- fix(seeder): add PASSWORD_PEPPER to all bcrypt hashes (admin + candidates/recruiters)
- fix(seeder): add created_by field to jobs INSERT (was causing NOT NULL violation)
- feat(backend): add custom job questions support in applications
- feat(backend): add payment handler and Stripe routes
- feat(frontend): add navbar and footer to /register and /register/user pages
- feat(frontend): add custom question answers to job apply page
- feat(frontend): update home page hero section and navbar buttons
- feat(frontend): update auth/api lib with new endpoints
- chore(db): add migration 045 for application answers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Antes: 010_seed_super_admin.sql tinha hash bcrypt fixo amarrado a um pepper
específico. Qualquer mudança no PASSWORD_PEPPER quebrava todos os logins
silenciosamente após reset do banco.
Agora:
- migration 010: insere superadmin com placeholder inválido + force_change_password.
ON CONFLICT DO NOTHING preserva o hash se o seeder já rodou.
- seeder users.js: faz upsert de 'lol' com bcrypt(senha + env.PASSWORD_PEPPER)
em runtime. Mudar o pepper e re-rodar o seeder é suficiente para atualizar
as credenciais sem tocar em nenhuma migration.
- docs/AGENTS.md: atualiza gotcha #1 explicando o novo fluxo migrate → seed
- docs/DEVOPS.md: fix opção 1 do troubleshooting inclui re-deploy do seeder
Fluxo correto após reset do banco (coberto pelo start.sh opções 2, 6, 8):
npm run migrate → superadmin criado, hash = placeholder
npm run seed → hash recalculado com PEPPER do ambiente, status = active
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Atualiza hash hardcoded em 010_seed_super_admin.sql para hash válido
gerado com pepper=gohorse-pepper (o antigo hash estava inválido e causava
AUTH_INVALID_CREDENTIALS em qualquer reset do banco)
- Corrige valor de PASSWORD_PEPPER e CORS_ORIGINS no DEVOPS.md para
refletir os valores reais do Coolify DEV
- Adiciona seção de troubleshooting no DEVOPS.md com diagnóstico e fix
passo-a-passo para mismatch de pepper
- Adiciona seção "Known Gotchas" no AGENTS.md documentando:
* Regra do PASSWORD_PEPPER (deve ser gohorse-pepper em todos ambientes)
* Campo de login é email no DTO, não identifier
* Hashes bcrypt em SQL devem usar arquivo -f, nunca -c ($ é expandido)
* Credenciais de teste do ambiente DEV
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Backend:
- Fix migrations 037-041 to use UUID v7 (uuid_generate_v7)
- Fix CORS defaults to include localhost:8963
- Fix FRONTEND_URL default to localhost:8963
- Update superadmin password hash with pepper
- Add PASSWORD_PEPPER environment variable
Frontend:
- Replace mockJobs with real API calls in home page
- Replace mockNotifications with notificationsApi in context
- Replace mockApplications with applicationsApi in dashboard
- Fix register/user page to call real registerCandidate API
- Fix hardcoded values in backoffice and messages pages
Auth:
- Support both HTTPOnly cookie and Bearer token authentication
- Login returns token + sets HTTPOnly cookie
- Logout clears HTTPOnly cookie
- Token valid for 24h
- Video Interview system (backend + frontend)
- Date Posted filter (24h, 7d, 30d)
- Company filter in jobs listing
- Recent searches persistence (LocalStorage)
- Job Alerts with email confirmation
- Favorite jobs with API
- Company followers system
- Careerjet URL compatibility (s/l aliases)
refatoração fluxo de vagas e correção login automático
- Frontend:
- Implementa componente JobFormBuilder para perguntas dinâmicas
- Atualiza página /post-job com fluxo de 3 etapas e integração do builder
- Corrige payload de registro (auth.ts) enviando campo password corretamente
- Implementa auto-login após cadastro da empresa (redirecionamento e token)
- Remove páginas obsoletas de registro de candidato
- Backend:
- Atualiza CreateCompanyUseCase para retornar token JWT
- Ajusta JobService para persistência correta de campos JSON (Questions, Benefits)
- Atualiza DTOs de Job e Company para refletir novas estruturas
- Adiciona migração (033) para novas colunas de refatoração
- Ajustes nos repositórios para suporte aos novos modelos
Ref: #refactor-jobs #fix-auth
1. Auth: Implemented forced password reset for SuperAdmin and updated login logic.
2. Infra: Switched backend to internal Postgres and updated .drone.yml.
3. Storage: Added Test Connection endpoint and UI in Backoffice.
4. CI/CD: Updated Forgejo deploy pipeline to include Seeder and use Internal Registry.
Backend:
- Created migration 031 for employee_count and founded_year
- Updated Company model with EmployeeCount and FoundedYear
- Updated core DTO with website, employeeCount, foundedYear, description
Frontend:
- Added website input field to company form
- Added employee count dropdown (1-10, 11-50, etc.)
- Added founded year input
- Added 'About Company' rich text editor
- Updated API payload to send new fields
Backend:
- Created LocationHandler, LocationService, LocationRepository
- Added endpoints: GET /api/v1/locations/countries, states, cities, search
- Added migration 029_expand_employment_types.sql with new contract types (permanent, training, temporary, voluntary)
- Fixed .gitignore to allow internal/api folder
Frontend:
- Created LocationPicker component with country dropdown and city/state autocomplete search
- Integrated LocationPicker into PostJobPage
- Updated contract type options in job form (Permanent, Contract, Training, Temporary, Voluntary)
- Added locationsApi with search functionality to api.ts
- Add migration 021_location_hierarchy.sql with new table structure
- Add location-loader.js seeder to import SQL dumps
- Update all seeder files to use country_id instead of region_id
- Rename companies.region_id to country_id
Migration 009:
- Simplified uuid_generate_v7() to avoid integer overflow on bit shifts
- Uses double precision for timestamp then converts to hex
Seeder:
- Changed roles from 'admin','company' to 'companyAdmin'
- Matches users table CHECK constraint: superadmin, companyAdmin, recruiter, jobSeeker
- Rename 021_create_uuid_v7_function.sql to 009_create_uuid_v7_function.sql
- Add CREATE EXTENSION IF NOT EXISTS pgcrypto for gen_random_bytes()
- Remove obsolete 022_migrate_to_uuid_v7.sql (already handled by table def)
This fixes the error where migration 017 tried to use uuid_generate_v7()
before it was created.
Migrations:
- 016, 017, 019: Replace gen_random_uuid() with uuid_generate_v7()
- All UUID tables now use custom uuid_generate_v7() function
Backend:
- Create internal/utils/uuid/uuid.go with V7() function (RFC 9562)
- Update storage_handler.go to use internal uuid.V7()
- Remove dependency on google/uuid for file naming
All new UUIDs in the system are now UUID v7 (time-ordered)
Migrations:
- Fix 010_seed_super_admin.sql: only use columns from migration 001
- Add 021_create_uuid_v7_function.sql: PostgreSQL uuid_generate_v7() function
- Add 022_migrate_to_uuid_v7.sql: update notifications, tickets, job_payments to use v7
Seeder:
- Create seeder-api/src/utils/uuid.js with uuidv7() function
- Update notifications.js to use uuidv7() instead of randomUUID()
Docs:
- Update DATABASE.md with UUID v7 section and benefits
UUID v7 benefits:
- Time-ordered (sortable by creation time)
- Better index performance than v4
- RFC 9562 compliant
BREAKING CHANGE: Removed core_companies, core_users, core_user_roles tables
Migrations:
- Create 020_unify_schema.sql: adds tenant_id, email, name to users table
- Create user_roles table (replaces core_user_roles)
- Disable 009_create_core_tables.sql (renamed to .disabled)
- Update 010_seed_super_admin.sql to use unified tables
Backend Repositories:
- company_repository.go: use companies table with INT id
- user_repository.go: use users/user_roles with INT id conversion
Seeders:
- All seeders now use companies/users/user_roles tables
- Removed all core_* table insertions
- Query companies by slug to get SERIAL id
This eliminates the redundancy between core_* and legacy tables.
- job_id changed from UUID to INT to match jobs.id SERIAL
- user_id changed from UUID to INT to match users.id SERIAL
- Added user_id FK to users table
- Add JWT auth guard with Bearer token and cookie support
- Update .env.example files with PASSWORD_PEPPER documentation
- Update seeder to use PASSWORD_PEPPER for password hashing
- Update seeder README with hash verification examples
- Fix frontend auth and page components
- Update backend JWT service and seed migration
