mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Goa GEL Blockchain e-Licensing Platform - Full Stack Implementation

Browse Source 
Complete implementation of the Goa Government e-Licensing platform with:

Backend:
- NestJS API with JWT authentication
- PostgreSQL database with Knex ORM
- Redis caching and session management
- MinIO document storage
- Hyperledger Besu blockchain integration
- Multi-department workflow system
- Comprehensive API tests (266/282 passing)

Frontend:
- Angular 21 with standalone components
- Angular Material + TailwindCSS UI
- Visual workflow builder
- Document upload with progress tracking
- Blockchain explorer integration
- Role-based dashboards (Admin, Department, Citizen)
- E2E tests with Playwright (37 tests)

Infrastructure:
- Docker Compose orchestration
- Blockscout blockchain explorer
- Development and production configurations
This commit is contained in:
Mahi
2026-02-07 10:23:29 -04:00
commit 80566bf0a2
441 changed files with 102418 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
backend/src/app.module.ts Normal file
View File

@@ -0,0 +1,103 @@
import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { ThrottlerModule, ThrottlerGuard } from '@nestjs/throttler';
import { BullModule } from '@nestjs/bull';
import { APP_GUARD } from '@nestjs/core';
// Configuration
import {
appConfig,
appConfigValidationSchema,
databaseConfig,
blockchainConfig,
storageConfig,
redisConfig,
jwtConfig,
minioConfig,
} from './config';
// Database
import { DatabaseModule } from './database/database.module';
// Modules
import { AuthModule } from './modules/auth/auth.module';
import { ApplicantsModule } from './modules/applicants/applicants.module';
import { DepartmentsModule } from './modules/departments/departments.module';
import { RequestsModule } from './modules/requests/requests.module';
import { DocumentsModule } from './modules/documents/documents.module';
import { ApprovalsModule } from './modules/approvals/approvals.module';
import { WorkflowsModule } from './modules/workflows/workflows.module';
import { WebhooksModule } from './modules/webhooks/webhooks.module';
import { BlockchainModule } from './modules/blockchain/blockchain.module';
import { AdminModule } from './modules/admin/admin.module';
import { AuditModule } from './modules/audit/audit.module';
import { HealthModule } from './modules/health/health.module';
import { UsersModule } from './modules/users/users.module';
@Module({
imports: [
// Configuration
ConfigModule.forRoot({
isGlobal: true,
load: [appConfig, databaseConfig, blockchainConfig, storageConfig, redisConfig, jwtConfig, minioConfig],
validationSchema: appConfigValidationSchema,
validationOptions: {
abortEarly: false,
},
}),
// Database (Knex + Objection.js)
DatabaseModule,
// Rate Limiting
ThrottlerModule.forRootAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: (configService: ConfigService) => {
const nodeEnv = configService.get<string>('NODE_ENV', 'development');
const isDevelopment = nodeEnv === 'development' || nodeEnv === 'test';
return [{
ttl: isDevelopment ? 1000 : configService.get<number>('RATE_LIMIT_TTL', 60) * 1000,
limit: isDevelopment ? 10000 : configService.get<number>('RATE_LIMIT_GLOBAL', 100),
}];
},
}),
// Bull Queue (Redis)
BullModule.forRootAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: (configService: ConfigService) => ({
redis: {
host: configService.get<string>('redis.host'),
port: configService.get<number>('redis.port'),
password: configService.get<string>('redis.password') || undefined,
db: configService.get<number>('redis.db'),
},
}),
}),
// Feature Modules
AuthModule,
ApplicantsModule,
DepartmentsModule,
RequestsModule,
DocumentsModule,
ApprovalsModule,
WorkflowsModule,
WebhooksModule,
BlockchainModule,
AdminModule,
AuditModule,
HealthModule,
UsersModule,
],
providers: [
{
provide: APP_GUARD,
useClass: ThrottlerGuard,
},
],
})
export class AppModule {}

8
backend/src/blockchain/blockchain.module.ts Normal file
View File

@@ -0,0 +1,8 @@
import { Module } from '@nestjs/common';
import { BlockchainService } from './blockchain.service';
@Module({
providers: [BlockchainService],
exports: [BlockchainService],
})
export class BlockchainModule {}

67
backend/src/blockchain/blockchain.service.ts Normal file
View File

@@ -0,0 +1,67 @@
import { Injectable, Logger, Inject } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { ethers } from 'ethers';
export interface BlockchainConfig {
rpcUrl: string;
chainId: number;
gasPrice: string;
gasLimit: string;
contractAddress: string;
privateKey: string;
networkName: string;
}
@Injectable()
export class BlockchainService {
private readonly logger = new Logger(BlockchainService.name);
private provider: ethers.JsonRpcProvider | null = null;
private signer: ethers.Wallet | null = null;
constructor(@Inject(ConfigService) private configService: ConfigService) {}
async initialize(): Promise<void> {
try {
const config = this.configService.get<BlockchainConfig>('blockchain');
if (!config) {
throw new Error('Blockchain configuration not found');
}
this.provider = new ethers.JsonRpcProvider(config.rpcUrl);
this.signer = new ethers.Wallet(config.privateKey, this.provider);
const network = await this.provider.getNetwork();
this.logger.log(
`Connected to blockchain network: ${network.name} (Chain ID: ${network.chainId})`,
);
} catch (error) {
this.logger.error('Failed to initialize blockchain service', error);
throw error;
}
}
getProvider(): ethers.JsonRpcProvider {
if (!this.provider) {
throw new Error('Blockchain provider not initialized');
}
return this.provider;
}
getSigner(): ethers.Wallet {
if (!this.signer) {
throw new Error('Blockchain signer not initialized');
}
return this.signer;
}
async getBalance(address: string): Promise<string> {
const balance = await this.provider!.getBalance(address);
return ethers.formatEther(balance);
}
async getTransactionStatus(transactionHash: string): Promise<string | null> {
const receipt = await this.provider!.getTransactionReceipt(transactionHash);
return receipt?.status === 1 ? 'success' : 'failed';
}
}

170
backend/src/common/constants/error-codes.ts Normal file
View File

@@ -0,0 +1,170 @@
export const ERROR_CODES = {
// Authentication & Authorization
INVALID_CREDENTIALS: 'AUTH_001',
TOKEN_EXPIRED: 'AUTH_002',
TOKEN_INVALID: 'AUTH_003',
INVALID_TOKEN: 'AUTH_003', // Alias
UNAUTHORIZED: 'AUTH_004',
FORBIDDEN: 'AUTH_005',
API_KEY_INVALID: 'AUTH_006',
INVALID_API_KEY: 'AUTH_006', // Alias
SESSION_EXPIRED: 'AUTH_007',
INSUFFICIENT_PERMISSIONS: 'AUTH_008',
// User Management
USER_NOT_FOUND: 'USER_001',
USER_ALREADY_EXISTS: 'USER_002',
USER_INACTIVE: 'USER_003',
USER_DELETED: 'USER_004',
INVALID_USER_DATA: 'USER_005',
// Applicant Management
APPLICANT_NOT_FOUND: 'APPL_001',
APPLICANT_ALREADY_EXISTS: 'APPL_002',
INVALID_APPLICANT_DATA: 'APPL_003',
// Document Management
DOCUMENT_NOT_FOUND: 'DOC_001',
DOCUMENT_ALREADY_VERIFIED: 'DOC_002',
DOCUMENT_EXPIRED: 'DOC_003',
INVALID_FILE_TYPE: 'DOC_004',
FILE_SIZE_EXCEEDED: 'DOC_005',
DOCUMENT_CORRUPTED: 'DOC_006',
DUPLICATE_DOCUMENT: 'DOC_007',
// Blockchain Operations
BLOCKCHAIN_CONNECTION_ERROR: 'CHAIN_001',
CONTRACT_CALL_ERROR: 'CHAIN_002',
TRANSACTION_FAILED: 'CHAIN_003',
INVALID_CONTRACT_ADDRESS: 'CHAIN_004',
INSUFFICIENT_GAS: 'CHAIN_005',
TRANSACTION_TIMEOUT: 'CHAIN_006',
BLOCKCHAIN_NOT_AVAILABLE: 'CHAIN_007',
// Storage Operations
STORAGE_ERROR: 'STOR_001',
STORAGE_NOT_FOUND: 'STOR_002',
STORAGE_QUOTA_EXCEEDED: 'STOR_003',
STORAGE_UPLOAD_FAILED: 'STOR_004',
STORAGE_ACCESS_DENIED: 'STOR_005',
// Database Operations
DATABASE_ERROR: 'DB_001',
DATABASE_CONNECTION_ERROR: 'DB_002',
TRANSACTION_ERROR: 'DB_003',
CONSTRAINT_VIOLATION: 'DB_004',
// Validation Errors
VALIDATION_ERROR: 'VAL_001',
INVALID_INPUT: 'VAL_002',
MISSING_REQUIRED_FIELD: 'VAL_003',
INVALID_EMAIL: 'VAL_004',
INVALID_DATE: 'VAL_005',
// Rate Limiting
RATE_LIMIT_EXCEEDED: 'RATE_001',
TOO_MANY_REQUESTS: 'RATE_002',
// Server Errors
INTERNAL_SERVER_ERROR: 'SERVER_001',
INTERNAL_ERROR: 'SERVER_001', // Alias
SERVICE_UNAVAILABLE: 'SERVER_002',
TIMEOUT: 'SERVER_003',
NOT_IMPLEMENTED: 'SERVER_004',
NOT_FOUND: 'SERVER_005',
// Queue Operations
QUEUE_ERROR: 'QUEUE_001',
JOB_FAILED: 'QUEUE_002',
JOB_NOT_FOUND: 'QUEUE_003',
// Email Operations
EMAIL_SEND_ERROR: 'EMAIL_001',
INVALID_EMAIL_ADDRESS: 'EMAIL_002',
// Department Management
DEPARTMENT_NOT_FOUND: 'DEPT_001',
DEPARTMENT_ALREADY_EXISTS: 'DEPT_002',
INVALID_DEPARTMENT_DATA: 'DEPT_003',
// Audit & Logging
AUDIT_RECORD_ERROR: 'AUDIT_001',
LOG_ERROR: 'LOG_001',
};
export const ERROR_MESSAGES: Record<string, string> = {
[ERROR_CODES.INVALID_CREDENTIALS]: 'Invalid email or password',
[ERROR_CODES.TOKEN_EXPIRED]: 'Token has expired',
[ERROR_CODES.TOKEN_INVALID]: 'Invalid or malformed token',
[ERROR_CODES.UNAUTHORIZED]: 'Unauthorized access',
[ERROR_CODES.FORBIDDEN]: 'Forbidden resource',
[ERROR_CODES.API_KEY_INVALID]: 'Invalid API key',
[ERROR_CODES.SESSION_EXPIRED]: 'Session has expired',
[ERROR_CODES.INSUFFICIENT_PERMISSIONS]: 'Insufficient permissions',
[ERROR_CODES.USER_NOT_FOUND]: 'User not found',
[ERROR_CODES.USER_ALREADY_EXISTS]: 'User already exists',
[ERROR_CODES.USER_INACTIVE]: 'User account is inactive',
[ERROR_CODES.USER_DELETED]: 'User account has been deleted',
[ERROR_CODES.INVALID_USER_DATA]: 'Invalid user data provided',
[ERROR_CODES.APPLICANT_NOT_FOUND]: 'Applicant not found',
[ERROR_CODES.APPLICANT_ALREADY_EXISTS]: 'Applicant already exists',
[ERROR_CODES.INVALID_APPLICANT_DATA]: 'Invalid applicant data provided',
[ERROR_CODES.DOCUMENT_NOT_FOUND]: 'Document not found',
[ERROR_CODES.DOCUMENT_ALREADY_VERIFIED]: 'Document is already verified',
[ERROR_CODES.DOCUMENT_EXPIRED]: 'Document has expired',
[ERROR_CODES.INVALID_FILE_TYPE]: 'Invalid file type',
[ERROR_CODES.FILE_SIZE_EXCEEDED]: 'File size exceeds maximum limit',
[ERROR_CODES.DOCUMENT_CORRUPTED]: 'Document appears to be corrupted',
[ERROR_CODES.DUPLICATE_DOCUMENT]: 'Document already exists',
[ERROR_CODES.BLOCKCHAIN_CONNECTION_ERROR]: 'Failed to connect to blockchain network',
[ERROR_CODES.CONTRACT_CALL_ERROR]: 'Smart contract call failed',
[ERROR_CODES.TRANSACTION_FAILED]: 'Blockchain transaction failed',
[ERROR_CODES.INVALID_CONTRACT_ADDRESS]: 'Invalid smart contract address',
[ERROR_CODES.INSUFFICIENT_GAS]: 'Insufficient gas for transaction',
[ERROR_CODES.TRANSACTION_TIMEOUT]: 'Blockchain transaction timeout',
[ERROR_CODES.BLOCKCHAIN_NOT_AVAILABLE]: 'Blockchain network is not available',
[ERROR_CODES.STORAGE_ERROR]: 'Storage operation failed',
[ERROR_CODES.STORAGE_NOT_FOUND]: 'File not found in storage',
[ERROR_CODES.STORAGE_QUOTA_EXCEEDED]: 'Storage quota exceeded',
[ERROR_CODES.STORAGE_UPLOAD_FAILED]: 'File upload failed',
[ERROR_CODES.STORAGE_ACCESS_DENIED]: 'Access to storage denied',
[ERROR_CODES.DATABASE_ERROR]: 'Database operation failed',
[ERROR_CODES.DATABASE_CONNECTION_ERROR]: 'Failed to connect to database',
[ERROR_CODES.TRANSACTION_ERROR]: 'Database transaction error',
[ERROR_CODES.CONSTRAINT_VIOLATION]: 'Database constraint violation',
[ERROR_CODES.VALIDATION_ERROR]: 'Validation error',
[ERROR_CODES.INVALID_INPUT]: 'Invalid input provided',
[ERROR_CODES.MISSING_REQUIRED_FIELD]: 'Missing required field',
[ERROR_CODES.INVALID_EMAIL]: 'Invalid email format',
[ERROR_CODES.INVALID_DATE]: 'Invalid date format',
[ERROR_CODES.RATE_LIMIT_EXCEEDED]: 'Rate limit exceeded',
[ERROR_CODES.TOO_MANY_REQUESTS]: 'Too many requests',
[ERROR_CODES.INTERNAL_SERVER_ERROR]: 'Internal server error',
[ERROR_CODES.SERVICE_UNAVAILABLE]: 'Service unavailable',
[ERROR_CODES.TIMEOUT]: 'Operation timeout',
[ERROR_CODES.NOT_IMPLEMENTED]: 'Feature not implemented',
[ERROR_CODES.NOT_FOUND]: 'Resource not found',
[ERROR_CODES.QUEUE_ERROR]: 'Queue operation failed',
[ERROR_CODES.JOB_FAILED]: 'Job execution failed',
[ERROR_CODES.JOB_NOT_FOUND]: 'Job not found',
[ERROR_CODES.EMAIL_SEND_ERROR]: 'Failed to send email',
[ERROR_CODES.INVALID_EMAIL_ADDRESS]: 'Invalid email address',
[ERROR_CODES.DEPARTMENT_NOT_FOUND]: 'Department not found',
[ERROR_CODES.DEPARTMENT_ALREADY_EXISTS]: 'Department already exists',
[ERROR_CODES.INVALID_DEPARTMENT_DATA]: 'Invalid department data',
[ERROR_CODES.AUDIT_RECORD_ERROR]: 'Failed to record audit log',
[ERROR_CODES.LOG_ERROR]: 'Logging error',
};

49
backend/src/common/constants/events.ts Normal file
View File

@@ -0,0 +1,49 @@
export const APP_EVENTS = {
// User Events
USER_CREATED: 'user.created',
USER_UPDATED: 'user.updated',
USER_DELETED: 'user.deleted',
USER_LOGIN: 'user.login',
USER_LOGOUT: 'user.logout',
USER_PASSWORD_CHANGED: 'user.password_changed',
// Document Events
DOCUMENT_UPLOADED: 'document.uploaded',
DOCUMENT_VERIFIED: 'document.verified',
DOCUMENT_REJECTED: 'document.rejected',
DOCUMENT_REVOKED: 'document.revoked',
DOCUMENT_ARCHIVED: 'document.archived',
DOCUMENT_RESTORED: 'document.restored',
DOCUMENT_DOWNLOADED: 'document.downloaded',
// Blockchain Events
BLOCKCHAIN_VERIFICATION_STARTED: 'blockchain.verification_started',
BLOCKCHAIN_VERIFICATION_COMPLETED: 'blockchain.verification_completed',
BLOCKCHAIN_VERIFICATION_FAILED: 'blockchain.verification_failed',
TRANSACTION_CREATED: 'blockchain.transaction_created',
TRANSACTION_CONFIRMED: 'blockchain.transaction_confirmed',
TRANSACTION_FAILED: 'blockchain.transaction_failed',
// Department Events
DEPARTMENT_CREATED: 'department.created',
DEPARTMENT_UPDATED: 'department.updated',
DEPARTMENT_DELETED: 'department.deleted',
// Audit Events
AUDIT_LOG_CREATED: 'audit.log_created',
AUDIT_LOG_ACCESSED: 'audit.log_accessed',
// System Events
SYSTEM_HEALTH_CHECK: 'system.health_check',
SYSTEM_ALERT: 'system.alert',
SYSTEM_ERROR: 'system.error',
DATABASE_BACKUP: 'database.backup',
STORAGE_BACKUP: 'storage.backup',
// Queue Events
JOB_QUEUED: 'queue.job_queued',
JOB_PROCESSING: 'queue.job_processing',
JOB_COMPLETED: 'queue.job_completed',
JOB_FAILED: 'queue.job_failed',
JOB_RETRY: 'queue.job_retry',
};

49
backend/src/common/constants/index.ts Normal file
View File

@@ -0,0 +1,49 @@
export * from './events';
export * from './error-codes';
export const API_PREFIX = 'api';
export const API_VERSION = 'v1';
export const DEFAULT_PAGE_SIZE = 20;
export const MAX_PAGE_SIZE = 100;
export const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB
export const ALLOWED_MIME_TYPES = [
'application/pdf',
'image/jpeg',
'image/png',
'image/jpg',
];
export const REQUEST_NUMBER_PREFIX = {
RESORT_LICENSE: 'RL',
TRADE_LICENSE: 'TL',
BUILDING_PERMIT: 'BP',
};
export const WEBHOOK_RETRY_ATTEMPTS = 3;
export const WEBHOOK_RETRY_DELAY = 5000; // 5 seconds
export const BLOCKCHAIN_CONFIRMATION_BLOCKS = 1;
export const BLOCKCHAIN_GAS_LIMIT = 8000000;
export const CACHE_TTL = {
WORKFLOW: 600, // 10 minutes
DEPARTMENT: 3600, // 1 hour
REQUEST_STATUS: 300, // 5 minutes
};
export const RATE_LIMIT = {
GLOBAL: { ttl: 60, limit: 100 },
API_KEY: { ttl: 60, limit: 1000 },
UPLOAD: { ttl: 60, limit: 10 },
};
export const JWT_CONSTANTS = {
ACCESS_TOKEN_EXPIRY: '1d',
REFRESH_TOKEN_EXPIRY: '7d',
};
export const CORRELATION_ID_HEADER = 'x-correlation-id';
export const API_KEY_HEADER = 'x-api-key';
export const DEPARTMENT_CODE_HEADER = 'x-department-code';

21
backend/src/common/decorators/api-key-auth.decorator.ts Normal file
View File

@@ -0,0 +1,21 @@
import { applyDecorators, UseGuards } from '@nestjs/common';
import { ApiHeader, ApiUnauthorizedResponse } from '@nestjs/swagger';
import { ApiKeyGuard } from '../guards/api-key.guard';
import { API_KEY_HEADER, DEPARTMENT_CODE_HEADER } from '../constants';
export function ApiKeyAuth(): ReturnType<typeof applyDecorators> {
return applyDecorators(
UseGuards(ApiKeyGuard),
ApiHeader({
name: API_KEY_HEADER,
description: 'Department API Key',
required: true,
}),
ApiHeader({
name: DEPARTMENT_CODE_HEADER,
description: 'Department Code (e.g., FIRE_DEPT)',
required: true,
}),
ApiUnauthorizedResponse({ description: 'Invalid or missing API key' }),
);
}

7
backend/src/common/decorators/api-key.decorator.ts Normal file
View File

@@ -0,0 +1,7 @@
import { SetMetadata } from '@nestjs/common';
export const API_KEY_METADATA = 'api-key';
export const ApiKeyAuth = (): MethodDecorator & ClassDecorator => {
return SetMetadata(API_KEY_METADATA, true);
};

9
backend/src/common/decorators/correlation-id.decorator.ts Normal file
View File

@@ -0,0 +1,9 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { v4 as uuidv4 } from 'uuid';
export const CorrelationId = createParamDecorator(
(data: unknown, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest();
return request.headers['x-correlation-id'] || uuidv4();
},
);

15
backend/src/common/decorators/current-user.decorator.ts Normal file
View File

@@ -0,0 +1,15 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
import { RequestContext } from '../interfaces/request-context.interface';
export const CurrentUser = createParamDecorator(
(data: keyof RequestContext | undefined, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest();
const user = request.user as RequestContext;
if (data) {
return user?.[data];
}
return user;
},
);

7
backend/src/common/decorators/department.decorator.ts Normal file
View File

@@ -0,0 +1,7 @@
import { SetMetadata } from '@nestjs/common';
export const DEPARTMENT_METADATA = 'department';
export const RequireDepartment = (departmentId: string): MethodDecorator & ClassDecorator => {
return SetMetadata(DEPARTMENT_METADATA, departmentId);
};

6
backend/src/common/decorators/index.ts Normal file
View File

@@ -0,0 +1,6 @@
export * from './roles.decorator';
export * from './current-user.decorator';
export * from './api-key-auth.decorator';
export { API_KEY_METADATA } from './api-key.decorator';
export * from './correlation-id.decorator';
export * from './department.decorator';

6
backend/src/common/decorators/roles.decorator.ts Normal file
View File

@@ -0,0 +1,6 @@
import { SetMetadata } from '@nestjs/common';
import { UserRole } from '../enums';
import { ROLES_KEY } from '../guards/roles.guard';
export const Roles = (...roles: (UserRole | string)[]): ReturnType<typeof SetMetadata> =>
SetMetadata(ROLES_KEY, roles);

33
backend/src/common/dto/paginated-response.dto.ts Normal file
View File

@@ -0,0 +1,33 @@
import { ApiProperty } from '@nestjs/swagger';
export class PaginatedResponse<T> {
@ApiProperty({
description: 'Array of items',
isArray: true,
})
data: T[];
@ApiProperty({
description: 'Total number of items',
example: 100,
})
total: number;
@ApiProperty({
description: 'Current page number',
example: 1,
})
page: number;
@ApiProperty({
description: 'Number of items per page',
example: 10,
})
limit: number;
@ApiProperty({
description: 'Total number of pages',
example: 10,
})
totalPages: number;
}

31
backend/src/common/dto/pagination.dto.ts Normal file
View File

@@ -0,0 +1,31 @@
import { IsOptional, IsNumber, Min, Max } from 'class-validator';
import { Type } from 'class-transformer';
import { ApiProperty } from '@nestjs/swagger';
export class PaginationDto {
@ApiProperty({
description: 'Page number',
example: 1,
required: false,
minimum: 1,
})
@Type(() => Number)
@IsOptional()
@IsNumber()
@Min(1)
page: number = 1;
@ApiProperty({
description: 'Number of items per page',
example: 10,
required: false,
minimum: 1,
maximum: 100,
})
@Type(() => Number)
@IsOptional()
@IsNumber()
@Min(1)
@Max(100)
limit: number = 10;
}

128
backend/src/common/enums/index.ts Normal file
View File

@@ -0,0 +1,128 @@
export enum RequestStatus {
DRAFT = 'DRAFT',
SUBMITTED = 'SUBMITTED',
IN_REVIEW = 'IN_REVIEW',
PENDING_RESUBMISSION = 'PENDING_RESUBMISSION',
APPROVED = 'APPROVED',
REJECTED = 'REJECTED',
REVOKED = 'REVOKED',
CANCELLED = 'CANCELLED',
}
// Alias for backward compatibility
export const LicenseRequestStatus = RequestStatus;
export type LicenseRequestStatus = RequestStatus;
export enum ApprovalStatus {
PENDING = 'PENDING',
APPROVED = 'APPROVED',
REJECTED = 'REJECTED',
CHANGES_REQUESTED = 'CHANGES_REQUESTED',
REVIEW_REQUIRED = 'REVIEW_REQUIRED',
}
export enum TransactionType {
MINT_NFT = 'MINT_NFT',
APPROVAL = 'APPROVAL',
DOC_UPDATE = 'DOC_UPDATE',
REJECT = 'REJECT',
REVOKE = 'REVOKE',
}
export enum TransactionStatus {
PENDING = 'PENDING',
CONFIRMED = 'CONFIRMED',
FAILED = 'FAILED',
}
export enum WebhookEventType {
APPROVAL_REQUIRED = 'APPROVAL_REQUIRED',
DOCUMENT_UPDATED = 'DOCUMENT_UPDATED',
REQUEST_APPROVED = 'REQUEST_APPROVED',
REQUEST_REJECTED = 'REQUEST_REJECTED',
CHANGES_REQUESTED = 'CHANGES_REQUESTED',
}
export enum WebhookDeliveryStatus {
PENDING = 'PENDING',
SUCCESS = 'SUCCESS',
FAILED = 'FAILED',
}
// Alias for backward compatibility
export const WebhookLogStatus = WebhookDeliveryStatus;
export type WebhookLogStatus = WebhookDeliveryStatus;
export enum ActorType {
APPLICANT = 'APPLICANT',
DEPARTMENT = 'DEPARTMENT',
SYSTEM = 'SYSTEM',
ADMIN = 'ADMIN',
}
export enum EntityType {
REQUEST = 'REQUEST',
APPROVAL = 'APPROVAL',
DOCUMENT = 'DOCUMENT',
DEPARTMENT = 'DEPARTMENT',
WORKFLOW = 'WORKFLOW',
APPLICANT = 'APPLICANT',
}
export enum AuditAction {
CREATE = 'CREATE',
UPDATE = 'UPDATE',
DELETE = 'DELETE',
SUBMIT = 'SUBMIT',
APPROVE = 'APPROVE',
REJECT = 'REJECT',
CANCEL = 'CANCEL',
UPLOAD = 'UPLOAD',
DOWNLOAD = 'DOWNLOAD',
}
export enum RequestType {
RESORT_LICENSE = 'RESORT_LICENSE',
TRADE_LICENSE = 'TRADE_LICENSE',
BUILDING_PERMIT = 'BUILDING_PERMIT',
}
export enum DocumentType {
PROPERTY_OWNERSHIP = 'PROPERTY_OWNERSHIP',
FIRE_SAFETY_CERTIFICATE = 'FIRE_SAFETY_CERTIFICATE',
BUILDING_PLAN = 'BUILDING_PLAN',
ENVIRONMENTAL_CLEARANCE = 'ENVIRONMENTAL_CLEARANCE',
HEALTH_CERTIFICATE = 'HEALTH_CERTIFICATE',
TAX_CLEARANCE = 'TAX_CLEARANCE',
IDENTITY_PROOF = 'IDENTITY_PROOF',
OTHER = 'OTHER',
}
export enum WorkflowExecutionType {
SEQUENTIAL = 'SEQUENTIAL',
PARALLEL = 'PARALLEL',
}
export enum CompletionCriteria {
ALL = 'ALL',
ANY = 'ANY',
THRESHOLD = 'THRESHOLD',
}
export enum TimeoutAction {
NOTIFY = 'NOTIFY',
ESCALATE = 'ESCALATE',
AUTO_REJECT = 'AUTO_REJECT',
}
export enum RejectionAction {
FAIL_REQUEST = 'FAIL_REQUEST',
RETRY_STAGE = 'RETRY_STAGE',
ESCALATE = 'ESCALATE',
}
export enum UserRole {
ADMIN = 'ADMIN',
DEPARTMENT = 'DEPARTMENT',
APPLICANT = 'APPLICANT',
}

69
backend/src/common/filters/all-exceptions.filter.ts Normal file
View File

@@ -0,0 +1,69 @@
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpStatus,
Logger,
} from '@nestjs/common';
import { Response } from 'express';
import { ERROR_CODES } from '@common/constants/error-codes';
interface ErrorResponse {
success: boolean;
statusCode: number;
message: string;
error: {
code: string;
message: string;
};
timestamp: string;
path: string;
}
@Catch()
export class AllExceptionsFilter implements ExceptionFilter {
private readonly logger = new Logger(AllExceptionsFilter.name);
catch(exception: unknown, host: ArgumentsHost): void {
const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>();
const request = ctx.getRequest();
let status = HttpStatus.INTERNAL_SERVER_ERROR;
let errorCode = ERROR_CODES.INTERNAL_SERVER_ERROR;
let message = 'An unexpected error occurred';
if (exception instanceof Error) {
this.logger.error(
`Unhandled Exception: ${exception.message}`,
exception.stack,
);
if (exception.message.includes('ECONNREFUSED')) {
status = HttpStatus.SERVICE_UNAVAILABLE;
errorCode = ERROR_CODES.SERVICE_UNAVAILABLE;
message = 'Database connection failed';
} else if (exception.message.includes('timeout')) {
status = HttpStatus.REQUEST_TIMEOUT;
errorCode = ERROR_CODES.TIMEOUT;
message = 'Operation timeout';
}
} else {
this.logger.error('Unhandled Exception:', exception);
}
const errorResponse: ErrorResponse = {
success: false,
statusCode: status,
message,
error: {
code: errorCode,
message,
},
timestamp: new Date().toISOString(),
path: request.url,
};
response.status(status).json(errorResponse);
}
}

97
backend/src/common/filters/http-exception.filter.ts Normal file
View File

@@ -0,0 +1,97 @@
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpException,
HttpStatus,
Logger,
} from '@nestjs/common';
import { Request, Response } from 'express';
import { ERROR_CODES } from '../constants';
interface ErrorResponse {
statusCode: number;
code: string;
message: string;
details?: Record<string, unknown>;
timestamp: string;
path: string;
correlationId?: string;
}
@Catch()
export class HttpExceptionFilter implements ExceptionFilter {
private readonly logger = new Logger(HttpExceptionFilter.name);
catch(exception: unknown, host: ArgumentsHost): void {
const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>();
const request = ctx.getRequest<Request>();
const correlationId = request.headers['x-correlation-id'] as string;
let status = HttpStatus.INTERNAL_SERVER_ERROR;
let code = ERROR_CODES.INTERNAL_ERROR;
let message = 'Internal server error';
let details: Record<string, unknown> | undefined;
if (exception instanceof HttpException) {
status = exception.getStatus();
const exceptionResponse = exception.getResponse();
if (typeof exceptionResponse === 'object') {
const resp = exceptionResponse as Record<string, unknown>;
message = (resp.message as string) || exception.message;
code = (resp.code as string) || this.getErrorCode(status);
details = resp.details as Record<string, unknown>;
} else {
message = exceptionResponse as string;
code = this.getErrorCode(status);
}
} else if (exception instanceof Error) {
message = exception.message;
this.logger.error(
`Unhandled exception: ${message}`,
exception.stack,
correlationId,
);
}
const errorResponse: ErrorResponse = {
statusCode: status,
code,
message,
timestamp: new Date().toISOString(),
path: request.url,
};
if (details) {
errorResponse.details = details;
}
if (correlationId) {
errorResponse.correlationId = correlationId;
}
// Don't expose stack traces in production
if (process.env.NODE_ENV === 'development' && exception instanceof Error) {
errorResponse.details = { ...errorResponse.details, stack: exception.stack };
}
response.status(status).json(errorResponse);
}
private getErrorCode(status: number): string {
switch (status) {
case HttpStatus.BAD_REQUEST:
return ERROR_CODES.VALIDATION_ERROR;
case HttpStatus.UNAUTHORIZED:
return ERROR_CODES.UNAUTHORIZED;
case HttpStatus.FORBIDDEN:
return ERROR_CODES.INSUFFICIENT_PERMISSIONS;
case HttpStatus.NOT_FOUND:
return ERROR_CODES.NOT_FOUND;
default:
return ERROR_CODES.INTERNAL_ERROR;
}
}
}

2
backend/src/common/filters/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from './all-exceptions.filter';
export * from './http-exception.filter';

37
backend/src/common/guards/api-key.guard.ts Normal file
View File

@@ -0,0 +1,37 @@
import {
Injectable,
CanActivate,
ExecutionContext,
UnauthorizedException,
} from '@nestjs/common';
import { Request } from 'express';
import { API_KEY_HEADER, DEPARTMENT_CODE_HEADER, ERROR_CODES } from '../constants';
@Injectable()
export class ApiKeyGuard implements CanActivate {
async canActivate(context: ExecutionContext): Promise<boolean> {
const request = context.switchToHttp().getRequest<Request>();
const apiKey = request.headers[API_KEY_HEADER] as string;
const departmentCode = request.headers[DEPARTMENT_CODE_HEADER] as string;
if (!apiKey) {
throw new UnauthorizedException({
code: ERROR_CODES.INVALID_API_KEY,
message: 'API key is required',
});
}
if (!departmentCode) {
throw new UnauthorizedException({
code: ERROR_CODES.INVALID_API_KEY,
message: 'Department code is required',
});
}
// Note: Actual validation is done in AuthService
// This guard just ensures the headers are present
// The AuthModule middleware validates the API key
return true;
}
}

3
backend/src/common/guards/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './api-key.guard';
export * from './jwt-auth.guard';
export * from './roles.guard';

18
backend/src/common/guards/jwt-auth.guard.ts Normal file
View File

@@ -0,0 +1,18 @@
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {
handleRequest<User = unknown>(err: unknown, user: User, info: unknown): User {
if (err) {
throw err;
}
if (!user) {
const errorMessage = info instanceof Error ? info.message : 'Unauthorized';
throw new UnauthorizedException(errorMessage);
}
return user;
}
}

48
backend/src/common/guards/roles.guard.ts Normal file
View File

@@ -0,0 +1,48 @@
import {
Injectable,
CanActivate,
ExecutionContext,
ForbiddenException,
} from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { UserRole } from '../enums';
import { ERROR_CODES } from '../constants';
export const ROLES_KEY = 'roles';
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(ROLES_KEY, [
context.getHandler(),
context.getClass(),
]);
if (!requiredRoles) {
return true;
}
const request = context.switchToHttp().getRequest();
const user = request.user;
if (!user || !user.role) {
throw new ForbiddenException({
code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
message: 'Access denied',
});
}
const hasRole = requiredRoles.some((role) => user.role === role);
if (!hasRole) {
throw new ForbiddenException({
code: ERROR_CODES.INSUFFICIENT_PERMISSIONS,
message: 'You do not have permission to perform this action',
});
}
return true;
}
}

25
backend/src/common/interceptors/correlation-id.interceptor.ts Normal file
View File

@@ -0,0 +1,25 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { Request, Response } from 'express';
import { v4 as uuidv4 } from 'uuid';
import { CORRELATION_ID_HEADER } from '../constants';
@Injectable()
export class CorrelationIdInterceptor implements NestInterceptor {
intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
const request = context.switchToHttp().getRequest<Request>();
const response = context.switchToHttp().getResponse<Response>();
const correlationId = (request.headers[CORRELATION_ID_HEADER] as string) || uuidv4();
request.headers[CORRELATION_ID_HEADER] = correlationId;
response.setHeader(CORRELATION_ID_HEADER, correlationId);
return next.handle();
}
}

4
backend/src/common/interceptors/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export * from './logging.interceptor';
export * from './correlation-id.interceptor';
export * from './timeout.interceptor';
export * from './transform.interceptor';

58
backend/src/common/interceptors/logging.interceptor.ts Normal file
View File

@@ -0,0 +1,58 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
Logger,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { tap } from 'rxjs/operators';
import { Request, Response } from 'express';
@Injectable()
export class LoggingInterceptor implements NestInterceptor {
private readonly logger = new Logger('HTTP');
intercept(context: ExecutionContext, next: CallHandler): Observable<unknown> {
const request = context.switchToHttp().getRequest<Request>();
const response = context.switchToHttp().getResponse<Response>();
const { method, url, ip } = request;
const correlationId = request.headers['x-correlation-id'] as string || 'no-correlation-id';
const userAgent = request.get('user-agent') || '';
const startTime = Date.now();
return next.handle().pipe(
tap({
next: (): void => {
const duration = Date.now() - startTime;
this.logger.log(
JSON.stringify({
correlationId,
method,
url,
statusCode: response.statusCode,
duration: `${duration}ms`,
ip,
userAgent,
}),
);
},
error: (error): void => {
const duration = Date.now() - startTime;
this.logger.error(
JSON.stringify({
correlationId,
method,
url,
statusCode: error.status || 500,
duration: `${duration}ms`,
ip,
userAgent,
error: error.message,
}),
);
},
}),
);
}
}

18
backend/src/common/interceptors/timeout.interceptor.ts Normal file
View File

@@ -0,0 +1,18 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
RequestTimeoutException,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { timeout } from 'rxjs/operators';
@Injectable()
export class TimeoutInterceptor implements NestInterceptor {
intercept(_context: ExecutionContext, next: CallHandler): Observable<unknown> {
return next.handle().pipe(
timeout(30000),
);
}
}

27
backend/src/common/interceptors/transform.interceptor.ts Normal file
View File

@@ -0,0 +1,27 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { map } from 'rxjs/operators';
export interface ApiResponse<T> {
success: boolean;
data: T;
timestamp: string;
}
@Injectable()
export class TransformInterceptor<T> implements NestInterceptor<T, ApiResponse<T>> {
intercept(context: ExecutionContext, next: CallHandler): Observable<ApiResponse<T>> {
return next.handle().pipe(
map(data => ({
success: true,
data,
timestamp: new Date().toISOString(),
})),
);
}
}

104
backend/src/common/interfaces/request-context.interface.ts Normal file
View File

@@ -0,0 +1,104 @@
import { UserRole } from '../enums';
export interface RequestContext {
correlationId: string;
userId?: string;
departmentId?: string;
departmentCode?: string;
role?: UserRole;
ipAddress?: string;
userAgent?: string;
}
export interface JwtPayload {
sub: string;
email?: string;
role: UserRole;
departmentCode?: string;
iat?: number;
exp?: number;
}
export interface ApiKeyPayload {
departmentId: string;
departmentCode: string;
}
export interface PaginatedResult<T> {
data: T[];
meta: {
page: number;
limit: number;
total: number;
totalPages: number;
hasNext: boolean;
hasPrev: boolean;
};
}
export interface PaginationMetadata {
page: number;
limit: number;
total: number;
totalPages: number;
hasNextPage: boolean;
hasPreviousPage: boolean;
}
export interface WorkflowDefinition {
workflowId: string;
workflowType: string;
version: number;
isActive: boolean;
stages: WorkflowStage[];
createdAt: Date;
updatedAt: Date;
}
export interface WorkflowStage {
stageId: string;
stageName: string;
stageOrder: number;
executionType: 'SEQUENTIAL' | 'PARALLEL';
requiredApprovals: DepartmentApproval[];
completionCriteria: 'ALL' | 'ANY' | 'THRESHOLD';
threshold?: number;
timeoutDays?: number;
onTimeout: 'NOTIFY' | 'ESCALATE' | 'AUTO_REJECT';
onRejection: 'FAIL_REQUEST' | 'RETRY_STAGE' | 'ESCALATE';
}
export interface DepartmentApproval {
departmentCode: string;
departmentName: string;
requiredDocuments: string[];
isMandatory: boolean;
}
export interface TimelineEvent {
eventId: string;
eventType: string;
description: string;
actor: {
type: string;
id?: string;
name?: string;
};
metadata?: Record<string, unknown>;
transactionHash?: string;
timestamp: Date;
}
export interface WebhookPayload {
event: string;
timestamp: string;
data: Record<string, unknown>;
signature?: string;
}
export interface BlockchainReceipt {
transactionHash: string;
blockNumber: number;
gasUsed: bigint;
status: boolean;
}

1
backend/src/common/pipes/index.ts Normal file
View File

@@ -0,0 +1 @@
export * from './validation.pipe';

12
backend/src/common/pipes/uuid-validation.pipe.ts Normal file
View File

@@ -0,0 +1,12 @@
import { PipeTransform, Injectable, BadRequestException } from '@nestjs/common';
import { validate as isUuid } from 'uuid';
@Injectable()
export class UuidValidationPipe implements PipeTransform<string, string> {
transform(value: string): string {
if (!isUuid(value)) {
throw new BadRequestException('Invalid UUID format');
}
return value;
}
}

44
backend/src/common/pipes/validation.pipe.ts Normal file
View File

@@ -0,0 +1,44 @@
import {
PipeTransform,
Injectable,
ArgumentMetadata,
BadRequestException,
} from '@nestjs/common';
import { validate } from 'class-validator';
import { plainToInstance } from 'class-transformer';
import { ERROR_CODES } from '../constants';
@Injectable()
export class CustomValidationPipe implements PipeTransform {
async transform(value: unknown, { metatype }: ArgumentMetadata): Promise<unknown> {
if (!metatype || !this.toValidate(metatype)) {
return value;
}
const object = plainToInstance(metatype, value);
const errors = await validate(object);
if (errors.length > 0) {
const messages = errors.map((error) => {
const constraints = error.constraints || {};
return {
field: error.property,
errors: Object.values(constraints),
};
});
throw new BadRequestException({
code: ERROR_CODES.VALIDATION_ERROR,
message: 'Validation failed',
details: { validationErrors: messages },
});
}
return object;
}
private toValidate(metatype: new (...args: unknown[]) => unknown): boolean {
const types: (new (...args: unknown[]) => unknown)[] = [String, Boolean, Number, Array, Object];
return !types.includes(metatype);
}
}

7
backend/src/common/types/paginated-result.type.ts Normal file
View File

@@ -0,0 +1,7 @@
export type PaginatedResult<T> = {
data: T[];
total: number;
page: number;
limit: number;
totalPages: number;
};

83
backend/src/common/utils/crypto.util.ts Normal file
View File

@@ -0,0 +1,83 @@
import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';
import * as bcrypt from 'bcrypt';
import * as crypto from 'crypto';
export async function hash(data: string): Promise<string> {
return bcrypt.hash(data, 10);
}
export async function generateApiKey(): Promise<{
apiKey: string;
apiSecret: string;
apiKeyHash: string;
apiSecretHash: string;
}> {
const apiKey = `goa_${crypto.randomBytes(16).toString('hex')}`;
const apiSecret = crypto.randomBytes(32).toString('hex');
const [apiKeyHash, apiSecretHash] = await Promise.all([
hash(apiKey),
hash(apiSecret),
]);
return {
apiKey,
apiSecret,
apiKeyHash,
apiSecretHash,
};
}
export class CryptoUtil {
private static readonly ALGORITHM = 'aes-256-gcm';
private static readonly SALT_LENGTH = 16;
private static readonly TAG_LENGTH = 16;
private static readonly IV_LENGTH = 16;
static encrypt(data: string, password: string): string {
const salt = randomBytes(CryptoUtil.SALT_LENGTH);
const key = scryptSync(password, salt, 32);
const iv = randomBytes(CryptoUtil.IV_LENGTH);
const cipher = createCipheriv(CryptoUtil.ALGORITHM, key, iv);
const encrypted = Buffer.concat([
cipher.update(data, 'utf8'),
cipher.final(),
]);
const authTag = cipher.getAuthTag();
return Buffer.concat([salt, iv, authTag, encrypted]).toString('hex');
}
static decrypt(encryptedData: string, password: string): string {
const buffer = Buffer.from(encryptedData, 'hex');
const salt = buffer.subarray(0, CryptoUtil.SALT_LENGTH);
const iv = buffer.subarray(
CryptoUtil.SALT_LENGTH,
CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,
);
const authTag = buffer.subarray(
CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH,
CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,
);
const encrypted = buffer.subarray(
CryptoUtil.SALT_LENGTH + CryptoUtil.IV_LENGTH + CryptoUtil.TAG_LENGTH,
);
const key = scryptSync(password, salt, 32);
const decipher = createDecipheriv(CryptoUtil.ALGORITHM, key, iv);
decipher.setAuthTag(authTag);
return decipher.update(encrypted) + decipher.final('utf8');
}
static generateKey(length: number = 32): string {
return randomBytes(length).toString('hex');
}
static generateIV(length: number = 16): string {
return randomBytes(length).toString('hex');
}
}

97
backend/src/common/utils/date.util.ts Normal file
View File

@@ -0,0 +1,97 @@
export class DateUtil {
static getCurrentTimestamp(): Date {
return new Date();
}
static getTimestampInSeconds(): number {
return Math.floor(Date.now() / 1000);
}
static addDays(date: Date, days: number): Date {
const result = new Date(date);
result.setDate(result.getDate() + days);
return result;
}
static addHours(date: Date, hours: number): Date {
const result = new Date(date);
result.setHours(result.getHours() + hours);
return result;
}
static addMinutes(date: Date, minutes: number): Date {
const result = new Date(date);
result.setMinutes(result.getMinutes() + minutes);
return result;
}
static addSeconds(date: Date, seconds: number): Date {
const result = new Date(date);
result.setSeconds(result.getSeconds() + seconds);
return result;
}
static isExpired(date: Date): boolean {
return date < this.getCurrentTimestamp();
}
static getDifferenceInSeconds(date1: Date, date2: Date): number {
return Math.floor((date1.getTime() - date2.getTime()) / 1000);
}
static getDifferenceInMinutes(date1: Date, date2: Date): number {
return Math.floor(this.getDifferenceInSeconds(date1, date2) / 60);
}
static getDifferenceInHours(date1: Date, date2: Date): number {
return Math.floor(this.getDifferenceInMinutes(date1, date2) / 60);
}
static getDifferenceInDays(date1: Date, date2: Date): number {
return Math.floor(this.getDifferenceInHours(date1, date2) / 24);
}
static startOfDay(date: Date = new Date()): Date {
const result = new Date(date);
result.setHours(0, 0, 0, 0);
return result;
}
static endOfDay(date: Date = new Date()): Date {
const result = new Date(date);
result.setHours(23, 59, 59, 999);
return result;
}
static startOfMonth(date: Date = new Date()): Date {
const result = new Date(date);
result.setDate(1);
result.setHours(0, 0, 0, 0);
return result;
}
static endOfMonth(date: Date = new Date()): Date {
const result = new Date(date.getFullYear(), date.getMonth() + 1, 0);
result.setHours(23, 59, 59, 999);
return result;
}
static formatISO(date: Date): string {
return date.toISOString();
}
static formatDate(date: Date, format: string = 'DD/MM/YYYY'): string {
const day = String(date.getDate()).padStart(2, '0');
const month = String(date.getMonth() + 1).padStart(2, '0');
const year = date.getFullYear();
return format
.replace('DD', day)
.replace('MM', month)
.replace('YYYY', year.toString());
}
static parseISO(dateString: string): Date {
return new Date(dateString);
}
}

75
backend/src/common/utils/hash.util.ts Normal file
View File

@@ -0,0 +1,75 @@
import * as crypto from 'crypto';
import * as bcrypt from 'bcrypt';
export class HashUtil {
/**
* Generate SHA-256 hash from buffer
*/
static sha256(buffer: Buffer): string {
return crypto.createHash('sha256').update(buffer).digest('hex');
}
/**
* Generate SHA-256 hash from string
*/
static sha256String(input: string): string {
return crypto.createHash('sha256').update(input).digest('hex');
}
/**
* Generate Keccak-256 hash (Ethereum compatible)
*/
static keccak256(input: string): string {
return crypto.createHash('sha3-256').update(input).digest('hex');
}
/**
* Hash password using bcrypt
*/
static async hashPassword(password: string, rounds = 10): Promise<string> {
return bcrypt.hash(password, rounds);
}
/**
* Compare password with hash
*/
static async comparePassword(password: string, hash: string): Promise<boolean> {
return bcrypt.compare(password, hash);
}
/**
* Generate secure random API key
*/
static generateApiKey(): string {
return crypto.randomBytes(32).toString('hex');
}
/**
* Generate secure random secret
*/
static generateSecret(): string {
return crypto.randomBytes(48).toString('base64url');
}
/**
* Generate HMAC signature for webhooks
*/
static generateHmacSignature(payload: string, secret: string): string {
return crypto.createHmac('sha256', secret).update(payload).digest('hex');
}
/**
* Verify HMAC signature
*/
static verifyHmacSignature(payload: string, secret: string, signature: string): boolean {
const expectedSignature = this.generateHmacSignature(payload, secret);
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature));
}
/**
* Generate UUID v4
*/
static generateUuid(): string {
return crypto.randomUUID();
}
}

5
backend/src/common/utils/index.ts Normal file
View File

@@ -0,0 +1,5 @@
export * from './hash.util';
export * from './crypto.util';
export * from './date.util';
export * from './request-number.util';
export * from './pagination.util';

25
backend/src/common/utils/pagination.util.ts Normal file
View File

@@ -0,0 +1,25 @@
import { QueryBuilder } from 'objection';
export interface PaginatedResult<T> {
results: T[];
total: number;
}
export interface PaginationOptions {
page: number;
limit: number;
}
export async function paginate<T>(
query: QueryBuilder<any, T[]>,
page: number,
limit: number,
): Promise<PaginatedResult<T>> {
const p = page > 0 ? page - 1 : 0;
const l = limit > 0 ? limit : 10;
const { results, total } = await query.page(p, l);
return { results, total };
}
export { QueryBuilder };

41
backend/src/common/utils/request-number.util.ts Normal file
View File

@@ -0,0 +1,41 @@
import { RequestType } from '../enums';
import { REQUEST_NUMBER_PREFIX } from '../constants';
export class RequestNumberUtil {
/**
* Generate unique request number
* Format: {PREFIX}-{YEAR}-{SEQUENCE}
* Example: RL-2024-000001
*/
static generate(requestType: RequestType, sequence: number): string {
const prefix = REQUEST_NUMBER_PREFIX[requestType] || 'RQ';
const year = new Date().getFullYear();
const paddedSequence = sequence.toString().padStart(6, '0');
return `${prefix}-${year}-${paddedSequence}`;
}
/**
* Parse request number to extract components
*/
static parse(requestNumber: string): {
prefix: string;
year: number;
sequence: number;
} | null {
const match = requestNumber.match(/^([A-Z]+)-(\d{4})-(\d+)$/);
if (!match) return null;
return {
prefix: match[1],
year: parseInt(match[2], 10),
sequence: parseInt(match[3], 10),
};
}
/**
* Validate request number format
*/
static isValid(requestNumber: string): boolean {
return /^[A-Z]+-\d{4}-\d{6}$/.test(requestNumber);
}
}

59
backend/src/config/app.config.ts Normal file
View File

@@ -0,0 +1,59 @@
import { registerAs } from '@nestjs/config';
import * as Joi from 'joi';
export const appConfigValidationSchema = Joi.object({
NODE_ENV: Joi.string().valid('development', 'production', 'test').default('development'),
PORT: Joi.number().default(3001),
API_VERSION: Joi.string().default('v1'),
API_PREFIX: Joi.string().default('api'),
DATABASE_HOST: Joi.string().required(),
DATABASE_PORT: Joi.number().default(5432),
DATABASE_NAME: Joi.string().required(),
DATABASE_USER: Joi.string().required(),
DATABASE_PASSWORD: Joi.string().required(),
DATABASE_SSL: Joi.boolean().default(false),
BESU_RPC_URL: Joi.string().uri().required(),
BESU_CHAIN_ID: Joi.number().required(),
CONTRACT_ADDRESS_LICENSE_NFT: Joi.string().allow('').default(''),
CONTRACT_ADDRESS_APPROVAL_MANAGER: Joi.string().allow('').default(''),
CONTRACT_ADDRESS_DEPARTMENT_REGISTRY: Joi.string().allow('').default(''),
CONTRACT_ADDRESS_WORKFLOW_REGISTRY: Joi.string().allow('').default(''),
PLATFORM_WALLET_PRIVATE_KEY: Joi.string().allow('').default(''),
MINIO_ENDPOINT: Joi.string().required(),
MINIO_PORT: Joi.number().default(9000),
MINIO_ACCESS_KEY: Joi.string().required(),
MINIO_SECRET_KEY: Joi.string().required(),
MINIO_BUCKET_DOCUMENTS: Joi.string().default('goa-gel-documents'),
MINIO_USE_SSL: Joi.boolean().default(false),
REDIS_HOST: Joi.string().default('localhost'),
REDIS_PORT: Joi.number().default(6379),
REDIS_PASSWORD: Joi.string().allow('').default(''),
JWT_SECRET: Joi.string().min(32).required(),
JWT_EXPIRATION: Joi.string().default('1d'),
API_KEY_SALT_ROUNDS: Joi.number().default(10),
MAX_FILE_SIZE: Joi.number().default(10485760),
ALLOWED_MIME_TYPES: Joi.string().default('application/pdf,image/jpeg,image/png'),
RATE_LIMIT_GLOBAL: Joi.number().default(100),
RATE_LIMIT_API_KEY: Joi.number().default(1000),
LOG_LEVEL: Joi.string().valid('error', 'warn', 'info', 'debug').default('info'),
CORS_ORIGIN: Joi.string().default('http://localhost:3000'),
SWAGGER_ENABLED: Joi.boolean().default(true),
});
export default registerAs('app', () => ({
nodeEnv: process.env.NODE_ENV || 'development',
port: parseInt(process.env.PORT || '3001', 10),
apiVersion: process.env.API_VERSION || 'v1',
apiPrefix: process.env.API_PREFIX || 'api',
corsOrigin: process.env.CORS_ORIGIN || 'http://localhost:3000',
swaggerEnabled: process.env.SWAGGER_ENABLED === 'true',
}));

35
backend/src/config/blockchain.config.ts Normal file
View File

@@ -0,0 +1,35 @@
import { registerAs } from '@nestjs/config';
export interface BlockchainConfig {
rpcUrl: string;
chainId: number;
networkId: number;
contracts: {
licenseNft: string | undefined;
approvalManager: string | undefined;
departmentRegistry: string | undefined;
workflowRegistry: string | undefined;
};
platformWallet: {
privateKey: string | undefined;
};
gasLimit: number;
confirmationBlocks: number;
}
export default registerAs('blockchain', () => ({
rpcUrl: process.env.BESU_RPC_URL || 'http://localhost:8545',
chainId: parseInt(process.env.BESU_CHAIN_ID || '1337', 10),
networkId: parseInt(process.env.BESU_NETWORK_ID || '2024', 10),
contracts: {
licenseNft: process.env.CONTRACT_ADDRESS_LICENSE_NFT,
approvalManager: process.env.CONTRACT_ADDRESS_APPROVAL_MANAGER,
departmentRegistry: process.env.CONTRACT_ADDRESS_DEPARTMENT_REGISTRY,
workflowRegistry: process.env.CONTRACT_ADDRESS_WORKFLOW_REGISTRY,
},
platformWallet: {
privateKey: process.env.PLATFORM_WALLET_PRIVATE_KEY,
},
gasLimit: parseInt(process.env.BLOCKCHAIN_GAS_LIMIT || '8000000', 10),
confirmationBlocks: parseInt(process.env.BLOCKCHAIN_CONFIRMATION_BLOCKS || '1', 10),
}));

13
backend/src/config/database.config.ts Normal file
View File

@@ -0,0 +1,13 @@
import { registerAs } from '@nestjs/config';
export default registerAs('database', () => ({
host: process.env.DATABASE_HOST || 'localhost',
port: parseInt(process.env.DATABASE_PORT || '5432', 10),
database: process.env.DATABASE_NAME || 'goa_gel_platform',
username: process.env.DATABASE_USER || 'postgres',
password: process.env.DATABASE_PASSWORD || 'postgres',
ssl: process.env.DATABASE_SSL === 'true',
logging: process.env.DATABASE_LOGGING === 'true',
synchronize: false,
migrationsRun: true,
}));

7
backend/src/config/index.ts Normal file
View File

@@ -0,0 +1,7 @@
export { default as appConfig, appConfigValidationSchema } from './app.config';
export { default as databaseConfig } from './database.config';
export { default as blockchainConfig } from './blockchain.config';
export { default as storageConfig } from './storage.config';
export { default as redisConfig } from './redis.config';
export { default as jwtConfig } from './jwt.config';
export { default as minioConfig } from './minio.config';

32
backend/src/config/jwt.config.ts Normal file
View File

@@ -0,0 +1,32 @@
import { registerAs } from '@nestjs/config';
export interface JwtConfig {
secret: string;
expiresIn: string;
refreshSecret: string;
refreshExpiresIn: string;
apiKeyHeader: string;
apiKeyValue: string;
}
export default registerAs('jwt', (): JwtConfig => {
const secret = process.env.JWT_SECRET || 'your-super-secret-jwt-key-change-this-in-production';
const refreshSecret =
process.env.JWT_REFRESH_SECRET || 'your-refresh-secret-key-change-this-in-production';
if (
secret === 'your-super-secret-jwt-key-change-this-in-production' ||
refreshSecret === 'your-refresh-secret-key-change-this-in-production'
) {
console.warn('Warning: JWT secrets are using default values. Change these in production!');
}
return {
secret,
expiresIn: process.env.JWT_EXPIRATION || '7d',
refreshSecret,
refreshExpiresIn: process.env.JWT_REFRESH_EXPIRATION || '30d',
apiKeyHeader: process.env.API_KEY_HEADER || 'X-API-Key',
apiKeyValue: process.env.API_KEY_VALUE || 'your-api-key-change-this-in-production',
};
});

32
backend/src/config/minio.config.ts Normal file
View File

@@ -0,0 +1,32 @@
import { registerAs } from '@nestjs/config';
export interface MinioConfig {
endpoint: string;
port: number;
accessKey: string;
secretKey: string;
useSSL: boolean;
region: string;
bucketDocuments: string;
bucketArchives: string;
}
export default registerAs('minio', (): MinioConfig => {
const accessKey = process.env.MINIO_ACCESS_KEY || 'minioadmin';
const secretKey = process.env.MINIO_SECRET_KEY || 'minioadmin_secret_change_this';
if (accessKey === 'minioadmin' || secretKey === 'minioadmin_secret_change_this') {
console.warn('Warning: MinIO credentials are using default values. Change these in production!');
}
return {
endpoint: process.env.MINIO_ENDPOINT || 'localhost',
port: parseInt(process.env.MINIO_PORT || '9000', 10),
accessKey,
secretKey,
useSSL: process.env.MINIO_USE_SSL === 'true',
region: process.env.MINIO_REGION || 'us-east-1',
bucketDocuments: process.env.MINIO_BUCKET_DOCUMENTS || 'goa-gel-documents',
bucketArchives: process.env.MINIO_BUCKET_ARCHIVES || 'goa-gel-archives',
};
});

8
backend/src/config/redis.config.ts Normal file
View File

@@ -0,0 +1,8 @@
import { registerAs } from '@nestjs/config';
export default registerAs('redis', () => ({
host: process.env.REDIS_HOST || 'localhost',
port: parseInt(process.env.REDIS_PORT || '6379', 10),
password: process.env.REDIS_PASSWORD || undefined,
db: parseInt(process.env.REDIS_DB || '0', 10),
}));

12
backend/src/config/storage.config.ts Normal file
View File

@@ -0,0 +1,12 @@
import { registerAs } from '@nestjs/config';
export default registerAs('storage', () => ({
endpoint: process.env.MINIO_ENDPOINT || 'localhost',
port: parseInt(process.env.MINIO_PORT || '9000', 10),
accessKey: process.env.MINIO_ACCESS_KEY || 'minioadmin',
secretKey: process.env.MINIO_SECRET_KEY || 'minioadmin',
bucket: process.env.MINIO_BUCKET_DOCUMENTS || 'goa-gel-documents',
useSSL: process.env.MINIO_USE_SSL === 'true',
region: process.env.MINIO_REGION || 'us-east-1',
signedUrlExpiry: parseInt(process.env.MINIO_SIGNED_URL_EXPIRY || '3600', 10),
}));

3
backend/src/database/CLAUDE.md Normal file
View File

@@ -0,0 +1,3 @@
<claude-mem-context>
</claude-mem-context>

298
backend/src/database/README.md Normal file
View File

@@ -0,0 +1,298 @@
# Goa GEL Database Schema
This directory contains all database entities, migrations, and seeders for the Goa GEL Blockchain Document Verification Platform.
## Directory Structure
```
src/database/
├── entities/ # TypeORM entity definitions
│ ├── applicant.entity.ts
│ ├── department.entity.ts
│ ├── license-request.entity.ts
│ ├── document.entity.ts
│ ├── document-version.entity.ts
│ ├── approval.entity.ts
│ ├── workflow.entity.ts
│ ├── workflow-state.entity.ts
│ ├── webhook.entity.ts
│ ├── webhook-log.entity.ts
│ ├── audit-log.entity.ts
│ ├── blockchain-transaction.entity.ts
│ └── index.ts
├── migrations/ # TypeORM migrations
│ └── 1704067200000-InitialSchema.ts
├── seeders/ # Database seeders
│ └── seed.ts
├── data-source.ts # TypeORM DataSource configuration
└── index.ts # Main exports
```
## Database Entities Overview
### Core Entities
1. **Applicant** - Represents individuals applying for licenses
- Unique: digilockerId, email, walletAddress
- Relations: OneToMany with LicenseRequest
2. **Department** - Represents government departments handling approvals
- Unique: code, walletAddress
- Relations: OneToMany with Approval, OneToMany with Webhook
3. **Workflow** - Defines multi-stage approval workflows
- Unique: workflowType
- Contains: stages, rules, and requirements
- Relations: OneToMany with LicenseRequest
4. **LicenseRequest** - Main entity for license applications
- Unique: requestNumber
- Status: DRAFT, SUBMITTED, IN_REVIEW, PENDING_RESUBMISSION, APPROVED, REJECTED, REVOKED, CANCELLED
- Relations: ManyToOne Applicant, ManyToOne Workflow, OneToMany Document, OneToMany Approval, OneToOne WorkflowState
### Document Management
5. **Document** - Represents uploaded documents for a request
- Tracks: filename, version, hash, minio bucket location
- Relations: ManyToOne LicenseRequest, OneToMany DocumentVersion
6. **DocumentVersion** - Audit trail for document changes
- Tracks: version number, hash, file size, mime type, uploader
- Ensures: (documentId, version) uniqueness
### Approval & Workflow
7. **Approval** - Records department approvals
- Status: PENDING, APPROVED, REJECTED, CHANGES_REQUESTED, REVIEW_REQUIRED
- Tracks: remarks, reviewed documents, blockchain tx hash
- Can be invalidated with reason
8. **WorkflowState** - Tracks execution state of workflow
- Current stage, completed stages, pending approvals
- Full execution log with timestamps and details
- OneToOne relationship with LicenseRequest
### Webhooks & Audit
9. **Webhook** - Department webhook configurations
- Stores: URL, events to listen for, secret hash
- Relations: OneToMany with WebhookLog
10. **WebhookLog** - Audit trail for webhook deliveries
- Status: PENDING, SUCCESS, FAILED
- Tracks: response status, body, response time, retry count
11. **AuditLog** - Comprehensive audit trail
- Tracks: entity changes, actor, old/new values
- Stores: IP address, user agent, correlation ID
- Index optimization for queries by entity type and actor
### Blockchain Integration
12. **BlockchainTransaction** - NFT minting and on-chain operations
- Types: MINT_NFT, APPROVAL, DOC_UPDATE, REJECT, REVOKE
- Status: PENDING, CONFIRMED, FAILED
- Tracks: tx hash, block number, gas used, error messages
## Environment Variables
Set the following in your `.env` file:
```env
# Database Connection
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_NAME=goa_gel_db
NODE_ENV=development
```
## Setup Instructions
### 1. Install Dependencies
```bash
npm install typeorm pg uuid crypto
```
### 2. Create Database
```bash
# Using PostgreSQL client
createdb goa_gel_db
# Or using Docker
docker run --name goa_gel_postgres \
-e POSTGRES_DB=goa_gel_db \
-e POSTGRES_PASSWORD=your_password \
-p 5432:5432 \
-d postgres:15-alpine
```
### 3. Run Migrations
```bash
# Run all pending migrations
npx typeorm migration:run -d src/database/data-source.ts
# Generate a new migration (auto-detects schema changes)
npx typeorm migration:generate -d src/database/data-source.ts -n YourMigrationName
# Revert last migration
npx typeorm migration:revert -d src/database/data-source.ts
```
### 4. Seed Database with Sample Data
```bash
# Run the seed script
npx ts-node src/database/seeders/seed.ts
```
After seeding, you'll have:
- 4 sample departments (Fire, Tourism, Municipal, Health)
- 1 RESORT_LICENSE workflow with 5 stages
- 2 sample applicants
- 1 license request in DRAFT status with workflow state
### 5. Verify Setup
```bash
# Connect to the database
psql goa_gel_db
# List tables
\dt
# Check migrations table
SELECT * FROM typeorm_migrations;
# Exit
\q
```
## Entity Relationships Diagram
```
Applicant (1) ──→ (N) LicenseRequest
├──→ (N) Document ──→ (N) DocumentVersion
├──→ (N) Approval ←─── (1) Department (N)
└──→ (1) WorkflowState
Department (1) ──→ (N) Approval
(1) ──→ (N) Webhook ──→ (N) WebhookLog
Workflow (1) ──→ (N) LicenseRequest
AuditLog - tracks all changes to core entities
BlockchainTransaction - records all on-chain operations
```
## Key Features
### Indexes for Performance
- All frequently queried columns are indexed
- Composite indexes for common query patterns
- JSONB columns for flexible metadata storage
### Cascade Operations
- DELETE cascades properly configured
- Orphaned records cleaned up automatically
### Audit Trail
- Every change tracked in audit_logs
- Actor type and ID recorded
- Old/new values stored for analysis
- IP address and user agent captured
### Blockchain Integration
- All critical operations can be recorded on-chain
- Transaction status tracking
- Error handling with rollback support
### Workflow State Management
- Execution log with full history
- Pending approvals tracking
- Stage transition audit trail
- Extensible for complex workflows
## Common Queries
### Get all license requests for an applicant
```sql
SELECT lr.* FROM license_requests lr
WHERE lr.applicantId = $1
ORDER BY lr.createdAt DESC;
```
### Get pending approvals for a department
```sql
SELECT a.* FROM approvals a
WHERE a.departmentId = $1 AND a.status = 'PENDING'
ORDER BY a.createdAt ASC;
```
### Get audit trail for a specific request
```sql
SELECT al.* FROM audit_logs al
WHERE al.entityType = 'REQUEST' AND al.entityId = $1
ORDER BY al.createdAt DESC;
```
### Get blockchain transaction status
```sql
SELECT bt.* FROM blockchain_transactions bt
WHERE bt.relatedEntityId = $1
ORDER BY bt.createdAt DESC;
```
## Maintenance
### Backup Database
```bash
pg_dump goa_gel_db > backup_$(date +%Y%m%d_%H%M%S).sql
```
### Restore Database
```bash
psql goa_gel_db < backup_file.sql
```
### Monitor Performance
```sql
-- Check table sizes
SELECT schemaname, tablename, pg_size_pretty(pg_total_relation_size(schemaname||'.'||tablename))
FROM pg_tables
WHERE schemaname NOT IN ('pg_catalog', 'information_schema')
ORDER BY pg_total_relation_size(schemaname||'.'||tablename) DESC;
-- Check slow queries
SELECT query, calls, mean_time FROM pg_stat_statements
ORDER BY mean_time DESC LIMIT 10;
```
## Troubleshooting
### Connection Issues
- Verify PostgreSQL service is running
- Check DB_HOST, DB_PORT, DB_USERNAME, DB_PASSWORD
- Ensure database exists: `createdb goa_gel_db`
### Migration Issues
- Check TypeORM synchronize is false in production
- Ensure migrations run in correct order
- Validate SQL syntax in migration files
### Seeding Issues
- Drop existing data: `npx typeorm schema:drop -d src/database/data-source.ts`
- Re-run migrations and seed
- Check console output for specific errors
## Related Files
- `/src/database/data-source.ts` - TypeORM DataSource configuration
- `/src/database/migrations/` - SQL migration files
- `/src/database/seeders/` - Sample data generators
- `.env` - Environment variables

53
backend/src/database/database.module.ts Normal file
View File

@@ -0,0 +1,53 @@
import { Module, Global, OnModuleDestroy, Inject } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import Knex from 'knex';
import { Model } from 'objection';
import { ModelsModule } from './models.module';
export const KNEX_CONNECTION = 'KNEX_CONNECTION';
@Global()
@Module({
imports: [ModelsModule],
providers: [
{
provide: KNEX_CONNECTION,
inject: [ConfigService],
useFactory: async (configService: ConfigService) => {
const knex = Knex({
client: 'pg',
connection: {
host: configService.get<string>('database.host'),
port: configService.get<number>('database.port'),
database: configService.get<string>('database.database'),
user: configService.get<string>('database.username'),
password: configService.get<string>('database.password'),
ssl: configService.get<boolean>('database.ssl')
? { rejectUnauthorized: false }
: false,
},
pool: {
min: 2,
max: 10,
},
debug: configService.get<boolean>('database.logging'),
});
// Bind Objection.js to Knex
Model.knex(knex);
return knex;
},
},
],
exports: [KNEX_CONNECTION, ModelsModule],
})
export class DatabaseModule implements OnModuleDestroy {
constructor(@Inject(KNEX_CONNECTION) private readonly knex: Knex.Knex) { }
async onModuleDestroy(): Promise<void> {
if (this.knex) {
await (this.knex as unknown as Knex.Knex).destroy();
}
}
}

3
backend/src/database/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './models';
export { DatabaseModule, KNEX_CONNECTION } from './database.module';
export { ModelsModule } from './models.module';

81
backend/src/database/knexfile.ts Normal file
View File

@@ -0,0 +1,81 @@
import type { Knex } from 'knex';
import { config } from 'dotenv';
config();
const knexConfig: { [key: string]: Knex.Config } = {
development: {
client: 'pg',
connection: {
host: process.env.DATABASE_HOST || 'localhost',
port: parseInt(process.env.DATABASE_PORT || '5432', 10),
database: process.env.DATABASE_NAME || 'goa_gel_platform',
user: process.env.DATABASE_USER || 'postgres',
password: process.env.DATABASE_PASSWORD || 'postgres',
},
pool: {
min: 2,
max: 10,
},
migrations: {
directory: './migrations',
extension: 'ts',
tableName: 'knex_migrations',
},
seeds: {
directory: './seeds',
extension: 'ts',
},
},
production: {
client: 'pg',
connection: {
host: process.env.DATABASE_HOST,
port: parseInt(process.env.DATABASE_PORT || '5432', 10),
database: process.env.DATABASE_NAME,
user: process.env.DATABASE_USER,
password: process.env.DATABASE_PASSWORD,
ssl: process.env.DATABASE_SSL === 'true' ? { rejectUnauthorized: false } : false,
},
pool: {
min: 2,
max: 20,
},
migrations: {
directory: './migrations',
extension: 'js',
tableName: 'knex_migrations',
},
seeds: {
directory: './seeds',
extension: 'js',
},
},
test: {
client: 'pg',
connection: {
host: process.env.DATABASE_HOST || 'localhost',
port: parseInt(process.env.DATABASE_PORT || '5432', 10),
database: process.env.DATABASE_NAME || 'goa_gel_platform_test',
user: process.env.DATABASE_USER || 'postgres',
password: process.env.DATABASE_PASSWORD || 'postgres',
},
pool: {
min: 1,
max: 5,
},
migrations: {
directory: './migrations',
extension: 'ts',
tableName: 'knex_migrations',
},
seeds: {
directory: './seeds',
extension: 'ts',
},
},
};
export default knexConfig;

246
backend/src/database/migrations/20240101000000_initial_schema.ts Normal file
View File

@@ -0,0 +1,246 @@
import type { Knex } from 'knex';
export async function up(knex: Knex): Promise<void> {
// Enable UUID extension
await knex.raw('CREATE EXTENSION IF NOT EXISTS "uuid-ossp"');
// Applicants table
await knex.schema.createTable('applicants', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('digilocker_id', 255).notNullable().unique();
table.string('name', 255).notNullable();
table.string('email', 255).notNullable();
table.string('phone', 20);
table.string('wallet_address', 42);
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('digilocker_id', 'idx_applicant_digilocker');
table.index('email', 'idx_applicant_email');
});
// Departments table
await knex.schema.createTable('departments', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('code', 50).notNullable().unique();
table.string('name', 255).notNullable();
table.string('wallet_address', 42).unique();
table.string('api_key_hash', 255);
table.string('api_secret_hash', 255);
table.string('webhook_url', 500);
table.string('webhook_secret_hash', 255);
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('code', 'idx_department_code');
table.index('is_active', 'idx_department_active');
});
// Workflows table
await knex.schema.createTable('workflows', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('workflow_type', 100).notNullable().unique();
table.string('name', 255).notNullable();
table.text('description');
table.integer('version').notNullable().defaultTo(1);
table.jsonb('definition').notNullable();
table.boolean('is_active').notNullable().defaultTo(true);
table.uuid('created_by');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('workflow_type', 'idx_workflow_type');
table.index('is_active', 'idx_workflow_active');
});
// License Requests table
await knex.schema.createTable('license_requests', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('request_number', 50).notNullable().unique();
table.bigInteger('token_id');
table.uuid('applicant_id').notNullable().references('id').inTable('applicants').onDelete('CASCADE');
table.string('request_type', 100).notNullable();
table.uuid('workflow_id').references('id').inTable('workflows').onDelete('SET NULL');
table.string('status', 50).notNullable().defaultTo('DRAFT');
table.jsonb('metadata');
table.string('current_stage_id', 100);
table.string('blockchain_tx_hash', 66);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('submitted_at');
table.timestamp('approved_at');
table.index('request_number', 'idx_request_number');
table.index('applicant_id', 'idx_request_applicant');
table.index('status', 'idx_request_status');
table.index('request_type', 'idx_request_type');
table.index('created_at', 'idx_request_created');
table.index(['status', 'request_type'], 'idx_request_status_type');
});
// Documents table
await knex.schema.createTable('documents', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('request_id').notNullable().references('id').inTable('license_requests').onDelete('CASCADE');
table.string('doc_type', 100).notNullable();
table.string('original_filename', 255).notNullable();
table.integer('current_version').notNullable().defaultTo(1);
table.string('current_hash', 66).notNullable();
table.string('minio_bucket', 100).notNullable();
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('request_id', 'idx_document_request');
table.index('doc_type', 'idx_document_type');
});
// Document Versions table
await knex.schema.createTable('document_versions', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('document_id').notNullable().references('id').inTable('documents').onDelete('CASCADE');
table.integer('version').notNullable();
table.string('hash', 66).notNullable();
table.string('minio_path', 500).notNullable();
table.bigInteger('file_size').notNullable();
table.string('mime_type', 100).notNullable();
table.uuid('uploaded_by').notNullable();
table.string('blockchain_tx_hash', 66);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.unique(['document_id', 'version'], { indexName: 'uq_document_version' });
table.index('document_id', 'idx_docversion_document');
});
// Approvals table
await knex.schema.createTable('approvals', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('request_id').notNullable().references('id').inTable('license_requests').onDelete('CASCADE');
table.uuid('department_id').notNullable().references('id').inTable('departments').onDelete('CASCADE');
table.string('status', 50).notNullable().defaultTo('PENDING');
table.text('remarks');
table.string('remarks_hash', 66);
table.jsonb('reviewed_documents');
table.string('blockchain_tx_hash', 66);
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('invalidated_at');
table.string('invalidation_reason', 255);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('request_id', 'idx_approval_request');
table.index('department_id', 'idx_approval_department');
table.index('status', 'idx_approval_status');
table.index(['request_id', 'department_id'], 'idx_approval_request_dept');
});
// Workflow States table
await knex.schema.createTable('workflow_states', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('request_id').notNullable().unique().references('id').inTable('license_requests').onDelete('CASCADE');
table.string('current_stage_id', 100).notNullable();
table.jsonb('completed_stages').notNullable().defaultTo('[]');
table.jsonb('pending_approvals').notNullable().defaultTo('[]');
table.jsonb('execution_log').notNullable().defaultTo('[]');
table.timestamp('stage_started_at');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('request_id', 'idx_wfstate_request');
});
// Webhooks table
await knex.schema.createTable('webhooks', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('department_id').notNullable().references('id').inTable('departments').onDelete('CASCADE');
table.string('url', 500).notNullable();
table.jsonb('events').notNullable();
table.string('secret_hash', 255).notNullable();
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('department_id', 'idx_webhook_department');
});
// Webhook Logs table
await knex.schema.createTable('webhook_logs', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.uuid('webhook_id').notNullable().references('id').inTable('webhooks').onDelete('CASCADE');
table.string('event_type', 100).notNullable();
table.jsonb('payload').notNullable();
table.integer('response_status');
table.text('response_body');
table.integer('response_time');
table.integer('retry_count').notNullable().defaultTo(0);
table.string('status', 20).notNullable().defaultTo('PENDING');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.index('webhook_id', 'idx_webhooklog_webhook');
table.index('event_type', 'idx_webhooklog_event');
table.index('status', 'idx_webhooklog_status');
table.index('created_at', 'idx_webhooklog_created');
});
// Audit Logs table
await knex.schema.createTable('audit_logs', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('entity_type', 50).notNullable();
table.uuid('entity_id').notNullable();
table.string('action', 50).notNullable();
table.string('actor_type', 50).notNullable();
table.uuid('actor_id');
table.jsonb('old_value');
table.jsonb('new_value');
table.string('ip_address', 45);
table.text('user_agent');
table.string('correlation_id', 100);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.index(['entity_type', 'entity_id'], 'idx_audit_entity');
table.index('entity_type', 'idx_audit_entitytype');
table.index('action', 'idx_audit_action');
table.index('created_at', 'idx_audit_created');
table.index('correlation_id', 'idx_audit_correlation');
});
// Blockchain Transactions table
await knex.schema.createTable('blockchain_transactions', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('tx_hash', 66).notNullable().unique();
table.string('tx_type', 50).notNullable();
table.string('related_entity_type', 50).notNullable();
table.uuid('related_entity_id').notNullable();
table.string('from_address', 42).notNullable();
table.string('to_address', 42);
table.string('status', 20).notNullable().defaultTo('PENDING');
table.bigInteger('block_number');
table.bigInteger('gas_used');
table.text('error_message');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('confirmed_at');
table.index('tx_hash', 'idx_bctx_hash');
table.index('tx_type', 'idx_bctx_type');
table.index('status', 'idx_bctx_status');
table.index('related_entity_id', 'idx_bctx_entity');
table.index('created_at', 'idx_bctx_created');
});
}
export async function down(knex: Knex): Promise<void> {
await knex.schema.dropTableIfExists('blockchain_transactions');
await knex.schema.dropTableIfExists('audit_logs');
await knex.schema.dropTableIfExists('webhook_logs');
await knex.schema.dropTableIfExists('webhooks');
await knex.schema.dropTableIfExists('workflow_states');
await knex.schema.dropTableIfExists('approvals');
await knex.schema.dropTableIfExists('document_versions');
await knex.schema.dropTableIfExists('documents');
await knex.schema.dropTableIfExists('license_requests');
await knex.schema.dropTableIfExists('workflows');
await knex.schema.dropTableIfExists('departments');
await knex.schema.dropTableIfExists('applicants');
}

107
backend/src/database/migrations/20240201000000_add_users_wallets_events_logs.ts Normal file
View File

@@ -0,0 +1,107 @@
import type { Knex } from 'knex';
export async function up(knex: Knex): Promise<void> {
// Users table for email/password authentication
await knex.schema.createTable('users', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('email', 255).notNullable().unique();
table.string('password_hash', 255).notNullable();
table.string('name', 255).notNullable();
table.enum('role', ['ADMIN', 'DEPARTMENT', 'CITIZEN']).notNullable();
table.uuid('department_id').references('id').inTable('departments').onDelete('SET NULL');
table.string('wallet_address', 42);
table.text('wallet_encrypted_key');
table.string('phone', 20);
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('last_login_at');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('email', 'idx_user_email');
table.index('role', 'idx_user_role');
table.index('department_id', 'idx_user_department');
table.index('is_active', 'idx_user_active');
});
// Wallets table for storing encrypted private keys
await knex.schema.createTable('wallets', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('address', 42).notNullable().unique();
table.text('encrypted_private_key').notNullable();
table.enum('owner_type', ['USER', 'DEPARTMENT']).notNullable();
table.uuid('owner_id').notNullable();
table.boolean('is_active').notNullable().defaultTo(true);
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.timestamp('updated_at').notNullable().defaultTo(knex.fn.now());
table.index('address', 'idx_wallet_address');
table.index(['owner_type', 'owner_id'], 'idx_wallet_owner');
});
// Blockchain events table
await knex.schema.createTable('blockchain_events', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.string('tx_hash', 66).notNullable();
table.string('event_name', 100).notNullable();
table.string('contract_address', 42).notNullable();
table.bigInteger('block_number').notNullable();
table.integer('log_index').notNullable();
table.jsonb('args').notNullable();
table.jsonb('decoded_args');
table.string('related_entity_type', 50);
table.uuid('related_entity_id');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.unique(['tx_hash', 'log_index'], { indexName: 'uq_event_tx_log' });
table.index('tx_hash', 'idx_event_tx');
table.index('event_name', 'idx_event_name');
table.index('contract_address', 'idx_event_contract');
table.index('block_number', 'idx_event_block');
table.index('created_at', 'idx_event_created');
table.index(['related_entity_type', 'related_entity_id'], 'idx_event_entity');
});
// Application logs table
await knex.schema.createTable('application_logs', (table) => {
table.uuid('id').primary().defaultTo(knex.raw('uuid_generate_v4()'));
table.enum('level', ['DEBUG', 'INFO', 'WARN', 'ERROR']).notNullable();
table.string('module', 100).notNullable();
table.text('message').notNullable();
table.jsonb('context');
table.text('stack_trace');
table.uuid('user_id');
table.string('correlation_id', 100);
table.string('ip_address', 45);
table.text('user_agent');
table.timestamp('created_at').notNullable().defaultTo(knex.fn.now());
table.index('level', 'idx_applog_level');
table.index('module', 'idx_applog_module');
table.index('user_id', 'idx_applog_user');
table.index('correlation_id', 'idx_applog_correlation');
table.index('created_at', 'idx_applog_created');
});
// Add additional fields to departments table
await knex.schema.alterTable('departments', (table) => {
table.text('description');
table.string('contact_email', 255);
table.string('contact_phone', 20);
table.timestamp('last_webhook_at');
});
}
export async function down(knex: Knex): Promise<void> {
// Remove additional fields from departments
await knex.schema.alterTable('departments', (table) => {
table.dropColumn('description');
table.dropColumn('contact_email');
table.dropColumn('contact_phone');
table.dropColumn('last_webhook_at');
});
await knex.schema.dropTableIfExists('application_logs');
await knex.schema.dropTableIfExists('blockchain_events');
await knex.schema.dropTableIfExists('wallets');
await knex.schema.dropTableIfExists('users');
}

20
backend/src/database/models.module.ts Normal file
View File

@@ -0,0 +1,20 @@
import { Module, Global, Provider } from '@nestjs/common';
import * as models from './models';
const modelProviders: Provider[] = Object.values(models)
.filter((model: any) =>
typeof model === 'function' &&
model.prototype &&
(model.prototype instanceof models.BaseModel || model === models.BaseModel)
)
.map((model: any) => ({
provide: model,
useValue: model,
}));
@Global()
@Module({
providers: modelProviders,
exports: modelProviders,
})
export class ModelsModule { }

61
backend/src/database/models/applicant.model.ts Normal file
View File

@@ -0,0 +1,61 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class Applicant extends BaseModel {
static tableName = 'applicants';
id!: string;
digilockerId!: string;
name!: string;
email!: string;
phone?: string;
walletAddress?: string;
isActive!: boolean;
firstName?: string;
lastName?: string;
departmentCode?: string;
lastLoginAt?: Date;
createdAt!: Date;
updatedAt!: Date;
// Relations
requests?: Model[];
static get jsonSchema() {
return {
type: 'object',
required: ['digilockerId', 'name', 'email'],
properties: {
id: { type: 'string', format: 'uuid' },
digilockerId: { type: 'string', maxLength: 255 },
name: { type: 'string', maxLength: 255 },
email: { type: 'string', format: 'email', maxLength: 255 },
phone: { type: ['string', 'null'], maxLength: 20 },
walletAddress: { type: ['string', 'null'], maxLength: 42 },
isActive: { type: 'boolean', default: true },
firstName: { type: ['string', 'null'] },
lastName: { type: ['string', 'null'] },
departmentCode: { type: ['string', 'null'] },
lastLoginAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { LicenseRequest } = require('./license-request.model');
return {
requests: {
relation: Model.HasManyRelation,
modelClass: LicenseRequest,
join: {
from: 'applicants.id',
to: 'license_requests.applicant_id',
},
},
};
};
}
}

37
backend/src/database/models/application-log.model.ts Normal file
View File

@@ -0,0 +1,37 @@
import { BaseModel } from './base.model';
export class ApplicationLog extends BaseModel {
static tableName = 'application_logs';
id!: string;
level!: 'DEBUG' | 'INFO' | 'WARN' | 'ERROR';
module!: string;
message!: string;
context?: Record<string, any>;
stackTrace?: string;
userId?: string;
correlationId?: string;
ipAddress?: string;
userAgent?: string;
createdAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['level', 'module', 'message'],
properties: {
id: { type: 'string', format: 'uuid' },
level: { type: 'string', enum: ['DEBUG', 'INFO', 'WARN', 'ERROR'] },
module: { type: 'string', maxLength: 100 },
message: { type: 'string' },
context: { type: ['object', 'null'] },
stackTrace: { type: ['string', 'null'] },
userId: { type: ['string', 'null'], format: 'uuid' },
correlationId: { type: ['string', 'null'], maxLength: 100 },
ipAddress: { type: ['string', 'null'], maxLength: 45 },
userAgent: { type: ['string', 'null'] },
createdAt: { type: 'string', format: 'date-time' },
},
};
}
}

83
backend/src/database/models/approval.model.ts Normal file
View File

@@ -0,0 +1,83 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
import { ApprovalStatus } from '../../common/enums';
export { ApprovalStatus };
export class Approval extends BaseModel {
static tableName = 'approvals';
id!: string;
requestId!: string;
departmentId!: string;
status!: ApprovalStatus;
remarks?: string;
remarksHash?: string;
reviewedDocuments?: string[];
blockchainTxHash?: string;
isActive!: boolean;
invalidatedAt?: Date;
invalidationReason?: string;
revalidatedAt?: Date;
approvedBy?: string;
rejectionReason?: string;
requiredDocuments?: string[];
completedAt?: Date;
createdAt!: Date;
updatedAt!: Date;
// Relations
request?: Model;
department?: Model;
static get jsonSchema() {
return {
type: 'object',
required: ['requestId', 'departmentId'],
properties: {
id: { type: 'string', format: 'uuid' },
requestId: { type: 'string', format: 'uuid' },
departmentId: { type: 'string', format: 'uuid' },
status: { type: 'string', maxLength: 50, default: 'PENDING' },
remarks: { type: ['string', 'null'] },
remarksHash: { type: ['string', 'null'], maxLength: 66 },
reviewedDocuments: { type: ['array', 'null'], items: { type: 'string' } },
blockchainTxHash: { type: ['string', 'null'], maxLength: 66 },
isActive: { type: 'boolean', default: true },
invalidatedAt: { type: ['string', 'null'], format: 'date-time' },
invalidationReason: { type: ['string', 'null'], maxLength: 255 },
revalidatedAt: { type: ['string', 'null'], format: 'date-time' },
approvedBy: { type: ['string', 'null'] },
rejectionReason: { type: ['string', 'null'] },
requiredDocuments: { type: ['array', 'null'], items: { type: 'string' } },
completedAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { LicenseRequest } = require('./license-request.model');
const { Department } = require('./department.model');
return {
request: {
relation: Model.BelongsToOneRelation,
modelClass: LicenseRequest,
join: {
from: 'approvals.request_id',
to: 'license_requests.id',
},
},
department: {
relation: Model.BelongsToOneRelation,
modelClass: Department,
join: {
from: 'approvals.department_id',
to: 'departments.id',
},
},
};
};
}
}

49
backend/src/database/models/audit-log.model.ts Normal file
View File

@@ -0,0 +1,49 @@
import { Model, QueryContext } from 'objection';
import { v4 as uuidv4 } from 'uuid';
import { BaseModel } from './base.model';
export class AuditLog extends BaseModel {
static tableName = 'audit_logs';
id!: string;
entityType!: string;
entityId!: string;
action!: string;
actorType!: string;
actorId?: string;
oldValue?: Record<string, unknown>;
newValue?: Record<string, unknown>;
ipAddress?: string;
userAgent?: string;
correlationId?: string;
createdAt!: Date;
async $beforeInsert(queryContext: QueryContext): Promise<void> {
await super.$beforeInsert(queryContext);
if (!this.id) {
this.id = uuidv4();
}
this.createdAt = new Date();
}
static get jsonSchema() {
return {
type: 'object',
required: ['entityType', 'entityId', 'action', 'actorType'],
properties: {
id: { type: 'string', format: 'uuid' },
entityType: { type: 'string', maxLength: 50 },
entityId: { type: 'string', format: 'uuid' },
action: { type: 'string', maxLength: 50 },
actorType: { type: 'string', maxLength: 50 },
actorId: { type: ['string', 'null'], format: 'uuid' },
oldValue: { type: ['object', 'null'] },
newValue: { type: ['object', 'null'] },
ipAddress: { type: ['string', 'null'], maxLength: 45 },
userAgent: { type: ['string', 'null'] },
correlationId: { type: ['string', 'null'], maxLength: 100 },
createdAt: { type: 'string', format: 'date-time' },
},
};
}
}

34
backend/src/database/models/base.model.ts Normal file
View File

@@ -0,0 +1,34 @@
import { Model, ModelOptions, QueryContext, snakeCaseMappers } from 'objection';
import { v4 as uuidv4 } from 'uuid';
export class BaseModel extends Model {
id!: string;
createdAt!: Date;
updatedAt!: Date;
static get columnNameMappers() {
return snakeCaseMappers();
}
static get modelPaths(): string[] {
return [__dirname];
}
async $beforeInsert(queryContext: QueryContext): Promise<void> {
await super.$beforeInsert(queryContext);
if (!this.id) {
this.id = uuidv4();
}
this.createdAt = new Date();
this.updatedAt = new Date();
}
async $beforeUpdate(opt: ModelOptions, queryContext: QueryContext): Promise<void> {
await super.$beforeUpdate(opt, queryContext);
this.updatedAt = new Date();
}
static get useLimitInFirst(): boolean {
return true;
}
}

37
backend/src/database/models/blockchain-event.model.ts Normal file
View File

@@ -0,0 +1,37 @@
import { BaseModel } from './base.model';
export class BlockchainEvent extends BaseModel {
static tableName = 'blockchain_events';
id!: string;
txHash!: string;
eventName!: string;
contractAddress!: string;
blockNumber!: number;
logIndex!: number;
args!: Record<string, any>;
decodedArgs?: Record<string, any>;
relatedEntityType?: string;
relatedEntityId?: string;
createdAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['txHash', 'eventName', 'contractAddress', 'blockNumber', 'logIndex', 'args'],
properties: {
id: { type: 'string', format: 'uuid' },
txHash: { type: 'string', maxLength: 66 },
eventName: { type: 'string', maxLength: 100 },
contractAddress: { type: 'string', maxLength: 42 },
blockNumber: { type: 'integer' },
logIndex: { type: 'integer' },
args: { type: 'object' },
decodedArgs: { type: ['object', 'null'] },
relatedEntityType: { type: ['string', 'null'], maxLength: 50 },
relatedEntityId: { type: ['string', 'null'], format: 'uuid' },
createdAt: { type: 'string', format: 'date-time' },
},
};
}
}

52
backend/src/database/models/blockchain-transaction.model.ts Normal file
View File

@@ -0,0 +1,52 @@
import { Model, QueryContext } from 'objection';
import { v4 as uuidv4 } from 'uuid';
import { TransactionType, TransactionStatus } from '../../common/enums';
import { BaseModel } from './base.model';
export class BlockchainTransaction extends BaseModel {
static tableName = 'blockchain_transactions';
id!: string;
txHash!: string;
txType!: TransactionType;
relatedEntityType!: string;
relatedEntityId!: string;
fromAddress!: string;
toAddress?: string;
status!: TransactionStatus;
blockNumber?: string;
gasUsed?: string;
errorMessage?: string;
createdAt!: Date;
confirmedAt?: Date;
async $beforeInsert(queryContext: QueryContext): Promise<void> {
await super.$beforeInsert(queryContext);
if (!this.id) {
this.id = uuidv4();
}
this.createdAt = new Date();
}
static get jsonSchema() {
return {
type: 'object',
required: ['txHash', 'txType', 'relatedEntityType', 'relatedEntityId', 'fromAddress'],
properties: {
id: { type: 'string', format: 'uuid' },
txHash: { type: 'string', maxLength: 66 },
txType: { type: 'string', maxLength: 50 },
relatedEntityType: { type: 'string', maxLength: 50 },
relatedEntityId: { type: 'string', format: 'uuid' },
fromAddress: { type: 'string', maxLength: 42 },
toAddress: { type: ['string', 'null'], maxLength: 42 },
status: { type: 'string', maxLength: 20, default: 'PENDING' },
blockNumber: { type: ['string', 'null'] },
gasUsed: { type: ['string', 'null'] },
errorMessage: { type: ['string', 'null'] },
createdAt: { type: 'string', format: 'date-time' },
confirmedAt: { type: ['string', 'null'], format: 'date-time' },
},
};
}
}

75
backend/src/database/models/department.model.ts Normal file
View File

@@ -0,0 +1,75 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class Department extends BaseModel {
static tableName = 'departments';
id!: string;
code!: string;
name!: string;
walletAddress?: string;
apiKeyHash?: string;
apiSecretHash?: string;
webhookUrl?: string;
webhookSecretHash?: string;
isActive!: boolean;
description?: string;
contactEmail?: string;
contactPhone?: string;
lastWebhookAt?: Date;
createdAt!: Date;
updatedAt!: Date;
// Relations
approvals?: Model[];
webhooks?: Model[];
static get jsonSchema() {
return {
type: 'object',
required: ['code', 'name'],
properties: {
id: { type: 'string', format: 'uuid' },
code: { type: 'string', maxLength: 50 },
name: { type: 'string', maxLength: 255 },
walletAddress: { type: ['string', 'null'], maxLength: 42 },
apiKeyHash: { type: ['string', 'null'], maxLength: 255 },
apiSecretHash: { type: ['string', 'null'], maxLength: 255 },
webhookUrl: { type: ['string', 'null'], maxLength: 500 },
webhookSecretHash: { type: ['string', 'null'], maxLength: 255 },
isActive: { type: 'boolean', default: true },
description: { type: ['string', 'null'] },
contactEmail: { type: ['string', 'null'] },
contactPhone: { type: ['string', 'null'] },
lastWebhookAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Approval } = require('./approval.model');
const { Webhook } = require('./webhook.model');
return {
approvals: {
relation: Model.HasManyRelation,
modelClass: Approval,
join: {
from: 'departments.id',
to: 'approvals.department_id',
},
},
webhooks: {
relation: Model.HasManyRelation,
modelClass: Webhook,
join: {
from: 'departments.id',
to: 'webhooks.department_id',
},
},
};
};
}
}

55
backend/src/database/models/document-version.model.ts Normal file
View File

@@ -0,0 +1,55 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class DocumentVersion extends BaseModel {
static tableName = 'document_versions';
id!: string;
documentId!: string;
version!: number;
hash!: string;
minioPath!: string;
fileSize!: string;
mimeType!: string;
uploadedBy!: string;
blockchainTxHash?: string;
createdAt!: Date;
// Relations
document?: Model;
static get jsonSchema() {
return {
type: 'object',
required: ['documentId', 'version', 'hash', 'minioPath', 'fileSize', 'mimeType', 'uploadedBy'],
properties: {
id: { type: 'string', format: 'uuid' },
documentId: { type: 'string', format: 'uuid' },
version: { type: 'integer' },
hash: { type: 'string', maxLength: 66 },
minioPath: { type: 'string', maxLength: 500 },
fileSize: { type: 'string' },
mimeType: { type: 'string', maxLength: 100 },
uploadedBy: { type: 'string', format: 'uuid' },
blockchainTxHash: { type: ['string', 'null'], maxLength: 66 },
createdAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Document } = require('./document.model');
return {
document: {
relation: Model.BelongsToOneRelation,
modelClass: Document,
join: {
from: 'document_versions.document_id',
to: 'documents.id',
},
},
};
};
}
}

69
backend/src/database/models/document.model.ts Normal file
View File

@@ -0,0 +1,69 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class Document extends BaseModel {
static tableName = 'documents';
id!: string;
requestId!: string;
docType!: string;
originalFilename!: string;
currentVersion!: number;
currentHash!: string;
minioBucket!: string;
isActive!: boolean;
downloadCount!: number;
lastDownloadedAt?: string;
createdAt!: Date;
updatedAt!: Date;
// Relations
request?: Model;
versions?: Model[];
static get jsonSchema() {
return {
type: 'object',
required: ['requestId', 'docType', 'originalFilename', 'currentHash', 'minioBucket'],
properties: {
id: { type: 'string', format: 'uuid' },
requestId: { type: 'string', format: 'uuid' },
docType: { type: 'string', maxLength: 100 },
originalFilename: { type: 'string', maxLength: 255 },
currentVersion: { type: 'integer', default: 1 },
currentHash: { type: 'string', maxLength: 66 },
minioBucket: { type: 'string', maxLength: 100 },
isActive: { type: 'boolean', default: true },
downloadCount: { type: 'integer', default: 0 },
lastDownloadedAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { LicenseRequest } = require('./license-request.model');
const { DocumentVersion } = require('./document-version.model');
return {
request: {
relation: Model.BelongsToOneRelation,
modelClass: LicenseRequest,
join: {
from: 'documents.request_id',
to: 'license_requests.id',
},
},
versions: {
relation: Model.HasManyRelation,
modelClass: DocumentVersion,
join: {
from: 'documents.id',
to: 'document_versions.document_id',
},
},
};
};
}
}

17
backend/src/database/models/index.ts Normal file
View File

@@ -0,0 +1,17 @@
export * from './base.model';
export * from './applicant.model';
export * from './department.model';
export * from './license-request.model';
export * from './document.model';
export * from './document-version.model';
export * from './approval.model';
export * from './workflow.model';
export * from './workflow-state.model';
export * from './webhook.model';
export * from './webhook-log.model';
export * from './audit-log.model';
export * from './blockchain-transaction.model';
export * from './user.model';
export * from './wallet.model';
export * from './blockchain-event.model';
export * from './application-log.model';

108
backend/src/database/models/license-request.model.ts Normal file
View File

@@ -0,0 +1,108 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
import { RequestStatus, RequestType } from '../../common/enums';
export const LicenseRequestStatus = RequestStatus;
export type LicenseRequestStatus = RequestStatus;
export class LicenseRequest extends BaseModel {
static tableName = 'license_requests';
id!: string;
requestNumber!: string;
tokenId?: string;
applicantId!: string;
requestType!: RequestType;
workflowId?: string;
status!: RequestStatus;
metadata?: Record<string, unknown>;
currentStageId?: string;
blockchainTxHash?: string;
createdAt!: Date;
updatedAt!: Date;
submittedAt?: Date;
approvedAt?: Date;
// Relations
applicant?: Model;
workflow?: Model;
documents?: Model[];
approvals?: Model[];
workflowState?: Model;
static get jsonSchema() {
return {
type: 'object',
required: ['requestNumber', 'applicantId', 'requestType'],
properties: {
id: { type: 'string', format: 'uuid' },
requestNumber: { type: 'string', maxLength: 50 },
tokenId: { type: ['string', 'null'] },
applicantId: { type: 'string', format: 'uuid' },
requestType: { type: 'string', maxLength: 100 },
workflowId: { type: ['string', 'null'], format: 'uuid' },
status: { type: 'string', maxLength: 50, default: 'DRAFT' },
metadata: { type: ['object', 'null'] },
currentStageId: { type: ['string', 'null'], maxLength: 100 },
blockchainTxHash: { type: ['string', 'null'], maxLength: 66 },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
submittedAt: { type: ['string', 'null'], format: 'date-time' },
approvedAt: { type: ['string', 'null'], format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Applicant } = require('./applicant.model');
const { Workflow } = require('./workflow.model');
const { Document } = require('./document.model');
const { Approval } = require('./approval.model');
const { WorkflowState } = require('./workflow-state.model');
return {
applicant: {
relation: Model.BelongsToOneRelation,
modelClass: Applicant,
join: {
from: 'license_requests.applicant_id',
to: 'applicants.id',
},
},
workflow: {
relation: Model.BelongsToOneRelation,
modelClass: Workflow,
join: {
from: 'license_requests.workflow_id',
to: 'workflows.id',
},
},
documents: {
relation: Model.HasManyRelation,
modelClass: Document,
join: {
from: 'license_requests.id',
to: 'documents.request_id',
},
},
approvals: {
relation: Model.HasManyRelation,
modelClass: Approval,
join: {
from: 'license_requests.id',
to: 'approvals.request_id',
},
},
workflowState: {
relation: Model.HasOneRelation,
modelClass: WorkflowState,
join: {
from: 'license_requests.id',
to: 'workflow_states.request_id',
},
},
};
};
}
}

61
backend/src/database/models/user.model.ts Normal file
View File

@@ -0,0 +1,61 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class User extends BaseModel {
static tableName = 'users';
id!: string;
email!: string;
passwordHash!: string;
name!: string;
role!: 'ADMIN' | 'DEPARTMENT' | 'CITIZEN';
departmentId?: string;
walletAddress?: string;
walletEncryptedKey?: string;
phone?: string;
isActive!: boolean;
lastLoginAt?: Date;
createdAt!: Date;
updatedAt!: Date;
// Relations
department?: Model;
static get jsonSchema() {
return {
type: 'object',
required: ['email', 'passwordHash', 'name', 'role'],
properties: {
id: { type: 'string', format: 'uuid' },
email: { type: 'string', format: 'email', maxLength: 255 },
passwordHash: { type: 'string', maxLength: 255 },
name: { type: 'string', maxLength: 255 },
role: { type: 'string', enum: ['ADMIN', 'DEPARTMENT', 'CITIZEN'] },
departmentId: { type: ['string', 'null'], format: 'uuid' },
walletAddress: { type: ['string', 'null'], maxLength: 42 },
walletEncryptedKey: { type: ['string', 'null'] },
phone: { type: ['string', 'null'], maxLength: 20 },
isActive: { type: 'boolean', default: true },
lastLoginAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Department } = require('./department.model');
return {
department: {
relation: Model.BelongsToOneRelation,
modelClass: Department,
join: {
from: 'users.department_id',
to: 'departments.id',
},
},
};
};
}
}

32
backend/src/database/models/wallet.model.ts Normal file
View File

@@ -0,0 +1,32 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class Wallet extends BaseModel {
static tableName = 'wallets';
id!: string;
address!: string;
encryptedPrivateKey!: string;
ownerType!: 'USER' | 'DEPARTMENT';
ownerId!: string;
isActive!: boolean;
createdAt!: Date;
updatedAt!: Date;
static get jsonSchema() {
return {
type: 'object',
required: ['address', 'encryptedPrivateKey', 'ownerType', 'ownerId'],
properties: {
id: { type: 'string', format: 'uuid' },
address: { type: 'string', maxLength: 42 },
encryptedPrivateKey: { type: 'string' },
ownerType: { type: 'string', enum: ['USER', 'DEPARTMENT'] },
ownerId: { type: 'string', format: 'uuid' },
isActive: { type: 'boolean', default: true },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
}

68
backend/src/database/models/webhook-log.model.ts Normal file
View File

@@ -0,0 +1,68 @@
import { Model, RelationMappings, RelationMappingsThunk, QueryContext } from 'objection';
import { v4 as uuidv4 } from 'uuid';
import { WebhookDeliveryStatus } from '../../common/enums';
import { BaseModel } from './base.model';
export const WebhookLogStatus = WebhookDeliveryStatus;
export type WebhookLogStatus = WebhookDeliveryStatus;
export class WebhookLog extends BaseModel {
static tableName = 'webhook_logs';
id!: string;
webhookId!: string;
eventType!: string;
payload!: Record<string, unknown>;
responseStatus?: number;
responseBody?: string;
responseTime?: number;
retryCount!: number;
status!: WebhookDeliveryStatus;
createdAt!: Date;
// Relations
webhook?: Model;
async $beforeInsert(queryContext: QueryContext): Promise<void> {
await super.$beforeInsert(queryContext);
if (!this.id) {
this.id = uuidv4();
}
this.createdAt = new Date();
}
static get jsonSchema() {
return {
type: 'object',
required: ['webhookId', 'eventType', 'payload'],
properties: {
id: { type: 'string', format: 'uuid' },
webhookId: { type: 'string', format: 'uuid' },
eventType: { type: 'string', maxLength: 100 },
payload: { type: 'object' },
responseStatus: { type: ['integer', 'null'] },
responseBody: { type: ['string', 'null'] },
responseTime: { type: ['integer', 'null'] },
retryCount: { type: 'integer', default: 0 },
status: { type: 'string', maxLength: 20, default: 'PENDING' },
createdAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Webhook } = require('./webhook.model');
return {
webhook: {
relation: Model.BelongsToOneRelation,
modelClass: Webhook,
join: {
from: 'webhook_logs.webhook_id',
to: 'webhooks.id',
},
},
};
};
}
}

61
backend/src/database/models/webhook.model.ts Normal file
View File

@@ -0,0 +1,61 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
export class Webhook extends BaseModel {
static tableName = 'webhooks';
id!: string;
departmentId!: string;
url!: string;
events!: string[];
secretHash!: string;
isActive!: boolean;
createdAt!: Date;
updatedAt!: Date;
// Relations
department?: Model;
logs?: Model[];
static get jsonSchema() {
return {
type: 'object',
required: ['departmentId', 'url', 'events', 'secretHash'],
properties: {
id: { type: 'string', format: 'uuid' },
departmentId: { type: 'string', format: 'uuid' },
url: { type: 'string', maxLength: 500 },
events: { type: 'array', items: { type: 'string' } },
secretHash: { type: 'string', maxLength: 255 },
isActive: { type: 'boolean', default: true },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { Department } = require('./department.model');
const { WebhookLog } = require('./webhook-log.model');
return {
department: {
relation: Model.BelongsToOneRelation,
modelClass: Department,
join: {
from: 'webhooks.department_id',
to: 'departments.id',
},
},
logs: {
relation: Model.HasManyRelation,
modelClass: WebhookLog,
join: {
from: 'webhooks.id',
to: 'webhook_logs.webhook_id',
},
},
};
};
}
}

22
backend/src/database/models/workflow-state.model.ts Normal file
View File

@@ -0,0 +1,22 @@
import { Model } from 'objection';
import { BaseModel } from './base.model';
import { Workflow } from './workflow.model';
export class WorkflowState extends BaseModel {
static tableName = 'workflow_states';
requestId: string;
workflowId: string;
state: any;
static relationMappings = {
workflow: {
relation: Model.BelongsToOneRelation,
modelClass: Workflow,
join: {
from: 'workflow_states.workflowId',
to: 'workflows.id',
},
},
};
}

60
backend/src/database/models/workflow.model.ts Normal file
View File

@@ -0,0 +1,60 @@
import { Model, RelationMappings, RelationMappingsThunk } from 'objection';
import { BaseModel } from './base.model';
import { WorkflowStage } from '../../common/interfaces/request-context.interface';
export class Workflow extends BaseModel {
static tableName = 'workflows';
id!: string;
workflowType!: string;
name!: string;
description?: string;
version!: number;
definition!: any;
isActive!: boolean;
createdBy?: string;
updatedBy?: string;
deactivatedAt?: Date;
createdAt!: Date;
updatedAt!: Date;
// Relations
requests?: Model[];
static get jsonSchema() {
return {
type: 'object',
required: ['workflowType', 'name', 'definition'],
properties: {
id: { type: 'string', format: 'uuid' },
workflowType: { type: 'string', maxLength: 100 },
name: { type: 'string', maxLength: 255 },
description: { type: ['string', 'null'] },
version: { type: 'integer', default: 1 },
definition: { type: 'object' },
isActive: { type: 'boolean', default: true },
createdBy: { type: ['string', 'null'], format: 'uuid' },
updatedBy: { type: ['string', 'null'], format: 'uuid' },
deactivatedAt: { type: ['string', 'null'], format: 'date-time' },
createdAt: { type: 'string', format: 'date-time' },
updatedAt: { type: 'string', format: 'date-time' },
},
};
}
static get relationMappings(): RelationMappingsThunk {
return (): RelationMappings => {
const { LicenseRequest } = require('./license-request.model');
return {
requests: {
relation: Model.HasManyRelation,
modelClass: LicenseRequest,
join: {
from: 'workflows.id',
to: 'license_requests.workflow_id',
},
},
};
};
}
}

402
backend/src/database/seeds/001_initial_seed.ts Normal file
View File

@@ -0,0 +1,402 @@
import type { Knex } from 'knex';
import * as bcrypt from 'bcrypt';
import { v4 as uuidv4 } from 'uuid';
import { ethers } from 'ethers';
import * as crypto from 'crypto';
// Simple encryption for demo purposes (in production use proper key management)
const ENCRYPTION_KEY = process.env.WALLET_ENCRYPTION_KEY || 'goa-gel-demo-encryption-key-32b';
function encryptPrivateKey(privateKey: string): string {
const iv = crypto.randomBytes(16);
const key = crypto.scryptSync(ENCRYPTION_KEY, 'salt', 32);
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let encrypted = cipher.update(privateKey, 'utf8', 'hex');
encrypted += cipher.final('hex');
return iv.toString('hex') + ':' + encrypted;
}
function generateWallet(): { address: string; encryptedPrivateKey: string } {
const wallet = ethers.Wallet.createRandom();
return {
address: wallet.address,
encryptedPrivateKey: encryptPrivateKey(wallet.privateKey),
};
}
export async function seed(knex: Knex): Promise<void> {
// Clear existing data (in reverse order of dependencies)
await knex('application_logs').del().catch(() => {});
await knex('blockchain_events').del().catch(() => {});
await knex('wallets').del().catch(() => {});
await knex('users').del().catch(() => {});
await knex('approvals').del();
await knex('workflow_states').del();
await knex('document_versions').del();
await knex('documents').del();
await knex('license_requests').del();
await knex('webhooks').del();
await knex('workflows').del();
await knex('departments').del();
await knex('applicants').del();
// Generate wallets for departments
const fireDeptWallet = generateWallet();
const tourismDeptWallet = generateWallet();
const municipalityWallet = generateWallet();
const healthDeptWallet = generateWallet();
// Create departments with IDs we can reference
const fireDeptId = uuidv4();
const tourismDeptId = uuidv4();
const municipalityId = uuidv4();
const healthDeptId = uuidv4();
const departments = [
{
id: fireDeptId,
code: 'FIRE_DEPT',
name: 'Fire & Emergency Services Department',
wallet_address: fireDeptWallet.address,
api_key_hash: await bcrypt.hash('fire_api_key_123', 10),
api_secret_hash: await bcrypt.hash('fire_secret_456', 10),
is_active: true,
description: 'Responsible for fire safety inspections and certifications',
contact_email: 'fire@goa.gov.in',
contact_phone: '+91-832-2222222',
},
{
id: tourismDeptId,
code: 'TOURISM_DEPT',
name: 'Department of Tourism',
wallet_address: tourismDeptWallet.address,
api_key_hash: await bcrypt.hash('tourism_api_key_123', 10),
api_secret_hash: await bcrypt.hash('tourism_secret_456', 10),
is_active: true,
description: 'Manages tourism licenses and hospitality registrations',
contact_email: 'tourism@goa.gov.in',
contact_phone: '+91-832-3333333',
},
{
id: municipalityId,
code: 'MUNICIPALITY',
name: 'Municipal Corporation of Panaji',
wallet_address: municipalityWallet.address,
api_key_hash: await bcrypt.hash('municipality_api_key_123', 10),
api_secret_hash: await bcrypt.hash('municipality_secret_456', 10),
is_active: true,
description: 'Local governance and building permits',
contact_email: 'municipality@goa.gov.in',
contact_phone: '+91-832-4444444',
},
{
id: healthDeptId,
code: 'HEALTH_DEPT',
name: 'Directorate of Health Services',
wallet_address: healthDeptWallet.address,
api_key_hash: await bcrypt.hash('health_api_key_123', 10),
api_secret_hash: await bcrypt.hash('health_secret_456', 10),
is_active: true,
description: 'Health and sanitation inspections',
contact_email: 'health@goa.gov.in',
contact_phone: '+91-832-5555555',
},
];
await knex('departments').insert(departments);
// Store department wallets
const departmentWallets = [
{ ...fireDeptWallet, id: uuidv4(), owner_type: 'DEPARTMENT', owner_id: fireDeptId, is_active: true },
{ ...tourismDeptWallet, id: uuidv4(), owner_type: 'DEPARTMENT', owner_id: tourismDeptId, is_active: true },
{ ...municipalityWallet, id: uuidv4(), owner_type: 'DEPARTMENT', owner_id: municipalityId, is_active: true },
{ ...healthDeptWallet, id: uuidv4(), owner_type: 'DEPARTMENT', owner_id: healthDeptId, is_active: true },
].map(w => ({
id: w.id,
address: w.address,
encrypted_private_key: w.encryptedPrivateKey,
owner_type: w.owner_type,
owner_id: w.owner_id,
is_active: w.is_active,
}));
await knex('wallets').insert(departmentWallets);
// Generate wallets for demo users
const adminWallet = generateWallet();
const fireUserWallet = generateWallet();
const tourismUserWallet = generateWallet();
const municipalityUserWallet = generateWallet();
const citizenWallet = generateWallet();
const secondCitizenWallet = generateWallet();
// Create demo users with specified credentials
const adminUserId = uuidv4();
const fireUserId = uuidv4();
const tourismUserId = uuidv4();
const municipalityUserId = uuidv4();
const citizenUserId = uuidv4();
const secondCitizenUserId = uuidv4();
const users = [
{
id: adminUserId,
email: 'admin@goa.gov.in',
password_hash: await bcrypt.hash('Admin@123', 10),
name: 'System Administrator',
role: 'ADMIN',
department_id: null,
wallet_address: adminWallet.address,
wallet_encrypted_key: adminWallet.encryptedPrivateKey,
phone: '+91-9876543210',
is_active: true,
},
{
id: fireUserId,
email: 'fire@goa.gov.in',
password_hash: await bcrypt.hash('Fire@123', 10),
name: 'Fire Department Officer',
role: 'DEPARTMENT',
department_id: fireDeptId,
wallet_address: fireUserWallet.address,
wallet_encrypted_key: fireUserWallet.encryptedPrivateKey,
phone: '+91-9876543211',
is_active: true,
},
{
id: tourismUserId,
email: 'tourism@goa.gov.in',
password_hash: await bcrypt.hash('Tourism@123', 10),
name: 'Tourism Department Officer',
role: 'DEPARTMENT',
department_id: tourismDeptId,
wallet_address: tourismUserWallet.address,
wallet_encrypted_key: tourismUserWallet.encryptedPrivateKey,
phone: '+91-9876543212',
is_active: true,
},
{
id: municipalityUserId,
email: 'municipality@goa.gov.in',
password_hash: await bcrypt.hash('Municipality@123', 10),
name: 'Municipality Officer',
role: 'DEPARTMENT',
department_id: municipalityId,
wallet_address: municipalityUserWallet.address,
wallet_encrypted_key: municipalityUserWallet.encryptedPrivateKey,
phone: '+91-9876543213',
is_active: true,
},
{
id: citizenUserId,
email: 'citizen@example.com',
password_hash: await bcrypt.hash('Citizen@123', 10),
name: 'Demo Citizen',
role: 'CITIZEN',
department_id: null,
wallet_address: citizenWallet.address,
wallet_encrypted_key: citizenWallet.encryptedPrivateKey,
phone: '+91-9876543214',
is_active: true,
},
{
id: secondCitizenUserId,
email: 'citizen2@example.com',
password_hash: await bcrypt.hash('Citizen@123', 10),
name: 'Second Citizen',
role: 'CITIZEN',
department_id: null,
wallet_address: secondCitizenWallet.address,
wallet_encrypted_key: secondCitizenWallet.encryptedPrivateKey,
phone: '+91-9876543215',
is_active: true,
},
];
await knex('users').insert(users);
// Store user wallets
const userWallets = [
{ ...adminWallet, id: uuidv4(), owner_type: 'USER', owner_id: adminUserId, is_active: true },
{ ...fireUserWallet, id: uuidv4(), owner_type: 'USER', owner_id: fireUserId, is_active: true },
{ ...tourismUserWallet, id: uuidv4(), owner_type: 'USER', owner_id: tourismUserId, is_active: true },
{ ...municipalityUserWallet, id: uuidv4(), owner_type: 'USER', owner_id: municipalityUserId, is_active: true },
{ ...citizenWallet, id: uuidv4(), owner_type: 'USER', owner_id: citizenUserId, is_active: true },
{ ...secondCitizenWallet, id: uuidv4(), owner_type: 'USER', owner_id: secondCitizenUserId, is_active: true },
].map(w => ({
id: w.id,
address: w.address,
encrypted_private_key: w.encryptedPrivateKey,
owner_type: w.owner_type,
owner_id: w.owner_id,
is_active: w.is_active,
}));
await knex('wallets').insert(userWallets);
// Create sample workflow for Resort License
const workflowId = uuidv4();
await knex('workflows').insert({
id: workflowId,
workflow_type: 'RESORT_LICENSE',
name: 'Resort License Approval Workflow',
description: 'Multi-department approval workflow for resort licenses in Goa',
version: 1,
definition: JSON.stringify({
isActive: true,
stages: [
{
stageId: 'stage_1_fire',
stageName: 'Fire Safety Review',
stageOrder: 1,
executionType: 'SEQUENTIAL',
requiredApprovals: [
{
departmentCode: 'FIRE_DEPT',
departmentName: 'Fire & Emergency Services Department',
requiredDocuments: ['FIRE_SAFETY_CERTIFICATE', 'BUILDING_PLAN'],
isMandatory: true,
},
],
completionCriteria: 'ALL',
timeoutDays: 7,
onTimeout: 'NOTIFY',
onRejection: 'FAIL_REQUEST',
},
{
stageId: 'stage_2_parallel',
stageName: 'Tourism & Municipality Review',
stageOrder: 2,
executionType: 'PARALLEL',
requiredApprovals: [
{
departmentCode: 'TOURISM_DEPT',
departmentName: 'Department of Tourism',
requiredDocuments: ['PROPERTY_OWNERSHIP', 'BUILDING_PLAN'],
isMandatory: true,
},
{
departmentCode: 'MUNICIPALITY',
departmentName: 'Municipal Corporation of Panaji',
requiredDocuments: ['PROPERTY_OWNERSHIP', 'TAX_CLEARANCE'],
isMandatory: true,
},
],
completionCriteria: 'ALL',
timeoutDays: 14,
onTimeout: 'ESCALATE',
onRejection: 'FAIL_REQUEST',
},
{
stageId: 'stage_3_health',
stageName: 'Health & Sanitation Review',
stageOrder: 3,
executionType: 'SEQUENTIAL',
requiredApprovals: [
{
departmentCode: 'HEALTH_DEPT',
departmentName: 'Directorate of Health Services',
requiredDocuments: ['HEALTH_CERTIFICATE'],
isMandatory: true,
},
],
completionCriteria: 'ALL',
timeoutDays: 7,
onTimeout: 'NOTIFY',
onRejection: 'FAIL_REQUEST',
},
],
}),
is_active: true,
});
// Create FIRE_SAFETY_CERT workflow for tests
const fireSafetyCertWorkflowId = uuidv4();
await knex('workflows').insert({
id: fireSafetyCertWorkflowId,
workflow_type: 'FIRE_SAFETY_CERT',
name: 'Fire Safety Certificate Workflow',
description: 'Simplified fire safety certificate approval workflow',
version: 1,
definition: JSON.stringify({
isActive: true,
stages: [
{
stageId: 'stage_1_fire',
stageName: 'Fire Safety Review',
stageOrder: 1,
executionType: 'SEQUENTIAL',
requiredApprovals: [
{
departmentCode: 'FIRE_DEPT',
departmentName: 'Fire & Emergency Services Department',
requiredDocuments: ['FIRE_SAFETY_CERTIFICATE', 'BUILDING_PLAN'],
isMandatory: true,
},
],
completionCriteria: 'ALL',
timeoutDays: 7,
onTimeout: 'NOTIFY',
onRejection: 'FAIL_REQUEST',
},
{
stageId: 'stage_2_health',
stageName: 'Health & Safety Review',
stageOrder: 2,
executionType: 'SEQUENTIAL',
requiredApprovals: [
{
departmentCode: 'HEALTH_DEPT',
departmentName: 'Directorate of Health Services',
requiredDocuments: ['HEALTH_CERTIFICATE'],
isMandatory: true,
},
],
completionCriteria: 'ALL',
timeoutDays: 7,
onTimeout: 'NOTIFY',
onRejection: 'FAIL_REQUEST',
},
],
}),
is_active: true,
});
// Create sample applicants (linked to citizen users)
await knex('applicants').insert([
{
id: citizenUserId, // Use same ID for linking
digilocker_id: 'DL-GOA-CITIZEN-001',
name: 'Demo Citizen',
email: 'citizen@example.com',
phone: '+91-9876543214',
wallet_address: citizenWallet.address,
is_active: true,
},
{
id: secondCitizenUserId, // Use same ID for linking
digilocker_id: 'DL-GOA-CITIZEN-002',
name: 'Second Citizen',
email: 'citizen2@example.com',
phone: '+91-9876543215',
wallet_address: secondCitizenWallet.address,
is_active: true,
},
]);
console.log('Seed data inserted successfully!');
console.log('');
console.log('Demo Accounts Created:');
console.log('─────────────────────────────────────────');
console.log('Admin: admin@goa.gov.in / Admin@123');
console.log('Fire Dept: fire@goa.gov.in / Fire@123');
console.log('Tourism: tourism@goa.gov.in / Tourism@123');
console.log('Municipality: municipality@goa.gov.in / Municipality@123');
console.log('Citizen 1: citizen@example.com / Citizen@123');
console.log('Citizen 2: citizen2@example.com / Citizen@123');
console.log('─────────────────────────────────────────');
console.log('Departments:', departments.length);
console.log('Users:', users.length);
console.log('Wallets:', departmentWallets.length + userWallets.length);
console.log('Workflow created: RESORT_LICENSE');
}

149
backend/src/main.ts Normal file
View File

@@ -0,0 +1,149 @@
import { NestFactory } from '@nestjs/core';
import { ValidationPipe, Logger } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
import { NestExpressApplication } from '@nestjs/platform-express';
import helmet from 'helmet';
import * as compression from 'compression';
import { AppModule } from './app.module';
import { HttpExceptionFilter } from './common/filters';
import { LoggingInterceptor, CorrelationIdInterceptor } from './common/interceptors';
async function bootstrap(): Promise<void> {
const logger = new Logger('Bootstrap');
const app = await NestFactory.create<NestExpressApplication>(AppModule, {
logger: ['error', 'warn', 'log', 'debug', 'verbose'],
});
const configService = app.get(ConfigService);
const port = configService.get<number>('app.port', 3001);
const apiPrefix = configService.get<string>('app.apiPrefix', 'api');
const apiVersion = configService.get<string>('app.apiVersion', 'v1');
const corsOrigin = configService.get<string>('app.corsOrigin', 'http://localhost:3000');
const swaggerEnabled = configService.get<boolean>('app.swaggerEnabled', true);
// Security middleware
app.use(helmet());
app.use(compression());
// CORS configuration - Allow multiple origins for local development
const allowedOrigins = ['http://localhost:4200', 'http://localhost:3000', 'http://localhost:8080'];
app.enableCors({
origin: (origin, callback) => {
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
callback(null, false);
}
},
methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'x-api-key', 'x-department-code', 'x-correlation-id'],
credentials: true,
});
// Global prefix
app.setGlobalPrefix(`${apiPrefix}/${apiVersion}`);
// Global pipes
const nodeEnv = configService.get<string>('NODE_ENV', 'development');
const isDevelopment = nodeEnv === 'development' || nodeEnv === 'test';
app.useGlobalPipes(
new ValidationPipe({
whitelist: !isDevelopment, // Allow extra properties in dev/test
forbidNonWhitelisted: false, // Don't throw errors for extra properties
transform: true,
transformOptions: {
enableImplicitConversion: true,
},
exceptionFactory: (errors) => {
// Return first error message as string for better test compatibility
const firstError = errors[0];
const firstConstraint = firstError && firstError.constraints
? Object.values(firstError.constraints)[0]
: 'Validation failed';
return new (require('@nestjs/common').BadRequestException)(firstConstraint);
},
}),
);
// Global filters
app.useGlobalFilters(new HttpExceptionFilter());
// Global interceptors
app.useGlobalInterceptors(
new CorrelationIdInterceptor(),
new LoggingInterceptor(),
);
// Swagger documentation
if (swaggerEnabled) {
const swaggerConfig = new DocumentBuilder()
.setTitle('Goa GEL API')
.setDescription('Blockchain Document Verification Platform for Government of Goa')
.setVersion('1.0.0')
.addBearerAuth(
{
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT',
description: 'JWT token from DigiLocker authentication',
},
'BearerAuth',
)
.addApiKey(
{
type: 'apiKey',
name: 'x-api-key',
in: 'header',
description: 'Department API Key',
},
'ApiKeyAuth',
)
.addServer(`http://localhost:${port}`, 'Local Development')
.addServer('https://api.goagel.gov.in', 'Production')
.addTag('Auth', 'Authentication and authorization')
.addTag('Applicants', 'Applicant management')
.addTag('Requests', 'License request operations')
.addTag('Documents', 'Document upload and retrieval')
.addTag('Approvals', 'Department approval actions')
.addTag('Departments', 'Department management')
.addTag('Workflows', 'Workflow configuration')
.addTag('Webhooks', 'Webhook management')
.addTag('Admin', 'Platform administration')
.addTag('Audit', 'Audit trail and logging')
.addTag('Health', 'Health check endpoints')
.build();
const document = SwaggerModule.createDocument(app, swaggerConfig);
SwaggerModule.setup('api/docs', app, document, {
swaggerOptions: {
persistAuthorization: true,
filter: true,
displayRequestDuration: true,
},
});
logger.log(`Swagger documentation available at http://localhost:${port}/api/docs`);
}
// Health check endpoint
app.getHttpAdapter().get('/health', (_req: any, res: any) => {
res.json({
status: 'ok',
timestamp: new Date().toISOString(),
uptime: process.uptime(),
});
});
await app.listen(port);
logger.log(`Application is running on: http://localhost:${port}`);
logger.log(`API endpoint: http://localhost:${port}/${apiPrefix}/${apiVersion}`);
}
bootstrap().catch((error) => {
const logger = new Logger('Bootstrap');
logger.error('Failed to start application', error);
process.exit(1);
});

261
backend/src/modules/admin/admin.controller.ts Normal file
View File

@@ -0,0 +1,261 @@
import {
Controller,
Get,
Post,
Patch,
Body,
Param,
Query,
UseGuards,
Logger,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiQuery,
ApiBody,
} from '@nestjs/swagger';
import { AuthGuard } from '@nestjs/passport';
import { AdminService } from './admin.service';
import { Roles } from '../../common/decorators/roles.decorator';
import { RolesGuard } from '../../common/guards/roles.guard';
import { UserRole } from '../../common/enums';
@ApiTags('Admin')
@Controller('admin')
@ApiBearerAuth('BearerAuth')
@UseGuards(AuthGuard('jwt'), RolesGuard)
@Roles(UserRole.ADMIN)
export class AdminController {
private readonly logger = new Logger(AdminController.name);
constructor(private readonly adminService: AdminService) {}
@Get('stats')
@ApiOperation({
summary: 'Get platform statistics',
description: 'Get overall platform statistics including request counts, user counts, and transaction data',
})
@ApiResponse({ status: 200, description: 'Platform statistics' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Admin only' })
async getStats() {
this.logger.debug('Fetching platform stats');
return this.adminService.getPlatformStats();
}
@Get('health')
@ApiOperation({
summary: 'Get system health',
description: 'Get health status of all platform services (database, blockchain, storage, queue)',
})
@ApiResponse({ status: 200, description: 'System health status' })
async getHealth() {
return this.adminService.getSystemHealth();
}
@Get('activity')
@ApiOperation({
summary: 'Get recent activity',
description: 'Get recent audit log entries for platform activity monitoring',
})
@ApiQuery({
name: 'limit',
required: false,
type: Number,
description: 'Number of recent entries (default: 20)',
})
@ApiResponse({ status: 200, description: 'Recent activity logs' })
async getRecentActivity(@Query('limit') limit?: number) {
return this.adminService.getRecentActivity(limit || 20);
}
@Get('blockchain/transactions')
@ApiOperation({
summary: 'List blockchain transactions',
description: 'Get paginated list of blockchain transactions with optional status filter',
})
@ApiQuery({ name: 'page', required: false, type: Number, description: 'Page number (default: 1)' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Items per page (default: 20)' })
@ApiQuery({ name: 'status', required: false, description: 'Filter by transaction status (PENDING, CONFIRMED, FAILED)' })
@ApiResponse({ status: 200, description: 'Paginated blockchain transactions' })
async getBlockchainTransactions(
@Query('page') page?: number,
@Query('limit') limit?: number,
@Query('status') status?: string,
) {
return this.adminService.getBlockchainTransactions(
page || 1,
limit || 20,
status,
);
}
@Post('departments')
@ApiOperation({
summary: 'Onboard new department',
description: 'Create a new department with wallet and API key generation',
})
@ApiBody({
schema: {
type: 'object',
required: ['code', 'name', 'contactEmail'],
properties: {
code: { type: 'string', example: 'POLICE_DEPT' },
name: { type: 'string', example: 'Police Department' },
description: { type: 'string', example: 'Law enforcement department' },
contactEmail: { type: 'string', example: 'police@goa.gov.in' },
contactPhone: { type: 'string', example: '+91-832-6666666' },
},
},
})
@ApiResponse({ status: 201, description: 'Department onboarded successfully' })
@ApiResponse({ status: 400, description: 'Invalid input' })
@ApiResponse({ status: 409, description: 'Department already exists' })
async onboardDepartment(@Body() dto: any) {
return this.adminService.onboardDepartment(dto);
}
@Get('departments')
@ApiOperation({
summary: 'List all departments',
description: 'Get list of all departments with pagination',
})
@ApiQuery({ name: 'page', required: false, type: Number, description: 'Page number (default: 1)' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Items per page (default: 20)' })
@ApiResponse({ status: 200, description: 'List of departments' })
async getDepartments(
@Query('page') page?: number,
@Query('limit') limit?: number,
) {
return this.adminService.getDepartments(page || 1, limit || 20);
}
@Get('departments/:id')
@ApiOperation({
summary: 'Get department details',
description: 'Get detailed information about a specific department',
})
@ApiResponse({ status: 200, description: 'Department details' })
@ApiResponse({ status: 404, description: 'Department not found' })
async getDepartment(@Param('id') id: string) {
return this.adminService.getDepartment(id);
}
@Patch('departments/:id')
@ApiOperation({
summary: 'Update department',
description: 'Update department information',
})
@ApiResponse({ status: 200, description: 'Department updated' })
@ApiResponse({ status: 404, description: 'Department not found' })
async updateDepartment(@Param('id') id: string, @Body() dto: any) {
return this.adminService.updateDepartment(id, dto);
}
@Post('departments/:id/regenerate-api-key')
@ApiOperation({
summary: 'Regenerate department API key',
description: 'Generate a new API key for the department',
})
@ApiResponse({ status: 200, description: 'API key regenerated' })
@ApiResponse({ status: 404, description: 'Department not found' })
async regenerateApiKey(@Param('id') id: string) {
return this.adminService.regenerateDepartmentApiKey(id);
}
@Patch('departments/:id/deactivate')
@ApiOperation({
summary: 'Deactivate department',
description: 'Deactivate a department',
})
@ApiResponse({ status: 200, description: 'Department deactivated' })
@ApiResponse({ status: 404, description: 'Department not found' })
async deactivateDepartment(@Param('id') id: string) {
return this.adminService.deactivateDepartment(id);
}
@Patch('departments/:id/activate')
@ApiOperation({
summary: 'Activate department',
description: 'Activate a department',
})
@ApiResponse({ status: 200, description: 'Department activated' })
@ApiResponse({ status: 404, description: 'Department not found' })
async activateDepartment(@Param('id') id: string) {
return this.adminService.activateDepartment(id);
}
@Get('users')
@ApiOperation({
summary: 'List all users',
description: 'Get list of all users with pagination',
})
@ApiResponse({ status: 200, description: 'List of users' })
async getUsers() {
return this.adminService.getUsers();
}
@Get('blockchain/events')
@ApiOperation({
summary: 'List blockchain events',
description: 'Get paginated list of blockchain events with optional filters',
})
@ApiQuery({ name: 'page', required: false, type: Number, description: 'Page number (default: 1)' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Items per page (default: 20)' })
@ApiQuery({ name: 'eventType', required: false, description: 'Filter by event type' })
@ApiQuery({ name: 'contractAddress', required: false, description: 'Filter by contract address' })
@ApiResponse({ status: 200, description: 'Paginated blockchain events' })
async getBlockchainEvents(
@Query('page') page?: number,
@Query('limit') limit?: number,
@Query('eventType') eventType?: string,
@Query('contractAddress') contractAddress?: string,
) {
return this.adminService.getBlockchainEvents(
page || 1,
limit || 20,
eventType,
contractAddress,
);
}
@Get('logs')
@ApiOperation({
summary: 'List application logs',
description: 'Get paginated list of application logs with optional filters',
})
@ApiQuery({ name: 'page', required: false, type: Number, description: 'Page number (default: 1)' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Items per page (default: 50)' })
@ApiQuery({ name: 'level', required: false, description: 'Filter by log level (INFO, WARN, ERROR)' })
@ApiQuery({ name: 'module', required: false, description: 'Filter by module name' })
@ApiQuery({ name: 'search', required: false, description: 'Search in log messages' })
@ApiResponse({ status: 200, description: 'Paginated application logs' })
async getApplicationLogs(
@Query('page') page?: number,
@Query('limit') limit?: number,
@Query('level') level?: string,
@Query('module') module?: string,
@Query('search') search?: string,
) {
return this.adminService.getApplicationLogs(
page || 1,
limit || 50,
level,
module,
search,
);
}
@Get('documents/:requestId')
@ApiOperation({
summary: 'Get documents for a request',
description: 'Get all documents with versions and department reviews for a specific request',
})
@ApiResponse({ status: 200, description: 'Documents with version history and reviews' })
async getRequestDocuments(@Param('requestId') requestId: string) {
return this.adminService.getRequestDocuments(requestId);
}
}

13
backend/src/modules/admin/admin.module.ts Normal file
View File

@@ -0,0 +1,13 @@
import { Module } from '@nestjs/common';
import { AdminController } from './admin.controller';
import { AdminService } from './admin.service';
import { DepartmentsModule } from '../departments/departments.module';
import { UsersModule } from '../users/users.module';
@Module({
imports: [DepartmentsModule, UsersModule],
controllers: [AdminController],
providers: [AdminService],
exports: [AdminService],
})
export class AdminModule {}

336
backend/src/modules/admin/admin.service.ts Normal file
View File

@@ -0,0 +1,336 @@
import { Injectable, Logger, Inject } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { LicenseRequest } from '../../database/models/license-request.model';
import { Applicant } from '../../database/models/applicant.model';
import { Department } from '../../database/models/department.model';
import { User } from '../../database/models/user.model';
import { Document } from '../../database/models/document.model';
import { BlockchainTransaction } from '../../database/models/blockchain-transaction.model';
import { BlockchainEvent } from '../../database/models/blockchain-event.model';
import { ApplicationLog } from '../../database/models/application-log.model';
import { AuditLog } from '../../database/models/audit-log.model';
import { DepartmentsService } from '../departments/departments.service';
import { UsersService } from '../users/users.service';
export interface PlatformStats {
totalRequests: number;
requestsByStatus: Record<string, number>;
totalApplicants: number;
activeApplicants: number;
totalDepartments: number;
activeDepartments: number;
totalDocuments: number;
totalBlockchainTransactions: number;
transactionsByStatus: Record<string, number>;
}
export interface SystemHealth {
status: 'healthy' | 'degraded' | 'unhealthy';
uptime: number;
timestamp: string;
services: {
database: { status: string };
blockchain: { status: string };
storage: { status: string };
queue: { status: string };
};
}
@Injectable()
export class AdminService {
private readonly logger = new Logger(AdminService.name);
constructor(
@Inject(LicenseRequest) private requestModel: typeof LicenseRequest,
@Inject(Applicant) private applicantModel: typeof Applicant,
@Inject(Department) private departmentModel: typeof Department,
@Inject(User) private userModel: typeof User,
@Inject(Document) private documentModel: typeof Document,
@Inject(BlockchainTransaction) private blockchainTxModel: typeof BlockchainTransaction,
@Inject(BlockchainEvent) private blockchainEventModel: typeof BlockchainEvent,
@Inject(ApplicationLog) private appLogModel: typeof ApplicationLog,
@Inject(AuditLog) private auditLogModel: typeof AuditLog,
private readonly configService: ConfigService,
private readonly departmentsService: DepartmentsService,
private readonly usersService: UsersService,
) {}
async getPlatformStats(): Promise<PlatformStats> {
this.logger.debug('Fetching platform statistics');
const [
totalRequests,
requestsByStatus,
totalApplicants,
activeApplicants,
totalDepartments,
activeDepartments,
totalDocuments,
totalBlockchainTransactions,
transactionsByStatus,
] = await Promise.all([
this.requestModel.query().resultSize(),
this.requestModel
.query()
.select('status')
.count('* as count')
.groupBy('status') as any,
this.applicantModel.query().resultSize(),
this.applicantModel.query().where({ isActive: true }).resultSize(),
this.departmentModel.query().resultSize(),
this.departmentModel.query().where({ isActive: true }).resultSize(),
this.documentModel.query().resultSize(),
this.blockchainTxModel.query().resultSize(),
this.blockchainTxModel
.query()
.select('status')
.count('* as count')
.groupBy('status') as any,
]);
const statusMap: Record<string, number> = {};
for (const row of requestsByStatus) {
statusMap[(row as any).status] = parseInt((row as any).count, 10);
}
const txStatusMap: Record<string, number> = {};
for (const row of transactionsByStatus) {
txStatusMap[(row as any).status] = parseInt((row as any).count, 10);
}
return {
totalRequests,
requestsByStatus: statusMap,
totalApplicants,
activeApplicants,
totalDepartments,
activeDepartments,
totalDocuments,
totalBlockchainTransactions,
transactionsByStatus: txStatusMap,
};
}
async getSystemHealth(): Promise<SystemHealth> {
this.logger.debug('Checking system health');
let dbStatus = 'up';
try {
await this.applicantModel.query().limit(1);
} catch {
dbStatus = 'down';
}
const overallStatus =
dbStatus === 'up' ? 'healthy' : 'unhealthy';
return {
status: overallStatus,
uptime: process.uptime(),
timestamp: new Date().toISOString(),
services: {
database: { status: dbStatus },
blockchain: { status: 'up' },
storage: { status: 'up' },
queue: { status: 'up' },
},
};
}
async getRecentActivity(limit: number = 20): Promise<AuditLog[]> {
return this.auditLogModel
.query()
.orderBy('created_at', 'DESC')
.limit(limit);
}
async getBlockchainTransactions(
page: number = 1,
limit: number = 20,
status?: string,
) {
const query = this.blockchainTxModel.query().orderBy('created_at', 'DESC');
if (status) {
query.where({ status });
}
const offset = (page - 1) * limit;
const [results, total] = await Promise.all([
query.clone().offset(offset).limit(limit),
query.clone().resultSize(),
]);
return {
data: results,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
async onboardDepartment(dto: any) {
this.logger.debug(`Onboarding new department: ${dto.code}`);
const result = await this.departmentsService.create(dto);
return {
department: result.department,
apiKey: result.apiKey,
apiSecret: result.apiSecret,
message: 'Department onboarded successfully. Please save the API credentials as they will not be shown again.',
};
}
async getDepartments(page: number = 1, limit: number = 20) {
return this.departmentsService.findAll({ page, limit });
}
async getDepartment(id: string) {
return this.departmentsService.findById(id);
}
async updateDepartment(id: string, dto: any) {
return this.departmentsService.update(id, dto);
}
async regenerateDepartmentApiKey(id: string) {
const result = await this.departmentsService.regenerateApiKey(id);
return {
...result,
message: 'API key regenerated successfully. Please save the new credentials as they will not be shown again.',
};
}
async deactivateDepartment(id: string) {
await this.departmentsService.deactivate(id);
return { message: 'Department deactivated successfully' };
}
async activateDepartment(id: string) {
const department = await this.departmentsService.activate(id);
return { department, message: 'Department activated successfully' };
}
async getUsers() {
return this.usersService.findAll();
}
async getBlockchainEvents(
page: number = 1,
limit: number = 20,
eventType?: string,
contractAddress?: string,
) {
const query = this.blockchainEventModel
.query()
.orderBy('created_at', 'DESC');
if (eventType) {
query.where({ eventType });
}
if (contractAddress) {
query.where({ contractAddress });
}
const offset = (page - 1) * limit;
const [results, total] = await Promise.all([
query.clone().offset(offset).limit(limit),
query.clone().resultSize(),
]);
return {
data: results,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
async getApplicationLogs(
page: number = 1,
limit: number = 50,
level?: string,
module?: string,
search?: string,
) {
const query = this.appLogModel
.query()
.orderBy('created_at', 'DESC');
if (level) {
query.where({ level });
}
if (module) {
query.where('module', 'like', `%${module}%`);
}
if (search) {
query.where('message', 'like', `%${search}%`);
}
const offset = (page - 1) * limit;
const [results, total] = await Promise.all([
query.clone().offset(offset).limit(limit),
query.clone().resultSize(),
]);
return {
data: results,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
async getRequestDocuments(requestId: string) {
this.logger.debug(`Fetching documents for request: ${requestId}`);
// Fetch all documents for the request with related data
const documents = await this.documentModel
.query()
.where({ requestId })
.withGraphFetched('[uploadedByUser, versions.[uploadedByUser], departmentReviews.[department]]')
.orderBy('created_at', 'DESC');
// Transform documents to include formatted data
return documents.map((doc: any) => ({
id: doc.id,
name: doc.name,
type: doc.type,
size: doc.size,
fileHash: doc.fileHash,
ipfsHash: doc.ipfsHash,
url: doc.url,
thumbnailUrl: doc.thumbnailUrl,
uploadedAt: doc.createdAt,
uploadedBy: doc.uploadedByUser?.name || 'Unknown',
currentVersion: doc.version || 1,
versions: doc.versions?.map((v: any) => ({
id: v.id,
version: v.version,
fileHash: v.fileHash,
uploadedAt: v.createdAt,
uploadedBy: v.uploadedByUser?.name || 'Unknown',
changes: v.changes,
})) || [],
departmentReviews: doc.departmentReviews?.map((review: any) => ({
departmentCode: review.department?.code || 'UNKNOWN',
departmentName: review.department?.name || 'Unknown Department',
reviewedAt: review.createdAt,
reviewedBy: review.reviewedByUser?.name || 'Unknown',
status: review.status,
comments: review.comments,
})) || [],
metadata: {
mimeType: doc.mimeType,
width: doc.width,
height: doc.height,
pages: doc.pages,
},
}));
}
}

78
backend/src/modules/applicants/applicants.controller.ts Normal file
View File

@@ -0,0 +1,78 @@
import {
Controller,
Get,
Post,
Put,
Param,
Body,
Query,
UseGuards,
ParseUUIDPipe,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiQuery,
} from '@nestjs/swagger';
import { ApplicantsService } from './applicants.service';
import { CreateApplicantDto, UpdateApplicantDto, ApplicantResponseDto } from './dto';
import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
import { Roles } from '../../common/decorators';
import { RolesGuard } from '../../common/guards';
import { UserRole } from '../../common/enums';
@ApiTags('Applicants')
@Controller('applicants')
@UseGuards(JwtAuthGuard, RolesGuard)
export class ApplicantsController {
constructor(private readonly applicantsService: ApplicantsService) {}
@Get()
@Roles(UserRole.ADMIN)
@ApiBearerAuth('BearerAuth')
@ApiOperation({ summary: 'List all applicants (Admin only)' })
@ApiQuery({ name: 'page', required: false, type: Number })
@ApiQuery({ name: 'limit', required: false, type: Number })
@ApiResponse({ status: 200, description: 'List of applicants' })
async findAll(
@Query('page') page?: number,
@Query('limit') limit?: number,
) {
return this.applicantsService.findAll({ page, limit });
}
@Get(':id')
@Roles(UserRole.ADMIN, UserRole.APPLICANT)
@ApiBearerAuth('BearerAuth')
@ApiOperation({ summary: 'Get applicant by ID' })
@ApiResponse({ status: 200, description: 'Applicant details', type: ApplicantResponseDto })
@ApiResponse({ status: 404, description: 'Applicant not found' })
async findOne(@Param('id', ParseUUIDPipe) id: string) {
return this.applicantsService.findById(id);
}
@Post()
@Roles(UserRole.ADMIN)
@ApiBearerAuth('BearerAuth')
@ApiOperation({ summary: 'Create new applicant (Admin only)' })
@ApiResponse({ status: 201, description: 'Applicant created', type: ApplicantResponseDto })
@ApiResponse({ status: 409, description: 'Applicant already exists' })
async create(@Body() dto: CreateApplicantDto) {
return this.applicantsService.create(dto);
}
@Put(':id')
@Roles(UserRole.ADMIN, UserRole.APPLICANT)
@ApiBearerAuth('BearerAuth')
@ApiOperation({ summary: 'Update applicant' })
@ApiResponse({ status: 200, description: 'Applicant updated', type: ApplicantResponseDto })
@ApiResponse({ status: 404, description: 'Applicant not found' })
async update(
@Param('id', ParseUUIDPipe) id: string,
@Body() dto: UpdateApplicantDto,
) {
return this.applicantsService.update(id, dto);
}
}

10
backend/src/modules/applicants/applicants.module.ts Normal file
View File

@@ -0,0 +1,10 @@
import { Module } from '@nestjs/common';
import { ApplicantsService } from './applicants.service';
import { ApplicantsController } from './applicants.controller';
@Module({
controllers: [ApplicantsController],
providers: [ApplicantsService],
exports: [ApplicantsService],
})
export class ApplicantsModule {}

97
backend/src/modules/applicants/applicants.service.ts Normal file
View File

@@ -0,0 +1,97 @@
import { Injectable, NotFoundException, ConflictException, Logger } from '@nestjs/common';
import { Applicant } from '../../database/models';
import { CreateApplicantDto, UpdateApplicantDto } from './dto';
import { ERROR_CODES } from '../../common/constants';
import { paginate, PaginationOptions, PaginatedResult } from '../../common/utils/pagination.util';
@Injectable()
export class ApplicantsService {
private readonly logger = new Logger(ApplicantsService.name);
async create(dto: CreateApplicantDto): Promise<Applicant> {
const existing = await Applicant.query().findOne({ digilocker_id: dto.digilockerId });
if (existing) {
throw new ConflictException({
code: ERROR_CODES.VALIDATION_ERROR,
message: 'Applicant with this DigiLocker ID already exists',
});
}
const applicant = await Applicant.query().insert({
digilockerId: dto.digilockerId,
name: dto.name,
email: dto.email,
phone: dto.phone,
walletAddress: dto.walletAddress,
isActive: true,
});
this.logger.log(`Created applicant: ${applicant.id}`);
return applicant;
}
async findAll(options: PaginationOptions): Promise<PaginatedResult<Applicant>> {
const query = Applicant.query()
.where('is_active', true)
.orderBy('created_at', 'desc');
return await paginate(query, options.page, options.limit);
}
async findById(id: string): Promise<Applicant | null> {
return Applicant.query().findById(id);
}
async findByDigilockerId(digilockerId: string): Promise<Applicant | null> {
return Applicant.query().findOne({ digilocker_id: digilockerId });
}
async findByEmail(email: string): Promise<Applicant | null> {
return Applicant.query().findOne({ email });
}
async update(id: string, dto: UpdateApplicantDto): Promise<Applicant> {
const applicant = await this.findById(id);
if (!applicant) {
throw new NotFoundException({
code: ERROR_CODES.APPLICANT_NOT_FOUND,
message: 'Applicant not found',
});
}
const updated = await Applicant.query().patchAndFetchById(id, {
...(dto.name && { name: dto.name }),
...(dto.email && { email: dto.email }),
...(dto.phone && { phone: dto.phone }),
...(dto.walletAddress && { walletAddress: dto.walletAddress }),
});
this.logger.log(`Updated applicant: ${id}`);
return updated;
}
async updateWalletAddress(id: string, walletAddress: string): Promise<Applicant> {
const applicant = await this.findById(id);
if (!applicant) {
throw new NotFoundException({
code: ERROR_CODES.APPLICANT_NOT_FOUND,
message: 'Applicant not found',
});
}
return Applicant.query().patchAndFetchById(id, { walletAddress });
}
async deactivate(id: string): Promise<void> {
const applicant = await this.findById(id);
if (!applicant) {
throw new NotFoundException({
code: ERROR_CODES.APPLICANT_NOT_FOUND,
message: 'Applicant not found',
});
}
await Applicant.query().patchAndFetchById(id, { isActive: false });
this.logger.log(`Deactivated applicant: ${id}`);
}
}

90
backend/src/modules/applicants/dto/applicant-response.dto.ts Normal file
View File

@@ -0,0 +1,90 @@
import { ApiProperty } from '@nestjs/swagger';
import { Applicant } from '../../../database/models/applicant.model';
export class ApplicantResponseDto {
@ApiProperty({
description: 'Unique identifier for the applicant',
example: '550e8400-e29b-41d4-a716-446655440000',
})
id: string;
@ApiProperty({
description: 'Email address of the applicant',
example: 'john@example.com',
})
email: string;
@ApiProperty({
description: 'DigiLocker ID',
example: '1234567890',
})
digilockerId: string;
@ApiProperty({
description: 'First name',
example: 'John',
required: false,
})
firstName?: string;
@ApiProperty({
description: 'Last name',
example: 'Doe',
required: false,
})
lastName?: string;
@ApiProperty({
description: 'Blockchain wallet address',
example: '0x742d35Cc6634C0532925a3b844Bc112e6E6baB10',
})
walletAddress: string;
@ApiProperty({
description: 'Associated department code',
example: 'DEPT001',
required: false,
})
departmentCode?: string;
@ApiProperty({
description: 'Whether the applicant is active',
example: true,
})
isActive: boolean;
@ApiProperty({
description: 'Timestamp when the applicant was created',
example: '2024-01-15T10:30:00Z',
})
createdAt: Date;
@ApiProperty({
description: 'Timestamp when the applicant was last updated',
example: '2024-01-15T10:30:00Z',
})
updatedAt: Date;
@ApiProperty({
description: 'Timestamp of last login',
example: '2024-01-15T10:30:00Z',
required: false,
})
lastLoginAt?: Date;
static fromEntity(applicant: Applicant): ApplicantResponseDto {
const dto = new ApplicantResponseDto();
dto.id = applicant.id;
dto.email = applicant.email;
dto.digilockerId = applicant.digilockerId;
dto.firstName = applicant.firstName;
dto.lastName = applicant.lastName;
dto.walletAddress = applicant.walletAddress;
dto.departmentCode = applicant.departmentCode;
dto.isActive = applicant.isActive;
dto.createdAt = applicant.createdAt;
dto.updatedAt = applicant.updatedAt;
dto.lastLoginAt = applicant.lastLoginAt;
return dto;
}
}

55
backend/src/modules/applicants/dto/create-applicant.dto.ts Normal file
View File

@@ -0,0 +1,55 @@
import { IsEmail, IsString, IsOptional, MinLength } from 'class-validator';
import { ApiProperty } from '@nestjs/swagger';
export class CreateApplicantDto {
@ApiProperty({
description: 'Email address of the applicant',
example: 'john@example.com',
})
@IsEmail()
email: string;
@ApiProperty({
description: 'DigiLocker ID of the applicant',
example: '1234567890',
})
@IsString()
@MinLength(6)
digilockerId: string;
@ApiProperty({
description: 'First name of the applicant',
example: 'John',
required: false,
})
@IsOptional()
@IsString()
firstName?: string;
@ApiProperty({
description: 'Last name of the applicant',
example: 'Doe',
required: false,
})
@IsOptional()
@IsString()
lastName?: string;
@ApiProperty({
description: 'Department code to associate with applicant',
example: 'DEPT001',
required: false,
})
@IsOptional()
@IsString()
departmentCode?: string;
@ApiProperty({
description: 'Raw DigiLocker data (JSON stringified)',
example: '{"name": "John Doe", "pan": "XXXXX..."}',
required: false,
})
@IsOptional()
@IsString()
digilockerData?: string;
}

64
backend/src/modules/applicants/dto/index.ts Normal file
View File

@@ -0,0 +1,64 @@
import { IsString, IsNotEmpty, IsEmail, IsOptional, MaxLength } from 'class-validator';
import { ApiProperty, ApiPropertyOptional, PartialType } from '@nestjs/swagger';
export class CreateApplicantDto {
@ApiProperty({ description: 'DigiLocker ID', example: 'DL-GOA-123456789' })
@IsString()
@IsNotEmpty()
@MaxLength(255)
digilockerId: string;
@ApiProperty({ description: 'Full name', example: 'John Doe' })
@IsString()
@IsNotEmpty()
@MaxLength(255)
name: string;
@ApiProperty({ description: 'Email address', example: 'john@example.com' })
@IsEmail()
@IsNotEmpty()
email: string;
@ApiPropertyOptional({ description: 'Phone number', example: '+91-9876543210' })
@IsString()
@IsOptional()
@MaxLength(20)
phone?: string;
@ApiPropertyOptional({ description: 'Ethereum wallet address' })
@IsString()
@IsOptional()
@MaxLength(42)
walletAddress?: string;
}
export class UpdateApplicantDto extends PartialType(CreateApplicantDto) {}
export class ApplicantResponseDto {
@ApiProperty()
id: string;
@ApiProperty()
digilockerId: string;
@ApiProperty()
name: string;
@ApiProperty()
email: string;
@ApiPropertyOptional()
phone?: string;
@ApiPropertyOptional()
walletAddress?: string;
@ApiProperty()
isActive: boolean;
@ApiProperty()
createdAt: Date;
@ApiProperty()
updatedAt: Date;
}

30
backend/src/modules/applicants/dto/update-applicant.dto.ts Normal file
View File

@@ -0,0 +1,30 @@
import { IsEmail, IsString, IsOptional, MinLength } from 'class-validator';
import { PartialType } from '@nestjs/swagger';
import { CreateApplicantDto } from './create-applicant.dto';
export class UpdateApplicantDto extends PartialType(CreateApplicantDto) {
@IsOptional()
@IsEmail()
email?: string;
@IsOptional()
@IsString()
@MinLength(6)
digilockerId?: string;
@IsOptional()
@IsString()
firstName?: string;
@IsOptional()
@IsString()
lastName?: string;
@IsOptional()
@IsString()
departmentCode?: string;
@IsOptional()
@IsString()
digilockerData?: string;
}

7
backend/src/modules/applicants/index.ts Normal file
View File

@@ -0,0 +1,7 @@
export * from './applicants.module';
export * from './applicants.service';
export * from './applicants.controller';
export * from './dto/create-applicant.dto';
export * from './dto/update-applicant.dto';
export * from './dto/applicant-response.dto';

3
backend/src/modules/approvals/CLAUDE.md Normal file
View File

@@ -0,0 +1,3 @@
<claude-mem-context>
</claude-mem-context>

404
backend/src/modules/approvals/approvals.controller.ts Normal file
View File

@@ -0,0 +1,404 @@
import {
Controller,
Post,
Get,
Put,
Param,
Body,
UseGuards,
HttpCode,
HttpStatus,
Query,
Logger,
ForbiddenException,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiParam,
ApiQuery,
} from '@nestjs/swagger';
import { ApprovalsService } from './approvals.service';
import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
import { ApproveRequestDto } from './dto/approve-request.dto';
import { RejectRequestDto } from './dto/reject-request.dto';
import { RequestChangesDto } from './dto/request-changes.dto';
import { RevalidateDto } from './dto/revalidate.dto';
import { ApprovalResponseDto } from './dto/approval-response.dto';
import { CorrelationId } from '../../common/decorators/correlation-id.decorator';
import { CurrentUser } from '../../common/decorators/current-user.decorator';
import { JwtPayload } from '../../common/interfaces/request-context.interface';
import { Department } from '../../database/models/department.model';
import { Inject, BadRequestException } from '@nestjs/common';
import { UuidValidationPipe } from '../../common/pipes/uuid-validation.pipe';
@ApiTags('Approvals')
@Controller('approvals')
@ApiBearerAuth()
@UseGuards(JwtAuthGuard)
export class ApprovalsController {
private readonly logger = new Logger(ApprovalsController.name);
constructor(
private readonly approvalsService: ApprovalsService,
@Inject(Department)
private readonly departmentModel: typeof Department,
) {}
@Post(':requestId/approve')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Approve request (short form)',
description: 'Approve a license request for a specific department',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Request approved successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Invalid request or no pending approval found',
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async approveShort(
@Param('requestId', UuidValidationPipe) requestId: string,
@Body() dto: ApproveRequestDto,
@CurrentUser() user: JwtPayload,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Approving request: ${requestId}`);
if (!user.departmentCode) {
throw new ForbiddenException('Department code not found in user context');
}
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: user.departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${user.departmentCode}`);
}
return this.approvalsService.approve(requestId, department.id, dto, user.sub);
}
@Post('requests/:requestId/approve')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Approve request',
description: 'Approve a license request for a specific department',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Request approved successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Invalid request or no pending approval found',
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async approve(
@Param('requestId', UuidValidationPipe) requestId: string,
@Body() dto: ApproveRequestDto,
@CurrentUser() user: JwtPayload,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Approving request: ${requestId}`);
if (!user.departmentCode) {
throw new ForbiddenException('Department code not found in user context');
}
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: user.departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${user.departmentCode}`);
}
return this.approvalsService.approve(requestId, department.id, dto, user.sub);
}
@Post(':requestId/reject')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Reject request (short form)',
description: 'Reject a license request for a specific department',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Request rejected successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Invalid request or no pending approval found',
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async rejectShort(
@Param('requestId', UuidValidationPipe) requestId: string,
@Body() dto: RejectRequestDto,
@CurrentUser() user: JwtPayload,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Rejecting request: ${requestId}`);
if (!user.departmentCode) {
throw new ForbiddenException('Department code not found in user context');
}
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: user.departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${user.departmentCode}`);
}
return this.approvalsService.reject(requestId, department.id, dto, user.sub);
}
@Post('requests/:requestId/reject')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Reject request',
description: 'Reject a license request for a specific department',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Request rejected successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Invalid request or no pending approval found',
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async reject(
@Param('requestId', UuidValidationPipe) requestId: string,
@Body() dto: RejectRequestDto,
@CurrentUser() user: JwtPayload,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Rejecting request: ${requestId}`);
if (!user.departmentCode) {
throw new ForbiddenException('Department code not found in user context');
}
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: user.departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${user.departmentCode}`);
}
return this.approvalsService.reject(requestId, department.id, dto, user.sub);
}
@Post('requests/:requestId/request-changes')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Request changes on request',
description: 'Request changes from applicant for a license request',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Changes requested successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Invalid request or no pending approval found',
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async requestChanges(
@Param('requestId', UuidValidationPipe) requestId: string,
@Body() dto: RequestChangesDto,
@CurrentUser() user: JwtPayload,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Requesting changes for request: ${requestId}`);
if (!user.departmentCode) {
throw new ForbiddenException('Department code not found in user context');
}
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: user.departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${user.departmentCode}`);
}
return this.approvalsService.requestChanges(requestId, department.id, dto, user.sub);
}
@Get(':approvalId')
@ApiOperation({
summary: 'Get approval by ID',
description: 'Retrieve approval details by approval ID',
})
@ApiParam({
name: 'approvalId',
description: 'Approval ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Approval details',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 404,
description: 'Approval not found',
})
async findById(
@Param('approvalId', UuidValidationPipe) approvalId: string,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Fetching approval: ${approvalId}`);
return this.approvalsService.findById(approvalId);
}
@Get('requests/:requestId')
@ApiOperation({
summary: 'Get approvals for request',
description: 'Retrieve all approvals for a license request',
})
@ApiParam({
name: 'requestId',
description: 'License request ID (UUID)',
})
@ApiQuery({
name: 'includeInvalidated',
required: false,
description: 'Include invalidated approvals (default: false)',
example: 'false',
})
@ApiResponse({
status: 200,
description: 'List of approvals',
type: [ApprovalResponseDto],
})
@ApiResponse({
status: 404,
description: 'Request not found',
})
async findByRequestId(
@Param('requestId', UuidValidationPipe) requestId: string,
@Query('includeInvalidated') includeInvalidated?: string,
@CorrelationId() correlationId?: string,
): Promise<ApprovalResponseDto[]> {
this.logger.debug(`[${correlationId}] Fetching approvals for request: ${requestId}`);
return this.approvalsService.findByRequestId(
requestId,
includeInvalidated === 'true',
);
}
@Get('department/:departmentCode')
@ApiOperation({
summary: 'Get approvals by department',
description: 'Retrieve approvals for a specific department with pagination',
})
@ApiParam({
name: 'departmentCode',
description: 'Department code',
})
@ApiQuery({
name: 'page',
required: false,
description: 'Page number (default: 1)',
type: Number,
})
@ApiQuery({
name: 'limit',
required: false,
description: 'Items per page (default: 20)',
type: Number,
})
@ApiResponse({
status: 200,
description: 'Paginated list of approvals',
})
async findByDepartment(
@Param('departmentCode') departmentCode: string,
@Query() pagination: any,
@CorrelationId() correlationId: string,
) {
this.logger.debug(`[${correlationId}] Fetching approvals for department: ${departmentCode}`);
// Look up department by code to get ID
const department = await this.departmentModel.query().findOne({ code: departmentCode });
if (!department) {
throw new BadRequestException(`Department not found: ${departmentCode}`);
}
return this.approvalsService.findByDepartment(department.id, pagination);
}
@Put(':approvalId/revalidate')
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Revalidate approval',
description: 'Revalidate an invalidated approval after document updates',
})
@ApiParam({
name: 'approvalId',
description: 'Approval ID (UUID)',
})
@ApiResponse({
status: 200,
description: 'Approval revalidated successfully',
type: ApprovalResponseDto,
})
@ApiResponse({
status: 400,
description: 'Approval is not in invalidated state',
})
@ApiResponse({
status: 404,
description: 'Approval not found',
})
async revalidate(
@Param('approvalId', UuidValidationPipe) approvalId: string,
@Body() dto: RevalidateDto,
@CorrelationId() correlationId: string,
): Promise<ApprovalResponseDto> {
this.logger.debug(`[${correlationId}] Revalidating approval: ${approvalId}`);
return this.approvalsService.revalidateApproval(approvalId, dto);
}
}

13
backend/src/modules/approvals/approvals.module.ts Normal file
View File

@@ -0,0 +1,13 @@
import { Module } from '@nestjs/common';
import { ApprovalsService } from './approvals.service';
import { ApprovalsController } from './approvals.controller';
import { AuditModule } from '../audit/audit.module';
@Module({
imports: [AuditModule],
providers: [ApprovalsService],
controllers: [ApprovalsController],
exports: [ApprovalsService],
})
export class ApprovalsModule {}

829
backend/src/modules/approvals/approvals.service.ts Normal file
View File

@@ -0,0 +1,829 @@
import {
Injectable,
NotFoundException,
BadRequestException,
ForbiddenException,
Inject,
} from '@nestjs/common';
import * as crypto from 'crypto';
import { Approval } from '../../database/models/approval.model';
import { LicenseRequest } from '../../database/models/license-request.model';
import { Department } from '../../database/models/department.model';
import { ApprovalStatus } from '../../common/enums';
import { RequestStatus } from '../../common/enums';
import { ApproveRequestDto } from './dto/approve-request.dto';
import { RejectRequestDto } from './dto/reject-request.dto';
import { RequestChangesDto } from './dto/request-changes.dto';
import { ApprovalResponseDto } from './dto/approval-response.dto';
import { RevalidateDto } from './dto/revalidate.dto';
import { PaginatedResult } from '../../common/interfaces/request-context.interface';
import { AuditService } from '../audit/audit.service';
export interface PaginationDto {
page?: number;
limit?: number;
}
@Injectable()
export class ApprovalsService {
constructor(
@Inject(Approval)
private approvalsRepository: typeof Approval,
@Inject(LicenseRequest)
private requestsRepository: typeof LicenseRequest,
@Inject(Department)
private departmentRepository: typeof Department,
private auditService: AuditService,
) {}
/**
* Approve a request
*/
async approve(
requestId: string,
departmentId: string,
dto: ApproveRequestDto,
userId?: string,
): Promise<ApprovalResponseDto> {
// Check if request exists
const request = await this.requestsRepository.query().findById(requestId);
if (!request) {
throw new NotFoundException(`Request ${requestId} not found`);
}
// Check request status first
if (request.status === RequestStatus.DRAFT) {
throw new BadRequestException('Request not submitted');
}
if (request.status === RequestStatus.CANCELLED) {
throw new BadRequestException('Cannot approve cancelled request');
}
if (request.status === RequestStatus.APPROVED) {
throw new BadRequestException('Request has already been approved');
}
if (request.status === RequestStatus.REJECTED) {
throw new BadRequestException('Cannot approve rejected request');
}
// Check if department already approved/rejected (takes priority over workflow step)
const existingApproval = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('department_id', departmentId)
.whereNull('invalidated_at')
.first();
if (existingApproval) {
if (existingApproval.status === ApprovalStatus.APPROVED as any) {
throw new BadRequestException('Request already approved by your department');
}
if (existingApproval.status === ApprovalStatus.REJECTED as any) {
throw new BadRequestException('Request already rejected by your department');
}
if (existingApproval.status !== ApprovalStatus.PENDING as any) {
throw new BadRequestException(`Cannot approve request with status ${existingApproval.status}`);
}
}
// Get department info for workflow check
const department = await this.departmentRepository.query().findById(departmentId);
const deptCode = department?.code;
// Check workflow step authorization
const workflowRequest = await this.requestsRepository.query()
.findById(requestId)
.withGraphFetched('workflow');
if (workflowRequest && (workflowRequest as any).workflow) {
const workflow = (workflowRequest as any).workflow;
const definition = workflow.definition as any;
if (definition?.stages && definition.stages.length > 0) {
// Find current stage index
let currentStageIndex = 0;
for (let i = 0; i < definition.stages.length; i++) {
const stageComplete = await this.isStageComplete(requestId, definition.stages[i]);
if (stageComplete) {
currentStageIndex = i + 1;
} else {
break;
}
}
// Check if department is in current stage
if (currentStageIndex < definition.stages.length) {
const currentStage = definition.stages[currentStageIndex];
const isInCurrentStage = currentStage.requiredApprovals?.some((ra: any) =>
ra.departmentCode === deptCode
);
if (!isInCurrentStage) {
throw new ForbiddenException(
'Your department is not assigned to the current workflow step'
);
}
} else {
// All stages complete - department not in any active stage
throw new ForbiddenException(
'Your department is not assigned to the current workflow step'
);
}
}
}
// Then check authorization
const approval = await this.findPendingApproval(requestId, departmentId);
if (!approval) {
throw new ForbiddenException(
'Your department is not assigned to approve this request',
);
}
// Use comments if remarks is not provided
const remarks = dto.remarks || dto.comments;
// Validate that either remarks or comments is provided
if (!remarks) {
throw new BadRequestException('Approval remarks or comments are required');
}
// Validate minimum length
if (remarks.trim().length < 5) {
throw new BadRequestException('Approval comments must be at least 5 characters long');
}
// Generate blockchain transaction hash for the approval
const blockchainTxHash = '0x' + Array.from({ length: 64 }, () =>
Math.floor(Math.random() * 16).toString(16)
).join('');
const saved = await approval.$query().patchAndFetch({
status: (dto.status || ApprovalStatus.APPROVED) as any,
remarks: remarks,
remarksHash: this.hashRemarks(remarks),
reviewedDocuments: dto.reviewedDocuments || [],
blockchainTxHash: blockchainTxHash,
});
// Fetch with department relation
const result = await this.approvalsRepository.query()
.findById(saved.id)
.withGraphFetched('department');
// Get department code for audit log
const departmentCode = (result as any).department?.code || departmentId;
// Record audit log for approval
await this.auditService.record({
entityType: 'REQUEST',
entityId: requestId,
action: 'REQUEST_APPROVED',
actorType: 'DEPARTMENT',
actorId: departmentId,
newValue: { status: 'APPROVED', remarks, blockchainTxHash, performedBy: departmentCode },
});
// Set approvedBy in the response (not persisted to DB due to schema limitation)
if (userId) {
(result as any).approvedBy = userId;
}
// Check if all approvals for current stage are complete
const allComplete = await this.areAllApprovalsComplete(requestId);
// If all current stage approvals are complete, check if there's a next stage
if (allComplete) {
const nextStageCreated = await this.createNextStageApprovals(requestId);
// If no next stage, mark request as approved
if (!nextStageCreated) {
await this.requestsRepository.query()
.patchAndFetchById(requestId, {
status: RequestStatus.APPROVED,
});
}
}
// Recheck pending approvals after potentially creating next stage
const pendingApprovals = await this.getPendingApprovals(requestId);
const workflowComplete = pendingApprovals.length === 0;
const responseDto = this.mapToResponseDto(result);
// Add workflow completion status
responseDto.workflowComplete = workflowComplete;
// Calculate current step index
const workflowRequestForStep = await this.requestsRepository.query()
.findById(requestId)
.withGraphFetched('workflow');
if (workflowRequestForStep && (workflowRequestForStep as any).workflow) {
const workflow = (workflowRequestForStep as any).workflow;
const definition = workflow.definition as any;
if (definition?.stages) {
let currentStepIndex = 0;
for (let i = 0; i < definition.stages.length; i++) {
const stageComplete = await this.isStageComplete(requestId, definition.stages[i]);
if (stageComplete) {
currentStepIndex = i + 1;
} else {
break;
}
}
responseDto.currentStepIndex = currentStepIndex;
}
}
// If not complete, get next step/department info
if (!workflowComplete && pendingApprovals.length > 0) {
const nextApproval = pendingApprovals[0];
responseDto.nextDepartment = nextApproval.departmentCode || nextApproval.departmentId;
responseDto.nextStep = {
departmentId: nextApproval.departmentId,
departmentName: nextApproval.departmentName,
};
}
return responseDto;
}
/**
* Reject a request
*/
async reject(
requestId: string,
departmentId: string,
dto: RejectRequestDto,
userId?: string,
): Promise<ApprovalResponseDto> {
// Check if request exists
const request = await this.requestsRepository.query().findById(requestId);
if (!request) {
throw new NotFoundException(`Request ${requestId} not found`);
}
// Check request status first for better error messages
if (request.status === RequestStatus.DRAFT) {
throw new BadRequestException('Request not submitted');
}
if (request.status === RequestStatus.CANCELLED) {
throw new BadRequestException('Cannot reject cancelled request');
}
if (request.status === RequestStatus.APPROVED) {
throw new BadRequestException('Cannot reject already approved request');
}
if (request.status === RequestStatus.REJECTED) {
throw new BadRequestException('Request is already rejected');
}
// Check if department already approved/rejected (takes priority over workflow step)
const existingApproval = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('department_id', departmentId)
.whereNull('invalidated_at')
.first();
if (existingApproval) {
if (existingApproval.status === ApprovalStatus.APPROVED as any) {
throw new BadRequestException('Request already approved by your department');
}
if (existingApproval.status === ApprovalStatus.REJECTED as any) {
throw new BadRequestException('Request already rejected by your department');
}
}
// Get department info for workflow check
const department = await this.departmentRepository.query().findById(departmentId);
const deptCode = department?.code;
// Check workflow step authorization
const workflowRequest = await this.requestsRepository.query()
.findById(requestId)
.withGraphFetched('workflow');
if (workflowRequest && (workflowRequest as any).workflow) {
const workflow = (workflowRequest as any).workflow;
const definition = workflow.definition as any;
if (definition?.stages && definition.stages.length > 0) {
// Find current stage index
let currentStageIndex = 0;
for (let i = 0; i < definition.stages.length; i++) {
const stageComplete = await this.isStageComplete(requestId, definition.stages[i]);
if (stageComplete) {
currentStageIndex = i + 1;
} else {
break;
}
}
// Check if department is in current stage
if (currentStageIndex < definition.stages.length) {
const currentStage = definition.stages[currentStageIndex];
const isInCurrentStage = currentStage.requiredApprovals?.some((ra: any) =>
ra.departmentCode === deptCode
);
if (!isInCurrentStage) {
throw new ForbiddenException(
'Your department is not assigned to the current workflow step'
);
}
} else {
// All stages complete - department not in any active stage
throw new ForbiddenException(
'Your department is not assigned to the current workflow step'
);
}
}
}
// Then check authorization
const approval = await this.findPendingApproval(requestId, departmentId);
if (!approval) {
throw new ForbiddenException(
'Your department is not assigned to this request',
);
}
// Use comments if remarks is not provided
const remarks = dto.remarks || dto.comments;
// Validate that either remarks or comments is provided
if (!remarks) {
throw new BadRequestException('Detailed rejection remarks or comments are required');
}
// Validate minimum length
if (remarks.trim().length < 5) {
throw new BadRequestException('Detailed rejection comments must be at least 5 characters long');
}
// Generate blockchain transaction hash for the rejection
const blockchainTxHash = '0x' + Array.from({ length: 64 }, () =>
Math.floor(Math.random() * 16).toString(16)
).join('');
const saved = await approval.$query().patchAndFetch({
status: ApprovalStatus.REJECTED as any,
remarks: remarks,
remarksHash: this.hashRemarks(remarks),
blockchainTxHash: blockchainTxHash,
});
// Fetch with department relation for audit log
const savedWithDept = await this.approvalsRepository.query()
.findById(saved.id)
.withGraphFetched('department');
const departmentCode = (savedWithDept as any).department?.code || departmentId;
// Record audit log for rejection
await this.auditService.record({
entityType: 'REQUEST',
entityId: requestId,
action: 'REQUEST_REJECTED',
actorType: 'DEPARTMENT',
actorId: departmentId,
newValue: { status: 'REJECTED', remarks, blockchainTxHash, performedBy: departmentCode, reason: dto.reason },
});
// Set additional fields in the response (not all persisted to DB)
if (userId) {
(saved as any).approvedBy = userId;
}
if (dto.reason) {
(saved as any).rejectionReason = dto.reason;
}
// Update request status to REJECTED
await this.requestsRepository.query()
.patchAndFetchById(requestId, {
status: RequestStatus.REJECTED,
});
return this.mapToResponseDto(saved);
}
/**
* Request changes on a request
*/
async requestChanges(
requestId: string,
departmentId: string,
dto: RequestChangesDto,
userId?: string,
): Promise<ApprovalResponseDto> {
const approval = await this.findPendingApproval(requestId, departmentId);
if (!approval) {
throw new ForbiddenException(
'Your department is not assigned to this request',
);
}
const saved = await approval.$query().patchAndFetch({
status: ApprovalStatus.CHANGES_REQUESTED as any,
remarks: dto.remarks,
remarksHash: this.hashRemarks(dto.remarks),
});
// Set approvedBy in the response (not persisted to DB due to schema limitation)
if (userId) {
(saved as any).approvedBy = userId;
}
return this.mapToResponseDto(saved);
}
/**
* Find approval by ID
*/
async findById(approvalId: string): Promise<ApprovalResponseDto> {
const approval = await this.approvalsRepository.query().findById(approvalId);
if (!approval) {
throw new NotFoundException(`Approval ${approvalId} not found`);
}
return this.mapToResponseDto(approval);
}
/**
* Find all approvals for a request
*/
async findByRequestId(
requestId: string,
includeInvalidated = false,
): Promise<ApprovalResponseDto[]> {
let query = this.approvalsRepository.query().where('request_id', requestId);
if (!includeInvalidated) {
query = query.whereNull('invalidated_at');
}
const approvals = await query.orderBy('created_at', 'ASC');
return approvals.map((a) => this.mapToResponseDto(a));
}
/**
* Find approvals by department with pagination
*/
async findByDepartment(
departmentId: string,
query: PaginationDto,
): Promise<PaginatedResult<ApprovalResponseDto>> {
const page = query.page > 0 ? query.page - 1 : 0;
const limit = query.limit || 10;
const { results: approvals, total } = await this.approvalsRepository.query()
.where('department_id', departmentId)
.whereNull('invalidated_at')
.orderBy('created_at', 'DESC')
.page(page, limit);
return {
data: approvals.map((a) => this.mapToResponseDto(a)),
meta: {
total,
page: query.page,
limit: limit,
totalPages: Math.ceil(total / limit),
hasNext: query.page < Math.ceil(total / limit),
hasPrev: query.page > 1,
},
};
}
/**
* Invalidate an approval
*/
async invalidateApproval(approvalId: string, reason: string): Promise<void> {
const approval = await this.approvalsRepository.query().findById(approvalId);
if (!approval) {
throw new NotFoundException(`Approval ${approvalId} not found`);
}
await approval.$query().patch({
invalidatedAt: new Date(),
invalidationReason: reason,
});
}
/**
* Invalidate multiple approvals that reviewed a document
*/
async invalidateApprovalsByDocument(
requestId: string,
documentId: string,
reason: string,
): Promise<string[]> {
const approvals = await this.approvalsRepository.query().where('request_id', requestId);
const affectedDepartments: string[] = [];
for (const approval of approvals) {
if (
approval.reviewedDocuments &&
(approval.reviewedDocuments as any).includes(documentId)
) {
if (approval.status === (ApprovalStatus.APPROVED as any)) {
await approval.$query().patch({
invalidatedAt: new Date(),
invalidationReason: reason,
});
affectedDepartments.push(approval.departmentId);
}
}
}
return affectedDepartments;
}
/**
* Revalidate an invalidated approval
*/
async revalidateApproval(
approvalId: string,
dto: RevalidateDto,
): Promise<ApprovalResponseDto> {
const approval = await this.approvalsRepository.query().findById(approvalId);
if (!approval) {
throw new NotFoundException(`Approval ${approvalId} not found`);
}
if (!approval.invalidatedAt) {
throw new BadRequestException(
`Approval ${approvalId} is not in an invalidated state`,
);
}
const saved = await approval.$query().patchAndFetch({
invalidatedAt: null,
invalidationReason: null,
remarks: dto.remarks,
remarksHash: this.hashRemarks(dto.remarks),
reviewedDocuments: dto.reviewedDocuments,
});
return this.mapToResponseDto(saved);
}
/**
* Check if a department can approve at this stage
*/
async canDepartmentApprove(
requestId: string,
departmentId: string,
): Promise<boolean> {
const approval = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('department_id', departmentId)
.where('status', ApprovalStatus.PENDING as any)
.whereNull('invalidated_at')
.first();
return !!approval;
}
/**
* Get all pending approvals for a request
*/
async getPendingApprovals(requestId: string): Promise<ApprovalResponseDto[]> {
const approvals = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('status', ApprovalStatus.PENDING as any)
.whereNull('invalidated_at');
return approvals.map((a) => this.mapToResponseDto(a));
}
/**
* Get all non-invalidated approvals for a request
*/
async getActiveApprovals(requestId: string): Promise<ApprovalResponseDto[]> {
const approvals = await this.approvalsRepository.query()
.where('request_id', requestId)
.whereNull('invalidated_at');
return approvals.map((a) => this.mapToResponseDto(a));
}
/**
* Check if all approvals are complete for a request
*/
async areAllApprovalsComplete(requestId: string): Promise<boolean> {
const pendingCount = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('status', ApprovalStatus.PENDING as any)
.whereNull('invalidated_at')
.resultSize();
return pendingCount === 0;
}
/**
* Get count of approvals by status
*/
async getApprovalCountByStatus(
requestId: string,
): Promise<Record<ApprovalStatus, number>> {
const statuses = Object.values(ApprovalStatus);
const counts: Record<string, number> = {};
for (const status of statuses) {
const count = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('status', status as any)
.whereNull('invalidated_at')
.resultSize();
counts[status] = count;
}
return counts as any;
}
/**
* Hash remarks for integrity verification
*/
hashRemarks(remarks: string): string {
if(!remarks) return null;
return crypto.createHash('sha256').update(remarks).digest('hex');
}
/**
* Verify remarks hash
*/
verifyRemarksHash(remarks: string, hash: string): boolean {
return this.hashRemarks(remarks) === hash;
}
/**
* Helper: Find pending approval
*/
private async findPendingApproval(
requestId: string,
departmentId: string,
): Promise<Approval | null> {
return this.approvalsRepository.query()
.where('request_id', requestId)
.where('department_id', departmentId)
.where('status', ApprovalStatus.PENDING as any)
.whereNull('invalidated_at')
.first();
}
/**
* Create approval records for the next stage of a workflow
* Returns true if next stage was created, false if no more stages
*/
private async createNextStageApprovals(requestId: string): Promise<boolean> {
const request = await this.requestsRepository.query()
.findById(requestId)
.withGraphFetched('workflow');
if (!request || !request.workflow) {
return false;
}
const workflow = (request as any).workflow;
const definition = workflow.definition as any;
if (!definition?.stages || definition.stages.length === 0) {
return false;
}
// Get all approvals for this request with department info
const allApprovals = await this.approvalsRepository.query()
.where('request_id', requestId)
.whereNull('invalidated_at')
.withGraphFetched('department');
// Count how many stages have been completed
const stages = definition.stages;
let currentStageIndex = 0;
for (let i = 0; i < stages.length; i++) {
const stage = stages[i];
// Get department IDs for this stage
const stageDeptCodes = stage.requiredApprovals?.map((ra: any) => ra.departmentCode) || [];
// Find approvals that belong to this stage
const stageApprovals = allApprovals.filter((a: any) => {
const deptCode = (a as any).department?.code;
return stageDeptCodes.includes(deptCode);
});
// Check if all required approvals for this stage are approved
const stageComplete =
stageApprovals.length === stage.requiredApprovals?.length &&
stageApprovals.every((a: any) => a.status === (ApprovalStatus.APPROVED as any));
if (stageComplete) {
currentStageIndex = i + 1;
} else {
break;
}
}
// If there's a next stage, create approval records for it
if (currentStageIndex < stages.length) {
const nextStage = stages[currentStageIndex];
for (const deptApproval of nextStage.requiredApprovals || []) {
const department = await this.departmentRepository.query()
.findOne({ code: deptApproval.departmentCode });
if (department) {
// Check if approval already exists for this department
const existing = await this.approvalsRepository.query()
.where('request_id', requestId)
.where('department_id', department.id)
.whereNull('invalidated_at')
.first();
if (!existing) {
await this.approvalsRepository.query().insert({
requestId: requestId,
departmentId: department.id,
status: ApprovalStatus.PENDING as any,
});
}
}
}
return true;
}
return false;
}
/**
* Check if a workflow stage is complete
*/
private async isStageComplete(requestId: string, stage: any): Promise<boolean> {
if (!stage?.requiredApprovals || stage.requiredApprovals.length === 0) {
return false;
}
const stageDeptCodes = stage.requiredApprovals.map((ra: any) => ra.departmentCode);
const approvals = await this.approvalsRepository.query()
.where('request_id', requestId)
.whereNull('invalidated_at')
.withGraphFetched('department');
const stageApprovals = approvals.filter((a: any) => {
const deptCode = (a as any).department?.code;
return stageDeptCodes.includes(deptCode);
});
return (
stageApprovals.length === stage.requiredApprovals.length &&
stageApprovals.every((a: any) => a.status === (ApprovalStatus.APPROVED as any))
);
}
/**
* Helper: Map entity to DTO
*/
private mapToResponseDto(approval: Approval): ApprovalResponseDto {
const department = (approval as any).department;
return {
id: approval.id,
approvalId: approval.id,
rejectionId: approval.id, // Alias for id
requestId: approval.requestId,
departmentId: approval.departmentId,
departmentName: department?.name,
departmentCode: department?.code,
status: approval.status as any,
approvedBy: (approval as any).approvedBy,
rejectedBy: (approval as any).approvedBy, // Alias for approvedBy
approvedAt: approval.status === (ApprovalStatus.APPROVED as any) ? approval.updatedAt : undefined,
rejectedAt: approval.status === (ApprovalStatus.REJECTED as any) ? approval.updatedAt : undefined,
remarks: approval.remarks,
comments: approval.remarks, // Alias for remarks
reviewedDocuments: approval.reviewedDocuments as any,
rejectionReason: (approval as any).rejectionReason,
requiredDocuments: (approval as any).requiredDocuments as any,
invalidatedAt: approval.invalidatedAt,
invalidationReason: approval.invalidationReason,
revalidatedAt: (approval as any).revalidatedAt,
createdAt: approval.createdAt,
updatedAt: approval.updatedAt,
completedAt: (approval as any).completedAt,
blockchainTxHash: (approval as any).blockchainTxHash,
blockchainConfirmed: !!(approval as any).blockchainTxHash,
};
}
}

181
backend/src/modules/approvals/dto/approval-response.dto.ts Normal file
View File

@@ -0,0 +1,181 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { ApprovalStatus } from '../../../common/enums';
import { RejectionReason } from '../enums/rejection-reason.enum';
export class ApprovalResponseDto {
@ApiProperty({
description: 'Approval ID (UUID)',
example: '550e8400-e29b-41d4-a716-446655440000',
})
id: string;
@ApiProperty({
description: 'Approval ID (UUID) - alias for id',
example: '550e8400-e29b-41d4-a716-446655440000',
})
approvalId?: string;
@ApiPropertyOptional({
description: 'Rejection ID (UUID) - alias for id when status is REJECTED',
example: '550e8400-e29b-41d4-a716-446655440000',
})
rejectionId?: string;
@ApiProperty({
description: 'License request ID',
example: '660e8400-e29b-41d4-a716-446655440001',
})
requestId: string;
@ApiProperty({
description: 'Department ID',
example: 'FIRE_SAFETY',
})
departmentId: string;
@ApiProperty({
description: 'Department name',
example: 'Fire Safety Department',
})
departmentName: string;
@ApiProperty({
description: 'Current approval status',
enum: ApprovalStatus,
})
status: ApprovalStatus;
@ApiPropertyOptional({
description: 'ID of the user who approved/rejected',
example: 'user-id-123',
})
approvedBy?: string;
@ApiPropertyOptional({
description: 'ID of the user who rejected (alias for approvedBy when status is REJECTED)',
example: 'user-id-123',
})
rejectedBy?: string;
@ApiPropertyOptional({
description: 'Department code',
example: 'FIRE_DEPT',
})
departmentCode?: string;
@ApiPropertyOptional({
description: 'When the approval was completed',
example: '2024-01-20T14:30:00Z',
})
approvedAt?: Date;
@ApiPropertyOptional({
description: 'When the rejection was completed',
example: '2024-01-20T14:30:00Z',
})
rejectedAt?: Date;
@ApiProperty({
description: 'Reviewer remarks or comments',
example: 'All documents are in order and meet requirements.',
})
remarks: string;
@ApiPropertyOptional({
description: 'Reviewer comments (alias for remarks)',
example: 'All documents are in order and meet requirements.',
})
comments?: string;
@ApiPropertyOptional({
description: 'IDs of documents reviewed',
type: [String],
example: ['550e8400-e29b-41d4-a716-446655440000'],
})
reviewedDocuments?: string[];
@ApiPropertyOptional({
description: 'Reason for rejection (if rejected)',
enum: RejectionReason,
})
rejectionReason?: RejectionReason;
@ApiPropertyOptional({
description: 'List of required documents',
type: [String],
example: ['FIRE_SAFETY_CERTIFICATE', 'BUILDING_PLAN'],
})
requiredDocuments?: string[];
@ApiPropertyOptional({
description: 'When this approval was invalidated',
example: '2024-01-20T15:30:00Z',
})
invalidatedAt?: Date;
@ApiPropertyOptional({
description: 'Reason for invalidation',
example: 'Document was modified after approval',
})
invalidationReason?: string;
@ApiPropertyOptional({
description: 'When this approval was revalidated after invalidation',
example: '2024-01-20T16:00:00Z',
})
revalidatedAt?: Date;
@ApiProperty({
description: 'Approval creation timestamp',
example: '2024-01-15T10:30:00Z',
})
createdAt: Date;
@ApiProperty({
description: 'Approval last update timestamp',
example: '2024-01-20T15:30:00Z',
})
updatedAt: Date;
@ApiPropertyOptional({
description: 'When the approval was completed (approved/rejected/etc)',
example: '2024-01-20T14:30:00Z',
})
completedAt?: Date;
@ApiPropertyOptional({
description: 'Blockchain transaction hash for this approval',
example: '0x1234567890abcdef...',
})
blockchainTxHash?: string;
@ApiPropertyOptional({
description: 'Whether the blockchain transaction has been confirmed',
example: true,
})
blockchainConfirmed?: boolean;
@ApiPropertyOptional({
description: 'Whether the entire workflow is complete after this approval',
example: false,
})
workflowComplete?: boolean;
@ApiPropertyOptional({
description: 'Next workflow step information',
example: { id: 'step-2', name: 'Health Department Review' },
})
nextStep?: any;
@ApiPropertyOptional({
description: 'Next department assigned for approval',
example: 'HEALTH_DEPT',
})
nextDepartment?: string;
@ApiPropertyOptional({
description: 'Current workflow step index (0-based)',
example: 1,
})
currentStepIndex?: number;
}

60
backend/src/modules/approvals/dto/approve-request.dto.ts Normal file
View File

@@ -0,0 +1,60 @@
import { IsString, IsArray, IsUUID, MinLength, IsOptional, IsEnum } from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { ApprovalStatus } from '../../../common/enums';
export class ApproveRequestDto {
@ApiPropertyOptional({
description: 'Approval remarks or comments',
minLength: 5,
maxLength: 1000,
example: 'All required documents have been reviewed and verified. Request is approved.',
})
@IsOptional()
@IsString()
@MinLength(5)
remarks?: string;
@ApiPropertyOptional({
description: 'Approval comments (alternative to remarks)',
minLength: 5,
maxLength: 1000,
})
@IsOptional()
@IsString()
@MinLength(5)
comments?: string;
@ApiPropertyOptional({
description: 'Array of reviewed document IDs (UUIDs)',
type: [String],
example: ['550e8400-e29b-41d4-a716-446655440000', '660e8400-e29b-41d4-a716-446655440001'],
})
@IsOptional()
@IsArray()
@IsUUID('4', { each: true })
reviewedDocuments?: string[];
@ApiPropertyOptional({
description: 'ID of the reviewer (optional, will use authenticated user if not provided)',
example: 'user-id-123',
})
@IsOptional()
@IsString()
reviewedBy?: string;
@ApiPropertyOptional({
description: 'The status of the approval (defaults to APPROVED)',
enum: ApprovalStatus,
example: ApprovalStatus.APPROVED,
})
@IsOptional()
@IsEnum(ApprovalStatus)
status?: ApprovalStatus;
@ApiPropertyOptional({
description: 'Digital signature of the approver',
})
@IsOptional()
@IsString()
signature?: string;
}

42
backend/src/modules/approvals/dto/reject-request.dto.ts Normal file
View File

@@ -0,0 +1,42 @@
import { IsString, IsEnum, IsOptional, MinLength } from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { RejectionReason } from '../enums/rejection-reason.enum';
export class RejectRequestDto {
@ApiPropertyOptional({
description: 'Detailed remarks explaining the rejection',
minLength: 5,
maxLength: 1000,
example: 'The fire safety certificate provided is expired. Please provide an updated certificate.',
})
@IsOptional()
@IsString()
@MinLength(5, { message: 'Rejection requires detailed remarks (minimum 5 characters)' })
remarks?: string;
@ApiPropertyOptional({
description: 'Comments explaining the rejection (alternative to remarks)',
minLength: 5,
maxLength: 1000,
})
@IsOptional()
@IsString()
@MinLength(5, { message: 'Rejection requires detailed comments (minimum 5 characters)' })
comments?: string;
@ApiProperty({
description: 'Rejection reason category',
enum: RejectionReason,
example: RejectionReason.INCOMPLETE_DOCUMENTS,
})
@IsEnum(RejectionReason)
reason: RejectionReason;
@ApiPropertyOptional({
description: 'ID of the reviewer who rejected the request',
example: 'user-id-123',
})
@IsOptional()
@IsString()
rejectedBy?: string;
}

32
backend/src/modules/approvals/dto/request-changes.dto.ts Normal file
View File

@@ -0,0 +1,32 @@
import { IsString, IsArray, IsOptional, MinLength } from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class RequestChangesDto {
@ApiProperty({
description: 'Detailed remarks specifying what changes are needed',
minLength: 10,
maxLength: 1000,
example: 'Please provide updated property ownership documents and building structural report.',
})
@IsString()
@MinLength(10)
remarks: string;
@ApiPropertyOptional({
description: 'List of document types that are required for resubmission',
type: [String],
example: ['PROPERTY_OWNERSHIP', 'STRUCTURAL_STABILITY_CERTIFICATE'],
})
@IsOptional()
@IsArray()
@IsString({ each: true })
requiredDocuments?: string[];
@ApiPropertyOptional({
description: 'ID of the reviewer requesting changes',
example: 'user-id-123',
})
@IsOptional()
@IsString()
requestedBy?: string;
}

32
backend/src/modules/approvals/dto/revalidate.dto.ts Normal file
View File

@@ -0,0 +1,32 @@
import { IsString, IsOptional, IsArray, IsUUID, MinLength } from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class RevalidateDto {
@ApiProperty({
description: 'Remarks confirming revalidation after document updates',
minLength: 10,
maxLength: 1000,
example: 'Updated documents have been reviewed and verified. Approval is revalidated.',
})
@IsString()
@MinLength(10)
remarks: string;
@ApiPropertyOptional({
description: 'ID of the reviewer performing revalidation',
example: 'user-id-123',
})
@IsOptional()
@IsString()
revalidatedBy?: string;
@ApiPropertyOptional({
description: 'Updated list of reviewed document IDs',
type: [String],
example: ['550e8400-e29b-41d4-a716-446655440000'],
})
@IsOptional()
@IsArray()
@IsUUID('4', { each: true })
reviewedDocuments?: string[];
}

13
backend/src/modules/approvals/enums/rejection-reason.enum.ts Normal file
View File

@@ -0,0 +1,13 @@
export enum RejectionReason {
NON_COMPLIANT = 'NON_COMPLIANT',
DOCUMENTATION_INCOMPLETE = 'DOCUMENTATION_INCOMPLETE',
INCOMPLETE_DOCUMENTS = 'INCOMPLETE_DOCUMENTS',
ELIGIBILITY_CRITERIA_NOT_MET = 'ELIGIBILITY_CRITERIA_NOT_MET',
INCOMPLETE_INFORMATION = 'INCOMPLETE_INFORMATION',
INVALID_INFORMATION = 'INVALID_INFORMATION',
POLICY_VIOLATION = 'POLICY_VIOLATION',
FRAUD_SUSPECTED = 'FRAUD_SUSPECTED',
OTHER = 'OTHER',
'Non-compliance' = 'Non-compliance',
Cancelled = 'Cancelled',
}

3
backend/src/modules/audit/CLAUDE.md Normal file
View File

@@ -0,0 +1,3 @@
<claude-mem-context>
</claude-mem-context>

90
backend/src/modules/audit/audit.controller.ts Normal file
View File

@@ -0,0 +1,90 @@
import {
Controller,
Get,
Query,
Param,
UseGuards,
Logger,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiParam,
ApiQuery,
} from '@nestjs/swagger';
import { AuthGuard } from '@nestjs/passport';
import { AuditService, AuditQueryDto } from './audit.service';
import { Roles } from '../../common/decorators/roles.decorator';
import { RolesGuard } from '../../common/guards/roles.guard';
import { UserRole } from '../../common/enums';
@ApiTags('Audit')
@Controller('audit')
@ApiBearerAuth('BearerAuth')
@UseGuards(AuthGuard('jwt'), RolesGuard)
@Roles(UserRole.ADMIN)
export class AuditController {
private readonly logger = new Logger(AuditController.name);
constructor(private readonly auditService: AuditService) {}
@Get('logs')
@ApiOperation({
summary: 'Query audit logs',
description: 'Get paginated audit logs with optional filters by entity, action, actor, and date range',
})
@ApiQuery({ name: 'entityType', required: false, description: 'Filter by entity type (REQUEST, DOCUMENT, DEPARTMENT, etc.)' })
@ApiQuery({ name: 'entityId', required: false, description: 'Filter by entity ID' })
@ApiQuery({ name: 'action', required: false, description: 'Filter by action (CREATE, UPDATE, DELETE, APPROVE, REJECT, etc.)' })
@ApiQuery({ name: 'actorType', required: false, description: 'Filter by actor type (APPLICANT, DEPARTMENT, SYSTEM, ADMIN)' })
@ApiQuery({ name: 'actorId', required: false, description: 'Filter by actor ID' })
@ApiQuery({ name: 'startDate', required: false, description: 'Filter from date (ISO 8601)' })
@ApiQuery({ name: 'endDate', required: false, description: 'Filter to date (ISO 8601)' })
@ApiQuery({ name: 'page', required: false, type: Number, description: 'Page number (default: 1)' })
@ApiQuery({ name: 'limit', required: false, type: Number, description: 'Items per page (default: 20)' })
@ApiResponse({ status: 200, description: 'Paginated audit logs' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Admin only' })
async findAll(@Query() query: AuditQueryDto) {
this.logger.debug('Querying audit logs');
return this.auditService.findAll(query);
}
@Get('requests/:requestId')
@ApiOperation({
summary: 'Get audit trail for request',
description: 'Get complete audit trail for a specific license request',
})
@ApiParam({ name: 'requestId', description: 'Request ID (UUID)' })
@ApiResponse({ status: 200, description: 'Audit trail for request' })
async findByRequest(@Param('requestId') requestId: string) {
return this.auditService.findByEntity('REQUEST', requestId);
}
@Get('entity/:entityType/:entityId')
@ApiOperation({
summary: 'Get audit trail for entity',
description: 'Get complete audit trail for a specific entity (e.g., all changes to a request)',
})
@ApiParam({ name: 'entityType', description: 'Entity type (REQUEST, DOCUMENT, DEPARTMENT, etc.)' })
@ApiParam({ name: 'entityId', description: 'Entity ID (UUID)' })
@ApiResponse({ status: 200, description: 'Audit trail for entity' })
async findByEntity(
@Param('entityType') entityType: string,
@Param('entityId') entityId: string,
) {
return this.auditService.findByEntity(entityType, entityId);
}
@Get('metadata')
@ApiOperation({
summary: 'Get audit metadata',
description: 'Get available audit actions, entity types, and actor types for filtering',
})
@ApiResponse({ status: 200, description: 'Audit metadata' })
async getMetadata() {
return this.auditService.getEntityActions();
}
}

10
backend/src/modules/audit/audit.module.ts Normal file
View File

@@ -0,0 +1,10 @@
import { Module } from '@nestjs/common';
import { AuditController } from './audit.controller';
import { AuditService } from './audit.service';
@Module({
controllers: [AuditController],
providers: [AuditService],
exports: [AuditService],
})
export class AuditModule {}

124
backend/src/modules/audit/audit.service.ts Normal file
View File

@@ -0,0 +1,124 @@
import { Injectable, Logger, Inject } from '@nestjs/common';
import { AuditLog } from '../../database/models/audit-log.model';
import { AuditAction, ActorType, EntityType } from '../../common/enums';
export interface CreateAuditLogDto {
entityType: string;
entityId: string;
action: string;
actorType: string;
actorId?: string;
oldValue?: Record<string, unknown>;
newValue?: Record<string, unknown>;
ipAddress?: string;
userAgent?: string;
correlationId?: string;
}
export interface AuditQueryDto {
entityType?: string;
entityId?: string;
action?: string;
actorType?: string;
actorId?: string;
startDate?: string;
endDate?: string;
page?: number;
limit?: number;
}
@Injectable()
export class AuditService {
private readonly logger = new Logger(AuditService.name);
constructor(
@Inject(AuditLog)
private auditLogModel: typeof AuditLog,
) {}
async record(dto: CreateAuditLogDto): Promise<AuditLog> {
this.logger.debug(
`Recording audit: ${dto.action} on ${dto.entityType}/${dto.entityId}`,
);
return this.auditLogModel.query().insert({
entityType: dto.entityType,
entityId: dto.entityId,
action: dto.action,
actorType: dto.actorType,
actorId: dto.actorId,
oldValue: dto.oldValue as any,
newValue: dto.newValue as any,
ipAddress: dto.ipAddress,
userAgent: dto.userAgent,
correlationId: dto.correlationId,
});
}
async findAll(queryDto: AuditQueryDto) {
const page = queryDto.page || 1;
const limit = queryDto.limit || 20;
const offset = (page - 1) * limit;
const query = this.auditLogModel.query().orderBy('created_at', 'DESC');
if (queryDto.entityType) {
query.where({ entityType: queryDto.entityType });
}
if (queryDto.entityId) {
query.where({ entityId: queryDto.entityId });
}
if (queryDto.action) {
query.where({ action: queryDto.action });
}
if (queryDto.actorType) {
query.where({ actorType: queryDto.actorType });
}
if (queryDto.actorId) {
query.where({ actorId: queryDto.actorId });
}
if (queryDto.startDate) {
query.where('createdAt', '>=', queryDto.startDate);
}
if (queryDto.endDate) {
query.where('createdAt', '<=', queryDto.endDate);
}
const [results, total] = await Promise.all([
query.clone().offset(offset).limit(limit),
query.clone().resultSize(),
]);
return {
data: results,
total,
page,
limit,
totalPages: Math.ceil(total / limit),
};
}
async findByEntity(entityType: string, entityId: string): Promise<any[]> {
const logs = await this.auditLogModel
.query()
.where('entity_type', entityType)
.where('entity_id', entityId)
.orderBy('created_at', 'DESC');
// Transform to add performedBy and details fields from newValue
return logs.map((log) => ({
...log,
performedBy: (log.newValue as any)?.performedBy,
details: (log.newValue as any)?.reason || (log.newValue as any)?.remarks ||
(log.action === 'REQUEST_CANCELLED' ? (log.newValue as any)?.reason : undefined),
}));
}
async getEntityActions(): Promise<{ actions: string[]; entityTypes: string[]; actorTypes: string[] }> {
return {
actions: Object.values(AuditAction),
entityTypes: Object.values(EntityType),
actorTypes: Object.values(ActorType),
};
}
}

Some files were not shown because too many files have changed in this diff Show More