rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

docs: Update all documentation files (API_SECURITY, ROADMAP, TASKS, DEVOPS, DATABASE, API)

Browse source 
- Updated dates to 2024-12-26
- Added new features: Email System, Avatar Upload, Public Job Posting
- Updated security routes and access levels
- Updated infrastructure and secrets documentation
- Marked completed tasks in ROADMAP and TASKS
This commit is contained in:
Tiago Yamamoto 2025-12-26 12:45:03 -03:00
parent b0378985a4
commit 32fc42a29c
6 changed files with 397 additions and 368 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/API.md
View file

@ -2,8 +2,8 @@
Complete API reference with routes, permissions, and modules.
> **Last Updated:** 2024-12-24
> **Base URL:** `http://localhost:8521/api/v1`
> **Last Updated:** 2024-12-26
> **Base URL:** `https://api.gohorsejobs.com/api/v1`
> **Auth:** JWT Bearer Token or HttpOnly Cookie
---

188
docs/API_SECURITY.md
View file

@ -1,107 +1,151 @@
# 🔐 API Security & Access Levels
This document details the security layers, authentication methods, and role-based access control (RBAC) for the GoHorse Jobs API. Use this guide to verify and test route protection.
Security layers, authentication methods, and RBAC for GoHorse Jobs API.
> **Last Updated:** 2024-12-26
---
## 🛡️ Authentication Methods
1. **Bearer Token (JWT)**
* Header: `Authorization: Bearer <token>`
* Used by: Mobile apps, external integrations, simple API tests.
| Method | Header/Cookie | Used By |
|--------|--------------|---------|
| **Bearer Token** | `Authorization: Bearer <token>` | Mobile apps, external integrations |
| **HttpOnly Cookie** | `jwt=<token>` | Web Frontend (Next.js), Backoffice |
2. **HttpOnly Cookie**
* Cookie Name: `jwt`
* Used by: Web Frontend (Next.js), Backoffice.
* Properties: `HttpOnly`, `Secure` (in prod), `SameSite=Lax`.
**Cookie Properties:** `HttpOnly`, `Secure` (prod), `SameSite=Lax`
---
## 🔒 Security Middlewares
| Middleware | File | Description |
|------------|------|-------------|
| **Auth** | `middleware/auth.go` | JWT validation + RBAC |
| **CORS** | `middleware/cors.go` | Whitelist via `CORS_ORIGINS` |
| **Rate Limiting** | `middleware/rate_limit.go` | 100 req/min per IP |
| **Security Headers** | `middleware/security_headers.go` | OWASP headers (XSS, CSP) |
| **Sanitize** | `middleware/sanitize.go` | XSS sanitization in JSON |
---
## 🚦 Access Levels
| Level | Description | Middleware |
| :--- | :--- | :--- |
| **Public** | Open to everyone (Guests). No check performed. | None |
| **Authenticated** | Requires a valid JWT (Header or Cookie). | `HeaderAuthGuard` |
| **Role-Restricted** | Requires valid JWT + Specific Role claim. | `HeaderAuthGuard` + `RequireRoles(...)` |
|-------|-------------|------------|
| **Public** | Open to everyone | None |
| **Authenticated** | Requires valid JWT | `HeaderAuthGuard` |
| **Role-Restricted** | JWT + Specific Role | `HeaderAuthGuard` + `adminOnly` |
---
## 🗺️ Route Permission Matrix
### 🟢 Public Routes
| Method | Route | Description | Notes |
| :--- | :--- | :--- | :--- |
| `POST` | `/api/v1/auth/login` | User Login | Returns JWT + Cookie |
| `POST` | `/api/v1/auth/register` | Candidate Register | Creates `candidate` user |
| `POST` | `/api/v1/companies` | Company Register | Creates company + `admin` |
| `GET` | `/api/v1/jobs` | List Jobs | Public search/list |
| `GET` | `/api/v1/jobs/{id}` | Get Job | Public details |
| `GET` | `/docs/*` | Swagger UI | API Documentation |
### 🟡 Authenticated Routes (Any Logged User)
**Requirement**: Valid JWT.
| Method | Route | Description |
| :--- | :--- | :--- |
| `GET` | `/api/v1/users/me` | Get Own Profile |
| `PATCH` | `/api/v1/users/{id}` | Update Own Profile (Self-check in handler) |
| `GET` | `/api/v1/notifications` | Get Own Notifications |
| `POST` | `/api/v1/applications` | Apply for Job (Candidate) |
| `POST` | `/api/v1/storage/upload-url` | Get S3 Upload URL |
| `POST` | `/api/v1/storage/download-url` | Get S3 Download URL |
| `DELETE` | `/api/v1/storage/files` | Delete S3 File |
|--------|-------|-------------|
| `GET` | `/` | Root check |
| `GET` | `/health` | Health check |
| `POST` | `/api/v1/auth/login` | Login |
| `POST` | `/api/v1/auth/register/candidate` | Candidate register |
| `POST` | `/api/v1/auth/register/company` | Company register |
| `GET` | `/api/v1/jobs` | List jobs |
| `GET` | `/api/v1/jobs/{id}` | Job details |
| `GET` | `/api/v1/companies/{id}` | Company details |
| `GET` | `/docs/*` | Swagger UI |
### 🟠 Recruiter / CompanyAdmin Routes
**Requirement**: Role `admin` OR `recruiter`.
### 🟡 Authenticated Routes
| Method | Route | Description |
| :--- | :--- | :--- |
| `POST` | `/api/v1/jobs` | Create Job |
| `PUT` | `/api/v1/jobs/{id}` | Update Job |
| `DELETE` | `/api/v1/jobs/{id}` | Delete Job |
| `GET` | `/api/v1/applications` | List Applications (for own jobs) |
| `PUT` | `/api/v1/applications/{id}/status` | Update Application Status |
|--------|-------|-------------|
| `GET` | `/api/v1/users/me` | Get own profile |
| `PATCH` | `/api/v1/users/me/profile` | Update profile |
| `GET` | `/api/v1/notifications` | Get notifications |
| `POST` | `/api/v1/tokens` | Save FCM token |
| `GET` | `/api/v1/storage/upload-url` | Get pre-signed URL |
| `GET` | `/api/v1/conversations` | List conversations |
| `POST` | `/api/v1/applications` | Apply for job |
### 🔴 Admin / SuperAdmin Routes (Backoffice)
**Requirement**: Role `superadmin` OR `admin`.
### 🟠 Recruiter / Company Admin
| Method | Route | Description | Middleware Check |
| :--- | :--- | :--- | :--- |
| `GET` | `/api/v1/users` | List All Users | `adminOnly` |
| `POST` | `/api/v1/users` | Create User (Staff) | `adminOnly` |
| `DELETE` | `/api/v1/users/{id}` | Delete User | `adminOnly` |
| `GET` | `/api/v1/users/roles` | List System Roles | `adminOnly` |
| `GET` | `/api/v1/companies` | List Companies (Full) | `adminOnly` |
| `PATCH` | `/api/v1/companies/{id}/status` | Activate/Ban Company | `adminOnly` |
| `GET` | `/api/v1/jobs/moderation` | Moderate Jobs | `adminOnly` |
| `PATCH` | `/api/v1/jobs/{id}/status` | Approve/Reject Job | `adminOnly` |
| `POST` | `/api/v1/jobs/{id}/duplicate` | Admin Duplicate Job | `adminOnly` |
| `GET` | `/api/v1/tags` | List Tags | `adminOnly` |
| `POST` | `/api/v1/tags` | Create Tag | `adminOnly` |
| `PATCH` | `/api/v1/tags/{id}` | Update Tag | `adminOnly` |
| `GET` | `/api/v1/candidates` | List All Candidates | `adminOnly` |
| `GET` | `/api/v1/audit/logins` | View Audit Logs | `adminOnly` |
**Requires:** Role `admin` OR `recruiter`
| Method | Route | Description |
|--------|-------|-------------|
| `POST` | `/api/v1/jobs` | Create job |
| `PUT` | `/api/v1/jobs/{id}` | Update job |
| `DELETE` | `/api/v1/jobs/{id}` | Delete job |
| `GET` | `/api/v1/applications` | List applications |
| `PUT` | `/api/v1/applications/{id}/status` | Update status |
### 🔴 Admin / SuperAdmin
**Requires:** Role `superadmin` OR `admin`
| Method | Route | Description |
|--------|-------|-------------|
| `GET` | `/api/v1/users` | List all users |
| `POST` | `/api/v1/users` | Create user |
| `DELETE` | `/api/v1/users/{id}` | Delete user |
| `GET` | `/api/v1/admin/companies` | List companies |
| `PATCH` | `/api/v1/admin/companies/{id}/status` | Update company status |
| `GET` | `/api/v1/jobs/moderation` | Moderate jobs |
| `PATCH` | `/api/v1/jobs/{id}/status` | Approve/reject job |
| `GET` | `/api/v1/admin/email-templates` | List email templates |
| `PUT` | `/api/v1/admin/email-templates/{slug}` | Update template |
| `PUT` | `/api/v1/admin/email-settings` | Update SMTP settings |
| `POST` | `/api/v1/system/credentials` | Save credentials |
| `POST` | `/api/v1/system/cloudflare/purge` | Purge cache |
---
## 🧪 Testing Security
**1. Test Public Access (Should Succeed)**
**1. Public Access (200 OK)**
```bash
curl http://localhost:8521/api/v1/jobs
curl https://api.gohorsejobs.com/api/v1/jobs
```
**2. Test Protected Route without Token (Should Fail 401)**
**2. Protected without Token (401)**
```bash
curl http://localhost:8521/api/v1/users/me
# Expected: 401 Unauthorized
curl https://api.gohorsejobs.com/api/v1/users/me
```
**3. Test Admin Route as Candidate (Should Fail 403)**
1. Login as Candidate -> Get Token A
2. Call Admin Route:
**3. Admin Route as Candidate (403)**
```bash
curl -H "Authorization: Bearer <TOKEN_A>" http://localhost:8521/api/v1/audit/logins
# Expected: 403 Forbidden
curl -H "Authorization: Bearer <candidate_token>" \
https://api.gohorsejobs.com/api/v1/users
```
**4. Test Admin Route as Admin (Should Succeed)**
1. Login as SuperAdmin -> Get Token B
2. Call Admin Route:
**4. Admin Route as Admin (200 OK)**
```bash
curl -H "Authorization: Bearer <TOKEN_B>" http://localhost:8521/api/v1/audit/logins
# Expected: 200 OK
curl -H "Authorization: Bearer <admin_token>" \
https://api.gohorsejobs.com/api/v1/users
```
---
## 🔑 JWT Claims
```json
{
"sub": "019438a1-2b3c-...",
"email": "user@example.com",
"role": "admin",
"tenant_id": "019438a2-3c4d-...",
"exp": 1735200000,
"iat": 1735113600
}
```
---
## 🛡️ Password Security
| Feature | Implementation |
|---------|---------------|
| **Hashing** | BCrypt (10 rounds) |
| **Pepper** | `PASSWORD_PEPPER` env var |
| **Min Length** | 8 characters |
| **JWT Secret** | Min 32 characters |

7
docs/DATABASE.md
View file

@ -2,9 +2,10 @@
Complete database documentation for the GoHorseJobs platform.
> **Last Updated:** 2024-12-24
> **Database:** PostgreSQL 15+
> **ID Strategy:** SERIAL (INT) for core tables, UUID v7 for newer tables
> **Last Updated:** 2024-12-26
> **Database:** PostgreSQL 16+
> **ID Strategy:** UUID v7 for core tables, SERIAL for reference tables
> **Migrations:** 30 SQL files in `backend/migrations/`
---

277
docs/DEVOPS.md
View file

@ -1,6 +1,8 @@
# DevOps - GoHorseJobs
Documentação de infraestrutura, CI/CD e deploy do projeto GoHorseJobs.
Infraestrutura, CI/CD e deploy do projeto GoHorseJobs.
> **Last Updated:** 2024-12-26
---
@ -10,108 +12,107 @@ Documentação de infraestrutura, CI/CD e deploy do projeto GoHorseJobs.
.
├── .drone.yml # Pipeline CI/CD (Drone)
├── k8s/
│ ├── dev/ # Manifests Kubernetes - Desenvolvimento
│ │ ├── backend-deployment.yaml
│ │ └── backend-service.yaml
│ ├── hml/ # Manifests Kubernetes - Homologação
│ │ ├── backend-deployment.yaml
│ │ └── backend-service.yaml
│ └── prd/ # Manifests Kubernetes - Produção
│ ├── backend-deployment.yaml
│ └── backend-service.yaml
│ ├── dev/ # Kubernetes - Desenvolvimento
│ ├── hml/ # Kubernetes - Homologação
│ └── prd/ # Kubernetes - Produção
├── backend/
│ ├── Dockerfile # Build da API Go
│ └── .env.example # Variáveis de ambiente
├── frontend/ # Next.js App
└── seeder-api/ # Seeder Node.js para popular DB
│ ├── Dockerfile # Go API (multi-stage, ~73MB)
│ └── .env.example
├── backoffice/
│ ├── Dockerfile # NestJS (Fastify)
│ └── .env.example
├── frontend/
│ ├── Dockerfile # Next.js
│ └── .env.example
├── seeder-api/ # Node.js seeder
└── docs/ # Documentation
```
---
## 🌍 Ambientes
| Ambiente | Branch | Namespace K8s | Registry Harbor | Réplicas |
|----------|--------|---------------|-----------------|----------|
| **DEV** | `dev` | `gohorsejobsdev` | `gohorsejobsdev/gohorsejobs-backend` | 1 |
| **HML** | `hml` | `gohorsejobshml` | `gohorsejobshml/gohorsejobs-backend` | 2 |
| **PRD** | `main` | `gohorsejobs` | `gohorsejobs/gohorsejobs-backend` | 3 |
| Ambiente | Branch | Namespace | Réplicas | URL |
|----------|--------|-----------|----------|-----|
| **DEV** | `dev` | `gohorsejobsdev` | 1 | gohorsejobs-dev.appwrite.network |
| **HML** | `hml` | `gohorsejobshml` | 2 | - |
| **PRD** | `main` | `gohorsejobs` | 3 | gohorsejobs.com |
---
## 🔄 Pipeline CI/CD (Drone)
### Fluxo de Deploy
### Fluxo
```
dev branch → build → push (Harbor) → deploy (K8s gohorsejobsdev)
dev branch → build → push (Harbor) → deploy (K8s dev)
hml branch → build → push (Harbor) → deploy (K8s gohorsejobshml)
hml branch → build → push (Harbor) → deploy (K8s hml)
main branch → build → push (Harbor) → deploy (K8s gohorsejobs)
main branch → build → push (Harbor) → deploy (K8s prd)
```
### Triggers
### Stages
- Push na branch `dev` → executa pipeline `deploy-backend-dev`
- Push na branch `hml` → executa pipeline `deploy-backend-hml`
- Push na branch `main` → executa pipeline `deploy-backend-prd`
### Etapas do Pipeline
1. **build-and-push-backend** - Builda imagem Docker e envia para Harbor
2. **export-envs-to-k8s** - Cria secret `backend-secrets` no namespace
3. **deploy-backend** - Aplica manifests K8s e reinicia deployment
1. **build-and-push** - Docker build + push to Harbor
2. **export-envs-to-k8s** - Create/update secrets
3. **deploy** - Apply manifests + rollout restart
---
## 🔐 Secrets (Drone CI)
Secrets que precisam estar configurados no Drone:
### Registry
| Secret | Descrição |
|--------|-----------|
| `HARBOR_USERNAME` | Usuário do Harbor |
| `HARBOR_PASSWORD` | Senha do Harbor |
| Secret | Description |
|--------|-------------|
| `HARBOR_USERNAME` | Harbor username |
| `HARBOR_PASSWORD` | Harbor password |
### Database
| Secret | Ambiente | Descrição |
|--------|----------|-----------|
| `DB_HOST` | Todos | Host do PostgreSQL |
| `DB_PORT` | Todos | Porta do PostgreSQL |
| `DB_USER` | Todos | Usuário do PostgreSQL |
| `DB_PASSWORD` | Todos | Senha do PostgreSQL |
| `DB_SSLMODE` | Todos | `require` ou `disable` |
| `DB_NAME_DEV` | DEV | Nome do banco dev |
| `DB_NAME_HML` | HML | Nome do banco hml |
| `DB_NAME` | PRD | Nome do banco produção |
| Secret | Description |
|--------|-------------|
| `DATABASE_URL` | PostgreSQL connection string |
| `DB_SSLMODE` | `require` or `disable` |
### S3/Object Storage
| Secret | Descrição |
|--------|-----------|
### Application
| Secret | Description |
|--------|-------------|
| `JWT_SECRET` | JWT secret (min 32 chars) |
| `PASSWORD_PEPPER` | Password pepper |
| `CORS_ORIGINS` | Allowed origins |
### External Services
| Secret | Description |
|--------|-------------|
| `RSA_PRIVATE_KEY_BASE64` | RSA key for credentials |
| `STRIPE_SECRET_KEY` | Stripe API key |
| `STRIPE_WEBHOOK_SECRET` | Stripe webhook secret |
| `FIREBASE_SERVICE_ACCOUNT` | Firebase Admin SDK JSON |
### Storage (S3/R2)
| Secret | Description |
|--------|-------------|
| `AWS_ACCESS_KEY_ID` | Access Key |
| `AWS_SECRET_ACCESS_KEY` | Secret Key |
| `AWS_ENDPOINT` | Endpoint S3-compatible |
| `AWS_REGION` | Região |
| `S3_BUCKET` | Nome do bucket |
| `AWS_ENDPOINT` | S3-compatible endpoint |
| `S3_BUCKET` | Bucket name |
### Aplicação
| Secret | Descrição |
|--------|-----------|
| `JWT_SECRET` | Secret para tokens JWT (min. 32 chars) |
| `PORT` | Porta da API (8521) |
| `CORS_ORIGINS_DEV` | URLs permitidas CORS (dev) |
| `CORS_ORIGINS_HML` | URLs permitidas CORS (hml) |
| `CORS_ORIGINS` | URLs permitidas CORS (prd) |
### LavinMQ
| Secret | Description |
|--------|-------------|
| `AMQP_URL` | LavinMQ connection URL |
---
## ☸️ Kubernetes
### Namespaces
### Create Namespaces
```bash
# Criar namespaces
kubectl create namespace gohorsejobsdev
kubectl create namespace gohorsejobshml
kubectl create namespace gohorsejobs
@ -119,51 +120,28 @@ kubectl create namespace gohorsejobs
### Registry Secret
Criar secret para pull de imagens do Harbor em cada namespace:
```bash
kubectl create secret docker-registry harbor-registry \
--docker-server=in.gohorsejobs.com \
--docker-username=<user> \
--docker-password=<pass> \
-n gohorsejobsdev
# Repetir para gohorsejobshml e gohorsejobs
```
### Deploy Manual
```bash
# DEV
kubectl apply -f k8s/dev/backend-deployment.yaml
kubectl apply -f k8s/dev/backend-service.yaml
kubectl apply -f k8s/dev/ -n gohorsejobsdev
# HML
kubectl apply -f k8s/hml/backend-deployment.yaml
kubectl apply -f k8s/hml/backend-service.yaml
# PRD
kubectl apply -f k8s/prd/backend-deployment.yaml
kubectl apply -f k8s/prd/backend-service.yaml
```
### Comandos Úteis
```bash
# Ver pods
# Check pods
kubectl get pods -n gohorsejobsdev
# Ver logs
# Check logs
kubectl logs -f deployment/gohorse-backend -n gohorsejobsdev
# Restart deployment
# Rollout restart
kubectl rollout restart deployment/gohorse-backend -n gohorsejobsdev
# Ver secrets
kubectl get secrets -n gohorsejobsdev
# Descrever deployment
kubectl describe deployment gohorse-backend -n gohorsejobsdev
```
---
@ -173,85 +151,108 @@ kubectl describe deployment gohorse-backend -n gohorsejobsdev
### Build Local
```bash
cd backend
docker build -t gohorsejobs-backend:local .
# Backend
cd backend && docker build -t gohorse-backend .
# Backoffice
cd backoffice && docker build -t gohorse-backoffice .
# Frontend
cd frontend && docker build -t gohorse-frontend .
```
### Variáveis de Ambiente
### Docker Compose (Dev)
Ver `.env.example` para lista completa. Principais:
| Variável | Descrição | Exemplo |
|----------|-----------|---------|
| `PORT` | Porta da API | `8521` |
| `DB_HOST` | Host PostgreSQL | `db.example.com` |
| `DB_NAME` | Nome do banco | `gohorsejobs_dev` |
| `DB_SSLMODE` | Modo SSL | `require` |
| `JWT_SECRET` | Secret JWT | `sua-chave-secreta-32-chars` |
```yaml
version: '3.8'
services:
backend:
build: ./backend
ports:
- "8521:8521"
env_file:
- ./backend/.env
backoffice:
build: ./backoffice
ports:
- "3001:3001"
env_file:
- ./backoffice/.env
frontend:
build: ./frontend
ports:
- "3000:3000"
env_file:
- ./frontend/.env
```
---
## 🗄️ Banco de Dados
## 🗄️ Database
### Conexão
### Connection
```
```bash
# PostgreSQL hosted
Host: db-60059.dc-sp-1.absamcloud.com
Port: 26868
SSL: require
```
### Bancos por Ambiente
### Databases
| Ambiente | Database |
|----------|----------|
| Environment | Database |
|-------------|----------|
| DEV | `gohorsejobs_dev` |
| HML | `gohorsejobs_hml` |
| PRD | `gohorsejobs` |
### Migrations
```bash
cd backend
go run ./cmd/manual_migrate
```
### Seeder
```bash
cd seeder-api
npm install
npm run seed # Popular banco
npm run seed:reset # Limpar banco
npm run seed
```
---
## 🧑‍💻 Usuários de Teste
## 👤 Test Users
### SuperAdmin
- **Login:** `superadmin`
- **Senha:** `Admin@2025!`
- **Login:** `superadmin`
- **Password:** `Admin@2025!`
### Company Admins
| Login | Senha | Empresa |
|-------|-------|---------|
| `takeshi_yamamoto` | `Takeshi@2025` | TechCorp |
| `kenji@appmakers.mobile` | `Takeshi@2025` | AppMakers |
### Company Admin
| Login | Password |
|-------|----------|
| `takeshi_yamamoto` | `Takeshi@2025` |
### Recrutadores
| Login | Senha | Empresa |
|-------|-------|---------|
| `maria_santos` | `User@2025` | DesignHub |
### Candidatos
| Login | Senha |
|-------|-------|
### Candidate
| Login | Password |
|-------|----------|
| `paulo_santos` | `User@2025` |
| `maria@email.com` | `User@2025` |
---
## 📋 Checklist Deploy Novo Ambiente
## 📋 Deploy Checklist
- [ ] Criar namespace no K8s
- [ ] Criar secret `harbor-registry` no namespace
- [ ] Adicionar secrets no Drone CI
- [ ] Criar banco de dados
- [ ] Executar seeder (opcional)
- [ ] Fazer push na branch correspondente
- [ ] Verificar logs do pipeline
- [ ] Testar endpoint `/health`
- [ ] Create K8s namespace
- [ ] Create `harbor-registry` secret
- [ ] Add Drone CI secrets
- [ ] Create database
- [ ] Run migrations
- [ ] Run seeder (optional)
- [ ] Push to branch
- [ ] Verify pipeline logs
- [ ] Test `/health` endpoint
- [ ] Test `/docs` endpoint

167
docs/ROADMAP.md
View file

@ -1,9 +1,9 @@
# 🗺️ GoHorse Jobs - Roadmap
Roadmap de desenvolvimento do projeto GoHorse Jobs.
Development roadmap for GoHorse Jobs project.
> **Última Atualização:** 2024-12-24
> **Branch Atual:** `dev`
> **Last Updated:** 2024-12-26
> **Current Branch:** `dev`
---
@ -11,147 +11,110 @@ Roadmap de desenvolvimento do projeto GoHorse Jobs.
| Área | Progresso | Status |
|------|-----------|--------|
| **Backend API** | 85% | 🟢 Funcional |
| **Frontend** | 75% | 🟡 Em desenvolvimento |
| **Backoffice** | 60% | 🟡 Em desenvolvimento |
| **Seeder** | 95% | 🟢 Completo |
| **Documentação** | 70% | 🟡 Em progresso |
| **Backend API** | 95% | 🟢 Production Ready |
| **Frontend** | 85% | 🟢 Funcional |
| **Backoffice** | 80% | 🟢 Funcional |
| **Seeder** | 100% | 🟢 Completo |
| **Documentação** | 90% | 🟢 Atualizada |
---
## ✅ Concluído
### Backend
- [x] Estrutura Clean Architecture
- [x] Autenticação JWT com HttpOnly cookies
- [x] CRUD de usuários, empresas, vagas
- [x] Sistema de candidaturas
- [x] Notificações
- [x] Password reset
- [x] XSS sanitization middleware
- [x] Swagger documentation
- [x] Multi-tenancy básico
- [x] Clean Architecture + DDD
- [x] JWT Auth (Bearer + HttpOnly Cookie)
- [x] PASSWORD_PEPPER para hash seguro
- [x] 🆕 Schema unificado (eliminado core_*)
- [x] 🆕 Migração UUID v7 (Tabelas Core)
- [x] 🆕 Seeder atualizado (UUID compatible)
- [x] CRUD usuários, empresas, vagas, candidaturas
- [x] Sistema de notificações
- [x] Sistema de tickets de suporte
- [x] Chat real-time (Appwrite)
- [x] Email transacional (LavinMQ + Nodemailer)
- [x] Pre-signed URLs para uploads (S3/R2)
- [x] Avatar de usuário
- [x] Credenciais criptografadas (RSA)
- [x] Cache purge (Cloudflare)
- [x] XSS sanitization middleware
- [x] Rate limiting (100 req/min)
- [x] Swagger documentation
- [x] UUID v7 migrations
- [x] 30+ database migrations
### Frontend
- [x] Login/Logout com cookies
- [x] Dashboard candidato
- [x] Dashboard empresa
- [x] Listagem de vagas
- [x] Detalhes da vaga
- [x] Candidatura a vaga
- [x] Eye icon toggle de senha
- [x] Responsividade básica
- [x] Dashboard admin
- [x] Listagem/filtros de vagas
- [x] Detalhes da vaga + Apply
- [x] Página de suporte (tickets)
- [x] Sistema de mensagens (chat)
- [x] Configurações (tema, logo)
- [x] **NEW:** Email Templates Admin UI
- [x] **NEW:** Página pública /post-job
- [x] Responsividade
- [x] Sonner para notificações
- [x] i18n (PT/EN)
### Seeder
- [x] 31 empresas (30 tech + System)
- [x] 13 empresas fictícias (ACME, Stark, etc)
- [x] 1129+ vagas
- [x] Users e candidatos
- [x] Regiões (BR, US, JP)
- [x] Cidades
- [x] Notificações
- [x] 🆕 Schema unificado e UUID
### Backoffice (NestJS)
- [x] Stripe Integration (checkout, portal, webhooks)
- [x] Dashboard stats
- [x] Email Worker (LavinMQ consumer)
- [x] FCM Tokens (push notifications)
- [x] JWT Auth (Bearer + Cookie)
- [x] TypeORM entities
### DevOps
- [x] Docker setup backend
- [x] Docker setup (multi-stage, ~73MB)
- [x] Kubernetes manifests (dev/hml/prd)
- [x] Drone CI pipelines
- [x] Migrations automáticas
- [x] start.sh script unificado
- [x] Seed reset option
- [x] Appwrite hosting
---
## 🔄 Em Progresso
### Backend
- [ ] Rate limiting
- [ ] Upload de arquivos (currículos)
- [ ] Busca full-text com pg_trgm
- [ ] Video interviews
- [ ] AI matching (job ↔ candidate)
- [ ] Webhooks para integrações
- [ ] API de pagamentos (Stripe)
### Frontend
- [ ] Dashboard admin completo
- [ ] Gestão de candidaturas
- [ ] Filtros avançados de vagas
- [ ] Favoritos (bookmark jobs)
- [ ] Perfil do candidato editável
- [ ] Upload de currículo
- [ ] PWA / Offline support
- [ ] App mobile (React Native)
### Backoffice
- [ ] Gestão de tenants
- [ ] Gestão de usuários
- [ ] Relatórios
- [ ] Auditoria
- [ ] Moderação de vagas
- [ ] Relatórios avançados
- [ ] Export CSV/Excel
---
## 📋 Backlog
### Alta Prioridade
- [ ] Email transacional (welcome, reset, application)
- [ ] Integração Stripe completa (Webhook handlers)
- [ ] Busca avançada com filtros (Backend pronto, Frontend pendente)
- [ ] Internacionalização (i18n)
- [ ] Testes E2E frontend
- [ ] OAuth (Google, LinkedIn)
- [ ] 2FA (Two-Factor Auth)
- [ ] Testes E2E completos
### Média Prioridade
- [ ] OAuth (Google, LinkedIn)
- [ ] Notificações push (web)
- [ ] Chat em tempo real
- [ ] Analytics dashboard
- [ ] Export CSV/Excel
- [ ] Analytics dashboard avançado
- [ ] Recomendações de vagas
- [ ] Notificações por email digest
### Baixa Prioridade
- [ ] App mobile (React Native)
- [ ] Integração ATS
- [ ] AI matching (job ↔ candidate)
- [ ] Video interviews
---
## 🐛 Bugs Conhecidos
| ID | Descrição | Prioridade | Status |
|----|-----------|------------|--------|
| #001 | job_payments FK precisa de migration 019 atualizada | Média | 🟡 Pendente |
| #002 | Swagger docs desatualizado em alguns endpoints | Baixa | 🟡 Pendente |
---
## 📁 Estrutura de Documentação
```
docs/
├── DATABASE.md # Schema completo
├── ROADMAP.md # Este arquivo
├── TASKS.md # Tarefas pendentes detalhadas
└── ARCHITECTURE.md # (futuro) Arquitetura detalhada
backend/
└── README.md # Documentação da API
backoffice/
└── README.md # Documentação do backoffice
seeder-api/
└── README.md # Documentação do seeder
frontend/
└── README.md # Documentação do frontend
```
- [ ] Gamification (badges)
- [ ] Referral system
---
## 🔗 Links Úteis
- **API Docs:** http://localhost:8521/docs/index.html
- **Frontend:** http://localhost:3000
- **Database Schema:** [docs/DATABASE.md](DATABASE.md)
- **Seeder Info:** [seeder-api/README.md](../seeder-api/README.md)
| Recurso | URL |
|---------|-----|
| **API Docs** | `/docs/` (Swagger) |
| **Frontend Dev** | https://gohorsejobs-dev.appwrite.network |
| **Database Schema** | [docs/DATABASE.md](DATABASE.md) |
| **API Reference** | [docs/API.md](API.md) |
| **Security** | [docs/API_SECURITY.md](API_SECURITY.md) |

122
docs/TASKS.md
View file

@ -2,81 +2,88 @@
Lista detalhada de tarefas para evitar retrabalho.
> **Última Atualização:** 2024-12-24
---
## 🔥 Sprint Atual (Dezembro 2024)
### Backend
- [ ] Corrigir migration 019 (job_payments FK)
- [ ] Atualizar Swagger docs
- [ ] Adicionar testes para novos endpoints
- [ ] Implementar rate limiting
### Frontend
- [ ] Página de perfil editável
- [ ] Upload de currículo
- [ ] Filtros avançados na listagem de vagas
- [ ] Página de favoritos
### Documentação
- [x] DATABASE.md - Schema completo
- [x] ROADMAP.md - Este arquivo
- [x] TASKS.md - Tarefas
- [ ] ARCHITECTURE.md - Arquitetura detalhada
- [ ] API.md - Endpoints detalhados
> **Last Updated:** 2024-12-26
---
## ✅ Recentemente Concluído
### 2024-12-24
- [x] **Schema Unification** - Eliminado tabelas core_* redundantes
- Removido `core_companies`, `core_users`, `core_user_roles`
- Unificado em `companies`, `users`, `user_roles`
- Atualizado 11 arquivos (migrations, repositories, seeders)
### 2024-12-26
- [x] **Email System**
- Backend: EmailService (LavinMQ producer)
- NestJS: Email consumer + Nodemailer
- Migrations: email_settings, email_templates
- [x] **start.sh Updates**
- Opção 4: Run migrations (Node.js)
- Opção 6: Reset + Migrate + Seed completo
- [x] **Email Templates Admin UI**
- Frontend: `/dashboard/admin/email-templates`
- CRUD: List, Create, Edit, Delete
- [x] **Migration Runner**
- Criado `seeder-api/src/migrate.js`
- Suporte a erros de tabelas existentes
- [x] **Avatar Upload**
- Backend: StorageService (pre-signed URLs)
- Migration: avatar_url column
- Frontend: profileApi.uploadAvatar
- [x] **Documentação**
- DATABASE.md reescrito completo
- ROADMAP.md criado
- TASKS.md criado
- [x] **Public Job Posting**
- Frontend: `/post-job` page
- 3-step wizard (Company + Job + Confirm)
### 2024-12-23
- [x] JWT Auth Guard no backoffice (Bearer + Cookie)
- [x] PASSWORD_PEPPER integration
- [x] Frontend auth improvements
- [x] seeder-api README atualizado
- [x] **Documentation**
- BACKEND.md reescrito completo
- BACKOFFICE.md reescrito completo
- API_SECURITY.md atualizado
- ROADMAP.md atualizado
### 2024-12-25
- [x] Profile page fixes (500 error)
- [x] Type mismatches resolved
- [x] Comprehensive logging added
### 2024-12-24
- [x] Ticket system integration
- [x] Settings page (Theme, Logo)
- [x] Chat tables (Appwrite)
- [x] System settings table
---
## 🔥 Sprint Atual
### Backend
- [ ] Video interviews endpoint
- [ ] AI matching algorithm
- [ ] Webhook sistema
### Frontend
- [ ] PWA manifest
- [ ] Service worker
- [ ] Offline support
### Backoffice
- [ ] Revenue reports
- [ ] User analytics
- [ ] Export features
---
## 🚧 Não Fazer (Evitar Retrabalho)
> ⚠️ **IMPORTANTE:** Estas tarefas NÃO devem ser feitas pois já foram resolvidas ou descartadas.
> ⚠️ **IMPORTANTE:** Estas tarefas NÃO devem ser feitas pois já foram resolvidas.
| Tarefa | Motivo |
|--------|--------|
| Criar core_companies | REMOVIDO - Usar `companies` |
| Criar core_users | REMOVIDO - Usar `users` |
| Usar UUID para users/jobs | MANTIDO SERIAL - Decisão arquitetural |
| psql para migrations | REMOVIDO - Usar `npm run migrate` |
| Email via API direta | REMOVIDO - Usar LavinMQ queue |
| Avatar upload direto | REMOVIDO - Usar pre-signed URLs |
| psql para migrations | REMOVIDO - Usar `go run ./cmd/manual_migrate` |
---
## 📝 Notas de Implementação
### IDs do Banco
- **SERIAL (INT):** users, companies, jobs, applications, regions, cities
- **UUID v4:** notifications, tickets, job_payments
- **NÃO usar UUID v7** - Não suportado pelo gen_random_uuid()
- **UUID v7:** users, companies, jobs, applications, notifications, tickets
- **SERIAL:** regions, cities, job_posting_prices
### Autenticação
- Backend: JWT em HttpOnly cookie OU Authorization header
@ -88,10 +95,23 @@ Lista detalhada de tarefas para evitar retrabalho.
- PASSWORD_PEPPER obrigatório em produção
- Hash: `bcrypt.hash(password + PEPPER, 10)`
### Uploads
- Pre-signed URLs via `/api/v1/storage/upload-url`
- Direct upload to S3/R2
- Update profile with key via PATCH
### Emails
```
Go Backend → Publish to LavinMQ (mail_queue)
NestJS → Consume → Fetch template → Render → Send
```
---
## 🔗 Referências
- [DATABASE.md](DATABASE.md) - Schema do banco
- [ROADMAP.md](ROADMAP.md) - Roadmap geral
- [seeder-api/README.md](../seeder-api/README.md) - Como popular dados
- [API_SECURITY.md](API_SECURITY.md) - Segurança
- [DEVOPS.md](DEVOPS.md) - Infraestrutura