rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

docs: Update all documentation files (API_SECURITY, ROADMAP, TASKS, DEVOPS, DATABASE, API)

Browse source 
- Updated dates to 2024-12-26
- Added new features: Email System, Avatar Upload, Public Job Posting
- Updated security routes and access levels
- Updated infrastructure and secrets documentation
- Marked completed tasks in ROADMAP and TASKS
This commit is contained in:
Tiago Yamamoto 2025-12-26 12:45:03 -03:00
parent b0378985a4
commit 32fc42a29c
6 changed files with 397 additions and 368 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/API.md
View file

@ -2,8 +2,8 @@
Complete API reference with routes, permissions, and modules. Complete API reference with routes, permissions, and modules.
> **Last Updated:** 2024-12-24 > **Last Updated:** 2024-12-26
> **Base URL:** `http://localhost:8521/api/v1` > **Base URL:** `https://api.gohorsejobs.com/api/v1`
> **Auth:** JWT Bearer Token or HttpOnly Cookie > **Auth:** JWT Bearer Token or HttpOnly Cookie
--- ---

188
docs/API_SECURITY.md
View file

@ -1,107 +1,151 @@
# 🔐 API Security & Access Levels # 🔐 API Security & Access Levels
This document details the security layers, authentication methods, and role-based access control (RBAC) for the GoHorse Jobs API. Use this guide to verify and test route protection. Security layers, authentication methods, and RBAC for GoHorse Jobs API.
> **Last Updated:** 2024-12-26
---
## 🛡️ Authentication Methods ## 🛡️ Authentication Methods
1. **Bearer Token (JWT)** | Method | Header/Cookie | Used By |
* Header: `Authorization: Bearer <token>` |--------|--------------|---------|
* Used by: Mobile apps, external integrations, simple API tests. | **Bearer Token** | `Authorization: Bearer <token>` | Mobile apps, external integrations |
| **HttpOnly Cookie** | `jwt=<token>` | Web Frontend (Next.js), Backoffice |
2. **HttpOnly Cookie** **Cookie Properties:** `HttpOnly`, `Secure` (prod), `SameSite=Lax`
* Cookie Name: `jwt`
* Used by: Web Frontend (Next.js), Backoffice. ---
* Properties: `HttpOnly`, `Secure` (in prod), `SameSite=Lax`.
## 🔒 Security Middlewares
| Middleware | File | Description |
|------------|------|-------------|
| **Auth** | `middleware/auth.go` | JWT validation + RBAC |
| **CORS** | `middleware/cors.go` | Whitelist via `CORS_ORIGINS` |
| **Rate Limiting** | `middleware/rate_limit.go` | 100 req/min per IP |
| **Security Headers** | `middleware/security_headers.go` | OWASP headers (XSS, CSP) |
| **Sanitize** | `middleware/sanitize.go` | XSS sanitization in JSON |
---
## 🚦 Access Levels ## 🚦 Access Levels
| Level | Description | Middleware | | Level | Description | Middleware |
| :--- | :--- | :--- | |-------|-------------|------------|
| **Public** | Open to everyone (Guests). No check performed. | None | | **Public** | Open to everyone | None |
| **Authenticated** | Requires a valid JWT (Header or Cookie). | `HeaderAuthGuard` | | **Authenticated** | Requires valid JWT | `HeaderAuthGuard` |
| **Role-Restricted** | Requires valid JWT + Specific Role claim. | `HeaderAuthGuard` + `RequireRoles(...)` | | **Role-Restricted** | JWT + Specific Role | `HeaderAuthGuard` + `adminOnly` |
---
## 🗺️ Route Permission Matrix ## 🗺️ Route Permission Matrix
### 🟢 Public Routes ### 🟢 Public Routes
| Method | Route | Description | Notes |
| :--- | :--- | :--- | :--- |
| `POST` | `/api/v1/auth/login` | User Login | Returns JWT + Cookie |
| `POST` | `/api/v1/auth/register` | Candidate Register | Creates `candidate` user |
| `POST` | `/api/v1/companies` | Company Register | Creates company + `admin` |
| `GET` | `/api/v1/jobs` | List Jobs | Public search/list |
| `GET` | `/api/v1/jobs/{id}` | Get Job | Public details |
| `GET` | `/docs/*` | Swagger UI | API Documentation |
### 🟡 Authenticated Routes (Any Logged User)
**Requirement**: Valid JWT.
| Method | Route | Description | | Method | Route | Description |
| :--- | :--- | :--- | |--------|-------|-------------|
| `GET` | `/api/v1/users/me` | Get Own Profile | | `GET` | `/` | Root check |
| `PATCH` | `/api/v1/users/{id}` | Update Own Profile (Self-check in handler) | | `GET` | `/health` | Health check |
| `GET` | `/api/v1/notifications` | Get Own Notifications | | `POST` | `/api/v1/auth/login` | Login |
| `POST` | `/api/v1/applications` | Apply for Job (Candidate) | | `POST` | `/api/v1/auth/register/candidate` | Candidate register |
| `POST` | `/api/v1/storage/upload-url` | Get S3 Upload URL | | `POST` | `/api/v1/auth/register/company` | Company register |
| `POST` | `/api/v1/storage/download-url` | Get S3 Download URL | | `GET` | `/api/v1/jobs` | List jobs |
| `DELETE` | `/api/v1/storage/files` | Delete S3 File | | `GET` | `/api/v1/jobs/{id}` | Job details |
| `GET` | `/api/v1/companies/{id}` | Company details |
| `GET` | `/docs/*` | Swagger UI |
### 🟠 Recruiter / CompanyAdmin Routes ### 🟡 Authenticated Routes
**Requirement**: Role `admin` OR `recruiter`.
| Method | Route | Description | | Method | Route | Description |
| :--- | :--- | :--- | |--------|-------|-------------|
| `POST` | `/api/v1/jobs` | Create Job | | `GET` | `/api/v1/users/me` | Get own profile |
| `PUT` | `/api/v1/jobs/{id}` | Update Job | | `PATCH` | `/api/v1/users/me/profile` | Update profile |
| `DELETE` | `/api/v1/jobs/{id}` | Delete Job | | `GET` | `/api/v1/notifications` | Get notifications |
| `GET` | `/api/v1/applications` | List Applications (for own jobs) | | `POST` | `/api/v1/tokens` | Save FCM token |
| `PUT` | `/api/v1/applications/{id}/status` | Update Application Status | | `GET` | `/api/v1/storage/upload-url` | Get pre-signed URL |
| `GET` | `/api/v1/conversations` | List conversations |
| `POST` | `/api/v1/applications` | Apply for job |
### 🔴 Admin / SuperAdmin Routes (Backoffice) ### 🟠 Recruiter / Company Admin
**Requirement**: Role `superadmin` OR `admin`.
| Method | Route | Description | Middleware Check | **Requires:** Role `admin` OR `recruiter`
| :--- | :--- | :--- | :--- |
| `GET` | `/api/v1/users` | List All Users | `adminOnly` | | Method | Route | Description |
| `POST` | `/api/v1/users` | Create User (Staff) | `adminOnly` | |--------|-------|-------------|
| `DELETE` | `/api/v1/users/{id}` | Delete User | `adminOnly` | | `POST` | `/api/v1/jobs` | Create job |
| `GET` | `/api/v1/users/roles` | List System Roles | `adminOnly` | | `PUT` | `/api/v1/jobs/{id}` | Update job |
| `GET` | `/api/v1/companies` | List Companies (Full) | `adminOnly` | | `DELETE` | `/api/v1/jobs/{id}` | Delete job |
| `PATCH` | `/api/v1/companies/{id}/status` | Activate/Ban Company | `adminOnly` | | `GET` | `/api/v1/applications` | List applications |
| `GET` | `/api/v1/jobs/moderation` | Moderate Jobs | `adminOnly` | | `PUT` | `/api/v1/applications/{id}/status` | Update status |
| `PATCH` | `/api/v1/jobs/{id}/status` | Approve/Reject Job | `adminOnly` |
| `POST` | `/api/v1/jobs/{id}/duplicate` | Admin Duplicate Job | `adminOnly` | ### 🔴 Admin / SuperAdmin
| `GET` | `/api/v1/tags` | List Tags | `adminOnly` |
| `POST` | `/api/v1/tags` | Create Tag | `adminOnly` | **Requires:** Role `superadmin` OR `admin`
| `PATCH` | `/api/v1/tags/{id}` | Update Tag | `adminOnly` |
| `GET` | `/api/v1/candidates` | List All Candidates | `adminOnly` | | Method | Route | Description |
| `GET` | `/api/v1/audit/logins` | View Audit Logs | `adminOnly` | |--------|-------|-------------|
| `GET` | `/api/v1/users` | List all users |
| `POST` | `/api/v1/users` | Create user |
| `DELETE` | `/api/v1/users/{id}` | Delete user |
| `GET` | `/api/v1/admin/companies` | List companies |
| `PATCH` | `/api/v1/admin/companies/{id}/status` | Update company status |
| `GET` | `/api/v1/jobs/moderation` | Moderate jobs |
| `PATCH` | `/api/v1/jobs/{id}/status` | Approve/reject job |
| `GET` | `/api/v1/admin/email-templates` | List email templates |
| `PUT` | `/api/v1/admin/email-templates/{slug}` | Update template |
| `PUT` | `/api/v1/admin/email-settings` | Update SMTP settings |
| `POST` | `/api/v1/system/credentials` | Save credentials |
| `POST` | `/api/v1/system/cloudflare/purge` | Purge cache |
---
## 🧪 Testing Security ## 🧪 Testing Security
**1. Test Public Access (Should Succeed)** **1. Public Access (200 OK)**
```bash ```bash
curl http://localhost:8521/api/v1/jobs curl https://api.gohorsejobs.com/api/v1/jobs
``` ```
**2. Test Protected Route without Token (Should Fail 401)** **2. Protected without Token (401)**
```bash ```bash
curl http://localhost:8521/api/v1/users/me curl https://api.gohorsejobs.com/api/v1/users/me
# Expected: 401 Unauthorized
``` ```
**3. Test Admin Route as Candidate (Should Fail 403)** **3. Admin Route as Candidate (403)**
1. Login as Candidate -> Get Token A
2. Call Admin Route:
```bash ```bash
curl -H "Authorization: Bearer <TOKEN_A>" http://localhost:8521/api/v1/audit/logins curl -H "Authorization: Bearer <candidate_token>" \
# Expected: 403 Forbidden https://api.gohorsejobs.com/api/v1/users
``` ```
**4. Test Admin Route as Admin (Should Succeed)** **4. Admin Route as Admin (200 OK)**
1. Login as SuperAdmin -> Get Token B
2. Call Admin Route:
```bash ```bash
curl -H "Authorization: Bearer <TOKEN_B>" http://localhost:8521/api/v1/audit/logins curl -H "Authorization: Bearer <admin_token>" \
# Expected: 200 OK https://api.gohorsejobs.com/api/v1/users
``` ```
---
## 🔑 JWT Claims
```json
{
"sub": "019438a1-2b3c-...",
"email": "user@example.com",
"role": "admin",
"tenant_id": "019438a2-3c4d-...",
"exp": 1735200000,
"iat": 1735113600
}
```
---
## 🛡️ Password Security
| Feature | Implementation |
|---------|---------------|
| **Hashing** | BCrypt (10 rounds) |
| **Pepper** | `PASSWORD_PEPPER` env var |
| **Min Length** | 8 characters |
| **JWT Secret** | Min 32 characters |

7
docs/DATABASE.md
View file

@ -2,9 +2,10 @@
Complete database documentation for the GoHorseJobs platform. Complete database documentation for the GoHorseJobs platform.
> **Last Updated:** 2024-12-24 > **Last Updated:** 2024-12-26
> **Database:** PostgreSQL 15+ > **Database:** PostgreSQL 16+
> **ID Strategy:** SERIAL (INT) for core tables, UUID v7 for newer tables > **ID Strategy:** UUID v7 for core tables, SERIAL for reference tables
> **Migrations:** 30 SQL files in `backend/migrations/`
--- ---

277
docs/DEVOPS.md
View file

@ -1,6 +1,8 @@
# DevOps - GoHorseJobs # DevOps - GoHorseJobs
Documentação de infraestrutura, CI/CD e deploy do projeto GoHorseJobs. Infraestrutura, CI/CD e deploy do projeto GoHorseJobs.
> **Last Updated:** 2024-12-26
--- ---
@ -10,108 +12,107 @@ Documentação de infraestrutura, CI/CD e deploy do projeto GoHorseJobs.
. .
├── .drone.yml # Pipeline CI/CD (Drone) ├── .drone.yml # Pipeline CI/CD (Drone)
├── k8s/ ├── k8s/
│ ├── dev/ # Manifests Kubernetes - Desenvolvimento │ ├── dev/ # Kubernetes - Desenvolvimento
│ │ ├── backend-deployment.yaml │ ├── hml/ # Kubernetes - Homologação
│ │ └── backend-service.yaml │ └── prd/ # Kubernetes - Produção
│ ├── hml/ # Manifests Kubernetes - Homologação
│ │ ├── backend-deployment.yaml
│ │ └── backend-service.yaml
│ └── prd/ # Manifests Kubernetes - Produção
│ ├── backend-deployment.yaml
│ └── backend-service.yaml
├── backend/ ├── backend/
│ ├── Dockerfile # Build da API Go │ ├── Dockerfile # Go API (multi-stage, ~73MB)
│ └── .env.example # Variáveis de ambiente │ └── .env.example
├── frontend/ # Next.js App
└── seeder-api/ # Seeder Node.js para popular DB ├── backoffice/
│ ├── Dockerfile # NestJS (Fastify)
│ └── .env.example
├── frontend/
│ ├── Dockerfile # Next.js
│ └── .env.example
├── seeder-api/ # Node.js seeder
└── docs/ # Documentation
``` ```
--- ---
## 🌍 Ambientes ## 🌍 Ambientes
| Ambiente | Branch | Namespace K8s | Registry Harbor | Réplicas | | Ambiente | Branch | Namespace | Réplicas | URL |
|----------|--------|---------------|-----------------|----------| |----------|--------|-----------|----------|-----|
| **DEV** | `dev` | `gohorsejobsdev` | `gohorsejobsdev/gohorsejobs-backend` | 1 | | **DEV** | `dev` | `gohorsejobsdev` | 1 | gohorsejobs-dev.appwrite.network |
| **HML** | `hml` | `gohorsejobshml` | `gohorsejobshml/gohorsejobs-backend` | 2 | | **HML** | `hml` | `gohorsejobshml` | 2 | - |
| **PRD** | `main` | `gohorsejobs` | `gohorsejobs/gohorsejobs-backend` | 3 | | **PRD** | `main` | `gohorsejobs` | 3 | gohorsejobs.com |
--- ---
## 🔄 Pipeline CI/CD (Drone) ## 🔄 Pipeline CI/CD (Drone)
### Fluxo de Deploy ### Fluxo
``` ```
dev branch → build → push (Harbor) → deploy (K8s gohorsejobsdev) dev branch → build → push (Harbor) → deploy (K8s dev)
hml branch → build → push (Harbor) → deploy (K8s gohorsejobshml) hml branch → build → push (Harbor) → deploy (K8s hml)
main branch → build → push (Harbor) → deploy (K8s gohorsejobs) main branch → build → push (Harbor) → deploy (K8s prd)
``` ```
### Triggers ### Stages
- Push na branch `dev` → executa pipeline `deploy-backend-dev` 1. **build-and-push** - Docker build + push to Harbor
- Push na branch `hml` → executa pipeline `deploy-backend-hml` 2. **export-envs-to-k8s** - Create/update secrets
- Push na branch `main` → executa pipeline `deploy-backend-prd` 3. **deploy** - Apply manifests + rollout restart
### Etapas do Pipeline
1. **build-and-push-backend** - Builda imagem Docker e envia para Harbor
2. **export-envs-to-k8s** - Cria secret `backend-secrets` no namespace
3. **deploy-backend** - Aplica manifests K8s e reinicia deployment
--- ---
## 🔐 Secrets (Drone CI) ## 🔐 Secrets (Drone CI)
Secrets que precisam estar configurados no Drone:
### Registry ### Registry
| Secret | Descrição | | Secret | Description |
|--------|-----------| |--------|-------------|
| `HARBOR_USERNAME` | Usuário do Harbor | | `HARBOR_USERNAME` | Harbor username |
| `HARBOR_PASSWORD` | Senha do Harbor | | `HARBOR_PASSWORD` | Harbor password |
### Database ### Database
| Secret | Ambiente | Descrição | | Secret | Description |
|--------|----------|-----------| |--------|-------------|
| `DB_HOST` | Todos | Host do PostgreSQL | | `DATABASE_URL` | PostgreSQL connection string |
| `DB_PORT` | Todos | Porta do PostgreSQL | | `DB_SSLMODE` | `require` or `disable` |
| `DB_USER` | Todos | Usuário do PostgreSQL |
| `DB_PASSWORD` | Todos | Senha do PostgreSQL |
| `DB_SSLMODE` | Todos | `require` ou `disable` |
| `DB_NAME_DEV` | DEV | Nome do banco dev |
| `DB_NAME_HML` | HML | Nome do banco hml |
| `DB_NAME` | PRD | Nome do banco produção |
### S3/Object Storage ### Application
| Secret | Descrição | | Secret | Description |
|--------|-----------| |--------|-------------|
| `JWT_SECRET` | JWT secret (min 32 chars) |
| `PASSWORD_PEPPER` | Password pepper |
| `CORS_ORIGINS` | Allowed origins |
### External Services
| Secret | Description |
|--------|-------------|
| `RSA_PRIVATE_KEY_BASE64` | RSA key for credentials |
| `STRIPE_SECRET_KEY` | Stripe API key |
| `STRIPE_WEBHOOK_SECRET` | Stripe webhook secret |
| `FIREBASE_SERVICE_ACCOUNT` | Firebase Admin SDK JSON |
### Storage (S3/R2)
| Secret | Description |
|--------|-------------|
| `AWS_ACCESS_KEY_ID` | Access Key | | `AWS_ACCESS_KEY_ID` | Access Key |
| `AWS_SECRET_ACCESS_KEY` | Secret Key | | `AWS_SECRET_ACCESS_KEY` | Secret Key |
| `AWS_ENDPOINT` | Endpoint S3-compatible | | `AWS_ENDPOINT` | S3-compatible endpoint |
| `AWS_REGION` | Região | | `S3_BUCKET` | Bucket name |
| `S3_BUCKET` | Nome do bucket |
### Aplicação ### LavinMQ
| Secret | Descrição | | Secret | Description |
|--------|-----------| |--------|-------------|
| `JWT_SECRET` | Secret para tokens JWT (min. 32 chars) | | `AMQP_URL` | LavinMQ connection URL |
| `PORT` | Porta da API (8521) |
| `CORS_ORIGINS_DEV` | URLs permitidas CORS (dev) |
| `CORS_ORIGINS_HML` | URLs permitidas CORS (hml) |
| `CORS_ORIGINS` | URLs permitidas CORS (prd) |
--- ---
## ☸️ Kubernetes ## ☸️ Kubernetes
### Namespaces ### Create Namespaces
```bash ```bash
# Criar namespaces
kubectl create namespace gohorsejobsdev kubectl create namespace gohorsejobsdev
kubectl create namespace gohorsejobshml kubectl create namespace gohorsejobshml
kubectl create namespace gohorsejobs kubectl create namespace gohorsejobs
@ -119,51 +120,28 @@ kubectl create namespace gohorsejobs
### Registry Secret ### Registry Secret
Criar secret para pull de imagens do Harbor em cada namespace:
```bash ```bash
kubectl create secret docker-registry harbor-registry \ kubectl create secret docker-registry harbor-registry \
--docker-server=in.gohorsejobs.com \ --docker-server=in.gohorsejobs.com \
--docker-username=<user> \ --docker-username=<user> \
--docker-password=<pass> \ --docker-password=<pass> \
-n gohorsejobsdev -n gohorsejobsdev
# Repetir para gohorsejobshml e gohorsejobs
``` ```
### Deploy Manual ### Deploy Manual
```bash ```bash
# DEV # DEV
kubectl apply -f k8s/dev/backend-deployment.yaml kubectl apply -f k8s/dev/ -n gohorsejobsdev
kubectl apply -f k8s/dev/backend-service.yaml
# HML # Check pods
kubectl apply -f k8s/hml/backend-deployment.yaml
kubectl apply -f k8s/hml/backend-service.yaml
# PRD
kubectl apply -f k8s/prd/backend-deployment.yaml
kubectl apply -f k8s/prd/backend-service.yaml
```
### Comandos Úteis
```bash
# Ver pods
kubectl get pods -n gohorsejobsdev kubectl get pods -n gohorsejobsdev
# Ver logs # Check logs
kubectl logs -f deployment/gohorse-backend -n gohorsejobsdev kubectl logs -f deployment/gohorse-backend -n gohorsejobsdev
# Restart deployment # Rollout restart
kubectl rollout restart deployment/gohorse-backend -n gohorsejobsdev kubectl rollout restart deployment/gohorse-backend -n gohorsejobsdev
# Ver secrets
kubectl get secrets -n gohorsejobsdev
# Descrever deployment
kubectl describe deployment gohorse-backend -n gohorsejobsdev
``` ```
--- ---
@ -173,85 +151,108 @@ kubectl describe deployment gohorse-backend -n gohorsejobsdev
### Build Local ### Build Local
```bash ```bash
cd backend # Backend
docker build -t gohorsejobs-backend:local . cd backend && docker build -t gohorse-backend .
# Backoffice
cd backoffice && docker build -t gohorse-backoffice .
# Frontend
cd frontend && docker build -t gohorse-frontend .
``` ```
### Variáveis de Ambiente ### Docker Compose (Dev)
Ver `.env.example` para lista completa. Principais: ```yaml
version: '3.8'
| Variável | Descrição | Exemplo | services:
|----------|-----------|---------| backend:
| `PORT` | Porta da API | `8521` | build: ./backend
| `DB_HOST` | Host PostgreSQL | `db.example.com` | ports:
| `DB_NAME` | Nome do banco | `gohorsejobs_dev` | - "8521:8521"
| `DB_SSLMODE` | Modo SSL | `require` | env_file:
| `JWT_SECRET` | Secret JWT | `sua-chave-secreta-32-chars` | - ./backend/.env
backoffice:
build: ./backoffice
ports:
- "3001:3001"
env_file:
- ./backoffice/.env
frontend:
build: ./frontend
ports:
- "3000:3000"
env_file:
- ./frontend/.env
```
--- ---
## 🗄️ Banco de Dados ## 🗄️ Database
### Conexão ### Connection
``` ```bash
# PostgreSQL hosted
Host: db-60059.dc-sp-1.absamcloud.com Host: db-60059.dc-sp-1.absamcloud.com
Port: 26868 Port: 26868
SSL: require SSL: require
``` ```
### Bancos por Ambiente ### Databases
| Ambiente | Database | | Environment | Database |
|----------|----------| |-------------|----------|
| DEV | `gohorsejobs_dev` | | DEV | `gohorsejobs_dev` |
| HML | `gohorsejobs_hml` | | HML | `gohorsejobs_hml` |
| PRD | `gohorsejobs` | | PRD | `gohorsejobs` |
### Migrations
```bash
cd backend
go run ./cmd/manual_migrate
```
### Seeder ### Seeder
```bash ```bash
cd seeder-api cd seeder-api
npm install npm install
npm run seed # Popular banco npm run seed
npm run seed:reset # Limpar banco
``` ```
--- ---
## 🧑‍💻 Usuários de Teste ## 👤 Test Users
### SuperAdmin ### SuperAdmin
- **Login:** `superadmin` - **Login:** `superadmin`
- **Senha:** `Admin@2025!` - **Password:** `Admin@2025!`
### Company Admins ### Company Admin
| Login | Senha | Empresa | | Login | Password |
|-------|-------|---------| |-------|----------|
| `takeshi_yamamoto` | `Takeshi@2025` | TechCorp | | `takeshi_yamamoto` | `Takeshi@2025` |
| `kenji@appmakers.mobile` | `Takeshi@2025` | AppMakers |
### Recrutadores ### Candidate
| Login | Senha | Empresa | | Login | Password |
|-------|-------|---------| |-------|----------|
| `maria_santos` | `User@2025` | DesignHub |
### Candidatos
| Login | Senha |
|-------|-------|
| `paulo_santos` | `User@2025` | | `paulo_santos` | `User@2025` |
| `maria@email.com` | `User@2025` |
--- ---
## 📋 Checklist Deploy Novo Ambiente ## 📋 Deploy Checklist
- [ ] Criar namespace no K8s - [ ] Create K8s namespace
- [ ] Criar secret `harbor-registry` no namespace - [ ] Create `harbor-registry` secret
- [ ] Adicionar secrets no Drone CI - [ ] Add Drone CI secrets
- [ ] Criar banco de dados - [ ] Create database
- [ ] Executar seeder (opcional) - [ ] Run migrations
- [ ] Fazer push na branch correspondente - [ ] Run seeder (optional)
- [ ] Verificar logs do pipeline - [ ] Push to branch
- [ ] Testar endpoint `/health` - [ ] Verify pipeline logs
- [ ] Test `/health` endpoint
- [ ] Test `/docs` endpoint

167
docs/ROADMAP.md
View file

@ -1,9 +1,9 @@
# 🗺️ GoHorse Jobs - Roadmap # 🗺️ GoHorse Jobs - Roadmap
Roadmap de desenvolvimento do projeto GoHorse Jobs. Development roadmap for GoHorse Jobs project.
> **Última Atualização:** 2024-12-24 > **Last Updated:** 2024-12-26
> **Branch Atual:** `dev` > **Current Branch:** `dev`
--- ---
@ -11,147 +11,110 @@ Roadmap de desenvolvimento do projeto GoHorse Jobs.
| Área | Progresso | Status | | Área | Progresso | Status |
|------|-----------|--------| |------|-----------|--------|
| **Backend API** | 85% | 🟢 Funcional | | **Backend API** | 95% | 🟢 Production Ready |
| **Frontend** | 75% | 🟡 Em desenvolvimento | | **Frontend** | 85% | 🟢 Funcional |
| **Backoffice** | 60% | 🟡 Em desenvolvimento | | **Backoffice** | 80% | 🟢 Funcional |
| **Seeder** | 95% | 🟢 Completo | | **Seeder** | 100% | 🟢 Completo |
| **Documentação** | 70% | 🟡 Em progresso | | **Documentação** | 90% | 🟢 Atualizada |
--- ---
## ✅ Concluído ## ✅ Concluído
### Backend ### Backend
- [x] Estrutura Clean Architecture - [x] Clean Architecture + DDD
- [x] Autenticação JWT com HttpOnly cookies - [x] JWT Auth (Bearer + HttpOnly Cookie)
- [x] CRUD de usuários, empresas, vagas
- [x] Sistema de candidaturas
- [x] Notificações
- [x] Password reset
- [x] XSS sanitization middleware
- [x] Swagger documentation
- [x] Multi-tenancy básico
- [x] PASSWORD_PEPPER para hash seguro - [x] PASSWORD_PEPPER para hash seguro
- [x] 🆕 Schema unificado (eliminado core_*) - [x] CRUD usuários, empresas, vagas, candidaturas
- [x] 🆕 Migração UUID v7 (Tabelas Core) - [x] Sistema de notificações
- [x] 🆕 Seeder atualizado (UUID compatible) - [x] Sistema de tickets de suporte
- [x] Chat real-time (Appwrite)
- [x] Email transacional (LavinMQ + Nodemailer)
- [x] Pre-signed URLs para uploads (S3/R2)
- [x] Avatar de usuário
- [x] Credenciais criptografadas (RSA)
- [x] Cache purge (Cloudflare)
- [x] XSS sanitization middleware
- [x] Rate limiting (100 req/min)
- [x] Swagger documentation
- [x] UUID v7 migrations
- [x] 30+ database migrations
### Frontend ### Frontend
- [x] Login/Logout com cookies - [x] Login/Logout com cookies
- [x] Dashboard candidato - [x] Dashboard candidato
- [x] Dashboard empresa - [x] Dashboard empresa
- [x] Listagem de vagas - [x] Dashboard admin
- [x] Detalhes da vaga - [x] Listagem/filtros de vagas
- [x] Candidatura a vaga - [x] Detalhes da vaga + Apply
- [x] Eye icon toggle de senha - [x] Página de suporte (tickets)
- [x] Responsividade básica - [x] Sistema de mensagens (chat)
- [x] Configurações (tema, logo)
- [x] **NEW:** Email Templates Admin UI
- [x] **NEW:** Página pública /post-job
- [x] Responsividade
- [x] Sonner para notificações - [x] Sonner para notificações
- [x] i18n (PT/EN)
### Seeder ### Backoffice (NestJS)
- [x] 31 empresas (30 tech + System) - [x] Stripe Integration (checkout, portal, webhooks)
- [x] 13 empresas fictícias (ACME, Stark, etc) - [x] Dashboard stats
- [x] 1129+ vagas - [x] Email Worker (LavinMQ consumer)
- [x] Users e candidatos - [x] FCM Tokens (push notifications)
- [x] Regiões (BR, US, JP) - [x] JWT Auth (Bearer + Cookie)
- [x] Cidades - [x] TypeORM entities
- [x] Notificações
- [x] 🆕 Schema unificado e UUID
### DevOps ### DevOps
- [x] Docker setup backend - [x] Docker setup (multi-stage, ~73MB)
- [x] Kubernetes manifests (dev/hml/prd)
- [x] Drone CI pipelines
- [x] Migrations automáticas - [x] Migrations automáticas
- [x] start.sh script unificado - [x] Appwrite hosting
- [x] Seed reset option
--- ---
## 🔄 Em Progresso ## 🔄 Em Progresso
### Backend ### Backend
- [ ] Rate limiting - [ ] Video interviews
- [ ] Upload de arquivos (currículos) - [ ] AI matching (job ↔ candidate)
- [ ] Busca full-text com pg_trgm
- [ ] Webhooks para integrações - [ ] Webhooks para integrações
- [ ] API de pagamentos (Stripe)
### Frontend ### Frontend
- [ ] Dashboard admin completo
- [ ] Gestão de candidaturas
- [ ] Filtros avançados de vagas
- [ ] Favoritos (bookmark jobs)
- [ ] Perfil do candidato editável
- [ ] Upload de currículo
- [ ] PWA / Offline support - [ ] PWA / Offline support
- [ ] App mobile (React Native)
### Backoffice ### Backoffice
- [ ] Gestão de tenants - [ ] Relatórios avançados
- [ ] Gestão de usuários - [ ] Export CSV/Excel
- [ ] Relatórios
- [ ] Auditoria
- [ ] Moderação de vagas
--- ---
## 📋 Backlog ## 📋 Backlog
### Alta Prioridade ### Alta Prioridade
- [ ] Email transacional (welcome, reset, application) - [ ] OAuth (Google, LinkedIn)
- [ ] Integração Stripe completa (Webhook handlers) - [ ] 2FA (Two-Factor Auth)
- [ ] Busca avançada com filtros (Backend pronto, Frontend pendente) - [ ] Testes E2E completos
- [ ] Internacionalização (i18n)
- [ ] Testes E2E frontend
### Média Prioridade ### Média Prioridade
- [ ] OAuth (Google, LinkedIn) - [ ] Analytics dashboard avançado
- [ ] Notificações push (web) - [ ] Recomendações de vagas
- [ ] Chat em tempo real - [ ] Notificações por email digest
- [ ] Analytics dashboard
- [ ] Export CSV/Excel
### Baixa Prioridade ### Baixa Prioridade
- [ ] App mobile (React Native)
- [ ] Integração ATS - [ ] Integração ATS
- [ ] AI matching (job ↔ candidate) - [ ] Gamification (badges)
- [ ] Video interviews - [ ] Referral system
---
## 🐛 Bugs Conhecidos
| ID | Descrição | Prioridade | Status |
|----|-----------|------------|--------|
| #001 | job_payments FK precisa de migration 019 atualizada | Média | 🟡 Pendente |
| #002 | Swagger docs desatualizado em alguns endpoints | Baixa | 🟡 Pendente |
---
## 📁 Estrutura de Documentação
```
docs/
├── DATABASE.md # Schema completo
├── ROADMAP.md # Este arquivo
├── TASKS.md # Tarefas pendentes detalhadas
└── ARCHITECTURE.md # (futuro) Arquitetura detalhada
backend/
└── README.md # Documentação da API
backoffice/
└── README.md # Documentação do backoffice
seeder-api/
└── README.md # Documentação do seeder
frontend/
└── README.md # Documentação do frontend
```
--- ---
## 🔗 Links Úteis ## 🔗 Links Úteis
- **API Docs:** http://localhost:8521/docs/index.html | Recurso | URL |
- **Frontend:** http://localhost:3000 |---------|-----|
- **Database Schema:** [docs/DATABASE.md](DATABASE.md) | **API Docs** | `/docs/` (Swagger) |
- **Seeder Info:** [seeder-api/README.md](../seeder-api/README.md) | **Frontend Dev** | https://gohorsejobs-dev.appwrite.network |
| **Database Schema** | [docs/DATABASE.md](DATABASE.md) |
| **API Reference** | [docs/API.md](API.md) |
| **Security** | [docs/API_SECURITY.md](API_SECURITY.md) |

122
docs/TASKS.md
View file

@ -2,81 +2,88 @@
Lista detalhada de tarefas para evitar retrabalho. Lista detalhada de tarefas para evitar retrabalho.
> **Última Atualização:** 2024-12-24 > **Last Updated:** 2024-12-26
---
## 🔥 Sprint Atual (Dezembro 2024)
### Backend
- [ ] Corrigir migration 019 (job_payments FK)
- [ ] Atualizar Swagger docs
- [ ] Adicionar testes para novos endpoints
- [ ] Implementar rate limiting
### Frontend
- [ ] Página de perfil editável
- [ ] Upload de currículo
- [ ] Filtros avançados na listagem de vagas
- [ ] Página de favoritos
### Documentação
- [x] DATABASE.md - Schema completo
- [x] ROADMAP.md - Este arquivo
- [x] TASKS.md - Tarefas
- [ ] ARCHITECTURE.md - Arquitetura detalhada
- [ ] API.md - Endpoints detalhados
--- ---
## ✅ Recentemente Concluído ## ✅ Recentemente Concluído
### 2024-12-24 ### 2024-12-26
- [x] **Schema Unification** - Eliminado tabelas core_* redundantes - [x] **Email System**
- Removido `core_companies`, `core_users`, `core_user_roles` - Backend: EmailService (LavinMQ producer)
- Unificado em `companies`, `users`, `user_roles` - NestJS: Email consumer + Nodemailer
- Atualizado 11 arquivos (migrations, repositories, seeders) - Migrations: email_settings, email_templates
- [x] **start.sh Updates** - [x] **Email Templates Admin UI**
- Opção 4: Run migrations (Node.js) - Frontend: `/dashboard/admin/email-templates`
- Opção 6: Reset + Migrate + Seed completo - CRUD: List, Create, Edit, Delete
- [x] **Migration Runner** - [x] **Avatar Upload**
- Criado `seeder-api/src/migrate.js` - Backend: StorageService (pre-signed URLs)
- Suporte a erros de tabelas existentes - Migration: avatar_url column
- Frontend: profileApi.uploadAvatar
- [x] **Documentação** - [x] **Public Job Posting**
- DATABASE.md reescrito completo - Frontend: `/post-job` page
- ROADMAP.md criado - 3-step wizard (Company + Job + Confirm)
- TASKS.md criado
### 2024-12-23 - [x] **Documentation**
- [x] JWT Auth Guard no backoffice (Bearer + Cookie) - BACKEND.md reescrito completo
- [x] PASSWORD_PEPPER integration - BACKOFFICE.md reescrito completo
- [x] Frontend auth improvements - API_SECURITY.md atualizado
- [x] seeder-api README atualizado - ROADMAP.md atualizado
### 2024-12-25
- [x] Profile page fixes (500 error)
- [x] Type mismatches resolved
- [x] Comprehensive logging added
### 2024-12-24
- [x] Ticket system integration
- [x] Settings page (Theme, Logo)
- [x] Chat tables (Appwrite)
- [x] System settings table
---
## 🔥 Sprint Atual
### Backend
- [ ] Video interviews endpoint
- [ ] AI matching algorithm
- [ ] Webhook sistema
### Frontend
- [ ] PWA manifest
- [ ] Service worker
- [ ] Offline support
### Backoffice
- [ ] Revenue reports
- [ ] User analytics
- [ ] Export features
--- ---
## 🚧 Não Fazer (Evitar Retrabalho) ## 🚧 Não Fazer (Evitar Retrabalho)
> ⚠️ **IMPORTANTE:** Estas tarefas NÃO devem ser feitas pois já foram resolvidas ou descartadas. > ⚠️ **IMPORTANTE:** Estas tarefas NÃO devem ser feitas pois já foram resolvidas.
| Tarefa | Motivo | | Tarefa | Motivo |
|--------|--------| |--------|--------|
| Criar core_companies | REMOVIDO - Usar `companies` | | Criar core_companies | REMOVIDO - Usar `companies` |
| Criar core_users | REMOVIDO - Usar `users` | | Criar core_users | REMOVIDO - Usar `users` |
| Usar UUID para users/jobs | MANTIDO SERIAL - Decisão arquitetural | | Email via API direta | REMOVIDO - Usar LavinMQ queue |
| psql para migrations | REMOVIDO - Usar `npm run migrate` | | Avatar upload direto | REMOVIDO - Usar pre-signed URLs |
| psql para migrations | REMOVIDO - Usar `go run ./cmd/manual_migrate` |
--- ---
## 📝 Notas de Implementação ## 📝 Notas de Implementação
### IDs do Banco ### IDs do Banco
- **SERIAL (INT):** users, companies, jobs, applications, regions, cities - **UUID v7:** users, companies, jobs, applications, notifications, tickets
- **UUID v4:** notifications, tickets, job_payments - **SERIAL:** regions, cities, job_posting_prices
- **NÃO usar UUID v7** - Não suportado pelo gen_random_uuid()
### Autenticação ### Autenticação
- Backend: JWT em HttpOnly cookie OU Authorization header - Backend: JWT em HttpOnly cookie OU Authorization header
@ -88,10 +95,23 @@ Lista detalhada de tarefas para evitar retrabalho.
- PASSWORD_PEPPER obrigatório em produção - PASSWORD_PEPPER obrigatório em produção
- Hash: `bcrypt.hash(password + PEPPER, 10)` - Hash: `bcrypt.hash(password + PEPPER, 10)`
### Uploads
- Pre-signed URLs via `/api/v1/storage/upload-url`
- Direct upload to S3/R2
- Update profile with key via PATCH
### Emails
```
Go Backend → Publish to LavinMQ (mail_queue)
NestJS → Consume → Fetch template → Render → Send
```
--- ---
## 🔗 Referências ## 🔗 Referências
- [DATABASE.md](DATABASE.md) - Schema do banco - [DATABASE.md](DATABASE.md) - Schema do banco
- [ROADMAP.md](ROADMAP.md) - Roadmap geral - [ROADMAP.md](ROADMAP.md) - Roadmap geral
- [seeder-api/README.md](../seeder-api/README.md) - Como popular dados - [API_SECURITY.md](API_SECURITY.md) - Segurança
- [DEVOPS.md](DEVOPS.md) - Infraestrutura