Apply .gitignore cleanup

.github/copilot-instructions.md

@@ -1,66 +1,66 @@
-# Copilot instructions for DMS repository
+# Copilot instructions for DMS repository
-
+
-This file contains short, actionable guidance for AI coding agents working in this repository. Keep edits small and focused; prefer non-invasive changes and always run the project's health checks after edits.
+This file contains short, actionable guidance for AI coding agents working in this repository. Keep edits small and focused; prefer non-invasive changes and always run the project's health checks after edits.
-
+
-Summary (one line):
+Summary (one line):
-- Monorepo-style Dockerized DMS app: Node (ESM) backend (Express + Sequelize + MariaDB), Next.js frontend, n8n workflows, nginx/NPM reverse proxy, and various DB admin containers.
+- Monorepo-style Dockerized DMS app: Node (ESM) backend (Express + Sequelize + MariaDB), Next.js frontend, n8n workflows, nginx/NPM reverse proxy, and various DB admin containers.
-
+
-What to read first (order matters):
+What to read first (order matters):
-1. `README.md` (root) — high-level architecture and host paths used on QNAP (/share/Container/dms and /share/dms-data).
+1. `README.md` (root) — high-level architecture and host paths used on QNAP (/share/Container/dms and /share/dms-data).
-2. `docker-compose.yml` — service boundaries, env var conventions, mounted volumes, and healthchecks.
+2. `docker-compose.yml` — service boundaries, env var conventions, mounted volumes, and healthchecks.
-3. `backend/README.md` and `backend/package.json` — backend runtime (Node >=20, ESM), start/dev scripts, and important env names (DB_*, JWT_*).
+3. `backend/README.md` and `backend/package.json` — backend runtime (Node >=20, ESM), start/dev scripts, and important env names (DB_*, JWT_*).
-4. `frontend/package.json`, `frontend/next.config.js`, `frontend/middleware.ts` — Next.js routes and auth cookie usage.
+4. `frontend/package.json`, `frontend/next.config.js`, `frontend/middleware.ts` — Next.js routes and auth cookie usage.
-
+
-Quick architecture notes (why things are structured this way):
+Quick architecture notes (why things are structured this way):
-- Containers are intended to run on QNAP Container Station; many volumes map host paths under `/share/Container/dms` and `/share/dms-data` for persistent storage and uploads.
+- Containers are intended to run on QNAP Container Station; many volumes map host paths under `/share/Container/dms` and `/share/dms-data` for persistent storage and uploads.
-- Backend is ESM Node app with Sequelize connecting to MariaDB. No project-level `.env` — environment is provided by `docker-compose.yml` or Container Station.
+- Backend is ESM Node app with Sequelize connecting to MariaDB. No project-level `.env` — environment is provided by `docker-compose.yml` or Container Station.
-- Frontend is Next.js (server+client) running on port 3000. Middleware enforces cookie-based auth (`access_token`).
+- Frontend is Next.js (server+client) running on port 3000. Middleware enforces cookie-based auth (`access_token`).
-- Reverse proxy (NPM) and nginx landing are used to expose services; ensure `TRUSTED_PROXIES`, `ROOT_URL`, and proxy headers are configured when editing networking code.
+- Reverse proxy (NPM) and nginx landing are used to expose services; ensure `TRUSTED_PROXIES`, `ROOT_URL`, and proxy headers are configured when editing networking code.
-
+
-Important developer workflows (commands & checks):
+Important developer workflows (commands & checks):
-- Backend dev server:
+- Backend dev server:
-  - npm run dev (in `backend/`) — nodemon watches `src` and restarts. Port from `PORT` env (default 3001).
+  - npm run dev (in `backend/`) — nodemon watches `src` and restarts. Port from `PORT` env (default 3001).
-  - npm run health (in `backend/`) — quick healthcheck: fetches /health.
+  - npm run health (in `backend/`) — quick healthcheck: fetches /health.
-- Frontend dev server:
+- Frontend dev server:
-  - npm run dev (in `frontend/`) — next dev on port 3000.
+  - npm run dev (in `frontend/`) — next dev on port 3000.
-- Docker: use `docker-compose up -d` on the host (QNAP) to recreate services. On local dev, mount source to container as `docker-compose.yml` shows.
+- Docker: use `docker-compose up -d` on the host (QNAP) to recreate services. On local dev, mount source to container as `docker-compose.yml` shows.
-
+
-Project-specific conventions and patterns:
+Project-specific conventions and patterns:
-- No `.env` files in repo; service environment is provided in compose and expected on host. Do not introduce secrets into repository; use compose or host secrets.
+- No `.env` files in repo; service environment is provided in compose and expected on host. Do not introduce secrets into repository; use compose or host secrets.
-- Ports: backend 3001, frontend 3000. Health endpoints: `/health` for both services.
+- Ports: backend 3001, frontend 3000. Health endpoints: `/health` for both services.
-- File uploads are module-scoped: upload endpoint is `POST /api/v1/uploads/:module/:refId` and allowed `module` values are in README (rfa, correspondence, drawing, document, transmittal).
+- File uploads are module-scoped: upload endpoint is `POST /api/v1/uploads/:module/:refId` and allowed `module` values are in README (rfa, correspondence, drawing, document, transmittal).
-- RBAC: permission strings like `rfa:create` and middleware `requirePerm('...')` (see `backend/middleware/permGuard.js`). Prefer existing middleware and permission helpers rather than inlining checks.
+- RBAC: permission strings like `rfa:create` and middleware `requirePerm('...')` (see `backend/middleware/permGuard.js`). Prefer existing middleware and permission helpers rather than inlining checks.
-- Views endpoints require `?project_id=` for scoped queries and enforce `projectScopedView('<module>')` policy.
+- Views endpoints require `?project_id=` for scoped queries and enforce `projectScopedView('<module>')` policy.
-
+
-Key files and directories to reference for edits or feature additions:
+Key files and directories to reference for edits or feature additions:
-- `backend/src/` — controllers, routes, middleware, models (Sequelize). Look for `index.js`, `routes/`, `models/`, `middleware/`.
+- `backend/src/` — controllers, routes, middleware, models (Sequelize). Look for `index.js`, `routes/`, `models/`, `middleware/`.
-- `frontend/app` and `frontend/page.jsx` — Next.js app routes and top-level page.
+- `frontend/app` and `frontend/page.jsx` — Next.js app routes and top-level page.
-- `docker-compose.yml` — service shapes, volumes, env var names, and healthchecks (use this to know what variables to set).
+- `docker-compose.yml` — service shapes, volumes, env var names, and healthchecks (use this to know what variables to set).
-- `README.md` (root) and `backend/README.md` — canonical list of endpoints and env vars.
+- `README.md` (root) and `backend/README.md` — canonical list of endpoints and env vars.
-
+
-Testing and validation checklist for code changes:
+Testing and validation checklist for code changes:
-- Backend: run `npm run lint` (placeholder) and `npm run health` in `backend/`. Start nodemon and ensure `/health` returns OK and DB connection works.
+- Backend: run `npm run lint` (placeholder) and `npm run health` in `backend/`. Start nodemon and ensure `/health` returns OK and DB connection works.
-- Frontend: run `npm run dev` and confirm middleware redirects unauthenticated users to `/login` when visiting protected routes (see `middleware.ts` matcher).
+- Frontend: run `npm run dev` and confirm middleware redirects unauthenticated users to `/login` when visiting protected routes (see `middleware.ts` matcher).
-- Docker compose: after edits to services or env vars, run `docker-compose up -d --build` and watch healthchecks. Check mapped host paths under `/share/Container/dms`.
+- Docker compose: after edits to services or env vars, run `docker-compose up -d --build` and watch healthchecks. Check mapped host paths under `/share/Container/dms`.
-
+
-Common pitfalls to avoid (from repo patterns):
+Common pitfalls to avoid (from repo patterns):
-- Do not hardcode secrets (JWT secrets, DB passwords) into code or repo files — they appear in compose for local deployment but should not be committed for production.
+- Do not hardcode secrets (JWT secrets, DB passwords) into code or repo files — they appear in compose for local deployment but should not be committed for production.
-- File permissions: many volumes expect certain UID/GID (e.g., `USER_UID=1000`). Ensure the container user has write permission for uploads and logs.
+- File permissions: many volumes expect certain UID/GID (e.g., `USER_UID=1000`). Ensure the container user has write permission for uploads and logs.
-- Large file uploads: proxy (NPM/nginx) may block big uploads; remember to check proxy `client_max_body_size` or NPM upload limits when debugging upload issues.
+- Large file uploads: proxy (NPM/nginx) may block big uploads; remember to check proxy `client_max_body_size` or NPM upload limits when debugging upload issues.
-
+
-If you change routing, auth, or upload behavior:
+If you change routing, auth, or upload behavior:
-- Update `frontend/middleware.ts` if protected path patterns change.
+- Update `frontend/middleware.ts` if protected path patterns change.
-- Update backend `routes/` and ensure RBAC middleware usage follows `requirePerm` and `projectScopedView` patterns.
+- Update backend `routes/` and ensure RBAC middleware usage follows `requirePerm` and `projectScopedView` patterns.
-- Run both services and test a full upload flow: login -> upload file -> download -> list files.
+- Run both services and test a full upload flow: login -> upload file -> download -> list files.
-
+
-When you need more context, open these files first:
+When you need more context, open these files first:
-- `docker-compose.yml` (service boundaries & env names)
+- `docker-compose.yml` (service boundaries & env names)
-- `backend/README.md` (endpoint list & env examples)
+- `backend/README.md` (endpoint list & env examples)
-- `backend/src/index.js` (app bootstrap & middleware wiring)
+- `backend/src/index.js` (app bootstrap & middleware wiring)
-- `backend/src/middleware/permGuard.js` (RBAC enforcement)
+- `backend/src/middleware/permGuard.js` (RBAC enforcement)
-- `frontend/middleware.ts` (auth enforcement for routes)
+- `frontend/middleware.ts` (auth enforcement for routes)
-
+
-If the repo already contains a `.github/copilot-instructions.md`, merge rather than replace; preserve any specific workflow steps.
+If the repo already contains a `.github/copilot-instructions.md`, merge rather than replace; preserve any specific workflow steps.
-
+
-Feedback request
+Feedback request
-- Is there any additional developer workflow or file path you'd like included (build scripts, CI, or QNAP-specific steps)? If yes, point me to the file(s) and I'll integrate them.
+- Is there any additional developer workflow or file path you'd like included (build scripts, CI, or QNAP-specific steps)? If yes, point me to the file(s) and I'll integrate them.

.gitignore

@@ -1,94 +1,94 @@
-# ยกเว้นโฟลเดอร์
+# ยกเว้นโฟลเดอร์
-.devcontainer/
+.devcontainer/
-.qsync/
+.qsync/
-@Recently-Snapshot/
+@Recently-Snapshot/
-Documents/
+Documents/
-mariadb/data/
+mariadb/data/
-n8n*/
+n8n*/
-npm/
+npm/
-phpmyadmin/
+phpmyadmin/
-pgadmin/
+pgadmin/
-# =====================================================
+# =====================================================
-# IDE/Editor settings
+# IDE/Editor settings
-# =====================================================
+# =====================================================
-.vscode/
+.vscode/
-.idea/
+.idea/
-# =====================================================
+# =====================================================
-# Node.js dependencies (เฉพาะ backend และ frontend)
+# Node.js dependencies (เฉพาะ backend และ frontend)
-# =====================================================
+# =====================================================
-/backend/node_modules/
+/backend/node_modules/
-/frontend/node_modules/
+/frontend/node_modules/
-**/node_modules/
+**/node_modules/
-# lockfiles
+# lockfiles
-# /backend/package-lock.json
+# /backend/package-lock.json
-# /frontend/package-lock.json
+# /frontend/package-lock.json
-# **/package-lock.json
+# **/package-lock.json
-# =====================================================
+# =====================================================
-# Next.js build output
+# Next.js build output
-# =====================================================
+# =====================================================
-/frontend/.next/
+/frontend/.next/
-/frontend/out/
+/frontend/out/
-/frontend/.vercel/
+/frontend/.vercel/
-
+
-# Build outputs
+# Build outputs
-/dist
+/dist
-/build
+/build
-/.next/
+/.next/
-/out/
+/out/
-/bin/
+/bin/
-
+
-# =====================================================
+# =====================================================
-# Environment files
+# Environment files
-# =====================================================
+# =====================================================
-.env
+.env
-.env.local
+.env.local
-.env.development.local
+.env.development.local
-.env.test.local
+.env.test.local
-.env.production.local
+.env.production.local
-
+
-# =====================================================
+# =====================================================
-# Logs
+# Logs
-# =====================================================
+# =====================================================
-/backend/logs/
+/backend/logs/
-/frontend/logs/
+/frontend/logs/
-/logs/
+/logs/
-*.log
+*.log
-npm-debug.log*
+npm-debug.log*
-yarn-debug.log*
+yarn-debug.log*
-yarn-error.log*
+yarn-error.log*
-pnpm-debug.log*
+pnpm-debug.log*
-*.tmp
+*.tmp
-*.temp
+*.temp
-ehthumbs.db
+ehthumbs.db
-desktop.ini
+desktop.ini
-# ===================================================================
+# ===================================================================
-# Databases (MariaDB, Postgres) & Admin Tools (phpMyAdmin, pgAdmin)
+# Databases (MariaDB, Postgres) & Admin Tools (phpMyAdmin, pgAdmin)
-# ===================================================================
+# ===================================================================
-# Do not commit database data dumps which may contain sensitive info
+# Do not commit database data dumps which may contain sensitive info
-*.dump
+*.dump
-*.bak
+*.bak
-
+
-# =====================================================
+# =====================================================
-# OS-specific junk
+# OS-specific junk
-# =====================================================
+# =====================================================
-.DS_Store
+.DS_Store
-Thumbs.db
+Thumbs.db
-.AppleDouble
+.AppleDouble
-
+
-# =====================================================
+# =====================================================
-# Docker-related
+# Docker-related
-# =====================================================
+# =====================================================
-*.pid
+*.pid
-*.seed
+*.seed
-*.pid.lock
+*.pid.lock
-docker-compose.override.yml
+docker-compose.override.yml
-docker-compose.override.*.yml
+docker-compose.override.*.yml
-
+
-# =====================================================
+# =====================================================
-# Cache / temp
+# Cache / temp
-# =====================================================
+# =====================================================
-/backend/.cache/
+/backend/.cache/
-/frontend/.cache/
+/frontend/.cache/
-.tmp/
+.tmp/
-.tmp*.*/
+.tmp*.*/
 .cache/

.qsync/meta/meta.conf

@@ -1,4 +0,0 @@
-[/dms]
-max_log = 496206
-number = 3
-finish = 1

.tmp.driveupload/1906

@@ -1,2 +0,0 @@
-x
<01><>]J1<14>}<7D>*<2A><>uH2<48>?q+I<>M<1D><>0<EFBFBD><30>}l<>&\<5C><>
-<EFBFBD><EFBFBD>d)<29><>@8p>|p<>4}<06><>]^<5E> Xr!<21>5<1C><>I<EFBFBD>#<23>.q!<21><><EFBFBD><EFBFBD>:i<>u<EFBFBD><75>~<7E>1<06>[nm<6E><6D><EFBFBD>F<EFBFBD>h1R2mRh$<06>&<1F>5<EFBFBD><35><EFBFBD>봀ǡ<1F><>V/<2F>>7<><37><EFBFBD><EFBFBD><EFBFBD>|L<><4C><19>Q<EFBFBD>i%<25><>{n8g<38>v/ӿE<D3BF><45><EFBFBD>G<EFBFBD><47>c-<2D>z9<7A>r<EFBFBD>姖<EFBFBD>Z<EFBFBD>`<60>[Z<><5A><EFBFBD>s<03><>0<EFBFBD><30><1F>_qm[}

.tmp.driveupload/1952

@@ -1,4 +0,0 @@
-x
m<><6D>j<EFBFBD>0<0C>{<7B>S<EFBFBD><53><EFBFBD>2N
-<EFBFBD><EFBFBD>.<19>
J)s<>]q<><71><EFBFBD>%<25><>,<2C><>{<7B>t<EFBFBD>N<EFBFBD>K<08>ӯOr<4F>l<0F>O7<4F><37>	<09><>dBƘԽu
n
=<3D>	E<><45>Y
-<EFBFBD>K<EFBFBD><EFBFBD>E<EFBFBD>
-RNj<19><><0E><>a+w|<7C><><EFBFBD><EFBFBD>U<EFBFBD>N}#<23>

.tmp.driveupload/1960

@@ -1,2 +0,0 @@
-x
<01><><EFBFBD>M<EFBFBD>0@aή<61>G"<22>olKh<4B><68>L<EFBFBD>1<04>myg<79>n+p<>n)'<27> m<07><><EFBFBD><EFBFBD>^<5E><><EFBFBD>W<><57>QG<51><47><05>.jQ+<2B><><EFBFBD>8-<2D>t<10><>F<EFBFBD><46>uf
-:⠓Be<42>$q<>bZ<>	J<>f<EFBFBD><66>PbJz<02><19><><EFBFBD>vi]