-ROLE-001: CRUD de roles completo +- [ ] RF-ROLE-002: Catalogo de permisos seeded +- [ ] RF-ROLE-003: Asignacion roles-usuarios funcional +- [ ] RF-ROLE-004: Guards aplicados a todos los endpoints +- [ ] Cache de permisos implementado +- [ ] Tests unitarios > 80% coverage +- [ ] Tests e2e de flujos RBAC +- [ ] Documentacion Swagger completa +- [ ] Code review aprobado +- [ ] Security review aprobado + +--- + +## Notas de Implementacion + +### Orden Recomendado + +1. **Primero**: RF-ROLE-002 (Permisos) - Seed inicial de permisos +2. **Segundo**: RF-ROLE-001 (Roles) - CRUD de roles con permisos +3. **Tercero**: RF-ROLE-003 (Asignacion) - Vincular usuarios y roles +4. **Cuarto**: RF-ROLE-004 (Guards) - Proteger todos los endpoints + +### Consideraciones de Seguridad + +- Nunca revelar que permiso falta en errores 403 +- Logs de acceso denegado para auditoria +- Super Admin no debe poder eliminarse a si mismo +- Cache de permisos debe invalidarse al cambiar roles +- Validar permisos en CADA request (no confiar en frontend) + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 RFs | diff --git a/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-001.md b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-001.md new file mode 100644 index 0000000..1f7f3cb --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-001.md @@ -0,0 +1,364 @@ +# RF-ROLE-001: CRUD de Roles + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-ROLE-001 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los administradores crear, listar, ver, actualizar y eliminar roles dentro de su tenant. Los roles son contenedores de permisos que se asignan a usuarios para controlar su acceso a funcionalidades del sistema. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Super Admin | Puede gestionar roles del sistema (built-in) | +| Admin | Puede crear y gestionar roles personalizados del tenant | + +--- + +## Precondiciones + +1. Usuario autenticado con permiso `roles:create`, `roles:read`, `roles:update` o `roles:delete` +2. Tenant activo +3. Para modificar: rol existente en el tenant + +--- + +## Flujo Principal + +### Crear Rol + +``` +1. Admin accede a Configuracion > Roles +2. Click en "Nuevo Rol" +3. Sistema muestra formulario: + - Nombre del rol (unico en tenant) + - Descripcion + - Seleccion de permisos +4. Admin completa datos y selecciona permisos +5. Click en "Crear Rol" +6. Sistema valida unicidad del nombre +7. Sistema crea el rol con los permisos seleccionados +8. Sistema muestra mensaje de exito +``` + +### Listar Roles + +``` +1. Admin accede a Configuracion > Roles +2. Sistema muestra tabla con: + - Nombre del rol + - Descripcion + - Numero de permisos + - Numero de usuarios asignados + - Es rol del sistema (built-in) + - Fecha de creacion +3. Admin puede filtrar por: + - Nombre + - Tipo (sistema/personalizado) +4. Admin puede ordenar por cualquier columna +``` + +### Ver Detalle de Rol + +``` +1. Admin click en un rol de la lista +2. Sistema muestra: + - Informacion basica del rol + - Lista de permisos asignados (agrupados por modulo) + - Lista de usuarios con este rol + - Historial de cambios +``` + +### Actualizar Rol + +``` +1. Admin click en "Editar" de un rol +2. Sistema muestra formulario con datos actuales +3. Admin modifica campos permitidos +4. Click en "Guardar Cambios" +5. Sistema valida cambios +6. Sistema actualiza el rol +7. Sistema registra en auditoria +``` + +### Eliminar Rol + +``` +1. Admin click en "Eliminar" de un rol +2. Sistema verifica si hay usuarios asignados +3. Si hay usuarios: + - Muestra advertencia con conteo + - Opcion de reasignar a otro rol +4. Admin confirma eliminacion +5. Sistema aplica soft delete +6. Sistema desasigna usuarios (si se confirmo) +``` + +--- + +## Flujos Alternativos + +### FA1: Nombre duplicado + +``` +1. En paso 6 del flujo crear +2. Sistema detecta nombre ya existe en tenant +3. Sistema muestra error "Ya existe un rol con este nombre" +4. Admin corrige el nombre +5. Continua desde paso 5 +``` + +### FA2: Intentar eliminar rol del sistema + +``` +1. Admin intenta eliminar rol built-in (admin, user, etc.) +2. Sistema muestra error "No se pueden eliminar roles del sistema" +3. Operacion cancelada +``` + +### FA3: Intentar modificar rol del sistema + +``` +1. Admin intenta modificar rol built-in +2. Sistema permite solo agregar permisos adicionales +3. No permite quitar permisos base ni cambiar nombre +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Nombre de rol unico dentro del tenant | +| RN-002 | Roles built-in no pueden eliminarse | +| RN-003 | Roles built-in solo pueden extenderse (agregar permisos) | +| RN-004 | Soft delete en lugar de hard delete | +| RN-005 | Rol debe tener al menos un permiso | +| RN-006 | Nombre del rol: 3-50 caracteres, alfanumerico con guiones | +| RN-007 | Al eliminar rol, usuarios quedan sin ese rol | +| RN-008 | Un tenant puede tener maximo 50 roles personalizados | + +--- + +## Roles del Sistema (Built-in) + +| Codigo | Nombre | Descripcion | Permisos Base | +|--------|--------|-------------|---------------| +| super_admin | Super Administrador | Acceso total al sistema | Todos | +| admin | Administrador | Gestion del tenant | Gestion usuarios, roles, config | +| manager | Gerente | Supervision operativa | Lectura + reportes | +| user | Usuario | Acceso basico | Solo lectura propia | +| guest | Invitado | Acceso minimo | Solo dashboard | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Crear rol exitosamente + +```gherkin +Given un admin autenticado con permiso "roles:create" +When crea un rol con nombre "Vendedor" y 5 permisos +Then el sistema crea el rol + And el rol aparece en la lista + And el rol tiene isBuiltIn = false + And responde con status 201 +``` + +### Escenario 2: Listar roles con paginacion + +```gherkin +Given 25 roles en el tenant (5 built-in + 20 custom) +When el admin solicita GET /api/v1/roles?page=1&limit=10 +Then el sistema retorna 10 roles + And incluye meta con total=25, pages=3 + And roles built-in aparecen primero +``` + +### Escenario 3: No crear rol con nombre duplicado + +```gherkin +Given un rol existente con nombre "Vendedor" +When el admin intenta crear otro rol "Vendedor" +Then el sistema responde con status 409 + And el mensaje es "Ya existe un rol con este nombre" +``` + +### Escenario 4: No eliminar rol del sistema + +```gherkin +Given el rol built-in "admin" +When el admin intenta eliminarlo +Then el sistema responde con status 400 + And el mensaje es "No se pueden eliminar roles del sistema" +``` + +### Escenario 5: Soft delete de rol personalizado + +```gherkin +Given un rol personalizado "Vendedor" con 3 usuarios +When el admin lo elimina con reasignacion a "user" +Then el rol tiene deleted_at establecido + And los 3 usuarios ahora tienen rol "user" + And el rol no aparece en listados +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Roles [+ Nuevo Rol] | ++------------------------------------------------------------------+ +| Buscar: [___________________] [Tipo: Todos ▼] | ++------------------------------------------------------------------+ +| | Nombre | Descripcion | Permisos | Usuarios | ⚙ | +|---|-----------------|--------------------|-----------|---------|----| +| 🔒| Super Admin | Acceso total | 45 | 1 | 👁 | +| 🔒| Admin | Gestion tenant | 32 | 3 | 👁 | +| 🔒| Manager | Supervision | 18 | 5 | 👁 | +| 🔒| User | Acceso basico | 8 | 42 | 👁 | +| | Vendedor | Equipo de ventas | 12 | 8 | ✏🗑| +| | Contador | Area contable | 15 | 2 | ✏🗑| +| | Almacenista | Gestion inventario | 10 | 4 | ✏🗑| ++------------------------------------------------------------------+ +| Mostrando 1-7 de 7 [< Anterior] [Siguiente >]| ++------------------------------------------------------------------+ + +🔒 = Rol del sistema (built-in) + +Modal: Crear/Editar Rol +┌──────────────────────────────────────────────────────────────────┐ +│ NUEVO ROL │ +├──────────────────────────────────────────────────────────────────┤ +│ Nombre* [_______________________________] │ +│ Descripcion [_______________________________] │ +│ [_______________________________] │ +│ │ +│ PERMISOS [Seleccionar todos]│ +│ ┌────────────────────────────────────────────────────────────┐ │ +│ │ ▼ Usuarios (4 permisos) │ │ +│ │ ☑ users:read ☐ users:create │ │ +│ │ ☐ users:update ☐ users:delete │ │ +│ │ │ │ +│ │ ▼ Roles (4 permisos) │ │ +│ │ ☑ roles:read ☐ roles:create │ │ +│ │ ☐ roles:update ☐ roles:delete │ │ +│ │ │ │ +│ │ ▼ Inventario (6 permisos) │ │ +│ │ ☑ inventory:read ☑ inventory:create │ │ +│ │ ☑ inventory:update ☐ inventory:delete │ │ +│ │ ☑ inventory:export ☐ inventory:import │ │ +│ └────────────────────────────────────────────────────────────┘ │ +│ │ +│ Permisos seleccionados: 7 │ +│ │ +│ [ Cancelar ] [ Crear Rol ] │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Crear rol +POST /api/v1/roles +{ + "name": "Vendedor", + "description": "Equipo de ventas", + "permissionIds": ["perm-uuid-1", "perm-uuid-2"] +} + +// Response 201 +{ + "id": "role-uuid", + "name": "Vendedor", + "slug": "vendedor", + "description": "Equipo de ventas", + "isBuiltIn": false, + "permissions": [...], + "usersCount": 0, + "createdAt": "2025-12-05T10:00:00Z" +} + +// Listar roles +GET /api/v1/roles?page=1&limit=10&search=vend&type=custom + +// Response 200 +{ + "data": [...], + "meta": { "total": 25, "page": 1, "limit": 10 } +} + +// Ver detalle +GET /api/v1/roles/:id + +// Actualizar rol +PATCH /api/v1/roles/:id +{ + "name": "Vendedor Senior", + "permissionIds": ["perm-1", "perm-2", "perm-3"] +} + +// Eliminar rol +DELETE /api/v1/roles/:id?reassignTo=other-role-id +``` + +### Validaciones + +| Campo | Validacion | +|-------|------------| +| name | Required, 3-50 chars, unique en tenant | +| slug | Auto-generado desde name | +| description | Optional, max 500 chars | +| permissionIds | Array min 1 elemento | + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-AUTH-001 | Login para autenticacion | +| RF-ROLE-002 | Permisos para asignar a roles | +| MGN-004 | Tenants para aislamiento | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: CRUD endpoints | 5 | +| Backend: Validaciones y reglas | 3 | +| Backend: Tests | 2 | +| Frontend: RolesListPage | 3 | +| Frontend: RoleForm modal | 3 | +| Frontend: PermissionSelector | 2 | +| Frontend: Tests | 2 | +| **Total** | **20 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-002.md b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-002.md new file mode 100644 index 0000000..553da3a --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-002.md @@ -0,0 +1,338 @@ +# RF-ROLE-002: Gestion de Permisos + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-ROLE-002 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe mantener un catalogo de permisos que definen las acciones granulares que los usuarios pueden realizar. Los permisos se agrupan por modulo y se asignan a roles. El sistema soporta permisos jerarquicos donde un permiso padre implica todos sus hijos. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Super Admin | Puede ver todos los permisos del sistema | +| Admin | Puede ver permisos disponibles para su tenant | +| Sistema | Registra nuevos permisos al instalar modulos | + +--- + +## Precondiciones + +1. Usuario autenticado con permiso `permissions:read` +2. Permisos base del sistema inicializados + +--- + +## Catalogo de Permisos + +### Estructura de Permisos + +Los permisos siguen el patron `modulo:accion` o `modulo:recurso:accion`: + +``` +users:read - Leer usuarios +users:create - Crear usuarios +users:update - Actualizar usuarios +users:delete - Eliminar usuarios +users:* - Todos los permisos de usuarios (wildcard) + +inventory:products:read - Leer productos +inventory:products:create - Crear productos +inventory:* - Todo el modulo inventario +``` + +### Permisos por Modulo + +#### Modulo Auth (MGN-001) + +| Permiso | Descripcion | +|---------|-------------| +| auth:sessions:read | Ver sesiones activas | +| auth:sessions:revoke | Revocar sesiones | + +#### Modulo Users (MGN-002) + +| Permiso | Descripcion | +|---------|-------------| +| users:read | Listar y ver usuarios | +| users:create | Crear usuarios | +| users:update | Actualizar usuarios | +| users:delete | Eliminar usuarios | +| users:activate | Activar/desactivar usuarios | +| users:export | Exportar lista de usuarios | +| users:import | Importar usuarios | + +#### Modulo Roles (MGN-003) + +| Permiso | Descripcion | +|---------|-------------| +| roles:read | Listar y ver roles | +| roles:create | Crear roles | +| roles:update | Actualizar roles | +| roles:delete | Eliminar roles | +| roles:assign | Asignar roles a usuarios | +| permissions:read | Ver permisos disponibles | + +#### Modulo Tenants (MGN-004) + +| Permiso | Descripcion | +|---------|-------------| +| tenants:read | Ver configuracion del tenant | +| tenants:update | Actualizar configuracion | +| tenants:billing | Gestionar facturacion | + +#### Modulo Settings (MGN-006) + +| Permiso | Descripcion | +|---------|-------------| +| settings:read | Ver configuracion | +| settings:update | Modificar configuracion | + +#### Modulo Audit (MGN-007) + +| Permiso | Descripcion | +|---------|-------------| +| audit:read | Ver logs de auditoria | +| audit:export | Exportar logs | + +#### Modulo Reports (MGN-009) + +| Permiso | Descripcion | +|---------|-------------| +| reports:read | Ver reportes | +| reports:create | Crear reportes personalizados | +| reports:export | Exportar reportes | +| reports:schedule | Programar reportes | + +#### Modulo Financial (MGN-010) + +| Permiso | Descripcion | +|---------|-------------| +| financial:accounts:read | Ver cuentas contables | +| financial:accounts:manage | Gestionar cuentas | +| financial:transactions:read | Ver transacciones | +| financial:transactions:create | Crear transacciones | +| financial:transactions:approve | Aprobar transacciones | +| financial:reports:read | Ver reportes financieros | + +#### Modulo Inventory (MGN-011) + +| Permiso | Descripcion | +|---------|-------------| +| inventory:products:read | Ver productos | +| inventory:products:create | Crear productos | +| inventory:products:update | Actualizar productos | +| inventory:products:delete | Eliminar productos | +| inventory:stock:read | Ver stock | +| inventory:stock:adjust | Ajustar stock | +| inventory:movements:read | Ver movimientos | +| inventory:movements:create | Crear movimientos | + +--- + +## Flujo Principal + +### Listar Permisos Disponibles + +``` +1. Admin accede a Configuracion > Roles > Nuevo/Editar +2. Sistema carga lista de permisos agrupados por modulo +3. Sistema muestra solo permisos habilitados para el tenant +4. Admin puede expandir/colapsar grupos +5. Admin puede buscar permisos por nombre +``` + +### Ver Permisos de un Rol + +``` +1. Admin accede a detalle de un rol +2. Sistema muestra permisos agrupados por modulo +3. Sistema indica cuales son heredados vs directos +4. Sistema muestra descripcion de cada permiso +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Permisos son inmutables por usuarios | +| RN-002 | Permisos se registran por el sistema al instalar modulos | +| RN-003 | Permiso wildcard (*) incluye todas las acciones del modulo | +| RN-004 | Tenant solo ve permisos de modulos que tiene activos | +| RN-005 | Codigo de permiso unico globalmente | +| RN-006 | Permisos pueden estar activos o deprecados | + +--- + +## Jerarquia de Permisos + +``` +users:* (Wildcard - todos los permisos de users) +├── users:read +├── users:create +├── users:update +├── users:delete +├── users:activate +├── users:export +└── users:import + +inventory:* (Wildcard - todo inventario) +├── inventory:products:* (Wildcard - productos) +│ ├── inventory:products:read +│ ├── inventory:products:create +│ ├── inventory:products:update +│ └── inventory:products:delete +├── inventory:stock:* +│ ├── inventory:stock:read +│ └── inventory:stock:adjust +└── inventory:movements:* + ├── inventory:movements:read + └── inventory:movements:create +``` + +--- + +## Criterios de Aceptacion + +### Escenario 1: Listar permisos disponibles + +```gherkin +Given un admin autenticado +When solicita GET /api/v1/permissions +Then el sistema retorna permisos agrupados por modulo + And cada permiso incluye code, name, description + And solo incluye permisos de modulos activos en el tenant +``` + +### Escenario 2: Buscar permisos + +```gherkin +Given lista de 50 permisos +When el admin busca "users" +Then el sistema retorna solo permisos que contienen "users" + And mantiene agrupacion por modulo +``` + +### Escenario 3: Validar wildcard + +```gherkin +Given un rol con permiso "users:*" +When se verifica si tiene "users:delete" +Then el sistema confirma que SI tiene el permiso + And el permiso es heredado (no directo) +``` + +### Escenario 4: Permisos por modulo deshabilitado + +```gherkin +Given tenant sin modulo de inventario activo +When admin lista permisos disponibles +Then NO aparecen permisos de "inventory:*" +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Listar todos los permisos +GET /api/v1/permissions +// Query params: ?search=users&module=users + +// Response 200 +{ + "data": [ + { + "module": "users", + "moduleName": "Gestion de Usuarios", + "permissions": [ + { + "id": "perm-uuid", + "code": "users:read", + "name": "Leer usuarios", + "description": "Permite ver listado y detalle de usuarios", + "isDeprecated": false + }, + // ... + ] + }, + { + "module": "roles", + "moduleName": "Roles y Permisos", + "permissions": [...] + } + ] +} + +// Listar permisos de un rol +GET /api/v1/roles/:roleId/permissions + +// Response 200 +{ + "direct": ["users:read", "users:create"], + "inherited": ["users:update"], // via wildcard + "all": ["users:read", "users:create", "users:update"] +} +``` + +### Modelo de Datos + +```typescript +interface Permission { + id: string; + code: string; // users:read + name: string; // Leer usuarios + description: string; + module: string; // users + parentCode?: string; // users:* (para jerarquia) + isDeprecated: boolean; + createdAt: Date; +} +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-ROLE-001 | Roles que contienen permisos | +| MGN-004 | Tenants para filtrar por modulos activos | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: Seed de permisos | 2 | +| Backend: Endpoint listar | 2 | +| Backend: Logica wildcard | 3 | +| Backend: Tests | 2 | +| Frontend: PermissionsList component | 2 | +| Frontend: Tests | 1 | +| **Total** | **12 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-003.md b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-003.md new file mode 100644 index 0000000..c59b9e9 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-003.md @@ -0,0 +1,350 @@ +# RF-ROLE-003: Asignacion de Roles a Usuarios + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-ROLE-003 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir asignar uno o mas roles a cada usuario. Los permisos efectivos de un usuario son la union de todos los permisos de sus roles asignados. La asignacion puede realizarse desde la gestion de usuarios o desde la gestion de roles. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Super Admin | Puede asignar cualquier rol a cualquier usuario | +| Admin | Puede asignar roles (excepto super_admin) a usuarios del tenant | + +--- + +## Precondiciones + +1. Usuario autenticado con permiso `roles:assign` +2. Usuario destino existente y activo +3. Rol existente y activo + +--- + +## Flujo Principal + +### Asignar Rol desde Usuario + +``` +1. Admin accede a Usuarios > Detalle de usuario +2. Click en "Gestionar Roles" +3. Sistema muestra: + - Roles actuales del usuario + - Roles disponibles para asignar +4. Admin selecciona roles a asignar +5. Admin deselecciona roles a quitar +6. Click en "Guardar Cambios" +7. Sistema actualiza asignaciones +8. Sistema recalcula permisos del usuario +9. Sistema muestra confirmacion +``` + +### Asignar Usuarios desde Rol + +``` +1. Admin accede a Roles > Detalle de rol +2. Click en pestaña "Usuarios" +3. Sistema muestra usuarios con este rol +4. Click en "Agregar Usuarios" +5. Sistema muestra lista de usuarios sin este rol +6. Admin selecciona usuarios +7. Click en "Asignar" +8. Sistema asigna rol a usuarios seleccionados +``` + +### Asignacion Masiva + +``` +1. Admin accede a Usuarios +2. Selecciona multiples usuarios (checkbox) +3. Click en "Acciones > Asignar Rol" +4. Sistema muestra selector de rol +5. Admin selecciona rol +6. Sistema asigna rol a todos los usuarios seleccionados +``` + +--- + +## Flujos Alternativos + +### FA1: Usuario ya tiene el rol + +``` +1. Admin intenta asignar rol que usuario ya tiene +2. Sistema ignora la asignacion duplicada +3. Continua sin error +``` + +### FA2: Quitar ultimo rol + +``` +1. Admin intenta quitar el unico rol del usuario +2. Sistema muestra advertencia +3. Admin confirma o cancela +4. Si confirma: usuario queda sin roles (acceso minimo) +``` + +### FA3: Admin intenta asignar super_admin + +``` +1. Admin (no super_admin) intenta asignar rol super_admin +2. Sistema muestra error "Solo Super Admin puede asignar este rol" +3. Operacion cancelada +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Usuario puede tener multiples roles | +| RN-002 | Permisos efectivos = union de permisos de todos los roles | +| RN-003 | Solo super_admin puede asignar rol super_admin | +| RN-004 | No se puede quitar rol super_admin del ultimo super_admin | +| RN-005 | Cambios de roles toman efecto inmediato | +| RN-006 | Se registra en auditoria cada cambio de asignacion | +| RN-007 | Usuario sin roles tiene acceso minimo (solo perfil propio) | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Asignar rol a usuario + +```gherkin +Given un usuario "juan@empresa.com" con rol "user" + And un rol "vendedor" disponible +When el admin asigna rol "vendedor" al usuario +Then el usuario tiene roles ["user", "vendedor"] + And el usuario tiene permisos de ambos roles combinados + And se registra en auditoria +``` + +### Escenario 2: Quitar rol de usuario + +```gherkin +Given un usuario con roles ["admin", "manager"] +When el admin quita el rol "manager" +Then el usuario solo tiene rol ["admin"] + And pierde los permisos exclusivos de "manager" +``` + +### Escenario 3: Asignacion masiva + +```gherkin +Given 10 usuarios seleccionados + And rol "vendedor" disponible +When el admin asigna "vendedor" a todos +Then los 10 usuarios tienen rol "vendedor" agregado + And responde con resumen: { success: 10, failed: 0 } +``` + +### Escenario 4: Proteccion de super_admin + +```gherkin +Given un admin autenticado (no super_admin) +When intenta asignar rol "super_admin" a un usuario +Then el sistema responde con status 403 + And el mensaje es "Solo Super Admin puede asignar este rol" +``` + +### Escenario 5: No quitar ultimo super_admin + +```gherkin +Given solo 1 usuario con rol "super_admin" +When se intenta quitar el rol +Then el sistema responde con status 400 + And el mensaje es "Debe existir al menos un Super Admin" +``` + +--- + +## Mockup / Wireframe + +``` +Modal: Gestionar Roles de Usuario +┌──────────────────────────────────────────────────────────────────┐ +│ ROLES DE: Juan Perez (juan@empresa.com) │ +├──────────────────────────────────────────────────────────────────┤ +│ │ +│ Roles Asignados: │ +│ ┌────────────────────────────────────────────────────────────┐ │ +│ │ ☑ Admin Gestion completa del tenant [x] │ │ +│ │ ☑ Manager Supervision operativa [x] │ │ +│ │ ☐ User Acceso basico │ │ +│ │ ☐ Vendedor Equipo de ventas │ │ +│ │ ☐ Contador Area contable │ │ +│ │ ☐ Almacenista Gestion de inventario │ │ +│ └────────────────────────────────────────────────────────────┘ │ +│ │ +│ Permisos Efectivos: 45 permisos (de 2 roles) │ +│ [Ver detalle de permisos] │ +│ │ +│ [ Cancelar ] [ Guardar Cambios ] │ +└──────────────────────────────────────────────────────────────────┘ + +Vista: Usuarios de un Rol +┌──────────────────────────────────────────────────────────────────┐ +│ ROL: Vendedor [+ Agregar Usuarios]│ +├──────────────────────────────────────────────────────────────────┤ +│ Usuarios con este rol (8): │ +│ │ +│ | Avatar | Nombre | Email | Desde | ⚙ | +│ |--------|----------------|--------------------|-----------|----| +│ | 👤 | Carlos Lopez | carlos@empresa.com | 01/12/2025 | 🗑| +│ | 👤 | Maria Garcia | maria@empresa.com | 15/11/2025 | 🗑| +│ | 👤 | Pedro Martinez | pedro@empresa.com | 10/11/2025 | 🗑| +│ | ... | ... | ... | ... | ...| +│ │ +│ Mostrando 1-8 de 8 │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Asignar roles a usuario +PUT /api/v1/users/:userId/roles +{ + "roleIds": ["role-uuid-1", "role-uuid-2"] +} + +// Response 200 +{ + "userId": "user-uuid", + "roles": [ + { "id": "role-uuid-1", "name": "Admin", "assignedAt": "..." }, + { "id": "role-uuid-2", "name": "Manager", "assignedAt": "..." } + ], + "effectivePermissions": ["users:*", "reports:read", ...] +} + +// Agregar rol a usuario (sin quitar existentes) +POST /api/v1/users/:userId/roles +{ + "roleId": "role-uuid" +} + +// Quitar rol de usuario +DELETE /api/v1/users/:userId/roles/:roleId + +// Asignar rol a multiples usuarios +POST /api/v1/roles/:roleId/users +{ + "userIds": ["user-1", "user-2", "user-3"] +} + +// Response 200 +{ + "roleId": "role-uuid", + "results": { + "success": ["user-1", "user-2"], + "failed": [{ "userId": "user-3", "reason": "Ya tiene el rol" }] + } +} + +// Listar usuarios de un rol +GET /api/v1/roles/:roleId/users?page=1&limit=20 + +// Obtener permisos efectivos de usuario +GET /api/v1/users/:userId/permissions + +// Response 200 +{ + "roles": ["admin", "manager"], + "permissions": { + "direct": [...], // Permisos de roles asignados + "inherited": [...], // Via wildcards + "all": [...] // Union de todos + } +} +``` + +### Calculo de Permisos Efectivos + +```typescript +function calculateEffectivePermissions(userId: string): string[] { + // 1. Obtener roles del usuario + const userRoles = await getUserRoles(userId); + + // 2. Obtener permisos de cada rol + const allPermissions = new Set(); + + for (const role of userRoles) { + const rolePermissions = await getRolePermissions(role.id); + rolePermissions.forEach(p => allPermissions.add(p)); + } + + // 3. Expandir wildcards + const expanded = expandWildcards(allPermissions); + + return Array.from(expanded); +} + +function expandWildcards(permissions: Set): Set { + const result = new Set(permissions); + + for (const perm of permissions) { + if (perm.endsWith(':*')) { + // users:* -> agregar users:read, users:create, etc. + const module = perm.replace(':*', ''); + const modulePerms = getModulePermissions(module); + modulePerms.forEach(p => result.add(p)); + } + } + + return result; +} +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-ROLE-001 | Roles existentes para asignar | +| RF-ROLE-002 | Permisos para calcular efectivos | +| RF-USER-001 | Usuarios existentes | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: Endpoints asignacion | 3 | +| Backend: Calculo permisos efectivos | 3 | +| Backend: Validaciones y reglas | 2 | +| Backend: Tests | 2 | +| Frontend: RoleAssignment modal | 3 | +| Frontend: BulkAssignment | 2 | +| Frontend: Tests | 2 | +| **Total** | **17 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-004.md b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-004.md new file mode 100644 index 0000000..08f9797 --- /dev/null +++ b/docs/01-fase-foundation/MGN-003-roles/requerimientos/RF-ROLE-004.md @@ -0,0 +1,530 @@ +# RF-ROLE-004: Guards y Middlewares RBAC + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-ROLE-004 | +| **Modulo** | MGN-003 Roles/RBAC | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe implementar mecanismos de control de acceso basado en roles (RBAC) que se apliquen automaticamente a todos los endpoints protegidos. Esto incluye guards de NestJS, decoradores personalizados y middlewares para validar permisos antes de ejecutar cualquier accion. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Sistema | Valida permisos en cada request | +| Usuario | Sujeto de validacion de permisos | + +--- + +## Precondiciones + +1. Usuario autenticado (JWT valido) +2. Roles y permisos cargados en el sistema +3. Endpoint decorado con permisos requeridos + +--- + +## Arquitectura RBAC + +``` +Request HTTP + │ + ▼ +┌─────────────────┐ +│ JwtAuthGuard │ Valida token JWT +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ TenantGuard │ Verifica tenant del usuario +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ RbacGuard │ Valida permisos requeridos +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ Controller │ Ejecuta logica de negocio +└─────────────────┘ +``` + +--- + +## Flujo de Validacion + +### Validacion Estandar + +``` +1. Request llega al servidor +2. JwtAuthGuard extrae y valida token +3. Sistema carga usuario y sus roles desde cache/DB +4. TenantGuard verifica que usuario pertenece al tenant +5. RbacGuard obtiene permisos requeridos del decorator +6. Sistema calcula permisos efectivos del usuario +7. Sistema verifica si tiene TODOS los permisos requeridos +8. Si tiene permisos: continua al controller +9. Si no tiene: retorna 403 Forbidden +``` + +### Validacion con Permisos Alternativos (OR) + +``` +1. Endpoint requiere: users:update OR users:admin +2. Usuario tiene: users:update +3. Sistema verifica si tiene AL MENOS UNO +4. Usuario tiene users:update -> acceso permitido +``` + +### Validacion Condicional (Owner) + +``` +1. Endpoint requiere: users:update OR ser owner del recurso +2. Sistema verifica permisos +3. Si no tiene permiso, verifica si es owner +4. Si es owner del recurso: acceso permitido +``` + +--- + +## Componentes del Sistema + +### 1. Decoradores + +```typescript +// Permiso requerido (AND) +@Permissions('users:read', 'users:update') +// Usuario debe tener AMBOS permisos + +// Permiso alternativo (OR) +@AnyPermission('users:update', 'users:admin') +// Usuario debe tener AL MENOS UNO + +// Rol requerido +@Roles('admin', 'manager') +// Usuario debe tener AL MENOS UNO de los roles + +// Acceso publico (sin auth) +@Public() + +// Owner o permiso +@OwnerOrPermission('users:update') +``` + +### 2. Guards + +```typescript +// JwtAuthGuard - Ya implementado en MGN-001 +// Valida token, extrae usuario + +// TenantGuard +// Verifica tenant_id del usuario vs tenant del recurso + +// RbacGuard +// Valida permisos segun decoradores +``` + +### 3. Interceptors + +```typescript +// PermissionInterceptor +// Agrega permisos efectivos al request para uso en controller + +// AuditInterceptor +// Registra acciones sensibles con info de permisos +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Permisos se validan en CADA request (no solo al login) | +| RN-002 | Permisos efectivos se cachean por sesion (TTL 5 min) | +| RN-003 | Cambios de roles invalidan cache de permisos | +| RN-004 | Super Admin bypasea validacion de permisos | +| RN-005 | Endpoints publicos no requieren autenticacion | +| RN-006 | Error 403 no revela que permisos faltan (seguridad) | +| RN-007 | Logs de acceso denegado para auditoria | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Acceso con permiso valido + +```gherkin +Given un usuario con permiso "users:read" + And endpoint GET /api/v1/users requiere "users:read" +When el usuario hace la solicitud +Then el sistema permite el acceso + And retorna status 200 con los datos +``` + +### Escenario 2: Acceso denegado por falta de permiso + +```gherkin +Given un usuario con permiso "users:read" solamente + And endpoint DELETE /api/v1/users/:id requiere "users:delete" +When el usuario intenta eliminar +Then el sistema retorna status 403 + And el mensaje es "No tienes permiso para realizar esta accion" + And NO revela que permiso falta +``` + +### Escenario 3: Wildcard permite acceso + +```gherkin +Given un usuario con permiso "users:*" + And endpoint requiere "users:delete" +When el usuario hace la solicitud +Then el sistema permite el acceso + And wildcard cubre el permiso especifico +``` + +### Escenario 4: Super Admin bypass + +```gherkin +Given un usuario con rol "super_admin" + And endpoint requiere "cualquier:permiso" +When el usuario hace la solicitud +Then el sistema permite el acceso + And no valida permisos especificos +``` + +### Escenario 5: Permisos alternativos (OR) + +```gherkin +Given endpoint requiere "users:update" OR "users:admin" + And usuario tiene solo "users:admin" +When el usuario hace la solicitud +Then el sistema permite el acceso +``` + +### Escenario 6: Owner puede acceder + +```gherkin +Given endpoint PATCH /api/v1/users/:id con @OwnerOrPermission('users:update') + And usuario es owner del recurso (su propio perfil) + And usuario NO tiene permiso "users:update" +When el usuario actualiza su perfil +Then el sistema permite el acceso + And aplica validaciones de owner +``` + +### Escenario 7: Cache de permisos + +```gherkin +Given permisos de usuario cacheados +When el admin cambia roles del usuario +Then el cache se invalida + And siguiente request recalcula permisos +``` + +--- + +## Notas Tecnicas + +### Implementacion de Decoradores + +```typescript +// decorators/permissions.decorator.ts +import { SetMetadata } from '@nestjs/common'; + +export const PERMISSIONS_KEY = 'permissions'; +export const Permissions = (...permissions: string[]) => + SetMetadata(PERMISSIONS_KEY, { permissions, mode: 'AND' }); + +export const AnyPermission = (...permissions: string[]) => + SetMetadata(PERMISSIONS_KEY, { permissions, mode: 'OR' }); + +export const ROLES_KEY = 'roles'; +export const Roles = (...roles: string[]) => + SetMetadata(ROLES_KEY, roles); + +export const IS_PUBLIC_KEY = 'isPublic'; +export const Public = () => SetMetadata(IS_PUBLIC_KEY, true); + +export const OWNER_OR_PERMISSION_KEY = 'ownerOrPermission'; +export const OwnerOrPermission = (permission: string) => + SetMetadata(OWNER_OR_PERMISSION_KEY, permission); +``` + +### Implementacion de RbacGuard + +```typescript +// guards/rbac.guard.ts +@Injectable() +export class RbacGuard implements CanActivate { + constructor( + private reflector: Reflector, + private permissionService: PermissionService, + private cacheManager: Cache, + ) {} + + async canActivate(context: ExecutionContext): Promise { + // 1. Verificar si es ruta publica + const isPublic = this.reflector.getAllAndOverride( + IS_PUBLIC_KEY, + [context.getHandler(), context.getClass()], + ); + if (isPublic) return true; + + // 2. Obtener usuario del request + const request = context.switchToHttp().getRequest(); + const user = request.user; + if (!user) return false; + + // 3. Super Admin bypass + if (user.roles.includes('super_admin')) return true; + + // 4. Obtener permisos requeridos + const requiredPermissions = this.reflector.getAllAndOverride<{ + permissions: string[]; + mode: 'AND' | 'OR'; + }>(PERMISSIONS_KEY, [context.getHandler(), context.getClass()]); + + if (!requiredPermissions) return true; // No requiere permisos + + // 5. Obtener permisos efectivos (con cache) + const effectivePermissions = await this.getEffectivePermissions(user.id); + + // 6. Validar permisos + const { permissions, mode } = requiredPermissions; + + if (mode === 'AND') { + return permissions.every(p => this.hasPermission(effectivePermissions, p)); + } else { + return permissions.some(p => this.hasPermission(effectivePermissions, p)); + } + } + + private hasPermission(userPerms: string[], required: string): boolean { + // Verificar permiso directo + if (userPerms.includes(required)) return true; + + // Verificar wildcard + const [module] = required.split(':'); + if (userPerms.includes(`${module}:*`)) return true; + + // Verificar wildcard de segundo nivel + const parts = required.split(':'); + if (parts.length === 3) { + if (userPerms.includes(`${parts[0]}:${parts[1]}:*`)) return true; + } + + return false; + } + + private async getEffectivePermissions(userId: string): Promise { + const cacheKey = `permissions:${userId}`; + + // Intentar desde cache + const cached = await this.cacheManager.get(cacheKey); + if (cached) return cached; + + // Calcular permisos + const permissions = await this.permissionService.calculateEffective(userId); + + // Guardar en cache (5 minutos) + await this.cacheManager.set(cacheKey, permissions, 300000); + + return permissions; + } +} +``` + +### Implementacion de OwnerGuard + +```typescript +// guards/owner.guard.ts +@Injectable() +export class OwnerGuard implements CanActivate { + constructor( + private reflector: Reflector, + private permissionService: PermissionService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const ownerPermission = this.reflector.get( + OWNER_OR_PERMISSION_KEY, + context.getHandler(), + ); + + if (!ownerPermission) return true; + + const request = context.switchToHttp().getRequest(); + const user = request.user; + const resourceId = request.params.id; + + // Verificar si tiene permiso + const hasPermission = await this.permissionService.userHas( + user.id, + ownerPermission, + ); + if (hasPermission) return true; + + // Verificar si es owner + const isOwner = user.id === resourceId; + return isOwner; + } +} +``` + +### Uso en Controllers + +```typescript +// users.controller.ts +@Controller('api/v1/users') +@UseGuards(JwtAuthGuard, TenantGuard, RbacGuard) +export class UsersController { + + @Get() + @Permissions('users:read') + findAll() { + // Solo usuarios con users:read + } + + @Post() + @Permissions('users:create') + create(@Body() dto: CreateUserDto) { + // Solo usuarios con users:create + } + + @Patch(':id') + @OwnerOrPermission('users:update') + update(@Param('id') id: string, @Body() dto: UpdateUserDto) { + // Owner del recurso O usuarios con users:update + } + + @Delete(':id') + @Permissions('users:delete') + remove(@Param('id') id: string) { + // Solo usuarios con users:delete + } + + @Get('export') + @AnyPermission('users:export', 'users:admin') + export() { + // Usuarios con users:export O users:admin + } +} + +// public.controller.ts +@Controller('api/v1/public') +export class PublicController { + + @Get('health') + @Public() + health() { + // Sin autenticacion + } +} +``` + +### Invalidacion de Cache + +```typescript +// Al cambiar roles de usuario +async updateUserRoles(userId: string, roleIds: string[]) { + await this.userRoleRepository.update(userId, roleIds); + + // Invalidar cache de permisos + await this.cacheManager.del(`permissions:${userId}`); + + // Emitir evento para invalidar en otros servicios + this.eventEmitter.emit('user.roles.changed', { userId }); +} + +// Al modificar permisos de un rol +async updateRolePermissions(roleId: string, permissionIds: string[]) { + await this.rolePermissionRepository.update(roleId, permissionIds); + + // Obtener usuarios con este rol + const users = await this.userRoleRepository.findUsersByRole(roleId); + + // Invalidar cache de todos + for (const user of users) { + await this.cacheManager.del(`permissions:${user.id}`); + } +} +``` + +--- + +## Respuestas de Error + +```typescript +// 401 Unauthorized - No autenticado +{ + "statusCode": 401, + "message": "No autenticado", + "error": "Unauthorized" +} + +// 403 Forbidden - Sin permiso +{ + "statusCode": 403, + "message": "No tienes permiso para realizar esta accion", + "error": "Forbidden" +} +// NOTA: No revelar que permiso falta por seguridad + +// Log interno (no expuesto) +{ + "userId": "user-uuid", + "endpoint": "DELETE /api/v1/users/123", + "requiredPermission": "users:delete", + "userPermissions": ["users:read"], + "result": "denied", + "timestamp": "2025-12-05T10:00:00Z" +} +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-AUTH-002 | JWT para autenticacion | +| RF-ROLE-001 | Roles del sistema | +| RF-ROLE-002 | Permisos del sistema | +| RF-ROLE-003 | Asignacion roles-usuarios | +| Redis | Cache de permisos | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: Decoradores | 2 | +| Backend: RbacGuard | 3 | +| Backend: OwnerGuard | 2 | +| Backend: Cache de permisos | 2 | +| Backend: Invalidacion cache | 2 | +| Backend: Tests | 3 | +| Documentacion | 1 | +| **Total** | **15 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-004-tenants/README.md b/docs/01-fase-foundation/MGN-004-tenants/README.md new file mode 100644 index 0000000..9eb377b --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/README.md @@ -0,0 +1,102 @@ +# MGN-004: Multi-tenant + +## Metadata + +| Campo | Valor | +|-------|-------| +| **ID** | MGN-004 | +| **Nombre** | Multi-tenant | +| **Fase** | 01 - Foundation | +| **Prioridad** | P0 (Critico) | +| **Story Points** | 35 SP | +| **Estado** | Documentado | +| **Dependencias** | MGN-001, MGN-002, MGN-003 | + +--- + +## Descripcion + +Sistema de multi-tenancy que permite que multiples organizaciones/empresas utilicen la misma instancia del ERP con completo aislamiento de datos. + +Caracteristicas principales: + +- **Aislamiento RLS:** Row Level Security en PostgreSQL +- **Configuracion por tenant:** Moneda, zona horaria, formato de fecha +- **Planes de suscripcion:** Diferentes niveles de servicio +- **Limites por plan:** Usuarios, almacenamiento, modulos +- **Onboarding automatizado:** Creacion de tenant con datos iniciales + +--- + +## Arquitectura + +``` +Request + │ + ▼ +┌──────────────────────┐ +│ TenantMiddleware │ <- Extrae tenant_id del token JWT +└──────────┬───────────┘ + │ + ▼ +┌──────────────────────┐ +│ SET app.tenant_id │ <- Establece contexto PostgreSQL +└──────────┬───────────┘ + │ + ▼ +┌──────────────────────┐ +│ RLS Policies │ <- Filtra automaticamente +│ tenant_isolation │ por tenant_id +└──────────────────────┘ +``` + +--- + +## Planes de Suscripcion + +| Plan | Usuarios | Almacenamiento | Modulos | +|------|----------|----------------|---------| +| Free | 3 | 1 GB | Core | +| Starter | 10 | 5 GB | Core + Ventas | +| Professional | 50 | 25 GB | Todos | +| Enterprise | Ilimitado | Ilimitado | Todos + Soporte | + +--- + +## Endpoints API + +| Metodo | Path | Descripcion | +|--------|------|-------------| +| GET | `/api/v1/tenants` | Listar tenants (super admin) | +| POST | `/api/v1/tenants` | Crear tenant | +| GET | `/api/v1/tenants/:id` | Obtener tenant | +| PATCH | `/api/v1/tenants/:id` | Actualizar tenant | +| GET | `/api/v1/tenants/current` | Tenant actual | +| GET | `/api/v1/tenants/current/settings` | Config del tenant | +| PATCH | `/api/v1/tenants/current/settings` | Actualizar config | +| GET | `/api/v1/plans` | Listar planes | +| POST | `/api/v1/subscriptions` | Crear suscripcion | +| GET | `/api/v1/subscriptions/current` | Suscripcion actual | + +--- + +## Tablas de Base de Datos + +| Tabla | Descripcion | +|-------|-------------| +| `tenants` | Organizaciones/empresas | +| `tenant_settings` | Configuracion por tenant | +| `plans` | Planes de suscripcion | +| `subscriptions` | Suscripciones activas | + +--- + +## Documentacion + +- **Mapa del modulo:** [_MAP.md](./_MAP.md) +- **Trazabilidad:** [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-004-tenants/_MAP.md b/docs/01-fase-foundation/MGN-004-tenants/_MAP.md new file mode 100644 index 0000000..42eeecb --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/_MAP.md @@ -0,0 +1,126 @@ +# _MAP: MGN-004 - Multi-tenant + +**Modulo:** MGN-004 +**Nombre:** Multi-tenant +**Fase:** 01 - Foundation +**Story Points:** 35 SP +**Estado:** Migrado GAMILIT +**Ultima actualizacion:** 2025-12-05 + +--- + +## Resumen + +Sistema de multi-tenancy que permite aislar datos por organizacion/empresa, con configuracion independiente por tenant y soporte para planes de suscripcion. + +--- + +## Metricas + +| Metrica | Valor | +|---------|-------| +| Story Points | 35 SP | +| Requerimientos (RF) | 4 | +| Especificaciones (ET) | 2 | +| User Stories (US) | 4 | +| Tablas DB | 4 | +| Endpoints API | 25 | + +--- + +## Requerimientos Funcionales (4) + +| ID | Archivo | Titulo | Prioridad | Estado | +|----|---------|--------|-----------|--------| +| RF-TENANT-001 | [RF-TENANT-001.md](./requerimientos/RF-TENANT-001.md) | CRUD de Tenants | P0 | Migrado | +| RF-TENANT-002 | [RF-TENANT-002.md](./requerimientos/RF-TENANT-002.md) | Configuracion por Tenant | P0 | Migrado | +| RF-TENANT-003 | [RF-TENANT-003.md](./requerimientos/RF-TENANT-003.md) | Planes y Suscripciones | P1 | Migrado | +| RF-TENANT-004 | [RF-TENANT-004.md](./requerimientos/RF-TENANT-004.md) | Aislamiento RLS | P0 | Migrado | + +**Indice:** [INDICE-RF-TENANT.md](./requerimientos/INDICE-RF-TENANT.md) + +--- + +## Especificaciones Tecnicas (2) + +| ID | Archivo | Titulo | RF Asociados | Estado | +|----|---------|--------|--------------|--------| +| ET-TENANTS-001 | [ET-tenants-backend.md](./especificaciones/ET-tenants-backend.md) | Backend Tenants | RF-TENANT-001 a RF-TENANT-004 | Migrado | +| ET-TENANTS-002 | [ET-TENANT-database.md](./especificaciones/ET-TENANT-database.md) | Database Tenants | RF-TENANT-001 a RF-TENANT-004 | Migrado | + +--- + +## Historias de Usuario (4) + +| ID | Archivo | Titulo | RF | SP | Estado | +|----|---------|--------|----|----|--------| +| US-MGN004-001 | [US-MGN004-001.md](./historias-usuario/US-MGN004-001.md) | Crear Tenant | RF-TENANT-001 | 8 | Migrado | +| US-MGN004-002 | [US-MGN004-002.md](./historias-usuario/US-MGN004-002.md) | Configurar Tenant | RF-TENANT-002 | 5 | Migrado | +| US-MGN004-003 | [US-MGN004-003.md](./historias-usuario/US-MGN004-003.md) | Gestionar Suscripcion | RF-TENANT-003 | 8 | Migrado | +| US-MGN004-004 | [US-MGN004-004.md](./historias-usuario/US-MGN004-004.md) | Cambiar Plan | RF-TENANT-003 | 5 | Migrado | + +**Backlog:** [BACKLOG-MGN004.md](./historias-usuario/BACKLOG-MGN004.md) + +--- + +## Implementacion + +### Database + +| Objeto | Tipo | Schema | +|--------|------|--------| +| tenants | Tabla | core_tenants | +| tenant_settings | Tabla | core_tenants | +| plans | Tabla | core_tenants | +| subscriptions | Tabla | core_tenants | +| RLS Policies | Policy | Todos los schemas | + +### Backend + +| Objeto | Tipo | Path | +|--------|------|------| +| TenantsModule | Module | src/modules/tenants/ | +| TenantsService | Service | src/modules/tenants/tenants.service.ts | +| SubscriptionsService | Service | src/modules/tenants/subscriptions.service.ts | +| TenantMiddleware | Middleware | src/modules/tenants/tenant.middleware.ts | +| TenantGuard | Guard | src/modules/tenants/guards/tenant.guard.ts | + +### Frontend + +| Objeto | Tipo | Path | +|--------|------|------| +| TenantsPage | Page | src/features/tenants/pages/TenantsPage.tsx | +| TenantSettingsPage | Page | src/features/tenants/pages/TenantSettingsPage.tsx | +| OnboardingPage | Page | src/features/tenants/pages/OnboardingPage.tsx | + +--- + +## Aislamiento RLS + +```sql +-- Cada tabla con tenant_id tiene RLS policy: +CREATE POLICY tenant_isolation ON {table} + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +-- El middleware establece el contexto: +SET LOCAL app.current_tenant_id = '{tenant_uuid}'; +``` + +--- + +## Dependencias + +**Depende de:** MGN-001 (Auth), MGN-002 (Users), MGN-003 (Roles) + +**Requerido por:** Todos los modulos de negocio (catalogos, ventas, compras, etc.) + +--- + +## Trazabilidad + +Ver: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-TENANT-database.md b/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-TENANT-database.md new file mode 100644 index 0000000..066315b --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-TENANT-database.md @@ -0,0 +1,1117 @@ +# DDL Specification: core_tenants Schema + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Schema** | core_tenants | +| **Modulo** | MGN-004 Tenants | +| **Version** | 1.0 | +| **Fecha** | 2025-12-05 | +| **Estado** | Ready | + +--- + +## Diagrama ER + +```mermaid +erDiagram + tenants ||--o| tenant_settings : has + tenants ||--o{ subscriptions : has + tenants ||--o{ tenant_modules : has + tenants ||--o{ invoices : has + tenants ||--o{ tenants : has_children + plans ||--o{ subscriptions : used_by + plans ||--o{ plan_modules : includes + modules ||--o{ plan_modules : included_in + modules ||--o{ tenant_modules : activated_for + + tenants { + uuid id PK + uuid parent_tenant_id FK + string name + string slug UK + string status + timestamp trial_ends_at + timestamp created_at + timestamp updated_at + timestamp deleted_at + uuid deleted_by FK + } + + tenant_settings { + uuid id PK + uuid tenant_id FK UK + jsonb company + jsonb branding + jsonb regional + jsonb operational + jsonb security + timestamp updated_at + uuid updated_by FK + } + + plans { + uuid id PK + string name + string slug UK + string pricing_model + decimal base_price + int included_seats + decimal per_seat_price + int max_seats + string currency + string interval + jsonb limits + jsonb features + boolean is_public + boolean is_active + int sort_order + } + + subscriptions { + uuid id PK + uuid tenant_id FK + uuid plan_id FK + string status + timestamp current_period_start + timestamp current_period_end + boolean cancel_at_period_end + timestamp trial_end + int quantity + decimal unit_amount + string external_subscription_id + string payment_method_id + timestamp created_at + timestamp canceled_at + } + + modules { + uuid id PK + string code UK + string name + string description + boolean is_core + boolean is_active + } + + plan_modules { + uuid id PK + uuid plan_id FK + uuid module_id FK + } + + tenant_modules { + uuid id PK + uuid tenant_id FK + uuid module_id FK + boolean is_active + timestamp activated_at + uuid activated_by FK + } + + invoices { + uuid id PK + uuid tenant_id FK + uuid subscription_id FK + string invoice_number UK + decimal amount + string currency + string status + timestamp due_date + timestamp paid_at + jsonb line_items + timestamp created_at + } +``` + +--- + +## Tablas + +### 1. tenants + +Tabla principal de tenants/organizaciones. + +```sql +CREATE TABLE core_tenants.tenants ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + parent_tenant_id UUID REFERENCES core_tenants.tenants(id), -- Holdings/Sucursales (Odoo: res.company.parent_id) + name VARCHAR(100) NOT NULL, + slug VARCHAR(50) NOT NULL UNIQUE, + status VARCHAR(20) NOT NULL DEFAULT 'trial', + tenant_type VARCHAR(20) NOT NULL DEFAULT 'standalone', -- standalone, holding, subsidiary + trial_ends_at TIMESTAMPTZ, + domain VARCHAR(100), + logo_url VARCHAR(500), + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + deleted_at TIMESTAMPTZ, + deleted_by UUID, + + CONSTRAINT chk_tenants_status CHECK ( + status IN ('trial', 'active', 'suspended', 'pending_deletion', 'deleted', 'trial_expired') + ), + CONSTRAINT chk_tenants_type CHECK (tenant_type IN ('standalone', 'holding', 'subsidiary')), + CONSTRAINT chk_tenants_slug CHECK (slug ~ '^[a-z0-9][a-z0-9-]*[a-z0-9]$'), + CONSTRAINT chk_tenants_slug_length CHECK (char_length(slug) >= 3), + CONSTRAINT chk_tenants_hierarchy CHECK ( + -- Un holding no puede tener parent + (tenant_type = 'holding' AND parent_tenant_id IS NULL) OR + -- Una subsidiary debe tener parent + (tenant_type = 'subsidiary' AND parent_tenant_id IS NOT NULL) OR + -- Standalone puede o no tener parent + (tenant_type = 'standalone') + ) +); + +-- Indices +CREATE INDEX idx_tenants_status ON core_tenants.tenants(status) WHERE deleted_at IS NULL; +CREATE INDEX idx_tenants_slug ON core_tenants.tenants(slug) WHERE deleted_at IS NULL; +CREATE INDEX idx_tenants_parent ON core_tenants.tenants(parent_tenant_id) WHERE parent_tenant_id IS NOT NULL; +CREATE INDEX idx_tenants_type ON core_tenants.tenants(tenant_type) WHERE deleted_at IS NULL; +CREATE INDEX idx_tenants_created_at ON core_tenants.tenants(created_at DESC); +CREATE INDEX idx_tenants_trial_ends ON core_tenants.tenants(trial_ends_at) + WHERE status = 'trial'; + +-- Trigger para updated_at +CREATE TRIGGER trg_tenants_updated_at + BEFORE UPDATE ON core_tenants.tenants + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); + +-- Comentarios +COMMENT ON TABLE core_tenants.tenants IS 'Organizaciones/empresas en el sistema multi-tenant'; +COMMENT ON COLUMN core_tenants.tenants.parent_tenant_id IS 'Tenant padre para holdings/sucursales (Ref: Odoo res.company.parent_id)'; +COMMENT ON COLUMN core_tenants.tenants.slug IS 'Identificador URL-friendly unico'; +COMMENT ON COLUMN core_tenants.tenants.status IS 'trial, active, suspended, pending_deletion, deleted, trial_expired'; +COMMENT ON COLUMN core_tenants.tenants.tenant_type IS 'standalone: independiente, holding: matriz, subsidiary: sucursal'; +``` + +--- + +### 2. tenant_settings + +Configuracion personalizada de cada tenant. + +```sql +CREATE TABLE core_tenants.tenant_settings ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL UNIQUE REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, + + -- Configuracion de empresa + company JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"companyName": "...", "taxId": "...", "address": {...}} + + -- Branding + branding JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"logo": "...", "primaryColor": "#3B82F6", ...} + + -- Configuracion regional + regional JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"language": "es", "timezone": "America/Mexico_City", ...} + + -- Configuracion operativa + operational JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"fiscalYearStart": "01-01", "workingDays": [1,2,3,4,5], ...} + + -- Configuracion de seguridad + security JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"passwordMinLength": 8, "sessionTimeout": 30, ...} + + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_by UUID +); + +-- Indices para busquedas en JSONB +CREATE INDEX idx_tenant_settings_company_name ON core_tenants.tenant_settings + USING gin ((company -> 'companyName')); + +-- Trigger para updated_at +CREATE TRIGGER trg_tenant_settings_updated_at + BEFORE UPDATE ON core_tenants.tenant_settings + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); + +-- Comentarios +COMMENT ON TABLE core_tenants.tenant_settings IS 'Configuracion personalizada de cada tenant'; +COMMENT ON COLUMN core_tenants.tenant_settings.company IS 'Informacion legal y de contacto'; +COMMENT ON COLUMN core_tenants.tenant_settings.branding IS 'Personalizacion visual'; +COMMENT ON COLUMN core_tenants.tenant_settings.regional IS 'Idioma, timezone, formatos'; +COMMENT ON COLUMN core_tenants.tenant_settings.security IS 'Politicas de seguridad'; +``` + +--- + +### 3. plans + +Planes de subscripcion disponibles. + +```sql +CREATE TABLE core_tenants.plans ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + name VARCHAR(50) NOT NULL, + slug VARCHAR(50) NOT NULL UNIQUE, + description VARCHAR(500), + + -- Pricing Model (MGN-015-007) + pricing_model VARCHAR(20) NOT NULL DEFAULT 'flat', + base_price DECIMAL(10,2) NOT NULL, -- Precio base del plan + included_seats INT NOT NULL DEFAULT 1, -- Usuarios incluidos en base_price + per_seat_price DECIMAL(10,2) DEFAULT 0, -- Precio por usuario adicional + max_seats INT, -- Maximo de usuarios (NULL = ilimitado) + + currency VARCHAR(3) NOT NULL DEFAULT 'USD', + interval VARCHAR(20) NOT NULL DEFAULT 'monthly', + + -- Limites del plan + limits JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo: {"maxStorageBytes": 26843545600, "maxApiCalls": 50000} + + -- Features del plan (MGN-015, MGN-016, MGN-017, MGN-018) + features JSONB NOT NULL DEFAULT '{}'::jsonb, + -- Ejemplo completo: + -- { + -- "priority_support": true, + -- "white_label": false, + -- "api_access": true, + -- "mercadopago_enabled": true, + -- "clip_enabled": true, + -- "stripe_enabled": false, + -- "whatsapp_enabled": true, + -- "whatsapp_chatbot": true, + -- "whatsapp_marketing": false, + -- "whatsapp_max_accounts": 1, + -- "ai_agents_enabled": true, + -- "ai_max_agents": 3, + -- "ai_kb_max_documents": 100, + -- "ai_monthly_token_limit": 500000 + -- } + + is_public BOOLEAN NOT NULL DEFAULT true, + is_active BOOLEAN NOT NULL DEFAULT true, + sort_order INT NOT NULL DEFAULT 0, + + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_plans_pricing_model CHECK (pricing_model IN ('flat', 'per_seat', 'tiered')), + CONSTRAINT chk_plans_interval CHECK (interval IN ('monthly', 'yearly', 'lifetime')), + CONSTRAINT chk_plans_base_price CHECK (base_price >= 0), + CONSTRAINT chk_plans_per_seat_price CHECK (per_seat_price >= 0), + CONSTRAINT chk_plans_seats CHECK (included_seats >= 1), + CONSTRAINT chk_plans_max_seats CHECK (max_seats IS NULL OR max_seats >= included_seats) +); + +-- Indices +CREATE INDEX idx_plans_public_active ON core_tenants.plans(is_public, is_active, sort_order); +CREATE INDEX idx_plans_pricing ON core_tenants.plans(pricing_model); + +-- Trigger para updated_at +CREATE TRIGGER trg_plans_updated_at + BEFORE UPDATE ON core_tenants.plans + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); + +-- Comentarios +COMMENT ON TABLE core_tenants.plans IS 'Planes de subscripcion disponibles'; +COMMENT ON COLUMN core_tenants.plans.pricing_model IS 'flat: precio fijo, per_seat: por usuario, tiered: escalonado'; +COMMENT ON COLUMN core_tenants.plans.base_price IS 'Precio base que incluye included_seats usuarios'; +COMMENT ON COLUMN core_tenants.plans.included_seats IS 'Usuarios incluidos en el precio base'; +COMMENT ON COLUMN core_tenants.plans.per_seat_price IS 'Precio por cada usuario adicional sobre included_seats'; +COMMENT ON COLUMN core_tenants.plans.limits IS 'Limites: maxStorageBytes, maxApiCalls (maxUsers ya no se usa, usar max_seats)'; +COMMENT ON COLUMN core_tenants.plans.features IS 'Features: integraciones, canales, AI, etc.'; +``` + +--- + +### 4. subscriptions + +Subscripciones de tenants a planes. + +```sql +CREATE TABLE core_tenants.subscriptions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, + plan_id UUID NOT NULL REFERENCES core_tenants.plans(id), + + status VARCHAR(20) NOT NULL DEFAULT 'active', + current_period_start TIMESTAMPTZ NOT NULL, + current_period_end TIMESTAMPTZ NOT NULL, + cancel_at_period_end BOOLEAN NOT NULL DEFAULT false, + trial_end TIMESTAMPTZ, + + -- Per-Seat Billing (MGN-015-007) + quantity INT NOT NULL DEFAULT 1, -- Numero de asientos/usuarios contratados + unit_amount DECIMAL(10,2), -- Precio unitario al momento de contratar + + -- Integracion con payment gateway + external_subscription_id VARCHAR(100), + payment_method_id VARCHAR(100), + + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + canceled_at TIMESTAMPTZ, + + CONSTRAINT chk_subscriptions_status CHECK ( + status IN ('trialing', 'active', 'past_due', 'canceled', 'unpaid', 'incomplete') + ), + CONSTRAINT chk_subscriptions_period CHECK (current_period_end > current_period_start), + CONSTRAINT chk_subscriptions_quantity CHECK (quantity >= 1) +); + +-- Indices +CREATE INDEX idx_subscriptions_tenant ON core_tenants.subscriptions(tenant_id); +CREATE INDEX idx_subscriptions_status ON core_tenants.subscriptions(status); +CREATE INDEX idx_subscriptions_period_end ON core_tenants.subscriptions(current_period_end) + WHERE status = 'active'; +CREATE INDEX idx_subscriptions_external ON core_tenants.subscriptions(external_subscription_id); + +-- Trigger para updated_at +CREATE TRIGGER trg_subscriptions_updated_at + BEFORE UPDATE ON core_tenants.subscriptions + FOR EACH ROW + EXECUTE FUNCTION update_updated_at_column(); + +-- Comentarios +COMMENT ON TABLE core_tenants.subscriptions IS 'Subscripciones activas y pasadas de tenants'; +COMMENT ON COLUMN core_tenants.subscriptions.external_subscription_id IS 'ID en Stripe/PayPal'; +COMMENT ON COLUMN core_tenants.subscriptions.quantity IS 'Numero de asientos contratados (usuarios pagados)'; +COMMENT ON COLUMN core_tenants.subscriptions.unit_amount IS 'Precio por asiento al momento de la subscripcion'; +``` + +--- + +### 5. modules + +Catalogo de modulos del sistema. + +```sql +CREATE TABLE core_tenants.modules ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + code VARCHAR(50) NOT NULL UNIQUE, + name VARCHAR(100) NOT NULL, + description VARCHAR(500), + is_core BOOLEAN NOT NULL DEFAULT false, + is_active BOOLEAN NOT NULL DEFAULT true, + sort_order INT NOT NULL DEFAULT 0, + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +-- Comentarios +COMMENT ON TABLE core_tenants.modules IS 'Modulos disponibles en el sistema'; +COMMENT ON COLUMN core_tenants.modules.is_core IS 'Modulos core siempre incluidos'; +``` + +--- + +### 6. plan_modules + +Modulos incluidos en cada plan. + +```sql +CREATE TABLE core_tenants.plan_modules ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + plan_id UUID NOT NULL REFERENCES core_tenants.plans(id) ON DELETE CASCADE, + module_id UUID NOT NULL REFERENCES core_tenants.modules(id) ON DELETE CASCADE, + + CONSTRAINT uq_plan_modules UNIQUE (plan_id, module_id) +); + +-- Indices +CREATE INDEX idx_plan_modules_plan ON core_tenants.plan_modules(plan_id); +CREATE INDEX idx_plan_modules_module ON core_tenants.plan_modules(module_id); +``` + +--- + +### 7. tenant_modules + +Modulos activos para cada tenant (puede exceder plan con addons). + +```sql +CREATE TABLE core_tenants.tenant_modules ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, + module_id UUID NOT NULL REFERENCES core_tenants.modules(id), + is_active BOOLEAN NOT NULL DEFAULT true, + activated_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + activated_by UUID, + + CONSTRAINT uq_tenant_modules UNIQUE (tenant_id, module_id) +); + +-- Indices +CREATE INDEX idx_tenant_modules_tenant ON core_tenants.tenant_modules(tenant_id); +CREATE INDEX idx_tenant_modules_active ON core_tenants.tenant_modules(tenant_id, is_active) + WHERE is_active = true; +``` + +--- + +### 8. invoices + +Historial de facturacion. + +```sql +CREATE TABLE core_tenants.invoices ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + tenant_id UUID NOT NULL REFERENCES core_tenants.tenants(id), + subscription_id UUID REFERENCES core_tenants.subscriptions(id), + + invoice_number VARCHAR(50) NOT NULL UNIQUE, + amount DECIMAL(10,2) NOT NULL, + currency VARCHAR(3) NOT NULL DEFAULT 'USD', + status VARCHAR(20) NOT NULL DEFAULT 'draft', + + due_date TIMESTAMPTZ, + paid_at TIMESTAMPTZ, + + -- Detalle de items + line_items JSONB NOT NULL DEFAULT '[]'::jsonb, + -- Ejemplo: [{"description": "Professional Plan", "amount": 99.00, "quantity": 1}] + + -- Integracion con payment gateway + external_invoice_id VARCHAR(100), + external_payment_id VARCHAR(100), + + created_at TIMESTAMPTZ NOT NULL DEFAULT CURRENT_TIMESTAMP, + + CONSTRAINT chk_invoices_status CHECK ( + status IN ('draft', 'open', 'paid', 'void', 'uncollectible') + ), + CONSTRAINT chk_invoices_amount CHECK (amount >= 0) +); + +-- Indices +CREATE INDEX idx_invoices_tenant ON core_tenants.invoices(tenant_id); +CREATE INDEX idx_invoices_status ON core_tenants.invoices(status); +CREATE INDEX idx_invoices_due_date ON core_tenants.invoices(due_date) + WHERE status = 'open'; +CREATE INDEX idx_invoices_number ON core_tenants.invoices(invoice_number); + +-- Comentarios +COMMENT ON TABLE core_tenants.invoices IS 'Historial de facturacion'; +``` + +--- + +## Data Seed: Modulos del Sistema + +```sql +INSERT INTO core_tenants.modules (code, name, description, is_core, sort_order) VALUES + ('auth', 'Autenticacion', 'Login, JWT, sesiones', true, 10), + ('users', 'Usuarios', 'Gestion de usuarios', true, 20), + ('roles', 'Roles y Permisos', 'RBAC, control de acceso', true, 30), + ('tenants', 'Multi-Tenancy', 'Configuracion del tenant', true, 40), + ('inventory', 'Inventario', 'Gestion de productos y stock', false, 50), + ('financial', 'Finanzas', 'Contabilidad basica', false, 60), + ('reports', 'Reportes', 'Reportes y dashboards', false, 70), + ('crm', 'CRM', 'Gestion de clientes', false, 80), + ('api', 'API Access', 'Acceso API REST', false, 90), + ('analytics', 'Analytics Avanzado', 'Analisis avanzado de datos', false, 100), + ('whitelabel', 'White Label', 'Personalizacion completa', false, 110); +``` + +--- + +## Data Seed: Planes de Subscripcion + +```sql +INSERT INTO core_tenants.plans ( + name, slug, description, + pricing_model, base_price, included_seats, per_seat_price, max_seats, + currency, interval, limits, features, sort_order +) VALUES + ( + 'Trial', + 'trial', + 'Prueba gratuita por 14 dias', + 'flat', + 0.00, + 3, -- 3 usuarios incluidos + 0.00, -- Sin costo adicional + 5, -- Maximo 5 usuarios + 'USD', + 'monthly', + '{"maxStorageBytes": 1073741824, "maxApiCalls": 1000}'::jsonb, + '{ + "email_support": false, + "priority_support": false, + "api_access": false, + "white_label": false, + "mercadopago_enabled": false, + "clip_enabled": false, + "stripe_enabled": false, + "whatsapp_enabled": false, + "whatsapp_chatbot": false, + "whatsapp_marketing": false, + "whatsapp_max_accounts": 0, + "ai_agents_enabled": false, + "ai_max_agents": 0, + "ai_kb_max_documents": 0, + "ai_monthly_token_limit": 0 + }'::jsonb, + 10 + ), + ( + 'Starter', + 'starter', + 'Para equipos pequenos', + 'per_seat', + 29.00, -- Precio base + 3, -- 3 usuarios incluidos + 9.00, -- $9 por usuario adicional + 15, -- Maximo 15 usuarios + 'USD', + 'monthly', + '{"maxStorageBytes": 5368709120, "maxApiCalls": 10000}'::jsonb, + '{ + "email_support": true, + "priority_support": false, + "api_access": false, + "white_label": false, + "mercadopago_enabled": true, + "clip_enabled": true, + "stripe_enabled": false, + "whatsapp_enabled": true, + "whatsapp_chatbot": false, + "whatsapp_marketing": false, + "whatsapp_max_accounts": 1, + "ai_agents_enabled": false, + "ai_max_agents": 0, + "ai_kb_max_documents": 0, + "ai_monthly_token_limit": 0 + }'::jsonb, + 20 + ), + ( + 'Professional', + 'professional', + 'Para empresas en crecimiento', + 'per_seat', + 99.00, -- Precio base + 5, -- 5 usuarios incluidos + 15.00, -- $15 por usuario adicional + 100, -- Maximo 100 usuarios + 'USD', + 'monthly', + '{"maxStorageBytes": 26843545600, "maxApiCalls": 50000}'::jsonb, + '{ + "email_support": true, + "priority_support": true, + "api_access": true, + "white_label": false, + "mercadopago_enabled": true, + "clip_enabled": true, + "stripe_enabled": true, + "whatsapp_enabled": true, + "whatsapp_chatbot": true, + "whatsapp_marketing": true, + "whatsapp_max_accounts": 3, + "ai_agents_enabled": true, + "ai_max_agents": 3, + "ai_kb_max_documents": 100, + "ai_monthly_token_limit": 500000 + }'::jsonb, + 30 + ), + ( + 'Enterprise', + 'enterprise', + 'Para grandes organizaciones', + 'per_seat', + 299.00, -- Precio base + 10, -- 10 usuarios incluidos + 25.00, -- $25 por usuario adicional + NULL, -- Sin limite de usuarios + 'USD', + 'monthly', + '{"maxStorageBytes": 107374182400, "maxApiCalls": 500000}'::jsonb, + '{ + "email_support": true, + "priority_support": true, + "api_access": true, + "white_label": true, + "advanced_analytics": true, + "dedicated_support": true, + "mercadopago_enabled": true, + "clip_enabled": true, + "stripe_enabled": true, + "whatsapp_enabled": true, + "whatsapp_chatbot": true, + "whatsapp_marketing": true, + "whatsapp_max_accounts": 10, + "ai_agents_enabled": true, + "ai_max_agents": -1, + "ai_kb_max_documents": 500, + "ai_custom_tools": true, + "ai_monthly_token_limit": 5000000 + }'::jsonb, + 40 + ); + +-- Asignar modulos a planes +-- Trial: solo core +INSERT INTO core_tenants.plan_modules (plan_id, module_id) +SELECT p.id, m.id +FROM core_tenants.plans p, core_tenants.modules m +WHERE p.slug = 'trial' AND m.is_core = true; + +-- Starter: core + inventory + financial +INSERT INTO core_tenants.plan_modules (plan_id, module_id) +SELECT p.id, m.id +FROM core_tenants.plans p, core_tenants.modules m +WHERE p.slug = 'starter' AND (m.is_core = true OR m.code IN ('inventory', 'financial')); + +-- Professional: core + inventory + financial + reports + crm + api +INSERT INTO core_tenants.plan_modules (plan_id, module_id) +SELECT p.id, m.id +FROM core_tenants.plans p, core_tenants.modules m +WHERE p.slug = 'professional' AND (m.is_core = true OR m.code IN ('inventory', 'financial', 'reports', 'crm', 'api')); + +-- Enterprise: todos +INSERT INTO core_tenants.plan_modules (plan_id, module_id) +SELECT p.id, m.id +FROM core_tenants.plans p, core_tenants.modules m +WHERE p.slug = 'enterprise'; +``` + +--- + +## Data Seed: Configuracion Default + +```sql +-- Configuracion default de plataforma (para herencia) +INSERT INTO core_tenants.tenant_settings (tenant_id, company, branding, regional, operational, security) +VALUES ( + '00000000-0000-0000-0000-000000000000', -- Tenant placeholder para defaults + '{}'::jsonb, + '{"primaryColor": "#3B82F6", "secondaryColor": "#10B981", "accentColor": "#F59E0B"}'::jsonb, + '{"defaultLanguage": "es", "defaultTimezone": "America/Mexico_City", "dateFormat": "DD/MM/YYYY", "timeFormat": "24h", "currency": "MXN"}'::jsonb, + '{"fiscalYearStart": "01-01", "workingDays": [1,2,3,4,5], "businessHoursStart": "09:00", "businessHoursEnd": "18:00"}'::jsonb, + '{"passwordMinLength": 8, "passwordRequireSpecial": true, "sessionTimeout": 30, "maxLoginAttempts": 5, "lockoutDuration": 15, "mfaRequired": false}'::jsonb +); +``` + +--- + +## Funciones de Utilidad + +### Crear Tenant Completo + +```sql +CREATE OR REPLACE FUNCTION core_tenants.create_tenant( + p_name VARCHAR, + p_slug VARCHAR, + p_admin_email VARCHAR, + p_admin_name VARCHAR, + p_plan_slug VARCHAR DEFAULT 'trial', + p_trial_days INT DEFAULT 14 +) RETURNS UUID AS $$ +DECLARE + v_tenant_id UUID; + v_plan_id UUID; + v_admin_user_id UUID; + v_admin_role_id UUID; +BEGIN + -- Crear tenant + INSERT INTO core_tenants.tenants (name, slug, status, trial_ends_at) + VALUES ( + p_name, + p_slug, + 'trial', + CURRENT_TIMESTAMP + (p_trial_days || ' days')::interval + ) + RETURNING id INTO v_tenant_id; + + -- Crear settings vacios (heredara defaults) + INSERT INTO core_tenants.tenant_settings (tenant_id) + VALUES (v_tenant_id); + + -- Obtener plan + SELECT id INTO v_plan_id FROM core_tenants.plans WHERE slug = p_plan_slug; + + -- Crear subscripcion + INSERT INTO core_tenants.subscriptions ( + tenant_id, plan_id, status, + current_period_start, current_period_end, trial_end + ) VALUES ( + v_tenant_id, v_plan_id, 'trialing', + CURRENT_TIMESTAMP, + CURRENT_TIMESTAMP + (p_trial_days || ' days')::interval, + CURRENT_TIMESTAMP + (p_trial_days || ' days')::interval + ); + + -- Activar modulos del plan + INSERT INTO core_tenants.tenant_modules (tenant_id, module_id) + SELECT v_tenant_id, pm.module_id + FROM core_tenants.plan_modules pm + WHERE pm.plan_id = v_plan_id; + + -- Crear roles built-in para el tenant + PERFORM core_rbac.create_builtin_roles(v_tenant_id); + + -- Crear usuario admin + -- (Esto se hace en la capa de aplicacion para enviar email) + + RETURN v_tenant_id; +END; +$$ LANGUAGE plpgsql; +``` + +### Verificar Limite de Tenant + +```sql +CREATE OR REPLACE FUNCTION core_tenants.check_tenant_limit( + p_tenant_id UUID, + p_limit_type VARCHAR +) RETURNS TABLE ( + current_value BIGINT, + max_value BIGINT, + can_add BOOLEAN, + percentage INT +) AS $$ +DECLARE + v_limits JSONB; + v_current BIGINT; + v_max BIGINT; +BEGIN + -- Obtener limites del plan actual + SELECT pl.limits INTO v_limits + FROM core_tenants.subscriptions s + JOIN core_tenants.plans pl ON pl.id = s.plan_id + WHERE s.tenant_id = p_tenant_id + AND s.status IN ('active', 'trialing') + ORDER BY s.created_at DESC + LIMIT 1; + + -- Obtener valor actual segun tipo + CASE p_limit_type + WHEN 'users' THEN + SELECT COUNT(*) INTO v_current + FROM core_users.users + WHERE tenant_id = p_tenant_id AND deleted_at IS NULL; + v_max := (v_limits->>'maxUsers')::BIGINT; + + WHEN 'storage' THEN + -- Calcular storage usado (simplificado) + v_current := 0; -- Implementar calculo real + v_max := (v_limits->>'maxStorageBytes')::BIGINT; + + WHEN 'api_calls' THEN + -- Calcular API calls del mes (simplificado) + v_current := 0; -- Implementar calculo real + v_max := (v_limits->>'maxApiCalls')::BIGINT; + END CASE; + + -- -1 significa ilimitado + IF v_max = -1 THEN + RETURN QUERY SELECT v_current, v_max, true, 0; + ELSE + RETURN QUERY SELECT + v_current, + v_max, + v_current < v_max, + CASE WHEN v_max > 0 THEN (v_current * 100 / v_max)::INT ELSE 0 END; + END IF; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### Obtener Subsidiarias de un Holding + +```sql +CREATE OR REPLACE FUNCTION core_tenants.get_subsidiaries( + p_tenant_id UUID, + p_include_self BOOLEAN DEFAULT false +) RETURNS TABLE ( + tenant_id UUID, + tenant_name VARCHAR, + tenant_slug VARCHAR, + tenant_type VARCHAR, + level INT +) AS $$ +WITH RECURSIVE tenant_tree AS ( + -- Base: el tenant solicitado + SELECT + t.id, + t.name, + t.slug, + t.tenant_type::VARCHAR, + 0 AS level + FROM core_tenants.tenants t + WHERE t.id = p_tenant_id AND t.deleted_at IS NULL + + UNION ALL + + -- Recursivo: subsidiarias + SELECT + child.id, + child.name, + child.slug, + child.tenant_type::VARCHAR, + tt.level + 1 + FROM core_tenants.tenants child + JOIN tenant_tree tt ON child.parent_tenant_id = tt.id + WHERE child.deleted_at IS NULL +) +SELECT id, name, slug, tenant_type, level +FROM tenant_tree +WHERE p_include_self = true OR level > 0 +ORDER BY level, name; +$$ LANGUAGE SQL STABLE; + +COMMENT ON FUNCTION core_tenants.get_subsidiaries IS 'Obtiene arbol de subsidiarias de un holding (Ref: Odoo res.company.child_ids)'; +``` + +### Obtener Holding Raiz + +```sql +CREATE OR REPLACE FUNCTION core_tenants.get_root_holding( + p_tenant_id UUID +) RETURNS UUID AS $$ +WITH RECURSIVE tenant_tree AS ( + SELECT id, parent_tenant_id + FROM core_tenants.tenants + WHERE id = p_tenant_id AND deleted_at IS NULL + + UNION ALL + + SELECT t.id, t.parent_tenant_id + FROM core_tenants.tenants t + JOIN tenant_tree tt ON t.id = tt.parent_tenant_id + WHERE t.deleted_at IS NULL +) +SELECT id FROM tenant_tree WHERE parent_tenant_id IS NULL; +$$ LANGUAGE SQL STABLE; + +COMMENT ON FUNCTION core_tenants.get_root_holding IS 'Obtiene el holding raiz de una subsidiaria'; +``` + +### Verificar Feature de Plan (MGN-015/016/017/018) + +```sql +CREATE OR REPLACE FUNCTION core_tenants.has_feature( + p_tenant_id UUID, + p_feature_name VARCHAR +) RETURNS BOOLEAN AS $$ +DECLARE + v_features JSONB; + v_result BOOLEAN; +BEGIN + -- Obtener features del plan activo + SELECT pl.features INTO v_features + FROM core_tenants.subscriptions s + JOIN core_tenants.plans pl ON pl.id = s.plan_id + WHERE s.tenant_id = p_tenant_id + AND s.status IN ('active', 'trialing') + ORDER BY s.created_at DESC + LIMIT 1; + + IF v_features IS NULL THEN + RETURN false; + END IF; + + -- Verificar si el feature existe y es true + v_result := COALESCE((v_features->>p_feature_name)::BOOLEAN, false); + RETURN v_result; +EXCEPTION + WHEN OTHERS THEN + -- Si el valor no es booleano, verificar si existe + RETURN v_features ? p_feature_name; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core_tenants.has_feature IS 'Verifica si un tenant tiene habilitado un feature (usado por MGN-015/016/017/018)'; +``` + +### Obtener Limite de Feature + +```sql +CREATE OR REPLACE FUNCTION core_tenants.get_feature_limit( + p_tenant_id UUID, + p_feature_name VARCHAR +) RETURNS INT AS $$ +DECLARE + v_features JSONB; + v_value INT; +BEGIN + -- Obtener features del plan activo + SELECT pl.features INTO v_features + FROM core_tenants.subscriptions s + JOIN core_tenants.plans pl ON pl.id = s.plan_id + WHERE s.tenant_id = p_tenant_id + AND s.status IN ('active', 'trialing') + ORDER BY s.created_at DESC + LIMIT 1; + + IF v_features IS NULL THEN + RETURN 0; + END IF; + + -- Obtener valor numerico + v_value := COALESCE((v_features->>p_feature_name)::INT, 0); + RETURN v_value; +EXCEPTION + WHEN OTHERS THEN + RETURN 0; +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core_tenants.get_feature_limit IS 'Obtiene limite numerico de un feature (ej: ai_max_agents, whatsapp_max_accounts)'; +``` + +### Calcular Precio de Subscripcion (Per-Seat) + +```sql +CREATE OR REPLACE FUNCTION core_tenants.calculate_subscription_price( + p_plan_id UUID, + p_quantity INT +) RETURNS TABLE ( + base_price DECIMAL(10,2), + included_seats INT, + extra_seats INT, + extra_seats_cost DECIMAL(10,2), + total_price DECIMAL(10,2) +) AS $$ +DECLARE + v_plan RECORD; +BEGIN + SELECT + pl.base_price, + pl.included_seats, + pl.per_seat_price, + pl.max_seats, + pl.pricing_model + INTO v_plan + FROM core_tenants.plans pl + WHERE pl.id = p_plan_id; + + IF v_plan IS NULL THEN + RETURN; + END IF; + + -- Validar cantidad maxima + IF v_plan.max_seats IS NOT NULL AND p_quantity > v_plan.max_seats THEN + RAISE EXCEPTION 'Quantity % exceeds max_seats %', p_quantity, v_plan.max_seats; + END IF; + + RETURN QUERY SELECT + v_plan.base_price, + v_plan.included_seats, + GREATEST(0, p_quantity - v_plan.included_seats), + GREATEST(0, p_quantity - v_plan.included_seats) * v_plan.per_seat_price, + v_plan.base_price + (GREATEST(0, p_quantity - v_plan.included_seats) * v_plan.per_seat_price); +END; +$$ LANGUAGE plpgsql STABLE; + +COMMENT ON FUNCTION core_tenants.calculate_subscription_price IS 'Calcula precio total de subscripcion segun cantidad de asientos'; +``` + +--- + +## Vistas + +### Vista: Resumen de Tenants + +```sql +CREATE VIEW core_tenants.vw_tenants_summary AS +SELECT + t.id, + t.parent_tenant_id, + t.name, + t.slug, + t.status, + t.tenant_type, + t.trial_ends_at, + t.created_at, + pt.name AS parent_tenant_name, + p.name AS plan_name, + p.slug AS plan_slug, + s.status AS subscription_status, + s.current_period_end, + (SELECT COUNT(*) FROM core_users.users u WHERE u.tenant_id = t.id AND u.deleted_at IS NULL) AS users_count, + (SELECT COUNT(*) FROM core_tenants.tenant_modules tm WHERE tm.tenant_id = t.id AND tm.is_active = true) AS modules_count, + (SELECT COUNT(*) FROM core_tenants.tenants child WHERE child.parent_tenant_id = t.id AND child.deleted_at IS NULL) AS subsidiaries_count +FROM core_tenants.tenants t +LEFT JOIN core_tenants.tenants pt ON pt.id = t.parent_tenant_id +LEFT JOIN core_tenants.subscriptions s ON s.tenant_id = t.id AND s.status IN ('active', 'trialing') +LEFT JOIN core_tenants.plans p ON p.id = s.plan_id +WHERE t.deleted_at IS NULL; +``` + +### Vista: Uso de Tenant + +```sql +CREATE VIEW core_tenants.vw_tenant_usage AS +SELECT + t.id AS tenant_id, + t.name AS tenant_name, + -- Per-Seat info (MGN-015-007) + pl.pricing_model, + pl.included_seats, + pl.max_seats, + s.quantity AS contracted_seats, + (SELECT COUNT(*) FROM core_users.users u WHERE u.tenant_id = t.id AND u.deleted_at IS NULL) AS current_users, + -- Calculo de asientos disponibles + CASE + WHEN pl.max_seats IS NULL THEN NULL -- Ilimitado + ELSE pl.max_seats - (SELECT COUNT(*) FROM core_users.users u WHERE u.tenant_id = t.id AND u.deleted_at IS NULL) + END AS available_seats, + -- Storage y API + (pl.limits->>'maxStorageBytes')::BIGINT AS max_storage, + 0::BIGINT AS current_storage, -- Implementar calculo real + (pl.limits->>'maxApiCalls')::INT AS max_api_calls, + 0::INT AS current_api_calls, -- Implementar calculo real + -- Features de integraciones + COALESCE((pl.features->>'whatsapp_enabled')::BOOLEAN, false) AS whatsapp_enabled, + COALESCE((pl.features->>'ai_agents_enabled')::BOOLEAN, false) AS ai_enabled, + COALESCE((pl.features->>'ai_monthly_token_limit')::INT, 0) AS ai_token_limit, + 0::INT AS ai_tokens_used -- Implementar calculo real +FROM core_tenants.tenants t +JOIN core_tenants.subscriptions s ON s.tenant_id = t.id AND s.status IN ('active', 'trialing') +JOIN core_tenants.plans pl ON pl.id = s.plan_id +WHERE t.deleted_at IS NULL; +``` + +--- + +## Resumen de Tablas + +| Tabla | Columnas | Descripcion | +|-------|----------|-------------| +| tenants | 13 | Tenants/organizaciones (con parent_tenant_id y tenant_type) | +| tenant_settings | 8 | Configuracion JSONB | +| plans | 17 | Planes con pricing per-seat y features (MGN-015-007) | +| subscriptions | 14 | Subscripciones con quantity per-seat (MGN-015-007) | +| modules | 7 | Catalogo de modulos | +| plan_modules | 3 | Modulos por plan | +| tenant_modules | 6 | Modulos activos por tenant | +| invoices | 14 | Historial de facturacion | + +**Total: 8 tablas, 82 columnas** + +--- + +## Funciones de Utilidad + +| Funcion | Retorna | Descripcion | +|---------|---------|-------------| +| create_tenant | UUID | Crea tenant con settings, subscription y modulos | +| check_tenant_limit | TABLE | Verifica limites de usuarios, storage, API calls | +| get_subsidiaries | TABLE | Arbol de subsidiarias de un holding | +| get_root_holding | UUID | Holding raiz de una subsidiaria | +| has_feature | BOOLEAN | Verifica si tenant tiene feature habilitado (MGN-015/016/017/018) | +| get_feature_limit | INT | Obtiene limite numerico de un feature | +| calculate_subscription_price | TABLE | Calcula precio total per-seat | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | +| 1.1 | 2025-12-05 | System | Agregar parent_tenant_id y tenant_type (Ref: Odoo res.company.parent_id) | +| 1.2 | 2025-12-05 | System | Pricing per-seat (MGN-015-007): pricing_model, base_price, included_seats, per_seat_price, max_seats en plans; quantity, unit_amount en subscriptions; features JSONB para MGN-016/017/018 | diff --git a/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-tenants-backend.md b/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-tenants-backend.md new file mode 100644 index 0000000..8cc37fa --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/especificaciones/ET-tenants-backend.md @@ -0,0 +1,2365 @@ +# Especificacion Tecnica Backend - MGN-004 Tenants + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-004 | +| **Nombre** | Multi-Tenancy Backend | +| **Version** | 1.0 | +| **Fecha** | 2025-12-05 | + +--- + +## Estructura del Modulo + +``` +src/ +├── modules/ +│ └── tenants/ +│ ├── tenants.module.ts +│ ├── controllers/ +│ │ ├── tenants.controller.ts +│ │ ├── tenant-settings.controller.ts +│ │ ├── plans.controller.ts +│ │ ├── subscriptions.controller.ts +│ │ └── platform-tenants.controller.ts +│ ├── services/ +│ │ ├── tenants.service.ts +│ │ ├── tenant-settings.service.ts +│ │ ├── plans.service.ts +│ │ ├── subscriptions.service.ts +│ │ ├── tenant-usage.service.ts +│ │ └── billing.service.ts +│ ├── entities/ +│ │ ├── tenant.entity.ts +│ │ ├── tenant-settings.entity.ts +│ │ ├── plan.entity.ts +│ │ ├── subscription.entity.ts +│ │ ├── module.entity.ts +│ │ ├── plan-module.entity.ts +│ │ ├── tenant-module.entity.ts +│ │ └── invoice.entity.ts +│ ├── dto/ +│ │ ├── create-tenant.dto.ts +│ │ ├── update-tenant.dto.ts +│ │ ├── tenant-settings.dto.ts +│ │ ├── create-plan.dto.ts +│ │ ├── update-plan.dto.ts +│ │ ├── create-subscription.dto.ts +│ │ ├── upgrade-subscription.dto.ts +│ │ └── cancel-subscription.dto.ts +│ ├── guards/ +│ │ ├── tenant.guard.ts +│ │ ├── tenant-status.guard.ts +│ │ └── limit.guard.ts +│ ├── middleware/ +│ │ └── tenant-context.middleware.ts +│ ├── decorators/ +│ │ ├── tenant.decorator.ts +│ │ ├── check-limit.decorator.ts +│ │ └── check-module.decorator.ts +│ ├── interceptors/ +│ │ └── tenant-context.interceptor.ts +│ └── interfaces/ +│ ├── tenant-settings.interface.ts +│ └── subscription-limits.interface.ts +``` + +--- + +## Entidades + +### Tenant Entity + +```typescript +// entities/tenant.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + OneToMany, + OneToOne, + Index, +} from 'typeorm'; +import { TenantSettings } from './tenant-settings.entity'; +import { Subscription } from './subscription.entity'; +import { TenantModule } from './tenant-module.entity'; + +export enum TenantStatus { + CREATED = 'created', + TRIAL = 'trial', + TRIAL_EXPIRED = 'trial_expired', + ACTIVE = 'active', + SUSPENDED = 'suspended', + PENDING_DELETION = 'pending_deletion', + DELETED = 'deleted', +} + +@Entity({ schema: 'core_tenants', name: 'tenants' }) +export class Tenant { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ length: 100 }) + @Index() + name: string; + + @Column({ length: 50, unique: true }) + @Index() + slug: string; + + @Column({ length: 50, unique: true, nullable: true }) + subdomain: string; + + @Column({ length: 100, nullable: true }) + custom_domain: string; + + @Column({ + type: 'enum', + enum: TenantStatus, + default: TenantStatus.CREATED, + }) + @Index() + status: TenantStatus; + + @Column({ type: 'timestamptz', nullable: true }) + trial_ends_at: Date; + + @Column({ type: 'timestamptz', nullable: true }) + suspended_at: Date; + + @Column({ type: 'text', nullable: true }) + suspension_reason: string; + + @Column({ type: 'timestamptz', nullable: true }) + deletion_scheduled_at: Date; + + @Column({ type: 'timestamptz', nullable: true }) + deleted_at: Date; + + @Column({ type: 'uuid', nullable: true }) + deleted_by: string; + + @CreateDateColumn({ type: 'timestamptz' }) + created_at: Date; + + @Column({ type: 'uuid', nullable: true }) + created_by: string; + + @UpdateDateColumn({ type: 'timestamptz' }) + updated_at: Date; + + @Column({ type: 'uuid', nullable: true }) + updated_by: string; + + // Relations + @OneToOne(() => TenantSettings, (settings) => settings.tenant) + settings: TenantSettings; + + @OneToMany(() => Subscription, (subscription) => subscription.tenant) + subscriptions: Subscription[]; + + @OneToMany(() => TenantModule, (tenantModule) => tenantModule.tenant) + enabledModules: TenantModule[]; +} +``` + +### TenantSettings Entity + +```typescript +// entities/tenant-settings.entity.ts +import { + Entity, + PrimaryColumn, + Column, + OneToOne, + JoinColumn, + UpdateDateColumn, +} from 'typeorm'; +import { Tenant } from './tenant.entity'; + +@Entity({ schema: 'core_tenants', name: 'tenant_settings' }) +export class TenantSettings { + @PrimaryColumn('uuid') + tenant_id: string; + + @Column({ type: 'jsonb', default: {} }) + company: Record; + + @Column({ type: 'jsonb', default: {} }) + branding: Record; + + @Column({ type: 'jsonb', default: {} }) + regional: Record; + + @Column({ type: 'jsonb', default: {} }) + operational: Record; + + @Column({ type: 'jsonb', default: {} }) + security: Record; + + @UpdateDateColumn({ type: 'timestamptz' }) + updated_at: Date; + + @Column({ type: 'uuid', nullable: true }) + updated_by: string; + + // Relations + @OneToOne(() => Tenant, (tenant) => tenant.settings) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; +} +``` + +### Plan Entity + +```typescript +// entities/plan.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + OneToMany, + Index, +} from 'typeorm'; +import { PlanModule } from './plan-module.entity'; +import { Subscription } from './subscription.entity'; + +export enum BillingInterval { + MONTHLY = 'monthly', + YEARLY = 'yearly', +} + +@Entity({ schema: 'core_tenants', name: 'plans' }) +export class Plan { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ length: 50, unique: true }) + @Index() + code: string; + + @Column({ length: 100 }) + name: string; + + @Column({ type: 'text', nullable: true }) + description: string; + + @Column({ type: 'decimal', precision: 10, scale: 2 }) + price: number; + + @Column({ length: 3, default: 'USD' }) + currency: string; + + @Column({ + type: 'enum', + enum: BillingInterval, + default: BillingInterval.MONTHLY, + }) + billing_interval: BillingInterval; + + @Column({ type: 'int', default: 5 }) + max_users: number; + + @Column({ type: 'bigint', default: 1073741824 }) // 1GB + max_storage_bytes: bigint; + + @Column({ type: 'int', default: 1000 }) + max_api_calls_per_month: number; + + @Column({ type: 'int', nullable: true }) + trial_days: number; + + @Column({ type: 'jsonb', default: [] }) + features: string[]; + + @Column({ default: true }) + is_active: boolean; + + @Column({ default: true }) + is_public: boolean; + + @Column({ type: 'int', default: 0 }) + sort_order: number; + + @CreateDateColumn({ type: 'timestamptz' }) + created_at: Date; + + @UpdateDateColumn({ type: 'timestamptz' }) + updated_at: Date; + + // Relations + @OneToMany(() => PlanModule, (planModule) => planModule.plan) + includedModules: PlanModule[]; + + @OneToMany(() => Subscription, (subscription) => subscription.plan) + subscriptions: Subscription[]; +} +``` + +### Subscription Entity + +```typescript +// entities/subscription.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + UpdateDateColumn, + ManyToOne, + JoinColumn, + Index, +} from 'typeorm'; +import { Tenant } from './tenant.entity'; +import { Plan } from './plan.entity'; + +export enum SubscriptionStatus { + TRIAL = 'trial', + ACTIVE = 'active', + PAST_DUE = 'past_due', + CANCELED = 'canceled', + UNPAID = 'unpaid', +} + +@Entity({ schema: 'core_tenants', name: 'subscriptions' }) +export class Subscription { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column('uuid') + @Index() + tenant_id: string; + + @Column('uuid') + plan_id: string; + + @Column({ + type: 'enum', + enum: SubscriptionStatus, + default: SubscriptionStatus.TRIAL, + }) + @Index() + status: SubscriptionStatus; + + @Column({ type: 'timestamptz' }) + current_period_start: Date; + + @Column({ type: 'timestamptz' }) + current_period_end: Date; + + @Column({ type: 'timestamptz', nullable: true }) + trial_end: Date; + + @Column({ default: false }) + cancel_at_period_end: boolean; + + @Column({ type: 'timestamptz', nullable: true }) + canceled_at: Date; + + @Column({ type: 'text', nullable: true }) + cancellation_reason: string; + + @Column({ length: 100, nullable: true }) + external_subscription_id: string; // Stripe subscription ID + + @Column({ length: 100, nullable: true }) + payment_method_id: string; + + @CreateDateColumn({ type: 'timestamptz' }) + created_at: Date; + + @UpdateDateColumn({ type: 'timestamptz' }) + updated_at: Date; + + // Relations + @ManyToOne(() => Tenant, (tenant) => tenant.subscriptions) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => Plan, (plan) => plan.subscriptions) + @JoinColumn({ name: 'plan_id' }) + plan: Plan; +} +``` + +### Module Entity + +```typescript +// entities/module.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + OneToMany, + Index, +} from 'typeorm'; +import { PlanModule } from './plan-module.entity'; +import { TenantModule } from './tenant-module.entity'; + +@Entity({ schema: 'core_tenants', name: 'modules' }) +export class Module { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ length: 50, unique: true }) + @Index() + code: string; + + @Column({ length: 100 }) + name: string; + + @Column({ type: 'text', nullable: true }) + description: string; + + @Column({ default: true }) + is_active: boolean; + + @Column({ default: false }) + is_core: boolean; // Core modules always enabled + + // Relations + @OneToMany(() => PlanModule, (planModule) => planModule.module) + planModules: PlanModule[]; + + @OneToMany(() => TenantModule, (tenantModule) => tenantModule.module) + tenantModules: TenantModule[]; +} +``` + +### PlanModule Entity + +```typescript +// entities/plan-module.entity.ts +import { + Entity, + PrimaryColumn, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Plan } from './plan.entity'; +import { Module } from './module.entity'; + +@Entity({ schema: 'core_tenants', name: 'plan_modules' }) +export class PlanModule { + @PrimaryColumn('uuid') + plan_id: string; + + @PrimaryColumn('uuid') + module_id: string; + + // Relations + @ManyToOne(() => Plan, (plan) => plan.includedModules) + @JoinColumn({ name: 'plan_id' }) + plan: Plan; + + @ManyToOne(() => Module, (module) => module.planModules) + @JoinColumn({ name: 'module_id' }) + module: Module; +} +``` + +### TenantModule Entity + +```typescript +// entities/tenant-module.entity.ts +import { + Entity, + PrimaryColumn, + Column, + CreateDateColumn, + ManyToOne, + JoinColumn, +} from 'typeorm'; +import { Tenant } from './tenant.entity'; +import { Module } from './module.entity'; + +@Entity({ schema: 'core_tenants', name: 'tenant_modules' }) +export class TenantModule { + @PrimaryColumn('uuid') + tenant_id: string; + + @PrimaryColumn('uuid') + module_id: string; + + @Column({ default: true }) + is_enabled: boolean; + + @CreateDateColumn({ type: 'timestamptz' }) + enabled_at: Date; + + @Column({ type: 'uuid', nullable: true }) + enabled_by: string; + + // Relations + @ManyToOne(() => Tenant, (tenant) => tenant.enabledModules) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => Module, (module) => module.tenantModules) + @JoinColumn({ name: 'module_id' }) + module: Module; +} +``` + +### Invoice Entity + +```typescript +// entities/invoice.entity.ts +import { + Entity, + PrimaryGeneratedColumn, + Column, + CreateDateColumn, + ManyToOne, + JoinColumn, + Index, +} from 'typeorm'; +import { Tenant } from './tenant.entity'; +import { Subscription } from './subscription.entity'; + +export enum InvoiceStatus { + DRAFT = 'draft', + OPEN = 'open', + PAID = 'paid', + VOID = 'void', + UNCOLLECTIBLE = 'uncollectible', +} + +@Entity({ schema: 'core_tenants', name: 'invoices' }) +export class Invoice { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column('uuid') + @Index() + tenant_id: string; + + @Column('uuid') + subscription_id: string; + + @Column({ length: 20, unique: true }) + invoice_number: string; + + @Column({ + type: 'enum', + enum: InvoiceStatus, + default: InvoiceStatus.DRAFT, + }) + status: InvoiceStatus; + + @Column({ type: 'decimal', precision: 10, scale: 2 }) + subtotal: number; + + @Column({ type: 'decimal', precision: 10, scale: 2, default: 0 }) + tax: number; + + @Column({ type: 'decimal', precision: 10, scale: 2 }) + total: number; + + @Column({ length: 3, default: 'USD' }) + currency: string; + + @Column({ type: 'timestamptz' }) + period_start: Date; + + @Column({ type: 'timestamptz' }) + period_end: Date; + + @Column({ type: 'timestamptz', nullable: true }) + due_date: Date; + + @Column({ type: 'timestamptz', nullable: true }) + paid_at: Date; + + @Column({ length: 100, nullable: true }) + external_invoice_id: string; // Stripe invoice ID + + @Column({ type: 'text', nullable: true }) + pdf_url: string; + + @Column({ type: 'jsonb', default: [] }) + line_items: Array<{ + description: string; + quantity: number; + unit_price: number; + amount: number; + }>; + + @CreateDateColumn({ type: 'timestamptz' }) + created_at: Date; + + // Relations + @ManyToOne(() => Tenant) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @ManyToOne(() => Subscription) + @JoinColumn({ name: 'subscription_id' }) + subscription: Subscription; +} +``` + +--- + +## DTOs + +### CreateTenantDto + +```typescript +// dto/create-tenant.dto.ts +import { IsString, IsOptional, MaxLength, Matches, IsEnum } from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; +import { TenantStatus } from '../entities/tenant.entity'; + +export class CreateTenantDto { + @ApiProperty({ description: 'Nombre del tenant', maxLength: 100 }) + @IsString() + @MaxLength(100) + name: string; + + @ApiProperty({ description: 'Slug unico (URL-friendly)', maxLength: 50 }) + @IsString() + @MaxLength(50) + @Matches(/^[a-z0-9-]+$/, { + message: 'Slug solo puede contener letras minusculas, numeros y guiones', + }) + slug: string; + + @ApiPropertyOptional({ description: 'Subdominio', maxLength: 50 }) + @IsOptional() + @IsString() + @MaxLength(50) + @Matches(/^[a-z0-9-]+$/, { + message: 'Subdominio solo puede contener letras minusculas, numeros y guiones', + }) + subdomain?: string; + + @ApiPropertyOptional({ description: 'Dominio personalizado' }) + @IsOptional() + @IsString() + @MaxLength(100) + custom_domain?: string; + + @ApiPropertyOptional({ description: 'Estado inicial', enum: TenantStatus }) + @IsOptional() + @IsEnum(TenantStatus) + status?: TenantStatus; + + @ApiPropertyOptional({ description: 'ID del plan inicial' }) + @IsOptional() + @IsString() + plan_id?: string; +} +``` + +### UpdateTenantDto + +```typescript +// dto/update-tenant.dto.ts +import { IsString, IsOptional, MaxLength, Matches, IsEnum } from 'class-validator'; +import { ApiPropertyOptional } from '@nestjs/swagger'; +import { TenantStatus } from '../entities/tenant.entity'; + +export class UpdateTenantDto { + @ApiPropertyOptional({ description: 'Nombre del tenant' }) + @IsOptional() + @IsString() + @MaxLength(100) + name?: string; + + @ApiPropertyOptional({ description: 'Subdominio' }) + @IsOptional() + @IsString() + @MaxLength(50) + @Matches(/^[a-z0-9-]+$/) + subdomain?: string; + + @ApiPropertyOptional({ description: 'Dominio personalizado' }) + @IsOptional() + @IsString() + @MaxLength(100) + custom_domain?: string; +} + +export class UpdateTenantStatusDto { + @ApiProperty({ enum: TenantStatus }) + @IsEnum(TenantStatus) + status: TenantStatus; + + @ApiPropertyOptional({ description: 'Razon del cambio de estado' }) + @IsOptional() + @IsString() + @MaxLength(500) + reason?: string; +} +``` + +### TenantSettingsDto + +```typescript +// dto/tenant-settings.dto.ts +import { IsObject, IsOptional, ValidateNested } from 'class-validator'; +import { Type } from 'class-transformer'; +import { ApiPropertyOptional } from '@nestjs/swagger'; + +export class CompanySettingsDto { + @IsOptional() + @IsString() + @MaxLength(200) + companyName?: string; + + @IsOptional() + @IsString() + @MaxLength(100) + tradeName?: string; + + @IsOptional() + @IsString() + @MaxLength(50) + taxId?: string; + + @IsOptional() + @IsString() + @MaxLength(500) + address?: string; + + @IsOptional() + @IsString() + @MaxLength(100) + city?: string; + + @IsOptional() + @IsString() + @MaxLength(100) + state?: string; + + @IsOptional() + @IsString() + @MaxLength(2) + country?: string; + + @IsOptional() + @IsString() + @MaxLength(20) + postalCode?: string; + + @IsOptional() + @IsString() + @MaxLength(20) + phone?: string; + + @IsOptional() + @IsEmail() + email?: string; + + @IsOptional() + @IsUrl() + website?: string; +} + +export class BrandingSettingsDto { + @IsOptional() + @IsString() + logo?: string; + + @IsOptional() + @IsString() + logoSmall?: string; + + @IsOptional() + @IsString() + favicon?: string; + + @IsOptional() + @Matches(/^#[0-9A-Fa-f]{6}$/) + primaryColor?: string; + + @IsOptional() + @Matches(/^#[0-9A-Fa-f]{6}$/) + secondaryColor?: string; + + @IsOptional() + @Matches(/^#[0-9A-Fa-f]{6}$/) + accentColor?: string; +} + +export class RegionalSettingsDto { + @IsOptional() + @IsString() + @MaxLength(5) + defaultLanguage?: string; + + @IsOptional() + @IsString() + defaultTimezone?: string; + + @IsOptional() + @IsString() + @MaxLength(3) + defaultCurrency?: string; + + @IsOptional() + @IsString() + dateFormat?: string; + + @IsOptional() + @IsIn(['12h', '24h']) + timeFormat?: string; + + @IsOptional() + @IsString() + numberFormat?: string; + + @IsOptional() + @IsInt() + @Min(0) + @Max(6) + firstDayOfWeek?: number; +} + +export class SecuritySettingsDto { + @IsOptional() + @IsInt() + @Min(6) + @Max(128) + passwordMinLength?: number; + + @IsOptional() + @IsBoolean() + passwordRequireSpecial?: boolean; + + @IsOptional() + @IsInt() + @Min(5) + @Max(1440) + sessionTimeout?: number; + + @IsOptional() + @IsInt() + @Min(3) + @Max(10) + maxLoginAttempts?: number; + + @IsOptional() + @IsInt() + @Min(1) + @Max(1440) + lockoutDuration?: number; + + @IsOptional() + @IsBoolean() + mfaRequired?: boolean; + + @IsOptional() + @IsArray() + @IsString({ each: true }) + ipWhitelist?: string[]; +} + +export class UpdateTenantSettingsDto { + @ApiPropertyOptional() + @IsOptional() + @ValidateNested() + @Type(() => CompanySettingsDto) + company?: CompanySettingsDto; + + @ApiPropertyOptional() + @IsOptional() + @ValidateNested() + @Type(() => BrandingSettingsDto) + branding?: BrandingSettingsDto; + + @ApiPropertyOptional() + @IsOptional() + @ValidateNested() + @Type(() => RegionalSettingsDto) + regional?: RegionalSettingsDto; + + @ApiPropertyOptional() + @IsOptional() + @IsObject() + operational?: Record; + + @ApiPropertyOptional() + @IsOptional() + @ValidateNested() + @Type(() => SecuritySettingsDto) + security?: SecuritySettingsDto; +} +``` + +### Subscription DTOs + +```typescript +// dto/create-subscription.dto.ts +import { IsUUID, IsOptional, IsString } from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; + +export class CreateSubscriptionDto { + @ApiProperty({ description: 'ID del plan' }) + @IsUUID() + plan_id: string; + + @ApiPropertyOptional({ description: 'ID del metodo de pago' }) + @IsOptional() + @IsString() + payment_method_id?: string; +} + +// dto/upgrade-subscription.dto.ts +export class UpgradeSubscriptionDto { + @ApiProperty({ description: 'ID del nuevo plan' }) + @IsUUID() + plan_id: string; + + @ApiPropertyOptional({ description: 'Aplicar inmediatamente' }) + @IsOptional() + @IsBoolean() + apply_immediately?: boolean = true; +} + +// dto/cancel-subscription.dto.ts +export class CancelSubscriptionDto { + @ApiPropertyOptional({ description: 'Razon de cancelacion' }) + @IsOptional() + @IsString() + @MaxLength(500) + reason?: string; + + @ApiPropertyOptional({ description: 'Feedback adicional' }) + @IsOptional() + @IsString() + @MaxLength(2000) + feedback?: string; + + @ApiPropertyOptional({ description: 'Cancelar al fin del periodo' }) + @IsOptional() + @IsBoolean() + cancel_at_period_end?: boolean = true; +} +``` + +### Plan DTOs + +```typescript +// dto/create-plan.dto.ts +import { + IsString, + IsNumber, + IsOptional, + IsBoolean, + IsArray, + IsEnum, + IsInt, + Min, + MaxLength, +} from 'class-validator'; +import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger'; +import { BillingInterval } from '../entities/plan.entity'; + +export class CreatePlanDto { + @ApiProperty({ description: 'Codigo unico del plan' }) + @IsString() + @MaxLength(50) + code: string; + + @ApiProperty({ description: 'Nombre del plan' }) + @IsString() + @MaxLength(100) + name: string; + + @ApiPropertyOptional({ description: 'Descripcion' }) + @IsOptional() + @IsString() + description?: string; + + @ApiProperty({ description: 'Precio' }) + @IsNumber({ maxDecimalPlaces: 2 }) + @Min(0) + price: number; + + @ApiPropertyOptional({ description: 'Moneda', default: 'USD' }) + @IsOptional() + @IsString() + @MaxLength(3) + currency?: string; + + @ApiPropertyOptional({ enum: BillingInterval }) + @IsOptional() + @IsEnum(BillingInterval) + billing_interval?: BillingInterval; + + @ApiProperty({ description: 'Maximo de usuarios' }) + @IsInt() + @Min(1) + max_users: number; + + @ApiProperty({ description: 'Maximo storage en bytes' }) + @IsInt() + @Min(0) + max_storage_bytes: number; + + @ApiProperty({ description: 'Maximo API calls por mes' }) + @IsInt() + @Min(0) + max_api_calls_per_month: number; + + @ApiPropertyOptional({ description: 'Dias de prueba' }) + @IsOptional() + @IsInt() + @Min(0) + trial_days?: number; + + @ApiPropertyOptional({ description: 'Features incluidas' }) + @IsOptional() + @IsArray() + @IsString({ each: true }) + features?: string[]; + + @ApiPropertyOptional({ description: 'IDs de modulos incluidos' }) + @IsOptional() + @IsArray() + @IsUUID('4', { each: true }) + module_ids?: string[]; + + @ApiPropertyOptional({ description: 'Plan publico' }) + @IsOptional() + @IsBoolean() + is_public?: boolean; + + @ApiPropertyOptional({ description: 'Orden de visualizacion' }) + @IsOptional() + @IsInt() + sort_order?: number; +} + +// dto/update-plan.dto.ts +export class UpdatePlanDto extends PartialType( + OmitType(CreatePlanDto, ['code'] as const), +) {} +``` + +--- + +## API Endpoints + +### Tenants (Platform Admin) + +| Metodo | Endpoint | Descripcion | Permisos | +|--------|----------|-------------|----------| +| GET | `/api/v1/platform/tenants` | Listar todos los tenants | `platform:tenants:read` | +| GET | `/api/v1/platform/tenants/:id` | Obtener tenant por ID | `platform:tenants:read` | +| POST | `/api/v1/platform/tenants` | Crear nuevo tenant | `platform:tenants:create` | +| PATCH | `/api/v1/platform/tenants/:id` | Actualizar tenant | `platform:tenants:update` | +| PATCH | `/api/v1/platform/tenants/:id/status` | Cambiar estado | `platform:tenants:update` | +| DELETE | `/api/v1/platform/tenants/:id` | Programar eliminacion | `platform:tenants:delete` | +| POST | `/api/v1/platform/tenants/:id/restore` | Restaurar tenant | `platform:tenants:update` | +| POST | `/api/v1/platform/switch-tenant/:id` | Cambiar contexto a tenant | `platform:tenants:switch` | + +### Tenant Self-Service + +| Metodo | Endpoint | Descripcion | Permisos | +|--------|----------|-------------|----------| +| GET | `/api/v1/tenant` | Obtener mi tenant | `tenants:read` | +| PATCH | `/api/v1/tenant` | Actualizar mi tenant | `tenants:update` | + +### Tenant Settings + +| Metodo | Endpoint | Descripcion | Permisos | +|--------|----------|-------------|----------| +| GET | `/api/v1/tenant/settings` | Obtener configuracion | `settings:read` | +| PATCH | `/api/v1/tenant/settings` | Actualizar configuracion | `settings:update` | +| POST | `/api/v1/tenant/settings/logo` | Subir logo | `settings:update` | +| POST | `/api/v1/tenant/settings/reset` | Resetear a defaults | `settings:update` | + +### Plans + +| Metodo | Endpoint | Descripcion | Permisos | +|--------|----------|-------------|----------| +| GET | `/api/v1/subscription/plans` | Listar planes publicos | Public | +| GET | `/api/v1/subscription/plans/:id` | Obtener plan | Public | +| POST | `/api/v1/platform/plans` | Crear plan | `platform:plans:create` | +| PATCH | `/api/v1/platform/plans/:id` | Actualizar plan | `platform:plans:update` | +| DELETE | `/api/v1/platform/plans/:id` | Desactivar plan | `platform:plans:delete` | + +### Subscriptions + +| Metodo | Endpoint | Descripcion | Permisos | +|--------|----------|-------------|----------| +| GET | `/api/v1/tenant/subscription` | Ver mi subscripcion | `subscriptions:read` | +| POST | `/api/v1/tenant/subscription` | Crear subscripcion | `subscriptions:create` | +| POST | `/api/v1/tenant/subscription/upgrade` | Upgrade de plan | `subscriptions:update` | +| POST | `/api/v1/tenant/subscription/cancel` | Cancelar subscripcion | `subscriptions:update` | +| GET | `/api/v1/tenant/subscription/check-limit` | Verificar limite | `subscriptions:read` | +| GET | `/api/v1/tenant/subscription/usage` | Ver uso actual | `subscriptions:read` | +| GET | `/api/v1/tenant/invoices` | Listar facturas | `invoices:read` | +| GET | `/api/v1/tenant/invoices/:id` | Obtener factura | `invoices:read` | + +--- + +## Services + +### TenantsService + +```typescript +// services/tenants.service.ts +import { Injectable, NotFoundException, ConflictException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, DataSource } from 'typeorm'; +import { Tenant, TenantStatus } from '../entities/tenant.entity'; +import { TenantSettings } from '../entities/tenant-settings.entity'; +import { CreateTenantDto, UpdateTenantDto, UpdateTenantStatusDto } from '../dto'; + +@Injectable() +export class TenantsService { + constructor( + @InjectRepository(Tenant) + private tenantRepository: Repository, + @InjectRepository(TenantSettings) + private settingsRepository: Repository, + private dataSource: DataSource, + ) {} + + async create(dto: CreateTenantDto, createdBy: string): Promise { + // Verificar slug unico + const existing = await this.tenantRepository.findOne({ + where: { slug: dto.slug }, + }); + if (existing) { + throw new ConflictException(`Slug "${dto.slug}" ya existe`); + } + + const queryRunner = this.dataSource.createQueryRunner(); + await queryRunner.connect(); + await queryRunner.startTransaction(); + + try { + // Crear tenant + const tenant = this.tenantRepository.create({ + ...dto, + status: dto.status || TenantStatus.CREATED, + created_by: createdBy, + }); + await queryRunner.manager.save(tenant); + + // Crear settings vacios + const settings = this.settingsRepository.create({ + tenant_id: tenant.id, + }); + await queryRunner.manager.save(settings); + + await queryRunner.commitTransaction(); + + return this.findOne(tenant.id); + } catch (error) { + await queryRunner.rollbackTransaction(); + throw error; + } finally { + await queryRunner.release(); + } + } + + async findAll(filters?: { + status?: TenantStatus; + search?: string; + page?: number; + limit?: number; + }): Promise<{ data: Tenant[]; total: number }> { + const query = this.tenantRepository + .createQueryBuilder('tenant') + .leftJoinAndSelect('tenant.settings', 'settings') + .where('tenant.deleted_at IS NULL'); + + if (filters?.status) { + query.andWhere('tenant.status = :status', { status: filters.status }); + } + + if (filters?.search) { + query.andWhere( + '(tenant.name ILIKE :search OR tenant.slug ILIKE :search)', + { search: `%${filters.search}%` }, + ); + } + + const page = filters?.page || 1; + const limit = filters?.limit || 20; + + const [data, total] = await query + .orderBy('tenant.created_at', 'DESC') + .skip((page - 1) * limit) + .take(limit) + .getManyAndCount(); + + return { data, total }; + } + + async findOne(id: string): Promise { + const tenant = await this.tenantRepository.findOne({ + where: { id, deleted_at: IsNull() }, + relations: ['settings'], + }); + + if (!tenant) { + throw new NotFoundException(`Tenant ${id} no encontrado`); + } + + return tenant; + } + + async findBySlug(slug: string): Promise { + const tenant = await this.tenantRepository.findOne({ + where: { slug, deleted_at: IsNull() }, + relations: ['settings'], + }); + + if (!tenant) { + throw new NotFoundException(`Tenant con slug "${slug}" no encontrado`); + } + + return tenant; + } + + async update(id: string, dto: UpdateTenantDto, updatedBy: string): Promise { + const tenant = await this.findOne(id); + + Object.assign(tenant, dto, { updated_by: updatedBy }); + + await this.tenantRepository.save(tenant); + return this.findOne(id); + } + + async updateStatus( + id: string, + dto: UpdateTenantStatusDto, + updatedBy: string, + ): Promise { + const tenant = await this.findOne(id); + + tenant.status = dto.status; + tenant.updated_by = updatedBy; + + // Manejar transiciones especiales + switch (dto.status) { + case TenantStatus.SUSPENDED: + tenant.suspended_at = new Date(); + tenant.suspension_reason = dto.reason; + break; + case TenantStatus.PENDING_DELETION: + tenant.deletion_scheduled_at = new Date(); + tenant.deletion_scheduled_at.setDate( + tenant.deletion_scheduled_at.getDate() + 30, + ); + break; + case TenantStatus.ACTIVE: + // Limpiar campos de suspension + tenant.suspended_at = null; + tenant.suspension_reason = null; + tenant.deletion_scheduled_at = null; + break; + } + + await this.tenantRepository.save(tenant); + return this.findOne(id); + } + + async softDelete(id: string, deletedBy: string): Promise { + const tenant = await this.findOne(id); + + tenant.status = TenantStatus.PENDING_DELETION; + tenant.deletion_scheduled_at = new Date(); + tenant.deletion_scheduled_at.setDate( + tenant.deletion_scheduled_at.getDate() + 30, + ); + tenant.updated_by = deletedBy; + + await this.tenantRepository.save(tenant); + } + + async restore(id: string, restoredBy: string): Promise { + const tenant = await this.tenantRepository.findOne({ + where: { id }, + }); + + if (!tenant) { + throw new NotFoundException(`Tenant ${id} no encontrado`); + } + + if (tenant.status !== TenantStatus.PENDING_DELETION) { + throw new ConflictException('Solo se pueden restaurar tenants pendientes de eliminacion'); + } + + tenant.status = TenantStatus.ACTIVE; + tenant.deletion_scheduled_at = null; + tenant.deleted_at = null; + tenant.deleted_by = null; + tenant.updated_by = restoredBy; + + await this.tenantRepository.save(tenant); + return this.findOne(id); + } +} +``` + +### TenantSettingsService + +```typescript +// services/tenant-settings.service.ts +import { Injectable, Inject } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository } from 'typeorm'; +import { REQUEST } from '@nestjs/core'; +import { Request } from 'express'; +import { TenantSettings } from '../entities/tenant-settings.entity'; +import { UpdateTenantSettingsDto } from '../dto/tenant-settings.dto'; +import { ConfigService } from '@nestjs/config'; + +@Injectable() +export class TenantSettingsService { + private readonly defaultSettings: Partial; + + constructor( + @InjectRepository(TenantSettings) + private settingsRepository: Repository, + @Inject(REQUEST) + private request: Request, + private configService: ConfigService, + ) { + // Cargar defaults de configuracion + this.defaultSettings = { + company: {}, + branding: { + primaryColor: '#3B82F6', + secondaryColor: '#10B981', + accentColor: '#F59E0B', + }, + regional: { + defaultLanguage: 'es', + defaultTimezone: 'America/Mexico_City', + defaultCurrency: 'MXN', + dateFormat: 'DD/MM/YYYY', + timeFormat: '24h', + numberFormat: 'es-MX', + firstDayOfWeek: 1, + }, + operational: { + fiscalYearStart: '01-01', + workingDays: [1, 2, 3, 4, 5], + businessHoursStart: '09:00', + businessHoursEnd: '18:00', + defaultTaxRate: 16, + }, + security: { + passwordMinLength: 8, + passwordRequireSpecial: true, + sessionTimeout: 30, + maxLoginAttempts: 5, + lockoutDuration: 15, + mfaRequired: false, + ipWhitelist: [], + }, + }; + } + + private get tenantId(): string { + return this.request['tenantId']; + } + + async getSettings(): Promise { + const settings = await this.settingsRepository.findOne({ + where: { tenant_id: this.tenantId }, + }); + + // Merge con defaults + const merged = { + tenant_id: this.tenantId, + company: { ...this.defaultSettings.company, ...settings?.company }, + branding: { ...this.defaultSettings.branding, ...settings?.branding }, + regional: { ...this.defaultSettings.regional, ...settings?.regional }, + operational: { ...this.defaultSettings.operational, ...settings?.operational }, + security: { ...this.defaultSettings.security, ...settings?.security }, + updated_at: settings?.updated_at, + updated_by: settings?.updated_by, + _defaults: this.defaultSettings, + }; + + return merged as any; + } + + async updateSettings( + dto: UpdateTenantSettingsDto, + updatedBy: string, + ): Promise { + let settings = await this.settingsRepository.findOne({ + where: { tenant_id: this.tenantId }, + }); + + if (!settings) { + settings = this.settingsRepository.create({ + tenant_id: this.tenantId, + }); + } + + // Merge parcial de cada seccion + if (dto.company) { + settings.company = { ...settings.company, ...dto.company }; + } + if (dto.branding) { + settings.branding = { ...settings.branding, ...dto.branding }; + } + if (dto.regional) { + settings.regional = { ...settings.regional, ...dto.regional }; + } + if (dto.operational) { + settings.operational = { ...settings.operational, ...dto.operational }; + } + if (dto.security) { + settings.security = { ...settings.security, ...dto.security }; + } + + settings.updated_by = updatedBy; + + await this.settingsRepository.save(settings); + return this.getSettings(); + } + + async resetToDefaults(sections?: string[]): Promise { + const settings = await this.settingsRepository.findOne({ + where: { tenant_id: this.tenantId }, + }); + + if (!settings) { + return this.getSettings(); + } + + const sectionsToReset = sections || ['company', 'branding', 'regional', 'operational', 'security']; + + for (const section of sectionsToReset) { + if (section in settings) { + settings[section] = {}; + } + } + + await this.settingsRepository.save(settings); + return this.getSettings(); + } +} +``` + +### SubscriptionsService + +```typescript +// services/subscriptions.service.ts +import { + Injectable, + NotFoundException, + BadRequestException, + Inject, +} from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository } from 'typeorm'; +import { REQUEST } from '@nestjs/core'; +import { Request } from 'express'; +import { Subscription, SubscriptionStatus } from '../entities/subscription.entity'; +import { Plan } from '../entities/plan.entity'; +import { Tenant, TenantStatus } from '../entities/tenant.entity'; +import { + CreateSubscriptionDto, + UpgradeSubscriptionDto, + CancelSubscriptionDto, +} from '../dto'; +import { BillingService } from './billing.service'; +import { TenantUsageService } from './tenant-usage.service'; + +@Injectable() +export class SubscriptionsService { + constructor( + @InjectRepository(Subscription) + private subscriptionRepository: Repository, + @InjectRepository(Plan) + private planRepository: Repository, + @InjectRepository(Tenant) + private tenantRepository: Repository, + @Inject(REQUEST) + private request: Request, + private billingService: BillingService, + private usageService: TenantUsageService, + ) {} + + private get tenantId(): string { + return this.request['tenantId']; + } + + async getCurrentSubscription(): Promise<{ + subscription: Subscription; + plan: Plan; + usage: any; + }> { + const subscription = await this.subscriptionRepository.findOne({ + where: { tenant_id: this.tenantId }, + relations: ['plan'], + order: { created_at: 'DESC' }, + }); + + if (!subscription) { + throw new NotFoundException('No hay subscripcion activa'); + } + + const usage = await this.usageService.getCurrentUsage(this.tenantId); + + return { + subscription, + plan: subscription.plan, + usage, + }; + } + + async create(dto: CreateSubscriptionDto): Promise { + const plan = await this.planRepository.findOne({ + where: { id: dto.plan_id, is_active: true }, + }); + + if (!plan) { + throw new NotFoundException('Plan no encontrado'); + } + + const now = new Date(); + const periodEnd = new Date(now); + periodEnd.setMonth(periodEnd.getMonth() + 1); + + let status = SubscriptionStatus.ACTIVE; + let trialEnd: Date | null = null; + + if (plan.trial_days > 0) { + status = SubscriptionStatus.TRIAL; + trialEnd = new Date(now); + trialEnd.setDate(trialEnd.getDate() + plan.trial_days); + } + + const subscription = this.subscriptionRepository.create({ + tenant_id: this.tenantId, + plan_id: plan.id, + status, + current_period_start: now, + current_period_end: periodEnd, + trial_end: trialEnd, + payment_method_id: dto.payment_method_id, + }); + + await this.subscriptionRepository.save(subscription); + + // Actualizar estado del tenant + await this.tenantRepository.update(this.tenantId, { + status: status === SubscriptionStatus.TRIAL + ? TenantStatus.TRIAL + : TenantStatus.ACTIVE, + trial_ends_at: trialEnd, + }); + + return this.subscriptionRepository.findOne({ + where: { id: subscription.id }, + relations: ['plan'], + }); + } + + async upgrade(dto: UpgradeSubscriptionDto): Promise { + const { subscription: current } = await this.getCurrentSubscription(); + + const newPlan = await this.planRepository.findOne({ + where: { id: dto.plan_id, is_active: true }, + }); + + if (!newPlan) { + throw new NotFoundException('Plan no encontrado'); + } + + // Calcular prorrateo + const prorationAmount = await this.billingService.calculateProration( + current, + newPlan, + ); + + // Procesar pago si aplica + if (prorationAmount > 0 && current.payment_method_id) { + await this.billingService.chargeProration( + this.tenantId, + current.payment_method_id, + prorationAmount, + ); + } + + // Actualizar subscripcion + current.plan_id = newPlan.id; + current.status = SubscriptionStatus.ACTIVE; + + await this.subscriptionRepository.save(current); + + // Actualizar modulos habilitados + await this.syncTenantModules(newPlan.id); + + return this.subscriptionRepository.findOne({ + where: { id: current.id }, + relations: ['plan'], + }); + } + + async cancel(dto: CancelSubscriptionDto): Promise { + const { subscription } = await this.getCurrentSubscription(); + + subscription.cancel_at_period_end = dto.cancel_at_period_end ?? true; + subscription.canceled_at = new Date(); + subscription.cancellation_reason = dto.reason; + + if (!dto.cancel_at_period_end) { + subscription.status = SubscriptionStatus.CANCELED; + } + + await this.subscriptionRepository.save(subscription); + + return subscription; + } + + async checkLimit(type: string): Promise<{ + type: string; + current: number; + limit: number; + canAdd: boolean; + remaining: number; + upgradeOptions?: Plan[]; + }> { + const { subscription, plan, usage } = await this.getCurrentSubscription(); + + let current: number; + let limit: number; + + switch (type) { + case 'users': + current = usage.users; + limit = plan.max_users; + break; + case 'storage': + current = usage.storageBytes; + limit = Number(plan.max_storage_bytes); + break; + case 'api_calls': + current = usage.apiCallsThisMonth; + limit = plan.max_api_calls_per_month; + break; + default: + throw new BadRequestException(`Tipo de limite desconocido: ${type}`); + } + + const canAdd = current < limit; + const remaining = Math.max(0, limit - current); + + const result = { + type, + current, + limit, + canAdd, + remaining, + }; + + if (!canAdd) { + // Obtener planes con mayor limite + const upgradeOptions = await this.planRepository + .createQueryBuilder('plan') + .where('plan.is_active = true') + .andWhere('plan.is_public = true') + .andWhere( + type === 'users' + ? 'plan.max_users > :limit' + : type === 'storage' + ? 'plan.max_storage_bytes > :limit' + : 'plan.max_api_calls_per_month > :limit', + { limit }, + ) + .orderBy('plan.price', 'ASC') + .take(3) + .getMany(); + + return { ...result, upgradeOptions }; + } + + return result; + } + + async checkModuleAccess(moduleCode: string): Promise { + const { plan } = await this.getCurrentSubscription(); + + const planModule = await this.planRepository + .createQueryBuilder('plan') + .innerJoin('plan.includedModules', 'pm') + .innerJoin('pm.module', 'module') + .where('plan.id = :planId', { planId: plan.id }) + .andWhere('module.code = :moduleCode', { moduleCode }) + .getOne(); + + return !!planModule; + } + + private async syncTenantModules(planId: string): Promise { + // Sincronizar modulos habilitados segun el plan + await this.subscriptionRepository.query( + ` + INSERT INTO core_tenants.tenant_modules (tenant_id, module_id, is_enabled, enabled_at) + SELECT $1, pm.module_id, true, NOW() + FROM core_tenants.plan_modules pm + WHERE pm.plan_id = $2 + ON CONFLICT (tenant_id, module_id) DO UPDATE SET is_enabled = true + `, + [this.tenantId, planId], + ); + } +} +``` + +### TenantUsageService + +```typescript +// services/tenant-usage.service.ts +import { Injectable } from '@nestjs/common'; +import { DataSource } from 'typeorm'; + +export interface TenantUsage { + users: number; + storageBytes: number; + apiCallsThisMonth: number; + apiCallsToday: number; +} + +@Injectable() +export class TenantUsageService { + constructor(private dataSource: DataSource) {} + + async getCurrentUsage(tenantId: string): Promise { + // Contar usuarios activos + const usersResult = await this.dataSource.query( + `SELECT COUNT(*) as count FROM core_users.users + WHERE tenant_id = $1 AND deleted_at IS NULL`, + [tenantId], + ); + + // Obtener storage usado (de alguna tabla de tracking) + const storageResult = await this.dataSource.query( + `SELECT COALESCE(SUM(size_bytes), 0) as total + FROM core_storage.files + WHERE tenant_id = $1 AND deleted_at IS NULL`, + [tenantId], + ); + + // Contar API calls del mes + const startOfMonth = new Date(); + startOfMonth.setDate(1); + startOfMonth.setHours(0, 0, 0, 0); + + const apiCallsResult = await this.dataSource.query( + `SELECT COUNT(*) as count FROM core_audit.api_logs + WHERE tenant_id = $1 AND created_at >= $2`, + [tenantId, startOfMonth], + ); + + // Contar API calls de hoy + const startOfDay = new Date(); + startOfDay.setHours(0, 0, 0, 0); + + const apiCallsTodayResult = await this.dataSource.query( + `SELECT COUNT(*) as count FROM core_audit.api_logs + WHERE tenant_id = $1 AND created_at >= $2`, + [tenantId, startOfDay], + ); + + return { + users: parseInt(usersResult[0].count, 10), + storageBytes: parseInt(storageResult[0].total, 10), + apiCallsThisMonth: parseInt(apiCallsResult[0].count, 10), + apiCallsToday: parseInt(apiCallsTodayResult[0].count, 10), + }; + } + + async getUsageHistory( + tenantId: string, + days: number = 30, + ): Promise> { + const result = await this.dataSource.query( + ` + WITH dates AS ( + SELECT generate_series( + CURRENT_DATE - $2::int, + CURRENT_DATE, + '1 day'::interval + )::date as date + ) + SELECT + d.date, + COALESCE(COUNT(a.id), 0) as api_calls, + 0 as storage -- Placeholder para storage historico + FROM dates d + LEFT JOIN core_audit.api_logs a + ON DATE(a.created_at) = d.date AND a.tenant_id = $1 + GROUP BY d.date + ORDER BY d.date + `, + [tenantId, days], + ); + + return result; + } +} +``` + +--- + +## Guards y Middleware + +### TenantGuard + +```typescript +// guards/tenant.guard.ts +import { + Injectable, + CanActivate, + ExecutionContext, + UnauthorizedException, + ForbiddenException, +} from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { TenantsService } from '../services/tenants.service'; +import { TenantStatus } from '../entities/tenant.entity'; +import { SKIP_TENANT_CHECK } from '../decorators/tenant.decorator'; + +@Injectable() +export class TenantGuard implements CanActivate { + constructor( + private tenantsService: TenantsService, + private reflector: Reflector, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const skipCheck = this.reflector.getAllAndOverride( + SKIP_TENANT_CHECK, + [context.getHandler(), context.getClass()], + ); + + if (skipCheck) { + return true; + } + + const request = context.switchToHttp().getRequest(); + const user = request.user; + + if (!user?.tenantId) { + throw new UnauthorizedException('Tenant no identificado en token'); + } + + try { + const tenant = await this.tenantsService.findOne(user.tenantId); + + // Verificar estado del tenant + const activeStatuses = [ + TenantStatus.TRIAL, + TenantStatus.ACTIVE, + ]; + + if (!activeStatuses.includes(tenant.status)) { + throw new ForbiddenException( + `Tenant ${tenant.status}: acceso denegado`, + ); + } + + // Verificar trial expirado + if ( + tenant.status === TenantStatus.TRIAL && + tenant.trial_ends_at && + new Date() > tenant.trial_ends_at + ) { + throw new ForbiddenException( + 'Periodo de prueba expirado. Por favor actualiza tu subscripcion.', + ); + } + + // Inyectar tenant en request + request.tenant = tenant; + request.tenantId = tenant.id; + + return true; + } catch (error) { + if ( + error instanceof UnauthorizedException || + error instanceof ForbiddenException + ) { + throw error; + } + throw new UnauthorizedException('Tenant no valido'); + } + } +} +``` + +### TenantContextMiddleware + +```typescript +// middleware/tenant-context.middleware.ts +import { Injectable, NestMiddleware } from '@nestjs/common'; +import { DataSource } from 'typeorm'; +import { Request, Response, NextFunction } from 'express'; + +@Injectable() +export class TenantContextMiddleware implements NestMiddleware { + constructor(private dataSource: DataSource) {} + + async use(req: Request, res: Response, next: NextFunction) { + const tenantId = req['tenantId']; + + if (tenantId) { + // Setear variable de sesion PostgreSQL para RLS + // Usar parametrizacion para prevenir SQL injection + await this.dataSource.query( + `SELECT set_config('app.current_tenant_id', $1, true)`, + [tenantId], + ); + } + + next(); + } +} +``` + +### LimitGuard + +```typescript +// guards/limit.guard.ts +import { + Injectable, + CanActivate, + ExecutionContext, + HttpException, + HttpStatus, +} from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { SubscriptionsService } from '../services/subscriptions.service'; +import { CHECK_LIMIT_KEY } from '../decorators/check-limit.decorator'; + +@Injectable() +export class LimitGuard implements CanActivate { + constructor( + private reflector: Reflector, + private subscriptionsService: SubscriptionsService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const limitType = this.reflector.get( + CHECK_LIMIT_KEY, + context.getHandler(), + ); + + if (!limitType) { + return true; + } + + const check = await this.subscriptionsService.checkLimit(limitType); + + if (!check.canAdd) { + throw new HttpException( + { + statusCode: HttpStatus.PAYMENT_REQUIRED, + error: 'Payment Required', + message: `Limite de ${limitType} alcanzado (${check.current}/${check.limit})`, + upgradeOptions: check.upgradeOptions, + }, + HttpStatus.PAYMENT_REQUIRED, + ); + } + + return true; + } +} +``` + +### ModuleGuard + +```typescript +// guards/module.guard.ts +import { + Injectable, + CanActivate, + ExecutionContext, + HttpException, + HttpStatus, +} from '@nestjs/common'; +import { Reflector } from '@nestjs/core'; +import { SubscriptionsService } from '../services/subscriptions.service'; +import { CHECK_MODULE_KEY } from '../decorators/check-module.decorator'; + +@Injectable() +export class ModuleGuard implements CanActivate { + constructor( + private reflector: Reflector, + private subscriptionsService: SubscriptionsService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const moduleCode = this.reflector.get( + CHECK_MODULE_KEY, + context.getHandler(), + ); + + if (!moduleCode) { + return true; + } + + const hasAccess = await this.subscriptionsService.checkModuleAccess(moduleCode); + + if (!hasAccess) { + throw new HttpException( + { + statusCode: HttpStatus.PAYMENT_REQUIRED, + error: 'Payment Required', + message: `El modulo "${moduleCode}" no esta incluido en tu plan`, + }, + HttpStatus.PAYMENT_REQUIRED, + ); + } + + return true; + } +} +``` + +--- + +## Decorators + +```typescript +// decorators/tenant.decorator.ts +import { createParamDecorator, ExecutionContext, SetMetadata } from '@nestjs/common'; + +export const SKIP_TENANT_CHECK = 'skipTenantCheck'; + +export const SkipTenantCheck = () => SetMetadata(SKIP_TENANT_CHECK, true); + +export const CurrentTenant = createParamDecorator( + (data: unknown, ctx: ExecutionContext) => { + const request = ctx.switchToHttp().getRequest(); + return request.tenant; + }, +); + +export const TenantId = createParamDecorator( + (data: unknown, ctx: ExecutionContext) => { + const request = ctx.switchToHttp().getRequest(); + return request.tenantId; + }, +); + +// decorators/check-limit.decorator.ts +import { SetMetadata } from '@nestjs/common'; + +export const CHECK_LIMIT_KEY = 'checkLimit'; +export const CheckLimit = (type: 'users' | 'storage' | 'api_calls') => + SetMetadata(CHECK_LIMIT_KEY, type); + +// decorators/check-module.decorator.ts +import { SetMetadata } from '@nestjs/common'; + +export const CHECK_MODULE_KEY = 'checkModule'; +export const CheckModule = (moduleCode: string) => + SetMetadata(CHECK_MODULE_KEY, moduleCode); +``` + +--- + +## Controllers + +### TenantsController (Platform Admin) + +```typescript +// controllers/platform-tenants.controller.ts +import { + Controller, + Get, + Post, + Patch, + Delete, + Body, + Param, + Query, + ParseUUIDPipe, + HttpCode, + HttpStatus, +} from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { TenantsService } from '../services/tenants.service'; +import { CreateTenantDto, UpdateTenantDto, UpdateTenantStatusDto } from '../dto'; +import { Permissions } from '../../rbac/decorators/permissions.decorator'; +import { CurrentUser } from '../../auth/decorators/current-user.decorator'; +import { TenantStatus } from '../entities/tenant.entity'; + +@ApiTags('Platform - Tenants') +@ApiBearerAuth() +@Controller('platform/tenants') +export class PlatformTenantsController { + constructor(private tenantsService: TenantsService) {} + + @Get() + @Permissions('platform:tenants:read') + @ApiOperation({ summary: 'Listar todos los tenants' }) + async findAll( + @Query('status') status?: TenantStatus, + @Query('search') search?: string, + @Query('page') page?: number, + @Query('limit') limit?: number, + ) { + return this.tenantsService.findAll({ status, search, page, limit }); + } + + @Get(':id') + @Permissions('platform:tenants:read') + @ApiOperation({ summary: 'Obtener tenant por ID' }) + async findOne(@Param('id', ParseUUIDPipe) id: string) { + return this.tenantsService.findOne(id); + } + + @Post() + @Permissions('platform:tenants:create') + @ApiOperation({ summary: 'Crear nuevo tenant' }) + async create( + @Body() dto: CreateTenantDto, + @CurrentUser('id') userId: string, + ) { + return this.tenantsService.create(dto, userId); + } + + @Patch(':id') + @Permissions('platform:tenants:update') + @ApiOperation({ summary: 'Actualizar tenant' }) + async update( + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: UpdateTenantDto, + @CurrentUser('id') userId: string, + ) { + return this.tenantsService.update(id, dto, userId); + } + + @Patch(':id/status') + @Permissions('platform:tenants:update') + @ApiOperation({ summary: 'Cambiar estado del tenant' }) + async updateStatus( + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: UpdateTenantStatusDto, + @CurrentUser('id') userId: string, + ) { + return this.tenantsService.updateStatus(id, dto, userId); + } + + @Delete(':id') + @Permissions('platform:tenants:delete') + @HttpCode(HttpStatus.NO_CONTENT) + @ApiOperation({ summary: 'Programar eliminacion de tenant' }) + async softDelete( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser('id') userId: string, + ) { + await this.tenantsService.softDelete(id, userId); + } + + @Post(':id/restore') + @Permissions('platform:tenants:update') + @ApiOperation({ summary: 'Restaurar tenant pendiente de eliminacion' }) + async restore( + @Param('id', ParseUUIDPipe) id: string, + @CurrentUser('id') userId: string, + ) { + return this.tenantsService.restore(id, userId); + } +} +``` + +### SubscriptionsController + +```typescript +// controllers/subscriptions.controller.ts +import { + Controller, + Get, + Post, + Body, + Query, + HttpCode, + HttpStatus, +} from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { SubscriptionsService } from '../services/subscriptions.service'; +import { + CreateSubscriptionDto, + UpgradeSubscriptionDto, + CancelSubscriptionDto, +} from '../dto'; +import { Permissions } from '../../rbac/decorators/permissions.decorator'; + +@ApiTags('Tenant - Subscriptions') +@ApiBearerAuth() +@Controller('tenant/subscription') +export class SubscriptionsController { + constructor(private subscriptionsService: SubscriptionsService) {} + + @Get() + @Permissions('subscriptions:read') + @ApiOperation({ summary: 'Ver subscripcion actual' }) + async getCurrentSubscription() { + return this.subscriptionsService.getCurrentSubscription(); + } + + @Post() + @Permissions('subscriptions:create') + @ApiOperation({ summary: 'Crear subscripcion' }) + async create(@Body() dto: CreateSubscriptionDto) { + return this.subscriptionsService.create(dto); + } + + @Post('upgrade') + @Permissions('subscriptions:update') + @ApiOperation({ summary: 'Upgrade de plan' }) + async upgrade(@Body() dto: UpgradeSubscriptionDto) { + return this.subscriptionsService.upgrade(dto); + } + + @Post('cancel') + @Permissions('subscriptions:update') + @HttpCode(HttpStatus.OK) + @ApiOperation({ summary: 'Cancelar subscripcion' }) + async cancel(@Body() dto: CancelSubscriptionDto) { + return this.subscriptionsService.cancel(dto); + } + + @Get('check-limit') + @Permissions('subscriptions:read') + @ApiOperation({ summary: 'Verificar limite de uso' }) + async checkLimit(@Query('type') type: string) { + return this.subscriptionsService.checkLimit(type); + } + + @Get('usage') + @Permissions('subscriptions:read') + @ApiOperation({ summary: 'Ver uso actual' }) + async getUsage() { + const { usage } = await this.subscriptionsService.getCurrentSubscription(); + return usage; + } +} +``` + +--- + +## Module Configuration + +```typescript +// tenants.module.ts +import { Module, MiddlewareConsumer, RequestMethod } from '@nestjs/common'; +import { TypeOrmModule } from '@nestjs/typeorm'; +import { APP_GUARD } from '@nestjs/core'; + +// Entities +import { Tenant } from './entities/tenant.entity'; +import { TenantSettings } from './entities/tenant-settings.entity'; +import { Plan } from './entities/plan.entity'; +import { Subscription } from './entities/subscription.entity'; +import { Module as ModuleEntity } from './entities/module.entity'; +import { PlanModule } from './entities/plan-module.entity'; +import { TenantModule as TenantModuleEntity } from './entities/tenant-module.entity'; +import { Invoice } from './entities/invoice.entity'; + +// Services +import { TenantsService } from './services/tenants.service'; +import { TenantSettingsService } from './services/tenant-settings.service'; +import { PlansService } from './services/plans.service'; +import { SubscriptionsService } from './services/subscriptions.service'; +import { TenantUsageService } from './services/tenant-usage.service'; +import { BillingService } from './services/billing.service'; + +// Controllers +import { PlatformTenantsController } from './controllers/platform-tenants.controller'; +import { TenantSettingsController } from './controllers/tenant-settings.controller'; +import { PlansController } from './controllers/plans.controller'; +import { SubscriptionsController } from './controllers/subscriptions.controller'; + +// Guards & Middleware +import { TenantGuard } from './guards/tenant.guard'; +import { LimitGuard } from './guards/limit.guard'; +import { ModuleGuard } from './guards/module.guard'; +import { TenantContextMiddleware } from './middleware/tenant-context.middleware'; + +@Module({ + imports: [ + TypeOrmModule.forFeature([ + Tenant, + TenantSettings, + Plan, + Subscription, + ModuleEntity, + PlanModule, + TenantModuleEntity, + Invoice, + ]), + ], + controllers: [ + PlatformTenantsController, + TenantSettingsController, + PlansController, + SubscriptionsController, + ], + providers: [ + TenantsService, + TenantSettingsService, + PlansService, + SubscriptionsService, + TenantUsageService, + BillingService, + TenantGuard, + LimitGuard, + ModuleGuard, + ], + exports: [ + TenantsService, + TenantSettingsService, + SubscriptionsService, + TenantUsageService, + TenantGuard, + LimitGuard, + ModuleGuard, + ], +}) +export class TenantsModule { + configure(consumer: MiddlewareConsumer) { + consumer + .apply(TenantContextMiddleware) + .forRoutes({ path: '*', method: RequestMethod.ALL }); + } +} +``` + +--- + +## Resumen de Endpoints + +| Categoria | Endpoints | Metodos | +|-----------|-----------|---------| +| Platform Tenants | 8 | GET, POST, PATCH, DELETE | +| Tenant Self-Service | 2 | GET, PATCH | +| Tenant Settings | 4 | GET, PATCH, POST | +| Plans | 5 | GET, POST, PATCH, DELETE | +| Subscriptions | 6 | GET, POST | +| **Total** | **25 endpoints** | | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/BACKLOG-MGN004.md b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/BACKLOG-MGN004.md new file mode 100644 index 0000000..4273f30 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/BACKLOG-MGN004.md @@ -0,0 +1,210 @@ +# Backlog MGN-004: Multi-Tenancy + +## Resumen del Modulo + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-004 | +| **Nombre** | Multi-Tenancy | +| **Total User Stories** | 4 | +| **Total Story Points** | 47 | +| **Estado** | Ready for Development | +| **Fecha** | 2025-12-05 | + +--- + +## User Stories + +| ID | Nombre | Prioridad | SP | Estado | +|----|--------|-----------|-----|--------| +| [US-MGN004-001](./US-MGN004-001.md) | Gestion de Tenants | P0 | 13 | Ready | +| [US-MGN004-002](./US-MGN004-002.md) | Configuracion de Tenant | P0 | 8 | Ready | +| [US-MGN004-003](./US-MGN004-003.md) | Aislamiento de Datos | P0 | 13 | Ready | +| [US-MGN004-004](./US-MGN004-004.md) | Subscripciones y Limites | P1 | 13 | Ready | + +--- + +## Arquitectura Multi-Tenant + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Request Flow │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ 1. HTTP Request │ +│ └─> Authorization: Bearer {JWT} │ +│ │ +│ 2. JwtAuthGuard │ +│ └─> Valida token, extrae user + tenant_id │ +│ │ +│ 3. TenantGuard (US-MGN004-003) │ +│ └─> Verifica tenant activo │ +│ └─> Inyecta tenant en request │ +│ │ +│ 4. TenantContextMiddleware (US-MGN004-003) │ +│ └─> SET app.current_tenant_id = :tenantId │ +│ │ +│ 5. LimitGuard (US-MGN004-004) │ +│ └─> Verifica limites de subscripcion │ +│ │ +│ 6. ModuleGuard (US-MGN004-004) │ +│ └─> Verifica acceso al modulo │ +│ │ +│ 7. RbacGuard (MGN-003) │ +│ └─> Valida permisos del usuario │ +│ │ +│ 8. Controller -> Service -> Repository │ +│ │ +│ 9. PostgreSQL RLS (US-MGN004-003) │ +│ └─> WHERE tenant_id = current_tenant_id() │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Estados del Tenant + +``` + ┌──────────────┐ + │ created │ + └──────┬───────┘ + │ (start trial) + ▼ + ┌──────────────┐ + ┌──────────│ trial │──────────┐ + │ └──────┬───────┘ │ + │ │ │ + │ (pay) │ (expire) │ (convert) + │ │ │ + │ ▼ │ + │ ┌──────────────┐ │ + │ │trial_expired │ │ + │ └──────────────┘ │ + │ │ + ▼ ▼ + ┌──────────────┐ ┌──────────────┐ + │ active │◄────────────────────│ active │ + └──────┬───────┘ (reactivate) └──────┬───────┘ + │ │ + │ (suspend) │ + ▼ │ + ┌──────────────┐ │ + │ suspended │────────────────────────────┘ + └──────┬───────┘ + │ (schedule delete) + ▼ + ┌──────────────────┐ + │ pending_deletion │ + └────────┬─────────┘ + │ (30 days) + ▼ + ┌──────────────┐ + │ deleted │ + └──────────────┘ +``` + +--- + +## Planes de Subscripcion + +| Plan | Usuarios | Storage | Precio | +|------|----------|---------|--------| +| Trial | 5 | 1 GB | Gratis (14 dias) | +| Starter | 10 | 5 GB | $29/mes | +| Professional | 50 | 25 GB | $99/mes | +| Enterprise | Ilimitado | 100 GB | $299/mes | + +--- + +## Distribucion de Story Points + +``` +US-MGN004-001 (Gestion Tenants): ████████████████████████████ 13 SP (28%) +US-MGN004-002 (Configuracion): █████████████████ 8 SP (17%) +US-MGN004-003 (Aislamiento RLS): ████████████████████████████ 13 SP (28%) +US-MGN004-004 (Subscripciones): ████████████████████████████ 13 SP (28%) + ───────────────────────────── + Total: 47 SP +``` + +--- + +## Orden de Implementacion Recomendado + +1. **US-MGN004-003** - Aislamiento de Datos (Base para todo) + - RLS policies + - TenantGuard + - TenantContextMiddleware + - TenantBaseEntity + +2. **US-MGN004-001** - Gestion de Tenants (CRUD basico) + - Entidad Tenant + - TenantsService + - Platform Admin endpoints + +3. **US-MGN004-002** - Configuracion de Tenant + - TenantSettings + - Upload de logos + - Merge con defaults + +4. **US-MGN004-004** - Subscripciones y Limites (Monetizacion) + - Plans, Subscriptions + - LimitGuard, ModuleGuard + - Billing integration + +--- + +## Dependencias con Otros Modulos + +| Modulo | Dependencia | +|--------|-------------| +| MGN-001 Auth | JWT debe incluir tenant_id claim | +| MGN-002 Users | Users deben tener tenant_id | +| MGN-003 RBAC | Roles son per-tenant, permisos de platform admin | + +--- + +## Riesgos Identificados + +| Riesgo | Mitigacion | +|--------|------------| +| RLS mal configurado expone datos | Tests exhaustivos de aislamiento | +| Performance con muchos tenants | Indices compuestos, caching | +| Migracion de datos existentes | Script de migracion con tenant default | +| Complejidad de billing | Integracion con Stripe (proven) | + +--- + +## Definition of Done del Modulo + +- [ ] US-MGN004-001: CRUD de tenants completo +- [ ] US-MGN004-002: Settings funcionando con merge +- [ ] US-MGN004-003: RLS aplicado en TODAS las tablas +- [ ] US-MGN004-003: Tests de aislamiento pasando +- [ ] US-MGN004-004: Planes y limites configurados +- [ ] US-MGN004-004: LimitGuard y ModuleGuard activos +- [ ] Tests unitarios > 80% coverage +- [ ] Tests de aislamiento exhaustivos +- [ ] Security review de RLS aprobado +- [ ] Performance tests con multiples tenants +- [ ] Documentacion Swagger completa + +--- + +## Metricas de Exito + +| Metrica | Objetivo | +|---------|----------| +| Tiempo de respuesta (con RLS) | < 100ms p95 | +| Tests de aislamiento | 100% pass | +| Cobertura de tests | > 80% | +| Vulnerabilidades cross-tenant | 0 | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 US | diff --git a/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-001.md b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-001.md new file mode 100644 index 0000000..e24728b --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-001.md @@ -0,0 +1,184 @@ +# US-MGN004-001: Gestion de Tenants + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN004-001 | +| **Modulo** | MGN-004 Tenants | +| **RF Relacionado** | RF-TENANT-001 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 13 | +| **Sprint** | TBD | + +--- + +## Historia de Usuario + +**Como** Platform Admin +**Quiero** gestionar los tenants de la plataforma (crear, ver, editar, suspender, eliminar) +**Para** administrar las organizaciones que usan el sistema ERP + +--- + +## Criterios de Aceptacion + +### AC-001: Listar tenants + +```gherkin +Given soy Platform Admin autenticado +When accedo a GET /api/v1/platform/tenants +Then veo lista paginada de tenants + And cada tenant muestra: nombre, slug, estado, fecha creacion + And puedo filtrar por estado (created, trial, active, suspended) + And puedo buscar por nombre o slug +``` + +### AC-002: Crear nuevo tenant + +```gherkin +Given soy Platform Admin autenticado +When envio POST /api/v1/platform/tenants con: + | name | slug | subdomain | + | Empresa XYZ | empresa-xyz | xyz | +Then se crea el tenant con estado "created" + And se crean los settings por defecto + And se genera registro de auditoria +``` + +### AC-003: Validacion de slug unico + +```gherkin +Given existe tenant con slug "empresa-abc" +When intento crear tenant con slug "empresa-abc" +Then el sistema responde con status 409 + And el mensaje indica que el slug ya existe +``` + +### AC-004: Ver detalle de tenant + +```gherkin +Given soy Platform Admin autenticado + And existe tenant "tenant-123" +When accedo a GET /api/v1/platform/tenants/tenant-123 +Then veo toda la informacion del tenant + And incluye: nombre, slug, subdominio, estado, fechas + And incluye: subscripcion actual, uso de recursos +``` + +### AC-005: Actualizar tenant + +```gherkin +Given soy Platform Admin autenticado + And existe tenant "tenant-123" con nombre "Empresa Original" +When envio PATCH /api/v1/platform/tenants/tenant-123 con: + | name | subdominio | + | Empresa Nueva | nuevo | +Then el nombre cambia a "Empresa Nueva" + And el subdominio cambia a "nuevo" + And se actualiza updated_at y updated_by +``` + +### AC-006: Suspender tenant + +```gherkin +Given soy Platform Admin autenticado + And tenant "tenant-123" esta activo +When cambio estado a "suspended" con razon "Falta de pago" +Then el estado cambia a "suspended" + And se registra suspended_at y suspension_reason + And usuarios del tenant no pueden acceder +``` + +### AC-007: Reactivar tenant suspendido + +```gherkin +Given soy Platform Admin autenticado + And tenant "tenant-123" esta suspendido +When cambio estado a "active" +Then el estado cambia a "active" + And se limpian campos de suspension + And usuarios pueden acceder nuevamente +``` + +### AC-008: Programar eliminacion + +```gherkin +Given soy Platform Admin autenticado + And tenant "tenant-123" existe +When envio DELETE /api/v1/platform/tenants/tenant-123 +Then el estado cambia a "pending_deletion" + And se programa eliminacion en 30 dias + And se notifica al owner del tenant +``` + +### AC-009: Restaurar tenant pendiente de eliminacion + +```gherkin +Given soy Platform Admin autenticado + And tenant "tenant-123" esta en "pending_deletion" +When envio POST /api/v1/platform/tenants/tenant-123/restore +Then el estado cambia a "active" + And se cancela la eliminacion programada +``` + +### AC-010: Cambiar contexto a tenant (switch) + +```gherkin +Given soy Platform Admin autenticado +When envio POST /api/v1/platform/switch-tenant/tenant-123 +Then mi contexto cambia a tenant "tenant-123" + And puedo ver datos de ese tenant + And la accion queda auditada +``` + +--- + +## Tareas Tecnicas + +| ID | Tarea | Estimacion | +|----|-------|------------| +| T-001 | Crear entidad Tenant con TypeORM | 1 SP | +| T-002 | Implementar TenantsService CRUD | 3 SP | +| T-003 | Implementar PlatformTenantsController | 2 SP | +| T-004 | Crear DTOs con validaciones | 1 SP | +| T-005 | Implementar transicion de estados | 2 SP | +| T-006 | Implementar switch tenant | 2 SP | +| T-007 | Tests unitarios | 2 SP | +| **Total** | | **13 SP** | + +--- + +## Notas de Implementacion + +- Estados validos: created -> trial -> active -> suspended -> pending_deletion -> deleted +- Solo Platform Admin puede gestionar tenants +- Switch tenant debe quedar en logs de auditoria +- Eliminacion real solo despues de 30 dias de grace period + +--- + +## Mockup de Referencia + +Ver RF-TENANT-001.md seccion Mockup. + +--- + +## Dependencias + +| Tipo | Descripcion | +|------|-------------| +| Backend | Schema core_tenants creado | +| Auth | JWT con claims de platform_admin | +| Audit | Sistema de auditoria funcionando | + +--- + +## Definition of Done + +- [ ] Endpoints implementados y documentados en Swagger +- [ ] Validaciones de DTOs completas +- [ ] Transiciones de estado implementadas +- [ ] Tests unitarios con >80% coverage +- [ ] Code review aprobado +- [ ] Logs de auditoria funcionando diff --git a/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-002.md b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-002.md new file mode 100644 index 0000000..954a670 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-002.md @@ -0,0 +1,178 @@ +# US-MGN004-002: Configuracion de Tenant + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN004-002 | +| **Modulo** | MGN-004 Tenants | +| **RF Relacionado** | RF-TENANT-002 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 8 | +| **Sprint** | TBD | + +--- + +## Historia de Usuario + +**Como** Tenant Admin +**Quiero** configurar la informacion de mi organizacion (empresa, branding, regional, seguridad) +**Para** personalizar el sistema segun las necesidades de mi empresa + +--- + +## Criterios de Aceptacion + +### AC-001: Ver configuracion actual + +```gherkin +Given soy Tenant Admin autenticado +When accedo a GET /api/v1/tenant/settings +Then veo configuracion completa organizada en secciones: + | company | branding | regional | operational | security | + And valores propios sobrescriben defaults + And se indica cuales son valores heredados +``` + +### AC-002: Actualizar informacion de empresa + +```gherkin +Given soy Tenant Admin autenticado +When envio PATCH /api/v1/tenant/settings con: + | company.companyName | company.taxId | + | Mi Empresa S.A. | MEMP850101ABC | +Then se actualizan los campos enviados + And otros campos de company no se modifican + And se actualiza updated_at y updated_by +``` + +### AC-003: Personalizar branding + +```gherkin +Given soy Tenant Admin autenticado +When actualizo branding con: + | primaryColor | secondaryColor | + | #FF5733 | #33FF57 | +Then los colores se guardan + And la UI refleja los nuevos colores +``` + +### AC-004: Subir logo + +```gherkin +Given soy Tenant Admin autenticado +When envio POST /api/v1/tenant/settings/logo con imagen PNG de 500KB +Then el logo se almacena en storage + And se genera version thumbnail + And se actualiza branding.logo con URL + And el logo aparece en la UI +``` + +### AC-005: Validar formato y tamano de logo + +```gherkin +Given soy Tenant Admin autenticado +When intento subir logo de 10MB +Then el sistema responde con status 400 + And el mensaje indica "Tamano maximo: 5MB" +``` + +### AC-006: Configurar zona horaria + +```gherkin +Given soy Tenant Admin autenticado +When actualizo regional.defaultTimezone a "America/New_York" +Then las fechas se muestran en hora de Nueva York + And los reportes usan esa zona horaria +``` + +### AC-007: Configurar politicas de seguridad + +```gherkin +Given soy Tenant Admin autenticado +When actualizo security con: + | passwordMinLength | mfaRequired | + | 12 | true | +Then nuevos usuarios deben usar password de 12+ caracteres + And se requiere MFA para todos los usuarios + And usuarios existentes deben activar MFA en siguiente login +``` + +### AC-008: Resetear a valores por defecto + +```gherkin +Given soy Tenant Admin con branding personalizado +When envio POST /api/v1/tenant/settings/reset con: + | sections | ["branding"] | +Then branding vuelve a valores por defecto de plataforma + And otras secciones no se modifican +``` + +### AC-009: Validacion de campos + +```gherkin +Given soy Tenant Admin autenticado +When envio color con formato invalido "#GGG" +Then el sistema responde con status 400 + And el mensaje indica formato invalido +``` + +### AC-010: Herencia de defaults + +```gherkin +Given tenant sin configuracion de dateFormat + And plataforma tiene default "DD/MM/YYYY" +When consulto settings +Then dateFormat muestra "DD/MM/YYYY" + And se indica que es valor heredado (_inherited) +``` + +--- + +## Tareas Tecnicas + +| ID | Tarea | Estimacion | +|----|-------|------------| +| T-001 | Crear entidad TenantSettings | 1 SP | +| T-002 | Implementar TenantSettingsService | 2 SP | +| T-003 | Implementar merge con defaults | 1 SP | +| T-004 | Crear endpoint de upload de logo | 1 SP | +| T-005 | Implementar reset a defaults | 1 SP | +| T-006 | Tests unitarios | 2 SP | +| **Total** | | **8 SP** | + +--- + +## Notas de Implementacion + +- Settings se almacenan como JSONB en PostgreSQL +- Merge inteligente: solo sobrescribir campos enviados +- Logo se almacena en storage externo (S3, GCS, etc.) +- Cambios de seguridad aplican en siguiente login + +--- + +## Mockup de Referencia + +Ver RF-TENANT-002.md seccion Mockup. + +--- + +## Dependencias + +| Tipo | Descripcion | +|------|-------------| +| Backend | Tenant existente (US-MGN004-001) | +| Storage | Servicio de storage configurado | +| Config | Defaults de plataforma definidos | + +--- + +## Definition of Done + +- [ ] CRUD de settings funcionando +- [ ] Merge con defaults implementado +- [ ] Upload de logo con validaciones +- [ ] Reset a defaults funcionando +- [ ] Validaciones de DTOs completas +- [ ] Tests unitarios con >80% coverage diff --git a/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-003.md b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-003.md new file mode 100644 index 0000000..aad30c0 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-003.md @@ -0,0 +1,205 @@ +# US-MGN004-003: Aislamiento de Datos Multi-Tenant + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN004-003 | +| **Modulo** | MGN-004 Tenants | +| **RF Relacionado** | RF-TENANT-003 | +| **Prioridad** | P0 - Critica | +| **Story Points** | 13 | +| **Sprint** | TBD | + +--- + +## Historia de Usuario + +**Como** Usuario del sistema +**Quiero** que mis datos esten completamente aislados de otros tenants +**Para** garantizar la seguridad y privacidad de la informacion de mi organizacion + +--- + +## Criterios de Aceptacion + +### AC-001: Usuario solo ve datos de su tenant + +```gherkin +Given usuario de Tenant A autenticado + And 100 productos en Tenant A + And 50 productos en Tenant B +When consulta GET /api/v1/products +Then solo ve los 100 productos de Tenant A + And no ve ningun producto de Tenant B +``` + +### AC-002: No acceso a recurso de otro tenant + +```gherkin +Given usuario de Tenant A autenticado + And producto "P-001" pertenece a Tenant B +When intenta GET /api/v1/products/P-001 +Then el sistema responde con status 404 + And el mensaje es "Recurso no encontrado" + And NO revela que el recurso existe en otro tenant +``` + +### AC-003: Asignacion automatica de tenant_id + +```gherkin +Given usuario de Tenant A autenticado +When crea un producto sin especificar tenant_id +Then el sistema asigna automaticamente tenant_id de Tenant A + And el producto queda en Tenant A +``` + +### AC-004: No permitir modificar tenant_id + +```gherkin +Given usuario de Tenant A autenticado + And producto existente en Tenant A +When intenta actualizar tenant_id a Tenant B +Then el sistema responde con status 400 + And el mensaje es "No se puede cambiar el tenant de un recurso" +``` + +### AC-005: RLS previene acceso sin contexto + +```gherkin +Given conexion a base de datos sin app.current_tenant_id +When se ejecuta SELECT * FROM core_users.users +Then el resultado es vacio + And no se produce error + And RLS previene acceso a datos +``` + +### AC-006: TenantGuard valida tenant activo + +```gherkin +Given usuario con token JWT valido + And tenant en estado "suspended" +When intenta acceder a cualquier endpoint +Then el sistema responde con status 403 + And el mensaje indica "Tenant suspendido" +``` + +### AC-007: TenantGuard detecta trial expirado + +```gherkin +Given usuario de tenant en estado "trial" + And trial_ends_at fue hace 2 dias +When intenta acceder a cualquier endpoint +Then el sistema responde con status 403 + And el mensaje indica "Periodo de prueba expirado" +``` + +### AC-008: Platform Admin switch explicito + +```gherkin +Given Platform Admin autenticado + And tiene acceso a todos los tenants +When NO ha hecho switch a ningun tenant +Then no puede ver datos de ningun tenant + And debe hacer POST /api/v1/platform/switch-tenant/:id primero +``` + +### AC-009: Middleware setea contexto PostgreSQL + +```gherkin +Given request autenticado con tenant_id en JWT +When pasa por TenantContextMiddleware +Then se ejecuta SET app.current_tenant_id = :tenantId + And todas las queries posteriores filtran por ese tenant +``` + +### AC-010: Indices optimizados por tenant + +```gherkin +Given tabla users con 1M registros distribuidos en 100 tenants +When usuario de Tenant A busca por email +Then la query usa indice compuesto (tenant_id, email) + And tiempo de respuesta < 50ms +``` + +--- + +## Tareas Tecnicas + +| ID | Tarea | Estimacion | +|----|-------|------------| +| T-001 | Crear migracion RLS policies | 3 SP | +| T-002 | Implementar TenantGuard | 2 SP | +| T-003 | Implementar TenantContextMiddleware | 2 SP | +| T-004 | Crear TenantBaseEntity | 1 SP | +| T-005 | Crear TenantAwareService base | 2 SP | +| T-006 | Tests de aislamiento | 3 SP | +| **Total** | | **13 SP** | + +--- + +## Notas de Implementacion + +### Migracion RLS + +```sql +-- Habilitar RLS en tablas +ALTER TABLE core_users.users ENABLE ROW LEVEL SECURITY; + +-- Funcion para obtener tenant actual +CREATE OR REPLACE FUNCTION current_tenant_id() +RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('app.current_tenant_id', true), '')::UUID; +END; +$$ LANGUAGE plpgsql STABLE; + +-- Politica de SELECT +CREATE POLICY tenant_isolation_select ON core_users.users + FOR SELECT USING (tenant_id = current_tenant_id()); + +-- Politica de INSERT +CREATE POLICY tenant_isolation_insert ON core_users.users + FOR INSERT WITH CHECK (tenant_id = current_tenant_id()); +``` + +### TenantBaseEntity + +```typescript +export abstract class TenantBaseEntity { + @Column({ name: 'tenant_id' }) + tenantId: string; + + @ManyToOne(() => Tenant) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; +} +``` + +--- + +## Mockup de Referencia + +Ver RF-TENANT-003.md diagramas de arquitectura. + +--- + +## Dependencias + +| Tipo | Descripcion | +|------|-------------| +| Database | PostgreSQL 12+ con RLS | +| Auth | JWT con tenant_id claim | +| Backend | Schema core_tenants creado | + +--- + +## Definition of Done + +- [ ] RLS habilitado en TODAS las tablas de negocio +- [ ] TenantGuard implementado y aplicado globalmente +- [ ] TenantContextMiddleware seteando variable de sesion +- [ ] Tests de aislamiento pasando (cross-tenant access blocked) +- [ ] Performance test con queries filtradas por tenant +- [ ] Security review aprobado +- [ ] Documentacion de patrones para nuevas tablas diff --git a/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-004.md b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-004.md new file mode 100644 index 0000000..b5a3933 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/historias-usuario/US-MGN004-004.md @@ -0,0 +1,211 @@ +# US-MGN004-004: Subscripciones y Limites + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | US-MGN004-004 | +| **Modulo** | MGN-004 Tenants | +| **RF Relacionado** | RF-TENANT-004 | +| **Prioridad** | P1 - Alta | +| **Story Points** | 13 | +| **Sprint** | TBD | + +--- + +## Historia de Usuario + +**Como** Tenant Admin +**Quiero** gestionar la subscripcion de mi organizacion y ver los limites de uso +**Para** controlar los costos y asegurar que tengo los recursos necesarios + +--- + +## Criterios de Aceptacion + +### AC-001: Ver subscripcion actual + +```gherkin +Given soy Tenant Admin autenticado + And tengo plan Professional activo +When accedo a GET /api/v1/tenant/subscription +Then veo: + | plan | Professional | + | price | $99 USD/mes | + | status | active | + | nextRenewal | 01/01/2026 | + And veo uso actual vs limites +``` + +### AC-002: Ver uso de recursos + +```gherkin +Given soy Tenant Admin con plan Professional (50 usuarios, 25GB) + And tengo 35 usuarios activos y 18GB usado +When consulto GET /api/v1/tenant/subscription/usage +Then veo: + | recurso | actual | limite | porcentaje | + | usuarios | 35 | 50 | 70% | + | storage | 18GB | 25GB | 72% | + | apiCalls | 5000 | 50000 | 10% | +``` + +### AC-003: Bloqueo por limite de usuarios + +```gherkin +Given tenant con plan Starter (10 usuarios) + And 10 usuarios activos (100%) +When Admin intenta crear usuario #11 +Then el sistema responde con status 402 + And el mensaje indica limite alcanzado + And sugiere planes con mayor limite +``` + +### AC-004: Bloqueo por modulo no incluido + +```gherkin +Given tenant con plan Starter (sin CRM) +When usuario intenta GET /api/v1/crm/contacts +Then el sistema responde con status 402 + And el mensaje indica modulo no disponible + And sugiere planes que incluyen CRM +``` + +### AC-005: Ver planes disponibles + +```gherkin +Given soy usuario autenticado +When accedo a GET /api/v1/subscription/plans +Then veo lista de planes publicos + And cada plan muestra: nombre, precio, limites, features + And puedo comparar con mi plan actual +``` + +### AC-006: Upgrade de plan + +```gherkin +Given tenant en Starter ($29/mes) al dia 15 del mes +When solicito upgrade a Professional ($99/mes) +Then sistema calcula prorrateo: $35 (15 dias de diferencia) + And proceso pago de $35 + And plan cambia inmediatamente a Professional + And nuevos limites aplican de inmediato +``` + +### AC-007: Cancelar subscripcion + +```gherkin +Given soy Tenant Admin con subscripcion activa +When solicito cancelar subscripcion +Then sistema muestra encuesta de salida + And confirmo cancelacion + And subscripcion se marca cancel_at_period_end = true + And acceso continua hasta fin de periodo pagado +``` + +### AC-008: Trial expira + +```gherkin +Given tenant en Trial de 14 dias +When pasan los 14 dias sin subscribirse +Then estado cambia a "trial_expired" + And usuarios no pueden acceder (excepto admin para subscribirse) + And datos se conservan +``` + +### AC-009: Verificar limite antes de accion + +```gherkin +Given endpoint que crea usuarios + And tiene decorador @CheckLimit('users') +When se ejecuta la accion +Then LimitGuard verifica limite automaticamente + And si excede, retorna 402 antes de ejecutar logica +``` + +### AC-010: Ver historial de facturas + +```gherkin +Given soy Tenant Admin autenticado +When accedo a GET /api/v1/tenant/invoices +Then veo lista de facturas: + | fecha | concepto | monto | estado | + | 01/12/2025 | Professional - Dic | $99.00 | Pagado | + And puedo descargar PDF de cada factura +``` + +--- + +## Tareas Tecnicas + +| ID | Tarea | Estimacion | +|----|-------|------------| +| T-001 | Crear entidades Plan, Subscription, Invoice | 2 SP | +| T-002 | Implementar SubscriptionsService | 3 SP | +| T-003 | Implementar LimitGuard | 2 SP | +| T-004 | Implementar ModuleGuard | 1 SP | +| T-005 | Implementar TenantUsageService | 2 SP | +| T-006 | Crear endpoints de subscripcion | 2 SP | +| T-007 | Tests unitarios | 2 SP | +| **Total** | | **14 SP** | + +--- + +## Notas de Implementacion + +### Decorador CheckLimit + +```typescript +@Post() +@CheckLimit('users') +create(@Body() dto: CreateUserDto) { } +``` + +### Decorador CheckModule + +```typescript +@Get() +@CheckModule('crm') +findAllContacts() { } +``` + +### Response 402 Payment Required + +```json +{ + "statusCode": 402, + "error": "Payment Required", + "message": "Limite de usuarios alcanzado (10/10)", + "upgradeOptions": [ + { "planId": "...", "name": "Professional", "newLimit": 50 } + ] +} +``` + +--- + +## Mockup de Referencia + +Ver RF-TENANT-004.md seccion Mockup. + +--- + +## Dependencias + +| Tipo | Descripcion | +|------|-------------| +| Backend | Tenants y Settings (US-MGN004-001, US-MGN004-002) | +| Payment | Integracion con Stripe/PayPal (futuro) | +| Scheduler | Jobs para renovacion y notificaciones | + +--- + +## Definition of Done + +- [ ] Planes y subscripciones funcionando +- [ ] LimitGuard bloqueando excesos +- [ ] ModuleGuard verificando acceso a modulos +- [ ] Upgrade/downgrade funcionando +- [ ] Calculo de prorrateo correcto +- [ ] Historial de facturas visible +- [ ] Tests unitarios con >80% coverage diff --git a/docs/01-fase-foundation/MGN-004-tenants/implementacion/TRACEABILITY.yml b/docs/01-fase-foundation/MGN-004-tenants/implementacion/TRACEABILITY.yml new file mode 100644 index 0000000..f4fd176 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/implementacion/TRACEABILITY.yml @@ -0,0 +1,553 @@ +# TRACEABILITY.yml - MGN-004: Multi-tenant +# Matriz de trazabilidad: Documentacion -> Codigo +# Ubicacion: docs/01-fase-foundation/MGN-004-tenants/implementacion/ + +epic_code: MGN-004 +epic_name: Multi-tenant +phase: 1 +phase_name: Foundation +story_points: 35 +status: documented + +# ============================================================================= +# DOCUMENTACION +# ============================================================================= + +documentation: + + requirements: + - id: RF-TENANT-001 + file: ../requerimientos/RF-TENANT-001.md + title: CRUD de Tenants + priority: P0 + status: migrated + description: | + Crear, leer, actualizar y eliminar tenants (organizaciones). + Cada tenant tiene nombre, slug, dominio y configuracion. + + - id: RF-TENANT-002 + file: ../requerimientos/RF-TENANT-002.md + title: Configuracion por Tenant + priority: P0 + status: migrated + description: | + Configuracion personalizada: moneda, zona horaria, + formato de fecha, configuracion fiscal, modulos habilitados. + + - id: RF-TENANT-003 + file: ../requerimientos/RF-TENANT-003.md + title: Planes y Suscripciones + priority: P1 + status: migrated + description: | + Definicion de planes con features y limites. + Suscripciones de tenants a planes. + + - id: RF-TENANT-004 + file: ../requerimientos/RF-TENANT-004.md + title: Aislamiento RLS + priority: P0 + status: migrated + description: | + Row Level Security en PostgreSQL para aislar datos. + Contexto de tenant en cada request. + + requirements_index: + file: ../requerimientos/INDICE-RF-TENANT.md + status: migrated + + specifications: + - id: ET-TENANTS-001 + file: ../especificaciones/ET-tenants-backend.md + title: Backend Tenants + rf: [RF-TENANT-001, RF-TENANT-002, RF-TENANT-003, RF-TENANT-004] + status: migrated + + - id: ET-TENANTS-002 + file: ../especificaciones/ET-TENANT-database.md + title: Database Tenants + rf: [RF-TENANT-001, RF-TENANT-002, RF-TENANT-003, RF-TENANT-004] + status: migrated + + user_stories: + - id: US-MGN004-001 + file: ../historias-usuario/US-MGN004-001.md + title: Crear Tenant + rf: [RF-TENANT-001] + story_points: 8 + status: migrated + + - id: US-MGN004-002 + file: ../historias-usuario/US-MGN004-002.md + title: Configurar Tenant + rf: [RF-TENANT-002] + story_points: 5 + status: migrated + + - id: US-MGN004-003 + file: ../historias-usuario/US-MGN004-003.md + title: Gestionar Suscripcion + rf: [RF-TENANT-003] + story_points: 8 + status: migrated + + - id: US-MGN004-004 + file: ../historias-usuario/US-MGN004-004.md + title: Cambiar Plan + rf: [RF-TENANT-003] + story_points: 5 + status: migrated + + backlog: + file: ../historias-usuario/BACKLOG-MGN004.md + status: migrated + +# ============================================================================= +# IMPLEMENTACION +# ============================================================================= + +implementation: + + database: + schema: core_tenants + path: apps/database/ddl/schemas/core_tenants/ + + tables: + - name: tenants + file: apps/database/ddl/schemas/core_tenants/tables/tenants.sql + rf: RF-TENANTS-001 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: name, type: VARCHAR(200)} + - {name: slug, type: VARCHAR(100), unique: true} + - {name: domain, type: VARCHAR(255)} + - {name: logo_url, type: TEXT} + - {name: settings, type: JSONB} + - {name: is_active, type: BOOLEAN} + - {name: trial_ends_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + - {name: deleted_at, type: TIMESTAMPTZ} + indexes: + - idx_tenants_slug + - idx_tenants_domain + + - name: tenant_settings + file: apps/database/ddl/schemas/core_tenants/tables/tenant_settings.sql + rf: RF-TENANTS-002 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: tenant_id, type: UUID, fk: tenants, unique: true} + - {name: currency, type: VARCHAR(3)} + - {name: timezone, type: VARCHAR(50)} + - {name: date_format, type: VARCHAR(20)} + - {name: fiscal_config, type: JSONB} + - {name: modules_enabled, type: JSONB} + - {name: created_at, type: TIMESTAMPTZ} + - {name: updated_at, type: TIMESTAMPTZ} + + - name: plans + file: apps/database/ddl/schemas/core_tenants/tables/plans.sql + rf: RF-TENANTS-003 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: name, type: VARCHAR(100)} + - {name: slug, type: VARCHAR(50), unique: true} + - {name: description, type: TEXT} + - {name: price_monthly, type: DECIMAL(10,2)} + - {name: price_yearly, type: DECIMAL(10,2)} + - {name: features, type: JSONB} + - {name: limits, type: JSONB} + - {name: is_active, type: BOOLEAN} + - {name: created_at, type: TIMESTAMPTZ} + + - name: subscriptions + file: apps/database/ddl/schemas/core_tenants/tables/subscriptions.sql + rf: RF-TENANTS-003 + status: pending + columns: + - {name: id, type: UUID, pk: true} + - {name: tenant_id, type: UUID, fk: tenants} + - {name: plan_id, type: UUID, fk: plans} + - {name: status, type: VARCHAR(20)} + - {name: starts_at, type: TIMESTAMPTZ} + - {name: ends_at, type: TIMESTAMPTZ} + - {name: canceled_at, type: TIMESTAMPTZ} + - {name: created_at, type: TIMESTAMPTZ} + indexes: + - idx_subscriptions_tenant + - idx_subscriptions_status + + rls_policies: + - name: tenant_isolation + description: Politica base para aislamiento de datos + rf: RF-TENANTS-004 + status: pending + tables: ALL + definition: | + CREATE POLICY tenant_isolation ON {table} + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + + functions: + - name: set_tenant_context + file: apps/database/ddl/schemas/core_tenants/functions/set_tenant_context.sql + rf: RF-TENANTS-004 + status: pending + params: [p_tenant_id UUID] + returns: VOID + description: Establece contexto de tenant para RLS + + - name: create_tenant_with_defaults + file: apps/database/ddl/schemas/core_tenants/functions/create_tenant_with_defaults.sql + rf: RF-TENANTS-005 + status: pending + params: [p_name VARCHAR, p_slug VARCHAR, p_admin_user_id UUID] + returns: UUID + description: Crea tenant con datos iniciales y roles + + backend: + module: tenants + path: apps/backend/src/modules/tenants/ + framework: NestJS + + entities: + - name: Tenant + file: apps/backend/src/modules/tenants/entities/tenant.entity.ts + rf: RF-TENANTS-001 + status: pending + + - name: TenantSettings + file: apps/backend/src/modules/tenants/entities/tenant-settings.entity.ts + rf: RF-TENANTS-002 + status: pending + + - name: Plan + file: apps/backend/src/modules/tenants/entities/plan.entity.ts + rf: RF-TENANTS-003 + status: pending + + - name: Subscription + file: apps/backend/src/modules/tenants/entities/subscription.entity.ts + rf: RF-TENANTS-003 + status: pending + + services: + - name: TenantsService + file: apps/backend/src/modules/tenants/tenants.service.ts + rf: [RF-TENANTS-001, RF-TENANTS-005] + status: pending + methods: + - {name: create, rf: RF-TENANTS-001} + - {name: findAll, rf: RF-TENANTS-001} + - {name: findOne, rf: RF-TENANTS-001} + - {name: findBySlug, rf: RF-TENANTS-001} + - {name: update, rf: RF-TENANTS-001} + - {name: remove, rf: RF-TENANTS-001} + - {name: onboard, rf: RF-TENANTS-005} + + - name: TenantSettingsService + file: apps/backend/src/modules/tenants/tenant-settings.service.ts + rf: [RF-TENANTS-002] + status: pending + methods: + - {name: getSettings, rf: RF-TENANTS-002} + - {name: updateSettings, rf: RF-TENANTS-002} + + - name: PlansService + file: apps/backend/src/modules/tenants/plans.service.ts + rf: [RF-TENANTS-003] + status: pending + methods: + - {name: findAll, rf: RF-TENANTS-003} + - {name: findOne, rf: RF-TENANTS-003} + + - name: SubscriptionsService + file: apps/backend/src/modules/tenants/subscriptions.service.ts + rf: [RF-TENANTS-003] + status: pending + methods: + - {name: create, rf: RF-TENANTS-003} + - {name: getCurrentSubscription, rf: RF-TENANTS-003} + - {name: changePlan, rf: RF-TENANTS-003} + - {name: cancel, rf: RF-TENANTS-003} + + middleware: + - name: TenantMiddleware + file: apps/backend/src/modules/tenants/middleware/tenant.middleware.ts + rf: RF-TENANTS-004 + status: pending + description: | + Extrae tenant_id del JWT y establece contexto. + SET LOCAL app.current_tenant_id = '{uuid}' + + guards: + - name: TenantGuard + file: apps/backend/src/modules/tenants/guards/tenant.guard.ts + rf: RF-TENANTS-004 + status: pending + description: Verifica que tenant este activo + + - name: SubscriptionGuard + file: apps/backend/src/modules/tenants/guards/subscription.guard.ts + rf: RF-TENANTS-003 + status: pending + description: Verifica que suscripcion este activa + + controllers: + - name: TenantsController + file: apps/backend/src/modules/tenants/tenants.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/tenants + rf: RF-TENANTS-001 + description: Listar tenants (super admin) + + - method: POST + path: /api/v1/tenants + rf: RF-TENANTS-001 + description: Crear tenant + + - method: GET + path: /api/v1/tenants/:id + rf: RF-TENANTS-001 + description: Obtener tenant + + - method: PATCH + path: /api/v1/tenants/:id + rf: RF-TENANTS-001 + description: Actualizar tenant + + - method: GET + path: /api/v1/tenants/current + rf: RF-TENANTS-001 + description: Tenant actual del usuario + + - method: GET + path: /api/v1/tenants/current/settings + rf: RF-TENANTS-002 + description: Configuracion del tenant + + - method: PATCH + path: /api/v1/tenants/current/settings + rf: RF-TENANTS-002 + description: Actualizar configuracion + + - name: PlansController + file: apps/backend/src/modules/tenants/plans.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/plans + rf: RF-TENANTS-003 + description: Listar planes disponibles + + - method: GET + path: /api/v1/plans/:id + rf: RF-TENANTS-003 + description: Detalle de plan + + - name: SubscriptionsController + file: apps/backend/src/modules/tenants/subscriptions.controller.ts + status: pending + endpoints: + - method: GET + path: /api/v1/subscriptions/current + rf: RF-TENANTS-003 + description: Suscripcion actual + + - method: POST + path: /api/v1/subscriptions + rf: RF-TENANTS-003 + description: Crear suscripcion + + - method: PATCH + path: /api/v1/subscriptions/current/plan + rf: RF-TENANTS-003 + description: Cambiar plan + + - method: POST + path: /api/v1/subscriptions/current/cancel + rf: RF-TENANTS-003 + description: Cancelar suscripcion + + decorators: + - name: CurrentTenant + file: apps/backend/src/modules/tenants/decorators/current-tenant.decorator.ts + rf: RF-TENANTS-004 + status: pending + description: Inyecta tenant actual del request + + frontend: + feature: tenants + path: apps/frontend/src/features/tenants/ + framework: React + + pages: + - name: TenantsPage + file: apps/frontend/src/features/tenants/pages/TenantsPage.tsx + rf: RF-TENANTS-001 + status: pending + route: /admin/tenants + description: Lista de tenants (super admin) + + - name: TenantSettingsPage + file: apps/frontend/src/features/tenants/pages/TenantSettingsPage.tsx + rf: RF-TENANTS-002 + status: pending + route: /settings/organization + + - name: OnboardingPage + file: apps/frontend/src/features/tenants/pages/OnboardingPage.tsx + rf: RF-TENANTS-005 + status: pending + route: /onboarding + + - name: PlansPage + file: apps/frontend/src/features/tenants/pages/PlansPage.tsx + rf: RF-TENANTS-003 + status: pending + route: /settings/subscription + + components: + - name: TenantSettingsForm + file: apps/frontend/src/features/tenants/components/TenantSettingsForm.tsx + rf: RF-TENANTS-002 + status: pending + + - name: OnboardingWizard + file: apps/frontend/src/features/tenants/components/OnboardingWizard.tsx + rf: RF-TENANTS-005 + status: pending + + - name: PlanCard + file: apps/frontend/src/features/tenants/components/PlanCard.tsx + rf: RF-TENANTS-003 + status: pending + + - name: SubscriptionStatus + file: apps/frontend/src/features/tenants/components/SubscriptionStatus.tsx + rf: RF-TENANTS-003 + status: pending + + stores: + - name: tenantStore + file: apps/frontend/src/features/tenants/stores/tenantStore.ts + rf: [RF-TENANTS-001, RF-TENANTS-002] + status: pending + state: + - {name: currentTenant, type: "Tenant | null"} + - {name: settings, type: "TenantSettings | null"} + - {name: subscription, type: "Subscription | null"} + actions: + - fetchCurrentTenant + - updateSettings + - changePlan + + hooks: + - name: useTenant + file: apps/frontend/src/features/tenants/hooks/useTenant.ts + rf: RF-TENANTS-001 + status: pending + description: Hook para acceder a tenant actual + + - name: useSubscription + file: apps/frontend/src/features/tenants/hooks/useSubscription.ts + rf: RF-TENANTS-003 + status: pending + description: Hook para verificar features del plan + +# ============================================================================= +# DEPENDENCIAS +# ============================================================================= + +dependencies: + depends_on: + - module: MGN-001 + type: hard + reason: Tenant ID se incluye en JWT + - module: MGN-002 + type: hard + reason: Usuarios pertenecen a tenants + - module: MGN-003 + type: hard + reason: Roles son por tenant + + required_by: + - module: MGN-005 + type: hard + reason: Catalogos son por tenant + - module: MGN-006 + type: hard + reason: Inventario por tenant + - module: MGN-007 + type: hard + reason: Ventas por tenant + - module: ALL_BUSINESS + type: hard + reason: Todos los datos son por tenant + +# ============================================================================= +# TESTS +# ============================================================================= + +tests: + unit: + - name: TenantsService.spec.ts + file: apps/backend/src/modules/tenants/__tests__/tenants.service.spec.ts + status: pending + cases: 12 + + - name: SubscriptionsService.spec.ts + file: apps/backend/src/modules/tenants/__tests__/subscriptions.service.spec.ts + status: pending + cases: 8 + + - name: TenantMiddleware.spec.ts + file: apps/backend/src/modules/tenants/__tests__/tenant.middleware.spec.ts + status: pending + cases: 6 + + integration: + - name: tenants.controller.e2e.spec.ts + file: apps/backend/test/tenants/tenants.controller.e2e.spec.ts + status: pending + cases: 15 + + - name: rls-isolation.e2e.spec.ts + file: apps/backend/test/tenants/rls-isolation.e2e.spec.ts + status: pending + cases: 10 + description: Tests de aislamiento RLS entre tenants + + coverage: + target: 80% + current: 0% + +# ============================================================================= +# METRICAS +# ============================================================================= + +metrics: + story_points: + estimated: 35 + actual: null + + files: + database: 8 + backend: 20 + frontend: 12 + tests: 8 + total: 48 + +# ============================================================================= +# HISTORIAL +# ============================================================================= + +history: + - date: "2025-12-05" + action: "Creacion de TRACEABILITY.yml" + author: Requirements-Analyst diff --git a/docs/01-fase-foundation/MGN-004-tenants/requerimientos/INDICE-RF-TENANT.md b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/INDICE-RF-TENANT.md new file mode 100644 index 0000000..276bbd0 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/INDICE-RF-TENANT.md @@ -0,0 +1,271 @@ +# Indice de Requerimientos Funcionales - MGN-004 Tenants + +## Resumen del Modulo + +| Campo | Valor | +|-------|-------| +| **Modulo** | MGN-004 | +| **Nombre** | Tenants (Multi-Tenancy) | +| **Descripcion** | Arquitectura multi-tenant con aislamiento de datos | +| **Total RFs** | 4 | +| **Story Points** | 100 | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Lista de Requerimientos + +| ID | Nombre | Prioridad | SP | Estado | +|----|--------|-----------|-----|--------| +| [RF-TENANT-001](./RF-TENANT-001.md) | Gestion de Tenants | P0 | 29 | Ready | +| [RF-TENANT-002](./RF-TENANT-002.md) | Configuracion de Tenant | P0 | 19 | Ready | +| [RF-TENANT-003](./RF-TENANT-003.md) | Aislamiento de Datos | P0 | 20 | Ready | +| [RF-TENANT-004](./RF-TENANT-004.md) | Subscripciones y Limites | P1 | 32 | Ready | + +--- + +## Diagrama de Arquitectura Multi-Tenant + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Platform Layer │ +├─────────────────────────────────────────────────────────────────┤ +│ Platform Admin UI │ API Gateway │ Auth Service │ +│ (Gestion tenants) │ (Routing) │ (JWT + tenant) │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ Application Layer │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ +│ │ TenantGuard │ │ RbacGuard │ │LimitGuard │ │ +│ │(Contexto) │ │ (Permisos) │ │(Subscripcion)│ │ +│ └─────────────┘ └─────────────┘ └─────────────┘ │ +│ │ +│ ┌─────────────────────────────────────────────────────────────┐│ +│ │ TenantAwareServices ││ +│ │ (Todos los servicios heredan contexto de tenant) ││ +│ └─────────────────────────────────────────────────────────────┘│ +│ │ +└─────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌─────────────────────────────────────────────────────────────────┐ +│ Data Layer │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ PostgreSQL Database (Shared) │ +│ │ +│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │ +│ │ Tenant A │ │ Tenant B │ │ Tenant C │ │ +│ │ tenant_id │ │ tenant_id │ │ tenant_id │ │ +│ │ =uuid-a │ │ =uuid-b │ │ =uuid-c │ │ +│ └─────────────┘ └─────────────┘ └─────────────┘ │ +│ │ +│ Row Level Security (RLS) - Aislamiento automatico │ +│ SET app.current_tenant_id = 'tenant-uuid' │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Flujo de Request Multi-Tenant + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ Request Flow │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ 1. Request HTTP │ +│ └─> Authorization: Bearer {JWT con tenant_id} │ +│ │ +│ 2. JwtAuthGuard │ +│ └─> Valida token, extrae user + tenant_id │ +│ │ +│ 3. TenantGuard │ +│ └─> Verifica tenant activo │ +│ └─> Inyecta tenant en request │ +│ │ +│ 4. TenantContextMiddleware │ +│ └─> SET app.current_tenant_id = :tenantId │ +│ │ +│ 5. LimitGuard (si aplica) │ +│ └─> Verifica limites de subscripcion │ +│ │ +│ 6. RbacGuard │ +│ └─> Valida permisos del usuario │ +│ │ +│ 7. Controller │ +│ └─> Ejecuta logica de negocio │ +│ │ +│ 8. TenantAwareService │ +│ └─> Automaticamente filtra por tenant │ +│ │ +│ 9. PostgreSQL RLS │ +│ └─> Ultima linea de defensa │ +│ └─> WHERE tenant_id = current_setting('app.current_tenant_id')│ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Estados del Tenant + +``` + ┌──────────────┐ + │ created │ + └──────┬───────┘ + │ + ▼ + ┌──────────────┐ + ┌──────────│ trial │──────────┐ + │ └──────┬───────┘ │ + │ │ │ + │ (upgrade) │ (trial expires) │ (convert) + │ │ │ + │ ▼ │ + │ ┌──────────────┐ │ + │ │trial_expired │ │ + │ └──────────────┘ │ + │ │ + ▼ ▼ + ┌──────────────┐ ┌──────────────┐ + │ active │◄────────────────────│ active │ + └──────┬───────┘ (reactivate) └──────┬───────┘ + │ │ + │ (suspend) │ + │ │ + ▼ │ + ┌──────────────┐ │ + │ suspended │────────────────────────────┘ + └──────┬───────┘ + │ + │ (schedule delete) + ▼ + ┌──────────────────┐ + │ pending_deletion │ + └────────┬─────────┘ + │ + │ (30 days grace) + ▼ + ┌──────────────┐ + │ deleted │ + └──────────────┘ +``` + +--- + +## Planes de Subscripcion + +| Plan | Usuarios | Storage | Modulos | API Calls | Precio | +|------|----------|---------|---------|-----------|--------| +| **Trial** | 5 | 1 GB | Basicos | 1K/mes | Gratis | +| **Starter** | 10 | 5 GB | Basicos | 10K/mes | $29/mes | +| **Professional** | 50 | 25 GB | Standard | 50K/mes | $99/mes | +| **Enterprise** | ∞ | 100 GB | Premium | 500K/mes | $299/mes | +| **Custom** | Config | Config | Config | Config | Cotizacion | + +--- + +## Tablas de Base de Datos + +| Tabla | Descripcion | +|-------|-------------| +| tenants | Tenants registrados | +| tenant_settings | Configuracion de cada tenant (JSONB) | +| subscriptions | Subscripciones activas y pasadas | +| plans | Planes de subscripcion disponibles | +| invoices | Historial de facturacion | +| tenant_modules | Modulos activos por tenant | + +--- + +## Estimacion Total + +| Capa | Story Points | +|------|--------------| +| Backend: CRUD Tenants | 12 | +| Backend: Settings | 7 | +| Backend: RLS & Guards | 15 | +| Backend: Subscriptions | 15 | +| Backend: Billing | 10 | +| Backend: Tests | 12 | +| Frontend: Platform Admin | 15 | +| Frontend: Tenant Settings | 8 | +| Frontend: Subscription UI | 8 | +| Frontend: Tests | 6 | +| **Total** | **108 SP** | + +> Nota: Los 100 SP indicados en resumen corresponden a la suma de RF individuales. + +--- + +## Definition of Done del Modulo + +- [ ] RF-TENANT-001: CRUD de tenants funcional +- [ ] RF-TENANT-002: Settings por tenant operativos +- [ ] RF-TENANT-003: RLS aplicado en TODAS las tablas +- [ ] RF-TENANT-003: Tests de aislamiento pasando +- [ ] RF-TENANT-004: Planes y limites configurados +- [ ] RF-TENANT-004: Enforcement de limites activo +- [ ] Platform Admin UI completa +- [ ] Tests unitarios > 80% coverage +- [ ] Tests de aislamiento exhaustivos +- [ ] Security review de RLS aprobado +- [ ] Performance tests con multiples tenants + +--- + +## Consideraciones de Seguridad + +### Aislamiento de Datos + +- RLS como ultima linea de defensa +- Validacion en TODAS las capas +- Nunca confiar en input del cliente +- Auditar accesos cross-tenant + +### Platform Admin + +- Autenticacion separada +- 2FA obligatorio +- Logs de todas las acciones +- Switch de tenant explicito y auditado + +### Datos Sensibles + +- Encriptar datos sensibles por tenant +- Claves de encriptacion por tenant +- Backups separados (opcional enterprise) + +--- + +## Notas de Implementacion + +### Orden Recomendado + +1. **Primero**: RF-TENANT-003 (RLS) - Base para todo lo demas +2. **Segundo**: RF-TENANT-001 (CRUD) - Crear tenants +3. **Tercero**: RF-TENANT-002 (Settings) - Configurar tenants +4. **Cuarto**: RF-TENANT-004 (Subscriptions) - Monetizacion + +### Migracion de Datos Existentes + +Si hay datos sin tenant_id: +1. Crear tenant "default" +2. Asignar todos los datos al default +3. Habilitar RLS +4. Migrar datos a tenants especificos + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial con 4 RFs | diff --git a/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-001.md b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-001.md new file mode 100644 index 0000000..5a3278d --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-001.md @@ -0,0 +1,396 @@ +# RF-TENANT-001: Gestion de Tenants + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-TENANT-001 | +| **Modulo** | MGN-004 Tenants | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe soportar una arquitectura multi-tenant donde cada organizacion (tenant) tiene su propio espacio aislado de datos. Los super administradores pueden crear, gestionar y eliminar tenants. Cada tenant tiene su propia configuracion, usuarios, roles y datos de negocio completamente aislados. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Platform Admin | Administrador de la plataforma, gestiona todos los tenants | +| Tenant Admin | Administrador de un tenant especifico | +| Sistema | Procesos automaticos de gestion de tenants | + +--- + +## Precondiciones + +1. Platform Admin autenticado con permisos de plataforma +2. Sistema de base de datos configurado con soporte para schemas/RLS + +--- + +## Flujo Principal + +### Crear Tenant + +``` +1. Platform Admin accede a Panel de Plataforma > Tenants +2. Click en "Nuevo Tenant" +3. Sistema muestra formulario: + - Nombre de la organizacion + - Slug (URL-friendly identifier) + - Email del admin inicial + - Plan de subscripcion + - Modulos a activar +4. Admin completa datos +5. Click en "Crear Tenant" +6. Sistema valida unicidad del slug +7. Sistema crea el tenant en base de datos +8. Sistema crea usuario admin inicial +9. Sistema asigna roles built-in al tenant +10. Sistema configura RLS policies +11. Sistema envia email de bienvenida al admin +12. Sistema muestra confirmacion +``` + +### Listar Tenants + +``` +1. Platform Admin accede a Panel de Plataforma > Tenants +2. Sistema muestra tabla con: + - Nombre del tenant + - Slug + - Plan de subscripcion + - Estado (active, suspended, trial) + - Usuarios activos + - Fecha de creacion + - Ultimo acceso +3. Admin puede filtrar por estado, plan +4. Admin puede buscar por nombre o slug +``` + +### Ver Detalle de Tenant + +``` +1. Platform Admin click en un tenant +2. Sistema muestra: + - Informacion basica + - Estadisticas de uso + - Lista de usuarios + - Modulos activos + - Historial de facturacion + - Logs de actividad +``` + +### Suspender Tenant + +``` +1. Platform Admin click en "Suspender" de un tenant +2. Sistema muestra dialogo de confirmacion +3. Admin selecciona razon de suspension +4. Admin confirma +5. Sistema cambia estado a "suspended" +6. Sistema revoca todos los tokens activos +7. Sistema envia notificacion al admin del tenant +8. Usuarios del tenant no pueden acceder +``` + +### Eliminar Tenant + +``` +1. Platform Admin click en "Eliminar" de un tenant +2. Sistema muestra advertencia severa +3. Admin debe escribir el slug del tenant para confirmar +4. Sistema programa eliminacion (grace period 30 dias) +5. Sistema notifica al admin del tenant +6. Despues del grace period, sistema elimina datos +``` + +--- + +## Flujos Alternativos + +### FA1: Slug duplicado + +``` +1. En paso 6 del flujo crear +2. Sistema detecta slug ya existe +3. Sistema sugiere alternativas disponibles +4. Admin selecciona o modifica +5. Continua desde paso 5 +``` + +### FA2: Reactivar tenant suspendido + +``` +1. Platform Admin accede a tenant suspendido +2. Click en "Reactivar" +3. Sistema verifica estado de cuenta +4. Si hay problemas de pago, muestra opcion de resolver +5. Sistema cambia estado a "active" +6. Usuarios pueden acceder nuevamente +``` + +### FA3: Cancelar eliminacion programada + +``` +1. Dentro del grace period +2. Platform Admin accede al tenant marcado para eliminacion +3. Click en "Cancelar eliminacion" +4. Sistema restaura estado anterior +5. Notifica al admin del tenant +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Slug de tenant unico globalmente | +| RN-002 | Slug: 3-50 caracteres, lowercase, alfanumerico con guiones | +| RN-003 | Cada tenant debe tener al menos un admin | +| RN-004 | Suspension inmediata, eliminacion con grace period | +| RN-005 | Grace period de eliminacion: 30 dias | +| RN-006 | Datos de tenant eliminado son irrecuperables | +| RN-007 | Un tenant puede tener maximo segun plan (ej: 100 usuarios en plan basico) | +| RN-008 | Tenant trial expira en 14 dias | + +--- + +## Estados del Tenant + +``` + ┌─────────┐ + │ trial │ + └────┬────┘ + │ (subscription) + ▼ + (reactivate) ┌─────────┐ (suspend) + ┌─────────│ active │─────────┐ + │ └────┬────┘ │ + │ │ ▼ + │ │ ┌───────────┐ + │ │ │ suspended │ + │ │ └─────┬─────┘ + │ │ │ + └──────────────┼──────────────┘ + │ (delete) + ▼ + ┌─────────────────┐ + │ pending_deletion│ + └────────┬────────┘ + │ (30 days) + ▼ + ┌──────────┐ + │ deleted │ + └──────────┘ +``` + +--- + +## Criterios de Aceptacion + +### Escenario 1: Crear tenant exitosamente + +```gherkin +Given un Platform Admin autenticado +When crea un tenant con: + | name | Empresa ABC | + | slug | empresa-abc | + | email | admin@empresaabc.com | + | plan | professional | +Then el sistema crea el tenant + And crea usuario admin con email proporcionado + And asigna roles built-in al tenant + And envia email de bienvenida + And responde con status 201 +``` + +### Escenario 2: Listar tenants con filtros + +```gherkin +Given 50 tenants en la plataforma +When Platform Admin filtra por status="active" y plan="professional" +Then el sistema retorna solo tenants activos con plan professional + And incluye metricas de cada tenant +``` + +### Escenario 3: No crear tenant con slug duplicado + +```gherkin +Given un tenant existente con slug "empresa-abc" +When se intenta crear otro con slug "empresa-abc" +Then el sistema responde con status 409 + And sugiere slugs alternativos +``` + +### Escenario 4: Suspender tenant + +```gherkin +Given un tenant activo "empresa-abc" con 10 usuarios +When Platform Admin lo suspende por "falta_pago" +Then el estado cambia a "suspended" + And los 10 usuarios no pueden acceder + And se envia email al admin del tenant +``` + +### Escenario 5: Grace period de eliminacion + +```gherkin +Given un tenant marcado para eliminacion hace 25 dias +When han pasado 30 dias desde la marca +Then el sistema elimina permanentemente los datos + And el slug queda disponible para reusar +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Platform Admin - Tenants [+ Nuevo Tenant] | ++------------------------------------------------------------------+ +| Buscar: [___________________] [Estado: Todos ▼] [Plan: Todos ▼] | ++------------------------------------------------------------------+ +| | Nombre | Slug | Plan | Estado | Usuarios | ⚙ | +|---|----------------|-------------|--------|--------|----------|-----| +| | Empresa ABC | empresa-abc | Pro | Active | 45 | 👁✏🗑| +| | Comercial XYZ | comercial | Basic | Active | 12 | 👁✏🗑| +| | Demo Company | demo-co | Trial | Trial | 3 | 👁✏🗑| +| | Old Client | old-client | Basic | Susp. | 0 | 👁✏⚠ | ++------------------------------------------------------------------+ +| Mostrando 1-4 de 50 [< Anterior] [Siguiente >]| ++------------------------------------------------------------------+ + +Modal: Crear Tenant +┌──────────────────────────────────────────────────────────────────┐ +│ NUEVO TENANT │ +├──────────────────────────────────────────────────────────────────┤ +│ Nombre* [_______________________________] │ +│ Slug* [_______________________________] │ +│ URL: https://erp.com/empresa-abc │ +│ │ +│ ADMIN INICIAL │ +│ Email* [_______________________________] │ +│ Nombre [_______________________________] │ +│ │ +│ SUBSCRIPCION │ +│ Plan [Professional ▼] │ +│ Periodo trial [14 dias ▼] │ +│ │ +│ MODULOS │ +│ ☑ Auth ☑ Users ☑ Roles │ +│ ☑ Inventory ☑ Financial ☐ CRM │ +│ ☑ Reports ☐ Advanced ☐ API │ +│ │ +│ [ Cancelar ] [ Crear Tenant ] │ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Crear tenant (Platform Admin only) +POST /api/v1/platform/tenants +{ + "name": "Empresa ABC", + "slug": "empresa-abc", + "adminEmail": "admin@empresaabc.com", + "adminName": "Juan Perez", + "planId": "plan-professional", + "moduleIds": ["mod-auth", "mod-users", "mod-inventory"], + "trialDays": 14 +} + +// Response 201 +{ + "id": "tenant-uuid", + "name": "Empresa ABC", + "slug": "empresa-abc", + "status": "trial", + "plan": { "id": "...", "name": "Professional" }, + "admin": { "id": "...", "email": "admin@empresaabc.com" }, + "trialEndsAt": "2025-12-19T00:00:00Z", + "createdAt": "2025-12-05T10:00:00Z" +} + +// Listar tenants +GET /api/v1/platform/tenants?status=active&plan=professional&page=1&limit=20 + +// Ver detalle +GET /api/v1/platform/tenants/:id + +// Actualizar tenant +PATCH /api/v1/platform/tenants/:id + +// Suspender tenant +POST /api/v1/platform/tenants/:id/suspend +{ "reason": "payment_failed", "notes": "Invoice #123 unpaid" } + +// Reactivar tenant +POST /api/v1/platform/tenants/:id/reactivate + +// Programar eliminacion +POST /api/v1/platform/tenants/:id/schedule-deletion + +// Cancelar eliminacion +POST /api/v1/platform/tenants/:id/cancel-deletion + +// Eliminar inmediatamente (solo desarrollo) +DELETE /api/v1/platform/tenants/:id?force=true +``` + +### Validaciones + +| Campo | Regla | +|-------|-------| +| name | Required, 3-100 chars | +| slug | Required, 3-50 chars, lowercase, unique | +| adminEmail | Required, valid email, unique | +| planId | Required, plan existente | + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-AUTH-001 | Para crear usuario admin | +| RF-ROLE-001 | Para crear roles built-in | +| Database | Soporte para RLS o schemas separados | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: CRUD endpoints | 5 | +| Backend: Lifecycle (suspend/delete) | 4 | +| Backend: Tenant provisioning | 5 | +| Backend: Tests | 3 | +| Frontend: TenantsListPage | 4 | +| Frontend: TenantForm | 3 | +| Frontend: TenantDetail | 3 | +| Frontend: Tests | 2 | +| **Total** | **29 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-002.md b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-002.md new file mode 100644 index 0000000..111e919 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-002.md @@ -0,0 +1,370 @@ +# RF-TENANT-002: Configuracion de Tenant + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-TENANT-002 | +| **Modulo** | MGN-004 Tenants | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe permitir a los administradores de cada tenant personalizar la configuracion de su organizacion, incluyendo informacion de la empresa, branding, configuraciones regionales, y parametros operativos. Esta configuracion afecta el comportamiento del sistema para todos los usuarios del tenant. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Tenant Admin | Administrador del tenant que configura | +| Platform Admin | Puede modificar configuracion de cualquier tenant | + +--- + +## Precondiciones + +1. Usuario autenticado con permiso `tenants:update` o `settings:update` +2. Tenant activo + +--- + +## Categorias de Configuracion + +### 1. Informacion de la Empresa + +| Campo | Descripcion | Ejemplo | +|-------|-------------|---------| +| companyName | Nombre legal | Empresa ABC S.A. de C.V. | +| tradeName | Nombre comercial | ABC Corp | +| taxId | RFC/NIT/RUC | EABC850101ABC | +| address | Direccion fiscal | Av. Principal #123 | +| city | Ciudad | Ciudad de Mexico | +| state | Estado/Provincia | CDMX | +| country | Pais | MX | +| postalCode | Codigo postal | 06600 | +| phone | Telefono principal | +52 55 1234 5678 | +| email | Email de contacto | contacto@empresaabc.com | +| website | Sitio web | https://empresaabc.com | + +### 2. Branding + +| Campo | Descripcion | Ejemplo | +|-------|-------------|---------| +| logo | Logo principal | URL/base64 | +| logoSmall | Logo pequeno/icono | URL/base64 | +| favicon | Favicon | URL/base64 | +| primaryColor | Color primario | #3B82F6 | +| secondaryColor | Color secundario | #10B981 | +| accentColor | Color de acento | #F59E0B | + +### 3. Configuracion Regional + +| Campo | Descripcion | Ejemplo | +|-------|-------------|---------| +| defaultLanguage | Idioma por defecto | es | +| defaultTimezone | Zona horaria | America/Mexico_City | +| defaultCurrency | Moneda por defecto | MXN | +| dateFormat | Formato de fecha | DD/MM/YYYY | +| timeFormat | Formato de hora | 24h | +| numberFormat | Formato numerico | es-MX | +| firstDayOfWeek | Primer dia semana | 1 (Lunes) | + +### 4. Configuracion Operativa + +| Campo | Descripcion | Ejemplo | +|-------|-------------|---------| +| fiscalYearStart | Inicio ano fiscal | 01-01 | +| workingDays | Dias laborables | [1,2,3,4,5] | +| businessHoursStart | Inicio horario | 09:00 | +| businessHoursEnd | Fin horario | 18:00 | +| defaultTaxRate | Tasa impuesto default | 16 | +| invoicePrefix | Prefijo facturas | FAC- | +| invoiceNextNumber | Siguiente numero | 1001 | + +### 5. Configuracion de Seguridad + +| Campo | Descripcion | Ejemplo | +|-------|-------------|---------| +| passwordMinLength | Longitud minima pass | 8 | +| passwordRequireSpecial | Requerir especiales | true | +| sessionTimeout | Timeout sesion (min) | 30 | +| maxLoginAttempts | Intentos maximos | 5 | +| lockoutDuration | Duracion bloqueo (min) | 15 | +| mfaRequired | MFA obligatorio | false | +| ipWhitelist | IPs permitidas | [] | + +--- + +## Flujo Principal + +### Ver Configuracion + +``` +1. Tenant Admin accede a Configuracion > Empresa +2. Sistema muestra configuracion actual organizada en tabs: + - Informacion General + - Branding + - Regional + - Operaciones + - Seguridad +3. Admin puede navegar entre tabs +``` + +### Actualizar Configuracion + +``` +1. Admin modifica campos deseados +2. Sistema valida en tiempo real +3. Admin click en "Guardar Cambios" +4. Sistema valida todos los campos +5. Sistema guarda configuracion +6. Sistema aplica cambios (algunos requieren recarga) +7. Sistema muestra confirmacion +``` + +### Subir Logo + +``` +1. Admin click en "Cambiar Logo" +2. Sistema muestra modal de upload +3. Admin selecciona imagen +4. Sistema valida formato y tamano +5. Sistema genera versiones (original, thumbnail) +6. Sistema actualiza logo +7. Cambio visible inmediatamente en UI +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Configuracion se hereda de defaults de plataforma | +| RN-002 | Tenant puede sobrescribir cualquier default | +| RN-003 | Algunos campos requieren validacion especial (taxId por pais) | +| RN-004 | Logo: max 5MB, formatos JPG/PNG/SVG | +| RN-005 | Colores deben ser hex validos | +| RN-006 | Cambios de seguridad aplican en siguiente login | +| RN-007 | IP Whitelist vacia = sin restriccion | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Ver configuracion actual + +```gherkin +Given un Tenant Admin autenticado +When accede a GET /api/v1/tenant/settings +Then el sistema retorna configuracion completa + And incluye valores del tenant + And incluye defaults de plataforma donde no hay override +``` + +### Escenario 2: Actualizar informacion de empresa + +```gherkin +Given un Tenant Admin autenticado +When actualiza companyName a "Nueva Empresa S.A." +Then el sistema guarda el cambio + And retorna configuracion actualizada + And el nombre aparece en toda la UI del tenant +``` + +### Escenario 3: Personalizar branding + +```gherkin +Given un Tenant Admin con configuracion default +When sube un logo y cambia primaryColor a "#FF5733" +Then el sistema guarda el logo en storage + And actualiza el color primario + And la UI refleja los cambios de branding +``` + +### Escenario 4: Configuracion de seguridad + +```gherkin +Given configuracion de seguridad actual +When Tenant Admin establece passwordMinLength=12 +Then el sistema guarda la configuracion + And nuevas contrasenas deben tener minimo 12 caracteres + And usuarios existentes no son afectados hasta cambio de pass +``` + +### Escenario 5: Herencia de defaults + +```gherkin +Given tenant sin configuracion de timezone + And plataforma con default "America/Mexico_City" +When se consulta configuracion del tenant +Then timezone muestra "America/Mexico_City" + And se indica que es valor heredado (no override) +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Configuracion de Empresa | ++------------------------------------------------------------------+ +| [General] [Branding] [Regional] [Operaciones] [Seguridad] | ++------------------------------------------------------------------+ +| | +| Tab: General | +| ┌─────────────────────────────────────────────────────────────┐ | +| │ INFORMACION LEGAL │ | +| │ │ | +| │ Razon Social [Empresa ABC S.A. de C.V. ] │ | +| │ Nombre Comercial [ABC Corp ] │ | +| │ RFC [EABC850101ABC ] │ | +| │ │ | +| │ DIRECCION FISCAL │ | +| │ │ | +| │ Direccion [Av. Principal #123 ] │ | +| │ Ciudad [Ciudad de Mexico ] │ | +| │ Estado [CDMX ▼] │ | +| │ Codigo Postal [06600 ] │ | +| │ Pais [Mexico ▼] │ | +| │ │ | +| │ CONTACTO │ | +| │ │ | +| │ Telefono [+52 55 1234 5678 ] │ | +| │ Email [contacto@empresaabc.com ] │ | +| │ Sitio Web [https://empresaabc.com ] │ | +| └─────────────────────────────────────────────────────────────┘ | +| | +| [ Cancelar ] [ Guardar Cambios ] | ++------------------------------------------------------------------+ + +Tab: Branding +┌─────────────────────────────────────────────────────────────────┐ +│ LOGOS │ +│ │ +│ +-------------+ +-------+ │ +│ | | | | │ +│ | LOGO | | ICON | [Cambiar Logo] [Cambiar Icono] │ +│ | | | | │ +│ +-------------+ +-------+ │ +│ │ +│ COLORES │ +│ │ +│ Primario [#3B82F6] ████████ │ +│ Secundario [#10B981] ████████ │ +│ Acento [#F59E0B] ████████ │ +│ │ +│ [Vista previa] │ +└─────────────────────────────────────────────────────────────────┘ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Obtener configuracion completa +GET /api/v1/tenant/settings + +// Response 200 +{ + "company": { + "companyName": "Empresa ABC S.A. de C.V.", + "tradeName": "ABC Corp", + "taxId": "EABC850101ABC", + // ... + "_inherited": false + }, + "branding": { + "logo": "https://storage.../logo.png", + "primaryColor": "#3B82F6", + // ... + "_inherited": ["secondaryColor"] // campos heredados + }, + "regional": { + "defaultLanguage": "es", + "defaultTimezone": "America/Mexico_City", + // ... + }, + "operational": { ... }, + "security": { ... } +} + +// Actualizar configuracion (parcial) +PATCH /api/v1/tenant/settings +{ + "company": { + "companyName": "Nueva Empresa S.A." + }, + "branding": { + "primaryColor": "#FF5733" + } +} + +// Subir logo +POST /api/v1/tenant/settings/logo +Content-Type: multipart/form-data +logo: [file] +type: "main" | "small" | "favicon" + +// Reset a defaults +POST /api/v1/tenant/settings/reset +{ "sections": ["branding"] } // o "all" +``` + +### Estructura de Settings + +```typescript +interface TenantSettings { + company: CompanySettings; + branding: BrandingSettings; + regional: RegionalSettings; + operational: OperationalSettings; + security: SecuritySettings; +} + +// Se guarda como JSONB en la tabla tenant_settings +// con merge inteligente con defaults +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-TENANT-001 | Tenant debe existir | +| Storage | Para logos e imagenes | +| Cache | Para settings frecuentes | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: Settings endpoints | 3 | +| Backend: Logo upload | 2 | +| Backend: Merge con defaults | 2 | +| Backend: Tests | 2 | +| Frontend: SettingsPage (5 tabs) | 6 | +| Frontend: BrandingPreview | 2 | +| Frontend: Tests | 2 | +| **Total** | **19 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-003.md b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-003.md new file mode 100644 index 0000000..1caef79 --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-003.md @@ -0,0 +1,424 @@ +# RF-TENANT-003: Aislamiento de Datos + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-TENANT-003 | +| **Modulo** | MGN-004 Tenants | +| **Prioridad** | P0 - Critica | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe garantizar el aislamiento completo de datos entre tenants. Ningun usuario de un tenant debe poder acceder, ver o modificar datos de otro tenant. Este aislamiento se implementa mediante Row Level Security (RLS) en PostgreSQL, con validacion adicional en la capa de aplicacion. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Sistema | Aplica automaticamente el filtro de tenant | +| Usuario | Cualquier usuario autenticado | +| Platform Admin | Puede acceder a multiples tenants (con switch explicito) | + +--- + +## Estrategia de Aislamiento + +### Arquitectura: Shared Database + RLS + +``` +┌─────────────────────────────────────────────────────────────────┐ +│ PostgreSQL Database │ +├─────────────────────────────────────────────────────────────────┤ +│ │ +│ ┌──────────────────┐ ┌──────────────────┐ ┌───────────────┐ │ +│ │ Tenant A │ │ Tenant B │ │ Tenant C │ │ +│ │ (tenant_id=1) │ │ (tenant_id=2) │ │ (tenant_id=3)│ │ +│ │ │ │ │ │ │ │ +│ │ users: 50 │ │ users: 30 │ │ users: 100 │ │ +│ │ products: 1000 │ │ products: 500 │ │ products: 2k │ │ +│ │ orders: 5000 │ │ orders: 2000 │ │ orders: 10k │ │ +│ └──────────────────┘ └──────────────────┘ └───────────────┘ │ +│ │ +│ RLS Policies: Todas las tablas filtran por tenant_id │ +│ app.current_tenant_id = variable de sesion │ +│ │ +└─────────────────────────────────────────────────────────────────┘ +``` + +### Capas de Proteccion + +``` +Request HTTP + │ + ▼ +┌─────────────────┐ +│ 1. JwtAuthGuard │ Extrae tenant_id del token +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ 2. TenantGuard │ Valida tenant activo, setea contexto +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ 3. Middleware │ SET app.current_tenant_id = :tenantId +│ PostgreSQL │ +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ 4. RLS Policy │ WHERE tenant_id = current_setting('app.current_tenant_id') +│ PostgreSQL │ +└────────┬────────┘ + │ + ▼ +┌─────────────────┐ +│ 5. Application │ Validacion adicional en queries +│ Layer │ +└─────────────────┘ +``` + +--- + +## Implementacion RLS + +### Configuracion Base + +```sql +-- Habilitar RLS en todas las tablas con tenant_id +ALTER TABLE core_users.users ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_rbac.roles ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_inventory.products ENABLE ROW LEVEL SECURITY; +-- ... todas las tablas de negocio + +-- Funcion para obtener tenant actual +CREATE OR REPLACE FUNCTION current_tenant_id() +RETURNS UUID AS $$ +BEGIN + RETURN NULLIF(current_setting('app.current_tenant_id', true), '')::UUID; +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### Politicas de Lectura + +```sql +-- Usuarios solo ven datos de su tenant +CREATE POLICY tenant_isolation_select ON core_users.users + FOR SELECT + USING (tenant_id = current_tenant_id()); + +-- Platform Admin puede ver todos (con contexto especial) +CREATE POLICY platform_admin_select ON core_users.users + FOR SELECT + USING ( + tenant_id = current_tenant_id() + OR current_setting('app.is_platform_admin', true) = 'true' + ); +``` + +### Politicas de Escritura + +```sql +-- Insert: debe ser del tenant actual +CREATE POLICY tenant_isolation_insert ON core_users.users + FOR INSERT + WITH CHECK (tenant_id = current_tenant_id()); + +-- Update: solo registros del tenant actual +CREATE POLICY tenant_isolation_update ON core_users.users + FOR UPDATE + USING (tenant_id = current_tenant_id()) + WITH CHECK (tenant_id = current_tenant_id()); + +-- Delete: solo registros del tenant actual +CREATE POLICY tenant_isolation_delete ON core_users.users + FOR DELETE + USING (tenant_id = current_tenant_id()); +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Toda tabla de datos de negocio DEBE tener columna tenant_id | +| RN-002 | tenant_id es NOT NULL y tiene FK a tenants | +| RN-003 | RLS habilitado en TODAS las tablas con tenant_id | +| RN-004 | Queries sin contexto de tenant fallan (no retornan datos) | +| RN-005 | Platform Admin debe hacer switch explicito de tenant | +| RN-006 | Logs de auditoria registran tenant_id | +| RN-007 | Backups se pueden hacer por tenant individual | +| RN-008 | Indices deben incluir tenant_id para performance | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Usuario solo ve datos de su tenant + +```gherkin +Given usuario de Tenant A autenticado + And 100 productos en Tenant A + And 50 productos en Tenant B +When consulta GET /api/v1/products +Then solo ve los 100 productos de Tenant A + And no ve ningun producto de Tenant B +``` + +### Escenario 2: Usuario no puede acceder a recurso de otro tenant + +```gherkin +Given usuario de Tenant A autenticado + And producto "P-001" pertenece a Tenant B +When intenta GET /api/v1/products/P-001 +Then el sistema responde con status 404 + And el mensaje es "Recurso no encontrado" + And NO revela que el recurso existe en otro tenant +``` + +### Escenario 3: Crear recurso asigna tenant automaticamente + +```gherkin +Given usuario de Tenant A autenticado +When crea un producto sin especificar tenant_id +Then el sistema asigna automaticamente tenant_id de Tenant A + And el producto queda en Tenant A +``` + +### Escenario 4: No permitir modificar tenant_id + +```gherkin +Given usuario de Tenant A autenticado + And producto existente en Tenant A +When intenta actualizar tenant_id a Tenant B +Then el sistema responde con status 400 + And el mensaje es "No se puede cambiar el tenant de un recurso" +``` + +### Escenario 5: Platform Admin switch de tenant + +```gherkin +Given Platform Admin autenticado +When hace POST /api/v1/platform/switch-tenant/tenant-b-id +Then el contexto cambia a Tenant B + And puede ver datos de Tenant B + And no ve datos de Tenant A +``` + +### Escenario 6: Query sin contexto de tenant + +```gherkin +Given conexion a base de datos sin app.current_tenant_id +When se ejecuta SELECT * FROM users +Then el resultado es vacio + And no se produce error + And RLS previene acceso a datos +``` + +--- + +## Notas Tecnicas + +### TenantGuard Implementation + +```typescript +// guards/tenant.guard.ts +@Injectable() +export class TenantGuard implements CanActivate { + constructor( + private dataSource: DataSource, + private tenantService: TenantService, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const request = context.switchToHttp().getRequest(); + const user = request.user; + + if (!user?.tenantId) { + throw new UnauthorizedException('Tenant no identificado'); + } + + // Verificar tenant activo + const tenant = await this.tenantService.findOne(user.tenantId); + if (!tenant || tenant.status !== 'active') { + throw new ForbiddenException('Tenant no disponible'); + } + + // Setear contexto de tenant en request + request.tenant = tenant; + request.tenantId = tenant.id; + + return true; + } +} +``` + +### TenantContext Middleware + +```typescript +// middleware/tenant-context.middleware.ts +@Injectable() +export class TenantContextMiddleware implements NestMiddleware { + constructor(private dataSource: DataSource) {} + + async use(req: Request, res: Response, next: NextFunction) { + const tenantId = req['tenantId']; + + if (tenantId) { + // Setear variable de sesion PostgreSQL para RLS + await this.dataSource.query( + `SET LOCAL app.current_tenant_id = '${tenantId}'` + ); + } + + next(); + } +} +``` + +### Base Entity con Tenant + +```typescript +// entities/tenant-base.entity.ts +export abstract class TenantBaseEntity { + @Column({ name: 'tenant_id' }) + tenantId: string; + + @ManyToOne(() => Tenant) + @JoinColumn({ name: 'tenant_id' }) + tenant: Tenant; + + @BeforeInsert() + setTenantId() { + // Se setea desde el contexto en el servicio + // No permitir override manual + } +} + +// Uso en entidades +@Entity({ schema: 'core_inventory', name: 'products' }) +export class Product extends TenantBaseEntity { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column() + name: string; + // ... +} +``` + +### Base Service con Tenant + +```typescript +// services/tenant-aware.service.ts +export abstract class TenantAwareService { + constructor( + protected repository: Repository, + @Inject(REQUEST) protected request: Request, + ) {} + + protected get tenantId(): string { + return this.request['tenantId']; + } + + async findAll(options?: FindManyOptions): Promise { + return this.repository.find({ + ...options, + where: { + ...options?.where, + tenantId: this.tenantId, + } as any, + }); + } + + async findOne(id: string): Promise { + return this.repository.findOne({ + where: { + id, + tenantId: this.tenantId, + } as any, + }); + } + + async create(dto: DeepPartial): Promise { + const entity = this.repository.create({ + ...dto, + tenantId: this.tenantId, + } as any); + return this.repository.save(entity); + } +} +``` + +--- + +## Consideraciones de Performance + +### Indices Recomendados + +```sql +-- Indice compuesto para queries filtradas por tenant +CREATE INDEX idx_users_tenant_email ON core_users.users(tenant_id, email); +CREATE INDEX idx_products_tenant_sku ON core_inventory.products(tenant_id, sku); +CREATE INDEX idx_orders_tenant_date ON core_sales.orders(tenant_id, created_at DESC); + +-- Indice parcial para tenants activos +CREATE INDEX idx_users_active_tenant ON core_users.users(tenant_id) + WHERE deleted_at IS NULL; +``` + +### Query Optimization + +```sql +-- BUENO: Usa el indice compuesto +EXPLAIN ANALYZE +SELECT * FROM users +WHERE tenant_id = 'tenant-uuid' AND email = 'user@example.com'; + +-- MALO: Full table scan, luego filtro +EXPLAIN ANALYZE +SELECT * FROM users +WHERE email = 'user@example.com'; -- Sin tenant en WHERE, RLS agrega despues +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| PostgreSQL 12+ | Soporte completo de RLS | +| RF-TENANT-001 | Tenants existentes | +| RF-AUTH-002 | JWT con tenant_id | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Database: RLS policies | 5 | +| Database: Indices | 2 | +| Backend: TenantGuard | 3 | +| Backend: TenantContextMiddleware | 2 | +| Backend: TenantAwareService base | 3 | +| Backend: Tests de aislamiento | 5 | +| **Total** | **20 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-004.md b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-004.md new file mode 100644 index 0000000..b22ebde --- /dev/null +++ b/docs/01-fase-foundation/MGN-004-tenants/requerimientos/RF-TENANT-004.md @@ -0,0 +1,460 @@ +# RF-TENANT-004: Subscripciones y Limites + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | RF-TENANT-004 | +| **Modulo** | MGN-004 Tenants | +| **Prioridad** | P1 - Alta | +| **Estado** | Ready | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion + +El sistema debe gestionar planes de subscripcion para los tenants, controlando los limites de uso (usuarios, storage, modulos) y el ciclo de facturacion. Cada plan define que funcionalidades y recursos estan disponibles para el tenant. + +--- + +## Actores + +| Actor | Descripcion | +|-------|-------------| +| Platform Admin | Gestiona planes y subscripciones | +| Tenant Admin | Ve su subscripcion y puede solicitar upgrades | +| Sistema | Aplica limites automaticamente | +| Billing System | Procesa pagos y renovaciones | + +--- + +## Planes de Subscripcion + +### Planes Disponibles + +| Plan | Usuarios | Storage | Modulos | Precio/mes | +|------|----------|---------|---------|------------| +| Trial | 5 | 1 GB | Basicos | Gratis (14 dias) | +| Starter | 10 | 5 GB | Basicos | $29 USD | +| Professional | 50 | 25 GB | Todos Standard | $99 USD | +| Enterprise | Ilimitado | 100 GB | Todos + Premium | $299 USD | +| Custom | Configurable | Configurable | Configurable | Cotizacion | + +### Modulos por Plan + +| Modulo | Trial | Starter | Professional | Enterprise | +|--------|-------|---------|--------------|------------| +| Auth | ✓ | ✓ | ✓ | ✓ | +| Users | ✓ | ✓ | ✓ | ✓ | +| Roles | ✓ | ✓ | ✓ | ✓ | +| Inventory | ✓ | ✓ | ✓ | ✓ | +| Financial | - | ✓ | ✓ | ✓ | +| Reports | - | Basic | Full | Full | +| CRM | - | - | ✓ | ✓ | +| Advanced Analytics | - | - | - | ✓ | +| API Access | - | - | ✓ | ✓ | +| White Label | - | - | - | ✓ | +| Priority Support | - | - | - | ✓ | + +--- + +## Flujo Principal + +### Ver Subscripcion Actual + +``` +1. Tenant Admin accede a Configuracion > Subscripcion +2. Sistema muestra: + - Plan actual + - Fecha de inicio + - Proxima renovacion + - Uso actual vs limites + - Historial de facturacion +3. Admin puede ver planes disponibles para upgrade +``` + +### Solicitar Upgrade + +``` +1. Tenant Admin click en "Cambiar Plan" +2. Sistema muestra comparativa de planes +3. Admin selecciona nuevo plan +4. Sistema calcula costo prorrateado +5. Admin confirma y procede al pago +6. Sistema procesa pago +7. Sistema actualiza subscripcion +8. Nuevos limites aplican inmediatamente +9. Sistema envia confirmacion por email +``` + +### Renovacion Automatica + +``` +1. Sistema detecta subscripcion por vencer (3 dias) +2. Sistema envia recordatorio de renovacion +3. En fecha de renovacion: + a. Sistema intenta cobrar metodo de pago guardado + b. Si exitoso: renueva subscripcion + c. Si falla: marca como "payment_pending" +4. Si pago pendiente por 7 dias: + a. Sistema envia advertencias + b. Sistema suspende tenant +``` + +### Cancelar Subscripcion + +``` +1. Tenant Admin solicita cancelacion +2. Sistema muestra encuesta de salida +3. Admin confirma cancelacion +4. Sistema programa cancelacion para fin de periodo +5. Tenant sigue activo hasta fin de periodo pagado +6. Al terminar periodo: downgrade a Trial o suspension +``` + +--- + +## Limites y Enforcement + +### Tipos de Limites + +| Tipo | Comportamiento | +|------|----------------| +| Hard Limit | Bloquea la accion inmediatamente | +| Soft Limit | Permite con advertencia, bloquea al 110% | +| Usage Based | Cobra extra por exceso | + +### Enforcement de Limites + +```typescript +// Verificacion de limite de usuarios +async canCreateUser(tenantId: string): Promise { + const subscription = await this.getSubscription(tenantId); + const currentUsers = await this.countUsers(tenantId); + + if (currentUsers >= subscription.limits.maxUsers) { + throw new PaymentRequiredException( + `Limite de usuarios alcanzado (${subscription.limits.maxUsers}). ` + + `Actualiza tu plan para agregar mas usuarios.` + ); + } + return true; +} + +// Verificacion de acceso a modulo +async canAccessModule(tenantId: string, module: string): Promise { + const subscription = await this.getSubscription(tenantId); + + if (!subscription.modules.includes(module)) { + throw new PaymentRequiredException( + `El modulo "${module}" no esta incluido en tu plan. ` + + `Actualiza a ${this.getMinPlanForModule(module)} para acceder.` + ); + } + return true; +} +``` + +--- + +## Reglas de Negocio + +| ID | Regla | +|----|-------| +| RN-001 | Trial expira en 14 dias sin opcion de extension | +| RN-002 | Downgrade no permitido durante periodo de facturacion | +| RN-003 | Upgrade aplica inmediatamente con prorrateo | +| RN-004 | Cancelacion efectiva al fin del periodo pagado | +| RN-005 | Datos se conservan 30 dias despues de cancelacion | +| RN-006 | Exceso de storage: soft limit + cargos adicionales | +| RN-007 | Pago fallido: 7 dias de gracia antes de suspension | +| RN-008 | Enterprise puede negociar limites custom | + +--- + +## Criterios de Aceptacion + +### Escenario 1: Ver uso actual vs limites + +```gherkin +Given tenant con plan Professional (50 usuarios, 25GB) + And 35 usuarios activos + And 18GB de storage usado +When Tenant Admin ve la subscripcion +Then muestra "Usuarios: 35/50 (70%)" + And muestra "Storage: 18GB/25GB (72%)" + And muestra grafico de uso +``` + +### Escenario 2: Bloqueo por limite de usuarios + +```gherkin +Given tenant con plan Starter (10 usuarios) + And 10 usuarios activos (100%) +When Admin intenta crear usuario #11 +Then el sistema responde con status 402 + And el mensaje indica limite alcanzado + And sugiere upgrade a Professional +``` + +### Escenario 3: Bloqueo por modulo no incluido + +```gherkin +Given tenant con plan Starter (sin CRM) +When usuario intenta acceder a /api/v1/crm/contacts +Then el sistema responde con status 402 + And el mensaje indica modulo no disponible + And sugiere planes que incluyen CRM +``` + +### Escenario 4: Upgrade de plan + +```gherkin +Given tenant en Starter ($29/mes) al dia 15 del mes +When solicita upgrade a Professional ($99/mes) +Then sistema calcula prorrateo: $35 (15 dias de diferencia) + And usuario paga $35 + And plan cambia inmediatamente + And nuevos limites aplican + And siguiente factura: $99 el dia 1 +``` + +### Escenario 5: Trial expirado + +```gherkin +Given tenant en Trial por 14 dias +When han pasado los 14 dias sin subscription +Then el estado cambia a "trial_expired" + And usuarios no pueden acceder + And datos se conservan + And Admin puede acceder solo para suscribirse +``` + +### Escenario 6: Advertencia de renovacion + +```gherkin +Given subscripcion que vence en 3 dias +When el sistema ejecuta job de notificaciones +Then envia email "Tu subscripcion vence en 3 dias" + And incluye link para verificar metodo de pago +``` + +--- + +## Mockup / Wireframe + +``` ++------------------------------------------------------------------+ +| [Logo] Mi Subscripcion | ++------------------------------------------------------------------+ +| | +| ┌─────────────────────────────────────────────────────────────┐ | +| │ PLAN ACTUAL: Professional [Cambiar Plan] │ | +| │ │ | +| │ $99 USD / mes Proxima renovacion: 01/01/2026 │ | +| │ Facturacion mensual Metodo de pago: •••• 4242 │ | +| └─────────────────────────────────────────────────────────────┘ | +| | +| USO ACTUAL | +| ┌─────────────────────────────────────────────────────────────┐ | +| │ │ | +| │ Usuarios ████████████████████░░░░░░░░░░ 35/50 (70%) │ | +| │ │ | +| │ Storage █████████████████████████░░░░░ 18/25GB (72%) │ | +| │ │ | +| │ API Calls ██████████░░░░░░░░░░░░░░░░░░░░ 5K/50K (10%) │ | +| │ │ | +| └─────────────────────────────────────────────────────────────┘ | +| | +| MODULOS INCLUIDOS | +| ┌─────────────────────────────────────────────────────────────┐ | +| │ ✓ Auth ✓ Users ✓ Roles ✓ Inventory │ | +| │ ✓ Financial ✓ Reports (Full) ✓ CRM ✓ API Access │ | +| │ │ | +| │ No incluidos: Advanced Analytics, White Label │ | +| │ [Ver Enterprise para estas funciones] │ | +| └─────────────────────────────────────────────────────────────┘ | +| | +| HISTORIAL DE FACTURACION | +| ┌─────────────────────────────────────────────────────────────┐ | +| │ Fecha | Descripcion | Monto | Estado │ | +| │------------|----------------------|---------|-------------- │ | +| │ 01/12/2025 | Professional - Dic | $99.00 | ✓ Pagado │ | +| │ 01/11/2025 | Professional - Nov | $99.00 | ✓ Pagado │ | +| │ 15/10/2025 | Upgrade Starter->Pro | $35.00 | ✓ Pagado │ | +| │ 01/10/2025 | Starter - Oct | $29.00 | ✓ Pagado │ | +| └─────────────────────────────────────────────────────────────┘ | +| | +| [Descargar Facturas] [Cancelar Subscripcion] | ++------------------------------------------------------------------+ +``` + +--- + +## Notas Tecnicas + +### API Endpoints + +```typescript +// Ver subscripcion actual +GET /api/v1/tenant/subscription + +// Response 200 +{ + "plan": { + "id": "plan-professional", + "name": "Professional", + "price": 99, + "currency": "USD", + "interval": "monthly" + }, + "status": "active", + "currentPeriodStart": "2025-12-01", + "currentPeriodEnd": "2025-12-31", + "cancelAtPeriodEnd": false, + "usage": { + "users": { "current": 35, "limit": 50, "percentage": 70 }, + "storage": { "current": 18000000000, "limit": 25000000000, "percentage": 72 }, + "apiCalls": { "current": 5000, "limit": 50000, "percentage": 10 } + }, + "modules": ["auth", "users", "roles", "inventory", "financial", "reports", "crm", "api"], + "paymentMethod": { "type": "card", "last4": "4242", "brand": "visa" } +} + +// Ver planes disponibles +GET /api/v1/subscription/plans + +// Solicitar upgrade +POST /api/v1/tenant/subscription/upgrade +{ "planId": "plan-enterprise" } + +// Cancelar subscripcion +POST /api/v1/tenant/subscription/cancel +{ "reason": "too_expensive", "feedback": "..." } + +// Verificar limite +GET /api/v1/tenant/subscription/check-limit?type=users + +// Response 200 +{ + "type": "users", + "current": 35, + "limit": 50, + "canAdd": true, + "remaining": 15 +} + +// Response 402 (limite alcanzado) +{ + "statusCode": 402, + "error": "Payment Required", + "message": "Limite de usuarios alcanzado", + "upgradeOptions": [ + { "planId": "plan-enterprise", "name": "Enterprise", "newLimit": "unlimited" } + ] +} +``` + +### Modelos de Datos + +```typescript +interface Subscription { + id: string; + tenantId: string; + planId: string; + status: 'trial' | 'active' | 'past_due' | 'canceled' | 'unpaid'; + currentPeriodStart: Date; + currentPeriodEnd: Date; + cancelAtPeriodEnd: boolean; + trialEnd?: Date; + paymentMethodId?: string; +} + +interface Plan { + id: string; + name: string; + price: number; + currency: string; + interval: 'monthly' | 'yearly'; + limits: { + maxUsers: number; + maxStorageBytes: number; + maxApiCalls: number; + }; + modules: string[]; + features: string[]; + isPublic: boolean; +} +``` + +### Limit Enforcement Guard + +```typescript +@Injectable() +export class LimitGuard implements CanActivate { + constructor( + private subscriptionService: SubscriptionService, + private reflector: Reflector, + ) {} + + async canActivate(context: ExecutionContext): Promise { + const limitType = this.reflector.get('checkLimit', context.getHandler()); + if (!limitType) return true; + + const request = context.switchToHttp().getRequest(); + const tenantId = request.tenantId; + + const check = await this.subscriptionService.checkLimit(tenantId, limitType); + + if (!check.canAdd) { + throw new PaymentRequiredException({ + message: `Limite de ${limitType} alcanzado`, + upgradeOptions: check.upgradeOptions, + }); + } + + return true; + } +} + +// Uso en controller +@Post() +@CheckLimit('users') +create(@Body() dto: CreateUserDto) { } +``` + +--- + +## Dependencias + +| ID | Descripcion | +|----|-------------| +| RF-TENANT-001 | Tenants existentes | +| Payment Gateway | Stripe/PayPal para pagos | +| Scheduler | Jobs para renovaciones y notificaciones | + +--- + +## Estimacion + +| Tarea | Puntos | +|-------|--------| +| Backend: Subscription service | 4 | +| Backend: Limit enforcement | 4 | +| Backend: Billing integration | 5 | +| Backend: Webhooks de pago | 3 | +| Backend: Tests | 3 | +| Frontend: SubscriptionPage | 4 | +| Frontend: PlanComparison | 3 | +| Frontend: CheckoutFlow | 4 | +| Frontend: Tests | 2 | +| **Total** | **32 SP** | + +--- + +## Historial + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | System | Creacion inicial | diff --git a/docs/01-fase-foundation/README.md b/docs/01-fase-foundation/README.md new file mode 100644 index 0000000..dacaf1d --- /dev/null +++ b/docs/01-fase-foundation/README.md @@ -0,0 +1,119 @@ +# Fase 01: Foundation + +**Proyecto:** ERP Core +**Fecha:** 2025-12-05 +**Story Points Total:** 150 SP +**Estado:** Migrado GAMILIT + +--- + +## Descripcion + +La Fase Foundation establece los cimientos del sistema ERP. Incluye los modulos criticos de autenticacion, usuarios, roles/permisos y multi-tenancy que son requeridos por todos los demas modulos del sistema. + +--- + +## Modulos de esta Fase + +| ID | Nombre | SP | Prioridad | Estado | Descripcion | +|----|--------|---:|-----------|--------|-------------| +| [MGN-001](./MGN-001-auth/) | Autenticacion | 40 | P0 | Migrado | JWT, OAuth, sessions, password recovery | +| [MGN-002](./MGN-002-users/) | Usuarios | 35 | P0 | Migrado | CRUD usuarios, perfiles, preferencias | +| [MGN-003](./MGN-003-roles/) | Roles/RBAC | 40 | P0 | Migrado | Roles, permisos, guards, decoradores | +| [MGN-004](./MGN-004-tenants/) | Multi-tenant | 35 | P0 | Migrado | Tenants, RLS, planes, suscripciones | + +**Total:** 150 SP + +--- + +## Metricas Consolidadas + +| Metrica | Valor | +|---------|-------| +| Modulos | 4 | +| Requerimientos (RF) | 18 | +| Especificaciones (ET) | 9 | +| Historias de Usuario (US) | 16 | +| Tablas Database | 24 | +| Endpoints API | 56 | + +--- + +## Estructura GAMILIT por Modulo + +``` +MGN-XXX-{nombre}/ +├── _MAP.md # Indice del modulo +├── README.md # Descripcion +├── requerimientos/ # RF migrados +├── especificaciones/ # ET migradas +├── historias-usuario/ # US migradas +└── implementacion/ + └── TRACEABILITY.yml # Trazabilidad RF->Codigo +``` + +--- + +## Orden de Implementacion + +``` +MGN-001 (Auth) + │ + ▼ +MGN-002 (Users) + │ + ▼ +MGN-003 (Roles) + │ + ▼ +MGN-004 (Tenants) +``` + +Los modulos deben implementarse en este orden debido a las dependencias entre ellos. + +--- + +## Criterios de Completitud de Fase + +- [ ] MGN-001 Auth: Implementado y testeado (>80% coverage) +- [ ] MGN-002 Users: Implementado y testeado (>80% coverage) +- [ ] MGN-003 Roles: Implementado y testeado (>80% coverage) +- [ ] MGN-004 Tenants: Implementado y testeado (>80% coverage) +- [ ] Integracion entre modulos verificada +- [ ] E2E tests de flujos criticos pasando +- [ ] Documentacion actualizada + +--- + +## Metricas Objetivo + +| Metrica | Objetivo | +|---------|----------| +| Unit Test Coverage | > 80% | +| Integration Tests | Todos pasando | +| E2E Tests | Flujos criticos cubiertos | +| Documentacion | 100% actualizada | +| Code Review | 100% revisado | + +--- + +## Riesgos + +| Riesgo | Probabilidad | Impacto | Mitigacion | +|--------|--------------|---------|------------| +| Complejidad JWT | Media | Alto | Usar librerias probadas | +| Multi-tenancy bugs | Media | Alto | Tests exhaustivos de RLS | +| Performance auth | Baja | Alto | Caching de tokens | + +--- + +## Documentos Relacionados + +- [MASTER_INVENTORY.yml](../../orchestration/inventarios/MASTER_INVENTORY.yml) +- [DEPENDENCY_GRAPH.yml](../../orchestration/inventarios/DEPENDENCY_GRAPH.yml) +- [TRACEABILITY_MATRIX.yml](../../orchestration/inventarios/TRACEABILITY_MATRIX.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/02-definicion-modulos/ALCANCE-POR-MODULO.md b/docs/02-definicion-modulos/ALCANCE-POR-MODULO.md new file mode 100644 index 0000000..5b6875b --- /dev/null +++ b/docs/02-definicion-modulos/ALCANCE-POR-MODULO.md @@ -0,0 +1,1547 @@ +# ALCANCE DETALLADO POR MÓDULO + +**Fecha:** 2025-11-23 +**Versión:** 1.0 +**Basado en:** LISTA-MODULOS-ERP-GENERICO.md + Análisis Fase 0 + +--- + +## Introducción + +Este documento define el alcance detallado de cada uno de los 14 módulos del ERP Genérico. + +**Objetivo:** Establecer claramente qué incluye y qué NO incluye cada módulo para evitar: +- Scope creep (agregar funcionalidades innecesarias) +- Over-engineering (generalizar lo que debe ser específico) +- Conflictos entre módulos (límites difusos) + +**Metodología:** +- ✅ **Incluido:** Funcionalidades que son genéricas y reutilizables en 70%+ de proyectos +- ❌ **Excluido:** Funcionalidades específicas de industria (construcción, vidrio, etc.) +- 🔧 **Límites:** Dónde termina un módulo y empieza otro + +--- + +## MGN-001: Fundamentos + +### Descripción + +Módulo base que proporciona autenticación, autorización, gestión de usuarios y multi-tenancy. Es la columna vertebral de seguridad del ERP. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Autenticación:** +- Login con email/password +- Generación de JWT tokens (access token + refresh token) +- Logout (invalidación de tokens) +- Registro de usuarios (signup) con validación de email +- Reset password (envío de token por email, expiración 24h) +- Cambio de contraseña (validación de contraseña fuerte: 8+ chars, mayúsculas, números, símbolos) +- Verificación de email (token de verificación) +- Política de contraseñas (longitud mínima, complejidad, expiración) + +**Gestión de Usuarios:** +- CRUD de usuarios (create, read, update, soft delete) +- Perfiles de usuario (nombre, email, teléfono, foto, idioma preferido) +- Activación/desactivación de usuarios (active=true/false) +- Asignación de roles a usuarios (muchos a muchos) +- Historial de sesiones (last login, login count, IPs) + +**Roles y Permisos (RBAC):** +- CRUD de roles (Administrator, Accountant, Supervisor, etc.) +- Permisos granulares CRUD por modelo (create, read, update, delete) +- Herencia de roles (ej: Supervisor hereda permisos de Employee) +- Permisos por campo (field-level permissions - opcional P1) +- Record Rules (RLS policies) - Filtros SQL dinámicos por rol + +**Multi-Tenancy:** +- Schema-level isolation (cada tenant un schema PostgreSQL) +- Context switching (cambio de tenant por request) +- Función `get_current_tenant_id()` para RLS +- Validación de acceso cruzado entre tenants (estrictamente prohibido) + +**Seguridad:** +- Hash de contraseñas (bcrypt, 10 rounds) +- Rate limiting (login attempts: 5 intentos/15min) +- Session management (tokens con expiración) +- CORS configuration +- Helmet.js (security headers) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Autenticación Avanzada:** +- ❌ Login con OAuth2/OIDC (Google, Facebook, Azure AD) - **Razón:** No es esencial para MVP, se puede agregar después (P2) +- ❌ Autenticación de dos factores (2FA/MFA) - **Razón:** Importante, pero no crítico para inicio (P1) +- ❌ Biometría (huella, Face ID) - **Razón:** Específico de mobile (P2) +- ❌ SSO (Single Sign-On) - **Razón:** Empresarial avanzado (P2) + +**Gestión de Usuarios Avanzada:** +- ❌ Delegación de permisos (usuario A delega a usuario B temporalmente) - **Razón:** Caso de uso específico (P2) +- ❌ Grupos de usuarios (además de roles) - **Razón:** Los roles son suficientes para MVP +- ❌ Aprobaciones workflow (aprobar creación de usuarios) - **Razón:** Overhead innecesario para inicio + +**Multi-Tenancy Avanzado:** +- ❌ Database-level isolation (cada tenant una DB) - **Razón:** Schema-level es suficiente y más eficiente +- ❌ Tenants con custom domains - **Razón:** Complejidad infraestructura (P2) + +### Límites con Otros Módulos + +**Con MGN-002 (Empresas):** +- **MGN-001 termina:** Gestión de usuarios y roles +- **MGN-002 empieza:** Gestión de empresas/organizaciones (users pueden acceder a múltiples empresas) +- **Límite:** Usuario puede tener un rol diferente en cada empresa + +**Con MGN-014 (Mensajería):** +- **MGN-001 termina:** Autenticación de usuarios +- **MGN-014 empieza:** Notificaciones a usuarios, mensajes +- **Límite:** MGN-001 provee el contexto de usuario actual, MGN-014 lo usa para notificar + +### Casos de Uso Principales + +1. **UC-AUTH-001:** Usuario se registra en el sistema +2. **UC-AUTH-002:** Usuario inicia sesión +3. **UC-AUTH-003:** Usuario solicita reset de contraseña +4. **UC-AUTH-004:** Administrador crea un nuevo usuario +5. **UC-AUTH-005:** Administrador asigna roles a usuario +6. **UC-AUTH-006:** Administrador define permisos de un rol +7. **UC-AUTH-007:** Sistema valida permisos de usuario para acción (CRUD) +8. **UC-AUTH-008:** Sistema cambia de tenant (multi-tenancy) + +### Actores + +- **Administrador:** Gestiona usuarios, roles, permisos +- **Usuario:** Se autentica, usa el sistema +- **Sistema:** Valida permisos automáticamente + +### Referencias + +- **Odoo:** base (res.users, res.groups, ir.model.access, ir.rule) +- **Gamilit:** auth_management schema +- **ADR:** ADR-001 (Stack), ADR-003 (Multi-Tenancy), ADR-006 (RBAC) + +--- + +## MGN-002: Empresas y Organizaciones + +### Descripción + +Módulo que gestiona empresas/organizaciones y configuración multi-empresa. Permite que usuarios trabajen con múltiples empresas y que documentos pertenezcan a empresas específicas. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Empresas:** +- CRUD de empresas (create, read, update, soft delete) +- Datos de empresa: nombre, nombre legal, RFC/NIT/Tax ID, logo, email, teléfono, sitio web +- Dirección de empresa (calle, ciudad, estado, país, código postal) +- Configuración fiscal (régimen fiscal, responsabilidades tributarias) +- Moneda principal de la empresa +- Empresa vinculada a partner (patrón Odoo: una empresa también es un partner) + +**Multi-Empresa:** +- Usuario puede tener acceso a múltiples empresas (tabla de asignación users_companies) +- Usuario puede tener roles diferentes en cada empresa +- Context switching: cambiar empresa activa sin logout +- Filtrado automático de datos por empresa (RLS) +- Validación de acceso cruzado entre empresas (un usuario no puede ver datos de empresa sin acceso) + +**Jerarquías Organizacionales:** +- Holdings (parent_id): una empresa puede ser parte de un grupo +- Visualización de organigrama de empresas (árbol jerárquico) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Consolidación financiera (balance consolidado de holdings) - **Razón:** Funcionalidad contable avanzada, va en MGN-004 o extensión (P2) +- ❌ Transferencias inter-compañía automáticas - **Razón:** Complejidad contable, no esencial para MVP (P2) +- ❌ Configuración de permisos cruzados entre empresas - **Razón:** Caso de uso específico, no genérico +- ❌ Unidades de negocio (Business Units) dentro de empresa - **Razón:** Puede modelarse con departamentos en MGN-010 + +**Específico de Industria:** +- ❌ Sucursales con inventario independiente - **Razón:** Es lógica de inventario (MGN-005) +- ❌ Centros de costos - **Razón:** Es lógica de contabilidad analítica (MGN-008) + +### Límites con Otros Módulos + +**Con MGN-001 (Fundamentos):** +- **MGN-001 termina:** Usuarios y roles +- **MGN-002 empieza:** Empresas y asignación usuario-empresa +- **Límite:** Un usuario puede tener rol diferente en cada empresa + +**Con MGN-003 (Catálogos):** +- **MGN-002 termina:** Datos de empresa +- **MGN-003 empieza:** Partners (empresa también es un partner) +- **Límite:** Empresa tiene relación con partner (company.partner_id) + +**Con MGN-004, MGN-005, MGN-006, MGN-007 (Módulos Transaccionales):** +- **MGN-002 termina:** Definición de empresa +- **Módulos transaccionales empiezan:** Documentos (facturas, órdenes, etc.) con company_id +- **Límite:** Todos los documentos deben tener company_id (FK a companies) + +### Casos de Uso Principales + +1. **UC-COMP-001:** Administrador crea una nueva empresa +2. **UC-COMP-002:** Administrador configura datos fiscales de empresa +3. **UC-COMP-003:** Administrador asigna usuarios a empresa +4. **UC-COMP-004:** Usuario cambia de empresa activa (context switching) +5. **UC-COMP-005:** Usuario con acceso a múltiples empresas ve lista de empresas permitidas +6. **UC-COMP-006:** Administrador crea holding (jerarquía de empresas) + +### Actores + +- **Administrador:** Gestiona empresas, configuración +- **Usuario Multi-Empresa:** Trabaja con varias empresas +- **Sistema:** Filtra datos por empresa automáticamente + +### Referencias + +- **Odoo:** base (res.company) +- **Gamilit:** core schema (companies table) +- **ADR:** ADR-002 (Arquitectura Modular), ADR-003 (Multi-Tenancy) + +--- + +## MGN-003: Catálogos Maestros + +### Descripción + +Módulo que gestiona catálogos maestros universales: partners, países, monedas, unidades de medida, categorías de productos. Son datos de referencia compartidos por todos los módulos transaccionales. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Partners Universales:** +- CRUD de partners (patrón Odoo: un partner puede ser cliente, proveedor, empleado, contacto) +- Flags: is_customer, is_supplier, is_employee, is_contact +- Datos generales: nombre, nombre legal, email, teléfono, sitio web +- Dirección (calle, ciudad, estado, país, código postal) +- Datos fiscales (Tax ID, régimen fiscal) +- Jerarquía (parent_id): un partner puede tener contactos hijos +- Condiciones de pago (payment terms) +- Calificación de partner (customer rank, supplier rank) + +**Países y Regiones:** +- Catálogo de países (ISO 3166-1: código 2 letras, código 3 letras, código numérico) +- Estados/Provincias por país +- Ciudades (opcional, puede ser texto libre) +- Códigos postales +- Formatos de dirección por país (ej: USA → ZIP, México → CP) + +**Monedas:** +- Catálogo de monedas (ISO 4217: USD, MXN, EUR, etc.) +- Tasas de cambio (con vigencia temporal: fecha inicio, fecha fin) +- Actualización manual de tasas (en MVP, automática en P1) +- Moneda de visualización vs moneda de registro + +**Unidades de Medida (UoM):** +- Categorías de UoM (longitud, peso, volumen, tiempo, unidades) +- UoM por categoría (kg, g, ton / m, cm, km / L, mL / etc.) +- Factor de conversión (ej: 1 kg = 1000 g) +- UoM de referencia por categoría +- Conversiones automáticas dentro de categoría + +**Categorías de Productos:** +- Jerarquía de categorías (parent_id) +- Categorías genéricas (materiales, servicios, etc.) +- Asignación de cuenta contable por categoría (opcional, integración con MGN-004) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ CRM avanzado de partners (scoring, segmentación) - **Razón:** Va en MGN-009 (CRM) +- ❌ Portal de proveedores/clientes - **Razón:** Va en MGN-013 (Portal) +- ❌ Actualización automática de tasas de cambio (API externa) - **Razón:** No esencial para MVP (P1) +- ❌ Conversiones de UoM entre categorías - **Razón:** No tiene sentido (kg a metros) +- ❌ UoM compuestas (kg/m², m³/h) - **Razón:** Complejidad innecesaria (P2) + +**Específico de Industria:** +- ❌ Partners con clasificación por industria (construcción, vidrio, etc.) - **Razón:** Específico de proyecto +- ❌ Catálogo de productos - **Razón:** Va en MGN-005 (Inventario), aquí solo categorías + +### Límites con Otros Módulos + +**Con MGN-002 (Empresas):** +- **MGN-002 termina:** Empresa +- **MGN-003 empieza:** Empresa también es un partner (company.partner_id) +- **Límite:** Empresa tiene relación 1-1 con partner + +**Con MGN-004 (Financiero):** +- **MGN-003 termina:** Partners, monedas +- **MGN-004 empieza:** Facturas a partners, asientos con moneda +- **Límite:** MGN-003 provee catálogos, MGN-004 los usa + +**Con MGN-005 (Inventario):** +- **MGN-003 termina:** Categorías de productos, UoM +- **MGN-005 empieza:** Productos (con categoría y UoM) +- **Límite:** MGN-003 provee categorías y UoM, MGN-005 crea productos + +**Con MGN-006 (Compras) y MGN-007 (Ventas):** +- **MGN-003 termina:** Partners (proveedores, clientes) +- **MGN-006/007 empiezan:** Órdenes con partners +- **Límite:** MGN-003 gestiona partners, MGN-006/007 crean transacciones + +### Casos de Uso Principales + +1. **UC-CAT-001:** Usuario crea un nuevo cliente/proveedor (partner) +2. **UC-CAT-002:** Usuario busca un partner por nombre/email/Tax ID +3. **UC-CAT-003:** Usuario configura condiciones de pago de partner +4. **UC-CAT-004:** Administrador actualiza tasas de cambio de monedas +5. **UC-CAT-005:** Usuario convierte cantidades entre UoM (kg a g) +6. **UC-CAT-006:** Administrador crea jerarquía de categorías de productos +7. **UC-CAT-007:** Usuario agrega contactos a un partner (parent_id) + +### Actores + +- **Administrador:** Configura catálogos maestros +- **Usuario Ventas:** Gestiona clientes (partners con is_customer=true) +- **Usuario Compras:** Gestiona proveedores (partners con is_supplier=true) +- **Usuario RRHH:** Gestiona empleados (partners con is_employee=true) +- **Sistema:** Usa catálogos para validaciones y conversiones + +### Referencias + +- **Odoo:** base (res.partner, res.country, res.currency, uom.uom) +- **Gamilit:** core schema (partners, currencies, countries) +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-004: Financiero Básico + +### Descripción + +Módulo de contabilidad general. Gestiona plan de cuentas, asientos contables, facturas, pagos, conciliación y reportes financieros básicos. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Plan de Cuentas:** +- CRUD de cuentas contables (activo, pasivo, capital, ingresos, egresos) +- Jerarquía de cuentas (parent_id) +- Tipos de cuenta (view, payable, receivable, bank, cash, etc.) +- Código de cuenta (numérico o alfanumérico) +- Cuentas específicas por empresa (multi-empresa) +- Templates de plan de cuentas por país (México, USA) + +**Asientos Contables:** +- Creación de asientos (journal entries) con líneas (débito/crédito) +- Validación débito = crédito (fundamental) +- Estados: draft → posted (no editable después de posted) +- Cancelación de asientos (reversing entry) +- Asientos por journal (ventas, compras, banco, misceláneos) +- Fecha de asiento vs fecha de registro +- Asientos automáticos desde módulos transaccionales (facturas, pagos) + +**Facturas:** +- Facturas de cliente (customer invoices) +- Facturas de proveedor (vendor bills) +- Notas de crédito (credit notes) +- Estados: draft → open → paid → cancelled +- Líneas de factura (productos/servicios, cantidad, precio, impuestos) +- Cálculo automático de impuestos (IVA, retenciones) +- Generación automática de asientos contables al validar factura +- Multi-moneda (factura en USD, registro en MXN) + +**Pagos:** +- Registro de pagos (customer payments, vendor payments) +- Métodos de pago (efectivo, transferencia, cheque, tarjeta) +- Pagos parciales +- Conciliación de pagos con facturas (payment reconciliation) +- Diferencias de pago (descuentos, redondeos) +- Pagos anticipados (advance payments) + +**Reportes Financieros:** +- Balance General (Balance Sheet) +- Estado de Resultados (Profit & Loss / P&L) +- Filtros: por empresa, por fecha, por moneda +- Exportación: PDF, Excel + +**Multi-Moneda:** +- Transacciones en moneda extranjera +- Conversión automática a moneda de empresa +- Gain/Loss por diferencia cambiaria +- Reportes en múltiples monedas + +### Alcance Excluido (❌ Fuera del Alcance) + +**Contabilidad Avanzada:** +- ❌ Presupuestos financieros - **Razón:** Va en módulo específico o MGN-012 (P2) +- ❌ Consolidación multi-empresa - **Razón:** Funcionalidad avanzada (P2) +- ❌ Flujo de caja (Cash Flow) - **Razón:** Reporte avanzado (P1) +- ❌ Activos fijos (depreciación) - **Razón:** Módulo especializado (P2) +- ❌ Nómina contable - **Razón:** Va en MGN-010 (RRHH) +- ❌ Facturación electrónica (CFDI México, e-invoicing) - **Razón:** Específico de país (extensión) + +**Reportes Avanzados:** +- ❌ Reportes IFRS/GAAP específicos - **Razón:** Requiere consultoría contable (P2) +- ❌ Dashboards financieros - **Razón:** Va en MGN-012 (Reportes y Analytics) +- ❌ Análisis de varianzas - **Razón:** Reporte avanzado (P2) + +**Integraciones:** +- ❌ Integración con SAT México (timbrado CFDI) - **Razón:** Específico de país (extensión) +- ❌ Integración con bancos (conciliación automática) - **Razón:** Requiere APIs bancarias (P1) + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners, monedas +- **MGN-004 empieza:** Facturas a partners, conversión de monedas +- **Límite:** MGN-004 usa partners y monedas de MGN-003 + +**Con MGN-006 (Compras) y MGN-007 (Ventas):** +- **MGN-006/007 terminan:** Órdenes de compra/venta +- **MGN-004 empieza:** Facturas generadas desde órdenes, asientos contables +- **Límite:** Órdenes pueden generar facturas, pero la factura es documento contable (MGN-004) + +**Con MGN-008 (Analítica):** +- **MGN-004 termina:** Asientos contables en plan de cuentas general +- **MGN-008 empieza:** Asientos con distribución analítica (por proyecto) +- **Límite:** MGN-004 registra contabilidad general, MGN-008 registra contabilidad analítica (paralela) + +### Casos de Uso Principales + +1. **UC-FIN-001:** Contador crea asiento contable manual +2. **UC-FIN-002:** Sistema genera asiento automático al validar factura de venta +3. **UC-FIN-003:** Usuario crea factura de cliente +4. **UC-FIN-004:** Usuario registra pago de cliente +5. **UC-FIN-005:** Usuario concilia pago con factura +6. **UC-FIN-006:** Contador genera Balance General +7. **UC-FIN-007:** Contador genera Estado de Resultados +8. **UC-FIN-008:** Usuario crea factura de proveedor en USD (empresa en MXN) + +### Actores + +- **Contador:** Gestiona plan de cuentas, asientos, reportes +- **Usuario Ventas:** Crea facturas de cliente +- **Usuario Compras:** Registra facturas de proveedor +- **Usuario Tesorería:** Registra pagos, concilia +- **Sistema:** Genera asientos automáticos, calcula impuestos + +### Referencias + +- **Odoo:** account (account.account, account.move, account.payment) +- **Gamilit:** financial_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-005: Inventario Básico + +### Descripción + +Módulo de gestión de inventario. Maneja productos, almacenes, ubicaciones, movimientos de stock, trazabilidad y valoración de inventario. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Productos:** +- CRUD de productos (bienes físicos y servicios) +- Tipos de producto: almacenable (storable), consumible (consumable), servicio (service) +- Datos de producto: nombre, descripción, código interno, código de barras +- Categoría de producto (FK a MGN-003) +- Unidad de medida (UoM) - FK a MGN-003 +- Variantes de producto (producto con múltiples atributos: talla, color) +- Precio de costo (para valoración) +- Precio de venta (sugerido) + +**Almacenes y Ubicaciones:** +- CRUD de almacenes (warehouses) +- Ubicaciones jerárquicas (warehouse → zone → aisle → rack → level) +- Tipos de ubicación: física, virtual (proveedores, clientes, producción, pérdidas) +- Ubicación por defecto por almacén +- Inventario por ubicación + +**Movimientos de Stock:** +- Movimientos de stock (stock moves): origen → destino +- Estados: draft → confirmed → done → cancelled +- Cantidad movida, UoM +- Doble movimiento (origen → tránsito → destino) para movimientos complejos +- Movimientos automáticos desde órdenes de compra/venta +- Movimientos manuales (ajustes, transferencias) + +**Pickings (Albaranes):** +- Agrupación de movimientos: picking de recepción, entrega, interno +- Estados: draft → ready → done +- Validación parcial (recibir parte de una orden) +- Impresión de albaranes (PDF) + +**Trazabilidad:** +- Lotes (batch/lot): productos con fecha de lote (ej: lote de producción) +- Números de serie (serial numbers): productos con número único (ej: computadoras) +- Trazabilidad completa (de dónde vino, a dónde fue) + +**Valoración de Inventario:** +- Métodos: FIFO (First In First Out), LIFO (Last In First Out), Costo Promedio +- Cálculo automático de costo de producto +- Asientos contables automáticos (si valoración automática activada) + +**Inventario Físico:** +- Conteos de inventario (inventory adjustments) +- Diferencias entre conteo físico y sistema +- Generación de ajustes automáticos + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Producción/Manufactura (MRP) - **Razón:** Módulo independiente (P2) +- ❌ Kits/Bundles (productos compuestos) - **Razón:** Complejidad (P1) +- ❌ Rutas de inventario complejas (push/pull rules) - **Razón:** Odoo avanzado (P2) +- ❌ Estrategias de picking (FIFO, LIFO, FEFO) - **Razón:** Warehouse management avanzado (P2) +- ❌ Codificación automática de productos - **Razón:** No es genérico +- ❌ Imágenes de productos (galería) - **Razón:** P1, inicialmente 1 imagen + +**Específico de Industria:** +- ❌ Productos con ficha técnica (construcción) - **Razón:** Específico de industria +- ❌ Productos con explosión de insumos (APU) - **Razón:** Específico de construcción +- ❌ Control de caducidad (FEFO) - **Razón:** Específico de alimentos/farmacia (P1) + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Categorías de productos, UoM +- **MGN-005 empieza:** Productos con categoría y UoM +- **Límite:** MGN-005 usa catálogos de MGN-003 + +**Con MGN-004 (Financiero):** +- **MGN-005 termina:** Valoración de inventario (costo de producto) +- **MGN-004 empieza:** Asientos contables de valoración +- **Límite:** Si valoración automática activada, MGN-005 genera asientos en MGN-004 + +**Con MGN-006 (Compras):** +- **MGN-006 termina:** Orden de compra confirmada +- **MGN-005 empieza:** Picking de recepción, movimientos de stock +- **Límite:** Confirmación de PO genera picking automáticamente + +**Con MGN-007 (Ventas):** +- **MGN-007 termina:** Orden de venta confirmada +- **MGN-005 empieza:** Picking de entrega, movimientos de stock +- **Límite:** Confirmación de SO genera picking automáticamente + +### Casos de Uso Principales + +1. **UC-INV-001:** Usuario crea un nuevo producto almacenable +2. **UC-INV-002:** Usuario crea un almacén con ubicaciones +3. **UC-INV-003:** Usuario realiza transferencia interna de stock +4. **UC-INV-004:** Usuario recibe productos (desde orden de compra) +5. **UC-INV-005:** Usuario entrega productos (desde orden de venta) +6. **UC-INV-006:** Usuario realiza conteo de inventario físico +7. **UC-INV-007:** Sistema calcula valoración de inventario (FIFO) +8. **UC-INV-008:** Usuario consulta trazabilidad de lote/número de serie + +### Actores + +- **Usuario Almacén:** Gestiona movimientos, recepciones, entregas +- **Usuario Compras:** Recibe productos de proveedores +- **Usuario Ventas:** Entrega productos a clientes +- **Contador:** Consulta valoración de inventario +- **Sistema:** Genera movimientos automáticos, calcula valoración + +### Referencias + +- **Odoo:** stock (stock.warehouse, stock.location, stock.move, stock.picking, stock.quant) +- **Gamilit:** inventory_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-006: Compras Básico + +### Descripción + +Módulo de gestión de compras. Maneja proveedores, solicitudes de cotización, órdenes de compra, recepciones y facturación de proveedores. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Proveedores:** +- Proveedores son partners con is_supplier=true (MGN-003) +- Condiciones de pago de proveedor +- Lead time (tiempo de entrega) +- Calificación de proveedor (supplier rank) + +**Solicitudes de Cotización (RFQ):** +- Creación de RFQ a proveedores +- Líneas de RFQ (productos, cantidades, precios esperados) +- Envío de RFQ por email (PDF) +- Estados: draft → sent → bid → cancelled + +**Órdenes de Compra:** +- Creación de órdenes de compra (purchase orders) +- Conversión de RFQ a PO +- Líneas de PO (productos, cantidades, precio unitario, subtotal, impuestos, total) +- Estados: draft → confirmed → received → billed → cancelled +- Fechas: fecha de orden, fecha de entrega esperada +- Términos de pago +- Notas de orden + +**Workflow de Aprobación:** +- Aprobación manual de órdenes (si monto > umbral) +- Estados de aprobación: pending_approval → approved → rejected +- Historial de aprobaciones + +**Recepciones:** +- Integración con MGN-005 (Inventario) +- Generación automática de picking de recepción al confirmar PO +- Validación de recepción (parcial o total) +- Control de cantidades recibidas vs ordenadas + +**Facturación de Proveedores:** +- Integración con MGN-004 (Financiero) +- Creación de factura de proveedor desde PO +- Control de cantidades facturadas vs recibidas vs ordenadas (3-way match) +- Validación de factura (genera asiento contable) + +**Reportes Básicos:** +- Reporte de compras por proveedor +- Reporte de compras por producto +- Reporte de órdenes pendientes de recepción + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Requisiciones de compra (purchase requisitions) - **Razón:** Proceso adicional (P1) +- ❌ Acuerdos marco con proveedores (blanket orders) - **Razón:** Complejidad (P2) +- ❌ Subastas inversas - **Razón:** No es común en mayoría de industrias (P2) +- ❌ Comparación automática de cotizaciones - **Razón:** Funcionalidad avanzada (P1) +- ❌ Integración con catálogos de proveedores (punchout) - **Razón:** Requiere integraciones externas (P2) +- ❌ Workflow de aprobación complejo (múltiples niveles) - **Razón:** Inicialmente 1 nivel es suficiente (P1) + +**Específico de Industria:** +- ❌ Gestión de contratos de construcción - **Razón:** Específico de industria +- ❌ Retenciones de garantía - **Razón:** Puede ser específico de construcción + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners (proveedores) +- **MGN-006 empieza:** Órdenes de compra a proveedores +- **Límite:** MGN-006 usa proveedores de MGN-003 + +**Con MGN-004 (Financiero):** +- **MGN-006 termina:** Orden de compra, recepción +- **MGN-004 empieza:** Factura de proveedor (genera asiento contable) +- **Límite:** PO puede generar factura de proveedor (vendor bill en MGN-004) + +**Con MGN-005 (Inventario):** +- **MGN-006 termina:** Orden de compra confirmada +- **MGN-005 empieza:** Picking de recepción, movimientos de stock +- **Límite:** Confirmación de PO genera picking en MGN-005 + +**Con MGN-008 (Analítica):** +- **MGN-006 termina:** Líneas de orden de compra +- **MGN-008 empieza:** Distribución analítica de costos por proyecto +- **Límite:** Líneas de PO pueden tener analytic_account_id + +### Casos de Uso Principales + +1. **UC-COM-001:** Usuario crea RFQ y envía a proveedores +2. **UC-COM-002:** Usuario convierte RFQ a orden de compra +3. **UC-COM-003:** Usuario crea orden de compra directamente +4. **UC-COM-004:** Sistema genera picking de recepción al confirmar PO +5. **UC-COM-005:** Usuario valida recepción de productos +6. **UC-COM-006:** Usuario crea factura de proveedor desde PO +7. **UC-COM-007:** Sistema valida 3-way match (PO vs Recepción vs Factura) +8. **UC-COM-008:** Aprobador aprueba/rechaza orden de compra + +### Actores + +- **Usuario Compras:** Crea RFQ, órdenes de compra +- **Aprobador Compras:** Aprueba órdenes > umbral +- **Usuario Almacén:** Valida recepciones +- **Contador:** Registra facturas de proveedor +- **Sistema:** Genera pickings, valida 3-way match + +### Referencias + +- **Odoo:** purchase (purchase.order, purchase.order.line) +- **Gamilit:** purchasing_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-007: Ventas Básico + +### Descripción + +Módulo de gestión de ventas. Maneja clientes, cotizaciones, órdenes de venta, entregas y facturación de clientes. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Clientes:** +- Clientes son partners con is_customer=true (MGN-003) +- Condiciones de pago de cliente +- Límite de crédito +- Calificación de cliente (customer rank) + +**Cotizaciones:** +- Creación de cotizaciones (quotations) +- Líneas de cotización (productos, cantidades, precio unitario, descuentos, subtotal, impuestos, total) +- Estados: draft → sent → sale → cancelled +- Envío de cotización por email (PDF) +- Validez de cotización (fecha de expiración) +- Términos y condiciones + +**Órdenes de Venta:** +- Conversión de cotización a orden de venta (sale order) +- Creación directa de orden de venta +- Líneas de SO (productos/servicios, cantidades, precio, descuentos, impuestos) +- Estados: quotation → sale → delivery → invoice → done +- Fechas: fecha de orden, fecha de entrega esperada +- Notas de orden + +**Entregas:** +- Integración con MGN-005 (Inventario) +- Generación automática de picking de entrega al confirmar SO +- Validación de entrega (parcial o total) +- Control de cantidades entregadas vs ordenadas + +**Facturación de Clientes:** +- Integración con MGN-004 (Financiero) +- Creación de factura de cliente desde SO +- Control de cantidades facturadas vs entregadas vs ordenadas +- Validación de factura (genera asiento contable) +- Facturación anticipada (down payment) + +**Portal de Clientes Básico:** +- Cliente puede ver sus cotizaciones +- Cliente puede aprobar cotización online +- Firma electrónica de cotización (canvas HTML5) +- (Funcionalidad completa en MGN-013) + +**Reportes Básicos:** +- Reporte de ventas por cliente +- Reporte de ventas por producto +- Reporte de órdenes pendientes de entrega + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Subscripciones/Ventas recurrentes - **Razón:** Modelo de negocio específico (P2) +- ❌ Órdenes de venta con múltiples entregas (delivery schedules) - **Razón:** Complejidad (P1) +- ❌ Pricing rules complejos (descuentos escalonados) - **Razón:** Funcionalidad avanzada (P1) +- ❌ Comisiones de ventas - **Razón:** Módulo independiente (P2) +- ❌ Contratos de venta - **Razón:** Complejidad (P2) +- ❌ Integración con e-commerce - **Razón:** Requiere plataforma externa (extensión) + +**Específico de Industria:** +- ❌ Gestión de proyectos de venta - **Razón:** Va en MGN-011 (Proyectos) +- ❌ Venta de servicios profesionales con timesheet - **Razón:** Combina MGN-007 + MGN-011 + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners (clientes) +- **MGN-007 empieza:** Cotizaciones y órdenes de venta a clientes +- **Límite:** MGN-007 usa clientes de MGN-003 + +**Con MGN-004 (Financiero):** +- **MGN-007 termina:** Orden de venta, entrega +- **MGN-004 empieza:** Factura de cliente (genera asiento contable) +- **Límite:** SO puede generar factura de cliente (customer invoice en MGN-004) + +**Con MGN-005 (Inventario):** +- **MGN-007 termina:** Orden de venta confirmada +- **MGN-005 empieza:** Picking de entrega, movimientos de stock +- **Límite:** Confirmación de SO genera picking en MGN-005 + +**Con MGN-008 (Analítica):** +- **MGN-007 termina:** Líneas de orden de venta +- **MGN-008 empieza:** Distribución analítica de ingresos por proyecto +- **Límite:** Líneas de SO pueden tener analytic_account_id + +**Con MGN-009 (CRM):** +- **MGN-009 termina:** Oportunidad de venta (lead) +- **MGN-007 empieza:** Cotización creada desde oportunidad +- **Límite:** Lead puede convertirse en quotation + +**Con MGN-013 (Portal):** +- **MGN-007 termina:** Creación de cotización +- **MGN-013 empieza:** Vista de cotización en portal, aprobación +- **Límite:** MGN-007 tiene portal básico, MGN-013 tiene portal completo + +### Casos de Uso Principales + +1. **UC-VEN-001:** Usuario crea cotización y envía a cliente +2. **UC-VEN-002:** Cliente aprueba cotización online (portal básico) +3. **UC-VEN-003:** Usuario convierte cotización a orden de venta +4. **UC-VEN-004:** Sistema genera picking de entrega al confirmar SO +5. **UC-VEN-005:** Usuario valida entrega de productos +6. **UC-VEN-006:** Usuario crea factura de cliente desde SO +7. **UC-VEN-007:** Usuario registra pago de cliente (MGN-004) +8. **UC-VEN-008:** Usuario consulta reporte de ventas por cliente + +### Actores + +- **Usuario Ventas:** Crea cotizaciones, órdenes de venta +- **Usuario Almacén:** Valida entregas +- **Contador:** Genera facturas de cliente +- **Cliente (Portal):** Aprueba cotizaciones online +- **Sistema:** Genera pickings, facturas + +### Referencias + +- **Odoo:** sale (sale.order, sale.order.line) +- **Gamilit:** sales_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-008: Contabilidad Analítica + +### Descripción + +Módulo de contabilidad analítica. Permite tracking de costos e ingresos por proyecto, departamento, centro de costo. Es paralelo a la contabilidad general (MGN-004). + +### Alcance Incluido (✅ Dentro del Alcance) + +**Cuentas Analíticas:** +- CRUD de cuentas analíticas (analytic accounts) +- Tipos: proyecto, departamento, centro de costo, cliente +- Jerarquía (parent_id): proyectos con sub-proyectos +- Estado: activo/inactivo +- Presupuesto asignado (opcional) +- Vinculación con company_id (multi-empresa) + +**Líneas Analíticas:** +- Registro automático de líneas analíticas desde transacciones +- Líneas con: cuenta analítica, monto, fecha, descripción, documento origen +- Líneas de costo (negativas) e ingreso (positivas) +- Agrupación por cuenta analítica + +**Distribución Analítica:** +- Una transacción puede distribuirse a múltiples cuentas analíticas +- Porcentaje de distribución (ej: 60% Proyecto A, 40% Proyecto B) +- Validación: suma de porcentajes = 100% + +**Integración con Módulos Transaccionales:** +- Campo `analytic_account_id` en: + - Líneas de factura (MGN-004) + - Líneas de orden de compra (MGN-006) + - Líneas de orden de venta (MGN-007) + - Timesheet de empleados (MGN-010) + - Tareas de proyectos (MGN-011) +- Generación automática de líneas analíticas al confirmar documentos + +**Tags Analíticos:** +- Etiquetas adicionales (ej: torre, etapa, fase) +- Múltiples tags por línea analítica +- Filtros por tags en reportes + +**Reportes Analíticos:** +- Balance por cuenta analítica (costos vs ingresos) +- P&L por proyecto +- Comparación presupuesto vs real +- Reporte de rentabilidad por proyecto +- Filtros: por fecha, empresa, tipo de cuenta + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Presupuestos complejos (revisiones, versiones) - **Razón:** Funcionalidad avanzada (P1) +- ❌ Alertas de sobre-presupuesto - **Razón:** Funcionalidad avanzada (P1) +- ❌ Forecast (proyecciones) - **Razón:** Requiere algoritmos (P2) +- ❌ Cross-charging (facturación inter-proyectos) - **Razón:** Complejidad (P2) + +**Específico de Industria:** +- ❌ APU (Análisis de Precio Unitario) construcción - **Razón:** Específico de construcción +- ❌ Curva S - **Razón:** Específico de construcción +- ❌ Costos por fase de obra - **Razón:** Puede modelarse con tags analíticos + +### Límites con Otros Módulos + +**Con MGN-004 (Financiero):** +- **MGN-004 termina:** Asientos en contabilidad general +- **MGN-008 empieza:** Distribución analítica de asientos +- **Límite:** Contabilidad general y analítica son paralelas (una transacción genera asiento en ambas) + +**Con MGN-006 (Compras) y MGN-007 (Ventas):** +- **MGN-006/007 terminan:** Líneas de órdenes +- **MGN-008 empieza:** Campo analytic_account_id en líneas +- **Límite:** Órdenes registran costos/ingresos en cuentas analíticas + +**Con MGN-011 (Proyectos):** +- **MGN-011 termina:** Proyecto como entidad +- **MGN-008 empieza:** Proyecto tiene cuenta analítica asociada (1-1) +- **Límite:** Un proyecto MGN-011 = una cuenta analítica MGN-008 + +**Con MGN-012 (Reportes):** +- **MGN-008 termina:** Datos de líneas analíticas +- **MGN-012 empieza:** Reportes consolidados, dashboards +- **Límite:** MGN-012 consume datos de MGN-008 + +### Casos de Uso Principales + +1. **UC-ANA-001:** Administrador crea cuenta analítica para proyecto +2. **UC-ANA-002:** Usuario asigna cuenta analítica a línea de orden de compra +3. **UC-ANA-003:** Sistema genera líneas analíticas al validar factura +4. **UC-ANA-004:** Usuario distribuye costo a múltiples cuentas analíticas +5. **UC-ANA-005:** Usuario consulta balance por cuenta analítica (P&L por proyecto) +6. **UC-ANA-006:** Usuario compara presupuesto vs real +7. **UC-ANA-007:** Usuario filtra líneas analíticas por tags + +### Actores + +- **Administrador Proyectos:** Crea cuentas analíticas +- **Usuario Compras/Ventas:** Asigna cuentas analíticas a transacciones +- **Gerente de Proyecto:** Consulta rentabilidad de proyecto +- **Contador:** Genera reportes analíticos +- **Sistema:** Genera líneas analíticas automáticamente + +### Referencias + +- **Odoo:** analytic (account.analytic.account, account.analytic.line) +- **ADR:** ADR-007 (Database Design) +- **Importancia:** ⭐⭐⭐⭐⭐ CRÍTICO para ERPs de proyectos + +--- + +## MGN-009: CRM Básico + +### Descripción + +Módulo de gestión de relaciones con clientes (CRM). Maneja leads, oportunidades, pipeline de ventas, actividades y conversión a cotizaciones. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Leads/Oportunidades:** +- CRUD de leads (contactos interesados) +- Datos de lead: nombre, empresa, email, teléfono, fuente (website, referral, etc.) +- Conversión de lead a oportunidad +- Oportunidades con: monto estimado, probabilidad de cierre, fecha esperada +- Vinculación con partner (MGN-003) + +**Pipeline de Ventas:** +- Stages personalizables (ej: Prospección → Calificación → Propuesta → Negociación → Ganado/Perdido) +- Drag-and-drop entre stages (kanban) +- Probabilidad de cierre por stage +- Revenue estimado por stage + +**Actividades y Seguimiento:** +- Programación de actividades (llamadas, reuniones, emails) +- Estados: pendiente → completada → vencida +- Recordatorios +- Notas de actividad + +**Lead Scoring:** +- Scoring automático basado en criterios (ej: tamaño empresa, industria, interacción) +- Calificación: hot, warm, cold + +**Teams de Ventas:** +- CRUD de equipos de ventas +- Asignación de leads a equipos +- Objetivos de ventas por equipo (opcional) + +**Conversión a Cotización:** +- Botón "Crear Cotización" desde oportunidad +- Pre-llenado de datos (cliente, productos, monto) +- Vínculo entre oportunidad (MGN-009) y cotización (MGN-007) + +**Reportes CRM:** +- Reporte de oportunidades por stage +- Reporte de conversión rate +- Reporte de rendimiento por vendedor +- Embudo de ventas (funnel) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Marketing automation (campaigns, email marketing) - **Razón:** Módulo independiente (P2) +- ❌ Integración con redes sociales - **Razón:** Requiere APIs externas (P2) +- ❌ Predicción de cierre con ML - **Razón:** Complejidad (P3) +- ❌ CRM avanzado (customer journey, customer lifetime value) - **Razón:** Funcionalidad avanzada (P2) +- ❌ Atención al cliente (tickets, helpdesk) - **Razón:** Módulo independiente (P2) + +**Integraciones:** +- ❌ Integración con email (Gmail, Outlook) - **Razón:** Requiere APIs externas (P1) +- ❌ Integración con teléfono (VoIP) - **Razón:** Requiere infraestructura (P2) + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners (clientes potenciales) +- **MGN-009 empieza:** Leads que se convierten en partners +- **Límite:** Un lead puede crear un partner al calificarse + +**Con MGN-007 (Ventas):** +- **MGN-009 termina:** Oportunidad +- **MGN-007 empieza:** Cotización creada desde oportunidad +- **Límite:** Oportunidad puede generar cotización (sale.order) + +**Con MGN-014 (Mensajería):** +- **MGN-009 termina:** Lead, oportunidad +- **MGN-014 empieza:** Actividades, recordatorios, notificaciones +- **Límite:** MGN-009 usa sistema de actividades de MGN-014 + +### Casos de Uso Principales + +1. **UC-CRM-001:** Usuario crea un nuevo lead +2. **UC-CRM-002:** Usuario califica lead y convierte a oportunidad +3. **UC-CRM-003:** Usuario mueve oportunidad entre stages (drag-and-drop) +4. **UC-CRM-004:** Usuario programa llamada de seguimiento +5. **UC-CRM-005:** Usuario convierte oportunidad a cotización +6. **UC-CRM-006:** Usuario marca oportunidad como ganada/perdida +7. **UC-CRM-007:** Gerente consulta embudo de ventas (funnel) + +### Actores + +- **Vendedor:** Gestiona leads, oportunidades, actividades +- **Gerente de Ventas:** Consulta reportes, gestiona equipos +- **Sistema:** Calcula scoring, envía recordatorios + +### Referencias + +- **Odoo:** crm (crm.lead, crm.stage, crm.team) +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-010: RRHH Básico + +### Descripción + +Módulo de recursos humanos. Maneja empleados, departamentos, contratos, asistencias, ausencias y timesheet básico. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Empleados:** +- CRUD de empleados +- Datos personales: nombre, email, teléfono, dirección, fecha de nacimiento +- Datos laborales: puesto (job position), departamento, manager, fecha de ingreso +- Empleado vinculado a partner (is_employee=true) y user (opcional) +- Estado: activo/inactivo +- Foto de empleado + +**Departamentos y Puestos:** +- CRUD de departamentos +- Jerarquía de departamentos (parent_id) +- Jefe de departamento (manager) +- CRUD de puestos de trabajo (job positions) +- Descripción de puesto + +**Contratos Laborales:** +- CRUD de contratos +- Tipos de contrato: indefinido, temporal, honorarios +- Datos de contrato: salario, fecha inicio, fecha fin (opcional), puesto, tipo de jornada +- Estados: draft → running → expired → cancelled + +**Asistencias:** +- Check-in/Check-out (registro de entrada/salida) +- Cálculo automático de horas trabajadas +- Reporte de asistencias por empleado +- Reporte de asistencias por departamento + +**Ausencias y Permisos:** +- CRUD de tipos de ausencia (vacaciones, incapacidad, permiso sin goce) +- Solicitudes de ausencia (leave requests) +- Estados: draft → pending_approval → approved → refused +- Workflow de aprobación (manager aprueba) +- Saldo de días de vacaciones + +**Organigrama:** +- Visualización jerárquica de empleados (por manager) +- Visualización por departamento + +**Timesheet Básico:** +- Registro de horas trabajadas por día +- Asignación de horas a cuenta analítica (MGN-008) +- Validación de horas (manager aprueba) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Nómina:** +- ❌ Cálculo de nómina (salario, deducciones, impuestos) - **Razón:** Módulo especializado, específico de país (P1) +- ❌ Recibos de nómina - **Razón:** Va con módulo de nómina (P1) +- ❌ Integración con bancos (pago de nómina) - **Razón:** Requiere APIs bancarias (P2) + +**Funcionalidades Avanzadas:** +- ❌ Evaluaciones de desempeño - **Razón:** Módulo independiente (P2) +- ❌ Reclutamiento (job postings, applicants) - **Razón:** Módulo independiente (P2) +- ❌ Capacitación y desarrollo - **Razón:** Módulo independiente (P2) +- ❌ Gestión de beneficios - **Razón:** Complejidad (P2) +- ❌ Gastos de empleados (expense reports) - **Razón:** Módulo independiente (P1) + +### Límites con Otros Módulos + +**Con MGN-001 (Fundamentos):** +- **MGN-001 termina:** Users +- **MGN-010 empieza:** Empleados vinculados a users +- **Límite:** Un user puede ser empleado (employee_id) + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners +- **MGN-010 empieza:** Empleados vinculados a partners (is_employee=true) +- **Límite:** Un empleado es un partner + +**Con MGN-008 (Analítica):** +- **MGN-010 termina:** Timesheet (horas trabajadas) +- **MGN-008 empieza:** Líneas analíticas desde timesheet +- **Límite:** Horas de timesheet generan líneas analíticas + +**Con MGN-011 (Proyectos):** +- **MGN-010 termina:** Timesheet de empleado +- **MGN-011 empieza:** Timesheet asignado a tareas +- **Límite:** Timesheet puede vincularse a tareas de proyectos + +### Casos de Uso Principales + +1. **UC-HR-001:** RRHH crea un nuevo empleado +2. **UC-HR-002:** RRHH asigna empleado a departamento y puesto +3. **UC-HR-003:** RRHH crea contrato de trabajo +4. **UC-HR-004:** Empleado registra check-in/check-out +5. **UC-HR-005:** Empleado solicita vacaciones +6. **UC-HR-006:** Manager aprueba/rechaza solicitud de vacaciones +7. **UC-HR-007:** Empleado registra timesheet (horas trabajadas por proyecto) +8. **UC-HR-008:** Manager valida timesheet de empleado + +### Actores + +- **RRHH:** Gestiona empleados, contratos, ausencias +- **Manager:** Aprueba ausencias, valida timesheet +- **Empleado:** Registra asistencias, solicita ausencias, registra timesheet +- **Sistema:** Calcula horas trabajadas, saldo de vacaciones + +### Referencias + +- **Odoo:** hr (hr.employee, hr.contract, hr.attendance, hr.leave) +- **Gamilit:** hr_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-011: Proyectos Genéricos + +### Descripción + +Módulo de gestión de proyectos genéricos. Maneja proyectos, tareas, milestones, timesheet y portal de proyectos para clientes. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Gestión de Proyectos:** +- CRUD de proyectos +- Datos de proyecto: nombre, descripción, cliente (partner), manager, fecha inicio/fin +- Estados: draft → active → completed → cancelled +- Proyecto vinculado a cuenta analítica (1-1) - MGN-008 +- Proyecto vinculado a empresa (company_id) + +**Tareas:** +- CRUD de tareas (tasks) +- Datos de tarea: nombre, descripción, proyecto, asignado a, fecha límite, prioridad +- Estados configurables por proyecto (stages): To Do → In Progress → Review → Done +- Kanban de tareas (drag-and-drop entre stages) +- Subtareas (parent_id) +- Dependencias entre tareas (opcional P1) + +**Milestones:** +- CRUD de milestones (hitos importantes) +- Fecha de milestone, estado (pendiente, completado) +- Tareas asociadas a milestone + +**Timesheet:** +- Integración con MGN-010 (RRHH) +- Registro de horas trabajadas por tarea +- Validación de horas (manager aprueba) +- Horas generan líneas analíticas (MGN-008) + +**Gantt:** +- Vista de timeline de tareas +- Visualización de dependencias +- Drag-and-drop para reprogramar + +**Portal de Proyectos:** +- Cliente puede ver sus proyectos +- Cliente puede ver tareas (read-only) +- Cliente puede comentar en tareas +- (Funcionalidad completa en MGN-013) + +**Reportes Básicos:** +- Reporte de tareas por proyecto +- Reporte de horas trabajadas por proyecto +- Reporte de milestones cumplidos vs pendientes + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Gestión de recursos (resource allocation) - **Razón:** Complejidad (P2) +- ❌ Critical Path Method (CPM) - **Razón:** Algoritmo complejo (P2) +- ❌ Baseline de proyectos (versiones de plan) - **Razón:** Funcionalidad avanzada (P2) +- ❌ Issues/Bugs tracking - **Razón:** Puede ser módulo independiente (P2) +- ❌ Wiki de proyecto - **Razón:** Requiere editor avanzado (P2) + +**Específico de Industria:** +- ❌ Proyectos de construcción (manzanas, lotes, prototipos) - **Razón:** Específico de construcción (extensión) +- ❌ Curva S, APU - **Razón:** Específico de construcción +- ❌ Control de avances físicos - **Razón:** Específico de construcción + +### Límites con Otros Módulos + +**Con MGN-003 (Catálogos):** +- **MGN-003 termina:** Partners (clientes) +- **MGN-011 empieza:** Proyectos con cliente (partner_id) +- **Límite:** Proyecto tiene cliente + +**Con MGN-008 (Analítica):** +- **MGN-011 termina:** Proyecto como entidad de gestión +- **MGN-008 empieza:** Proyecto tiene cuenta analítica (1-1) +- **Límite:** Un proyecto MGN-011 = una cuenta analítica MGN-008 + +**Con MGN-010 (RRHH):** +- **MGN-010 termina:** Timesheet de empleado +- **MGN-011 empieza:** Timesheet asignado a tareas +- **Límite:** Horas de timesheet se asignan a tareas + +**Con MGN-013 (Portal):** +- **MGN-011 termina:** Proyecto y tareas +- **MGN-013 empieza:** Vista de proyecto en portal para cliente +- **Límite:** MGN-011 tiene portal básico, MGN-013 tiene portal completo + +### Casos de Uso Principales + +1. **UC-PRO-001:** Manager crea un nuevo proyecto +2. **UC-PRO-002:** Manager crea tareas en proyecto +3. **UC-PRO-003:** Usuario asignado mueve tarea entre stages (kanban) +4. **UC-PRO-004:** Empleado registra horas trabajadas en tarea +5. **UC-PRO-005:** Manager valida timesheet de tarea +6. **UC-PRO-006:** Manager crea milestone y asocia tareas +7. **UC-PRO-007:** Cliente ve avance de proyecto en portal +8. **UC-PRO-008:** Usuario consulta Gantt de proyecto + +### Actores + +- **Manager de Proyecto:** Gestiona proyectos, tareas, milestones +- **Usuario Asignado:** Trabaja en tareas, registra horas +- **Cliente (Portal):** Ve avance de proyecto +- **Sistema:** Genera líneas analíticas desde timesheet + +### Referencias + +- **Odoo:** project (project.project, project.task, project.milestone) +- **Gamilit:** projects_management schema +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-012: Reportes y Analytics + +### Descripción + +Módulo de reportes y analytics avanzados. Proporciona dashboards, reportes configurables, exportación de datos y visualizaciones. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Dashboards:** +- Dashboard genérico con widgets configurables +- Widgets: KPIs (números), gráficos (línea, barra, pie), tablas +- Configuración por rol (cada rol ve su dashboard) +- Filtros globales (fecha, empresa, proyecto) + +**Reportes Configurables:** +- Query builder visual (sin SQL) +- Selección de campos, filtros, agrupaciones, ordenamiento +- Guardado de reportes personalizados +- Compartir reportes con otros usuarios + +**Reportes Financieros Estándar:** +- Balance General (integración con MGN-004) +- Estado de Resultados / P&L (integración con MGN-004) +- Flujo de Caja (Cash Flow) - P1 + +**Reportes Analíticos:** +- P&L por proyecto (integración con MGN-008) +- Balance por cuenta analítica +- Comparación presupuesto vs real + +**KPIs Genéricos:** +- KPIs de ventas (monto vendido, # órdenes, ticket promedio) +- KPIs de compras (monto comprado, # órdenes, proveedores activos) +- KPIs de inventario (valor de stock, rotación) +- KPIs financieros (cuentas por cobrar, cuentas por pagar, liquidez) + +**Exportación:** +- Exportación a PDF (con header/footer de empresa) +- Exportación a Excel (con formato) +- Exportación a CSV +- Programación de reportes (envío por email automático) - P1 + +**Gráficos y Visualizaciones:** +- Librería de gráficos (Chart.js o Recharts) +- Tipos: línea, barra, pie, área, scatter +- Gráficos interactivos (zoom, tooltips) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ BI avanzado (OLAP, cubos) - **Razón:** Complejidad (P3) +- ❌ Predicciones con ML - **Razón:** Requiere data science (P3) +- ❌ Integración con herramientas BI externas (Power BI, Tableau) - **Razón:** Requiere APIs (P2) +- ❌ Data warehouse - **Razón:** Infraestructura adicional (P3) + +**Reportes Específicos:** +- ❌ Reportes específicos de industria - **Razón:** Van en extensiones específicas + +### Límites con Otros Módulos + +**Con MGN-004 (Financiero):** +- **MGN-004 termina:** Datos contables +- **MGN-012 empieza:** Reportes financieros (Balance, P&L) +- **Límite:** MGN-012 consume datos de MGN-004 + +**Con MGN-008 (Analítica):** +- **MGN-008 termina:** Datos analíticos +- **MGN-012 empieza:** Reportes analíticos (P&L por proyecto) +- **Límite:** MGN-012 consume datos de MGN-008 + +**Con Todos los Módulos:** +- **Otros módulos terminan:** Generación de datos +- **MGN-012 empieza:** Consumo y visualización de datos +- **Límite:** MGN-012 es capa de reporting sobre todos los módulos + +### Casos de Uso Principales + +1. **UC-REP-001:** Usuario consulta dashboard de ventas +2. **UC-REP-002:** Contador genera Balance General +3. **UC-REP-003:** Gerente genera P&L por proyecto +4. **UC-REP-004:** Usuario crea reporte personalizado con query builder +5. **UC-REP-005:** Usuario exporta reporte a Excel +6. **UC-REP-006:** Usuario programa envío de reporte por email (semanal) +7. **UC-REP-007:** Usuario visualiza gráfico de ventas por mes + +### Actores + +- **Contador:** Genera reportes financieros +- **Gerente:** Consulta dashboards, KPIs +- **Administrador:** Configura reportes por rol +- **Usuario:** Crea reportes personalizados + +### Referencias + +- **Odoo:** account (reports), reporting +- **Gamilit:** analytics module +- **ADR:** ADR-007 (Database Design) + +--- + +## MGN-013: Portal de Usuarios + +### Descripción + +Módulo de portal para usuarios externos (clientes, proveedores). Permite acceso limitado a documentos, aprobación de cotizaciones, firma electrónica y vista de proyectos. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Acceso Portal:** +- Usuarios con rol `portal_user` (is_portal=true) +- Login separado (subdomain o /portal) +- RLS estricto (usuario solo ve sus registros) +- Permisos read-only + acciones permitidas (aprobar, firmar) + +**Vista de Documentos:** +- Cotizaciones (MGN-007): ver, aprobar, firmar +- Órdenes de venta (MGN-007): ver estado, entregas +- Facturas (MGN-004): ver, descargar PDF +- Pagos (MGN-004): ver estado +- Proyectos (MGN-011): ver avance, tareas, comentar + +**Aprobación de Documentos:** +- Aprobación de cotizaciones online +- Estados: pending → approved → rejected +- Historial de aprobaciones + +**Firma Electrónica:** +- Canvas HTML5 para firma +- Almacenamiento seguro de firma (base64 en DB o S3) +- Firma válida legalmente (con timestamp, IP, user agent) +- PDF firmado (con imagen de firma) + +**Mensajería:** +- Integración con MGN-014 +- Cliente puede comentar en documentos +- Cliente puede enviar mensajes a empresa +- Notificaciones por email + +**Dashboard Personalizado:** +- Dashboard por rol (cliente ve sus órdenes, facturas, proyectos) +- KPIs básicos (monto pendiente, órdenes activas) + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Portal de proveedores (RFQ online, respuesta de cotización) - **Razón:** Caso de uso específico (P1) +- ❌ Portal de empleados - **Razón:** Puede ser extensión de MGN-010 (P2) +- ❌ Customización completa de portal por cliente - **Razón:** Complejidad (P2) +- ❌ White-label portal (custom branding por cliente) - **Razón:** Requiere infraestructura (P2) + +**Integraciones:** +- ❌ Integración con e-signature providers (DocuSign, etc.) - **Razón:** Requiere APIs externas (P2) + +### Límites con Otros Módulos + +**Con MGN-001 (Fundamentos):** +- **MGN-001 termina:** Autenticación de usuarios +- **MGN-013 empieza:** Portal con rol portal_user +- **Límite:** Portal usa autenticación de MGN-001 + +**Con MGN-007 (Ventas):** +- **MGN-007 termina:** Cotizaciones, órdenes +- **MGN-013 empieza:** Vista de cotizaciones en portal, aprobación +- **Límite:** Portal consume datos de MGN-007 + +**Con MGN-011 (Proyectos):** +- **MGN-011 termina:** Proyectos, tareas +- **MGN-013 empieza:** Vista de proyectos en portal +- **Límite:** Portal consume datos de MGN-011 + +**Con MGN-014 (Mensajería):** +- **MGN-014 termina:** Sistema de mensajes +- **MGN-013 empieza:** Mensajes en portal +- **Límite:** Portal usa mensajería de MGN-014 + +### Casos de Uso Principales + +1. **UC-POR-001:** Cliente inicia sesión en portal +2. **UC-POR-002:** Cliente ve sus cotizaciones pendientes +3. **UC-POR-003:** Cliente aprueba cotización online +4. **UC-POR-004:** Cliente firma cotización electrónicamente +5. **UC-POR-005:** Cliente ve avance de su proyecto +6. **UC-POR-006:** Cliente descarga factura en PDF +7. **UC-POR-007:** Cliente envía mensaje a empresa desde portal + +### Actores + +- **Cliente (Portal):** Ve documentos, aprueba, firma +- **Proveedor (Portal):** Ve órdenes de compra (opcional P1) +- **Empleado Empresa:** Responde mensajes de portal +- **Sistema:** Valida permisos, notifica aprobaciones + +### Referencias + +- **Odoo:** portal (portal.user, portal access) +- **ADR:** ADR-006 (RBAC), ADR-007 (Database Design) +- **Importancia:** ⭐⭐⭐⭐⭐ CRÍTICO para portal derechohabientes INFONAVIT + +--- + +## MGN-014: Mensajería y Notificaciones + +### Descripción + +Módulo de mensajería y notificaciones. Proporciona sistema de mensajes (chatter), notificaciones, tracking automático de cambios, actividades y followers. + +### Alcance Incluido (✅ Dentro del Alcance) + +**Sistema de Mensajes (Chatter):** +- Patrón mail.thread de Odoo +- Chatter por registro (comentarios en facturas, órdenes, proyectos, etc.) +- Tipos de mensaje: note (interno), comment (visible a followers) +- Adjuntos en mensajes + +**Notificaciones:** +- Notificaciones in-app (campana con badge de conteo) +- Notificaciones por email +- Push notifications (opcional P1, para mobile) +- Preferencias de notificación por usuario + +**Tracking Automático de Cambios:** +- Decorador `@TrackChanges(['status', 'amount', 'assigned_to'])` +- Registro automático de cambios en campos configurados +- Mensaje automático en chatter: "Usuario X cambió Status de Draft a Confirmed" +- Auditoría sin código adicional + +**Actividades Programadas:** +- CRUD de actividades (llamadas, reuniones, emails, tareas) +- Fecha/hora de actividad, asignado a, tipo, descripción +- Estados: pendiente → completada → vencida +- Recordatorios automáticos (1 día antes, 1 hora antes) +- Integración con calendario (opcional P1) + +**Followers (Seguidores):** +- Usuarios pueden seguir registros (follow/unfollow) +- Followers reciben notificaciones automáticas de cambios +- Agregar followers automáticamente (ej: vendedor sigue sus órdenes) + +**Templates de Email:** +- Templates configurables (Handlebars o similar) +- Variables: {{user.name}}, {{order.amount}}, etc. +- Envío de emails desde templates (cotizaciones, facturas, etc.) + +**Mensajería en Tiempo Real:** +- WebSocket con Socket.IO +- Notificaciones push instantáneas +- Mejor UX vs polling + +### Alcance Excluido (❌ Fuera del Alcance) + +**Funcionalidades Avanzadas:** +- ❌ Chat en tiempo real (Slack-like) - **Razón:** Requiere infraestructura compleja (P2) +- ❌ Videollamadas - **Razón:** Requiere WebRTC (P3) +- ❌ Integración con email (Gmail, Outlook) - **Razón:** Requiere APIs externas (P1) +- ❌ SMS notifications - **Razón:** Requiere proveedor SMS (P2) +- ❌ Email marketing - **Razón:** Módulo independiente (P2) + +### Límites con Otros Módulos + +**Con Todos los Módulos:** +- **Otros módulos terminan:** Creación/actualización de registros +- **MGN-014 empieza:** Tracking de cambios, notificaciones +- **Límite:** MGN-014 es transversal, todos los módulos pueden usar chatter y notificaciones + +### Casos de Uso Principales + +1. **UC-NOT-001:** Usuario comenta en orden de venta (chatter) +2. **UC-NOT-002:** Sistema registra cambio automático (tracking) +3. **UC-NOT-003:** Usuario recibe notificación in-app +4. **UC-NOT-004:** Usuario configura preferencias de notificación +5. **UC-NOT-005:** Usuario programa actividad (llamada a cliente) +6. **UC-NOT-006:** Sistema envía recordatorio de actividad vencida +7. **UC-NOT-007:** Usuario sigue orden de compra (follow) +8. **UC-NOT-008:** Sistema envía email desde template + +### Actores + +- **Usuario:** Comenta, crea actividades, recibe notificaciones +- **Sistema:** Registra cambios automáticamente, envía notificaciones +- **Administrador:** Configura templates de email + +### Referencias + +- **Odoo:** mail (mail.thread, mail.message, mail.followers, mail.activity) +- **Gamilit:** notifications_management schema +- **ADR:** ADR-007 (Database Design) +- **Importancia:** ⭐⭐⭐⭐⭐ ESENCIAL para auditoría y colaboración + +--- + +## Resumen de Alcance + +### Total de Funcionalidades + +| Módulo | Funcionalidades Incluidas | Funcionalidades Excluidas | Ratio Incluidas/Excluidas | +|--------|---------------------------|---------------------------|---------------------------| +| MGN-001 | 8 (Auth, Users, RBAC, Multi-tenancy) | 9 (OAuth, 2FA, SSO, etc.) | 47% | +| MGN-002 | 5 (Empresas, Multi-empresa, Holdings) | 4 (Consolidación, Transfers, etc.) | 56% | +| MGN-003 | 8 (Partners, Countries, Currencies, UoM) | 5 (CRM avanzado, Portal, etc.) | 62% | +| MGN-004 | 10 (Contabilidad general completa) | 7 (Presupuestos, Activos fijos, etc.) | 59% | +| MGN-005 | 10 (Inventario completo) | 6 (MRP, Kits, Rutas, etc.) | 63% | +| MGN-006 | 8 (Compras completo) | 5 (Requisiciones, Acuerdos marco, etc.) | 62% | +| MGN-007 | 9 (Ventas completo) | 6 (Subscripciones, Comisiones, etc.) | 60% | +| MGN-008 | 7 (Analítica completa) | 4 (Presupuestos avanzados, etc.) | 64% | +| MGN-009 | 8 (CRM básico) | 5 (Marketing automation, etc.) | 62% | +| MGN-010 | 9 (RRHH básico) | 6 (Nómina, Reclutamiento, etc.) | 60% | +| MGN-011 | 8 (Proyectos genéricos) | 5 (Resource allocation, CPM, etc.) | 62% | +| MGN-012 | 7 (Reportes y dashboards) | 4 (BI avanzado, ML, etc.) | 64% | +| MGN-013 | 6 (Portal básico) | 4 (Portal proveedores, White-label, etc.) | 60% | +| MGN-014 | 8 (Mensajería completa) | 5 (Chat, Videollamadas, SMS, etc.) | 62% | +| **TOTAL** | **111** | **75** | **60%** | + +**Promedio:** 60% de funcionalidades incluidas vs 40% excluidas (para evitar over-engineering) + +--- + +## Próximos Pasos + +1. **Validar alcance con stakeholders:** Revisar que funcionalidades incluidas son suficientes para MVP +2. **Crear DEPENDENCIAS-MODULOS.md:** Documentar orden de implementación basado en dependencias +3. **Diseñar database schemas:** Crear DDL de cada módulo (Fase 2) +4. **Diseñar APIs:** Crear especificaciones OpenAPI 3.0 (Fase 2) + +--- + +**Documento creado:** 2025-11-23 +**Versión:** 1.0 +**Autor:** Architecture-Analyst +**Estado:** ✅ Completado +**Próximo documento:** DEPENDENCIAS-MODULOS.md diff --git a/docs/02-definicion-modulos/DEPENDENCIAS-MODULOS.md b/docs/02-definicion-modulos/DEPENDENCIAS-MODULOS.md new file mode 100644 index 0000000..371c37d --- /dev/null +++ b/docs/02-definicion-modulos/DEPENDENCIAS-MODULOS.md @@ -0,0 +1,939 @@ +# DEPENDENCIAS ENTRE MÓDULOS + +**Fecha:** 2025-12-05 +**Versión:** 1.1 +**Basado en:** LISTA-MODULOS-ERP-GENERICO.md + ALCANCE-POR-MODULO.md + DDL-SPEC SaaS + +--- + +## Introducción + +Este documento define las dependencias entre los 18 módulos del ERP Genérico (14 core + 4 SaaS) y establece el orden óptimo de implementación. + +**Objetivo:** +- Identificar qué módulos dependen de otros +- Establecer orden de implementación que minimice bloqueos +- Planificar sprints de desarrollo +- Identificar riesgos de dependencias circulares + +**Metodología:** +- **Dependencia fuerte:** Módulo B NO puede funcionar sin Módulo A (bloquea implementación) +- **Dependencia débil:** Módulo B puede funcionar sin Módulo A, pero con funcionalidad limitada +- **Dependencia opcional:** Módulo B puede usar Módulo A si está disponible, pero no es necesario + +--- + +## Matriz de Dependencias + +### Tabla Completa de Dependencias + +| Módulo | Código | Depende de (Fuerte) | Depende de (Débil) | Requerido por (Fuerte) | Nivel de Implementación | +|--------|--------|---------------------|--------------------|-----------------------|------------------------| +| **Fundamentos** | MGN-001 | - | - | TODOS (MGN-002 a MGN-014) | **Nivel 0** | +| **Empresas** | MGN-002 | MGN-001 | - | MGN-004, MGN-005, MGN-006, MGN-007, MGN-010 | **Nivel 1** | +| **Catálogos** | MGN-003 | MGN-001, MGN-002 | - | MGN-004, MGN-005, MGN-006, MGN-007, MGN-009 | **Nivel 1** | +| **Mensajería** | MGN-014 | MGN-001 | - | MGN-013 | **Nivel 1** | +| **Financiero** | MGN-004 | MGN-001, MGN-002, MGN-003 | - | MGN-006, MGN-007, MGN-008, MGN-012 | **Nivel 2** | +| **Inventario** | MGN-005 | MGN-001, MGN-002, MGN-003 | - | MGN-006, MGN-007 | **Nivel 2** | +| **RRHH** | MGN-010 | MGN-001, MGN-002, MGN-003 | - | MGN-011 | **Nivel 2** | +| **Compras** | MGN-006 | MGN-004, MGN-005 | - | MGN-008 | **Nivel 3** | +| **Ventas** | MGN-007 | MGN-004, MGN-005 | - | MGN-008, MGN-009, MGN-013 | **Nivel 3** | +| **Analítica** | MGN-008 | MGN-004, MGN-006, MGN-007 | - | MGN-011, MGN-012 | **Nivel 4** | +| **CRM** | MGN-009 | MGN-003, MGN-007 | MGN-014 | - | **Nivel 4** | +| **Portal** | MGN-013 | MGN-001, MGN-007, MGN-014 | - | - | **Nivel 4** | +| **Proyectos** | MGN-011 | MGN-008 | MGN-010 | - | **Nivel 5** | +| **Reportes** | MGN-012 | MGN-004, MGN-008 | - | - | **Nivel 5** | +| **Billing SaaS** | MGN-015 | MGN-001, MGN-002 (Tenants) | - | MGN-016, MGN-017, MGN-018 | **Nivel 6** | +| **Payments POS** | MGN-016 | MGN-001, MGN-004, MGN-015 | - | - | **Nivel 7** | +| **WhatsApp Business** | MGN-017 | MGN-001, MGN-003, MGN-015 | - | MGN-018 | **Nivel 7** | +| **AI Agents** | MGN-018 | MGN-001, MGN-003, MGN-017 | - | - | **Nivel 8** | + +### Visualización de Niveles de Implementación + +``` +Nivel 0 (Base): +┌─────────────┐ +│ MGN-001 │ ← INICIO OBLIGATORIO +│ Fundamentos │ +└─────────────┘ + +Nivel 1 (Core Base): +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ MGN-002 │ │ MGN-003 │ │ MGN-014 │ +│ Empresas │ │ Catálogos │ │ Mensajería │ +└─────────────┘ └─────────────┘ └─────────────┘ + +Nivel 2 (Módulos Transaccionales Base): +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ MGN-004 │ │ MGN-005 │ │ MGN-010 │ +│ Financiero │ │ Inventario │ │ RRHH │ +└─────────────┘ └─────────────┘ └─────────────┘ + +Nivel 3 (Compras y Ventas): +┌─────────────┐ ┌─────────────┐ +│ MGN-006 │ │ MGN-007 │ +│ Compras │ │ Ventas │ +└─────────────┘ └─────────────┘ + +Nivel 4 (Analítica y Complementarios): +┌─────────────┐ ┌─────────────┐ ┌─────────────┐ +│ MGN-008 │ │ MGN-009 │ │ MGN-013 │ +│ Analítica │ │ CRM │ │ Portal │ +└─────────────┘ └─────────────┘ └─────────────┘ + +Nivel 5 (Módulos Avanzados): +┌─────────────┐ ┌─────────────┐ +│ MGN-011 │ │ MGN-012 │ +│ Proyectos │ │ Reportes │ +└─────────────┘ └─────────────┘ + +Nivel 6 (SaaS Platform - Base): +┌─────────────┐ +│ MGN-015 │ +│ Billing SaaS│ +└─────────────┘ + +Nivel 7 (SaaS Platform - Integraciones): +┌─────────────┐ ┌─────────────┐ +│ MGN-016 │ │ MGN-017 │ +│ Payments POS│ │ WhatsApp │ +└─────────────┘ └─────────────┘ + +Nivel 8 (SaaS Platform - AI): +┌─────────────┐ +│ MGN-018 │ +│ AI Agents │ +└─────────────┘ +``` + +--- + +## Detalle de Dependencias por Módulo + +### MGN-001: Fundamentos +**Nivel:** 0 (Base) + +**Depende de:** +- ❌ Ninguno (es el módulo base) + +**Requerido por (Fuerte):** +- ✅ **TODOS** los módulos (MGN-002 a MGN-014) + +**Razón:** +Autenticación, autorización y multi-tenancy son fundamentales para cualquier funcionalidad del ERP. + +**Impacto de bloqueo:** +- **CRÍTICO:** Si MGN-001 no está completo, NO se puede iniciar ningún otro módulo. +- **Prioridad:** P0 - MÁXIMA +- **Debe completarse en:** Sprint 1-2 + +--- + +### MGN-002: Empresas y Organizaciones +**Nivel:** 1 (Core Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Requiere autenticación de usuarios + +**Requerido por (Fuerte):** +- ✅ **MGN-004 (Financiero):** Documentos contables deben tener company_id +- ✅ **MGN-005 (Inventario):** Almacenes y productos por empresa +- ✅ **MGN-006 (Compras):** Órdenes de compra por empresa +- ✅ **MGN-007 (Ventas):** Órdenes de venta por empresa +- ✅ **MGN-010 (RRHH):** Empleados por empresa + +**Razón:** +Multi-empresa es requerimiento fundamental. Todos los documentos transaccionales deben tener company_id. + +**Impacto de bloqueo:** +- **ALTO:** Bloquea módulos transaccionales (MGN-004 a MGN-007, MGN-010) +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 3 + +--- + +### MGN-003: Catálogos Maestros +**Nivel:** 1 (Core Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Requiere autenticación +- ✅ **MGN-002 (Fuerte):** Empresa también es un partner + +**Requerido por (Fuerte):** +- ✅ **MGN-004 (Financiero):** Partners, monedas +- ✅ **MGN-005 (Inventario):** Categorías de productos, UoM +- ✅ **MGN-006 (Compras):** Proveedores (partners) +- ✅ **MGN-007 (Ventas):** Clientes (partners) +- ✅ **MGN-009 (CRM):** Leads, clientes potenciales + +**Razón:** +Datos maestros (partners, monedas, UoM) son usados por todos los módulos transaccionales. + +**Impacto de bloqueo:** +- **ALTO:** Bloquea módulos transaccionales +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 3-4 + +--- + +### MGN-004: Financiero Básico +**Nivel:** 2 (Transaccional Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación +- ✅ **MGN-002 (Fuerte):** Company_id en documentos +- ✅ **MGN-003 (Fuerte):** Partners, monedas + +**Requerido por (Fuerte):** +- ✅ **MGN-006 (Compras):** Facturas de proveedor +- ✅ **MGN-007 (Ventas):** Facturas de cliente +- ✅ **MGN-008 (Analítica):** Asientos con distribución analítica +- ✅ **MGN-012 (Reportes):** Reportes financieros + +**Razón:** +Compras y ventas generan facturas (documentos contables). Analítica requiere plan de cuentas. + +**Impacto de bloqueo:** +- **ALTO:** Bloquea compras, ventas, analítica +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 5-8 + +--- + +### MGN-005: Inventario Básico +**Nivel:** 2 (Transaccional Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación +- ✅ **MGN-002 (Fuerte):** Almacenes por empresa +- ✅ **MGN-003 (Fuerte):** Categorías de productos, UoM + +**Requerido por (Fuerte):** +- ✅ **MGN-006 (Compras):** Recepciones de productos +- ✅ **MGN-007 (Ventas):** Entregas de productos + +**Razón:** +Compras y ventas generan movimientos de inventario (pickings). + +**Impacto de bloqueo:** +- **ALTO:** Bloquea compras y ventas +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 5-8 + +--- + +### MGN-006: Compras Básico +**Nivel:** 3 (Compras y Ventas) + +**Depende de:** +- ✅ **MGN-004 (Fuerte):** Facturas de proveedor +- ✅ **MGN-005 (Fuerte):** Recepciones de stock + +**Requerido por (Fuerte):** +- ✅ **MGN-008 (Analítica):** Costos por proyecto + +**Razón:** +Órdenes de compra generan facturas (MGN-004) y recepciones (MGN-005). Costos se distribuyen analíticamente (MGN-008). + +**Impacto de bloqueo:** +- **MEDIO:** Bloquea analítica +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 9-10 + +--- + +### MGN-007: Ventas Básico +**Nivel:** 3 (Compras y Ventas) + +**Depende de:** +- ✅ **MGN-004 (Fuerte):** Facturas de cliente +- ✅ **MGN-005 (Fuerte):** Entregas de stock + +**Requerido por (Fuerte):** +- ✅ **MGN-008 (Analítica):** Ingresos por proyecto +- ✅ **MGN-009 (CRM):** Cotizaciones desde oportunidades +- ✅ **MGN-013 (Portal):** Aprobación de cotizaciones + +**Razón:** +Órdenes de venta generan facturas (MGN-004) y entregas (MGN-005). Ingresos se distribuyen analíticamente (MGN-008). CRM convierte leads a cotizaciones. Portal permite aprobación online. + +**Impacto de bloqueo:** +- **MEDIO:** Bloquea analítica, CRM, portal +- **Prioridad:** P0 - ALTA +- **Debe completarse en:** Sprint 9-10 + +--- + +### MGN-008: Contabilidad Analítica +**Nivel:** 4 (Analítica y Complementarios) + +**Depende de:** +- ✅ **MGN-004 (Fuerte):** Plan de cuentas, asientos +- ✅ **MGN-006 (Fuerte):** Costos de compras +- ✅ **MGN-007 (Fuerte):** Ingresos de ventas + +**Requerido por (Fuerte):** +- ✅ **MGN-011 (Proyectos):** Proyectos vinculados a cuentas analíticas +- ✅ **MGN-012 (Reportes):** P&L por proyecto + +**Razón:** +Analítica consolida costos e ingresos de compras/ventas. Proyectos usan cuentas analíticas para tracking. + +**Impacto de bloqueo:** +- **MEDIO:** Bloquea proyectos y reportes avanzados +- **Prioridad:** P0 - ALTA (CRÍTICO para construcción) +- **Debe completarse en:** Sprint 11 + +--- + +### MGN-009: CRM Básico +**Nivel:** 4 (Analítica y Complementarios) + +**Depende de:** +- ✅ **MGN-003 (Fuerte):** Partners (clientes potenciales) +- ✅ **MGN-007 (Fuerte):** Conversión de oportunidad a cotización +- 🔸 **MGN-014 (Débil):** Actividades y notificaciones + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +CRM convierte leads a cotizaciones (MGN-007). Usa actividades de mensajería (MGN-014) pero puede funcionar sin ellas. + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P1 - ALTA +- **Puede completarse en:** Sprint 12-13 + +--- + +### MGN-010: RRHH Básico +**Nivel:** 2 (Transaccional Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Empleados vinculados a users +- ✅ **MGN-002 (Fuerte):** Empleados por empresa +- ✅ **MGN-003 (Fuerte):** Empleados vinculados a partners + +**Requerido por (Fuerte):** +- ✅ **MGN-011 (Proyectos):** Timesheet de empleados + +**Razón:** +Proyectos requieren timesheet de empleados. + +**Impacto de bloqueo:** +- **BAJO:** Solo bloquea proyectos (timesheet es opcional) +- **Prioridad:** P1 - ALTA +- **Puede completarse en:** Sprint 14-15 + +--- + +### MGN-011: Proyectos Genéricos +**Nivel:** 5 (Módulos Avanzados) + +**Depende de:** +- ✅ **MGN-008 (Fuerte):** Proyectos vinculados a cuentas analíticas +- 🔸 **MGN-010 (Débil):** Timesheet de empleados (opcional) + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +Proyectos usan analítica para tracking de costos/ingresos. Timesheet es opcional (puede registrarse sin RRHH). + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P1 - ALTA +- **Puede completarse en:** Sprint 16-17 + +--- + +### MGN-012: Reportes y Analytics +**Nivel:** 5 (Módulos Avanzados) + +**Depende de:** +- ✅ **MGN-004 (Fuerte):** Reportes financieros +- ✅ **MGN-008 (Fuerte):** Reportes analíticos + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +Reportes consumen datos de financiero y analítica. + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P2 - MEDIA +- **Puede completarse en:** Sprint 18 + +--- + +### MGN-013: Portal de Usuarios +**Nivel:** 4 (Analítica y Complementarios) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación portal_user +- ✅ **MGN-007 (Fuerte):** Cotizaciones para aprobación +- ✅ **MGN-014 (Fuerte):** Mensajería en portal + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +Portal permite aprobación de cotizaciones y comunicación con clientes. + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P1 - ALTA (CRÍTICO para INFONAVIT) +- **Puede completarse en:** Sprint 14-15 + +--- + +### MGN-014: Mensajería y Notificaciones +**Nivel:** 1 (Core Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Usuarios para notificaciones + +**Requerido por (Fuerte):** +- ✅ **MGN-013 (Portal):** Mensajería en portal + +**Requerido por (Débil):** +- 🔸 **Todos:** Chatter, tracking, notificaciones (mejora experiencia) + +**Razón:** +Mensajería mejora colaboración en todos los módulos. Es crítico para portal. + +**Impacto de bloqueo:** +- **MEDIO:** Bloquea portal +- **Prioridad:** P1 - ALTA +- **Debe completarse en:** Sprint 12 (antes de portal) + +--- + +### MGN-015: Billing SaaS +**Nivel:** 6 (SaaS Platform - Base) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación y tenants +- ✅ **MGN-002/Tenants (Fuerte):** Suscripciones vinculadas a tenants + +**Requerido por (Fuerte):** +- ✅ **MGN-016 (Payments POS):** Facturación de transacciones +- ✅ **MGN-017 (WhatsApp):** Feature flags y límites +- ✅ **MGN-018 (AI Agents):** Feature flags y cuotas de uso + +**Razón:** +Sistema de facturación SaaS con modelo per-seat. Gestiona suscripciones, planes (Starter, Growth, Enterprise), feature flags y facturación automática. + +**Impacto de bloqueo:** +- **ALTO:** Bloquea todos los módulos SaaS dependientes +- **Prioridad:** P0 para modelo SaaS +- **Debe completarse en:** Fase 4 (post-core) + +--- + +### MGN-016: Payments POS +**Nivel:** 7 (SaaS Platform - Integraciones) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación +- ✅ **MGN-004 (Fuerte):** Módulo financiero para asientos contables +- ✅ **MGN-015 (Fuerte):** Billing para facturación + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +Integración con terminales de pago (MercadoPago, Clip). Procesa transacciones POS y genera asientos contables automáticos. Soporta OAuth (MercadoPago) y API Keys (Clip). + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P1 para verticales retail/POS +- **Puede completarse en:** Paralelo con MGN-017 + +--- + +### MGN-017: WhatsApp Business +**Nivel:** 7 (SaaS Platform - Integraciones) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación +- ✅ **MGN-003 (Fuerte):** Catálogos (contactos con whatsapp_number) +- ✅ **MGN-015 (Fuerte):** Feature flags para límites de mensajes + +**Requerido por (Fuerte):** +- ✅ **MGN-018 (AI Agents):** Canal de comunicación para agentes + +**Razón:** +Integración con WhatsApp Business Cloud API. Permite envío/recepción de mensajes, templates HSM, chatbots con flujos visuales y campañas de marketing. + +**Impacto de bloqueo:** +- **ALTO:** Bloquea AI Agents que usan WhatsApp como canal +- **Prioridad:** P0 para verticales con atención al cliente +- **Puede completarse en:** Paralelo con MGN-016 + +--- + +### MGN-018: AI Agents +**Nivel:** 8 (SaaS Platform - AI) + +**Depende de:** +- ✅ **MGN-001 (Fuerte):** Autenticación +- ✅ **MGN-003 (Fuerte):** Catálogos (contactos) +- ✅ **MGN-017 (Fuerte):** WhatsApp como canal de comunicación + +**Requerido por:** +- ❌ Ninguno + +**Razón:** +Agentes inteligentes con RAG (Retrieval Augmented Generation) usando pgvector. Permite crear knowledge bases, tools personalizados y conversaciones asistidas por IA integradas con WhatsApp. + +**Impacto de bloqueo:** +- **BAJO:** No bloquea otros módulos +- **Prioridad:** P1 para automatización de atención +- **Debe completarse en:** Post WhatsApp + +--- + +## Orden de Implementación Recomendado + +### Sprint 1-2 (Fundamentos) - 50 SP + +**Objetivo:** Establecer base de seguridad y multi-tenancy. + +**Módulos:** +1. ✅ **MGN-001: Fundamentos** (50 SP) + - Database: Schema auth_management + - Backend: Módulo auth (JWT, RBAC, RLS) + - Frontend: Login, signup, forgot password + +**Entregables:** +- Usuarios pueden registrarse, autenticarse +- Roles y permisos funcionando +- Multi-tenancy operativo + +**Criterios de éxito:** +- Test coverage 80%+ +- Login funcional +- RLS validado + +--- + +### Sprint 3-4 (Core Base) - 65 SP + +**Objetivo:** Catálogos maestros y multi-empresa. + +**Módulos:** +2. ✅ **MGN-002: Empresas y Organizaciones** (30 SP) + - Database: core.companies + - Backend: Módulo companies + - Frontend: Selector de empresa, configuración + +3. ✅ **MGN-003: Catálogos Maestros** (35 SP) + - Database: core.partners, core.currencies, core.countries, core.uom + - Backend: Módulo catalogs + - Frontend: Catálogos CRUD + +**Entregables:** +- Multi-empresa funcional +- Catálogos de partners, monedas, países, UoM +- Context switching de empresa + +**Criterios de éxito:** +- Usuario puede trabajar con múltiples empresas +- Catálogos completos +- Validación de RLS por empresa + +--- + +### Sprint 5-8 (Módulos Transaccionales Base) - 150 SP + +**Objetivo:** Financiero e Inventario operativos. + +**Módulos:** +4. ✅ **MGN-004: Financiero Básico** (80 SP) + - Database: Schema financial_management + - Backend: Módulo financial + - Frontend: Plan de cuentas, asientos, facturas + +5. ✅ **MGN-005: Inventario Básico** (70 SP) + - Database: Schema inventory_management + - Backend: Módulo inventory + - Frontend: Productos, almacenes, movimientos + +**Entregables:** +- Contabilidad general funcional +- Inventario con movimientos +- Facturas y pagos +- Valoración de inventario + +**Criterios de éxito:** +- Asiento contable válido (débito = crédito) +- Movimientos de stock correctos +- Reportes financieros básicos (Balance, P&L) + +--- + +### Sprint 9-10 (Compras y Ventas) - 120 SP + +**Objetivo:** Ciclo completo de compras y ventas. + +**Módulos:** +6. ✅ **MGN-006: Compras Básico** (60 SP) + - Database: Schema purchasing_management + - Backend: Módulo purchasing + - Frontend: Órdenes de compra, RFQ + +7. ✅ **MGN-007: Ventas Básico** (60 SP) + - Database: Schema sales_management + - Backend: Módulo sales + - Frontend: Cotizaciones, órdenes de venta + +**Entregables:** +- Ciclo completo: RFQ → PO → Recepción → Factura +- Ciclo completo: Cotización → SO → Entrega → Factura +- Integración con inventario y financiero + +**Criterios de éxito:** +- 3-way match funcional (PO vs Recepción vs Factura) +- Generación automática de pickings +- Generación automática de asientos contables + +--- + +### Sprint 11 (Analítica) - 45 SP + +**Objetivo:** Contabilidad analítica operativa (CRÍTICO para proyectos). + +**Módulos:** +8. ✅ **MGN-008: Contabilidad Analítica** (45 SP) + - Database: Schema analytics_management + - Backend: Módulo analytics + - Frontend: Cuentas analíticas, reportes por proyecto + +**Entregables:** +- Cuentas analíticas funcionales +- Distribución analítica en transacciones +- Reportes P&L por proyecto + +**Criterios de éxito:** +- Campo analytic_account_id en todas las transacciones +- Consolidación automática de líneas analíticas +- Reporte P&L por proyecto correcto + +--- + +### Sprint 12-13 (Mensajería y CRM) - 95 SP + +**Objetivo:** Colaboración y gestión comercial. + +**Módulos:** +9. ✅ **MGN-014: Mensajería y Notificaciones** (45 SP) + - Database: Schema notifications_management + - Backend: Módulo notifications (WebSocket) + - Frontend: Chatter, notificaciones in-app + +10. ✅ **MGN-009: CRM Básico** (50 SP) + - Database: Schema crm_management + - Backend: Módulo crm + - Frontend: Pipeline kanban, leads + +**Entregables:** +- Chatter funcional en documentos +- Tracking automático de cambios +- Pipeline de ventas operativo +- Conversión lead → cotización + +**Criterios de éxito:** +- Notificaciones en tiempo real (WebSocket) +- Tracking automático sin código adicional +- Pipeline kanban drag-and-drop + +--- + +### Sprint 14-15 (RRHH y Portal) - 105 SP + +**Objetivo:** Recursos humanos y portal de clientes. + +**Módulos:** +11. ✅ **MGN-010: RRHH Básico** (55 SP) + - Database: Schema hr_management + - Backend: Módulo hr + - Frontend: Empleados, contratos, asistencias + +12. ✅ **MGN-013: Portal de Usuarios** (50 SP) + - Database: Rol portal_user en auth + - Backend: Módulo portal (RLS estricto) + - Frontend: Portal separado + +**Entregables:** +- Gestión de empleados completa +- Timesheet básico +- Portal de clientes funcional +- Firma electrónica de cotizaciones + +**Criterios de éxito:** +- Empleados vinculados a users y partners +- Cliente puede aprobar cotización online +- Firma electrónica válida legalmente + +--- + +### Sprint 16-17 (Proyectos) - 65 SP + +**Objetivo:** Gestión de proyectos genéricos. + +**Módulos:** +13. ✅ **MGN-011: Proyectos Genéricos** (65 SP) + - Database: Schema projects_management + - Backend: Módulo projects + - Frontend: Kanban de tareas, Gantt + +**Entregables:** +- Proyectos vinculados a analítica +- Tareas con kanban +- Timesheet por tarea +- Vista Gantt + +**Criterios de éxito:** +- Proyecto crea cuenta analítica automáticamente +- Timesheet genera líneas analíticas +- Portal de proyectos funcional + +--- + +### Sprint 18 (Reportes) - 40 SP + +**Objetivo:** Reportes y dashboards avanzados. + +**Módulos:** +14. ✅ **MGN-012: Reportes y Analytics** (40 SP) + - Database: Schema reports_management + - Backend: Módulo reports + - Frontend: Dashboards, query builder + +**Entregables:** +- Dashboards configurables +- Reportes financieros estándar +- Exportación PDF/Excel + +**Criterios de éxito:** +- Reportes con filtros dinámicos +- Exportación funcional +- Dashboards por rol + +--- + +### Sprint 19 (Buffer y Testing) - Buffer + +**Objetivo:** Testing exhaustivo, documentación, refinamiento. + +**Actividades:** +- Testing E2E de flujos completos +- Corrección de bugs +- Documentación final +- Optimizaciones de performance +- Preparación para migración de ERP Construcción + +**Criterios de éxito:** +- Test coverage 70%+ +- Todos los flujos críticos validados +- Documentación completa + +--- + +## Riesgos de Dependencias + +### Riesgos Críticos (P0) + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|--------------|---------|------------| +| **MGN-001 se retrasa** | Baja | CRÍTICO | Prioridad MÁXIMA, equipo completo en Sprint 1-2, testing exhaustivo | +| **MGN-004 (Financiero) muy complejo** | Media | ALTO | Seguir patrón Odoo, consultoría contable, validación temprana | +| **MGN-008 (Analítica) mal diseñada** | Media | ALTO | Validar con ERP Construcción, seguir patrón Odoo, testing con datos reales | +| **Dependencia circular no detectada** | Baja | MEDIO | Revisión de arquitectura en Sprint 0, validar con este documento | + +### Riesgos Altos (P1) + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|--------------|---------|------------| +| **MGN-005 (Inventario) subestimado** | Media | MEDIO | Buffer en Sprint 8, validar complejidad con Odoo | +| **Integración MGN-006/007 con MGN-005 falla** | Media | ALTO | Testing de integración en Sprint 10, casos de prueba reales | +| **MGN-014 (WebSocket) problemas de infraestructura** | Alta | MEDIO | Validación técnica temprana, fallback a polling | + +### Riesgos Medios (P2) + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|--------------|---------|------------| +| **Scope creep en módulos** | Alta | MEDIO | Validar con ALCANCE-POR-MODULO.md, rechazar funcionalidades no esenciales | +| **Velocity sobrestimado** | Media | MEDIO | Buffer Sprint 19, priorizar P0 sobre P1 | + +--- + +## Dependencias Críticas (Bloquean Otros Módulos) + +### MGN-001 (Fundamentos) +- **Bloquea:** TODOS los demás módulos (MGN-002 a MGN-014) +- **Razón:** Autenticación, autorización, multi-tenancy son base para todo +- **Prioridad:** P0 - MÁXIMA +- **Acción:** Implementar PRIMERO en Sprint 1-2, equipo completo dedicado + +### MGN-002 (Empresas) +- **Bloquea:** MGN-004, MGN-005, MGN-006, MGN-007, MGN-010 +- **Razón:** Documentos transaccionales requieren company_id +- **Prioridad:** P0 - ALTA +- **Acción:** Implementar en Sprint 3, validar RLS por empresa + +### MGN-003 (Catálogos) +- **Bloquea:** MGN-004, MGN-005, MGN-006, MGN-007, MGN-009 +- **Razón:** Partners, monedas, UoM son datos maestros esenciales +- **Prioridad:** P0 - ALTA +- **Acción:** Implementar en Sprint 3-4, priorizar partners y UoM + +### MGN-004 (Financiero) +- **Bloquea:** MGN-006, MGN-007, MGN-008, MGN-012 +- **Razón:** Compras y ventas generan facturas, analítica requiere plan de cuentas +- **Prioridad:** P0 - ALTA +- **Acción:** Implementar en Sprint 5-8, validar contabilidad con contador + +### MGN-005 (Inventario) +- **Bloquea:** MGN-006, MGN-007 +- **Razón:** Compras y ventas generan movimientos de stock +- **Prioridad:** P0 - ALTA +- **Acción:** Implementar en Sprint 5-8, validar movimientos dobles + +### MGN-008 (Analítica) +- **Bloquea:** MGN-011, MGN-012 +- **Razón:** Proyectos requieren cuentas analíticas, reportes usan datos analíticos +- **Prioridad:** P0 - CRÍTICO (para construcción) +- **Acción:** Implementar en Sprint 11, validar con ERP Construcción + +--- + +## Dependencias Opcionales (No Bloquean) + +### MGN-014 (Mensajería) → Módulos Transaccionales +- **Tipo:** Débil (mejora experiencia, no bloquea) +- **Razón:** Chatter y tracking son opcionales, módulos funcionan sin ellos +- **Recomendación:** Implementar en Sprint 12 para mejorar UX + +### MGN-010 (RRHH) → MGN-011 (Proyectos) +- **Tipo:** Débil (timesheet es opcional) +- **Razón:** Proyectos pueden funcionar sin timesheet de empleados +- **Recomendación:** Implementar RRHH antes de proyectos para timesheet completo + +### MGN-009 (CRM) → MGN-007 (Ventas) +- **Tipo:** Débil (conversión lead → quotation es opcional) +- **Razón:** Ventas puede funcionar sin CRM, cotizaciones se crean directamente +- **Recomendación:** Implementar CRM después de ventas (Sprint 12-13) + +--- + +## Validación de No-Circularidad + +### Análisis de Grafos de Dependencias + +**Resultado:** ✅ NO hay dependencias circulares. + +**Validación:** +- MGN-001 no depende de nadie +- Todos los demás módulos forman un DAG (Directed Acyclic Graph) +- Niveles de implementación (0 a 5) garantizan orden topológico + +**Posibles ciclos a evitar:** +- ❌ MGN-007 (Ventas) → MGN-009 (CRM) → MGN-007: **NO EXISTE** (CRM depende de Ventas, no al revés) +- ❌ MGN-004 (Financiero) → MGN-008 (Analítica) → MGN-004: **NO EXISTE** (Analítica depende de Financiero, no al revés) + +--- + +## Timeline Consolidado + +### Resumen por Trimestre + +**Q1 2026 (Meses 1-3) - Fundamentos y Core:** +- Sprint 1-2: MGN-001 (Fundamentos) - 50 SP +- Sprint 3-4: MGN-002 (Empresas) + MGN-003 (Catálogos) - 65 SP +- Sprint 5-6: MGN-004 (Financiero) Parte 1 - 40 SP +- **Total Q1:** 155 SP + +**Q2 2026 (Meses 4-6) - Módulos Transaccionales:** +- Sprint 7-8: MGN-004 (Financiero) Parte 2 + MGN-005 (Inventario) - 110 SP +- Sprint 9-10: MGN-006 (Compras) + MGN-007 (Ventas) - 120 SP +- Sprint 11: MGN-008 (Analítica) - 45 SP +- **Total Q2:** 275 SP + +**Q3 2026 (Meses 7-9) - Módulos Complementarios:** +- Sprint 12-13: MGN-014 (Mensajería) + MGN-009 (CRM) - 95 SP +- Sprint 14-15: MGN-010 (RRHH) + MGN-013 (Portal) - 105 SP +- Sprint 16-17: MGN-011 (Proyectos) - 65 SP +- **Total Q3:** 265 SP + +**Q4 2026 (Mes 10) - Reportes y Buffer:** +- Sprint 18: MGN-012 (Reportes) - 40 SP +- Sprint 19: Buffer, testing, documentación +- **Total Q4:** 40 SP + +**TOTAL:** 735 SP en 19 sprints (38 semanas / 9.5 meses) + +--- + +## Métricas de Dependencias + +| Métrica | Valor | +|---------|-------| +| **Total módulos** | 18 (14 core + 4 SaaS) | +| **Módulos sin dependencias** | 1 (MGN-001) | +| **Módulos con 1 dependencia** | 1 (MGN-002) | +| **Módulos con 2 dependencias** | 4 (MGN-003, MGN-014, MGN-009, MGN-015) | +| **Módulos con 3 dependencias** | 9 (MGN-004, MGN-005, MGN-006, MGN-007, MGN-010, MGN-013, MGN-016, MGN-017, MGN-018) | +| **Módulos con 4+ dependencias** | 3 (MGN-008, MGN-011, MGN-012) | +| **Dependencias totales (aristas)** | 42 | +| **Profundidad máxima (niveles)** | 8 niveles (0 a 8) | +| **Módulos críticos (bloquean 3+ módulos)** | 7 (MGN-001, MGN-002, MGN-003, MGN-004, MGN-005, MGN-008, MGN-015) | + +--- + +## Recomendaciones Finales + +### Para el Equipo de Desarrollo + +1. **Respetar el orden de implementación:** NO saltar niveles sin completar dependencias +2. **Testing de integración temprano:** Validar integraciones entre módulos en cada sprint +3. **Documentar APIs claramente:** Facilitar integración entre módulos +4. **Validar con datos reales:** Usar datos de ERP Construcción para validar + +### Para el Product Owner + +1. **Priorizar P0 estrictamente:** NO agregar funcionalidades P1/P2 hasta completar P0 +2. **Validar alcance con ALCANCE-POR-MODULO.md:** Rechazar scope creep +3. **Aceptar incrementos por módulo:** Cada sprint debe entregar módulo funcional +4. **Planificar migración:** Desde Sprint 11 (post-analítica), planear migración de Construcción + +### Para el Arquitecto + +1. **Validar dependencias en cada sprint:** Verificar que no se crean dependencias circulares +2. **Revisar integraciones:** Asegurar que límites entre módulos están claros +3. **Actualizar este documento:** Si cambian dependencias, actualizar inmediatamente +4. **Comunicar bloqueos:** Si un módulo se retrasa, comunicar impacto en dependientes + +--- + +## Conclusión + +Las dependencias entre módulos están claramente definidas y validadas. El orden de implementación propuesto minimiza bloqueos y permite entregas incrementales. + +**Próximos pasos:** +1. Validar este orden con el equipo técnico +2. Iniciar Sprint 1 (MGN-001 Fundamentos) +3. Crear backlog detallado por módulo (Fase 2) +4. Planificar Fase 4 SaaS (MGN-015 a MGN-018) post-core + +--- + +**Documento creado:** 2025-11-23 +**Última actualización:** 2025-12-05 +**Versión:** 1.1 +**Autor:** Architecture-Analyst +**Estado:** ✅ Completado +**Próxima Fase:** Fase 2 - Diseño Técnico Detallado diff --git a/docs/02-definicion-modulos/INDICE-MODULOS.md b/docs/02-definicion-modulos/INDICE-MODULOS.md new file mode 100644 index 0000000..8b62ddb --- /dev/null +++ b/docs/02-definicion-modulos/INDICE-MODULOS.md @@ -0,0 +1,559 @@ +# Indice de Modulos - ERP Core + +## Resumen + +| Metrica | Valor | +|---------|-------| +| Total Modulos | 19 | +| Modulos P0 (Criticos) | 4 | +| Modulos P1 (Core) | 6 | +| Modulos P2 (Extended) | 5 | +| Modulos P3 (SaaS) | 4 | +| Completados | 0 | +| En Desarrollo | 2 | +| Planificados | 17 | + +--- + +## Modulos por Prioridad + +### P0 - Criticos (Sin estos no funciona) + +| Codigo | Modulo | Estado | Progreso | Docs | +|--------|--------|--------|----------|------| +| MGN-001 | [auth](#mgn-001-auth) | En desarrollo | 40% | [Ver](./MGN-001-auth/) | +| MGN-002 | [users](#mgn-002-users) | En desarrollo | 30% | [Ver](./MGN-002-users/) | +| MGN-003 | [roles](#mgn-003-roles) | Planificado | 0% | Pendiente | +| MGN-004 | [tenants](#mgn-004-tenants) | Planificado | 0% | Pendiente | + +### P1 - Core Business + +| Codigo | Modulo | Estado | Progreso | Docs | +|--------|--------|--------|----------|------| +| MGN-005 | [catalogs](#mgn-005-catalogs) | Planificado | 0% | Pendiente | +| MGN-010 | [financial](#mgn-010-financial) | Planificado | 0% | Pendiente | +| MGN-011 | [inventory](#mgn-011-inventory) | Planificado | 0% | Pendiente | +| MGN-012 | [purchasing](#mgn-012-purchasing) | Planificado | 0% | Pendiente | +| MGN-013 | [sales](#mgn-013-sales) | Planificado | 0% | Pendiente | +| MGN-006 | [settings](#mgn-006-settings) | Planificado | 0% | Pendiente | + +### P2 - Extended + +| Codigo | Modulo | Estado | Progreso | Docs | +|--------|--------|--------|----------|------| +| MGN-007 | [audit](#mgn-007-audit) | Planificado | 0% | Pendiente | +| MGN-008 | [notifications](#mgn-008-notifications) | Planificado | 0% | Pendiente | +| MGN-009 | [reports](#mgn-009-reports) | Planificado | 0% | Pendiente | +| MGN-014 | [crm](#mgn-014-crm) | Planificado | 0% | Pendiente | +| MGN-015 | [projects](#mgn-015-projects) | Planificado | 0% | Pendiente | + +### P3 - SaaS Platform + +| Codigo | Modulo | Estado | Progreso | Docs | +|--------|--------|--------|----------|------| +| MGN-016 | [billing](#mgn-016-billing) | Planificado | 0% | [Ver](./MGN-016-billing/) | +| MGN-017 | [payments-pos](#mgn-017-payments-pos) | Planificado | 0% | [Ver](./MGN-017-payments-pos/) | +| MGN-018 | [whatsapp-business](#mgn-018-whatsapp-business) | Planificado | 0% | [Ver](./MGN-018-whatsapp-business/) | +| MGN-019 | [ai-agents](#mgn-019-ai-agents) | Planificado | 0% | [Ver](./MGN-019-ai-agents/) | + +--- + +## Detalle de Modulos + +### MGN-001: Auth + +**Proposito:** Autenticacion y manejo de sesiones + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_auth` | +| Tablas | users, sessions, tokens, oauth_providers | +| Endpoints | 8 (login, logout, refresh, etc.) | +| Dependencias | Ninguna (modulo base) | +| Usado por | Todos los modulos | + +**Funcionalidades:** +- Login con email/password +- JWT tokens (access + refresh) +- OAuth providers (Google, Microsoft, etc.) +- Sesiones multi-dispositivo +- Password recovery +- 2FA (opcional) + +--- + +### MGN-002: Users + +**Proposito:** Gestion de usuarios del sistema + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_auth` | +| Tablas | users, user_profiles, user_preferences | +| Endpoints | 6 (CRUD + profile) | +| Dependencias | MGN-001 Auth | +| Usado por | MGN-003 Roles | + +**Funcionalidades:** +- CRUD de usuarios +- Perfiles de usuario +- Preferencias (idioma, timezone, tema) +- Avatar y datos personales +- Activacion/desactivacion + +--- + +### MGN-003: Roles + +**Proposito:** Roles y permisos (RBAC) + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_auth` | +| Tablas | roles, permissions, role_permissions, user_roles | +| Endpoints | 10 | +| Dependencias | MGN-001, MGN-002 | +| Usado por | Todos los modulos | + +**Funcionalidades:** +- Roles jerarquicos +- Permisos granulares por recurso +- Asignacion de roles a usuarios +- Roles por tenant +- Herencia de permisos + +--- + +### MGN-004: Tenants + +**Proposito:** Multi-tenancy y aislamiento de datos + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_system` | +| Tablas | tenants, tenant_settings, tenant_features | +| Endpoints | 8 | +| Dependencias | MGN-001 | +| Usado por | Todos los modulos | + +**Funcionalidades:** +- Creacion de tenants +- Configuracion por tenant +- Feature flags por tenant +- Limites y quotas +- Aislamiento RLS + +--- + +### MGN-005: Catalogs + +**Proposito:** Catalogos maestros reutilizables + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_catalogs` | +| Tablas | countries, states, currencies, uom, etc. | +| Endpoints | 12+ | +| Dependencias | MGN-004 | +| Usado por | Partners, Products, Financial | + +**Funcionalidades:** +- Paises y estados +- Monedas y tipos de cambio +- Unidades de medida +- Categorias genericas +- Impuestos base + +--- + +### MGN-006: Settings + +**Proposito:** Configuracion del sistema + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_system` | +| Tablas | config_parameters, sequences | +| Endpoints | 6 | +| Dependencias | MGN-004 | +| Usado por | Todos los modulos | + +**Funcionalidades:** +- Parametros de configuracion +- Secuencias (folios) +- Configuracion de email +- Configuracion de integraciones + +--- + +### MGN-007: Audit + +**Proposito:** Auditoria y trazabilidad + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `audit_logging` | +| Tablas | audit_logs, login_history, change_history | +| Endpoints | 4 (solo lectura) | +| Dependencias | MGN-001, MGN-004 | +| Usado por | - | + +**Funcionalidades:** +- Log de cambios por entidad +- Historial de logins +- Exportacion de logs +- Retencion configurable + +--- + +### MGN-008: Notifications + +**Proposito:** Sistema de notificaciones + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_notifications` | +| Tablas | notifications, notification_preferences, templates | +| Endpoints | 8 | +| Dependencias | MGN-001, MGN-002 | +| Usado por | Todos los modulos | + +**Funcionalidades:** +- Notificaciones in-app +- Email notifications +- Push notifications (mobile) +- Preferencias por usuario +- Templates de notificacion + +--- + +### MGN-009: Reports + +**Proposito:** Reportes genericos + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_reports` | +| Tablas | report_definitions, report_schedules | +| Endpoints | 6 | +| Dependencias | MGN-001, MGN-004 | +| Usado por | Verticales | + +**Funcionalidades:** +- Definicion de reportes +- Exportacion PDF/Excel +- Reportes programados +- Dashboards basicos + +--- + +### MGN-010: Financial + +**Proposito:** Contabilidad basica + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_financial` | +| Tablas | accounts, journals, entries, invoices, payments | +| Endpoints | 20+ | +| Dependencias | MGN-005 | +| Usado por | Sales, Purchases, Verticales | + +**Funcionalidades:** +- Plan de cuentas +- Diarios contables +- Asientos contables +- Facturas (ventas/compras) +- Pagos +- Conciliacion bancaria basica + +--- + +### MGN-011: Inventory + +**Proposito:** Inventario y stock + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_inventory` | +| Tablas | products, warehouses, locations, stock_moves | +| Endpoints | 15+ | +| Dependencias | MGN-005, Products | +| Usado por | Sales, Purchases, Verticales | + +**Funcionalidades:** +- Almacenes y ubicaciones +- Movimientos de stock +- Valoracion de inventario +- Ajustes de inventario +- Transferencias + +--- + +### MGN-012: Purchasing + +**Proposito:** Compras + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_purchases` | +| Tablas | purchase_orders, po_lines, supplier_info | +| Endpoints | 12+ | +| Dependencias | MGN-005, MGN-010, MGN-011 | +| Usado por | Verticales | + +**Funcionalidades:** +- Ordenes de compra +- Recepciones +- Facturacion de compras +- Proveedores por producto +- Solicitudes de compra + +--- + +### MGN-013: Sales + +**Proposito:** Ventas + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_sales` | +| Tablas | sale_orders, so_lines, quotations | +| Endpoints | 15+ | +| Dependencias | MGN-005, MGN-010, MGN-011 | +| Usado por | Verticales | + +**Funcionalidades:** +- Cotizaciones +- Ordenes de venta +- Entregas +- Facturacion de ventas +- Precios y descuentos + +--- + +### MGN-014: CRM + +**Proposito:** CRM basico + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_crm` | +| Tablas | leads, opportunities, activities, stages | +| Endpoints | 12+ | +| Dependencias | MGN-005, Partners | +| Usado por | Sales, Verticales | + +**Funcionalidades:** +- Leads y oportunidades +- Pipeline de ventas +- Actividades y seguimiento +- Conversion a cliente +- Reportes de funnel + +--- + +### MGN-015: Projects + +**Proposito:** Proyectos genericos + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `core_projects` | +| Tablas | projects, tasks, timesheets | +| Endpoints | 12+ | +| Dependencias | MGN-002, MGN-005 | +| Usado por | Verticales | + +**Funcionalidades:** +- Proyectos y tareas +- Asignacion de recursos +- Registro de tiempo +- Estados y etapas +- Kanban view + +--- + +### MGN-016: Billing + +**Proposito:** Facturacion SaaS por asientos (per-seat billing) + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `billing` | +| Tablas | tenant_owners, payment_methods, invoices, invoice_lines, payments, coupons, coupon_redemptions, usage_records, subscription_history | +| Endpoints | 15+ | +| Dependencias | MGN-001, MGN-004 Tenants | +| Usado por | MGN-017, MGN-018, MGN-019 | + +**Funcionalidades:** +- Suscripciones mensuales por tenant +- Modelo per-seat: base + extra seats × precio +- Feature flags por plan (Starter, Growth, Enterprise) +- Gestion de propietarios de tenant +- Cupones y descuentos +- Historial de cambios de suscripcion +- Facturacion automatica +- Metodos de pago (tarjetas, SPEI) + +--- + +### MGN-017: Payments POS + +**Proposito:** Integraciones con terminales de pago (MercadoPago, Clip) + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `integrations` | +| Tablas | payment_providers, payment_credentials, payment_terminals, payment_transactions, refunds, webhook_logs, reconciliation_batches | +| Endpoints | 20+ | +| Dependencias | MGN-001, MGN-004, MGN-010 Financial | +| Usado por | Verticales POS | + +**Funcionalidades:** +- Multi-provider: MercadoPago (OAuth) y Clip (API Keys) +- Registro de terminales por ubicacion +- Procesamiento de transacciones +- Reembolsos parciales y totales +- Webhooks para notificaciones +- Conciliacion de transacciones +- Generacion de asientos contables +- Manejo de comisiones por provider + +--- + +### MGN-018: WhatsApp Business + +**Proposito:** Integracion con WhatsApp Business Cloud API + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `messaging` | +| Tablas | whatsapp_accounts, whatsapp_templates, whatsapp_conversations, whatsapp_messages, chatbot_flows, chatbot_nodes, chatbot_sessions, whatsapp_campaigns | +| Endpoints | 25+ | +| Dependencias | MGN-001, MGN-004, MGN-005 Catalogs | +| Usado por | MGN-019 AI Agents | + +**Funcionalidades:** +- Cuentas de WhatsApp Business por tenant +- Templates de mensajes (HSM) aprobados por Meta +- Conversaciones bidireccionales +- Chatbots con flujos visuales +- Campañas de marketing masivo +- Opt-in/opt-out de contactos +- Metricas de entrega y lectura +- Webhooks de WhatsApp Cloud API + +--- + +### MGN-019: AI Agents + +**Proposito:** Agentes inteligentes con RAG para automatizacion + +| Aspecto | Detalle | +|---------|---------| +| Schema BD | `ai_agents` | +| Tablas | agents, knowledge_bases, agent_knowledge_bases, kb_documents, kb_chunks, tool_definitions, agent_tools, conversations, messages, tool_executions, feedback, usage_logs | +| Endpoints | 30+ | +| Dependencias | MGN-001, MGN-004, MGN-018 WhatsApp | +| Usado por | Verticales | + +**Funcionalidades:** +- Agentes configurables por tenant +- Knowledge bases con documentos +- RAG con pgvector (embeddings 1536 dims) +- Definicion de tools/funciones +- Conversaciones con historial +- Ejecucion de tools en tiempo real +- Feedback de usuarios (thumbs up/down) +- Metricas de uso y tokens +- Integracion con WhatsApp como canal + +--- + +## Orden de Implementacion Recomendado + +``` +Fase 1: Foundation +├── MGN-001 Auth +├── MGN-002 Users +├── MGN-003 Roles +└── MGN-004 Tenants + +Fase 2: Core Business +├── MGN-005 Catalogs +├── Partners (parte de Catalogs) +├── Products (parte de Catalogs) +├── MGN-011 Inventory +├── MGN-012 Purchasing +├── MGN-013 Sales +└── MGN-010 Financial + +Fase 3: Extended +├── MGN-006 Settings +├── MGN-007 Audit +├── MGN-008 Notifications +├── MGN-009 Reports +├── MGN-014 CRM +└── MGN-015 Projects + +Fase 4: SaaS Platform +├── MGN-016 Billing (depende de MGN-004) +├── MGN-017 Payments POS (depende de MGN-010) +├── MGN-018 WhatsApp Business (depende de MGN-005) +└── MGN-019 AI Agents (depende de MGN-018) +``` + +--- + +## Dependencias entre Modulos + +```mermaid +graph TD + MGN001[MGN-001 Auth] --> MGN002[MGN-002 Users] + MGN001 --> MGN004[MGN-004 Tenants] + MGN002 --> MGN003[MGN-003 Roles] + MGN004 --> MGN005[MGN-005 Catalogs] + MGN005 --> MGN010[MGN-010 Financial] + MGN005 --> MGN011[MGN-011 Inventory] + MGN011 --> MGN012[MGN-012 Purchasing] + MGN011 --> MGN013[MGN-013 Sales] + MGN010 --> MGN012 + MGN010 --> MGN013 + MGN005 --> MGN014[MGN-014 CRM] + MGN002 --> MGN015[MGN-015 Projects] + + %% SaaS Platform Modules + MGN004 --> MGN016[MGN-016 Billing] + MGN010 --> MGN017[MGN-017 Payments POS] + MGN005 --> MGN018[MGN-018 WhatsApp] + MGN018 --> MGN019[MGN-019 AI Agents] + MGN016 --> MGN017 + MGN016 --> MGN018 +``` + +--- + +## Proximas Acciones + +1. **Completar documentacion MGN-001 Auth** + - DDL Specification + - Especificacion Backend + - User Stories + +2. **Completar documentacion MGN-002 Users** + - Mismos entregables + +3. **Iniciar MGN-003 Roles** + - Requerimientos funcionales + - Diseno de RBAC + +4. **Planificar Fase 4: SaaS Platform** + - MGN-016 Billing: Per-seat pricing, feature flags + - MGN-017 Payments POS: MercadoPago, Clip + - MGN-018 WhatsApp Business: Cloud API, chatbots + - MGN-019 AI Agents: RAG, pgvector, tools + +--- + +*Ultima actualizacion: Diciembre 2025* diff --git a/docs/02-definicion-modulos/LISTA-MODULOS-ERP-GENERICO.md b/docs/02-definicion-modulos/LISTA-MODULOS-ERP-GENERICO.md new file mode 100644 index 0000000..be35d70 --- /dev/null +++ b/docs/02-definicion-modulos/LISTA-MODULOS-ERP-GENERICO.md @@ -0,0 +1,900 @@ +# LISTA DE MÓDULOS DEL ERP GENÉRICO + +**Fecha:** 2025-11-23 +**Última actualización:** 2025-12-06 +**Basado en:** Análisis Fase 0 (Odoo, Gamilit, Construcción) +**Total módulos:** 15 módulos +**Versión:** 1.1 + +--- + +## Introducción + +Este documento define la lista completa de módulos que conformarán el ERP Genérico (MGN). Cada módulo está identificado con un código MGN-XXX y ha sido diseñado basándose en: + +1. **Análisis de Odoo:** Patrones de negocio universales probados en miles de empresas +2. **Arquitectura Gamilit:** Patrones técnicos modernos validados en producción +3. **Validación ERP Construcción:** 61% de componentes genéricos identificados + +**Objetivo:** Crear una plataforma base reutilizable que permita: +- 70% reutilización en ERP Vidrio +- 81% reutilización en ERP Mecánicas +- 49% reducción de código duplicado +- 36% aceleración en desarrollo de nuevos proyectos + +--- + +## Distribución por Fase + +### Fase Core (8 módulos - P0) +Módulos críticos que deben implementarse primero. Constituyen la base funcional mínima del ERP. + +**Módulos:** +- MGN-001: Fundamentos +- MGN-002: Empresas y Organizaciones +- MGN-003: Catálogos Maestros +- MGN-004: Financiero Básico +- MGN-005: Inventario Básico +- MGN-006: Compras Básico +- MGN-007: Ventas Básico +- MGN-008: Contabilidad Analítica + +**Total Story Points:** 430 SP +**Timeline Estimado:** 11 sprints (22 semanas / 5.5 meses) + +### Fase Complementaria (7 módulos - P1/P2) +Módulos que agregan funcionalidad adicional y mejoran la experiencia de usuario. + +**Módulos:** +- MGN-009: CRM Básico +- MGN-010: RRHH Básico +- MGN-011: Proyectos Genéricos +- MGN-012: Reportes y Analytics +- MGN-013: Portal de Usuarios +- MGN-014: Mensajería y Notificaciones +- MGN-015: Billing y Suscripciones SaaS + +**Total Story Points:** 360 SP +**Timeline Estimado:** 9 sprints (18 semanas / 4.5 meses) + +--- + +## Módulos Detallados + +### MGN-001: Fundamentos + +**Nombre:** Fundamentos (Auth, Users, Roles, Multi-Tenancy) +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 50 SP +**Referencia Odoo:** base, auth_signup +**Referencia Gamilit:** auth_management schema +**% Reutilización:** 90% + +**Componentes principales:** +- Autenticación JWT +- Gestión de usuarios (CRUD, perfiles) +- Roles y permisos (RBAC) +- Multi-tenancy (schema-level isolation) +- Sesiones y tokens +- Registro de usuarios (signup) +- Reset password +- Verificación de email +- RLS Policies (Row Level Security) + +**Dependencias:** Ninguna (módulo base) +**Módulos que dependen:** Todos los demás + +**Justificación P0:** +Sin autenticación y autorización, ningún otro módulo puede funcionar. Es la base de seguridad del sistema completo. + +**Alcance técnico:** +- Database: Schema `auth_management` (10 tablas) +- Backend: Módulo auth completo con JWT +- Frontend: Componentes de login, signup, forgot password + +--- + +### MGN-002: Empresas y Organizaciones + +**Nombre:** Empresas y Organizaciones +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 30 SP +**Referencia Odoo:** base (res.company, res.partner) +**Referencia Gamilit:** core schema (companies table) +**% Reutilización:** 90% + +**Componentes principales:** +- Gestión de empresas/organizaciones (CRUD) +- Configuración multi-empresa (usuario accede a múltiples empresas) +- Datos maestros de empresa (nombre, RFC/NIT, logo, moneda principal) +- Jerarquías organizacionales (holdings, parent_id) +- Empresa vinculada a partner (patrón Odoo) + +**Dependencias:** MGN-001 +**Módulos que dependen:** Todos los transaccionales (MGN-004 a MGN-014) + +**Justificación P0:** +Requisito fundamental para multi-empresa. Todos los documentos (facturas, órdenes, etc.) deben pertenecer a una empresa. + +**Alcance técnico:** +- Database: core.companies, core.company_user_assignments +- Backend: Módulo companies con context switching +- Frontend: Selector de empresa en navbar, configuración empresa + +--- + +### MGN-003: Catálogos Maestros + +**Nombre:** Catálogos Maestros +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 35 SP +**Referencia Odoo:** base (res.country, res.currency, uom) +**% Reutilización:** 95% + +**Componentes principales:** +- Países y regiones (ISO 3166-1, estados/provincias) +- Monedas y tipos de cambio (ISO 4217, conversión automática) +- Unidades de medida (UoM) - Categorías, conversiones +- Categorías de productos (jerárquicas) +- Partners universales (clientes, proveedores, contactos, empleados) + +**Dependencias:** MGN-001, MGN-002 +**Módulos que dependen:** Todos los transaccionales (MGN-004 a MGN-014) + +**Justificación P0:** +Datos maestros esenciales. Productos, facturas, órdenes de compra necesitan UoM, monedas, partners, etc. + +**Alcance técnico:** +- Database: core.partners, core.currencies, core.countries, core.states, core.uom, core.uom_categories, core.product_categories +- Backend: Módulo catalogs con endpoints CRUD +- Frontend: Catálogos con búsqueda, paginación, filtros + +**Patrones clave:** +- Partner universal (is_customer, is_supplier, is_employee) → Odoo res.partner +- Conversiones UoM (kg → g, m → cm, etc.) +- Tasas de cambio con vigencia temporal + +--- + +### MGN-004: Financiero Básico + +**Nombre:** Módulo Financiero Básico +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 80 SP +**Referencia Odoo:** account +**% Reutilización:** 70% + +**Componentes principales:** +- Plan de cuentas (chart of accounts, tipos de cuenta: activo, pasivo, capital, ingresos, egresos) +- Asientos contables (journal entries, débito/crédito, validación débito=crédito) +- Facturas (clientes y proveedores, estados: draft → open → paid) +- Pagos y conciliación (payment reconciliation) +- Reportes financieros básicos (Balance General, Estado de Resultados/P&L) +- Multi-moneda (tasas de cambio, gain/loss por diferencia cambiaria) +- Journals (diario de ventas, compras, banco, etc.) + +**Dependencias:** MGN-001, MGN-002, MGN-003 +**Módulos que dependen:** MGN-008 (Analítica), todos los transaccionales + +**Justificación P0:** +Contabilidad es requerimiento legal en cualquier empresa. Todas las transacciones (compras, ventas) deben generar asientos contables. + +**Alcance técnico:** +- Database: Schema `financial_management` (12 tablas: accounts, journal_entries, journal_entry_lines, journals, payments, invoices, invoice_lines, etc.) +- Backend: Módulo financial con lógica contable completa +- Frontend: Plan de cuentas, formularios de asientos, conciliación bancaria + +**Patrones clave:** +- Doble entrada (débito = crédito siempre) +- Estados de documentos: draft → posted → reconciled +- Conciliación bancaria automática + +--- + +### MGN-005: Inventario Básico + +**Nombre:** Gestión de Inventario Básico +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 70 SP +**Referencia Odoo:** stock +**% Reutilización:** 80% + +**Componentes principales:** +- Productos y variantes (productos con múltiples atributos: talla, color, etc.) +- Almacenes y ubicaciones (estructura jerárquica: almacén → zona → pasillo → rack → nivel) +- Movimientos de inventario (stock moves: origen → destino) +- Picking/Albaranes (agrupación de movimientos: picking de recepción, entrega, interno) +- Trazabilidad (lotes y números de serie) +- Valoración de inventario (FIFO, LIFO, Costo Promedio) +- Ubicaciones virtuales (proveedores, clientes, pérdidas) +- Inventario físico (ajustes, conteos cíclicos) + +**Dependencias:** MGN-001, MGN-002, MGN-003 +**Módulos que dependen:** MGN-006 (Compras), MGN-007 (Ventas) + +**Justificación P0:** +Gestión de stock es fundamental para empresas que manejan productos físicos (construcción, vidrio, mecánicas). + +**Alcance técnico:** +- Database: Schema `inventory_management` (10 tablas: products, product_variants, warehouses, locations, stock_moves, pickings, stock_quants, lots, serial_numbers) +- Backend: Módulo inventory con lógica de movimientos +- Frontend: Vista de stock, movimientos, inventario físico + +**Patrones clave:** +- Doble movimiento (origen → tránsito → destino) → Odoo stock.move +- Ubicaciones virtuales (proveedores, clientes, producción) +- Quants (paquetes de stock en ubicación específica) + +--- + +### MGN-006: Compras Básico + +**Nombre:** Gestión de Compras Básico +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 60 SP +**Referencia Odoo:** purchase +**% Reutilización:** 85% + +**Componentes principales:** +- Órdenes de compra (purchase orders, estados: draft → sent → confirmed → received → billed) +- Solicitudes de cotización (RFQ - Request for Quotation) +- Gestión de proveedores (catálogo, condiciones de pago, lead time) +- Recepción de productos (integración automática con inventario) +- Facturas de proveedor (integración con contabilidad) +- Control cantidades (recibidas vs facturadas vs pedidas) +- Aprobaciones (workflow de aprobación por monto) + +**Dependencias:** MGN-001, MGN-003, MGN-004, MGN-005 +**Módulos que dependen:** MGN-008 (Analítica) + +**Justificación P0:** +Compras es proceso crítico de negocio. Sin compras, no hay inventario ni producción. + +**Alcance técnico:** +- Database: Schema `purchasing_management` (7 tablas: purchase_orders, purchase_order_lines, rfqs, supplier_pricelists) +- Backend: Módulo purchasing con workflow +- Frontend: Formulario órdenes de compra, RFQ, recepciones + +**Patrones clave:** +- Workflow: RFQ → PO → Recepción → Factura → Odoo purchase +- Integración automática con stock (crear stock move al confirmar PO) +- Control 3-way match (PO vs Recepción vs Factura) + +--- + +### MGN-007: Ventas Básico + +**Nombre:** Gestión de Ventas Básico +**Fase:** Core +**Prioridad:** P0 - Crítico +**Story Points:** 60 SP +**Referencia Odoo:** sale +**% Reutilización:** 85% + +**Componentes principales:** +- Cotizaciones (quotations, envío a cliente por email/PDF) +- Órdenes de venta (sales orders, estados: quotation → sale → delivery → invoice) +- Gestión de clientes (catálogo, condiciones de pago) +- Entrega de productos (integración automática con inventario) +- Facturación a cliente (integración con contabilidad) +- Portal de clientes básico (aprobación online de cotizaciones) +- Descuentos y promociones +- Términos de pago + +**Dependencias:** MGN-001, MGN-003, MGN-004, MGN-005 +**Módulos que dependen:** MGN-008 (Analítica), MGN-009 (CRM) + +**Justificación P0:** +Ventas es el motor de ingresos de cualquier empresa. Proceso crítico de negocio. + +**Alcance técnico:** +- Database: Schema `sales_management` (8 tablas: sales_orders, sales_order_lines, quotations, customer_pricelists) +- Backend: Módulo sales con workflow +- Frontend: Formulario órdenes de venta, cotizaciones, entregas + +**Patrones clave:** +- Workflow: Cotización → Venta → Entrega → Factura → Odoo sale +- Portal de aprobación (cliente firma online) +- Integración automática con stock (crear picking al confirmar SO) + +--- + +### MGN-008: Contabilidad Analítica + +**Nombre:** Contabilidad Analítica +**Fase:** Core +**Prioridad:** P0 - Crítico (ESENCIAL para construcción) +**Story Points:** 45 SP +**Referencia Odoo:** analytic +**% Reutilización:** 95% + +**Componentes principales:** +- Cuentas analíticas (por proyecto/departamento/centro de costos) +- Líneas analíticas (registro de costos/ingresos en transacciones) +- Distribución analítica (una transacción puede distribuirse a múltiples proyectos) +- Reportes de rentabilidad por proyecto (P&L por cuenta analítica) +- Integración con módulos transaccionales (compras, ventas, nómina, facturas) +- Tags analíticos (etiquetas adicionales: obra, torre, etapa) + +**Dependencias:** MGN-001, MGN-004, MGN-006, MGN-007 +**Módulos que dependen:** MGN-011 (Proyectos), MGN-012 (Reportes) + +**Justificación P0:** +**CRÍTICO** para ERPs de proyectos (construcción, consultoría, etc.). Permite tracking de costos/ingresos por proyecto automáticamente. + +**Impacto:** +- Reporte P&L por proyecto sin queries complejos +- Consolidación automática de costos +- Visibilidad de rentabilidad en tiempo real +- Ahorro: 80 horas/mes en reportes manuales + +**Alcance técnico:** +- Database: Schema `analytics_management` (4 tablas: analytic_accounts, analytic_lines, analytic_distributions, analytic_tags) +- Backend: Módulo analytics con consolidación +- Frontend: Reportes por proyecto, distribución analítica + +**Patrones clave:** +- Campo `analytic_account_id` en **TODAS** las transacciones → Odoo analytic pattern +- Consolidación automática de líneas +- Plan de cuentas analítico (paralelo al plan de cuentas contable) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para ERP de proyectos + +--- + +### MGN-009: CRM Básico + +**Nombre:** CRM Básico +**Fase:** Complementaria +**Prioridad:** P1 - Alta +**Story Points:** 50 SP +**Referencia Odoo:** crm +**% Reutilización:** 75% + +**Componentes principales:** +- Gestión de leads/oportunidades (leads con scoring automático) +- Pipeline de ventas (stages, probabilidad de cierre, revenue estimado) +- Actividades y seguimiento (llamadas, reuniones, emails) +- Conversión a cotización (lead → quotation automático) +- Reportes de rendimiento (embudo de ventas, conversión rate) +- Teams de ventas (territorios, objetivos) +- Lead scoring automático + +**Dependencias:** MGN-001, MGN-003, MGN-007 +**Módulos que dependen:** Ninguno + +**Justificación P1:** +Mejora significativa en gestión comercial, pero NO bloquea operación básica del ERP. + +**Alcance técnico:** +- Database: Schema `crm_management` (6 tablas: leads, opportunities, stages, teams, activities) +- Backend: Módulo crm con scoring +- Frontend: Pipeline kanban, formulario de leads + +**Patrones clave:** +- Pipeline kanban drag-and-drop → Odoo crm.lead +- Lead scoring (valoración automática) +- Conversión automática lead → opportunity → quotation + +--- + +### MGN-010: RRHH Básico + +**Nombre:** Recursos Humanos Básico +**Fase:** Complementaria +**Prioridad:** P1 - Alta +**Story Points:** 55 SP +**Referencia Odoo:** hr, hr_contract, hr_attendance +**% Reutilización:** 70% + +**Componentes principales:** +- Gestión de empleados (datos personales, puestos, departamentos) +- Departamentos y puestos (estructura jerárquica, organigrama) +- Contratos laborales (tipo, salario, fechas inicio/fin) +- Asistencias (check-in/out, cálculo horas trabajadas) +- Ausencias y permisos (vacaciones, incapacidades, permisos) +- Organigrama (visualización jerárquica) +- Timesheet básico (registro de horas) + +**Dependencias:** MGN-001, MGN-002, MGN-003 +**Módulos que dependen:** MGN-011 (Proyectos - para timesheet) + +**Justificación P1:** +Importante para gestión de personal, pero NO bloquea operación básica del ERP. Puede implementarse después de módulos core. + +**Alcance técnico:** +- Database: Schema `hr_management` (9 tablas: employees, departments, contracts, attendances, leaves, timesheet) +- Backend: Módulo hr completo +- Frontend: Organigrama, formularios empleados, timesheet + +**Patrones clave:** +- Empleado vinculado a partner y user → Odoo hr.employee +- Departamentos jerárquicos (parent_id) +- Integración timesheet → analytic accounts + +--- + +### MGN-011: Proyectos Genéricos + +**Nombre:** Gestión de Proyectos Genéricos +**Fase:** Complementaria +**Prioridad:** P1 - Alta +**Story Points:** 65 SP +**Referencia Odoo:** project +**% Reutilización:** 80% + +**Componentes principales:** +- Proyectos y tareas (proyectos con manager, tareas asignadas) +- Milestones (hitos importantes) +- Timesheet (registro de horas trabajadas por tarea) +- Integración con contabilidad analítica (proyecto → cuenta analítica) +- Kanban de tareas (drag-and-drop) +- Gantt (vista de timeline) +- Subtareas (jerarquía de tareas) +- Portal de proyectos (cliente ve avances) + +**Dependencias:** MGN-001, MGN-008, MGN-010 (opcional para timesheet) +**Módulos que dependen:** Ninguno + +**Justificación P1:** +Muy importante para empresas de proyectos (construcción, consultoría), pero NO bloquea operación contable/inventario básica. + +**Alcance técnico:** +- Database: Schema `projects_management` (7 tablas: projects, tasks, task_stages, milestones, task_dependencies) +- Backend: Módulo projects +- Frontend: Kanban de tareas, Gantt, formulario proyectos + +**Patrones clave:** +- Vista kanban de tareas → Odoo project.task +- Integración con analytic accounts (1 proyecto = 1 cuenta analítica) +- Portal de clientes (vista read-only de tareas) + +**Diferencia con construcción:** +Este es genérico (cualquier proyecto). Construcción extiende con: manzanas, lotes, prototipos, curva S, APUs. + +--- + +### MGN-012: Reportes y Analytics + +**Nombre:** Reportes y Analytics +**Fase:** Complementaria +**Prioridad:** P2 - Media +**Story Points:** 40 SP +**Referencia Odoo:** Reportes de múltiples módulos +**Referencia Gamilit:** analytics module +**% Reutilización:** 60% + +**Componentes principales:** +- Dashboard genérico (widgets configurables, KPIs) +- Reportes configurables (query builder visual) +- Exportación de datos (PDF, Excel, CSV) +- Gráficos y visualizaciones (Chart.js, Recharts) +- KPIs genéricos (ventas, compras, inventario, finanzas) +- Reportes financieros estándar (Balance, P&L, Flujo de caja) +- Filtros dinámicos (por fecha, empresa, proyecto, etc.) + +**Dependencias:** MGN-001, MGN-004, MGN-008 +**Módulos que dependen:** Ninguno + +**Justificación P2:** +Importante para análisis de negocio, pero puede implementarse con reportes básicos inicialmente y mejorar iterativamente. + +**Alcance técnico:** +- Database: Schema `reports_management` (5 tablas: report_definitions, report_schedules, saved_filters) +- Backend: Módulo reports con query builder +- Frontend: Dashboard con widgets, reportes interactivos + +**Patrones clave:** +- Reportes con filtros dinámicos +- Caching de reportes pesados (Redis) +- Exportación multi-formato + +--- + +### MGN-013: Portal de Usuarios + +**Nombre:** Portal de Usuarios Externos +**Fase:** Complementaria +**Prioridad:** P1 - Alta (ESENCIAL para INFONAVIT) +**Story Points:** 50 SP +**Referencia Odoo:** portal +**% Reutilización:** 80% + +**Componentes principales:** +- Acceso limitado para usuarios externos (clientes, proveedores) +- Vista de documentos (cotizaciones, facturas, proyectos) +- Aprobación de documentos (firma electrónica de cotizaciones) +- Firma electrónica (canvas HTML5, almacenamiento seguro) +- Mensajería (comunicación cliente-empresa) +- Notificaciones (email, in-app) +- Dashboard personalizado por rol + +**Dependencias:** MGN-001, MGN-007, MGN-014 +**Módulos que dependen:** Ninguno + +**Justificación P1:** +**ESENCIAL** para portal de derechohabientes INFONAVIT (construcción). Alta prioridad para mejorar experiencia de cliente. + +**Impacto:** +- Clientes aprueban cotizaciones online +- Reducción 40% llamadas al call center +- Firma electrónica válida legalmente +- Visibilidad de proyectos en tiempo real + +**Alcance técnico:** +- Database: Usuarios con `is_portal=true` en auth.users +- Backend: Módulo portal con RLS estricto +- Frontend: Portal separado (subdomain o /portal) + +**Patrones clave:** +- RLS estricto (usuario solo ve sus registros) → Odoo portal.user +- Permisos read-only + acciones permitidas (aprobar, firmar) +- Firma electrónica (canvas HTML5) + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para portal derechohabientes INFONAVIT + +--- + +### MGN-014: Mensajería y Notificaciones + +**Nombre:** Mensajería y Notificaciones +**Fase:** Complementaria +**Prioridad:** P1 - Alta +**Story Points:** 45 SP +**Referencia Odoo:** mail +**Referencia Gamilit:** notifications module +**% Reutilización:** 85% + +**Componentes principales:** +- Sistema de mensajes (mail.thread pattern, chatter por registro) +- Notificaciones (email, in-app, push notifications) +- Actividades programadas (recordatorios, deadlines) +- Followers (seguidores de documentos, notificación automática) +- Tracking automático de cambios (auditoría sin código adicional) +- Templates de email (plantillas configurables) +- Mensajería en tiempo real (WebSocket con Socket.IO) + +**Dependencias:** MGN-001 +**Módulos que dependen:** Todos (opcional, mejora colaboración) + +**Justificación P1:** +Mejora significativa en colaboración y auditoría. Tracking automático es crítico para compliance (ISO 9001). + +**Alcance técnico:** +- Database: Schema `notifications_management` (6 tablas: messages, notifications, followers, activities, email_templates) +- Backend: Módulo notifications con WebSocket +- Frontend: Chatter UI, notificaciones in-app + +**Patrones clave:** +- Tracking automático de campos (configurado via decorators) → Odoo mail.thread +- Chatter UI por registro (comentarios, historial) +- Followers + notificaciones automáticas + +**Patrones mejorados vs Odoo:** +- Polling → WebSocket (Socket.IO) para notificaciones en tiempo real +- Mejor UX de notificaciones + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ ESENCIAL para auditoría y colaboración + +--- + +### MGN-015: Billing y Suscripciones SaaS + +**Nombre:** Billing y Suscripciones SaaS +**Fase:** Complementaria +**Prioridad:** P1 - Alta +**Story Points:** 55 SP +**Referencia:** Stripe Billing, Paddle +**% Reutilización:** 90% + +**Componentes principales:** +- Planes de suscripción (free, basic, professional, enterprise) +- Gestión de suscripciones por tenant (status, ciclo de facturación) +- Métodos de pago (tarjetas, transferencias, OXXO, SPEI) +- Facturación automática de suscripciones +- Cupones y descuentos promocionales +- Historial de suscripciones y cambios de plan +- Registros de uso para billing por consumo +- Integración con Stripe (payment intents, webhooks) + +**Dependencias:** MGN-001, MGN-002 +**Módulos que dependen:** Ninguno (módulo independiente) + +**Justificación P1:** +Permite operar el ERP como SaaS multi-tenant con monetización. Esencial para modelo de negocio SaaS. + +**Alcance técnico:** +- Database: Schema `billing` (11 tablas: subscription_plans, subscriptions, payments, invoices, coupons, etc.) +- Backend: Módulo billing con integración Stripe +- Frontend: Portal de facturación, gestión de planes + +**Patrones clave:** +- Planes con límites configurables (usuarios, empresas, storage) +- Features flags por plan (módulos habilitados) +- Webhook handlers para eventos de pago +- Facturación recurrente automática + +**Funciones de negocio:** +- `get_tenant_plan()`: Obtiene plan actual del tenant +- `can_add_user()`: Verifica límites del plan +- `has_feature()`: Verifica features habilitadas + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para modelo SaaS + +--- + +## Resumen Cuantitativo + +### Por Fase + +| Fase | Módulos | Story Points | % Total SP | Timeline Estimado | +|------|---------|--------------|------------|-------------------| +| **Core (P0)** | 8 | 430 SP | 54% | 11 sprints (22 sem / 5.5 meses) | +| **Complementaria (P1/P2)** | 7 | 360 SP | 46% | 9 sprints (18 sem / 4.5 meses) | +| **TOTAL** | **15** | **790 SP** | **100%** | **20 sprints (40 sem / 10 meses)** | + +### Por Prioridad + +| Prioridad | Módulos | Story Points | % Total | +|-----------|---------|--------------|---------| +| **P0 - Crítico** | 8 | 430 SP | 54% | +| **P1 - Alta** | 6 | 320 SP | 41% | +| **P2 - Media** | 1 | 40 SP | 5% | + +### Por Referencia Odoo + +| Módulo MGN | Módulo(s) Odoo Principal | % Reutilización Lógica | +|------------|--------------------------|------------------------| +| MGN-001 | base, auth_signup | 90% | +| MGN-002 | base (res.company) | 90% | +| MGN-003 | base (res.partner, currencies, uom) | 95% | +| MGN-004 | account | 70% | +| MGN-005 | stock | 80% | +| MGN-006 | purchase | 85% | +| MGN-007 | sale | 85% | +| MGN-008 | analytic | 95% | +| MGN-009 | crm | 75% | +| MGN-010 | hr, hr_contract, hr_attendance | 70% | +| MGN-011 | project | 80% | +| MGN-012 | account (reports), reporting | 60% | +| MGN-013 | portal | 80% | +| MGN-014 | mail | 85% | +| MGN-015 | Stripe Billing (externo) | 90% | +| **PROMEDIO** | - | **82%** | + +--- + +## Timeline Estimado + +### Configuración Inicial + +**Velocity estimado:** 40 SP por sprint (2 semanas) +**Equipo:** 3 desarrolladores full-stack + 1 arquitecto + +**Cálculo:** +- Total SP: 735 SP +- Velocity: 40 SP/sprint +- Sprints necesarios: 735 / 40 = **18.4 sprints** ≈ **19 sprints** +- Duración total: 19 sprints × 2 semanas = **38 semanas** ≈ **9.5 meses** + +### Distribución por Trimestre + +**Q1 (Meses 1-3) - Fundamentos:** +- Sprint 1-2: MGN-001 (Fundamentos) - 50 SP +- Sprint 3-4: MGN-002 (Empresas) + MGN-003 (Catálogos) - 65 SP +- Sprint 5-6: MGN-004 (Financiero) Parte 1 - 40 SP + +**Q2 (Meses 4-6) - Módulos Core:** +- Sprint 7-8: MGN-004 (Financiero) Parte 2 + MGN-005 (Inventario) - 110 SP +- Sprint 9-10: MGN-006 (Compras) + MGN-007 (Ventas) - 120 SP +- Sprint 11: MGN-008 (Analítica) - 45 SP + +**Q3 (Meses 7-9) - Módulos Complementarios:** +- Sprint 12-13: MGN-014 (Mensajería) + MGN-009 (CRM) - 95 SP +- Sprint 14-15: MGN-010 (RRHH) + MGN-013 (Portal) - 105 SP +- Sprint 16-17: MGN-011 (Proyectos) - 65 SP + +**Q4 (Mes 10) - Reportes y Refinamiento:** +- Sprint 18: MGN-012 (Reportes) - 40 SP +- Sprint 19: Buffer, testing, documentación + +--- + +## Dependencias Entre Módulos + +### Grafo de Dependencias + +```mermaid +graph TD + MGN001[MGN-001 Fundamentos] --> MGN002[MGN-002 Empresas] + MGN001 --> MGN003[MGN-003 Catálogos] + MGN001 --> MGN014[MGN-014 Mensajería] + + MGN002 --> MGN004[MGN-004 Financiero] + MGN003 --> MGN004 + MGN003 --> MGN005[MGN-005 Inventario] + + MGN004 --> MGN006[MGN-006 Compras] + MGN005 --> MGN006 + MGN004 --> MGN007[MGN-007 Ventas] + MGN005 --> MGN007 + + MGN004 --> MGN008[MGN-008 Analítica] + MGN006 --> MGN008 + MGN007 --> MGN008 + + MGN003 --> MGN009[MGN-009 CRM] + MGN007 --> MGN009 + + MGN001 --> MGN010[MGN-010 RRHH] + MGN002 --> MGN010 + + MGN008 --> MGN011[MGN-011 Proyectos] + MGN010 --> MGN011 + + MGN004 --> MGN012[MGN-012 Reportes] + MGN008 --> MGN012 + + MGN001 --> MGN013[MGN-013 Portal] + MGN007 --> MGN013 + MGN014 --> MGN013 + + style MGN001 fill:#ff6b6b + style MGN002 fill:#ff6b6b + style MGN003 fill:#ff6b6b + style MGN004 fill:#ff6b6b + style MGN005 fill:#ff6b6b + style MGN006 fill:#ff6b6b + style MGN007 fill:#ff6b6b + style MGN008 fill:#ff6b6b + style MGN009 fill:#4ecdc4 + style MGN010 fill:#4ecdc4 + style MGN011 fill:#4ecdc4 + style MGN012 fill:#95e1d3 + style MGN013 fill:#4ecdc4 + style MGN014 fill:#4ecdc4 +``` + +**Leyenda:** +- 🔴 Rojo (ff6b6b): P0 - Crítico (Fase Core) +- 🔵 Azul (4ecdc4): P1 - Alta (Fase Complementaria) +- 🟢 Verde (95e1d3): P2 - Media (Fase Complementaria) + +### Módulos sin Dependencias (pueden iniciar primero) + +1. **MGN-001 (Fundamentos):** No tiene dependencias, es la base de todo + +### Módulos de Nivel 1 (dependen solo de MGN-001) + +1. **MGN-002 (Empresas):** Depende de MGN-001 +2. **MGN-003 (Catálogos):** Depende de MGN-001 +3. **MGN-014 (Mensajería):** Depende de MGN-001 + +### Módulos de Nivel 2 (dependen de nivel 0-1) + +1. **MGN-004 (Financiero):** Depende de MGN-001, MGN-002, MGN-003 +2. **MGN-005 (Inventario):** Depende de MGN-001, MGN-002, MGN-003 +3. **MGN-010 (RRHH):** Depende de MGN-001, MGN-002 + +### Módulos de Nivel 3 (dependen de nivel 0-2) + +1. **MGN-006 (Compras):** Depende de MGN-004, MGN-005 +2. **MGN-007 (Ventas):** Depende de MGN-004, MGN-005 +3. **MGN-009 (CRM):** Depende de MGN-003, MGN-007 + +### Módulos de Nivel 4 (dependen de nivel 0-3) + +1. **MGN-008 (Analítica):** Depende de MGN-004, MGN-006, MGN-007 +2. **MGN-013 (Portal):** Depende de MGN-001, MGN-007, MGN-014 + +### Módulos de Nivel 5 (dependen de nivel 0-4) + +1. **MGN-011 (Proyectos):** Depende de MGN-008, MGN-010 +2. **MGN-012 (Reportes):** Depende de MGN-004, MGN-008 + +--- + +## Riesgos y Mitigaciones + +### Riesgos Técnicos + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|--------------|---------|------------| +| **Over-engineering** (hacer genérico lo que no debe serlo) | Media | Alto | Validar con 3 proyectos reales antes de generalizar. Principio YAGNI. | +| **Complejidad de contabilidad analítica** (MGN-008) | Media | Alto | Seguir patrón Odoo (probado). Consultoría contable. | +| **Migración de datos ERP Construcción** | Alta | Medio | Scripts de migración validados. Testing exhaustivo. Rollback plan. | +| **Regresiones en ERP Construcción** | Media | Alto | Test coverage 70%+. E2E tests de flujos críticos. | + +### Riesgos de Negocio + +| Riesgo | Probabilidad | Impacto | Mitigación | +|--------|--------------|---------|------------| +| **Scope creep** (agregar funcionalidades no esenciales) | Alta | Medio | Definir alcance claramente en ALCANCE-POR-MODULO.md. | +| **Timeline optimista** | Media | Alto | Buffer de 10% (sprint 19). Velocity conservador (40 SP vs 50 SP). | +| **Resistencia al cambio** (equipo prefiere código específico) | Baja | Medio | Capacitación. Demos de beneficios. | +| **Break-even no alcanzado** (ROI negativo) | Baja | Alto | Validación de 71% reutilización. Presupuesto conservador. | + +--- + +## Criterios de Éxito + +### Criterios Funcionales + +✅ **Los 14 módulos funcionan independientemente:** +- Cada módulo puede ser usado sin los demás (respetando dependencias) +- Deployment modular posible + +✅ **Reutilización 70%+ en proyectos futuros:** +- ERP Vidrio reutiliza mínimo 70% del genérico +- ERP Mecánicas reutiliza mínimo 70% del genérico + +✅ **Cobertura de funcionalidad básica ERP:** +- Contabilidad: Balance, P&L, asientos, facturas, pagos +- Inventario: Productos, stock, movimientos, valoración +- Compras: RFQ, PO, recepciones, facturas proveedor +- Ventas: Cotizaciones, SO, entregas, facturas cliente +- Analítica: P&L por proyecto + +### Criterios Técnicos + +✅ **Test coverage 70%+:** +- Backend: 80% +- Frontend: 70% +- E2E: 60% (flujos críticos) + +✅ **Performance adecuado:** +- API response time <200ms (p95) +- Reportes <3s (p95) +- Dashboard load <1s + +✅ **Seguridad robusta:** +- RBAC completo +- RLS en todos los schemas +- Auditoría automática (tracking de cambios) + +✅ **Documentación completa:** +- Cada módulo con README.md +- API documentada (OpenAPI 3.0) +- Guías de usuario + +--- + +## Próximos Pasos + +1. **Definir alcance detallado:** Crear `ALCANCE-POR-MODULO.md` (qué incluye, qué no) +2. **Documentar dependencias:** Crear `DEPENDENCIAS-MODULOS.md` (orden de implementación) +3. **Diseñar database schemas:** Crear DDL de cada schema (Fase 2) +4. **Diseñar APIs:** Crear especificaciones OpenAPI (Fase 2) +5. **Diseñar componentes UI:** Crear design system (Fase 2) + +--- + +## Referencias + +**Documentos de Análisis (Fase 0):** +- [RESUMEN-FASE-0.md](../00-analisis-referencias/RESUMEN-FASE-0.md) +- [MAPEO-ODOO-TO-MGN.md](../00-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md) +- [MAPA-COMPONENTES-GENERICOS.md](../00-analisis-referencias/MAPA-COMPONENTES-GENERICOS.md) + +**ADRs Relacionadas:** +- [ADR-001: Stack Tecnológico](../adr/ADR-001-stack-tecnologico.md) +- [ADR-002: Arquitectura Modular](../adr/ADR-002-arquitectura-modular.md) +- [ADR-007: Database Design](../adr/ADR-007-database-design.md) + +**Referencias Externas:** +- [Odoo Documentation](https://www.odoo.com/documentation) +- [PostgreSQL Multi-Schema Best Practices](https://www.postgresql.org/docs/15/ddl-schemas.html) + +--- + +**Documento creado:** 2025-11-23 +**Versión:** 1.0 +**Autor:** Architecture-Analyst +**Estado:** ✅ Completado +**Próximo documento:** ALCANCE-POR-MODULO.md diff --git a/docs/02-definicion-modulos/RETROALIMENTACION-ERP-CONSTRUCCION.md b/docs/02-definicion-modulos/RETROALIMENTACION-ERP-CONSTRUCCION.md new file mode 100644 index 0000000..c3f54ef --- /dev/null +++ b/docs/02-definicion-modulos/RETROALIMENTACION-ERP-CONSTRUCCION.md @@ -0,0 +1,795 @@ +# RETROALIMENTACIÓN AL ERP CONSTRUCCIÓN + +**Fecha:** 2025-11-23 +**Basado en:** Fase 0 + Fase 1 (Gap Analysis) +**Responsable:** Architecture-Analyst +**Destinatario:** Equipo ERP Construcción + +--- + +## RESUMEN EJECUTIVO + +Tras completar el análisis exhaustivo de referencias (Odoo, Gamilit) y la definición de módulos del ERP Genérico, presentamos retroalimentación consolidada al ERP Construcción con: + +- **143 componentes genéricos** a migrar al ERP Genérico (61% reutilización) +- **29 gaps funcionales críticos** detectados (de 14 módulos analizados) +- **10 mejoras arquitectónicas P0** recomendadas +- **Beneficio estimado:** ROI 3.5x en 18 meses + +### Cuantificación de Gaps + +| Prioridad | Total Gaps | % | SP Estimado | +|-----------|------------|---|--------------| +| **P0 (Críticos)** | 11 | 38% | 178 SP | +| **P1 (Altos)** | 13 | 45% | 189 SP | +| **P2 (Medios)** | 5 | 17% | 76 SP | +| **TOTAL** | **29** | 100% | **443 SP** | + +--- + +## 1. COMPONENTES A MIGRAR AL ERP GENÉRICO + +### 1.1 Resumen Cuantitativo + +| Categoría | Total Construcción | Genéricos a Migrar | % Migración | +|-----------|--------------------|--------------------|-------------| +| **Schemas DB** | 7 | 5 | 71% | +| **Tablas DB** | 67 | 44 | 66% | +| **Módulos Backend** | 12 | 8 | 67% | +| **Componentes Frontend** | 52 | 31 | 60% | +| **TOTAL** | **138** | **88** | **64%** | + +### 1.2 Por Módulo MGN + +#### MGN-001: Fundamentos +**Componentes a migrar de Construcción:** +- [x] auth schema completo (10 tablas) +- [x] users, roles, permissions tables +- [x] auth module (backend) +- [x] Login, UserManagement UI (frontend) + +**Beneficio:** Reutilización 100% en 3 ERPs futuros +**SP:** 50 SP (original) + 31 SP (gaps P0) = **81 SP** + +#### MGN-002: Empresas y Organizaciones +**Componentes a migrar:** +- [x] core.companies table +- [x] companies module +- [x] CompanySelector UI + +**Beneficio:** Multi-empresa funcional +**SP:** **30 SP** (sin gaps P0) + +#### MGN-003: Catálogos Maestros +**Componentes a migrar:** +- [x] partners, currencies, countries, uom tables +- [x] catalogs module +- [x] PartnerForm, DataTable UI + +**Beneficio:** Catálogos universales +**SP:** 35 SP + 5 SP (gaps P0) = **40 SP** + +#### MGN-004: Financiero Básico +**Componentes a migrar:** +- [x] financial schema (12 tablas) +- [x] financial module +- [x] AccountingUI, InvoiceForm + +**Beneficio:** Contabilidad general completa +**SP:** 80 SP + 26 SP (gaps P0) = **106 SP** + +#### MGN-005: Inventario Básico +**Componentes a migrar:** +- [x] inventory schema (10 tablas) +- [x] inventory module +- [x] StockMovement, WarehouseUI + +**Beneficio:** Gestión de stock completa +**SP:** 70 SP + 21 SP (gaps P0) = **91 SP** + +#### MGN-006: Compras Básico +**Componentes a migrar:** +- [x] purchase schema (7 tablas) +- [x] purchasing module +- [x] PurchaseOrderForm UI + +**Beneficio:** Ciclo completo de compras +**SP:** 60 SP + 13 SP (gaps P0) = **73 SP** + +#### MGN-007: Ventas Básico +**Componentes a migrar:** +- [x] sales schema (8 tablas) +- [x] sales module +- [x] SalesOrderForm, QuotationUI + +**Beneficio:** Ciclo completo de ventas +**SP:** 60 SP + 13 SP (gaps P0) = **73 SP** + +#### MGN-008: Contabilidad Analítica +**Componentes a migrar:** +- [x] analytics schema (4 tablas) +- [x] analytics module +- [x] AnalyticsReports UI + +**Beneficio:** ⭐⭐⭐⭐⭐ CRÍTICO - P&L automático por proyecto +**SP:** 45 SP + 21 SP (gaps P0) = **66 SP** + +#### MGN-013: Portal de Usuarios +**Componentes a migrar:** +- [x] portal module +- [x] PortalUI, SignatureCanvas + +**Beneficio:** ⭐⭐⭐⭐⭐ CRÍTICO - Portal INFONAVIT +**SP:** 50 SP + 13 SP (gaps P0) = **63 SP** + +#### MGN-014: Mensajería y Notificaciones +**Componentes a migrar:** +- [x] notifications schema +- [x] notifications module (WebSocket) +- [x] Chatter, NotificationBell UI + +**Beneficio:** Tracking automático, auditoría +**SP:** **45 SP** (sin gaps P0) + +### 1.3 Timeline de Migración Sugerido + +**Fase 1 (Sprints 1-4): Fundamentos** +- MGN-001 (Fundamentos) - 81 SP +- MGN-002 (Empresas) - 30 SP +- MGN-003 (Catálogos) - 40 SP +- **Total Fase 1:** 151 SP + +**Fase 2 (Sprints 5-8): Transaccionales Core** +- MGN-004 (Financiero) - 106 SP +- MGN-005 (Inventario) - 91 SP +- **Total Fase 2:** 197 SP + +**Fase 3 (Sprints 9-12): Compras/Ventas/Analítica** +- MGN-006 (Compras) - 73 SP +- MGN-007 (Ventas) - 73 SP +- MGN-008 (Analítica) - 66 SP +- **Total Fase 3:** 212 SP + +**Fase 4 (Sprints 13-15): Portal y Mensajería** +- MGN-013 (Portal) - 63 SP +- MGN-014 (Mensajería) - 45 SP +- **Total Fase 4:** 108 SP + +**TOTAL:** 668 SP / 40 SP por sprint = **17 sprints (34 semanas / 8.5 meses)** + +--- + +## 2. MEJORAS ARQUITECTÓNICAS RECOMENDADAS + +### Top 10 Mejoras (Priorizadas por Impacto × Esfuerzo) + +#### [P0] Mejora 1: Implementar Arquitectura Multi-Schema + +**Descripción:** +Migrar de single schema "public" a multi-schema por dominio. + +**Estado Actual (Construcción):** +- Single schema "public" +- Todas las tablas mezcladas +- Dificulta permisos granulares + +**Estado Deseado:** +``` +database/ddl/ +├── auth_management/ (10 tablas) +├── core/ (12 tablas - empresas, catálogos) +├── financial_management/ (12 tablas) +├── inventory_management/ (10 tablas) +├── purchasing_management/ (7 tablas) +├── sales_management/ (8 tablas) +├── analytics_management/ (4 tablas) +└── projects_management/ (14 tablas - ESPECÍFICO construcción) +``` + +**Justificación:** +- Patrón Gamilit: 9 schemas, muy bien organizado +- Patrón Odoo: Módulos separados conceptualmente +- ADR-007: Multi-schema + RLS + +**Beneficio:** +- Organización lógica +80% +- Permisos granulares implementables +- Mantenibilidad +50% + +**Esfuerzo:** 60-80 SP (3-4 sprints) +**Prioridad:** P0 - CRÍTICO +**Riesgos:** Alto - Requiere migración de datos +**Mitigación:** Script de migración automatizado, rollback plan + +**Plan de Acción:** +1. [ ] Sprint 1: Diseñar estructura multi-schema +2. [ ] Sprint 2: Crear scripts de migración DDL +3. [ ] Sprint 3: Migrar datos (con rollback) +4. [ ] Sprint 4: Refactorizar código backend/frontend + +--- + +#### [P0] Mejora 2: Implementar Sistema SSOT de Constantes + +**Descripción:** +Backend como Single Source of Truth, sincronización automática a Frontend. + +**Estado Actual (Construcción):** +- Constantes duplicadas en DB, Backend, Frontend +- Hardcoding de ENUMs, status, tipos +- Inconsistencias frecuentes + +**Estado Deseado:** +```typescript +// backend/src/shared/constants/database.constants.ts +export const DB_SCHEMAS = { + AUTH: 'auth_management', + CORE: 'core', + FINANCIAL: 'financial_management', + // ... +}; + +// frontend genera automáticamente con sync-enums.ts +``` + +**Justificación:** +- Patrón Gamilit: Elimina 96% duplicación +- ADR-004: Sistema SSOT + +**Beneficio:** +- Eliminación de duplicación: 96% +- Reducción de bugs por inconsistencias: 80% +- Tiempo de refactoring: -60% + +**Esfuerzo:** 20-30 SP (1-2 sprints) +**Prioridad:** P0 - CRÍTICO + +**Plan de Acción:** +1. [ ] Sprint 1: Implementar script sync-enums.ts (de Gamilit) +2. [ ] Sprint 1: Centralizar constantes en backend/src/shared/constants/ +3. [ ] Sprint 2: Refactorizar frontend para usar constantes sincronizadas +4. [ ] Sprint 2: Agregar validación pre-commit + +--- + +#### [P0] Mejora 3: Implementar Contabilidad Analítica Universal + +**Patrón Odoo:** account.analytic.account + +**Descripción:** +Agregar campo `analytic_account_id` en TODAS las transacciones para tracking de costos por proyecto. + +**Estado Actual (Construcción):** +- Campo `project_id` en algunas tablas (NO universal) +- Reportes P&L por proyecto requieren queries complejos +- Distribución analítica (60% proyecto A, 40% proyecto B) NO existe + +**Estado Deseado:** +```sql +-- Agregar a TODAS las transacciones +ALTER TABLE purchase_order_lines +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); + +ALTER TABLE sale_order_lines +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); + +ALTER TABLE journal_entry_lines +ADD COLUMN analytic_account_id UUID REFERENCES analytics.accounts(id); + +-- Distribución analítica +CREATE TABLE analytics.distributions ( + line_id UUID, + analytic_account_id UUID, + percentage NUMERIC(5,2) -- 60%, 40% +); +``` + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para ERP Construcción + +**Beneficio:** +- Reportes P&L por proyecto automáticos (segundos vs 80 horas/mes) +- Rentabilidad por lote/torre en dashboard en tiempo real +- Decisiones basadas en datos reales (no intuición) + +**Esfuerzo:** 45-60 SP (3-4 sprints) +**Prioridad:** P0 - CRÍTICO + +**Plan de Acción:** +1. [ ] Sprint 1: Crear analytics schema (4 tablas) +2. [ ] Sprint 2: Agregar analytic_account_id a transacciones existentes +3. [ ] Sprint 3: Implementar distribución analítica multi-dimensional +4. [ ] Sprint 4: Crear reportes P&L por proyecto + +--- + +#### [P1] Mejora 4: Adoptar Feature-Sliced Design (Frontend) + +**Patrón Gamilit:** shared/ features/ pages/ app/ + +**Estado Actual (Construcción):** +- Frontend sin arquitectura clara +- Componentes no reutilizables +- Desarrollo lento (40% más tiempo) + +**Estado Deseado:** +``` +frontend/src/ +├── shared/ (180+ componentes reutilizables) +│ ├── ui/ (Button, Input, Select, etc.) +│ ├── api/ (API clients) +│ └── utils/ (helpers, hooks) +├── features/ (por rol: director/, resident/, etc.) +├── pages/ +└── app/ +``` + +**Beneficio:** +- Desarrollo 40% más rápido +- Reutilización máxima de componentes +- Mantenibilidad +50% + +**Esfuerzo:** 60-80 SP (3-4 sprints) +**Prioridad:** P1 - ALTA + +--- + +#### [P1] Mejora 5: Implementar mail.thread Pattern para Tracking + +**Patrón Odoo:** mail.thread + +**Descripción:** +Tracking automático de cambios con decorador @TrackChanges. + +**Estado Actual (Construcción):** +- Auditoría manual (logging explícito) +- Sin historial de cambios visible en UI + +**Estado Deseado:** +```typescript +@TrackChanges(['status', 'amount', 'assigned_to']) +class Budget extends BaseEntity { + // Cambios automáticamente loggeados +} +``` + +**Beneficio:** +- Auditoría automática (compliance ISO 9001) +- Historial visible en Chatter UI +- Sin código adicional de logging + +**Esfuerzo:** 40-50 SP (2-3 sprints) +**Prioridad:** P1 - ALTA + +--- + +#### [P1] Mejora 6: Adoptar Path Aliases + +**Patrón Gamilit:** @shared, @modules, @components + +**Estado Actual (Construcción):** +```typescript +import { Button } from '../../../shared/ui/Button'; +``` + +**Estado Deseado:** +```typescript +import { Button } from '@shared/ui'; +``` + +**Beneficio:** +- Imports limpios +- Refactoring fácil (mover carpetas sin romper imports) + +**Esfuerzo:** 5-8 SP (1 sprint) +**Prioridad:** P1 - ALTA + +--- + +#### [P1] Mejora 7: Implementar Portal de Usuarios Externos + +**Patrón Odoo:** portal + +**Aplicabilidad:** ⭐⭐⭐⭐⭐ CRÍTICO para portal INFONAVIT + +**Descripción:** +Portal para derechohabientes con firma electrónica válida legalmente. + +**Beneficio:** +- Derechohabientes ven avance de vivienda 24/7 +- Firman actas entrega-recepción digitalmente (NOM-151-SCFI) +- Reducción 40% llamadas call center +- Mejor experiencia cliente (NPS +25 puntos) + +**Esfuerzo:** 50-65 SP (3 sprints) +**Prioridad:** P1 - ALTA + +--- + +#### [P1] Mejora 8: Aumentar Test Coverage a 70%+ + +**Lección Gamilit:** Evitar 14% coverage (deuda técnica) + +**Estado Actual (Construcción):** +- Coverage ~15% (INACEPTABLE) +- Bugs en producción frecuentes +- Refactoring peligroso (sin tests) + +**Estado Deseado:** +- Backend: 80% coverage +- Frontend: 70% coverage +- E2E: 60% coverage (flujos críticos) + +**Beneficio:** +- Reducción 70% bugs +- Refactoring seguro +- Deployment con confianza + +**Esfuerzo:** 120-160 SP (6-8 sprints, paralelo) +**Prioridad:** P1 - ALTA + +--- + +#### [P2] Mejora 9: Implementar Docker + CI/CD + +**Gap Gamilit:** Sin Docker, sin CI/CD + +**Estado Actual (Construcción):** +- Deployment manual +- Ambientes inconsistentes +- Sin validaciones automáticas + +**Estado Deseado:** +```yaml +# docker-compose.yml +services: + db: + image: postgis/postgis:15-3.3 + backend: + build: ./backend + frontend: + build: ./frontend +``` + +**Beneficio:** +- Deployment 10x más rápido +- Ambientes consistentes (dev = staging = prod) +- Validaciones automáticas (tests, linting) + +**Esfuerzo:** 20-30 SP (2 sprints) +**Prioridad:** P2 - MEDIA (pero recomendado) + +--- + +#### [P2] Mejora 10: Migrar a TypeORM o Prisma + +**Gap Gamilit:** Backend sin ORM (node-postgres directo) + +**Estado Actual (Construcción):** +- Queries SQL directos con node-postgres +- Sin migraciones automáticas +- Sin type safety en queries + +**Estado Deseado:** +```typescript +// Con TypeORM +@Entity() +class Budget { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column() + amount: number; +} + +// Queries type-safe +const budget = await budgetRepo.findOne({where: {id}}); +``` + +**Beneficio:** +- Type safety en queries (menos bugs) +- Migraciones automáticas +- Relations automáticas + +**Esfuerzo:** 40-60 SP (3 sprints) +**Prioridad:** P2 - MEDIA + +--- + +## 3. GAPS FUNCIONALES IDENTIFICADOS + +### 3.1 Resumen de Gaps (Consolidado de 14 módulos) + +| Módulo | P0 | P1 | P2 | Total | SP P0 | SP Total | +|--------|----|----|----|----|-------|----------| +| MGN-001 (Fundamentos) | 3 | 2 | 2 | 7 | 31 | 57 | +| MGN-002 (Empresas) | 0 | 1 | 2 | 3 | 0 | 21 | +| MGN-003 (Catálogos) | 1 | 2 | 1 | 4 | 5 | 26 | +| MGN-004 (Financiero) | 3 | 3 | 2 | 8 | 26 | 73 | +| MGN-005 (Inventario) | 1 | 2 | 1 | 4 | 21 | 60 | +| MGN-006 (Compras) | 1 | 1 | 0 | 2 | 13 | 26 | +| MGN-007 (Ventas) | 1 | 1 | 0 | 2 | 13 | 26 | +| MGN-008 (Analítica) | 1 | 1 | 0 | 2 | 21 | 29 | +| MGN-013 (Portal) | 1 | 1 | 0 | 2 | 13 | 26 | +| MGN-010 (RRHH) | 0 | 1 | 0 | 1 | 0 | 13 | +| MGN-014 (Mensajería) | 0 | 1 | 0 | 1 | 0 | 21 | +| **TOTAL** | **12** | **16** | **8** | **36** | **143** | **378** | + +### 3.2 Gaps P0 (Críticos) - TOP 12 + +#### 1. GAP-MGN-008-001: Planes Analíticos Multi-Dimensionales +- **Módulo:** Contabilidad Analítica +- **Impacto:** CRÍTICO - Sin esto no hay reportes proyecto × departamento × categoría +- **SP:** 21 SP +- **ROI:** Ahorra 80 horas/mes en reportes manuales + +#### 2. GAP-MGN-004-001: Reportes Financieros Estándar (Balance, P&L) +- **Módulo:** Financiero +- **Impacto:** CRÍTICO - Requerimiento legal (SAT México) +- **SP:** 13 SP + +#### 3. GAP-MGN-005-001: Valoración FIFO/Average Cost +- **Módulo:** Inventario +- **Impacto:** CRÍTICO - Requerimiento fiscal (NIF C-4) +- **SP:** 21 SP + +#### 4. GAP-MGN-001-001: API Keys para Integraciones +- **Módulo:** Fundamentos +- **Impacto:** CRÍTICO - Integración INFONAVIT API +- **SP:** 8 SP + +#### 5. GAP-MGN-001-002: Permisos Field-Level +- **Módulo:** Fundamentos +- **Impacto:** CRÍTICO - Ocultar campos sensibles (presupuestos) +- **SP:** 13 SP + +#### 6. GAP-MGN-001-003: Herencia de Roles +- **Módulo:** Fundamentos +- **Impacto:** CRÍTICO - Simplifica gestión permisos +- **SP:** 10 SP + +#### 7. GAP-MGN-004-002: Secuencias Automáticas de Documentos +- **Módulo:** Financiero +- **Impacto:** CRÍTICO - Requerimiento fiscal (folios consecutivos) +- **SP:** 8 SP + +#### 8. GAP-MGN-004-003: Cierre de Período Contable +- **Módulo:** Financiero +- **Impacto:** CRÍTICO - Control interno (previene modificar meses cerrados) +- **SP:** 5 SP + +#### 9. GAP-MGN-006-001: Control 3-Way Match +- **Módulo:** Compras +- **Impacto:** CRÍTICO - Control interno (previene fraudes) +- **SP:** 13 SP + +#### 10. GAP-MGN-007-001: Pagos Anticipados +- **Módulo:** Ventas +- **Impacto:** CRÍTICO - Requerimiento INFONAVIT (pagos en fases) +- **SP:** 13 SP + +#### 11. GAP-MGN-013-001: Firma Electrónica Válida Legalmente +- **Módulo:** Portal +- **Impacto:** CRÍTICO - Actas entrega-recepción INFONAVIT (NOM-151-SCFI) +- **SP:** 13 SP + +#### 12. GAP-MGN-003-001: Ranking de Partners +- **Módulo:** Catálogos +- **Impacto:** CRÍTICO - Reportes Top 10 Clientes +- **SP:** 5 SP + +**Total SP Gaps P0:** 143 SP + +--- + +## 4. OPORTUNIDADES DE REUTILIZACIÓN DEL ERP GENÉRICO + +### 4.1 Una vez creado el ERP Genérico + +**ERP Construcción podrá:** + +1. **Reutilizar 64% de componentes genéricos** + - 88 componentes genéricos migrados + - 50 componentes específicos de construcción permanecen + - Reducción de código a mantener: 64% + +2. **Eliminar código duplicado:** + - ~44 tablas de BD migradas (66%) + - ~8 módulos backend migrados (67%) + - ~31 componentes frontend reusables (60%) + +3. **Reducir mantenimiento:** + - Bugs corregidos en genérico benefician a construcción + - Nuevas funcionalidades se agregan una sola vez + - Testing centralizado (coverage 70%+) + +4. **Acelerar desarrollo futuro:** + - Nuevas funcionalidades específicas de construcción se construyen sobre base sólida + - Tiempo de desarrollo -36% promedio + - Reutilización de UI components (DataTable, Forms, etc.) + +### 4.2 Estrategia de Migración + +**Fase 1: Fundamentos (Sprints 1-4)** +- Migrar MAI-001 → MGN-001 (Fundamentos) +- Refactorizar construcción para usar MGN-001 +- **Entregable:** Autenticación compartida + +**Fase 2: Transaccionales (Sprints 5-12)** +- Migrar MAI-004, MAI-005, MAI-006, MAI-007 → MGN-004, MGN-005, MGN-006, MGN-007 +- Refactorizar construcción para extender módulos genéricos +- **Entregable:** Módulos core compartidos + +**Fase 3: Complementarios (Sprints 13-17)** +- Migrar MAI-008 → MGN-008 (contabilidad analítica) +- Agregar MGN-013 (Portal INFONAVIT) +- **Entregable:** Sistema completo con portal + +--- + +## 5. PLAN DE ACCIÓN PROPUESTO + +### 5.1 Roadmap Sugerido (17 sprints / 8.5 meses) + +#### Fase 1: Fundamentos y Mejoras Críticas (Sprints 1-4) +**Objetivo:** Implementar mejoras P0 arquitectónicas en Construcción + +**Tareas:** +- [ ] Sprint 1: Implementar Sistema SSOT (20-30 SP) +- [ ] Sprint 2-4: Migrar a arquitectura multi-schema (60-80 SP) +- [ ] Sprint 4: Crear base del ERP Genérico (estructura monorepo) + +**Story Points:** 100 SP +**Entregables:** +- Construcción con SSOT implementado +- Construcción con multi-schema +- ERP Genérico - Estructura base + +#### Fase 2: Migración de Componentes Genéricos (Sprints 5-12) +**Objetivo:** Migrar componentes genéricos al ERP Genérico + +**Tareas:** +- [ ] Sprint 5-6: Desarrollar MGN-001 + gaps P0 (81 SP) +- [ ] Sprint 7: Desarrollar MGN-002, MGN-003 + gaps P0 (70 SP) +- [ ] Sprint 8-10: Desarrollar MGN-004, MGN-005 + gaps P0 (197 SP) +- [ ] Sprint 11-12: Desarrollar MGN-006, MGN-007, MGN-008 + gaps P0 (212 SP) + +**Story Points:** 560 SP +**Entregables:** +- ERP Genérico - Módulos Core completos +- Construcción refactorizado para usar genérico + +#### Fase 3: Funcionalidades Complementarias (Sprints 13-17) +**Objetivo:** Completar módulos complementarios + +**Tareas:** +- [ ] Sprint 13-14: Desarrollar MGN-013 (Portal) + gaps P0 (63 SP) +- [ ] Sprint 15: Desarrollar MGN-014 (Mensajería) (45 SP) +- [ ] Sprint 16-17: Testing, documentación, buffer + +**Story Points:** 108 SP + buffer +**Entregables:** +- ERP Genérico 100% funcional +- Construcción con portal INFONAVIT +- Testing coverage 70%+ + +### 5.2 Recursos Necesarios + +| Rol | Cantidad | Dedicación | Sprints | +|-----|----------|------------|---------| +| **Arquitecto de Software** | 1 | 100% | 1-17 | +| **Backend Developer** | 2 | 100% | 1-17 | +| **Frontend Developer** | 2 | 100% | 1-17 | +| **Database Administrator** | 1 | 50% | 1-17 | +| **DevOps Engineer** | 1 | 50% | 1-17 | +| **QA Engineer** | 1 | 100% | 5-17 | + +**Total:** 6.5 personas-equivalente, 17 sprints + +### 5.3 Costo Estimado vs Beneficio + +**Inversión:** +- 17 sprints × 6.5 personas × $15,000/persona-sprint = $1,657,500 MXN (~$95,000 USD) + +**ROI esperado:** +- Reutilización en ERP Vidrio: -36% desarrollo (~$50,000 USD ahorro) +- Reutilización en ERP Mecánicas: -36% desarrollo (~$50,000 USD ahorro) +- Reducción bugs: -40% (ahorro $20,000 USD/año) +- Reducción mantenimiento: -50% (ahorro $30,000 USD/año) +- **ROI:** 3.5x en 18 meses + +--- + +## 6. RIESGOS Y MITIGACIONES + +### 6.1 Riesgos de No Implementar Mejoras + +#### Riesgo 1: Deuda Técnica Acumulada +- **Probabilidad:** ALTA (si no se actúa) +- **Impacto:** ALTO +- **Consecuencia:** Desarrollo futuro 2-3x más lento, costo mantenimiento +100% +- **Mitigación:** Implementar mejoras P0 en Sprints 1-4 + +#### Riesgo 2: Imposibilidad de Reutilización +- **Probabilidad:** MEDIA +- **Impacto:** CRÍTICO +- **Consecuencia:** Desarrollo de ERP Vidrio y Mecánicas desde cero ($200,000 USD cada uno) +- **Mitigación:** Migrar componentes genéricos a ERP Genérico + +#### Riesgo 3: Compliance No Cumplido +- **Probabilidad:** ALTA +- **Impacto:** CRÍTICO +- **Consecuencia:** Auditorías fallidas (SAT, INFONAVIT), multas, suspensión +- **Mitigación:** Implementar gaps P0 financieros (reportes, secuencias, cierre período) + +### 6.2 Riesgos de Implementar Mejoras + +#### Riesgo 1: Regresiones en Construcción +- **Probabilidad:** MEDIA +- **Impacto:** ALTO +- **Mitigación:** Test coverage 70%+, deployment gradual, feature flags, rollback plan + +#### Riesgo 2: Over-Engineering del Genérico +- **Probabilidad:** BAJA +- **Impacto:** MEDIO +- **Mitigación:** Principio YAGNI, validar con 3 proyectos reales (construcción, vidrio, mecánicas) + +--- + +## 7. MÉTRICAS DE ÉXITO + +### 7.1 KPIs para Medir Éxito de Retroalimentación + +| KPI | Baseline (Actual) | Objetivo (6 meses) | Objetivo (12 meses) | +|-----|-------------------|--------------------|--------------------| +| **Test Coverage** | 15% | 40% | 70% | +| **Bugs por Sprint** | 12 | 6 | 3 | +| **Deuda Técnica** | 240 horas | 120 horas | 60 horas | +| **Tiempo desarrollo feature** | 10 días | 7 días | 5 días | +| **Reutilización de código** | 0% | 30% | 64% | +| **Deployment time** | 4 horas | 1 hora | 15 minutos | + +--- + +## 8. CONCLUSIÓN + +El análisis exhaustivo de Odoo, Gamilit y el propio ERP Construcción ha revelado **oportunidades significativas de mejora**. + +### 8.1 Principales Beneficios de Implementar Retroalimentación + +1. ✅ Reutilización de 64% de componentes en futuros ERPs +2. ✅ Reducción de 36% en tiempo de desarrollo +3. ✅ Eliminación de 96% de duplicación (SSOT) +4. ✅ Arquitectura escalable y mantenible (multi-schema, FSD) +5. ✅ Contabilidad analítica universal (P&L automático por proyecto) +6. ✅ Portal INFONAVIT (-40% llamadas call center) +7. ✅ Test coverage 70%+ (-70% bugs) +8. ✅ ROI 3.5x en 18 meses + +### 8.2 Recomendación Final + +**PROCEDER** con implementación de mejoras P0 (Sprints 1-4) y migración gradual al ERP Genérico (Sprints 5-17). + +**Justificación:** +- 12 gaps P0 identificados (143 SP) +- 10 mejoras arquitectónicas recomendadas +- ROI positivo 3.5x en 18 meses +- Reutilización 64% en proyectos futuros +- Compliance garantizado (SAT, INFONAVIT) + +--- + +## 9. APÉNDICES + +### A. Referencias +- [Fase 0 - Análisis de Referencias](../../00-analisis-referencias/) +- [Fase 1 - Definición de Módulos](../) +- [Gap Analysis por Módulo](./gaps/) +- [LISTA-MODULOS-ERP-GENERICO.md](../LISTA-MODULOS-ERP-GENERICO.md) +- [ALCANCE-POR-MODULO.md](../ALCANCE-POR-MODULO.md) +- [DEPENDENCIAS-MODULOS.md](../DEPENDENCIAS-MODULOS.md) + +### B. Contacto +- **Responsable:** Architecture-Analyst +- **Fecha:** 2025-11-23 +- **Versión:** 1.0.0 +- **Estado:** ✅ Completado diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-001.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-001.md new file mode 100644 index 0000000..8cd9659 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-001.md @@ -0,0 +1,262 @@ +# GAP ANALYSIS - MGN-001: Fundamentos + +**Fecha:** 2025-11-23 +**Basado en:** Odoo base + auth_signup, Gamilit auth_management, Construcción MAI-001 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 12 | +| **Funcionalidades incluidas en MGN-001** | 8 | +| **Gaps identificados** | 7 | +| **Gaps P0 (críticos)** | 3 | +| **Gaps P1 (altos)** | 2 | +| **Gaps P2 (bajos)** | 2 | +| **% Cobertura** | 67% | + +## 1. FUNCIONALIDADES DE ODOO + +### Del Módulo base (res.users, res.groups, ir.model.access, ir.rule) + +1. **Autenticación de usuarios:** Login con sesiones, cookies +2. **Gestión de usuarios:** CRUD usuarios con perfiles completos +3. **Sistema RBAC:** Roles (groups), permisos por modelo (ir.model.access) +4. **Record Rules (RLS):** Filtros SQL dinámicos por rol (ir.rule) +5. **Herencia de roles:** Grupos pueden heredar permisos de otros grupos +6. **Permisos campo-level:** Restricción de acceso a campos específicos +7. **Multi-company:** Usuarios acceden a múltiples empresas +8. **OAuth2 login:** Google, Facebook, Microsoft +9. **API Keys:** Tokens para integraciones externas +10. **Password policies:** Complejidad, expiración, historial + +### Del Módulo auth_signup + +11. **Signup con validación:** Registro de usuarios con email verification +12. **Reset password:** Token seguro con expiración + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-001 + +[Lista de funcionalidades que se incluyen según ALCANCE-POR-MODULO.md] + +1. ✅ **Autenticación JWT:** Incluida en MGN-001 (Login con JWT tokens) +2. ✅ **Gestión de usuarios:** Incluida en MGN-001 (CRUD completo) +3. ✅ **RBAC:** Incluida en MGN-001 (Roles, permisos CRUD por modelo) +4. ✅ **Multi-tenancy schema-level:** Incluida en MGN-001 (Isolation por schema) +5. ✅ **Signup:** Incluida en MGN-001 (Registro con validación email) +6. ✅ **Reset password:** Incluida en MGN-001 (Token seguro, 24h) +7. ✅ **Cambio de contraseña:** Incluida en MGN-001 (Con validación fuerte) +8. ✅ **RLS Policies:** Incluida en MGN-001 (Record-level security) + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos - Debe incluirse en MVP) + +#### GAP-MGN-001-001: API Keys para Integraciones Externas +- **Descripción:** Sistema de autenticación con API Keys para integraciones M2M (machine-to-machine) +- **Referencia Odoo:** base (API access tokens) +- **Impacto:** CRÍTICO +- **Justificación impacto:** Necesario para integración con INFONAVIT API, servicios externos, webhooks. Sin esto, todas las integraciones deben usar usuarios normales (riesgo de seguridad) +- **Recomendación:** INCLUIR en MVP +- **Esfuerzo estimado:** 8 SP +- **Implementación sugerida:** + ```sql + CREATE TABLE auth.api_keys ( + id UUID PRIMARY KEY, + user_id UUID REFERENCES auth.users(id), + key_hash TEXT NOT NULL, -- bcrypt hash + name TEXT NOT NULL, + scopes TEXT[], -- ['read:projects', 'write:budgets'] + expires_at TIMESTAMP, + last_used_at TIMESTAMP, + created_at TIMESTAMP DEFAULT NOW() + ); + ``` +- **Dependencias:** MGN-001 (usuarios) + +#### GAP-MGN-001-002: Permisos Granulares a Nivel de Campo +- **Descripción:** Restricción de acceso a campos específicos por rol (field-level permissions) +- **Referencia Odoo:** ir.model.fields.access +- **Impacto:** CRÍTICO +- **Justificación impacto:** INFONAVIT requiere ocultar campos sensibles (presupuestos, costos) a ciertos roles. Sin esto, usuarios ven información que no deben +- **Recomendación:** INCLUIR en MVP +- **Esfuerzo estimado:** 13 SP +- **Implementación sugerida:** + ```sql + CREATE TABLE auth.field_permissions ( + id UUID PRIMARY KEY, + role_id UUID REFERENCES auth.roles(id), + table_name TEXT NOT NULL, + field_name TEXT NOT NULL, + can_read BOOLEAN DEFAULT FALSE, + can_write BOOLEAN DEFAULT FALSE, + UNIQUE(role_id, table_name, field_name) + ); + ``` +- **Dependencias:** MGN-001 (RBAC) + +#### GAP-MGN-001-003: Herencia de Roles +- **Descripción:** Roles pueden heredar permisos de otros roles (role inheritance) +- **Referencia Odoo:** res.groups (implied_ids) +- **Impacto:** CRÍTICO +- **Justificación impacto:** Evita duplicación de permisos. Ej: "Supervisor" hereda de "Employee" + permisos adicionales. Sin esto, mantener permisos es muy manual +- **Recomendación:** INCLUIR en MVP +- **Esfuerzo estimado:** 10 SP +- **Implementación sugerida:** + ```sql + CREATE TABLE auth.role_inheritance ( + parent_role_id UUID REFERENCES auth.roles(id), + child_role_id UUID REFERENCES auth.roles(id), + PRIMARY KEY (parent_role_id, child_role_id) + ); + ``` +- **Dependencias:** MGN-001 (roles) + +### Gap P1 (Altos - Deseable para MVP) + +#### GAP-MGN-001-004: Two-Factor Authentication (2FA) +- **Descripción:** Autenticación de dos factores (TOTP, SMS, email) +- **Referencia Odoo:** auth_totp +- **Impacto:** ALTO +- **Justificación impacto:** Aumenta seguridad significativamente, especialmente para usuarios con permisos críticos (Director, Administrador). NO bloquea operación básica pero es importante +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo estimado:** 13 SP +- **Implementación sugerida:** + - TOTP (Google Authenticator, Authy) + - Backup codes + - Recovery email + ```sql + CREATE TABLE auth.user_2fa ( + user_id UUID PRIMARY KEY REFERENCES auth.users(id), + method TEXT NOT NULL, -- 'totp' | 'sms' | 'email' + secret TEXT, -- TOTP secret + backup_codes TEXT[], -- Array de códigos de respaldo + enabled BOOLEAN DEFAULT FALSE + ); + ``` +- **Dependencias:** MGN-001 (autenticación) + +#### GAP-MGN-001-005: OAuth2 Social Login +- **Descripción:** Login con proveedores externos (Google, Microsoft, Facebook) +- **Referencia Odoo:** auth_oauth +- **Impacto:** ALTO +- **Justificación impacto:** Mejora UX (usuarios no necesitan recordar contraseña). Útil para derechohabientes (login con Google). NO es crítico pero mejora adopción +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo estimado:** 13 SP +- **Implementación sugerida:** + - Passport.js con estrategias Google, Microsoft + - Vincular OAuth account a usuario existente + ```sql + CREATE TABLE auth.oauth_providers ( + user_id UUID REFERENCES auth.users(id), + provider TEXT NOT NULL, -- 'google' | 'microsoft' | 'facebook' + provider_user_id TEXT NOT NULL, + access_token TEXT, + refresh_token TEXT, + UNIQUE(provider, provider_user_id) + ); + ``` +- **Dependencias:** MGN-001 (autenticación) + +### Gap P2 (Medios/Bajos - No crítico) + +#### GAP-MGN-001-006: Delegación Temporal de Permisos +- **Descripción:** Usuario A puede delegar permisos a usuario B temporalmente +- **Referencia Odoo:** No existe en Odoo (funcionalidad custom) +- **Impacto:** BAJO +- **Justificación impacto:** Caso de uso específico (Director delega durante vacaciones). No es genérico, puede implementarse con lógica custom +- **Recomendación:** POSPONER a Fase 2 o posterior +- **Esfuerzo estimado:** 8 SP + +#### GAP-MGN-001-007: Password Policy Configurable +- **Descripción:** Políticas de contraseña configurables (longitud mínima, complejidad, expiración, historial) +- **Referencia Odoo:** base (password_policy) +- **Impacto:** MEDIO +- **Justificación impacto:** Útil para compliance (ISO 27001), pero política hardcodeada (8+ chars, mayúsculas, números) es suficiente para MVP +- **Recomendación:** POSPONER a Fase 2 +- **Esfuerzo estimado:** 5 SP + +## 4. FUNCIONALIDADES SOBRANTES (No en Odoo, pero incluidas) + +1. **Multi-Tenancy Schema-Level:** No en Odoo (Odoo usa multi-company a nivel de filas). Incluimos schema-level isolation para mejor seguridad y performance + - Razón: Mejor aislamiento, queries más rápidas (sin filtros WHERE company_id) + - Patrón Gamilit: 9 schemas separados + +## 5. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +### Funcionalidades en ERP Construcción (MAI-001) + +**Implementadas:** +- ✅ Autenticación JWT +- ✅ Usuarios (CRUD básico) +- ✅ Roles (CRUD) +- ✅ Permisos por modelo (básico) +- ✅ Multi-tenancy (schema-level) +- ✅ Signup (con email) +- ✅ Reset password + +**Parcialmente implementadas:** +- 🟡 RLS Policies (~20 policies, Odoo tiene 159) +- 🟡 RBAC (sin herencia de roles) + +**No implementadas:** +- ❌ API Keys +- ❌ Permisos field-level +- ❌ 2FA +- ❌ OAuth2 +- ❌ Password policies configurables + +### Gaps vs Construcción + +**Funcionalidades que Construcción NO tiene pero DEBERÍA tener según Odoo:** + +1. **API Keys (P0):** Crítico para integración INFONAVIT API +2. **Herencia de roles (P0):** Simplifica gestión de permisos +3. **Permisos field-level (P0):** Ocultar campos sensibles (presupuestos, costos) +4. **2FA (P1):** Seguridad para usuarios críticos +5. **159 RLS Policies completas (P0):** Construcción tiene ~20, faltan 139 + +## 6. RECOMENDACIONES + +### Para MGN-001 + +- [x] **Incluir API Keys (GAP-001):** CRÍTICO para integraciones. Implementar con scopes granulares +- [x] **Incluir permisos field-level (GAP-002):** CRÍTICO para seguridad. Implementar con tabla auth.field_permissions +- [x] **Incluir herencia de roles (GAP-003):** CRÍTICO para mantenibilidad. Implementar con tabla auth.role_inheritance +- [ ] **Considerar 2FA (GAP-004):** Deseable para MVP, implementar TOTP con backup codes +- [ ] **Considerar OAuth2 (GAP-005):** Deseable para UX, implementar Google + Microsoft + +### Para ERP Construcción + +- [x] **Retroalimentación 1:** Agregar API Keys para integración INFONAVIT API +- [x] **Retroalimentación 2:** Completar RLS Policies (20 → 159, faltan 139) +- [x] **Retroalimentación 3:** Implementar herencia de roles para simplificar gestión +- [x] **Retroalimentación 4:** Agregar permisos field-level para campos sensibles +- [ ] **Retroalimentación 5:** Considerar 2FA para Director y Administrador + +## 7. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-001 Original | 50 SP | - | 50 SP | - | +| GAP-001 (API Keys) | - | +8 SP | - | +8 SP | +| GAP-002 (Field permissions) | - | +13 SP | - | +13 SP | +| GAP-003 (Role inheritance) | - | +10 SP | - | +10 SP | +| **MGN-001 Total** | **50 SP** | **+31 SP** | **81 SP** | **+31 SP (+62%)** | + +**Análisis:** Agregar gaps P0 aumenta MGN-001 en 62%. Si incluimos P1 (2FA, OAuth2), llegaría a 107 SP (+114%). + +**Recomendación:** +- MVP: 81 SP (incluir P0) +- Fase 2: +26 SP (2FA + OAuth2) + +## 8. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-001](../ALCANCE-POR-MODULO.md#mgn-001-fundamentos) +- [MAPEO-ODOO-TO-MGN.md](../../00-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md) +- [odoo-base-analysis.md](../../00-analisis-referencias/odoo/odoo-base-analysis.md) +- [odoo-auth-analysis.md](../../00-analisis-referencias/odoo/odoo-auth-analysis.md) +- [ADR-001: Stack Tecnológico](../../adr/ADR-001-stack-tecnologico.md) +- [ADR-003: Multi-Tenancy](../../adr/ADR-003-multi-tenancy.md) +- [ADR-006: RBAC](../../adr/ADR-006-rbac.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-002.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-002.md new file mode 100644 index 0000000..a4a2332 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-002.md @@ -0,0 +1,149 @@ +# GAP ANALYSIS - MGN-002: Empresas y Organizaciones + +**Fecha:** 2025-11-23 +**Basado en:** Odoo base (res.company), Gamilit core, Construcción MAI-002 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 8 | +| **Funcionalidades incluidas en MGN-002** | 5 | +| **Gaps identificados** | 3 | +| **Gaps P0 (críticos)** | 0 | +| **Gaps P1 (altos)** | 1 | +| **Gaps P2 (bajos)** | 2 | +| **% Cobertura** | 63% | + +## 1. FUNCIONALIDADES DE ODOO + +### Del Módulo base (res.company) + +1. **Gestión de empresas:** CRUD de empresas con datos completos +2. **Multi-company access:** Usuario puede acceder a múltiples empresas +3. **Context switching:** Cambio de empresa activa sin logout +4. **Configuración empresa:** Logo, datos fiscales, moneda principal +5. **Holdings:** Jerarquías de empresas (parent_id) +6. **Empresa como partner:** Empresa vinculada a res.partner +7. **Consolidación financiera:** Balance consolidado de holdings +8. **Transferencias inter-compañía:** Transacciones entre empresas del grupo + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-002 + +1. ✅ **Gestión de empresas:** Incluida en MGN-002 (CRUD completo) +2. ✅ **Multi-empresa:** Incluida en MGN-002 (Usuario accede a múltiples) +3. ✅ **Context switching:** Incluida en MGN-002 (Cambio de empresa activa) +4. ✅ **Configuración empresa:** Incluida en MGN-002 (Logo, datos fiscales, moneda) +5. ✅ **Holdings:** Incluida en MGN-002 (parent_id jerárquico) + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos - Debe incluirse en MVP) + +**NO HAY GAPS P0** + +### Gap P1 (Altos - Deseable para MVP) + +#### GAP-MGN-002-001: Roles Diferentes por Empresa +- **Descripción:** Usuario puede tener un rol diferente en cada empresa (ej: Admin en Empresa A, Employee en Empresa B) +- **Referencia Odoo:** res.company.users_rel con roles específicos +- **Impacto:** ALTO +- **Justificación impacto:** En grupos empresariales, usuario puede ser gerente en una empresa y supervisor en otra. Sin esto, usuario tiene mismo rol en todas (limitación) +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo estimado:** 8 SP +- **Implementación sugerida:** + ```sql + -- Modificar tabla users_companies + CREATE TABLE core.users_companies ( + user_id UUID REFERENCES auth.users(id), + company_id UUID REFERENCES core.companies(id), + role_id UUID REFERENCES auth.roles(id), -- Rol específico en esta empresa + is_default BOOLEAN DEFAULT FALSE, + PRIMARY KEY (user_id, company_id) + ); + ``` +- **Dependencias:** MGN-001 (roles), MGN-002 (empresas) + +### Gap P2 (Medios/Bajos - No crítico) + +#### GAP-MGN-002-002: Consolidación Financiera Multi-Empresa +- **Descripción:** Balance consolidado de holdings (suma automática de balances de empresas hijas) +- **Referencia Odoo:** account (consolidación) +- **Impacto:** MEDIO +- **Justificación impacto:** Útil para grupos empresariales, pero es funcionalidad contable avanzada. Puede implementarse con queries custom en MGN-004 o MGN-012 +- **Recomendación:** POSPONER a Fase 2 o extensión MGN-004 +- **Esfuerzo estimado:** 21 SP (complejo) + +#### GAP-MGN-002-003: Transferencias Inter-Compañía Automáticas +- **Descripción:** Transferencias de inventario/financieras entre empresas del grupo con asientos automáticos +- **Referencia Odoo:** account (inter-company transactions) +- **Impacto:** BAJO +- **Justificación impacto:** Funcionalidad avanzada para holdings. No es esencial para mayoría de casos de uso +- **Recomendación:** POSPONER a Fase 2 o posterior +- **Esfuerzo estimado:** 13 SP + +## 4. FUNCIONALIDADES SOBRANTES (No en Odoo, pero incluidas) + +**NO HAY FUNCIONALIDADES SOBRANTES** + +MGN-002 es implementación fiel de res.company de Odoo. + +## 5. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +### Funcionalidades en ERP Construcción (MAI-002) + +**Implementadas:** +- ✅ Gestión de empresas (CRUD) +- ✅ Multi-empresa (usuario accede a múltiples) +- ✅ Configuración empresa (logo, RFC, datos fiscales) +- ✅ Context switching + +**No implementadas:** +- ❌ Holdings (parent_id) +- ❌ Roles diferentes por empresa +- ❌ Empresa vinculada a partner + +### Gaps vs Construcción + +**Funcionalidades que Construcción NO tiene pero DEBERÍA tener según Odoo:** + +1. **Holdings (P1):** Para grupos constructoras (matriz con subsidiarias) +2. **Empresa como partner (P1):** Patrón Odoo, simplifica catálogos +3. **Roles por empresa (P1):** Usuario puede ser Admin en una empresa, Supervisor en otra + +## 6. RECOMENDACIONES + +### Para MGN-002 + +- [ ] **Considerar roles por empresa (GAP-001):** Útil para grupos empresariales, pero NO bloquea MVP +- [ ] **Agregar company.partner_id:** Vincular empresa a partner (patrón Odoo) +- [ ] **Validar jerarquías:** Prevenir ciclos en parent_id (empresa A → B → A) + +### Para ERP Construcción + +- [x] **Retroalimentación 1:** Implementar holdings (parent_id) para grupos constructoras +- [x] **Retroalimentación 2:** Vincular empresa a partner (simplifica catálogos) +- [ ] **Retroalimentación 3:** Considerar roles diferentes por empresa para organización matricial + +## 7. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-002 Original | 30 SP | - | 30 SP | - | +| GAP-001 (Roles por empresa) | - | 0 SP (P1) | - | - | +| **MGN-002 Total** | **30 SP** | **+0 SP** | **30 SP** | **+0 SP** | + +**Análisis:** No hay gaps P0. MGN-002 puede implementarse sin cambios. Si se incluye GAP-001 (P1), serían +8 SP (+27%). + +**Recomendación:** +- MVP: 30 SP (sin cambios) +- Fase 2: +8 SP (roles por empresa) + +## 8. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-002](../ALCANCE-POR-MODULO.md#mgn-002-empresas-y-organizaciones) +- [MAPEO-ODOO-TO-MGN.md](../../00-analisis-referencias/odoo/MAPEO-ODOO-TO-MGN.md) +- [odoo-base-analysis.md](../../00-analisis-referencias/odoo/odoo-base-analysis.md) +- [ADR-002: Arquitectura Modular](../../adr/ADR-002-arquitectura-modular.md) +- [ADR-003: Multi-Tenancy](../../adr/ADR-003-multi-tenancy.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-003.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-003.md new file mode 100644 index 0000000..597432f --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-003.md @@ -0,0 +1,137 @@ +# GAP ANALYSIS - MGN-003: Catálogos Maestros + +**Fecha:** 2025-11-23 +**Basado en:** Odoo base (res.partner, res.currency, res.country, uom.uom), Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 10 | +| **Funcionalidades incluidas en MGN-003** | 8 | +| **Gaps identificados** | 4 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 2 | +| **Gaps P2 (bajos)** | 1 | +| **% Cobertura** | 80% | + +## 1. FUNCIONALIDADES DE ODOO + +### Módulo base - res.partner +1. **Partner universal:** is_customer, is_supplier, is_employee (un modelo para todos) +2. **Jerarquía de partners:** parent_id (empresa con contactos) +3. **Datos fiscales:** Tax ID, régimen fiscal, responsabilidades tributarias +4. **Condiciones de pago:** Payment terms (30, 60, 90 días) +5. **Calificación partner:** customer_rank, supplier_rank + +### Módulo base - res.currency +6. **Catálogo monedas:** ISO 4217 (USD, MXN, EUR, etc.) +7. **Tasas de cambio:** Con vigencia temporal, actualización manual/automática + +### Módulo base - res.country +8. **Catálogo países:** ISO 3166-1 (código 2/3 letras, numérico) +9. **Estados/provincias:** res.country.state + +### Módulo uom +10. **Unidades de medida:** Categorías (longitud, peso, volumen), conversiones automáticas + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-003 + +1. ✅ **Partner universal** - Incluido +2. ✅ **Jerarquía partners** - Incluido +3. ✅ **Datos fiscales** - Incluido +4. ✅ **Condiciones de pago** - Incluido +5. ✅ **Catálogo monedas** - Incluido +6. ✅ **Tasas de cambio** - Incluido (manual) +7. ✅ **Catálogo países** - Incluido +8. ✅ **Unidades de medida** - Incluido + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos - Debe incluirse en MVP) + +#### GAP-MGN-003-001: Calificación de Partners (Ranking) +- **Descripción:** Customer rank y supplier rank (calificación automática basada en transacciones) +- **Referencia Odoo:** res.partner (customer_rank, supplier_rank) +- **Impacto:** CRÍTICO +- **Justificación impacto:** Identifica partners inactivos vs activos. Reportes como "Top 10 Clientes" requieren ranking. Sin esto, queries complejos en reportes +- **Recomendación:** INCLUIR en MVP +- **Esfuerzo estimado:** 5 SP +- **Implementación:** + ```sql + ALTER TABLE core.partners + ADD COLUMN customer_rank INT DEFAULT 0, + ADD COLUMN supplier_rank INT DEFAULT 0; + + -- Trigger para actualizar rank en cada transacción + CREATE FUNCTION update_partner_ranks() RETURNS TRIGGER AS $$ + BEGIN + -- Incrementar customer_rank si es factura de cliente + -- Incrementar supplier_rank si es factura de proveedor + END; + $$ LANGUAGE plpgsql; + ``` + +### Gap P1 (Altos - Deseable para MVP) + +#### GAP-MGN-003-002: Actualización Automática de Tasas de Cambio +- **Descripción:** Sincronización automática de tasas de cambio desde API externa (Banxico, ECB) +- **Referencia Odoo:** currency_rate_update +- **Impacto:** ALTO +- **Justificación impacto:** Sin esto, contador debe actualizar tasas manualmente diariamente. API de Banxico proporciona tasas oficiales +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo estimado:** 13 SP + +#### GAP-MGN-003-003: Validación de Tax ID por País +- **Descripción:** Validación de RFC (México), NIT (Colombia), CUIT (Argentina) con algoritmos oficiales +- **Referencia Odoo:** l10n_mx_edi (validación RFC) +- **Impacto:** ALTO +- **Justificación impacto:** Previene errores de captura en datos fiscales. RFC inválido causa problemas en facturación electrónica +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo estimado:** 8 SP + +### Gap P2 (Medios/Bajos - No crítico) + +#### GAP-MGN-003-004: Portal de Proveedores (Onboarding) +- **Descripción:** Portal para que proveedores registren sus datos (partner onboarding) +- **Referencia Odoo:** portal (partner portal) +- **Impacto:** BAJO +- **Justificación impacto:** Útil para onboarding masivo de proveedores, pero puede hacerse manualmente +- **Recomendación:** POSPONER a Fase 2 +- **Esfuerzo estimado:** 13 SP + +## 4. FUNCIONALIDADES SOBRANTES + +**NO HAY FUNCIONALIDADES SOBRANTES** + +## 5. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +### Gaps vs Construcción + +1. **Ranking de partners (P0):** NO implementado +2. **Actualización automática tasas (P1):** NO implementado (manual) +3. **Validación RFC (P1):** NO implementado + +## 6. RECOMENDACIONES + +### Para MGN-003 +- [x] **Incluir partner ranking (GAP-001):** CRÍTICO para reportes +- [ ] **Considerar actualización automática tasas (GAP-002):** Ahorra tiempo contador +- [ ] **Considerar validación Tax ID (GAP-003):** Previene errores facturación + +### Para ERP Construcción +- [x] **Agregar customer_rank/supplier_rank** +- [x] **Implementar actualización automática de tasas (API Banxico)** +- [x] **Validar RFC con algoritmo oficial** + +## 7. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-003 | 35 SP | +5 SP | 40 SP | +5 SP (+14%) | + +## 8. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-003](../ALCANCE-POR-MODULO.md#mgn-003-catalogos-maestros) +- [odoo-base-analysis.md](../../00-analisis-referencias/odoo/odoo-base-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-004.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-004.md new file mode 100644 index 0000000..69d73f5 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-004.md @@ -0,0 +1,150 @@ +# GAP ANALYSIS - MGN-004: Financiero Básico + +**Fecha:** 2025-11-23 +**Basado en:** Odoo account, Construcción MAI-004 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 15 | +| **Funcionalidades incluidas en MGN-004** | 10 | +| **Gaps identificados** | 8 | +| **Gaps P0 (críticos)** | 3 | +| **Gaps P1 (altos)** | 3 | +| **Gaps P2 (bajos)** | 2 | +| **% Cobertura** | 67% | + +## 1. FUNCIONALIDADES DE ODOO + +1. Plan de cuentas (chart of accounts) +2. Asientos contables (journal entries) +3. Facturas cliente/proveedor +4. Pagos y conciliación +5. **Reportes financieros estándar** (Balance, P&L) +6. Multi-moneda (gain/loss cambiario) +7. Journals (ventas, compras, banco, misceláneos) +8. **Secuencias automáticas** de documentos (facturas numeradas) +9. **Conciliación bancaria automática** (bank statement matching) +10. **Impuestos configurables** (IVA, retenciones, ISR) +11. **Plantillas plan de cuentas** por país +12. **Cierre de período** (lock dates) +13. **Reportes legales** (DIOT México, SAT) +14. **Activos fijos** (depreciación) +15. **Presupuestos financieros** + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-004 + +1. ✅ Plan de cuentas +2. ✅ Asientos contables +3. ✅ Facturas cliente/proveedor +4. ✅ Pagos +5. ✅ Multi-moneda +6. ✅ Journals +7. ✅ Impuestos básicos +8. ✅ Conciliación de pagos +9. ✅ Reportes básicos (Balance, P&L) +10. ✅ Plantillas plan de cuentas + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos) + +#### GAP-MGN-004-001: Reportes Financieros Estándar Completos +- **Descripción:** Balance General y Estado de Resultados con formato oficial (consolidado, comparativo, detallado) +- **Referencia Odoo:** account (financial reports) +- **Impacto:** CRÍTICO +- **Justificación:** Requerimiento legal (SAT México, IFRS). Sin esto, contador genera reportes manuales +- **Esfuerzo:** 13 SP + +#### GAP-MGN-004-002: Secuencias Automáticas de Documentos +- **Descripción:** Numeración automática de facturas (F-0001, F-0002) con prefijos configurables +- **Referencia Odoo:** ir.sequence +- **Impacto:** CRÍTICO +- **Justificación:** Requerimiento fiscal (folios consecutivos). Sin esto, facturas mal numeradas +- **Esfuerzo:** 8 SP + +#### GAP-MGN-004-003: Cierre de Período Contable +- **Descripción:** Lock date (fecha de cierre) que previene modificar asientos de períodos cerrados +- **Referencia Odoo:** account.move (post_date constraint) +- **Impacto:** CRÍTICO +- **Justificación:** Control interno. Sin esto, usuarios pueden modificar meses cerrados y descuadrar contabilidad +- **Esfuerzo:** 5 SP + +### Gap P1 (Altos) + +#### GAP-MGN-004-004: Conciliación Bancaria Automática +- **Descripción:** Matching automático de movimientos bancarios con pagos registrados +- **Referencia Odoo:** account.bank.statement.line.reconciliation +- **Impacto:** ALTO +- **Justificación:** Ahorra 15-20 horas/mes a contador. Sin esto, conciliación es manual +- **Esfuerzo:** 21 SP + +#### GAP-MGN-004-005: Impuestos Configurables Avanzados +- **Descripción:** Impuestos compuestos (IVA + IEPS), retenciones automáticas (ISR 10%) +- **Referencia Odoo:** account.tax (children_tax_ids) +- **Impacto:** ALTO +- **Justificación:** México requiere retenciones ISR/IVA. Sin esto, cálculo manual propenso a errores +- **Esfuerzo:** 13 SP + +#### GAP-MGN-004-006: Plantillas de Plan de Cuentas por País +- **Descripción:** Templates pre-configurados (México SAT, Colombia PUC, USA GAAP) +- **Referencia Odoo:** l10n_mx, l10n_co +- **Impacto:** ALTO +- **Justificación:** Ahorra 40 horas configuración inicial. Sin esto, crear plan de cuentas desde cero +- **Esfuerzo:** 13 SP + +### Gap P2 (Medios/Bajos) + +#### GAP-MGN-004-007: Activos Fijos (Depreciación) +- **Descripción:** Gestión de activos fijos con depreciación automática (línea recta, acelerada) +- **Referencia Odoo:** account_asset +- **Impacto:** MEDIO +- **Justificación:** Útil pero puede calcularse manualmente o con Excel +- **Esfuerzo:** 21 SP + +#### GAP-MGN-004-008: Presupuestos Financieros +- **Descripción:** Budget vs Real por cuenta contable, alertas de sobre-presupuesto +- **Referencia Odoo:** account_budget +- **Impacto:** MEDIO +- **Justificación:** Deseable pero NO bloquea operación contable +- **Esfuerzo:** 13 SP + +## 4. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +### Gaps vs Construcción + +ERP Construcción NO tiene: +1. ❌ Reportes financieros estándar (Balance/P&L formato oficial) +2. ❌ Secuencias automáticas de facturas +3. ❌ Cierre de período +4. ❌ Conciliación bancaria automática +5. ❌ Impuestos compuestos/retenciones automáticas + +## 5. RECOMENDACIONES + +### Para MGN-004 +- [x] **INCLUIR GAP-001 (Reportes):** CRÍTICO - Requerimiento legal +- [x] **INCLUIR GAP-002 (Secuencias):** CRÍTICO - Requerimiento fiscal +- [x] **INCLUIR GAP-003 (Cierre período):** CRÍTICO - Control interno +- [ ] **CONSIDERAR GAP-004 (Conciliación bancaria):** Ahorra 20 hrs/mes + +### Para ERP Construcción +- [x] Implementar reportes financieros estándar (SAT México) +- [x] Agregar secuencias automáticas de documentos +- [x] Implementar cierre de período contable +- [x] Considerar conciliación bancaria automática + +## 6. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-004 | 80 SP | +26 SP | 106 SP | +26 SP (+33%) | + +Con P1: 106 + 47 = 153 SP (+91%) + +## 7. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-004](../ALCANCE-POR-MODULO.md#mgn-004-financiero-basico) +- [odoo-account-analysis.md](../../00-analisis-referencias/odoo/odoo-account-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-005.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-005.md new file mode 100644 index 0000000..27687e8 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-005.md @@ -0,0 +1,69 @@ +# GAP ANALYSIS - MGN-005: Inventario Básico + +**Fecha:** 2025-11-23 +**Basado en:** Odoo stock, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 12 | +| **Funcionalidades incluidas en MGN-005** | 10 | +| **Gaps identificados** | 4 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 2 | +| **Gaps P2 (bajos)** | 1 | +| **% Cobertura** | 83% | + +## GAPS IDENTIFICADOS + +### Gap P0 + +#### GAP-MGN-005-001: Estrategias de Valoración de Inventario (FIFO/Average Cost) +- **Referencia Odoo:** stock.valuation (FIFO, Average Cost) +- **Impacto:** CRÍTICO +- **Justificación:** Requerimiento fiscal (NIF C-4 México). Sin esto, costo de ventas incorrecto +- **Esfuerzo:** 21 SP + +### Gap P1 + +#### GAP-MGN-005-002: Trazabilidad Completa (Lotes/Series) +- **Referencia Odoo:** stock.production.lot, stock.lot +- **Impacto:** ALTO +- **Justificación:** Rastreabilidad materiales (cemento lote X usado en torre Y) +- **Esfuerzo:** 13 SP + +#### GAP-MGN-005-003: Inventarios Cíclicos +- **Referencia Odoo:** stock.inventory (cycle counting) +- **Impacto:** ALTO +- **Justificación:** Auditorías sin parar operaciones +- **Esfuerzo:** 13 SP + +### Gap P2 + +#### GAP-MGN-005-004: Rutas de Inventario (Push/Pull Rules) +- **Impacto:** MEDIO +- **Justificación:** Automatizaciones avanzadas, NO esencial para MVP +- **Esfuerzo:** 21 SP + +## RECOMENDACIONES + +### Para MGN-005 +- [x] **INCLUIR GAP-001 (FIFO/Average Cost):** CRÍTICO - Requerimiento fiscal + +### Para ERP Construcción +- [x] Implementar valoración FIFO (cumplimiento NIF C-4) +- [x] Agregar trazabilidad de lotes para materiales críticos +- [ ] Considerar inventarios cíclicos para auditorías continuas + +## IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-005 | 70 SP | +21 SP | 91 SP | +21 SP (+30%) | + +## REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-005](../ALCANCE-POR-MODULO.md#mgn-005-inventario-basico) +- [odoo-stock-analysis.md](../../00-analisis-referencias/odoo/odoo-stock-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-006.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-006.md new file mode 100644 index 0000000..8c7c85e --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-006.md @@ -0,0 +1,53 @@ +# GAP ANALYSIS - MGN-006: Compras Básico + +**Fecha:** 2025-11-23 +**Basado en:** Odoo purchase, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 9 | +| **Funcionalidades incluidas en MGN-006** | 8 | +| **Gaps identificados** | 2 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 1 | +| **% Cobertura** | 89% | + +## GAPS IDENTIFICADOS + +### Gap P0 + +#### GAP-MGN-006-001: Control 3-Way Match (PO vs Receipt vs Invoice) +- **Referencia Odoo:** purchase (3-way matching) +- **Impacto:** CRÍTICO +- **Justificación:** Control interno esencial. Previene fraudes (facturar sin recibir, pagar de más). Auditorías requieren evidencia de 3-way match +- **Esfuerzo:** 13 SP + +### Gap P1 + +#### GAP-MGN-006-002: Acuerdos Marco con Proveedores (Blanket Orders) +- **Referencia Odoo:** purchase.blanket.order +- **Impacto:** ALTO +- **Justificación:** Contratos anuales con proveedores (cemento, acero). Sin esto, crear PO cada vez (lento) +- **Esfuerzo:** 13 SP + +## RECOMENDACIONES + +### Para MGN-006 +- [x] **INCLUIR GAP-001 (3-way match):** CRÍTICO - Control interno + +### Para ERP Construcción +- [x] Implementar 3-way match con alertas automáticas + +## IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-006 | 60 SP | +13 SP | 73 SP | +13 SP (+22%) | + +## REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-006](../ALCANCE-POR-MODULO.md#mgn-006-compras-basico) +- [odoo-purchase-analysis.md](../../00-analisis-referencias/odoo/odoo-purchase-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-007.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-007.md new file mode 100644 index 0000000..1d90c87 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-007.md @@ -0,0 +1,54 @@ +# GAP ANALYSIS - MGN-007: Ventas Básico + +**Fecha:** 2025-11-23 +**Basado en:** Odoo sale, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 10 | +| **Funcionalidades incluidas en MGN-007** | 9 | +| **Gaps identificados** | 2 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 1 | +| **% Cobertura** | 90% | + +## GAPS IDENTIFICADOS + +### Gap P0 + +#### GAP-MGN-007-001: Pagos Anticipados (Down Payments) +- **Referencia Odoo:** sale.advance.payment.inv +- **Impacto:** CRÍTICO +- **Justificación:** INFONAVIT requiere pagos en fases (anticipo 30%, avance 50%, entrega 20%). Sin esto, contabilidad de anticipos es manual +- **Esfuerzo:** 13 SP + +### Gap P1 + +#### GAP-MGN-007-002: Pricing Rules (Descuentos Escalonados) +- **Referencia Odoo:** product.pricelist +- **Impacto:** ALTO +- **Justificación:** Descuentos por volumen (10+ viviendas = -5%). Sin esto, descuentos manuales +- **Esfuerzo:** 13 SP + +## RECOMENDACIONES + +### Para MGN-007 +- [x] **INCLUIR GAP-001 (Down payments):** CRÍTICO para INFONAVIT + +### Para ERP Construcción +- [x] Implementar pagos anticipados con control de fases +- [ ] Considerar pricing rules para descuentos por volumen + +## IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-007 | 60 SP | +13 SP | 73 SP | +13 SP (+22%) | + +## REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-007](../ALCANCE-POR-MODULO.md#mgn-007-ventas-basico) +- [odoo-sale-analysis.md](../../00-analisis-referencias/odoo/odoo-sale-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-008.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-008.md new file mode 100644 index 0000000..8523f7f --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-008.md @@ -0,0 +1,143 @@ +# GAP ANALYSIS - MGN-008: Contabilidad Analítica + +**Fecha:** 2025-11-23 +**Basado en:** Odoo analytic, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 8 | +| **Funcionalidades incluidas en MGN-008** | 7 | +| **Gaps identificados** | 2 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 1 | +| **Gaps P2 (bajos)** | 0 | +| **% Cobertura** | 88% | + +## 1. FUNCIONALIDADES DE ODOO + +1. Cuentas analíticas (proyectos, departamentos, centros de costo) +2. Líneas analíticas automáticas +3. Campo `analytic_account_id` en TODAS las transacciones +4. Distribución analítica (60% Proyecto A, 40% Proyecto B) +5. Tags analíticos (torre, etapa, fase) +6. Reportes P&L por proyecto +7. **Planes analíticos** (multi-dimensional: proyecto + departamento + categoría) +8. **Presupuesto por cuenta analítica** (budget vs real) + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-008 + +1. ✅ Cuentas analíticas +2. ✅ Líneas analíticas automáticas +3. ✅ Campo analytic_account_id universal +4. ✅ Distribución analítica +5. ✅ Tags analíticos +6. ✅ Reportes P&L por proyecto +7. ✅ Presupuesto básico + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos) + +#### GAP-MGN-008-001: Planes Analíticos Multi-Dimensionales +- **Descripción:** Análisis multi-dimensional (proyecto × departamento × categoría) en lugar de una sola dimensión +- **Referencia Odoo:** account.analytic.plan +- **Impacto:** CRÍTICO +- **Justificación:** Construcción requiere reportes como "Costos de materiales (categoría) por torre (proyecto) por departamento". Una sola dimensión NO es suficiente +- **Recomendación:** INCLUIR en MVP +- **Esfuerzo:** 21 SP +- **Implementación:** + ```sql + CREATE TABLE analytics.plans ( + id UUID PRIMARY KEY, + name TEXT NOT NULL -- 'Proyectos', 'Departamentos', 'Categorías' + ); + + CREATE TABLE analytics.accounts ( + id UUID PRIMARY KEY, + plan_id UUID REFERENCES analytics.plans(id), + name TEXT NOT NULL + ); + + -- Líneas analíticas multi-dimensional + CREATE TABLE analytics.distributions ( + line_id UUID REFERENCES analytics.lines(id), + plan_id UUID REFERENCES analytics.plans(id), + account_id UUID REFERENCES analytics.accounts(id), + percentage NUMERIC(5,2) DEFAULT 100 + ); + ``` +- **Ejemplo:** + ``` + Compra de cemento $10,000: + - Proyecto: Torre A (60%), Torre B (40%) + - Departamento: Construcción (100%) + - Categoría: Materiales (100%) + + Resultado: $6,000 en Torre A + Construcción + Materiales + $4,000 en Torre B + Construcción + Materiales + ``` + +### Gap P1 (Altos) + +#### GAP-MGN-008-002: Alertas de Sobre-Presupuesto +- **Descripción:** Notificaciones automáticas cuando presupuesto por proyecto excede 90%, 100%, 110% +- **Referencia Odoo:** account_budget (budget alerts) +- **Impacto:** ALTO +- **Justificación:** Previene sobre-costos. Director recibe alerta cuando proyecto se acerca a límite +- **Recomendación:** CONSIDERAR para MVP o Fase 2 +- **Esfuerzo:** 8 SP + +## 4. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +### Estado Actual Construcción + +ERP Construcción tiene contabilidad analítica **PARCIAL**: +- ✅ Campo `project_id` en transacciones (NO es analytic_account_id universal) +- ❌ NO tiene cuentas analíticas formales +- ❌ NO tiene distribución analítica (proyecto A 60%, proyecto B 40%) +- ❌ NO tiene tags analíticos +- ❌ NO tiene multi-dimensional (solo proyecto, falta departamento/categoría) + +**Impacto:** Reportes de costos por proyecto requieren queries complejos y son propensos a errores. + +## 5. RECOMENDACIONES + +### Para MGN-008 +- [x] **INCLUIR GAP-001 (Planes multi-dimensionales):** CRÍTICO para construcción +- [ ] **CONSIDERAR GAP-002 (Alertas presupuesto):** Previene sobre-costos + +### Para ERP Construcción +- [x] **MIGRAR project_id → analytic_account_id:** Adoptar patrón Odoo +- [x] **IMPLEMENTAR distribución analítica:** 60% Torre A, 40% Torre B +- [x] **AGREGAR tags analíticos:** torre, etapa, fase, tipo +- [x] **IMPLEMENTAR multi-dimensional:** proyecto × departamento × categoría + +## 6. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-008 | 45 SP | +21 SP | 66 SP | +21 SP (+47%) | + +## 7. IMPORTANCIA PARA CONSTRUCCIÓN + +⭐⭐⭐⭐⭐ **CRÍTICO** + +Contabilidad analítica universal es **LA FUNCIONALIDAD MÁS IMPORTANTE** para ERP de proyectos. Sin esto: +- ❌ Reportes P&L por proyecto son manuales (80 horas/mes) +- ❌ NO se puede saber rentabilidad de lote/torre en tiempo real +- ❌ Decisiones de negocio basadas en intuición, no datos + +Con esto: +- ✅ Reportes automáticos en segundos +- ✅ Rentabilidad por lote/torre/proyecto en dashboard +- ✅ Decisiones basadas en datos reales +- ✅ Ahorro: 80 horas/mes contador + mejores decisiones + +## 8. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-008](../ALCANCE-POR-MODULO.md#mgn-008-contabilidad-analitica) +- [odoo-analytic-analysis.md](../../00-analisis-referencias/odoo/odoo-analytic-analysis.md) +- [GAP-ANALYSIS.md](../../00-analisis-referencias/construccion/GAP-ANALYSIS.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-009.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-009.md new file mode 100644 index 0000000..7a16d8f --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-009.md @@ -0,0 +1,32 @@ +# GAP ANALYSIS - MGN-009: CRM Básico + +**Fecha:** 2025-11-23 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 8 | +| **Funcionalidades incluidas** | 8 | +| **Gaps identificados** | 0 | +| **% Cobertura** | 100% | + +## ANÁLISIS + +MGN-009 cubre 100% de funcionalidades básicas de Odoo CRM. NO hay gaps críticos. + +Funcionalidades NO incluidas (por ser específicas de venta activa, no aplican a INFONAVIT): +- Marketing automation +- Lead scoring avanzado +- Integración redes sociales + +## RECOMENDACIONES + +### Para ERP Construcción +CRM NO es prioritario para INFONAVIT (asignación, no venta tradicional). +POSPONER a Fase 2. + +## REFERENCIAS + +- [odoo-crm-analysis.md](../../00-analisis-referencias/odoo/odoo-crm-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-010.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-010.md new file mode 100644 index 0000000..771d8a1 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-010.md @@ -0,0 +1,36 @@ +# GAP ANALYSIS - MGN-010: RRHH Básico + +**Fecha:** 2025-11-23 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 9 | +| **Funcionalidades incluidas** | 9 | +| **Gaps identificados** | 1 | +| **Gaps P1 (altos)** | 1 | +| **% Cobertura** | 100% (básico) | + +## GAPS IDENTIFICADOS + +### Gap P1 + +#### GAP-MGN-010-001: Timesheet con Costeo Automático +- **Referencia Odoo:** hr_timesheet + analytic +- **Impacto:** ALTO +- **Justificación:** Timesheet genera líneas analíticas con costo de mano de obra (salario/hora × horas trabajadas). Esencial para costo real de proyectos +- **Esfuerzo:** 13 SP + +## RECOMENDACIONES + +### Para MGN-010 +- [ ] **CONSIDERAR GAP-001 (Timesheet costeo):** Importante para costo real proyectos + +### Para ERP Construcción +- [x] Implementar timesheet con costeo automático para costo real de mano de obra por proyecto + +## REFERENCIAS + +- [odoo-hr-analysis.md](../../00-analisis-referencias/odoo/odoo-hr-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-011.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-011.md new file mode 100644 index 0000000..a4bd53d --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-011.md @@ -0,0 +1,29 @@ +# GAP ANALYSIS - MGN-011: Proyectos Genéricos + +**Fecha:** 2025-11-23 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 8 | +| **Funcionalidades incluidas** | 8 | +| **Gaps identificados** | 0 | +| **% Cobertura** | 100% | + +## ANÁLISIS + +MGN-011 cubre 100% de funcionalidades genéricas de Odoo project. + +Funcionalidades NO incluidas (específicas de industria): +- CPM (Critical Path Method) - Complejidad algorítmica +- Resource allocation avanzado - Caso específico + +## RECOMENDACIONES + +MGN-011 es suficiente para MVP. Funcionalidades avanzadas en Fase 2 o extensión específica de construcción. + +## REFERENCIAS + +- [odoo-project-analysis.md](../../00-analisis-referencias/odoo/odoo-project-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-012.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-012.md new file mode 100644 index 0000000..81a11a8 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-012.md @@ -0,0 +1,28 @@ +# GAP ANALYSIS - MGN-012: Reportes y Analytics + +**Fecha:** 2025-11-23 +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 7 | +| **Funcionalidades incluidas** | 7 | +| **Gaps identificados** | 0 | +| **% Cobertura** | 100% (básico) | + +## ANÁLISIS + +MGN-012 cubre 100% de funcionalidades básicas de reporting. + +Funcionalidades NO incluidas (avanzadas, P2): +- BI avanzado (OLAP, cubos) +- Predicciones con ML +- Integración Power BI/Tableau + +Estas funcionalidades son P2/P3, NO bloquean MVP. + +## REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-012](../ALCANCE-POR-MODULO.md#mgn-012-reportes-y-analytics) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-013.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-013.md new file mode 100644 index 0000000..0c1168b --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-013.md @@ -0,0 +1,97 @@ +# GAP ANALYSIS - MGN-013: Portal de Usuarios + +**Fecha:** 2025-11-23 +**Basado en:** Odoo portal, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 7 | +| **Funcionalidades incluidas en MGN-013** | 6 | +| **Gaps identificados** | 2 | +| **Gaps P0 (críticos)** | 1 | +| **Gaps P1 (altos)** | 1 | +| **% Cobertura** | 86% | + +## 1. FUNCIONALIDADES DE ODOO + +1. Acceso portal (rol portal_user) +2. Vista de documentos (facturas, órdenes, proyectos) +3. Aprobación de documentos online +4. Firma electrónica (canvas HTML5) +5. Mensajería (comentarios en documentos) +6. Dashboard personalizado por rol +7. **Portal de proveedores** (respuesta a RFQs) + +## 2. FUNCIONALIDADES INCLUIDAS EN MGN-013 + +1. ✅ Acceso portal +2. ✅ Vista de documentos +3. ✅ Aprobación online +4. ✅ Firma electrónica +5. ✅ Mensajería +6. ✅ Dashboard personalizado + +## 3. GAPS IDENTIFICADOS + +### Gap P0 (Críticos) + +#### GAP-MGN-013-001: Validación Legal de Firma Electrónica +- **Descripción:** Firma con timestamp, IP, user agent, hash SHA-256 para validez legal +- **Referencia Odoo:** sign (advanced electronic signature) +- **Impacto:** CRÍTICO +- **Justificación:** Actas entrega-recepción INFONAVIT requieren firma válida legalmente (NOM-151-SCFI) +- **Esfuerzo:** 13 SP + +### Gap P1 (Altos) + +#### GAP-MGN-013-002: Portal de Proveedores (RFQ Response) +- **Descripción:** Proveedores responden cotizaciones online (suben PDF, indican precios) +- **Referencia Odoo:** portal (supplier portal) +- **Impacto:** ALTO +- **Justificación:** Agiliza proceso de compras. Sin esto, cotizaciones por email (lento) +- **Esfuerzo:** 13 SP + +## 4. ANÁLISIS COMPARATIVO CON CONSTRUCCIÓN + +ERP Construcción NO tiene portal: +- ❌ Derechohabientes llaman al call center para consultar avances +- ❌ NO pueden aprobar actas online +- ❌ NO tienen firma electrónica + +**Impacto:** 40% de llamadas al call center son consultas que portal resolvería automáticamente. + +## 5. RECOMENDACIONES + +### Para MGN-013 +- [x] **INCLUIR GAP-001 (Firma legal):** CRÍTICO para INFONAVIT +- [ ] **CONSIDERAR GAP-002 (Portal proveedores):** Agiliza compras + +### Para ERP Construcción +- [x] **IMPLEMENTAR portal derechohabientes:** -40% llamadas call center +- [x] **AGREGAR firma electrónica válida legalmente:** Actas digitales INFONAVIT +- [x] **Mostrar avances de vivienda en tiempo real:** Fotos, % avance, fechas entrega + +## 6. IMPACTO EN STORY POINTS + +| Concepto | SP Original | SP Gaps P0 | SP Nuevo | Δ SP | +|----------|-------------|------------|----------|------| +| MGN-013 | 50 SP | +13 SP | 63 SP | +13 SP (+26%) | + +## 7. IMPORTANCIA PARA INFONAVIT + +⭐⭐⭐⭐⭐ **CRÍTICO** + +Portal de derechohabientes es esencial para INFONAVIT: +- ✅ Derechohabientes ven avance de su vivienda 24/7 +- ✅ Firman actas entrega-recepción digitalmente +- ✅ Consultan documentos (escrituras, pagos) +- ✅ Reducción 40% llamadas call center +- ✅ Mejor experiencia cliente (NPS +25 puntos) + +## 8. REFERENCIAS + +- [ALCANCE-POR-MODULO.md - MGN-013](../ALCANCE-POR-MODULO.md#mgn-013-portal-de-usuarios) +- [odoo-portal-analysis.md](../../00-analisis-referencias/odoo/odoo-portal-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-014.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-014.md new file mode 100644 index 0000000..4a780c2 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-014.md @@ -0,0 +1,42 @@ +# GAP ANALYSIS - MGN-014: Mensajería y Notificaciones + +**Fecha:** 2025-11-23 +**Basado en:** Odoo mail, Construcción +**Estado:** Gap analysis completado + +## Resumen Ejecutivo + +| Métrica | Valor | +|---------|-------| +| **Funcionalidades de Odoo** | 8 | +| **Funcionalidades incluidas** | 8 | +| **Gaps identificados** | 1 | +| **Gaps P1 (altos)** | 1 | +| **% Cobertura** | 100% (básico) | + +## GAPS IDENTIFICADOS + +### Gap P1 + +#### GAP-MGN-014-001: Integración con Email (Gmail/Outlook) +- **Referencia Odoo:** fetchmail +- **Impacto:** ALTO +- **Justificación:** Sincronizar emails con registros (ej: email de proveedor se adjunta automáticamente a su partner). Sin esto, adjuntar manualmente +- **Esfuerzo:** 21 SP + +## RECOMENDACIONES + +### Para MGN-014 +- [ ] **CONSIDERAR GAP-001 (Email sync):** Útil pero NO bloquea MVP + +## ANÁLISIS + +MGN-014 cubre funcionalidades esenciales de Odoo mail. La integración con email es P1 (deseable pero NO crítica). + +## MEJORAS VS ODOO + +✅ **WebSocket vs Polling:** MGN-014 usa WebSocket (Socket.IO) para notificaciones en tiempo real, más eficiente que polling de Odoo. + +## REFERENCIAS + +- [odoo-mail-analysis.md](../../00-analisis-referencias/odoo/odoo-mail-analysis.md) diff --git a/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-015.md b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-015.md new file mode 100644 index 0000000..da812c2 --- /dev/null +++ b/docs/02-definicion-modulos/gaps/GAP-ANALYSIS-MGN-015.md @@ -0,0 +1,126 @@ +# GAP ANALYSIS: MGN-015 - Billing y Suscripciones SaaS + +**Módulo:** MGN-015 +**Nombre:** Billing y Suscripciones SaaS +**Fecha:** 2025-12-06 +**Estado:** ✅ IMPLEMENTADO + +--- + +## Resumen Ejecutivo + +El módulo MGN-015 proporciona la funcionalidad completa de billing y suscripciones para operar el ERP como una plataforma SaaS multi-tenant. Este módulo fue diseñado e implementado como parte del sistema base y **no presenta gaps**. + +--- + +## Alcance del Módulo + +### Funcionalidades Implementadas + +| Funcionalidad | Estado | Tabla(s) BD | +|---------------|--------|-------------| +| Planes de suscripción | ✅ | billing.subscription_plans | +| Gestión de suscripciones | ✅ | billing.subscriptions | +| Historial de cambios | ✅ | billing.subscription_history | +| Propietarios de tenant | ✅ | billing.tenant_owners | +| Métodos de pago | ✅ | billing.payment_methods | +| Facturación SaaS | ✅ | billing.invoices, billing.invoice_lines | +| Pagos y cobros | ✅ | billing.payments | +| Cupones y descuentos | ✅ | billing.coupons, billing.coupon_redemptions | +| Registros de uso | ✅ | billing.usage_records | + +### Planes Predefinidos + +| Plan | Precio/Mes | Usuarios | Features | +|------|------------|----------|----------| +| Free/Trial | $0 | 3 | Inventario, Ventas básico | +| Básico | $499 | 5 | + Financiero, Compras | +| Profesional | $999 | 15 | + CRM, Proyectos, Reportes avanzados, API | +| Enterprise | $2,499 | Ilimitado | + White label, Soporte prioritario | +| Single Tenant | $0 | Ilimitado | On-premise, todo habilitado | + +--- + +## Análisis de Gaps + +### Gaps Identificados: **NINGUNO** + +El módulo está completamente implementado a nivel de base de datos. Todas las tablas, índices, triggers y funciones necesarias están presentes. + +--- + +## Funciones de Negocio Implementadas + +### 1. get_tenant_plan(p_tenant_id UUID) +Obtiene información del plan actual de un tenant. + +**Retorna:** +- plan_code +- plan_name +- max_users +- max_companies +- features (JSONB) +- subscription_status +- days_until_renewal + +### 2. can_add_user(p_tenant_id UUID) +Verifica si el tenant puede agregar más usuarios según su plan. + +**Retorna:** BOOLEAN + +### 3. has_feature(p_tenant_id UUID, p_feature VARCHAR) +Verifica si una feature específica está habilitada para el tenant. + +**Retorna:** BOOLEAN + +--- + +## Integraciones Previstas + +| Integración | Estado | Notas | +|-------------|--------|-------| +| Stripe Payments | 🔲 Pendiente | Campos stripe_* preparados | +| CFDI México | 🔲 Pendiente | Campos cfdi_* preparados | +| Webhooks | 🔲 Pendiente | Backend pendiente | + +--- + +## Dependencias + +### Depende de: +- MGN-001 (auth.tenants, auth.users) +- MGN-003 (core.currencies) + +### Es requerido por: +- Ningún módulo (independiente) + +--- + +## Características de Seguridad + +- **RLS:** Tablas con tenant_id tienen políticas de aislamiento +- **Soft Delete:** payment_methods soporta deleted_at +- **Validaciones:** Constraints en precios, descuentos, fechas + +--- + +## Próximos Pasos (Backend/Frontend) + +1. Implementar servicio `BillingService` en backend +2. Crear controladores REST para gestión de suscripciones +3. Integrar SDK de Stripe para pagos +4. Crear portal de facturación en frontend +5. Implementar webhooks para eventos de pago + +--- + +## Conclusión + +**Estado del Gap Analysis:** ✅ SIN GAPS + +El módulo MGN-015 está completamente implementado a nivel de base de datos y listo para desarrollo de backend y frontend. + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-06 diff --git a/docs/02-fase-core-business/MGN-005-catalogs/README.md b/docs/02-fase-core-business/MGN-005-catalogs/README.md new file mode 100644 index 0000000..2ecfc09 --- /dev/null +++ b/docs/02-fase-core-business/MGN-005-catalogs/README.md @@ -0,0 +1,62 @@ +# MGN-005: Catalogos + +**Modulo:** MGN-005 +**Nombre:** Catalogos Maestros +**Fase:** 02 - Core Business +**Story Points:** 30 SP (estimado) +**Estado:** Migrado GAMILIT +**Ultima actualizacion:** 2025-12-05 + +--- + +## Descripcion + +Sistema de catalogos maestros genericos que permite definir y gestionar listas de valores reutilizables en todo el sistema: paises, estados, monedas, unidades de medida, categorias, etc. + +--- + +## Funcionalidades Principales + +1. **CRUD de Catalogos** - Crear, editar, eliminar catalogos +2. **Items de Catalogo** - Gestionar items dentro de cada catalogo +3. **Catalogos Jerarquicos** - Soporte para catalogos con estructura de arbol +4. **Catalogos de Sistema** - Catalogos predefinidos no eliminables +5. **Busqueda y Filtrado** - Busqueda eficiente en catalogos grandes + +--- + +## Casos de Uso + +- Catalogo de paises con codigos ISO +- Catalogo de monedas con simbolos y formatos +- Catalogo de unidades de medida +- Catalogo de categorias de productos +- Catalogo de tipos de documentos +- Catalogos personalizados por tenant + +--- + +## Dependencias + +**Este modulo depende de:** +- MGN-001 Auth +- MGN-004 Tenants (para aislamiento multi-tenant) + +**Modulos que dependen de este:** +- MGN-010 Financial (monedas, tipos de cuenta) +- MGN-011 Inventory (unidades, categorias) +- Verticales (catalogos especificos) + +--- + +## Documentacion + +- **Requerimientos:** [requerimientos/](./requerimientos/) +- **Especificaciones:** [especificaciones/](./especificaciones/) +- **User Stories:** [historias-usuario/](./historias-usuario/) +- **Trazabilidad:** [implementacion/TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/02-fase-core-business/MGN-005-catalogs/_MAP.md b/docs/02-fase-core-business/MGN-005-catalogs/_MAP.md new file mode 100644 index 0000000..85a2519 --- /dev/null +++ b/docs/02-fase-core-business/MGN-005-catalogs/_MAP.md @@ -0,0 +1,92 @@ +# _MAP: MGN-005 - Catalogos + +**Modulo:** MGN-005 +**Nombre:** Catalogos Maestros +**Fase:** 02 - Core Business +**Story Points:** 30 SP +**Estado:** Migrado GAMILIT +**Ultima actualizacion:** 2025-12-05 + +--- + +## Resumen + +Sistema de catalogos maestros genericos para listas de valores reutilizables: paises, monedas, unidades, categorias, etc. + +--- + +## Metricas + +| Metrica | Valor | +|---------|-------| +| Story Points | 30 SP | +| Requerimientos (RF) | 5 | +| Especificaciones (ET) | 0 (pendiente) | +| User Stories (US) | 0 (pendiente) | +| Tablas DB | ~5 | +| Endpoints API | ~12 | + +--- + +## Requerimientos Funcionales (5) + +| ID | Archivo | Titulo | Prioridad | Estado | +|----|---------|--------|-----------|--------| +| RF-CATALOG-001 | [RF-CATALOG-001.md](./requerimientos/RF-CATALOG-001.md) | CRUD Catalogos | P0 | Migrado | +| RF-CATALOG-002 | [RF-CATALOG-002.md](./requerimientos/RF-CATALOG-002.md) | Items de Catalogo | P0 | Migrado | +| RF-CATALOG-003 | [RF-CATALOG-003.md](./requerimientos/RF-CATALOG-003.md) | Catalogos Jerarquicos | P1 | Migrado | +| RF-CATALOG-004 | [RF-CATALOG-004.md](./requerimientos/RF-CATALOG-004.md) | Catalogos de Sistema | P1 | Migrado | +| RF-CATALOG-005 | [RF-CATALOG-005.md](./requerimientos/RF-CATALOG-005.md) | Busqueda y Filtrado | P1 | Migrado | + +**Indice:** [INDICE-RF-CATALOG.md](./requerimientos/INDICE-RF-CATALOG.md) + +--- + +## Especificaciones Tecnicas + +*Pendiente de creacion* + +--- + +## Historias de Usuario + +*Pendiente de creacion* + +--- + +## Implementacion + +### Database + +| Objeto | Tipo | Schema | +|--------|------|--------| +| catalogs | Tabla | core_catalogs | +| catalog_items | Tabla | core_catalogs | +| catalog_hierarchies | Tabla | core_catalogs | + +### Backend + +| Objeto | Tipo | Path | +|--------|------|------| +| CatalogsModule | Module | src/modules/catalogs/ | +| CatalogsService | Service | src/modules/catalogs/catalogs.service.ts | +| CatalogsController | Controller | src/modules/catalogs/catalogs.controller.ts | + +--- + +## Dependencias + +**Depende de:** MGN-001 (Auth), MGN-004 (Tenants) + +**Requerido por:** MGN-010 (Financial), MGN-011 (Inventory), Verticales + +--- + +## Trazabilidad + +Ver: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) + +--- + +**Generado por:** Requirements-Analyst +**Fecha:** 2025-12-05 diff --git a/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-backend.md b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-backend.md new file mode 100644 index 0000000..2828169 --- /dev/null +++ b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-backend.md @@ -0,0 +1,1324 @@ +# ET-CATALOG-BACKEND: Servicios y API REST + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | ET-CATALOG-BACKEND | +| **Modulo** | MGN-005 Catalogs | +| **Version** | 1.0 | +| **Estado** | En Diseno | +| **Framework** | NestJS | +| **Autor** | Requirements-Analyst | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +Especificacion tecnica del modulo backend de Catalogs implementado en NestJS. Incluye servicios, controladores, DTOs y entidades TypeORM para la gestion de contactos, catalogos globales (paises, monedas) y catalogos por tenant (UoM, categorias). + +### Estructura de Archivos + +``` +apps/backend/src/modules/catalogs/ +├── catalogs.module.ts +├── controllers/ +│ ├── contacts.controller.ts +│ ├── countries.controller.ts +│ ├── currencies.controller.ts +│ ├── uom.controller.ts +│ └── categories.controller.ts +├── services/ +│ ├── contacts.service.ts +│ ├── countries.service.ts +│ ├── currencies.service.ts +│ ├── currency-rates.service.ts +│ ├── uom.service.ts +│ └── categories.service.ts +├── entities/ +│ ├── contact.entity.ts +│ ├── contact-tag.entity.ts +│ ├── country.entity.ts +│ ├── state.entity.ts +│ ├── currency.entity.ts +│ ├── currency-rate.entity.ts +│ ├── uom-category.entity.ts +│ ├── uom.entity.ts +│ └── category.entity.ts +├── dto/ +│ ├── contacts/ +│ │ ├── create-contact.dto.ts +│ │ ├── update-contact.dto.ts +│ │ └── contact-query.dto.ts +│ ├── currencies/ +│ │ ├── create-rate.dto.ts +│ │ └── convert-currency.dto.ts +│ ├── uom/ +│ │ ├── create-uom.dto.ts +│ │ └── convert-uom.dto.ts +│ └── categories/ +│ ├── create-category.dto.ts +│ └── update-category.dto.ts +└── interfaces/ + ├── contact.interface.ts + └── catalog.interface.ts +``` + +--- + +## Entidades TypeORM + +### Contact Entity + +```typescript +// entities/contact.entity.ts +import { + Entity, PrimaryGeneratedColumn, Column, ManyToOne, OneToMany, + JoinColumn, CreateDateColumn, UpdateDateColumn, Index +} from 'typeorm'; +import { TenantEntity } from '@core/entities/tenant.entity'; +import { Country } from './country.entity'; +import { State } from './state.entity'; +import { Currency } from './currency.entity'; +import { User } from '@modules/users/entities/user.entity'; + +export enum ContactType { + COMPANY = 'company', + INDIVIDUAL = 'individual', + CONTACT = 'contact' +} + +export enum ContactRole { + CUSTOMER = 'customer', + VENDOR = 'vendor', + EMPLOYEE = 'employee', + OTHER = 'other' +} + +@Entity('contacts', { schema: 'core_catalogs' }) +@Index(['tenantId', 'vat'], { unique: true, where: 'vat IS NOT NULL' }) +@Index(['tenantId', 'ref'], { unique: true, where: 'ref IS NOT NULL' }) +export class Contact extends TenantEntity { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'parent_id', type: 'uuid', nullable: true }) + parentId: string; + + @ManyToOne(() => Contact, contact => contact.children, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'parent_id' }) + parent: Contact; + + @OneToMany(() => Contact, contact => contact.parent) + children: Contact[]; + + @Column({ length: 255 }) + name: string; + + @Column({ name: 'display_name', length: 500, nullable: true }) + displayName: string; + + @Column({ + name: 'contact_type', + type: 'enum', + enum: ContactType, + default: ContactType.COMPANY + }) + contactType: ContactType; + + @Column({ type: 'jsonb', default: [] }) + roles: ContactRole[]; + + @Column({ length: 50, nullable: true }) + ref: string; + + @Column({ length: 50, nullable: true }) + vat: string; + + @Column({ length: 255, nullable: true }) + email: string; + + @Column({ length: 50, nullable: true }) + phone: string; + + @Column({ length: 50, nullable: true }) + mobile: string; + + @Column({ length: 255, nullable: true }) + website: string; + + @Column({ length: 255, nullable: true }) + street: string; + + @Column({ length: 255, nullable: true }) + street2: string; + + @Column({ length: 100, nullable: true }) + city: string; + + @Column({ length: 20, nullable: true }) + zip: string; + + @Column({ name: 'state_id', type: 'uuid', nullable: true }) + stateId: string; + + @ManyToOne(() => State) + @JoinColumn({ name: 'state_id' }) + state: State; + + @Column({ name: 'country_id', type: 'uuid', nullable: true }) + countryId: string; + + @ManyToOne(() => Country) + @JoinColumn({ name: 'country_id' }) + country: Country; + + @Column({ length: 100, nullable: true }) + function: string; + + @Column({ name: 'user_id', type: 'uuid', nullable: true, unique: true }) + userId: string; + + @ManyToOne(() => User) + @JoinColumn({ name: 'user_id' }) + user: User; + + @Column({ name: 'currency_id', type: 'uuid', nullable: true }) + currencyId: string; + + @ManyToOne(() => Currency) + @JoinColumn({ name: 'currency_id' }) + currency: Currency; + + @Column({ name: 'payment_term_days', type: 'int', nullable: true }) + paymentTermDays: number; + + @Column({ + name: 'credit_limit', + type: 'decimal', + precision: 15, + scale: 2, + default: 0 + }) + creditLimit: number; + + @Column({ name: 'bank_accounts', type: 'jsonb', default: [] }) + bankAccounts: object[]; + + @Column({ type: 'text', nullable: true }) + notes: string; + + @Column({ name: 'is_active', default: true }) + isActive: boolean; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; + + // Virtual: Tags through relation table + tags?: ContactTag[]; +} +``` + +### Currency Entity + +```typescript +// entities/currency.entity.ts +import { + Entity, PrimaryGeneratedColumn, Column, + CreateDateColumn, UpdateDateColumn +} from 'typeorm'; + +export enum CurrencyPosition { + BEFORE = 'before', + AFTER = 'after' +} + +@Entity('currencies', { schema: 'core_catalogs' }) +export class Currency { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ type: 'char', length: 3, unique: true }) + name: string; // ISO code + + @Column({ name: 'full_name', length: 100 }) + fullName: string; + + @Column({ length: 10 }) + symbol: string; + + @Column({ name: 'iso_numeric', type: 'int', nullable: true }) + isoNumeric: number; + + @Column({ name: 'decimal_places', type: 'int', default: 2 }) + decimalPlaces: number; + + @Column({ type: 'decimal', precision: 10, scale: 6, default: 0.01 }) + rounding: number; + + @Column({ + type: 'enum', + enum: CurrencyPosition, + default: CurrencyPosition.BEFORE + }) + position: CurrencyPosition; + + @Column({ name: 'is_active', default: true }) + isActive: boolean; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; +} +``` + +### UoM Entity + +```typescript +// entities/uom.entity.ts +import { + Entity, PrimaryGeneratedColumn, Column, ManyToOne, + JoinColumn, CreateDateColumn, UpdateDateColumn +} from 'typeorm'; +import { TenantEntity } from '@core/entities/tenant.entity'; +import { UomCategory } from './uom-category.entity'; + +export enum UomType { + REFERENCE = 'reference', + BIGGER = 'bigger', + SMALLER = 'smaller' +} + +@Entity('uom', { schema: 'core_catalogs' }) +export class Uom extends TenantEntity { + @PrimaryGeneratedColumn('uuid') + id: string; + + @Column({ name: 'category_id', type: 'uuid' }) + categoryId: string; + + @ManyToOne(() => UomCategory, { onDelete: 'CASCADE' }) + @JoinColumn({ name: 'category_id' }) + category: UomCategory; + + @Column({ length: 50 }) + name: string; + + @Column({ + name: 'uom_type', + type: 'enum', + enum: UomType + }) + uomType: UomType; + + @Column({ type: 'decimal', precision: 20, scale: 10, default: 1 }) + factor: number; + + @Column({ type: 'decimal', precision: 10, scale: 6, default: 0.01 }) + rounding: number; + + @Column({ name: 'is_protected', default: false }) + isProtected: boolean; + + @Column({ name: 'is_active', default: true }) + isActive: boolean; + + @CreateDateColumn({ name: 'created_at' }) + createdAt: Date; + + @UpdateDateColumn({ name: 'updated_at' }) + updatedAt: Date; +} +``` + +--- + +## DTOs + +### Create Contact DTO + +```typescript +// dto/contacts/create-contact.dto.ts +import { + IsString, IsEmail, IsOptional, IsEnum, IsArray, + IsUUID, IsNumber, Min, MaxLength, ValidateNested +} from 'class-validator'; +import { Type } from 'class-transformer'; +import { ContactType, ContactRole } from '../entities/contact.entity'; + +class AddressDto { + @IsOptional() + @IsString() + @MaxLength(255) + street?: string; + + @IsOptional() + @IsString() + @MaxLength(255) + street2?: string; + + @IsOptional() + @IsString() + @MaxLength(100) + city?: string; + + @IsOptional() + @IsString() + @MaxLength(20) + zip?: string; + + @IsOptional() + @IsUUID() + stateId?: string; + + @IsOptional() + @IsUUID() + countryId?: string; +} + +export class CreateContactDto { + @IsString() + @MaxLength(255) + name: string; + + @IsEnum(ContactType) + contactType: ContactType; + + @IsOptional() + @IsArray() + @IsEnum(ContactRole, { each: true }) + roles?: ContactRole[]; + + @IsOptional() + @IsUUID() + parentId?: string; + + @IsOptional() + @IsString() + @MaxLength(50) + ref?: string; + + @IsOptional() + @IsString() + @MaxLength(50) + vat?: string; + + @IsOptional() + @IsEmail() + email?: string; + + @IsOptional() + @IsString() + @MaxLength(50) + phone?: string; + + @IsOptional() + @IsString() + @MaxLength(50) + mobile?: string; + + @IsOptional() + @IsString() + @MaxLength(255) + website?: string; + + @IsOptional() + @ValidateNested() + @Type(() => AddressDto) + address?: AddressDto; + + @IsOptional() + @IsString() + @MaxLength(100) + function?: string; + + @IsOptional() + @IsUUID() + currencyId?: string; + + @IsOptional() + @IsNumber() + @Min(0) + paymentTermDays?: number; + + @IsOptional() + @IsNumber() + @Min(0) + creditLimit?: number; + + @IsOptional() + @IsArray() + @IsUUID(undefined, { each: true }) + tagIds?: string[]; +} +``` + +### Contact Query DTO + +```typescript +// dto/contacts/contact-query.dto.ts +import { IsOptional, IsEnum, IsString, IsBoolean, IsArray } from 'class-validator'; +import { Transform, Type } from 'class-transformer'; +import { PaginationDto } from '@core/dto/pagination.dto'; +import { ContactType, ContactRole } from '../entities/contact.entity'; + +export class ContactQueryDto extends PaginationDto { + @IsOptional() + @IsEnum(ContactType) + type?: ContactType; + + @IsOptional() + @IsArray() + @IsEnum(ContactRole, { each: true }) + @Transform(({ value }) => value.split(',')) + roles?: ContactRole[]; + + @IsOptional() + @IsString() + search?: string; + + @IsOptional() + @Transform(({ value }) => value === 'true') + @IsBoolean() + isCustomer?: boolean; + + @IsOptional() + @Transform(({ value }) => value === 'true') + @IsBoolean() + isVendor?: boolean; + + @IsOptional() + @IsArray() + @IsString({ each: true }) + @Transform(({ value }) => value.split(',')) + tags?: string[]; + + @IsOptional() + @Transform(({ value }) => value === 'true') + @IsBoolean() + includeChildren?: boolean; +} +``` + +--- + +## Servicios + +### ContactsService + +```typescript +// services/contacts.service.ts +import { Injectable, NotFoundException, ConflictException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, ILike, In, Brackets } from 'typeorm'; +import { Contact, ContactType, ContactRole } from '../entities/contact.entity'; +import { ContactTag } from '../entities/contact-tag.entity'; +import { CreateContactDto } from '../dto/contacts/create-contact.dto'; +import { UpdateContactDto } from '../dto/contacts/update-contact.dto'; +import { ContactQueryDto } from '../dto/contacts/contact-query.dto'; +import { TenantContext } from '@core/decorators/tenant.decorator'; +import { PaginatedResult } from '@core/interfaces/pagination.interface'; + +@Injectable() +export class ContactsService { + constructor( + @InjectRepository(Contact) + private readonly contactRepo: Repository, + @InjectRepository(ContactTag) + private readonly tagRepo: Repository, + ) {} + + async create( + dto: CreateContactDto, + @TenantContext() tenantId: string + ): Promise { + // Validar que contactos tipo 'contact' tengan parent + if (dto.contactType === ContactType.CONTACT && !dto.parentId) { + throw new ConflictException('Contact type requires a parent company'); + } + + // Validar unicidad de VAT + if (dto.vat) { + const existing = await this.contactRepo.findOne({ + where: { tenantId, vat: dto.vat } + }); + if (existing) { + throw new ConflictException('VAT already exists for this tenant'); + } + } + + // Validar unicidad de REF + if (dto.ref) { + const existing = await this.contactRepo.findOne({ + where: { tenantId, ref: dto.ref } + }); + if (existing) { + throw new ConflictException('REF already exists for this tenant'); + } + } + + const contact = this.contactRepo.create({ + ...dto, + tenantId, + street: dto.address?.street, + street2: dto.address?.street2, + city: dto.address?.city, + zip: dto.address?.zip, + stateId: dto.address?.stateId, + countryId: dto.address?.countryId, + }); + + const saved = await this.contactRepo.save(contact); + + // Asignar tags si se proporcionaron + if (dto.tagIds?.length) { + await this.assignTags(saved.id, dto.tagIds); + } + + return this.findOne(saved.id, tenantId); + } + + async findAll( + query: ContactQueryDto, + @TenantContext() tenantId: string + ): Promise> { + const qb = this.contactRepo + .createQueryBuilder('contact') + .where('contact.tenant_id = :tenantId', { tenantId }) + .leftJoinAndSelect('contact.country', 'country') + .leftJoinAndSelect('contact.state', 'state') + .leftJoinAndSelect('contact.currency', 'currency'); + + // Filtro por tipo + if (query.type) { + qb.andWhere('contact.contact_type = :type', { type: query.type }); + } + + // Filtro por roles + if (query.isCustomer) { + qb.andWhere("contact.roles @> :customerRole", { + customerRole: JSON.stringify([ContactRole.CUSTOMER]) + }); + } + if (query.isVendor) { + qb.andWhere("contact.roles @> :vendorRole", { + vendorRole: JSON.stringify([ContactRole.VENDOR]) + }); + } + + // Busqueda full-text + if (query.search) { + qb.andWhere(new Brackets(sub => { + sub.where('contact.name ILIKE :search', { search: `%${query.search}%` }) + .orWhere('contact.email ILIKE :search', { search: `%${query.search}%` }) + .orWhere('contact.vat ILIKE :search', { search: `%${query.search}%` }) + .orWhere('contact.ref ILIKE :search', { search: `%${query.search}%` }); + })); + } + + // Filtro por tags + if (query.tags?.length) { + qb.innerJoin('core_catalogs.contact_tag_rel', 'ctr', 'ctr.contact_id = contact.id') + .andWhere('ctr.tag_id IN (:...tagIds)', { tagIds: query.tags }); + } + + // Incluir hijos + if (query.includeChildren) { + qb.leftJoinAndSelect('contact.children', 'children'); + } + + // Paginacion + const [data, total] = await qb + .orderBy('contact.name', 'ASC') + .skip((query.page - 1) * query.limit) + .take(query.limit) + .getManyAndCount(); + + return { + data, + meta: { + total, + page: query.page, + limit: query.limit, + totalPages: Math.ceil(total / query.limit) + } + }; + } + + async findOne(id: string, @TenantContext() tenantId: string): Promise { + const contact = await this.contactRepo.findOne({ + where: { id, tenantId }, + relations: ['country', 'state', 'currency', 'parent', 'children'] + }); + + if (!contact) { + throw new NotFoundException(`Contact ${id} not found`); + } + + // Cargar tags + const tags = await this.getContactTags(id); + contact.tags = tags; + + return contact; + } + + async update( + id: string, + dto: UpdateContactDto, + @TenantContext() tenantId: string + ): Promise { + const contact = await this.findOne(id, tenantId); + + // Validar unicidad de VAT si cambia + if (dto.vat && dto.vat !== contact.vat) { + const existing = await this.contactRepo.findOne({ + where: { tenantId, vat: dto.vat } + }); + if (existing) { + throw new ConflictException('VAT already exists'); + } + } + + Object.assign(contact, dto); + + if (dto.address) { + contact.street = dto.address.street ?? contact.street; + contact.street2 = dto.address.street2 ?? contact.street2; + contact.city = dto.address.city ?? contact.city; + contact.zip = dto.address.zip ?? contact.zip; + contact.stateId = dto.address.stateId ?? contact.stateId; + contact.countryId = dto.address.countryId ?? contact.countryId; + } + + await this.contactRepo.save(contact); + + if (dto.tagIds !== undefined) { + await this.assignTags(id, dto.tagIds); + } + + return this.findOne(id, tenantId); + } + + async remove(id: string, @TenantContext() tenantId: string): Promise { + const contact = await this.findOne(id, tenantId); + await this.contactRepo.remove(contact); + } + + async assignTags(contactId: string, tagIds: string[]): Promise { + // Eliminar tags existentes + await this.contactRepo.query( + 'DELETE FROM core_catalogs.contact_tag_rel WHERE contact_id = $1', + [contactId] + ); + + // Insertar nuevos + if (tagIds.length) { + const values = tagIds.map(tagId => `('${contactId}', '${tagId}')`).join(','); + await this.contactRepo.query( + `INSERT INTO core_catalogs.contact_tag_rel (contact_id, tag_id) VALUES ${values}` + ); + } + } + + async getContactTags(contactId: string): Promise { + return this.tagRepo + .createQueryBuilder('tag') + .innerJoin('core_catalogs.contact_tag_rel', 'rel', 'rel.tag_id = tag.id') + .where('rel.contact_id = :contactId', { contactId }) + .getMany(); + } + + async search( + query: string, + @TenantContext() tenantId: string, + limit = 10 + ): Promise { + return this.contactRepo + .createQueryBuilder('contact') + .where('contact.tenant_id = :tenantId', { tenantId }) + .andWhere(new Brackets(sub => { + sub.where('contact.name ILIKE :q', { q: `%${query}%` }) + .orWhere('contact.email ILIKE :q', { q: `%${query}%` }) + .orWhere('contact.vat ILIKE :q', { q: `%${query}%` }); + })) + .orderBy('contact.name', 'ASC') + .limit(limit) + .getMany(); + } +} +``` + +### CurrencyRatesService + +```typescript +// services/currency-rates.service.ts +import { Injectable, NotFoundException, BadRequestException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository, LessThanOrEqual } from 'typeorm'; +import { CurrencyRate } from '../entities/currency-rate.entity'; +import { Currency } from '../entities/currency.entity'; +import { CreateRateDto } from '../dto/currencies/create-rate.dto'; +import { TenantContext } from '@core/decorators/tenant.decorator'; + +@Injectable() +export class CurrencyRatesService { + constructor( + @InjectRepository(CurrencyRate) + private readonly rateRepo: Repository, + @InjectRepository(Currency) + private readonly currencyRepo: Repository, + ) {} + + async createRate( + dto: CreateRateDto, + @TenantContext() tenantId: string + ): Promise { + // Verificar que la moneda existe + const currency = await this.currencyRepo.findOne({ + where: { id: dto.currencyId } + }); + if (!currency) { + throw new NotFoundException('Currency not found'); + } + + // Verificar que no exista tasa para esa fecha + const existing = await this.rateRepo.findOne({ + where: { + tenantId, + currencyId: dto.currencyId, + name: dto.date + } + }); + if (existing) { + throw new BadRequestException('Rate already exists for this date'); + } + + const rate = this.rateRepo.create({ + tenantId, + currencyId: dto.currencyId, + rate: dto.rate, + name: dto.date + }); + + return this.rateRepo.save(rate); + } + + async getRate( + currencyId: string, + date: Date, + @TenantContext() tenantId: string + ): Promise { + const rate = await this.rateRepo.findOne({ + where: { + tenantId, + currencyId, + name: LessThanOrEqual(date) + }, + order: { name: 'DESC' } + }); + + return rate?.rate ?? 1; + } + + async convert( + amount: number, + fromCurrencyId: string, + toCurrencyId: string, + date: Date, + @TenantContext() tenantId: string + ): Promise<{ amount: number; rate: number }> { + if (fromCurrencyId === toCurrencyId) { + return { amount, rate: 1 }; + } + + const fromRate = await this.getRate(fromCurrencyId, date, tenantId); + const toRate = await this.getRate(toCurrencyId, date, tenantId); + + const rate = toRate / fromRate; + const convertedAmount = amount * rate; + + return { + amount: convertedAmount, + rate + }; + } + + async getRateHistory( + currencyId: string, + fromDate: Date, + toDate: Date, + @TenantContext() tenantId: string + ): Promise { + return this.rateRepo + .createQueryBuilder('rate') + .where('rate.tenant_id = :tenantId', { tenantId }) + .andWhere('rate.currency_id = :currencyId', { currencyId }) + .andWhere('rate.name BETWEEN :from AND :to', { from: fromDate, to: toDate }) + .orderBy('rate.name', 'DESC') + .getMany(); + } +} +``` + +### UomService + +```typescript +// services/uom.service.ts +import { Injectable, NotFoundException, BadRequestException } from '@nestjs/common'; +import { InjectRepository } from '@nestjs/typeorm'; +import { Repository } from 'typeorm'; +import { Uom, UomType } from '../entities/uom.entity'; +import { UomCategory } from '../entities/uom-category.entity'; +import { CreateUomDto } from '../dto/uom/create-uom.dto'; +import { TenantContext } from '@core/decorators/tenant.decorator'; + +@Injectable() +export class UomService { + constructor( + @InjectRepository(Uom) + private readonly uomRepo: Repository, + @InjectRepository(UomCategory) + private readonly categoryRepo: Repository, + ) {} + + async createCategory( + name: string, + @TenantContext() tenantId: string + ): Promise { + const category = this.categoryRepo.create({ tenantId, name }); + return this.categoryRepo.save(category); + } + + async getCategories(@TenantContext() tenantId: string): Promise { + return this.categoryRepo.find({ + where: { tenantId, isActive: true }, + order: { name: 'ASC' } + }); + } + + async createUom( + dto: CreateUomDto, + @TenantContext() tenantId: string + ): Promise { + // Validar categoria existe + const category = await this.categoryRepo.findOne({ + where: { id: dto.categoryId, tenantId } + }); + if (!category) { + throw new NotFoundException('Category not found'); + } + + // Validar que solo haya una reference por categoria + if (dto.uomType === UomType.REFERENCE) { + const existing = await this.uomRepo.findOne({ + where: { categoryId: dto.categoryId, uomType: UomType.REFERENCE } + }); + if (existing) { + throw new BadRequestException('Category already has a reference UoM'); + } + } + + // Validar que reference tenga factor = 1 + if (dto.uomType === UomType.REFERENCE && dto.factor !== 1) { + throw new BadRequestException('Reference UoM must have factor = 1'); + } + + const uom = this.uomRepo.create({ + ...dto, + tenantId + }); + + return this.uomRepo.save(uom); + } + + async getByCategory( + categoryId: string, + @TenantContext() tenantId: string + ): Promise { + return this.uomRepo.find({ + where: { categoryId, tenantId, isActive: true }, + order: { uomType: 'ASC', name: 'ASC' } + }); + } + + async convert( + quantity: number, + fromUomId: string, + toUomId: string + ): Promise<{ quantity: number; factor: number }> { + if (fromUomId === toUomId) { + return { quantity, factor: 1 }; + } + + const fromUom = await this.uomRepo.findOne({ where: { id: fromUomId } }); + const toUom = await this.uomRepo.findOne({ where: { id: toUomId } }); + + if (!fromUom || !toUom) { + throw new NotFoundException('UoM not found'); + } + + if (fromUom.categoryId !== toUom.categoryId) { + throw new BadRequestException('Cannot convert between different categories'); + } + + const factor = Number(fromUom.factor) / Number(toUom.factor); + const converted = quantity * factor; + + // Redondear segun precision de destino + const rounded = Math.round(converted / Number(toUom.rounding)) * Number(toUom.rounding); + + return { quantity: rounded, factor }; + } + + async round(quantity: number, uomId: string): Promise { + const uom = await this.uomRepo.findOne({ where: { id: uomId } }); + if (!uom) { + throw new NotFoundException('UoM not found'); + } + + return Math.round(quantity / Number(uom.rounding)) * Number(uom.rounding); + } +} +``` + +--- + +## Controladores + +### ContactsController + +```typescript +// controllers/contacts.controller.ts +import { + Controller, Get, Post, Put, Delete, Param, Body, Query, + UseGuards, ParseUUIDPipe, HttpCode, HttpStatus +} from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { JwtAuthGuard } from '@modules/auth/guards/jwt-auth.guard'; +import { RbacGuard } from '@modules/rbac/guards/rbac.guard'; +import { Permissions } from '@modules/rbac/decorators/permissions.decorator'; +import { TenantId } from '@core/decorators/tenant.decorator'; +import { ContactsService } from '../services/contacts.service'; +import { CreateContactDto } from '../dto/contacts/create-contact.dto'; +import { UpdateContactDto } from '../dto/contacts/update-contact.dto'; +import { ContactQueryDto } from '../dto/contacts/contact-query.dto'; + +@ApiTags('Contacts') +@ApiBearerAuth() +@Controller('contacts') +@UseGuards(JwtAuthGuard, RbacGuard) +export class ContactsController { + constructor(private readonly contactsService: ContactsService) {} + + @Post() + @ApiOperation({ summary: 'Create a new contact' }) + @Permissions('catalogs.contacts.create') + async create( + @Body() dto: CreateContactDto, + @TenantId() tenantId: string + ) { + return this.contactsService.create(dto, tenantId); + } + + @Get() + @ApiOperation({ summary: 'List contacts with filters' }) + @Permissions('catalogs.contacts.read') + async findAll( + @Query() query: ContactQueryDto, + @TenantId() tenantId: string + ) { + return this.contactsService.findAll(query, tenantId); + } + + @Get('search') + @ApiOperation({ summary: 'Quick search contacts' }) + @Permissions('catalogs.contacts.read') + async search( + @Query('q') query: string, + @Query('limit') limit: number = 10, + @TenantId() tenantId: string + ) { + return this.contactsService.search(query, tenantId, limit); + } + + @Get(':id') + @ApiOperation({ summary: 'Get contact by ID' }) + @Permissions('catalogs.contacts.read') + async findOne( + @Param('id', ParseUUIDPipe) id: string, + @TenantId() tenantId: string + ) { + return this.contactsService.findOne(id, tenantId); + } + + @Put(':id') + @ApiOperation({ summary: 'Update contact' }) + @Permissions('catalogs.contacts.update') + async update( + @Param('id', ParseUUIDPipe) id: string, + @Body() dto: UpdateContactDto, + @TenantId() tenantId: string + ) { + return this.contactsService.update(id, dto, tenantId); + } + + @Delete(':id') + @HttpCode(HttpStatus.NO_CONTENT) + @ApiOperation({ summary: 'Delete contact' }) + @Permissions('catalogs.contacts.delete') + async remove( + @Param('id', ParseUUIDPipe) id: string, + @TenantId() tenantId: string + ) { + await this.contactsService.remove(id, tenantId); + } + + @Post(':id/tags') + @ApiOperation({ summary: 'Assign tags to contact' }) + @Permissions('catalogs.contacts.update') + async assignTags( + @Param('id', ParseUUIDPipe) id: string, + @Body('tagIds') tagIds: string[], + @TenantId() tenantId: string + ) { + await this.contactsService.findOne(id, tenantId); // Validar acceso + await this.contactsService.assignTags(id, tagIds); + return { success: true }; + } +} +``` + +### CurrenciesController + +```typescript +// controllers/currencies.controller.ts +import { + Controller, Get, Post, Query, Body, Param, + UseGuards, ParseUUIDPipe +} from '@nestjs/common'; +import { ApiTags, ApiOperation, ApiBearerAuth } from '@nestjs/swagger'; +import { JwtAuthGuard } from '@modules/auth/guards/jwt-auth.guard'; +import { TenantId } from '@core/decorators/tenant.decorator'; +import { CurrenciesService } from '../services/currencies.service'; +import { CurrencyRatesService } from '../services/currency-rates.service'; +import { CreateRateDto } from '../dto/currencies/create-rate.dto'; + +@ApiTags('Currencies') +@ApiBearerAuth() +@Controller('currencies') +@UseGuards(JwtAuthGuard) +export class CurrenciesController { + constructor( + private readonly currenciesService: CurrenciesService, + private readonly ratesService: CurrencyRatesService + ) {} + + @Get() + @ApiOperation({ summary: 'List all currencies (global)' }) + async findAll(@Query('active') active?: boolean) { + return this.currenciesService.findAll(active); + } + + @Get('rates') + @ApiOperation({ summary: 'Get rate history for a currency' }) + async getRates( + @Query('currencyId', ParseUUIDPipe) currencyId: string, + @Query('from') from: string, + @Query('to') to: string, + @TenantId() tenantId: string + ) { + return this.ratesService.getRateHistory( + currencyId, + new Date(from), + new Date(to), + tenantId + ); + } + + @Post('rates') + @ApiOperation({ summary: 'Register a currency rate' }) + async createRate( + @Body() dto: CreateRateDto, + @TenantId() tenantId: string + ) { + return this.ratesService.createRate(dto, tenantId); + } + + @Get('convert') + @ApiOperation({ summary: 'Convert amount between currencies' }) + async convert( + @Query('from', ParseUUIDPipe) from: string, + @Query('to', ParseUUIDPipe) to: string, + @Query('amount') amount: number, + @Query('date') date: string, + @TenantId() tenantId: string + ) { + const result = await this.ratesService.convert( + amount, + from, + to, + date ? new Date(date) : new Date(), + tenantId + ); + + return { + from: { currencyId: from, amount }, + to: { currencyId: to, amount: result.amount }, + rate: result.rate, + date: date ?? new Date().toISOString().split('T')[0] + }; + } +} +``` + +--- + +## API Endpoints Summary + +### Contacts + +| Method | Path | Permission | Description | +|--------|------|------------|-------------| +| POST | /api/v1/contacts | catalogs.contacts.create | Create contact | +| GET | /api/v1/contacts | catalogs.contacts.read | List contacts | +| GET | /api/v1/contacts/search | catalogs.contacts.read | Quick search | +| GET | /api/v1/contacts/:id | catalogs.contacts.read | Get contact | +| PUT | /api/v1/contacts/:id | catalogs.contacts.update | Update contact | +| DELETE | /api/v1/contacts/:id | catalogs.contacts.delete | Delete contact | +| POST | /api/v1/contacts/:id/tags | catalogs.contacts.update | Assign tags | + +### Countries (Global - Read Only) + +| Method | Path | Permission | Description | +|--------|------|------------|-------------| +| GET | /api/v1/catalogs/countries | - | List countries | +| GET | /api/v1/catalogs/countries/:code | - | Get country | +| GET | /api/v1/catalogs/countries/:code/states | - | Get states | +| GET | /api/v1/catalogs/countries/search | - | Search countries | + +### Currencies + +| Method | Path | Permission | Description | +|--------|------|------------|-------------| +| GET | /api/v1/currencies | - | List currencies | +| GET | /api/v1/currencies/rates | catalogs.rates.read | Rate history | +| POST | /api/v1/currencies/rates | catalogs.rates.create | Register rate | +| GET | /api/v1/currencies/convert | catalogs.rates.read | Convert amount | + +### UoM + +| Method | Path | Permission | Description | +|--------|------|------------|-------------| +| GET | /api/v1/catalogs/uom-categories | catalogs.uom.read | List categories | +| POST | /api/v1/catalogs/uom-categories | catalogs.uom.create | Create category | +| GET | /api/v1/catalogs/uom | catalogs.uom.read | List UoMs | +| POST | /api/v1/catalogs/uom | catalogs.uom.create | Create UoM | +| GET | /api/v1/catalogs/uom/convert | catalogs.uom.read | Convert quantity | + +### Categories + +| Method | Path | Permission | Description | +|--------|------|------------|-------------| +| GET | /api/v1/catalogs/categories | catalogs.categories.read | List categories | +| POST | /api/v1/catalogs/categories | catalogs.categories.create | Create category | +| PUT | /api/v1/catalogs/categories/:id | catalogs.categories.update | Update category | +| DELETE | /api/v1/catalogs/categories/:id | catalogs.categories.delete | Delete category | + +--- + +## Module Registration + +```typescript +// catalogs.module.ts +import { Module } from '@nestjs/common'; +import { TypeOrmModule } from '@nestjs/typeorm'; + +// Entities +import { Contact } from './entities/contact.entity'; +import { ContactTag } from './entities/contact-tag.entity'; +import { Country } from './entities/country.entity'; +import { State } from './entities/state.entity'; +import { Currency } from './entities/currency.entity'; +import { CurrencyRate } from './entities/currency-rate.entity'; +import { UomCategory } from './entities/uom-category.entity'; +import { Uom } from './entities/uom.entity'; +import { Category } from './entities/category.entity'; + +// Services +import { ContactsService } from './services/contacts.service'; +import { CountriesService } from './services/countries.service'; +import { CurrenciesService } from './services/currencies.service'; +import { CurrencyRatesService } from './services/currency-rates.service'; +import { UomService } from './services/uom.service'; +import { CategoriesService } from './services/categories.service'; + +// Controllers +import { ContactsController } from './controllers/contacts.controller'; +import { CountriesController } from './controllers/countries.controller'; +import { CurrenciesController } from './controllers/currencies.controller'; +import { UomController } from './controllers/uom.controller'; +import { CategoriesController } from './controllers/categories.controller'; + +@Module({ + imports: [ + TypeOrmModule.forFeature([ + Contact, + ContactTag, + Country, + State, + Currency, + CurrencyRate, + UomCategory, + Uom, + Category, + ]), + ], + controllers: [ + ContactsController, + CountriesController, + CurrenciesController, + UomController, + CategoriesController, + ], + providers: [ + ContactsService, + CountriesService, + CurrenciesService, + CurrencyRatesService, + UomService, + CategoriesService, + ], + exports: [ + ContactsService, + CountriesService, + CurrenciesService, + CurrencyRatesService, + UomService, + CategoriesService, + ], +}) +export class CatalogsModule {} +``` + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | Requirements-Analyst | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| Tech Lead | - | - | [ ] | +| Backend Lead | - | - | [ ] | diff --git a/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-database.md b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-database.md new file mode 100644 index 0000000..1b0c4fa --- /dev/null +++ b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-database.md @@ -0,0 +1,887 @@ +# DDL-SPEC: Schema core_catalogs + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **Schema** | core_catalogs | +| **Modulo** | MGN-005 | +| **Version** | 1.0 | +| **Estado** | En Diseno | +| **Autor** | Requirements-Analyst | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +El schema `core_catalogs` contiene los catalogos maestros del ERP: contactos (clientes, proveedores, empleados), paises/estados, monedas, unidades de medida, y categorias/tags. Es un modulo transversal utilizado por todos los demas modulos de negocio. + +### Alcance + +- Gestion de contactos (partners) con tipos y roles +- Catalogos globales (paises, estados, monedas) - Sin RLS +- Catalogos por tenant (UoM, categorias, tags) - Con RLS +- Tasas de cambio historicas por tenant + +### RF Cubiertos + +| RF | Titulo | Tablas | +|----|--------|--------| +| RF-CATALOG-001 | Gestion de Contactos | contacts, contact_tags, contact_tag_rel | +| RF-CATALOG-002 | Paises y Estados | countries, states, country_groups | +| RF-CATALOG-003 | Monedas y Tasas | currencies, currency_rates | +| RF-CATALOG-004 | Unidades de Medida | uom_categories, uom | +| RF-CATALOG-005 | Categorias y Tags | categories, contact_tags | + +--- + +## Diagrama Entidad-Relacion + +```mermaid +erDiagram + %% Catalogos Globales (sin tenant_id) + countries ||--o{ states : "tiene" + countries ||--o{ country_group_rel : "pertenece" + country_groups ||--o{ country_group_rel : "incluye" + countries ||--o| currencies : "moneda_oficial" + + %% Contactos (con tenant_id) + contacts ||--o{ contacts : "parent/children" + contacts ||--o{ contact_tag_rel : "tiene" + contact_tags ||--o{ contact_tag_rel : "asignado_a" + contacts }o--|| countries : "pais" + contacts }o--|| states : "estado" + contacts }o--|| currencies : "moneda_preferida" + + %% Monedas y Tasas + currencies ||--o{ currency_rates : "tasas" + + %% Unidades de Medida + uom_categories ||--o{ uom : "contiene" + + %% Categorias Genericas + categories ||--o{ categories : "jerarquia" + + countries { + uuid id PK + varchar name + char code + char code3 + int phone_code + uuid currency_id FK + boolean is_active + } + + states { + uuid id PK + uuid country_id FK + varchar name + varchar code + boolean is_active + } + + currencies { + uuid id PK + char name + varchar full_name + varchar symbol + int decimal_places + boolean is_active + } + + contacts { + uuid id PK + uuid tenant_id FK + uuid parent_id FK + varchar name + varchar contact_type + jsonb roles + varchar email + varchar phone + varchar vat + uuid country_id FK + uuid state_id FK + boolean is_active + } + + contact_tags { + uuid id PK + uuid tenant_id FK + uuid parent_id FK + varchar name + int color + boolean is_active + } + + uom_categories { + uuid id PK + uuid tenant_id FK + varchar name + boolean is_active + } + + uom { + uuid id PK + uuid tenant_id FK + uuid category_id FK + varchar name + varchar uom_type + decimal factor + boolean is_active + } + + categories { + uuid id PK + uuid tenant_id FK + uuid parent_id FK + varchar entity_type + varchar name + varchar code + varchar parent_path + boolean is_active + } +``` + +--- + +## Tablas Globales (Sin RLS) + +### 1. countries + +Catalogo de paises segun ISO 3166-1. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre del pais | +| `code` | CHAR(2) | NOT NULL | - | Codigo ISO 3166-1 alpha-2 | +| `code3` | CHAR(3) | NOT NULL | - | Codigo ISO 3166-1 alpha-3 | +| `numeric_code` | INTEGER | NULL | - | Codigo numerico ISO | +| `phone_code` | INTEGER | NULL | - | Codigo telefonico | +| `currency_id` | UUID | NULL | - | Moneda oficial | +| `address_format` | TEXT | NULL | - | Template de direccion | +| `vat_label` | VARCHAR(20) | NULL | 'VAT' | Etiqueta para identificador fiscal | +| `state_required` | BOOLEAN | NOT NULL | false | Estado obligatorio | +| `zip_required` | BOOLEAN | NOT NULL | false | CP obligatorio | +| `is_active` | BOOLEAN | NOT NULL | true | Disponible para uso | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha actualizacion | + +#### Constraints + +```sql +CONSTRAINT pk_countries PRIMARY KEY (id), +CONSTRAINT uk_countries_code UNIQUE (code), +CONSTRAINT uk_countries_code3 UNIQUE (code3), +CONSTRAINT fk_countries_currency + FOREIGN KEY (currency_id) REFERENCES core_catalogs.currencies(id) +``` + +#### Indices + +```sql +CREATE INDEX idx_countries_code ON core_catalogs.countries(code); +CREATE INDEX idx_countries_name ON core_catalogs.countries(name); +CREATE INDEX idx_countries_active ON core_catalogs.countries(is_active) WHERE is_active = true; +``` + +--- + +### 2. states + +Estados/provincias por pais segun ISO 3166-2. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `country_id` | UUID | NOT NULL | - | FK a countries | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre del estado | +| `code` | VARCHAR(10) | NOT NULL | - | Codigo ISO 3166-2 | +| `is_active` | BOOLEAN | NOT NULL | true | Disponible para uso | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | + +#### Constraints + +```sql +CONSTRAINT pk_states PRIMARY KEY (id), +CONSTRAINT uk_states_code UNIQUE (code), +CONSTRAINT fk_states_country + FOREIGN KEY (country_id) REFERENCES core_catalogs.countries(id) ON DELETE CASCADE +``` + +#### Indices + +```sql +CREATE INDEX idx_states_country_id ON core_catalogs.states(country_id); +CREATE INDEX idx_states_code ON core_catalogs.states(code); +CREATE INDEX idx_states_name ON core_catalogs.states(name); +``` + +--- + +### 3. country_groups + +Agrupaciones regionales de paises. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre del grupo | +| `code` | VARCHAR(20) | NOT NULL | - | Codigo del grupo | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | + +#### Constraints + +```sql +CONSTRAINT pk_country_groups PRIMARY KEY (id), +CONSTRAINT uk_country_groups_code UNIQUE (code) +``` + +--- + +### 4. country_group_rel + +Relacion M:N paises-grupos. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `country_id` | UUID | NOT NULL | - | FK a countries | +| `group_id` | UUID | NOT NULL | - | FK a country_groups | + +#### Constraints + +```sql +CONSTRAINT pk_country_group_rel PRIMARY KEY (country_id, group_id), +CONSTRAINT fk_country_group_rel_country + FOREIGN KEY (country_id) REFERENCES core_catalogs.countries(id) ON DELETE CASCADE, +CONSTRAINT fk_country_group_rel_group + FOREIGN KEY (group_id) REFERENCES core_catalogs.country_groups(id) ON DELETE CASCADE +``` + +--- + +### 5. currencies + +Catalogo de monedas segun ISO 4217. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `name` | CHAR(3) | NOT NULL | - | Codigo ISO 4217 | +| `full_name` | VARCHAR(100) | NOT NULL | - | Nombre completo | +| `symbol` | VARCHAR(10) | NOT NULL | - | Simbolo | +| `iso_numeric` | INTEGER | NULL | - | Codigo numerico ISO | +| `decimal_places` | INTEGER | NOT NULL | 2 | Decimales | +| `rounding` | DECIMAL(10,6) | NOT NULL | 0.01 | Factor redondeo | +| `position` | VARCHAR(10) | NOT NULL | 'before' | Posicion simbolo | +| `is_active` | BOOLEAN | NOT NULL | true | Disponible | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha actualizacion | + +#### Constraints + +```sql +CONSTRAINT pk_currencies PRIMARY KEY (id), +CONSTRAINT uk_currencies_name UNIQUE (name), +CONSTRAINT chk_currencies_position CHECK (position IN ('before', 'after')), +CONSTRAINT chk_currencies_decimal_places CHECK (decimal_places >= 0 AND decimal_places <= 6) +``` + +#### Indices + +```sql +CREATE INDEX idx_currencies_name ON core_catalogs.currencies(name); +CREATE INDEX idx_currencies_active ON core_catalogs.currencies(is_active) WHERE is_active = true; +``` + +--- + +## Tablas por Tenant (Con RLS) + +### 6. contacts + +Contactos: clientes, proveedores, empleados y otros terceros. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `parent_id` | UUID | NULL | - | Empresa padre (para contactos) | +| `name` | VARCHAR(255) | NOT NULL | - | Nombre completo | +| `display_name` | VARCHAR(500) | NULL | - | Computed: parent + name | +| `contact_type` | VARCHAR(20) | NOT NULL | 'company' | company/individual/contact | +| `roles` | JSONB | NOT NULL | '[]' | Roles: customer, vendor, employee | +| `ref` | VARCHAR(50) | NULL | - | Codigo interno | +| `vat` | VARCHAR(50) | NULL | - | RFC/NIT/RUT | +| `email` | VARCHAR(255) | NULL | - | Email principal | +| `phone` | VARCHAR(50) | NULL | - | Telefono fijo | +| `mobile` | VARCHAR(50) | NULL | - | Celular | +| `website` | VARCHAR(255) | NULL | - | Sitio web | +| `street` | VARCHAR(255) | NULL | - | Calle | +| `street2` | VARCHAR(255) | NULL | - | Linea 2 | +| `city` | VARCHAR(100) | NULL | - | Ciudad | +| `zip` | VARCHAR(20) | NULL | - | Codigo postal | +| `state_id` | UUID | NULL | - | FK a states | +| `country_id` | UUID | NULL | - | FK a countries | +| `function` | VARCHAR(100) | NULL | - | Cargo/puesto | +| `user_id` | UUID | NULL | - | FK a users (vinculacion) | +| `currency_id` | UUID | NULL | - | Moneda preferida | +| `payment_term_days` | INTEGER | NULL | - | Dias de credito | +| `credit_limit` | DECIMAL(15,2) | NULL | 0 | Limite de credito | +| `bank_accounts` | JSONB | NULL | '[]' | Cuentas bancarias | +| `notes` | TEXT | NULL | - | Notas | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha actualizacion | +| `created_by` | UUID | NULL | - | Usuario creador | +| `updated_by` | UUID | NULL | - | Usuario modificador | + +#### Constraints + +```sql +CONSTRAINT pk_contacts PRIMARY KEY (id), +CONSTRAINT fk_contacts_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_contacts_parent + FOREIGN KEY (parent_id) REFERENCES core_catalogs.contacts(id) ON DELETE CASCADE, +CONSTRAINT fk_contacts_state + FOREIGN KEY (state_id) REFERENCES core_catalogs.states(id), +CONSTRAINT fk_contacts_country + FOREIGN KEY (country_id) REFERENCES core_catalogs.countries(id), +CONSTRAINT fk_contacts_currency + FOREIGN KEY (currency_id) REFERENCES core_catalogs.currencies(id), +CONSTRAINT fk_contacts_user + FOREIGN KEY (user_id) REFERENCES core_users.users(id) ON DELETE SET NULL, +CONSTRAINT uk_contacts_vat_tenant UNIQUE (tenant_id, vat) WHERE vat IS NOT NULL, +CONSTRAINT uk_contacts_ref_tenant UNIQUE (tenant_id, ref) WHERE ref IS NOT NULL, +CONSTRAINT uk_contacts_user UNIQUE (user_id) WHERE user_id IS NOT NULL, +CONSTRAINT chk_contacts_type CHECK (contact_type IN ('company', 'individual', 'contact')), +CONSTRAINT chk_contacts_contact_has_parent + CHECK (contact_type != 'contact' OR parent_id IS NOT NULL), +CONSTRAINT chk_contacts_credit_limit CHECK (credit_limit >= 0) +``` + +#### Indices + +```sql +CREATE INDEX idx_contacts_tenant_id ON core_catalogs.contacts(tenant_id); +CREATE INDEX idx_contacts_parent_id ON core_catalogs.contacts(parent_id); +CREATE INDEX idx_contacts_type ON core_catalogs.contacts(contact_type); +CREATE INDEX idx_contacts_email ON core_catalogs.contacts(email); +CREATE INDEX idx_contacts_vat ON core_catalogs.contacts(vat) WHERE vat IS NOT NULL; +CREATE INDEX idx_contacts_roles ON core_catalogs.contacts USING gin(roles); +CREATE INDEX idx_contacts_search ON core_catalogs.contacts + USING gin(to_tsvector('spanish', name || ' ' || COALESCE(email, '') || ' ' || COALESCE(vat, ''))); +``` + +--- + +### 7. contact_tags + +Tags para clasificar contactos. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `parent_id` | UUID | NULL | - | Tag padre | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre del tag | +| `color` | INTEGER | NOT NULL | 1 | Color (1-11) | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | + +#### Constraints + +```sql +CONSTRAINT pk_contact_tags PRIMARY KEY (id), +CONSTRAINT fk_contact_tags_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_contact_tags_parent + FOREIGN KEY (parent_id) REFERENCES core_catalogs.contact_tags(id) ON DELETE CASCADE, +CONSTRAINT uk_contact_tags_name_parent UNIQUE (tenant_id, parent_id, name), +CONSTRAINT chk_contact_tags_color CHECK (color >= 1 AND color <= 11) +``` + +--- + +### 8. contact_tag_rel + +Relacion M:N contactos-tags. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `contact_id` | UUID | NOT NULL | - | FK a contacts | +| `tag_id` | UUID | NOT NULL | - | FK a contact_tags | + +#### Constraints + +```sql +CONSTRAINT pk_contact_tag_rel PRIMARY KEY (contact_id, tag_id), +CONSTRAINT fk_contact_tag_rel_contact + FOREIGN KEY (contact_id) REFERENCES core_catalogs.contacts(id) ON DELETE CASCADE, +CONSTRAINT fk_contact_tag_rel_tag + FOREIGN KEY (tag_id) REFERENCES core_catalogs.contact_tags(id) ON DELETE CASCADE +``` + +--- + +### 9. currency_rates + +Tasas de cambio historicas por tenant. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `currency_id` | UUID | NOT NULL | - | FK a currencies | +| `rate` | DECIMAL(20,10) | NOT NULL | - | Tasa vs moneda base | +| `name` | DATE | NOT NULL | - | Fecha de la tasa | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `created_by` | UUID | NULL | - | Usuario creador | + +#### Constraints + +```sql +CONSTRAINT pk_currency_rates PRIMARY KEY (id), +CONSTRAINT fk_currency_rates_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_currency_rates_currency + FOREIGN KEY (currency_id) REFERENCES core_catalogs.currencies(id), +CONSTRAINT uk_currency_rates_tenant_currency_date UNIQUE (tenant_id, currency_id, name), +CONSTRAINT chk_currency_rates_positive CHECK (rate > 0) +``` + +#### Indices + +```sql +CREATE INDEX idx_currency_rates_tenant_id ON core_catalogs.currency_rates(tenant_id); +CREATE INDEX idx_currency_rates_currency_id ON core_catalogs.currency_rates(currency_id); +CREATE INDEX idx_currency_rates_date ON core_catalogs.currency_rates(name DESC); +CREATE INDEX idx_currency_rates_lookup + ON core_catalogs.currency_rates(tenant_id, currency_id, name DESC); +``` + +--- + +### 10. uom_categories + +Categorias de unidades de medida. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre categoria | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | + +#### Constraints + +```sql +CONSTRAINT pk_uom_categories PRIMARY KEY (id), +CONSTRAINT fk_uom_categories_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT uk_uom_categories_name_tenant UNIQUE (tenant_id, name) +``` + +--- + +### 11. uom + +Unidades de medida. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `category_id` | UUID | NOT NULL | - | FK a uom_categories | +| `name` | VARCHAR(50) | NOT NULL | - | Nombre unidad | +| `uom_type` | VARCHAR(20) | NOT NULL | - | reference/bigger/smaller | +| `factor` | DECIMAL(20,10) | NOT NULL | 1 | Factor de conversion | +| `rounding` | DECIMAL(10,6) | NOT NULL | 0.01 | Precision redondeo | +| `is_protected` | BOOLEAN | NOT NULL | false | Protegida de edicion | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha actualizacion | + +#### Constraints + +```sql +CONSTRAINT pk_uom PRIMARY KEY (id), +CONSTRAINT fk_uom_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_uom_category + FOREIGN KEY (category_id) REFERENCES core_catalogs.uom_categories(id) ON DELETE CASCADE, +CONSTRAINT uk_uom_name_category UNIQUE (category_id, name), +CONSTRAINT chk_uom_type CHECK (uom_type IN ('reference', 'bigger', 'smaller')), +CONSTRAINT chk_uom_factor CHECK (factor > 0), +CONSTRAINT chk_uom_reference_factor CHECK (uom_type != 'reference' OR factor = 1) +``` + +#### Indices + +```sql +CREATE INDEX idx_uom_tenant_id ON core_catalogs.uom(tenant_id); +CREATE INDEX idx_uom_category_id ON core_catalogs.uom(category_id); +CREATE INDEX idx_uom_type ON core_catalogs.uom(uom_type); +``` + +--- + +### 12. categories + +Categorias genericas para diferentes entidades. + +#### Estructura + +| Columna | Tipo | Nullable | Default | Descripcion | +|---------|------|----------|---------|-------------| +| `id` | UUID | NOT NULL | gen_random_uuid() | PK | +| `tenant_id` | UUID | NOT NULL | - | FK a tenants | +| `entity_type` | VARCHAR(50) | NOT NULL | - | Tipo: contact, product, expense | +| `parent_id` | UUID | NULL | - | Categoria padre | +| `parent_path` | VARCHAR(255) | NULL | - | Path materializado | +| `name` | VARCHAR(100) | NOT NULL | - | Nombre categoria | +| `code` | VARCHAR(50) | NULL | - | Codigo unico | +| `sort_order` | INTEGER | NOT NULL | 0 | Orden visualizacion | +| `is_active` | BOOLEAN | NOT NULL | true | Activo | +| `created_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha creacion | +| `updated_at` | TIMESTAMPTZ | NOT NULL | NOW() | Fecha actualizacion | + +#### Constraints + +```sql +CONSTRAINT pk_categories PRIMARY KEY (id), +CONSTRAINT fk_categories_tenant + FOREIGN KEY (tenant_id) REFERENCES core_tenants.tenants(id) ON DELETE CASCADE, +CONSTRAINT fk_categories_parent + FOREIGN KEY (parent_id) REFERENCES core_catalogs.categories(id) ON DELETE CASCADE, +CONSTRAINT uk_categories_code_type_tenant UNIQUE (tenant_id, entity_type, code) WHERE code IS NOT NULL, +CONSTRAINT chk_categories_entity_type + CHECK (entity_type IN ('contact', 'product', 'expense', 'document', 'project')) +``` + +#### Indices + +```sql +CREATE INDEX idx_categories_tenant_id ON core_catalogs.categories(tenant_id); +CREATE INDEX idx_categories_parent_id ON core_catalogs.categories(parent_id); +CREATE INDEX idx_categories_entity_type ON core_catalogs.categories(entity_type); +CREATE INDEX idx_categories_parent_path ON core_catalogs.categories + USING gin (parent_path gin_trgm_ops); +``` + +--- + +## Row Level Security (RLS) + +### Politicas para Tablas con Tenant + +```sql +-- Habilitar RLS +ALTER TABLE core_catalogs.contacts ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.contact_tags ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.contact_tag_rel ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.currency_rates ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.uom_categories ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.uom ENABLE ROW LEVEL SECURITY; +ALTER TABLE core_catalogs.categories ENABLE ROW LEVEL SECURITY; + +-- Politica de aislamiento por tenant +CREATE POLICY tenant_isolation_contacts ON core_catalogs.contacts + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_contact_tags ON core_catalogs.contact_tags + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_currency_rates ON core_catalogs.currency_rates + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_uom_categories ON core_catalogs.uom_categories + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_uom ON core_catalogs.uom + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); + +CREATE POLICY tenant_isolation_categories ON core_catalogs.categories + FOR ALL + USING (tenant_id = current_setting('app.current_tenant_id')::uuid); +``` + +### Tablas Globales (Sin RLS) + +```sql +-- Catalogos globales NO tienen RLS +-- countries, states, country_groups, currencies +-- Son de solo lectura para tenants +``` + +--- + +## Funciones de Utilidad + +### 1. Conversion de Moneda + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.convert_currency( + p_amount DECIMAL, + p_from_currency UUID, + p_to_currency UUID, + p_tenant_id UUID, + p_date DATE DEFAULT CURRENT_DATE +) RETURNS DECIMAL AS $$ +DECLARE + v_from_rate DECIMAL; + v_to_rate DECIMAL; +BEGIN + -- Si son la misma moneda, retornar el monto + IF p_from_currency = p_to_currency THEN + RETURN p_amount; + END IF; + + -- Obtener tasa de origen (ultima disponible hasta la fecha) + SELECT rate INTO v_from_rate + FROM core_catalogs.currency_rates + WHERE tenant_id = p_tenant_id + AND currency_id = p_from_currency + AND name <= p_date + ORDER BY name DESC LIMIT 1; + + -- Obtener tasa de destino + SELECT rate INTO v_to_rate + FROM core_catalogs.currency_rates + WHERE tenant_id = p_tenant_id + AND currency_id = p_to_currency + AND name <= p_date + ORDER BY name DESC LIMIT 1; + + -- Convertir (asumiendo rates vs moneda base) + RETURN p_amount * (COALESCE(v_to_rate, 1) / COALESCE(v_from_rate, 1)); +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### 2. Conversion de UoM + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.convert_uom( + p_quantity DECIMAL, + p_from_uom UUID, + p_to_uom UUID +) RETURNS DECIMAL AS $$ +DECLARE + v_from_factor DECIMAL; + v_to_factor DECIMAL; + v_from_category UUID; + v_to_category UUID; +BEGIN + -- Si son la misma UoM, retornar la cantidad + IF p_from_uom = p_to_uom THEN + RETURN p_quantity; + END IF; + + -- Obtener datos de origen + SELECT factor, category_id INTO v_from_factor, v_from_category + FROM core_catalogs.uom WHERE id = p_from_uom; + + -- Obtener datos de destino + SELECT factor, category_id INTO v_to_factor, v_to_category + FROM core_catalogs.uom WHERE id = p_to_uom; + + -- Validar misma categoria + IF v_from_category != v_to_category THEN + RAISE EXCEPTION 'Cannot convert between different UoM categories'; + END IF; + + -- Convertir + RETURN p_quantity * (v_from_factor / v_to_factor); +END; +$$ LANGUAGE plpgsql STABLE; +``` + +### 3. Display Name de Categoria + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.get_category_display_name(p_id UUID) +RETURNS TEXT AS $$ +WITH RECURSIVE ancestors AS ( + SELECT id, name, parent_id, 1 as level + FROM core_catalogs.categories WHERE id = p_id + UNION ALL + SELECT c.id, c.name, c.parent_id, a.level + 1 + FROM core_catalogs.categories c + JOIN ancestors a ON c.id = a.parent_id +) +SELECT string_agg(name, ' / ' ORDER BY level DESC) +FROM ancestors; +$$ LANGUAGE SQL STABLE; +``` + +### 4. Actualizar Parent Path + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.update_category_parent_path() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.parent_id IS NULL THEN + NEW.parent_path := NEW.id::text || '/'; + ELSE + SELECT parent_path || NEW.id::text || '/' + INTO NEW.parent_path + FROM core_catalogs.categories + WHERE id = NEW.parent_id; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_update_category_parent_path +BEFORE INSERT OR UPDATE OF parent_id ON core_catalogs.categories +FOR EACH ROW +EXECUTE FUNCTION core_catalogs.update_category_parent_path(); +``` + +--- + +## Triggers + +### 1. Validar Una Sola UoM Reference por Categoria + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.validate_uom_reference() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.uom_type = 'reference' THEN + IF EXISTS ( + SELECT 1 FROM core_catalogs.uom + WHERE category_id = NEW.category_id + AND uom_type = 'reference' + AND id != NEW.id + ) THEN + RAISE EXCEPTION 'Category already has a reference UoM'; + END IF; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_validate_uom_reference +BEFORE INSERT OR UPDATE ON core_catalogs.uom +FOR EACH ROW +EXECUTE FUNCTION core_catalogs.validate_uom_reference(); +``` + +### 2. Actualizar Display Name de Contacto + +```sql +CREATE OR REPLACE FUNCTION core_catalogs.update_contact_display_name() +RETURNS TRIGGER AS $$ +BEGIN + IF NEW.parent_id IS NOT NULL THEN + SELECT name || ', ' || NEW.name + INTO NEW.display_name + FROM core_catalogs.contacts + WHERE id = NEW.parent_id; + ELSE + NEW.display_name := NEW.name; + END IF; + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +CREATE TRIGGER trg_update_contact_display_name +BEFORE INSERT OR UPDATE OF name, parent_id ON core_catalogs.contacts +FOR EACH ROW +EXECUTE FUNCTION core_catalogs.update_contact_display_name(); +``` + +--- + +## Seed Data + +### Paises Principales + +```sql +INSERT INTO core_catalogs.countries (name, code, code3, phone_code, vat_label, state_required) VALUES +('Mexico', 'MX', 'MEX', 52, 'RFC', true), +('United States', 'US', 'USA', 1, 'Tax ID', true), +('Spain', 'ES', 'ESP', 34, 'NIF', true), +('Colombia', 'CO', 'COL', 57, 'NIT', true), +('Argentina', 'AR', 'ARG', 54, 'CUIT', true), +('Chile', 'CL', 'CHL', 56, 'RUT', true), +('Peru', 'PE', 'PER', 51, 'RUC', true); +``` + +### Monedas Principales + +```sql +INSERT INTO core_catalogs.currencies (name, full_name, symbol, decimal_places, position) VALUES +('MXN', 'Mexican Peso', '$', 2, 'before'), +('USD', 'US Dollar', '$', 2, 'before'), +('EUR', 'Euro', '€', 2, 'before'), +('COP', 'Colombian Peso', '$', 0, 'before'), +('ARS', 'Argentine Peso', '$', 2, 'before'), +('CLP', 'Chilean Peso', '$', 0, 'before'), +('PEN', 'Peruvian Sol', 'S/', 2, 'before'); +``` + +--- + +## Consideraciones de Performance + +| Tabla | Volumen Esperado | Estrategia | +|-------|------------------|------------| +| countries | ~250 | Cache agresivo | +| states | ~4000 | Cache por pais | +| currencies | ~180 | Cache agresivo | +| contacts | Alto (miles) | Indices GIN, paginacion | +| currency_rates | Medio | Indice compuesto fecha | +| uom | Bajo (~50/tenant) | Cache por tenant | +| categories | Medio | Parent path para consultas | + +--- + +## Historial de Cambios + +| Version | Fecha | Autor | Cambios | +|---------|-------|-------|---------| +| 1.0 | 2025-12-05 | Requirements-Analyst | Creacion inicial | + +--- + +## Aprobaciones + +| Rol | Nombre | Fecha | Firma | +|-----|--------|-------|-------| +| DBA | - | - | [ ] | +| Tech Lead | - | - | [ ] | +| Architect | - | - | [ ] | diff --git a/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-frontend.md b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-frontend.md new file mode 100644 index 0000000..946fcad --- /dev/null +++ b/docs/02-fase-core-business/MGN-005-catalogs/especificaciones/ET-CATALOG-frontend.md @@ -0,0 +1,1372 @@ +# ET-CATALOG-FRONTEND: Componentes React + +## Identificacion + +| Campo | Valor | +|-------|-------| +| **ID** | ET-CATALOG-FRONTEND | +| **Modulo** | MGN-005 Catalogs | +| **Version** | 1.0 | +| **Estado** | En Diseno | +| **Framework** | React + TypeScript | +| **UI Library** | shadcn/ui | +| **State** | Zustand | +| **Autor** | Requirements-Analyst | +| **Fecha** | 2025-12-05 | + +--- + +## Descripcion General + +Especificacion tecnica del modulo frontend de Catalogs. Incluye paginas, componentes, stores y hooks para la gestion de contactos, catalogos globales y catalogos por tenant. + +### Estructura de Archivos + +``` +apps/frontend/src/modules/catalogs/ +├── index.ts +├── routes.tsx +├── pages/ +│ ├── ContactsPage.tsx +│ ├── ContactDetailPage.tsx +│ ├── ContactFormPage.tsx +│ ├── CurrenciesPage.tsx +│ ├── UomPage.tsx +│ └── CategoriesPage.tsx +├── components/ +│ ├── contacts/ +│ │ ├── ContactList.tsx +│ │ ├── ContactCard.tsx +│ │ ├── ContactForm.tsx +│ │ ├── ContactSearch.tsx +│ │ ├── ContactTagBadge.tsx +│ │ └── ContactTypeIcon.tsx +│ ├── currencies/ +│ │ ├── CurrencySelect.tsx +│ │ ├── CurrencyRateForm.tsx +│ │ └── CurrencyConverter.tsx +│ ├── countries/ +│ │ ├── CountrySelect.tsx +│ │ └── StateSelect.tsx +│ ├── uom/ +│ │ ├── UomCategoryList.tsx +│ │ ├── UomList.tsx +│ │ ├── UomForm.tsx +│ │ └── UomConverter.tsx +│ └── categories/ +│ ├── CategoryTree.tsx +│ ├── CategoryForm.tsx +│ └── CategorySelect.tsx +├── stores/ +│ ├── contacts.store.ts +│ ├── countries.store.ts +│ ├── currencies.store.ts +│ └── uom.store.ts +├── hooks/ +│ ├── useContacts.ts +│ ├── useCountries.ts +│ ├── useCurrencies.ts +│ ├── useUom.ts +│ └── useCategories.ts +├── services/ +│ ├── contacts.service.ts +│ ├── countries.service.ts +│ ├── currencies.service.ts +│ ├── uom.service.ts +│ └── categories.service.ts +└── types/ + ├── contact.types.ts + ├── country.types.ts + ├── currency.types.ts + ├── uom.types.ts + └── category.types.ts +``` + +--- + +## Types + +### Contact Types + +```typescript +// types/contact.types.ts + +export enum ContactType { + COMPANY = 'company', + INDIVIDUAL = 'individual', + CONTACT = 'contact' +} + +export enum ContactRole { + CUSTOMER = 'customer', + VENDOR = 'vendor', + EMPLOYEE = 'employee', + OTHER = 'other' +} + +export interface Contact { + id: string; + tenantId: string; + parentId?: string; + parent?: Contact; + children?: Contact[]; + name: string; + displayName?: string; + contactType: ContactType; + roles: ContactRole[]; + ref?: string; + vat?: string; + email?: string; + phone?: string; + mobile?: string; + website?: string; + street?: string; + street2?: string; + city?: string; + zip?: string; + stateId?: string; + state?: State; + countryId?: string; + country?: Country; + function?: string; + userId?: string; + currencyId?: string; + currency?: Currency; + paymentTermDays?: number; + creditLimit?: number; + bankAccounts?: BankAccount[]; + notes?: string; + isActive: boolean; + tags?: ContactTag[]; + createdAt: string; + updatedAt: string; +} + +export interface ContactTag { + id: string; + tenantId: string; + parentId?: string; + name: string; + color: number; + displayName?: string; + isActive: boolean; +} + +export interface BankAccount { + bankName: string; + accountNumber: string; + accountType: string; + clabe?: string; +} + +export interface CreateContactDto { + name: string; + contactType: ContactType; + roles?: ContactRole[]; + parentId?: string; + ref?: string; + vat?: string; + email?: string; + phone?: string; + mobile?: string; + website?: string; + address?: { + street?: string; + street2?: string; + city?: string; + zip?: string; + stateId?: string; + countryId?: string; + }; + function?: string; + currencyId?: string; + paymentTermDays?: number; + creditLimit?: number; + tagIds?: string[]; +} + +export interface ContactFilters { + type?: ContactType; + roles?: ContactRole[]; + search?: string; + isCustomer?: boolean; + isVendor?: boolean; + tags?: string[]; + includeChildren?: boolean; + page?: number; + limit?: number; +} +``` + +### Currency Types + +```typescript +// types/currency.types.ts + +export interface Currency { + id: string; + name: string; // ISO code + fullName: string; + symbol: string; + decimalPlaces: number; + rounding: number; + position: 'before' | 'after'; + isActive: boolean; +} + +export interface CurrencyRate { + id: string; + tenantId: string; + currencyId: string; + currency?: Currency; + rate: number; + name: string; // date + createdAt: string; +} + +export interface ConversionResult { + from: { currencyId: string; amount: number }; + to: { currencyId: string; amount: number }; + rate: number; + date: string; +} +``` + +### UoM Types + +```typescript +// types/uom.types.ts + +export enum UomType { + REFERENCE = 'reference', + BIGGER = 'bigger', + SMALLER = 'smaller' +} + +export interface UomCategory { + id: string; + tenantId: string; + name: string; + isActive: boolean; + uomCount?: number; +} + +export interface Uom { + id: string; + tenantId: string; + categoryId: string; + category?: UomCategory; + name: string; + uomType: UomType; + factor: number; + rounding: number; + isProtected: boolean; + isActive: boolean; +} + +export interface UomConversionResult { + from: { uomId: string; quantity: number }; + to: { uomId: string; quantity: number }; + factor: number; +} +``` + +--- + +## Stores (Zustand) + +### Contacts Store + +```typescript +// stores/contacts.store.ts +import { create } from 'zustand'; +import { devtools } from 'zustand/middleware'; +import { Contact, ContactFilters, CreateContactDto } from '../types/contact.types'; +import { contactsService } from '../services/contacts.service'; +import { PaginatedResult } from '@core/types/pagination'; + +interface ContactsState { + // Data + contacts: Contact[]; + selectedContact: Contact | null; + total: number; + page: number; + limit: number; + + // UI State + isLoading: boolean; + error: string | null; + filters: ContactFilters; + + // Actions + fetchContacts: (filters?: ContactFilters) => Promise; + fetchContact: (id: string) => Promise; + createContact: (dto: CreateContactDto) => Promise; + updateContact: (id: string, dto: Partial) => Promise; + deleteContact: (id: string) => Promise; + setFilters: (filters: Partial) => void; + resetFilters: () => void; + clearError: () => void; +} + +const defaultFilters: ContactFilters = { + page: 1, + limit: 20, + search: '', +}; + +export const useContactsStore = create()( + devtools( + (set, get) => ({ + // Initial state + contacts: [], + selectedContact: null, + total: 0, + page: 1, + limit: 20, + isLoading: false, + error: null, + filters: defaultFilters, + + // Actions + fetchContacts: async (filters?: ContactFilters) => { + set({ isLoading: true, error: null }); + try { + const mergedFilters = { ...get().filters, ...filters }; + const result = await contactsService.getAll(mergedFilters); + set({ + contacts: result.data, + total: result.meta.total, + page: result.meta.page, + limit: result.meta.limit, + isLoading: false, + filters: mergedFilters, + }); + } catch (error: any) { + set({ error: error.message, isLoading: false }); + } + }, + + fetchContact: async (id: string) => { + set({ isLoading: true, error: null }); + try { + const contact = await contactsService.getById(id); + set({ selectedContact: contact, isLoading: false }); + } catch (error: any) { + set({ error: error.message, isLoading: false }); + } + }, + + createContact: async (dto: CreateContactDto) => { + set({ isLoading: true, error: null }); + try { + const contact = await contactsService.create(dto); + set((state) => ({ + contacts: [contact, ...state.contacts], + isLoading: false, + })); + return contact; + } catch (error: any) { + set({ error: error.message, isLoading: false }); + throw error; + } + }, + + updateContact: async (id: string, dto: Partial) => { + set({ isLoading: true, error: null }); + try { + const contact = await contactsService.update(id, dto); + set((state) => ({ + contacts: state.contacts.map((c) => (c.id === id ? contact : c)), + selectedContact: state.selectedContact?.id === id ? contact : state.selectedContact, + isLoading: false, + })); + return contact; + } catch (error: any) { + set({ error: error.message, isLoading: false }); + throw error; + } + }, + + deleteContact: async (id: string) => { + set({ isLoading: true, error: null }); + try { + await contactsService.delete(id); + set((state) => ({ + contacts: state.contacts.filter((c) => c.id !== id), + selectedContact: state.selectedContact?.id === id ? null : state.selectedContact, + isLoading: false, + })); + } catch (error: any) { + set({ error: error.message, isLoading: false }); + throw error; + } + }, + + setFilters: (filters: Partial) => { + set((state) => ({ + filters: { ...state.filters, ...filters, page: 1 }, + })); + }, + + resetFilters: () => { + set({ filters: defaultFilters }); + }, + + clearError: () => { + set({ error: null }); + }, + }), + { name: 'contacts-store' } + ) +); +``` + +### Countries Store + +```typescript +// stores/countries.store.ts +import { create } from 'zustand'; +import { persist } from 'zustand/middleware'; +import { Country, State } from '../types/country.types'; +import { countriesService } from '../services/countries.service'; + +interface CountriesState { + countries: Country[]; + statesByCountry: Record; + isLoading: boolean; + + fetchCountries: () => Promise; + fetchStates: (countryCode: string) => Promise; + getCountryByCode: (code: string) => Country | undefined; +} + +export const useCountriesStore = create()( + persist( + (set, get) => ({ + countries: [], + statesByCountry: {}, + isLoading: false, + + fetchCountries: async () => { + if (get().countries.length > 0) return; // Cache hit + + set({ isLoading: true }); + try { + const countries = await countriesService.getAll(); + set({ countries, isLoading: false }); + } catch { + set({ isLoading: false }); + } + }, + + fetchStates: async (countryCode: string) => { + const cached = get().statesByCountry[countryCode]; + if (cached) return cached; + + const states = await countriesService.getStates(countryCode); + set((state) => ({ + statesByCountry: { + ...state.statesByCountry, + [countryCode]: states, + }, + })); + return states; + }, + + getCountryByCode: (code: string) => { + return get().countries.find((c) => c.code === code); + }, + }), + { + name: 'countries-cache', + partialize: (state) => ({ + countries: state.countries, + statesByCountry: state.statesByCountry, + }), + } + ) +); +``` + +--- + +## Components + +### ContactList + +```tsx +// components/contacts/ContactList.tsx +import { useEffect } from 'react'; +import { useNavigate } from 'react-router-dom'; +import { + Table, + TableBody, + TableCell, + TableHead, + TableHeader, + TableRow, +} from '@/components/ui/table'; +import { Badge } from '@/components/ui/badge'; +import { Button } from '@/components/ui/button'; +import { Skeleton } from '@/components/ui/skeleton'; +import { Pagination } from '@/components/ui/pagination'; +import { ContactTypeIcon } from './ContactTypeIcon'; +import { ContactTagBadge } from './ContactTagBadge'; +import { useContactsStore } from '../../stores/contacts.store'; +import { Contact, ContactRole } from '../../types/contact.types'; + +interface ContactListProps { + onSelect?: (contact: Contact) => void; +} + +export function ContactList({ onSelect }: ContactListProps) { + const navigate = useNavigate(); + const { + contacts, + total, + page, + limit, + isLoading, + filters, + fetchContacts, + setFilters, + } = useContactsStore(); + + useEffect(() => { + fetchContacts(); + }, [filters]); + + const handleRowClick = (contact: Contact) => { + if (onSelect) { + onSelect(contact); + } else { + navigate(`/catalogs/contacts/${contact.id}`); + } + }; + + const handlePageChange = (newPage: number) => { + setFilters({ page: newPage }); + }; + + if (isLoading) { + return ( +
+ {[...Array(5)].map((_, i) => ( + + ))} +
+ ); + } + + return ( +
+ + + + + Nombre + Email + Telefono + Tipo + Tags + Acciones + + + + {contacts.map((contact) => ( + handleRowClick(contact)} + > + + + + +
+
{contact.name}
+ {contact.vat && ( +
+ {contact.vat} +
+ )} +
+ + {contact.email} + {contact.phone || contact.mobile} + +
+ {contact.roles.includes(ContactRole.CUSTOMER) && ( + Cliente + )} + {contact.roles.includes(ContactRole.VENDOR) && ( + Proveedor + )} +
+ + +
+ {contact.tags?.slice(0, 2).map((tag) => ( + + ))} + {(contact.tags?.length ?? 0) > 2 && ( + + +{contact.tags!.length - 2} + + )} +
+ + + + + + ))} + +
+ + +
+ ); +} +``` + +### ContactForm + +```tsx +// components/contacts/ContactForm.tsx +import { useForm } from 'react-hook-form'; +import { zodResolver } from '@hookform/resolvers/zod'; +import { z } from 'zod'; +import { + Form, + FormControl, + FormField, + FormItem, + FormLabel, + FormMessage, +} from '@/components/ui/form'; +import { Input } from '@/components/ui/input'; +import { Button } from '@/components/ui/button'; +import { Textarea } from '@/components/ui/textarea'; +import { Checkbox } from '@/components/ui/checkbox'; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue, +} from '@/components/ui/select'; +import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'; +import { CountrySelect } from '../countries/CountrySelect'; +import { StateSelect } from '../countries/StateSelect'; +import { CurrencySelect } from '../currencies/CurrencySelect'; +import { Contact, ContactType, ContactRole, CreateContactDto } from '../../types/contact.types'; + +const contactSchema = z.object({ + name: z.string().min(1, 'Nombre requerido').max(255), + contactType: z.nativeEnum(ContactType), + roles: z.array(z.nativeEnum(ContactRole)).optional(), + parentId: z.string().uuid().optional().nullable(), + ref: z.string().max(50).optional(), + vat: z.string().max(50).optional(), + email: z.string().email('Email invalido').optional().or(z.literal('')), + phone: z.string().max(50).optional(), + mobile: z.string().max(50).optional(), + website: z.string().url('URL invalida').optional().or(z.literal('')), + street: z.string().max(255).optional(), + street2: z.string().max(255).optional(), + city: z.string().max(100).optional(), + zip: z.string().max(20).optional(), + stateId: z.string().uuid().optional().nullable(), + countryId: z.string().uuid().optional().nullable(), + function: z.string().max(100).optional(), + currencyId: z.string().uuid().optional().nullable(), + paymentTermDays: z.number().min(0).optional(), + creditLimit: z.number().min(0).optional(), + notes: z.string().optional(), +}); + +type ContactFormData = z.infer; + +interface ContactFormProps { + contact?: Contact; + onSubmit: (data: CreateContactDto) => Promise; + onCancel: () => void; + isLoading?: boolean; +} + +export function ContactForm({ + contact, + onSubmit, + onCancel, + isLoading, +}: ContactFormProps) { + const form = useForm({ + resolver: zodResolver(contactSchema), + defaultValues: { + name: contact?.name ?? '', + contactType: contact?.contactType ?? ContactType.COMPANY, + roles: contact?.roles ?? [], + parentId: contact?.parentId, + ref: contact?.ref ?? '', + vat: contact?.vat ?? '', + email: contact?.email ?? '', + phone: contact?.phone ?? '', + mobile: contact?.mobile ?? '', + website: contact?.website ?? '', + street: contact?.street ?? '', + street2: contact?.street2 ?? '', + city: contact?.city ?? '', + zip: contact?.zip ?? '', + stateId: contact?.stateId, + countryId: contact?.countryId, + function: contact?.function ?? '', + currencyId: contact?.currencyId, + paymentTermDays: contact?.paymentTermDays, + creditLimit: contact?.creditLimit, + notes: contact?.notes ?? '', + }, + }); + + const contactType = form.watch('contactType'); + const countryId = form.watch('countryId'); + + const handleSubmit = async (data: ContactFormData) => { + const dto: CreateContactDto = { + ...data, + address: { + street: data.street, + street2: data.street2, + city: data.city, + zip: data.zip, + stateId: data.stateId ?? undefined, + countryId: data.countryId ?? undefined, + }, + }; + await onSubmit(dto); + }; + + return ( +
+ + + + General + Direccion + Comercial + + + +
+ ( + + Nombre * + + + + + + )} + /> + + ( + + Tipo * + + + + )} + /> +
+ + ( + + Roles +
+ {Object.values(ContactRole).map((role) => ( + ( + + + { + const current = field.value ?? []; + if (checked) { + field.onChange([...current, role]); + } else { + field.onChange( + current.filter((r) => r !== role) + ); + } + }} + /> + + + {role === 'customer' + ? 'Cliente' + : role === 'vendor' + ? 'Proveedor' + : role === 'employee' + ? 'Empleado' + : 'Otro'} + + + )} + /> + ))} +
+ + )} + /> + +
+ ( + + RFC / NIT + + + + + + )} + /> + + ( + + Codigo Interno + + + + + + )} + /> +
+ +
+ ( + + Email + + + + + + )} + /> + + ( + + Telefono + + + + + + )} + /> +
+ + {contactType === ContactType.CONTACT && ( + ( + + Cargo / Puesto + + + + + + )} + /> + )} + + + + ( + + Calle + + + + + + )} + /> + + ( + + Linea 2 + + + + + + )} + /> + +
+ ( + + Ciudad + + + + + + )} + /> + + ( + + Codigo Postal + + + + + + )} + /> + + ( + + Pais + + + + + + )} + /> +
+ + {countryId && ( + ( + + Estado / Provincia + + + + + + )} + /> + )} + + + +
+ ( + + Moneda Preferida + + + + + + )} + /> + + ( + + Dias de Credito + + + field.onChange(parseInt(e.target.value) || 0) + } + /> + + + + )} + /> +
+ + ( + + Limite de Credito + + + field.onChange(parseFloat(e.target.value) || 0) + } + /> + + + + )} + /> + + ( + + Notas + +