- Use scratch base image (< 20MB final vs ~50MB alpine)
- Add BuildKit cache for go modules and build cache
- Selective COPY (cmd, internal, migrations, docs) instead of COPY . .
- Remove HEALTHCHECK (not supported by Podman OCI)
- Update .gitignore with more binary patterns
- Optimize .dockerignore to exclude tests and binaries
- Add tests for SanitizeEmail, SanitizeDescription, DefaultSanitizer
- Add AuthMiddleware and RequireRole tests
- Add admin_handlers_test.go and location_handlers_test.go
- Expand application_service_test.go with more methods
Backend:
- Created migration 031 for employee_count and founded_year
- Updated Company model with EmployeeCount and FoundedYear
- Updated core DTO with website, employeeCount, foundedYear, description
Frontend:
- Added website input field to company form
- Added employee count dropdown (1-10, 11-50, etc.)
- Added founded year input
- Added 'About Company' rich text editor
- Updated API payload to send new fields
Backend:
- Updated DTOs to include SalaryNegotiable and WorkingHours
- Updated JobService to map and persist these fields (CREATE, GET, UPDATE)
- Ensure DB queries include new columns
Frontend:
- Added 'Working Hours' (Jornada de Trabalho) dropdown to PostJobPage
- Updated state and submit logic
- Improved salary display in confirmation step
Seeder:
- Updated jobs seeder to include salary_negotiable and valid working_hours
Backend:
- Created LocationHandler, LocationService, LocationRepository
- Added endpoints: GET /api/v1/locations/countries, states, cities, search
- Added migration 029_expand_employment_types.sql with new contract types (permanent, training, temporary, voluntary)
- Fixed .gitignore to allow internal/api folder
Frontend:
- Created LocationPicker component with country dropdown and city/state autocomplete search
- Integrated LocationPicker into PostJobPage
- Updated contract type options in job form (Permanent, Contract, Training, Temporary, Voluntary)
- Added locationsApi with search functionality to api.ts
Backend:
- Added GET /api/v1/system/credentials to list configured services
- Added DELETE /api/v1/system/credentials/{service}
- Updated CredentialsService to support listing without revealing secrets
Frontend:
- Updated Settings page with Tabs
- Added 'Integrations' tab to manage credentials
- Allows Configuring (Update) and Deleting credentials
- Lists status of Appwrite, Stripe, Firebase, etc.
Added route aliases:
- POST /api/v1/auth/register/candidate
- POST /api/v1/auth/register/company
These maintain consistency with the /post-job frontend page
- Modified ListUsers handler to check for admin/superadmin role
- Superadmins can now list all users across tenants
- Added ListUsers method to AdminService
- Added Status field to dto.User
Fixes 403 error when superadmin tries to access /api/v1/users
The superadmin role was stored in users.role column but getRoles()
only checked user_roles table. Updated to use UNION query that
combines both sources for backward compatibility.
Fixes 403 Forbidden on /api/v1/users for admin users.
- Fix CreateJob 500 error by extracting user ID correctly
- Secure Create/Update/Delete Job routes with AuthGuard
- Fix Notifications/Tickets/Profile 500 error (UUID vs Int mismatch)
- Add E2E test for CreateJob
- Add migration 021_location_hierarchy.sql with new table structure
- Add location-loader.js seeder to import SQL dumps
- Update all seeder files to use country_id instead of region_id
- Rename companies.region_id to country_id
Migration 009:
- Simplified uuid_generate_v7() to avoid integer overflow on bit shifts
- Uses double precision for timestamp then converts to hex
Seeder:
- Changed roles from 'admin','company' to 'companyAdmin'
- Matches users table CHECK constraint: superadmin, companyAdmin, recruiter, jobSeeker
- Rename 021_create_uuid_v7_function.sql to 009_create_uuid_v7_function.sql
- Add CREATE EXTENSION IF NOT EXISTS pgcrypto for gen_random_bytes()
- Remove obsolete 022_migrate_to_uuid_v7.sql (already handled by table def)
This fixes the error where migration 017 tried to use uuid_generate_v7()
before it was created.
- IDs are now auto-generated by DB SERIAL columns
- No need to generate UUID in application code
- Let repository handle ID assignment from DB response
- Removed unused import
Migrations:
- 016, 017, 019: Replace gen_random_uuid() with uuid_generate_v7()
- All UUID tables now use custom uuid_generate_v7() function
Backend:
- Create internal/utils/uuid/uuid.go with V7() function (RFC 9562)
- Update storage_handler.go to use internal uuid.V7()
- Remove dependency on google/uuid for file naming
All new UUIDs in the system are now UUID v7 (time-ordered)
Migrations:
- Fix 010_seed_super_admin.sql: only use columns from migration 001
- Add 021_create_uuid_v7_function.sql: PostgreSQL uuid_generate_v7() function
- Add 022_migrate_to_uuid_v7.sql: update notifications, tickets, job_payments to use v7
Seeder:
- Create seeder-api/src/utils/uuid.js with uuidv7() function
- Update notifications.js to use uuidv7() instead of randomUUID()
Docs:
- Update DATABASE.md with UUID v7 section and benefits
UUID v7 benefits:
- Time-ordered (sortable by creation time)
- Better index performance than v4
- RFC 9562 compliant
BREAKING CHANGE: Removed core_companies, core_users, core_user_roles tables
Migrations:
- Create 020_unify_schema.sql: adds tenant_id, email, name to users table
- Create user_roles table (replaces core_user_roles)
- Disable 009_create_core_tables.sql (renamed to .disabled)
- Update 010_seed_super_admin.sql to use unified tables
Backend Repositories:
- company_repository.go: use companies table with INT id
- user_repository.go: use users/user_roles with INT id conversion
Seeders:
- All seeders now use companies/users/user_roles tables
- Removed all core_* table insertions
- Query companies by slug to get SERIAL id
This eliminates the redundancy between core_* and legacy tables.
- job_id changed from UUID to INT to match jobs.id SERIAL
- user_id changed from UUID to INT to match users.id SERIAL
- Added user_id FK to users table
- Add JWT auth guard with Bearer token and cookie support
- Update .env.example files with PASSWORD_PEPPER documentation
- Update seeder to use PASSWORD_PEPPER for password hashing
- Update seeder README with hash verification examples
- Fix frontend auth and page components
- Update backend JWT service and seed migration
Backend fixes:
- Fix FK violation in candidate registration by creating company first
- Add CompanyRepository to RegisterCandidateUseCase
- Add handler integration tests for validation
Frontend improvements:
- Add registerCompany function in auth.ts
- Connect company registration form to backend API
- Replace mockJobs with API call in job detail page
- Add loading/error states to job detail page
- Add Jest tests for auth module
- impl(frontend): server-side pagination for jobs listing
- impl(frontend): standardized api error handling and sonner integration
- test(frontend): added unit tests for JobCard
- impl(backend): added SanitizeMiddleware for XSS protection
- test(backend): added table-driven tests for JobService
- docs: updated READMES, created ROADMAP.md and DATABASE.md
- fix(routing): redirected landing page buttons to /jobs
- Add is_featured column to jobs table (migration)
- Update Job model and Service to support featured jobs
- Update JobHandler to expose featured jobs API
- Support filtering by featured status in GET /jobs
- Frontend: Fetch and display featured jobs from API
- Frontend: Update Job type definition
- Update root handler to return server public IP via ipify
- Update root handler response JSON structure
- Update ingress host to api-dev.gohorsejobs.com
- Add unit tests for router
Cloudflare Cache Management:
- GET /api/v1/admin/cloudflare/zones
- POST /api/v1/admin/cloudflare/cache/purge-all
- POST /api/v1/admin/cloudflare/cache/purge-urls
- POST /api/v1/admin/cloudflare/cache/purge-tags
- POST /api/v1/admin/cloudflare/cache/purge-hosts
cPanel Email Management:
- GET /api/v1/admin/cpanel/emails
- POST /api/v1/admin/cpanel/emails
- DELETE /api/v1/admin/cpanel/emails/{email}
- PUT /api/v1/admin/cpanel/emails/{email}/password
- PUT /api/v1/admin/cpanel/emails/{email}/quota
All routes protected by JWT auth middleware.
Added CLOUDFLARE_* and CPANEL_* env vars to .env.example
- Add Jobs endpoints to swagger.json manually (/jobs GET, POST, /jobs/{id} GET, PUT, DELETE)
- Update README.md Swagger URL from /swagger/ to /docs/
- Add production URL: https://api-dev.gohorsejobs.com/docs/index.html
- Expand endpoints table with all available routes
- Fix port from 8080 to 8521
Backend:
- Add Swagger annotations to all job handlers (GET, POST, PUT, DELETE)
- Clean up job handler code
Frontend:
- Expand api.ts with ApiJob types, pagination, and transform function
- Update footer with 'Vagas por Tecnologia' SEO links
- Add robots.txt with crawler directives
- Add sitemap.xml with main pages and job URLs
- Change branding to GoHorse Jobs
- Allow 'unsafe-inline' and 'unsafe-eval' scripts on /docs routes
- Swagger UI requires inline scripts to function properly
- Keep strict CSP for all other API routes
- Add root route (/) returning JSON with client IP, API info and links
- Move Swagger docs from /swagger/ to /docs/
- Include X-Forwarded-For and X-Real-IP header support for proxy environments
- Updated EXPOSE from 8080 to 8521
- Updated HEALTHCHECK to check port 8521
- Updated default ENV PORT from 8080 to 8521
This fixes the deployment health check issue where the container
was expecting port 8080 but the app was configured to run on 8521.
- Update database.go to use DB_SSLMODE environment variable
- Default to sslmode=require for production security
- Update .env.example with SSL and S3 configuration examples
