np-dms/lcbp3
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

260224:1606 20260224:1600 V1.8.0
All checks were successful
Build and Deploy / deploy (push) Successful in 6m25s
Details

Browse Source
This commit is contained in:
admin
2026-02-24 16:06:15 +07:00
parent 97cc41f489
commit 158179d4a5
255 changed files with 5339 additions and 2094 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
specs/06-Decision-Records/ADR-001-unified-workflow-engine.md
View File

@@ -1,12 +1,12 @@
# ADR-001: Unified Workflow Engine
**Status:** Accepted
**Date:** 2025-11-30
**Date:** 2026-02-24
**Decision Makers:** Development Team, System Architect
**Related Documents:**
- [System Architecture](../02-architecture/02-01-system-architecture.md)
- [Unified Workflow Requirements](../01-requirements/01-03.6-unified-workflow.md)
- [Software Architecture](../02-Architecture/02-02-software-architecture.md)
- [Unified Workflow Requirements](../01-Requirements/01-03-modules/01-03-06-unified-workflow.md)
---
@@ -85,7 +85,7 @@ LCBP3-DMS ต้องจัดการเอกสารหลายประ
-**Runtime Flexibility:** แก้ Workflow ได้โดยไม่ต้อง Deploy
-**Reusability:** Workflow templates สามารถใช้ซ้ำได้
-**Consistency:** State management เป็นมาตรฐานเดียวกัน
-**Audit Trail:** ประวัติครบถ้วนใน `workflow_history`
-**Audit Trail:** ประวัติครบถ้วนใน `workflow_histories`
-**Scalability:** เพิ่ม Document Type ใหม่ได้ง่าย
**Cons:**
@@ -120,41 +120,44 @@ LCBP3-DMS ต้องจัดการเอกสารหลายประ
```sql
-- Workflow Definitions (Templates)
CREATE TABLE workflow_definitions (
id INT PRIMARY KEY AUTO_INCREMENT,
name VARCHAR(100) NOT NULL,
version INT NOT NULL,
entity_type ENUM('correspondence', 'rfa', 'circulation'),
definition JSON NOT NULL, -- DSL Configuration
id VARCHAR(36) PRIMARY KEY, -- UUID
workflow_code VARCHAR(50) NOT NULL,
version INT NOT NULL DEFAULT 1,
description TEXT NULL,
dsl JSON NOT NULL, -- Raw DSL from user
compiled JSON NOT NULL, -- Validated and optimized for Runtime
is_active BOOLEAN DEFAULT TRUE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
UNIQUE KEY (name, version)
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
UNIQUE KEY (workflow_code, version)
);
-- Workflow Instances (Running Workflows)
CREATE TABLE workflow_instances (
id INT PRIMARY KEY AUTO_INCREMENT,
definition_id INT NOT NULL,
entity_type VARCHAR(50) NOT NULL,
entity_id INT NOT NULL,
id VARCHAR(36) PRIMARY KEY, -- UUID
definition_id VARCHAR(36) NOT NULL,
entity_type VARCHAR(50) NOT NULL, -- e.g. "correspondence", "rfa"
entity_id VARCHAR(50) NOT NULL,
current_state VARCHAR(50) NOT NULL,
context JSON, -- Runtime data
started_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
completed_at TIMESTAMP NULL,
status ENUM('ACTIVE', 'COMPLETED', 'CANCELLED', 'TERMINATED') DEFAULT 'ACTIVE',
context JSON NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
FOREIGN KEY (definition_id) REFERENCES workflow_definitions(id)
);
-- Workflow History (Audit Trail)
CREATE TABLE workflow_history (
id INT PRIMARY KEY AUTO_INCREMENT,
instance_id INT NOT NULL,
from_state VARCHAR(50),
CREATE TABLE workflow_histories (
id VARCHAR(36) PRIMARY KEY, -- UUID
instance_id VARCHAR(36) NOT NULL,
from_state VARCHAR(50) NOT NULL,
to_state VARCHAR(50) NOT NULL,
action VARCHAR(50) NOT NULL,
actor_id INT NOT NULL,
metadata JSON,
transitioned_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (instance_id) REFERENCES workflow_instances(id),
FOREIGN KEY (actor_id) REFERENCES users(user_id)
action_by_user_id INT NULL,
comment TEXT NULL,
metadata JSON NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (instance_id) REFERENCES workflow_instances(id) ON DELETE CASCADE
);
```
@@ -162,57 +165,53 @@ CREATE TABLE workflow_history (
```json
{
"name": "CORRESPONDENCE_ROUTING",
"workflow": "CORRESPONDENCE_ROUTING",
"version": 1,
"entity_type": "correspondence",
"description": "Standard correspondence routing",
"states": [
{
"name": "DRAFT",
"type": "initial",
"allowed_transitions": ["SUBMIT"]
"initial": true,
"on": {
"SUBMIT": {
"to": "SUBMITTED",
"require": {
"role": ["Admin"],
"user": "123"
},
"condition": "context.requiresLegal > 0",
"events": [
{
"type": "notify",
"target": "originator",
"template": "correspondence_submitted"
}
]
}
}
},
{
"name": "SUBMITTED",
"type": "intermediate",
"allowed_transitions": ["RECEIVE", "RETURN", "CANCEL"]
"on": {
"RECEIVE": {
"to": "RECEIVED"
},
"RETURN": {
"to": "DRAFT"
}
}
},
{
"name": "RECEIVED",
"type": "intermediate",
"allowed_transitions": ["REPLY", "FORWARD", "CLOSE"]
"on": {
"CLOSE": {
"to": "CLOSED"
}
}
},
{
"name": "CLOSED",
"type": "final"
}
],
"transitions": [
{
"action": "SUBMIT",
"from": "DRAFT",
"to": "SUBMITTED",
"guards": [
{
"type": "permission",
"permission": "correspondence.submit"
},
{
"type": "validation",
"rules": ["hasRecipient", "hasAttachment"]
}
],
"effects": [
{
"type": "notification",
"template": "correspondence_submitted",
"recipients": ["originator", "assigned_reviewer"]
},
{
"type": "update_entity",
"field": "submitted_at",
"value": "{{now}}"
}
]
"terminal": true
}
]
}
@@ -229,14 +228,13 @@ CREATE TABLE workflow_history (
WorkflowInstance,
WorkflowHistory,
]),
UserModule,
],
controllers: [WorkflowEngineController],
providers: [
WorkflowEngineService,
WorkflowDefinitionService,
WorkflowInstanceService,
DslParserService,
StateValidator,
TransitionExecutor,
WorkflowDslService,
WorkflowEventService,
],
exports: [WorkflowEngineService],
})
@@ -246,46 +244,55 @@ export class WorkflowEngineModule {}
@Injectable()
export class WorkflowEngineService {
async createInstance(
definitionId: number,
workflowCode: string,
entityType: string,
entityId: number
entityId: string,
initialContext: Record<string, unknown> = {}
): Promise<WorkflowInstance> {
const definition = await this.getActiveDefinition(definitionId);
const initialState = this.dslParser.getInitialState(definition.definition);
const definition = await this.workflowDefRepo.findOne({
where: { workflow_code: workflowCode, is_active: true },
order: { version: 'DESC' },
});
// Initial state directly from compiled DSL
const initialState = definition.compiled.initialState;
return this.instanceRepo.save({
definition_id: definitionId,
entity_type: entityType,
entity_id: entityId,
current_state: initialState,
definition_id: definition.id,
entityType,
entityId,
currentState: initialState,
status: WorkflowStatus.ACTIVE,
context: initialContext,
});
}
async executeTransition(
instanceId: number,
async processTransition(
instanceId: string,
action: string,
actorId: number
): Promise<void> {
const instance = await this.instanceRepo.findOne(instanceId);
const definition = await this.definitionRepo.findOne(
instance.definition_id
userId: number,
comment?: string,
payload: Record<string, unknown> = {}
) {
// Evaluation via WorkflowDslService
const evaluation = this.dslService.evaluate(
compiled,
instance.currentState,
action,
context
);
// Validate transition
const transition = this.stateValidator.validateTransition(
definition.definition,
instance.current_state,
action
);
// Update state to target State
instance.currentState = evaluation.nextState;
// Execute guards
await this.checkGuards(transition.guards, instance, actorId);
if (compiled.states[evaluation.nextState].terminal) {
instance.status = WorkflowStatus.COMPLETED;
}
// Update state
await this.transitionExecutor.execute(instance, transition, actorId);
// Record history
await this.recordHistory(instance, transition, actorId);
// Process background events asynchronously
if (evaluation.events && evaluation.events.length > 0) {
this.eventService.dispatchEvents(instance.id, evaluation.events, context);
}
}
}
```
@@ -298,7 +305,7 @@ export class WorkflowEngineService {
1.**Unified State Management:** สถานะทุก Document Type จัดการโดย Engine เดียว
2.**No Code Changes for Workflow Updates:** แก้ Workflow ผ่าน JSON DSL
3.**Complete Audit Trail:** ประวัติครบถ้วนใน `workflow_history`
3.**Complete Audit Trail:** ประวัติครบถ้วนใน `workflow_histories`
4.**Versioning Support:** In-progress documents ใช้ Workflow Version เดิม
5.**Reusable Templates:** สามารถ Clone Workflow Template ได้
6.**Future-proof:** พร้อมสำหรับ Document Types ใหม่
@@ -325,8 +332,8 @@ export class WorkflowEngineService {
เป็นไปตาม:
- [Backend Plan Section 2.4.1](../../docs/2_Backend_Plan_V1_4_5.md) - Unified Workflow Engine
- [Requirements 3.6](../01-requirements/01-03.6-unified-workflow.md) - Unified Workflow Specification
- [Backend Guidelines](../05-Engineering-Guidelines/05-02-backend-guidelines.md#workflow-engine-integration) - Unified Workflow Engine
- [Unified Workflow Requirements](../01-Requirements/01-03-modules/01-03-06-unified-workflow.md) - Unified Workflow Specification
---
@@ -342,7 +349,7 @@ export class WorkflowEngineService {
## Related ADRs
- [ADR-002: Document Numbering Strategy](./ADR-002-document-numbering-strategy.md) - ใช้ Workflow Engine trigger Document Number Generation
- [ADR-004: RBAC Implementation](./ADR-004-rbac-implementation.md) - Permission Guards ใน Workflow Transitions
- [RBAC Matrix](../01-Requirements/01-02-business-rules/01-02-01-rbac-matrix.md) - Permission Guards ใน Workflow Transitions
---

22
specs/06-Decision-Records/ADR-002-document-numbering-strategy.md
View File

@@ -1,12 +1,12 @@
# ADR-002: Document Numbering Strategy
**Status:** Accepted
**Date:** 2025-12-18
**Date:** 2026-02-24
**Decision Makers:** Development Team, System Architect
**Related Documents:**
- [System Architecture](../02-architecture/02-01-system-architecture.md)
- [Document Numbering Requirements](../01-requirements/01-03.11-document-numbering.md)
- [Software Architecture](../02-Architecture/02-02-software-architecture.md)
- [Document Numbering Requirements](../01-Requirements/01-02-business-rules/01-02-02-doc-numbering-rules.md)
---
@@ -188,7 +188,7 @@ CREATE TABLE document_number_audit (
> [!IMPORTANT]
> **Updated to align with Requirements Specification**
>
> This ADR now uses token names from [03.11-document-numbering.md](../01-requirements/01-03.11-document-numbering.md) for consistency.
> This ADR now uses token names from [Document Numbering Rules](../01-Requirements/01-02-business-rules/01-02-02-doc-numbering-rules.md) for consistency.
รองรับ Token ทั้งหมด:
@@ -214,7 +214,7 @@ CREATE TABLE document_number_audit (
> - ~~`{TYPE}`~~ → Use `{CORR_TYPE}`, `{SUB_TYPE}`, or `{RFA_TYPE}` (context-specific)
> - ~~`{CATEGORY}`~~ → Not used in current system
>
> **Always refer to**: [03.11-document-numbering.md](../01-requirements/01-03.11-document-numbering.md) as source of truth
> **Always refer to**: [Document Numbering Rules](../01-Requirements/01-02-business-rules/01-02-02-doc-numbering-rules.md) as source of truth
### Format Resolution Strategy (Fallback Logic)
@@ -943,18 +943,18 @@ ensure:
เป็นไปตาม:
- ✅ [Requirements 3.11](../01-requirements/01-03.11-document-numbering.md) - Document Numbering Management (v1.6.2)
- ✅ [Implementation Guide](../03-implementation/03-04-document-numbering.md) - DocumentNumberingModule (v1.6.1)
- ✅ [Operations Guide](../04-operations/04-08-document-numbering-operations.md) - Monitoring & Troubleshooting
- ✅ [Security Best Practices](../02-architecture/security-architecture.md) - Rate Limiting, Audit Logging
- ✅ [Document Numbering Rules](../01-Requirements/01-02-business-rules/01-02-02-doc-numbering-rules.md) - Document Numbering Management (v1.6.2)
- ✅ [Backend Guidelines](../05-Engineering-Guidelines/05-02-backend-guidelines.md) - DocumentNumberingModule Section
- ✅ [Operations Guide](../04-Infrastructure-OPS/04-03-monitoring.md) - Monitoring & Troubleshooting
- ✅ [Security Best Practices](../05-Engineering-Guidelines/05-02-backend-guidelines.md#security-guidelines) - Rate Limiting, Audit Logging
---
## Related ADRs
- [ADR-001: Unified Workflow Engine](./ADR-001-unified-workflow-engine.md) - Workflow triggers number generation
- [ADR-005: Redis Usage Strategy](./ADR-005-redis-usage-strategy.md) - Redis lock implementation details
- [ADR-006: Audit Logging Strategy](./ADR-006-audit-logging-strategy.md) - Comprehensive audit requirements
- [ADR-006: Redis Caching Strategy](./ADR-006-redis-caching-strategy.md) - Redis lock implementation details
- [ADR-010: Logging & Monitoring Strategy](./ADR-010-logging-monitoring-strategy.md) - Comprehensive audit requirements
---

28
specs/06-Decision-Records/ADR-005-technology-stack.md
View File

@@ -1,7 +1,7 @@
# ADR-005: Technology Stack Selection
**Status:** Accepted
**Date:** 2025-11-30
**Status:** Accept
**Date:** 2026-02-24
**Decision Makers:** Development Team, CTO
**Related Documents:**
@@ -89,18 +89,18 @@ LCBP3-DMS ต้องเลือก Technology Stack สำหรับพั
#### Backend Stack
| Component | Technology | Rationale |
| :----------------- | :-------------- | :--------------------------------------------- |
| **Runtime** | Node.js 20 LTS | Stable, modern features, long-term support |
| **Framework** | NestJS | Modular, TypeScript-first, similar to Angular |
| **Language** | TypeScript 5.x | Type safety, better DX |
| **ORM** | TypeORM | TypeScript support, migrations, repositories |
| **Database** | MariaDB 11.8 | JSON support, virtual columns, QNAP compatible |
| **Validation** | class-validator | Decorator-based, integrates with NestJS |
| **Authentication** | Passport + JWT | Standard, well-supported |
| **Authorization** | CASL | Flexible RBAC implementation |
| **Documentation** | Swagger/OpenAPI | Auto-generated from decorators |
| **Testing** | Jest | Built-in with NestJS |
| Component | Technology | Rationale |
| :----------------- | :-------------- | :------------------------------------------------------------------------- |
| **Runtime** | Node.js 20 LTS | Stable, modern features, long-term support |
| **Framework** | NestJS | Modular, TypeScript-first, similar to Angular |
| **Language** | TypeScript 5.x | Type safety, better DX |
| **ORM** | TypeORM | TypeScript support, migrations, repositories |
| **Database** | MariaDB 11.8 | JSON support, virtual columns, QNAP compatible |
| **Validation** | class-validator | Decorator-based, integrates with NestJS |
| **Authentication** | Passport + JWT | Standard, well-supported |
| **Authorization** | CASL **6.7.5+** | Flexible RBAC implementation ⚠️ Patched CVE-2026-1774 (Prototype Pollution) |
| **Documentation** | Swagger/OpenAPI | Auto-generated from decorators |
| **Testing** | Jest | Built-in with NestJS |
#### Frontend Stack

12
specs/06-Decision-Records/ADR-006-redis-caching-strategy.md
View File

@@ -1,12 +1,12 @@
# ADR-006: Redis Usage and Caching Strategy
**Status:** Accepted
**Date:** 2025-11-30
**Date:** 2026-02-24
**Decision Makers:** Development Team, System Architect
**Related Documents:**
- [System Architecture](../02-architecture/02-01-system-architecture.md)
- [Performance Requirements](../01-requirements/01-06-non-functional.md)
- [Software Architecture](../02-Architecture/02-02-software-architecture.md)
- [Non-Functional Rules](../01-Requirements/01-02-business-rules/01-02-04-non-functional-rules.md)
---
@@ -418,15 +418,15 @@ export class RedisMonitoringService {
เป็นไปตาม:
- [System Architecture Section 3.5](../02-architecture/02-01-system-architecture.md#redis)
- [Performance Requirements](../01-requirements/01-06-non-functional.md)
- [Software Architecture](../02-Architecture/02-02-software-architecture.md#redis)
- [Non-Functional Rules](../01-Requirements/01-02-business-rules/01-02-04-non-functional-rules.md)
---
## Related ADRs
- [ADR-002: Document Numbering Strategy](./ADR-002-document-numbering-strategy.md) - Redis locks
- [ADR-004: RBAC Implementation](./ADR-004-rbac-implementation.md) - Permission caching
- [RBAC Matrix](../01-Requirements/01-02-business-rules/01-02-01-rbac-matrix.md) - Permission caching
---

4
specs/06-Decision-Records/ADR-008-email-notification-strategy.md
View File

@@ -1,7 +1,7 @@
# ADR-008: Email & Notification Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Status:** ✅ Accepted (Pending Review)
**Date:** 2026-02-24
**Decision Makers:** Backend Team, System Architect
**Related Documents:** [Backend Guidelines](../03-implementation/03-02-backend-guidelines.md), [TASK-BE-011](../06-tasks/README.md)

4
specs/06-Decision-Records/ADR-009-database-migration-strategy.md
View File

@@ -1,7 +1,7 @@
# ADR-009: Database Migration & Deployment Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Status:** ✅ Accepted (Penging)
**Date:** 2026-02-24
**Decision Makers:** Backend Team, DevOps Team, System Architect
**Related Documents:** [TASK-BE-001](../06-tasks/TASK-BE-015-schema-v160-migration.md), [ADR-005: Technology Stack](./ADR-005-technology-stack.md)

4
specs/06-Decision-Records/ADR-010-logging-monitoring-strategy.md
View File

@@ -1,7 +1,7 @@
# ADR-010: Logging & Monitoring Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Status:** ✅ Accepted (Pending)
**Date:** 2026-02-24
**Decision Makers:** Backend Team, DevOps Team
**Related Documents:** [Backend Guidelines](../03-implementation/03-02-backend-guidelines.md)

2
specs/06-Decision-Records/ADR-011-nextjs-app-router.md
View File

@@ -3,7 +3,7 @@
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Decision Makers:** Frontend Team, System Architect
**Related Documents:** [Frontend Guidelines](../03-implementation/03-03-frontend-guidelines.md), [ADR-005: Technology Stack](./ADR-005-technology-stack.md)
**Related Documents:** [Frontend Guidelines](../05-Engineering-Guidelines/05-03-frontend-guidelines.md), [ADR-005: Technology Stack](./ADR-005-technology-stack.md)
---

6
specs/06-Decision-Records/ADR-012-ui-component-library.md
View File

@@ -1,9 +1,9 @@
# ADR-012: UI Component Library Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Date:** 2026-02-24
**Decision Makers:** Frontend Team, UX Designer
**Related Documents:** [Frontend Guidelines](../03-implementation/03-03-frontend-guidelines.md), [ADR-005: Technology Stack](./ADR-005-technology-stack.md)
**Related Documents:** [Frontend Guidelines](../05-Engineering-Guidelines/05-03-frontend-guidelines.md), [ADR-005: Technology Stack](./ADR-005-technology-stack.md)
---
@@ -405,7 +405,7 @@ export function CorrespondenceCard({ correspondence }) {
- **Documentation:** เขียนเอกสารว่า Components ไหนมา version ไหน
- **Changelog:** Track changes ที่ทำกับ Components
- **Testing:** เขียน Tests สำหรับ Custom components
- **Review Updates:** Check Shadcn/UI releases เป็นระยะ
- **Review Updates:** Check Shadcn/UI releases เป็นระยะ (แนะนำให้ใช้ `npx shadcn-ui@latest diff` ตรวจสอบความแตกต่างทุกๆ X เดือนเพื่อลดภาระการอัปเดตแบบ manual)
---

7
specs/06-Decision-Records/ADR-013-form-handling-validation.md
View File

@@ -1,9 +1,9 @@
# ADR-013: Form Handling & Validation Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Date:** 2026-02-24
**Decision Makers:** Frontend Team
**Related Documents:** [Frontend Guidelines](../03-implementation/03-03-frontend-guidelines.md)
**Related Documents:** [Frontend Guidelines](../05-Engineering-Guidelines/05-03-frontend-guidelines.md)
---
@@ -476,6 +476,7 @@ import { Controller } from 'react-hook-form';
- **Documentation:** เขียน Form patterns และ Examples
- **Reusable Components:** สร้าง FormField wrapper
- **Code Review:** Review forms ให้ใช้ best practices
- **Backend Sync:** ถึงแม้ฝั่ง Frontend จะใช้ `Zod` แต่ฝั่ง Backend (NestJS) ใช้ `class-validator` กับ `class-transformer` เป็นหลักใน DTOs ควรตรวจสอบ Validation Logic ทั้ง 2 ฝั่งให้อัปเดตตรงกันเสมอผ่าน Type Definitions หรือ Documentation
---
@@ -493,5 +494,5 @@ import { Controller } from 'react-hook-form';
---
**Last Updated:** 2025-12-01
**Last Updated:** 2026-02-24
**Next Review:** 2026-06-01

6
specs/06-Decision-Records/ADR-014-state-management.md
View File

@@ -1,9 +1,9 @@
# ADR-014: State Management Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Date:** 2026-02-24
**Decision Makers:** Frontend Team
**Related Documents:** [Frontend Guidelines](../03-implementation/03-03-frontend-guidelines.md), [ADR-011: App Router](./ADR-011-nextjs-app-router.md)
**Related Documents:** [Frontend Guidelines](../05-Engineering-Guidelines/05-03-frontend-guidelines.md), [ADR-011: App Router](./ADR-011-nextjs-app-router.md)
---
@@ -400,5 +400,5 @@ export const useUIStore = create<UIState>()(
---
**Last Updated:** 2026-02-20
**Last Updated:** 2026-02-24
**Next Review:** 2026-06-01

8
specs/06-Decision-Records/ADR-015-deployment-infrastructure.md
View File

@@ -1,9 +1,9 @@
# ADR-015: Deployment & Infrastructure Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Date:** 2026-02-24
**Decision Makers:** DevOps Team, System Architect
**Related Documents:** [ADR-005: Technology Stack](./ADR-005-technology-stack.md), [Operations Guide](../04-operations/)
**Related Documents:** [ADR-005: Technology Stack](./ADR-005-technology-stack.md), [Operations Guide](../04-Infrastructure-OPS/04-04-deployment-guide.md), [Docker Compose Setup](../04-Infrastructure-OPS/04-01-docker-compose.md)
---
@@ -435,6 +435,8 @@ server {
- **Automated Backups:** Cron jobs สำหรับ Database backups
- **Documentation:** เขียน Runbook สำหรับ Common issues
- **Health Checks:** Implement comprehensive health endpoints
- **CI/CD Integration (Gitea Actions):** แม้ว่า Deploy Script จะเขียนไว้สำหรับ Manual Run แต่ในทางปฏิบัติควรเขียน Gitea Actions workflow เพื่อ trigger script เหล่านี้ไปรันที่ QNAP สลับ Blue/Green ให้อัตโนมัติเมื่อ Merge โค้ด
- **Compose Templates:** โครงสร้าง Baseline Compose ควรอ้างอิงจาก `04-01-docker-compose.md` เป็นต้นแบบ ก่อนจะแปลงเป็นสองโฟลเดอร์สำหรับ Blue-Green ใน `04-04-deployment-guide.md`
---
@@ -453,5 +455,5 @@ server {
---
**Last Updated:** 2025-12-01
**Last Updated:** 2026-02-24
**Next Review:** 2026-06-01

22
specs/06-Decision-Records/ADR-016-security-authentication.md
View File

@@ -1,7 +1,7 @@
# ADR-016: Security & Authentication Strategy
**Status:** ✅ Accepted
**Date:** 2025-12-01
**Date:** 2026-02-24
**Decision Makers:** Security Team, System Architect
**Related Documents:** [ADR-004: RBAC Implementation](./ADR-004-rbac-implementation.md), [ADR-007: API Design](./ADR-007-api-design-error-handling.md)
@@ -37,7 +37,9 @@ LCBP3-DMS จัดการเอกสารสำคัญของโปร
### 1. Authentication Strategy
**Chosen:** **JWT (JSON Web Tokens) with HTTP-only Cookies**
**Chosen:** **JWT (JSON Web Tokens) with Bearer Token Strategy (Stored in LocalStorage via Zustand)**
*Note: Initial plan was HTTP-only cookies, but shifted to Bearer tokens to ease cross-domain Next.js to NestJS communication.*
```typescript
// File: src/auth/auth.service.ts
@@ -95,7 +97,9 @@ export class AuthService {
### 2. Password Security
**Strategy:** **bcrypt with salt rounds = 12**
**Strategy:** **bcrypt with salt rounds = 10 (Current implementation defaults to 10 via `genSalt()`)**
*Note: Code currently uses `bcrypt.genSalt()` without arguments, defaulting to 10 rounds. If 12 is strictly required, codebase needs updating.*
```typescript
import * as bcrypt from 'bcrypt';
@@ -369,7 +373,7 @@ await this.auditLogService.create({
### Application Security
- [x] JWT authentication with short-lived tokens
- [x] JWT authentication with short-lived tokens (Bearer Token)
- [x] Password hashing with bcrypt (12 rounds)
- [x] HTTPS only (TLS 1.3)
- [x] Security headers (Helmet.js)
@@ -377,7 +381,7 @@ await this.auditLogService.create({
- [x] Input validation (class-validator)
- [x] SQL injection prevention (TypeORM)
- [x] XSS prevention (sanitize-html)
- [x] CSRF protection (SameSite cookies)
- [x] CSRF protection (Mitigated by Bearer token usage instead of cookies)
- [x] Rate limiting (Throttler)
### Data Security
@@ -401,8 +405,9 @@ await this.auditLogService.create({
- [x] Firewall configured
- [x] Intrusion detection (optional)
- [x] Regular security updates
- [x] Vulnerability scanning
- [x] Vulnerability scanning (`pnpm audit` — run before each deploy)
- [x] Penetration testing (before go-live)
- [x] Dependency vulnerabilities patched — CASL 6.7.5 (CVE-2026-1774, 2026-02-24)
---
@@ -428,6 +433,7 @@ await this.auditLogService.create({
- **Training:** อบรม Security awareness
- **Automation:** Automated security scans
- **Monitoring:** Real-time security monitoring
- **Frontend Sync:** ตรวจสอบว่า `localStorage` ไม่ถูกดักจับผ่าน XSS ได้ง่าย ๆ เนื่องจากเปลี่ยนจาก `HTTP-only Cookies` มาเป็น `LocalStorage`
---
@@ -447,5 +453,5 @@ await this.auditLogService.create({
---
**Last Updated:** 2025-12-01
**Next Review:** 2026-03-01 (Quarterly review)
**Last Updated:** 2026-02-24
**Next Review:** 2026-06-01 (Quarterly review)

76
specs/06-Decision-Records/README.md
View File

@@ -1,7 +1,7 @@
# Architecture Decision Records (ADRs)
**Version:** 1.7.0
**Last Updated:** 2025-12-18
**Version:** 1.8.0
**Last Updated:** 2026-02-24
**Project:** LCBP3-DMS (Laem Chabang Port Phase 3 - Document Management System)
---
@@ -28,49 +28,46 @@ Architecture Decision Records (ADRs) เป็นเอกสารที่บ
### Core Architecture Decisions
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ------------------------------- | ---------- | ---------- | ------------------------------------------------------------------------- |
| [ADR-001](./ADR-001-unified-workflow-engine.md) | Unified Workflow Engine | ✅ Accepted | 2025-11-30 | ใช้ DSL-based Workflow Engine สำหรับ Correspondences, RFAs, และ Circulations |
| [ADR-002](./ADR-002-document-numbering-strategy.md) | Document Numbering Strategy | ✅ Accepted | 2025-11-30 | Double-lock mechanism (Redis + DB Optimistic Lock) สำหรับเลขที่เอกสาร |
| [ADR-003](./ADR-003-file-storage-approach.md) | Two-Phase File Storage Approach | ✅ Accepted | 2025-11-30 | Upload → Temp → Commit to Permanent เพื่อป้องกัน Orphan Files |
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | --------------------------- | ---------- | ---------- | ------------------------------------------------------------------------- |
| [ADR-001](./ADR-001-unified-workflow-engine.md) | Unified Workflow Engine | ✅ Accepted | 2026-02-24 | ใช้ DSL-based Workflow Engine สำหรับ Correspondences, RFAs, และ Circulations |
| [ADR-002](./ADR-002-document-numbering-strategy.md) | Document Numbering Strategy | ✅ Accepted | 2026-02-24 | Double-lock mechanism (Redis + DB Optimistic Lock) สำหรับเลขที่เอกสาร |
### Security & Access Control
| ADR | Title | Status | Date | Summary |
| ------------------------------------------- | ----------------------------- | ---------- | ---------- | ------------------------------------------------------------- |
| [ADR-004](./ADR-004-rbac-implementation.md) | RBAC Implementation (4-Level) | ✅ Accepted | 2025-11-30 | Hierarchical RBAC: Global → Organization → Project → Contract |
| ADR | Title | Status | Date | Summary |
| ----------------------------------------------- | ---------------------------------- | ---------- | ---------- | -------------------------------------------- |
| [ADR-016](./ADR-016-security-authentication.md) | Security & Authentication Strategy | ✅ Accepted | 2026-02-24 | JWT + bcrypt + OWASP Security Best Practices |
### Technology & Infrastructure
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ------------------------------------ | ---------- | ---------- | ------------------------------------------------------------ |
| [ADR-005](./ADR-005-technology-stack.md) | Technology Stack Selection | ✅ Accepted | 2025-11-30 | Full Stack TypeScript: NestJS + Next.js + MariaDB + Redis |
| [ADR-006](./ADR-006-redis-caching-strategy.md) | Redis Usage & Caching Strategy | ✅ Accepted | 2025-11-30 | Redis สำหรับ Distributed Lock, Cache, Queue, และ Rate Limiting |
| [ADR-009](./ADR-009-database-migration-strategy.md) | Database Migration & Deployment | ✅ Accepted | 2025-12-01 | TypeORM Migrations พร้อม Blue-Green Deployment |
| [ADR-015](./ADR-015-deployment-infrastructure.md) | Deployment & Infrastructure Strategy | ✅ Accepted | 2025-12-01 | Docker Compose with Blue-Green Deployment on QNAP |
| [ADR-016](./ADR-016-security-authentication.md) | Security & Authentication Strategy | ✅ Accepted | 2025-12-01 | JWT + bcrypt + OWASP Security Best Practices |
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ------------------------------------ | -------------------- | ---------- | ------------------------------------------------------------ |
| [ADR-005](./ADR-005-technology-stack.md) | Technology Stack Selection | ✅ Accepted | 2026-02-24 | Full Stack TypeScript: NestJS + Next.js + MariaDB + Redis |
| [ADR-006](./ADR-006-redis-caching-strategy.md) | Redis Usage & Caching Strategy | ✅ Accepted | 2026-02-24 | Redis สำหรับ Distributed Lock, Cache, Queue, และ Rate Limiting |
| [ADR-009](./ADR-009-database-migration-strategy.md) | Database Migration & Deployment | ✅ Accepted (Pending) | 2026-02-24 | TypeORM Migrations พร้อม Blue-Green Deployment |
| [ADR-015](./ADR-015-deployment-infrastructure.md) | Deployment & Infrastructure Strategy | ✅ Accepted | 2026-02-24 | Docker Compose with Blue-Green Deployment on QNAP |
### API & Integration
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ----------------------------- | ---------- | ---------- | --------------------------------------------------------------------------- |
| [ADR-007](./ADR-007-api-design-error-handling.md) | API Design & Error Handling | ✅ Accepted | 2025-12-01 | Standard REST API with Custom Error Format + NestJS Exception Filters |
| [ADR-008](./ADR-008-email-notification-strategy.md) | Email & Notification Strategy | ✅ Accepted | 2025-12-01 | BullMQ + Redis Queue สำหรับ Multi-channel Notifications (Email, LINE, In-app) |
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ----------------------------- | --------------------------- | ---------- | --------------------------------------------------------------------------- |
| [ADR-008](./ADR-008-email-notification-strategy.md) | Email & Notification Strategy | ✅ Accepted (Pending Review) | 2026-02-24 | BullMQ + Redis Queue สำหรับ Multi-channel Notifications (Email, LINE, In-app) |
### Observability
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ----------------------------- | ---------- | ---------- | ------------------------------------------------------------ |
| [ADR-010](./ADR-010-logging-monitoring-strategy.md) | Logging & Monitoring Strategy | ✅ Accepted | 2025-12-01 | Winston Structured Logging พร้อม Future ELK Stack Integration |
| ADR | Title | Status | Date | Summary |
| --------------------------------------------------- | ----------------------------- | -------------------- | ---------- | ------------------------------------------------------------ |
| [ADR-010](./ADR-010-logging-monitoring-strategy.md) | Logging & Monitoring Strategy | ✅ Accepted (Pending) | 2026-02-24 | Winston Structured Logging พร้อม Future ELK Stack Integration |
### Frontend Architecture
| ADR | Title | Status | Date | Summary |
| ------------------------------------------------ | -------------------------------- | ---------- | ---------- | ----------------------------------------------------- |
| [ADR-011](./ADR-011-nextjs-app-router.md) | Next.js App Router & Routing | ✅ Accepted | 2025-12-01 | App Router with Server Components and Nested Layouts |
| [ADR-012](./ADR-012-ui-component-library.md) | UI Component Library (Shadcn/UI) | ✅ Accepted | 2025-12-01 | Shadcn/UI + Tailwind CSS for Full Component Ownership |
| [ADR-013](./ADR-013-form-handling-validation.md) | Form Handling & Validation | ✅ Accepted | 2025-12-01 | React Hook Form + Zod for Type-Safe Forms |
| [ADR-014](./ADR-014-state-management.md) | State Management Strategy | ✅ Accepted | 2025-12-01 | Zustand for Client State + Server Components |
| [ADR-012](./ADR-012-ui-component-library.md) | UI Component Library (Shadcn/UI) | ✅ Accepted | 2026-02-24 | Shadcn/UI + Tailwind CSS for Full Component Ownership |
| [ADR-013](./ADR-013-form-handling-validation.md) | Form Handling & Validation | ✅ Accepted | 2026-02-24 | React Hook Form + Zod for Type-Safe Forms |
| [ADR-014](./ADR-014-state-management.md) | State Management Strategy | ✅ Accepted | 2026-02-24 | Zustand for Client State + Server Components |
---
@@ -83,26 +80,23 @@ Architecture Decision Records (ADRs) เป็นเอกสารที่บ
### 2. Data Integrity & Concurrency
- **ADR-002:** Document Numbering - Double-lock (Redis Redlock + DB Optimistic) เพื่อป้องกัน Race Condition
- 📋 [Requirements](../01-requirements/01-03.11-document-numbering.md)
- 📘 [Implementation Guide](../03-implementation/03-04-document-numbering.md)
- 📗 [Operations Guide](../04-operations/04-08-document-numbering-operations.md)
- **ADR-003:** File Storage - Two-phase เพื่อ Transaction safety
- 📋 [Requirements](../01-Requirements/01-03.11-document-numbering.md)
- 📘 [Implementation Guide](../05-Engineering-Guidelines/05-02-backend-guidelines.md)
- 📗 [Operations Guide](../04-Infrastructure-OPS/04-04-deployment-guide.md)
- **ADR-009:** Database Migration - TypeORM Migrations พร้อม Blue-Green Deployment
### 3. Security & Access Control
- **ADR-004:** RBAC - 4-level scope สำหรับ Fine-grained permissions
- **ADR-016:** Security - JWT Authentication + OWASP Best Practices
### 4. Infrastructure & Performance
- **ADR-005:** Technology Stack - TypeScript ecosystem
- **ADR-006:** Redis - Caching และ Distributed coordination
- **ADR-015:** Deployment - Docker Compose with Blue-Green Deployment
- **ADR-016:** Security - JWT Authentication + OWASP Best Practices
### 5. API & Integration
- **ADR-007:** API Design - REST API with Custom Error Format
- **ADR-008:** Notification - BullMQ Queue สำหรับ Multi-channel notifications
### 6. Observability & Monitoring
@@ -263,12 +257,8 @@ graph TB
ADR002[ADR-002<br/>Document Numbering] --> Corr
ADR002 --> RFA
ADR003[ADR-003<br/>File Storage] --> Attach[Attachments]
ADR003 --> Corr
ADR003 --> RFA
ADR004[ADR-004<br/>RBAC] --> Auth[Authentication]
ADR004 --> Guards[Guards]
ADR016[ADR-016<br/>Security & Auth] --> Auth[Authentication]
ADR016 --> Guards[Guards]
ADR005[ADR-005<br/>Tech Stack] --> Backend[Backend]
ADR005 --> Frontend[Frontend]
@@ -278,7 +268,7 @@ graph TB
ADR006 --> Lock[Locking]
ADR006 --> Queue[Job Queue]
ADR006 --> ADR002
ADR006 --> ADR004
ADR006 --> ADR016
```
---
@@ -356,5 +346,5 @@ graph TB
---
**Version:** 1.7.0
**Last Review:** 2025-12-18
**Version:** 1.8.0
**Last Review:** 2026-02-24