This commit is contained in:
@@ -1,8 +1,8 @@
|
||||
# Security Operations
|
||||
|
||||
**Project:** LCBP3-DMS
|
||||
**Version:** 1.8.0
|
||||
**Last Updated:** 2025-12-02
|
||||
**Version:** 1.8.1
|
||||
**Last Updated:** 2026-03-19
|
||||
|
||||
---
|
||||
|
||||
@@ -10,6 +10,12 @@
|
||||
|
||||
This document outlines security monitoring, access control management, vulnerability management, and security incident response for LCBP3-DMS.
|
||||
|
||||
**Security Status as of 2026-03-19:**
|
||||
- ✅ **0 known vulnerabilities** (Backend dependencies fully patched)
|
||||
- ✅ **52 vulnerabilities resolved** (27 high + 20 moderate + 5 low severity)
|
||||
- ✅ **Major security updates applied**: Elasticsearch 9.3.4, Nodemailer 8.0.3, UUID 13.0.0
|
||||
- ✅ **Security overrides implemented** via `pnpm audit --fix`
|
||||
|
||||
---
|
||||
|
||||
## 🔒 Access Control Management
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# Backend Development Guidelines
|
||||
|
||||
**สำหรับ:** NAP-DMS LCBP3 Backend (NestJS + TypeScript)
|
||||
**เวอร์ชัน:** 1.5.0
|
||||
**อัปเดต:** 2025-12-01
|
||||
**เวอร์ชัน:** 1.8.1
|
||||
**อัปเดต:** 2026-03-19
|
||||
|
||||
---
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
3. **Security First:** ทุก Endpoint ต้องผ่าน Authentication, Authorization, และ Input Validation
|
||||
4. **Idempotency:** Request สำคัญต้องทำซ้ำได้โดยไม่เกิดผลกระทบซ้ำซ้อน
|
||||
5. **Resilience:** รองรับ Network Failure และ External Service Downtime
|
||||
6. **Zero Vulnerabilities:** รักษาความปลอดภัยของ dependencies เป็นประจำ (0 vulnerabilities ณ 2026-03-19)
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
# Frontend Development Guidelines
|
||||
|
||||
**สำหรับ:** NAP-DMS LCBP3 Frontend (Next.js 16 + TypeScript)
|
||||
**สำหรับ:** NAP-DMS LCBP3 Frontend (Next.js 16.2.0 + TypeScript)
|
||||
**เวอร์ชัน:** 1.8.1
|
||||
**อัปเดต:** 2026-03-16
|
||||
**อัปเดต:** 2026-03-19
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -98,7 +98,7 @@
|
||||
| Layer | Primary Technology | Secondary/Supporting |
|
||||
| ------------ | ------------------ | -------------------- |
|
||||
| **Backend** | NestJS 11 (Express v5) | TypeORM, BullMQ |
|
||||
| **Frontend** | Next.js 16 (React 19) | Shadcn/UI, Tailwind |
|
||||
| **Frontend** | Next.js 16.2.0 (React 19.2.4) | Shadcn/UI, Tailwind 4.2.2 |
|
||||
| **Database** | MariaDB 11.8 | Redis 7 (Cache/Lock) |
|
||||
| **Search** | Elasticsearch | - |
|
||||
| **Testing** | Jest, Vitest | Playwright |
|
||||
|
||||
@@ -107,14 +107,14 @@ LCBP3-DMS ต้องเลือก Technology Stack สำหรับพั
|
||||
|
||||
| Component | Technology | Rationale |
|
||||
| :-------------------- | :------------------ | :------------------------------------- |
|
||||
| **Framework** | Next.js 14+ | App Router, SSR/SSG, React integration |
|
||||
| **UI Library** | React 19 | Industry standard, large ecosystem |
|
||||
| **Framework** | Next.js 16.2.0 | App Router, SSR/SSG, React integration |
|
||||
| **UI Library** | React 19.2.4 | Industry standard, large ecosystem |
|
||||
| **Language** | TypeScript 5.x | Consistency with backend |
|
||||
| **Styling** | Tailwind CSS | Utility-first, fast development |
|
||||
| **Styling** | Tailwind CSS 4.2.2 | Utility-first, fast development |
|
||||
| **Component Library** | shadcn/ui | Accessible, customizable, TypeScript |
|
||||
| **State Management** | TanStack Query | Server state management |
|
||||
| **Form Handling** | React Hook Form | Performance, ต้ validation with Zod |
|
||||
| **Testing** | Vitest + Playwright | Fast unit tests, reliable E2E |
|
||||
| **Form Handling** | React Hook Form 7.71.2 | Performance, ต้ validation with Zod |
|
||||
| **Testing** | Vitest 4.1.0 + Playwright | Fast unit tests, reliable E2E |
|
||||
|
||||
#### Infrastructure
|
||||
|
||||
|
||||
+3
-3
@@ -1,7 +1,7 @@
|
||||
# 📚 LCBP3-DMS Specifications Directory
|
||||
|
||||
**Version:** 1.8.1 (Patch)
|
||||
**Last Updated:** 2026-03-16
|
||||
**Last Updated:** 2026-03-19
|
||||
**Project:** LCBP3-DMS (Laem Chabang Port Phase 3 - Document Management System)
|
||||
**Status:** ✅ UAT Ready — 10/10 Documentation Gaps Closed
|
||||
|
||||
@@ -154,12 +154,12 @@ specs/
|
||||
|-----|-------|-------------|
|
||||
| ADR-001 | Workflow Engine | Unified state machine for document workflows |
|
||||
| ADR-002 | Doc Numbering | Redis Redlock + DB optimistic locking |
|
||||
| ADR-005 | Technology Stack | NestJS 11 + Next.js 16 + MariaDB + Redis |
|
||||
| ADR-005 | Technology Stack | NestJS 11 + Next.js 16.2.0 + MariaDB + Redis |
|
||||
| ADR-006 | Redis Caching | Cache strategy and invalidation patterns |
|
||||
| ADR-008 | Email Notification | BullMQ queue-based email/LINE/in-app |
|
||||
| ADR-009 | DB Strategy | No TypeORM migrations — modify schema SQL directly |
|
||||
| ADR-010 | Logging/Monitoring | Prometheus + Loki + Grafana stack |
|
||||
| ADR-011 | App Router | Next.js App Router with RSC patterns |
|
||||
| ADR-011 | App Router | Next.js 16.2.0 App Router with RSC patterns |
|
||||
| ADR-012 | UI Components | Shadcn/UI component library |
|
||||
| ADR-013 | Form Handling | React Hook Form + Zod validation |
|
||||
| ADR-014 | State Management | TanStack Query (server) + Zustand (client) |
|
||||
|
||||
Reference in New Issue
Block a user