251207:0048 Update Schema & Data dictionary/ Login PASS

2025-12-07 00:48:46 +07:00
parent 5c49bac772
commit 32d820ea6b
20 changed files with 1773 additions and 2596 deletions
--- a/.agent/rules/00-project-specs.md
+++ b/.agent/rules/00-project-specs.md
@@ -32,8 +32,8 @@ Before generating code or planning a solution, you MUST conceptually load the co

 5.  **💾 DATABASE & SCHEMA (`specs/07-databasee/`)**
    - *Action:* - **Read `specs/07-database/lcbp3-v1.5.1-schema.sql`** (or relevant `.sql` files) for exact table structures and constraints.
-        - **Consult `specs/database/data-dictionary-v1.5.1.md`** for field meanings and business rules.
-        - **Check `specs/database/lcbp3-v1.5.1-seed.sql`** to understand initial data states.
+        - **Consult `specs/07-database/data-dictionary-v1.5.1.md`** for field meanings and business rules.
+        - **Check `specs/07-database/lcbp3-v1.5.1-seed.sql`** to understand initial data states.
    - *Constraint:* NEVER invent table names or columns. Use ONLY what is defined here.

 6.  **⚙️ IMPLEMENTATION DETAILS (`specs/03-implementation/`)**
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ LCBP3-DMS เป็นระบบบริหารจัดการเอก
 ```typescript
 {
  "framework": "NestJS (TypeScript, ESM)",
-  "database": "MariaDB 10.11",
+  "database": "MariaDB 11.8",
  "orm": "TypeORM",
  "authentication": "JWT + Passport",
  "authorization": "CASL (RBAC)",
@@ -111,7 +111,7 @@ LCBP3-DMS เป็นระบบบริหารจัดการเอก
 - **Node.js**: v20.x หรือสูงกว่า
 - **pnpm**: v8.x หรือสูงกว่า
 - **Docker**: v24.x หรือสูงกว่า
- **MariaDB**: 10.11
+- **MariaDB**: 11.8
 - **Redis**: 7.x

 ### การติดตั้ง
@@ -466,7 +466,7 @@ This project is **Internal Use Only** - ลิขสิทธิ์เป็น

 สำหรับคำถามหรือปัญหา กรุณาติดต่อ:

- **Email**: support@np-dms.work
+- **Email**: <support@np-dms.work>
 - **Internal Chat**: [ระบุช่องทาง]
 - **Issue Tracker**: [Gitea Issues](https://git.np-dms.work/lcbp3/lcbp3-dms/issues)

--- a/specs/00-overview/README.md
+++ b/specs/00-overview/README.md
@@ -125,7 +125,7 @@ LCBP3-DMS is a comprehensive Document Management System (DMS) designed specifica
 ### Backend

 - **Framework:** NestJS (TypeScript)
- **Database:** MariaDB 10.11
+- **Database:** MariaDB 11.8
 - **Cache & Queue:** Redis 7.2
 - **Search:** Elasticsearch 8.11
 - **ORM:** TypeORM
--- a/specs/01-requirements/02-architecture.md
+++ b/specs/01-requirements/02-architecture.md
@@ -57,7 +57,7 @@ specs/01-objectives.md
  - Framework: NestJS (Node.js, TypeScript, ESM)
  - หน้าที่: จัดการโครงสร้างข้อมูล (Data Models), สร้าง API, จัดการสิทธิ์ผู้ใช้ (Roles & Permissions), และสร้าง Workflow ทั้งหมดของระบบ

- Database: MariaDB 10.11
+- Database: MariaDB 11.8

  - Application name: lcbp3-db
  - Service name: mariadb
--- a/specs/01-requirements/03.11-document-numbering.md
+++ b/specs/01-requirements/03.11-document-numbering.md
@@ -1407,12 +1407,12 @@ export class DocumentNumberingController {
 services:
  # MariaDB - Master/Replica
  mariadb-master:
-    image: mariadb:10.11
+    image: mariadb:11.8
    environment:
      MYSQL_REPLICATION_MODE: master

  mariadb-replica:
-    image: mariadb:10.11
+    image: mariadb:11.8
    environment:
      MYSQL_REPLICATION_MODE: slave
      MYSQL_MASTER_HOST: mariadb-master
--- a/specs/02-architecture/README.md
+++ b/specs/02-architecture/README.md
@@ -225,7 +225,7 @@ Layer 6: File Security (Virus Scanning, Access Control)
 | **Server**           | QNAP TS-473A            | Physical Server         |
 | **Containerization** | Docker + Docker Compose | Container Orchestration |
 | **Reverse Proxy**    | Nginx Proxy Manager     | SSL/TLS + Routing       |
-| **Database**         | MariaDB 10.11           | Relational Database     |
+| **Database**         | MariaDB 11.8            | Relational Database     |
 | **Cache**            | Redis 7.x               | Caching + Locking       |
 | **Search**           | Elasticsearch           | Full-text Search        |
 | **Version Control**  | Gitea                   | Self-hosted Git         |
@@ -337,7 +337,7 @@ graph TB
    end

    subgraph "Data Layer"
-        MariaDB[(MariaDB 10.11<br/>Primary Database)]
+        MariaDB[(MariaDB 11.8<br/>Primary Database)]
        Redis[(Redis<br/>Cache + Queue)]
        Elastic[Elasticsearch<br/>Search Engine]
        Storage[File Storage<br/>/share/dms-data]
--- a/specs/02-architecture/system-architecture.md
+++ b/specs/02-architecture/system-architecture.md
@@ -59,7 +59,7 @@ graph TB
    NPM --> N8N[n8n Workflow<br/>n8n.np-dms.work]
    NPM --> Gitea[Gitea Git<br/>git.np-dms.work]

-    Backend --> MariaDB[(MariaDB 10.11<br/>db.np-dms.work)]
+    Backend --> MariaDB[(MariaDB 11.8<br/>db.np-dms.work)]
    Backend --> Redis[(Redis Cache)]
    Backend --> Elastic[Elasticsearch]
    Backend --> Storage[File Storage<br/>/share/dms-data]
@@ -103,7 +103,7 @@ graph TB
 | :---------------- | :--------------- | :------------------ | :----------------------- | :-------------------------- |
 | **Frontend**      | lcbp3-frontend   | lcbp3.np-dms.work   | Next.js 14+ (App Router) | Web Application UI          |
 | **Backend**       | lcbp3-backend    | backend.np-dms.work | NestJS (TypeScript)      | API Server & Business Logic |
-| **Database**      | lcbp3-db         | db.np-dms.work      | MariaDB 10.11            | Primary Database            |
+| **Database**      | lcbp3-db         | db.np-dms.work      | MariaDB 11.8             | Primary Database            |
 | **DB Management** | lcbp3-db         | pma.np-dms.work     | phpMyAdmin               | Database Admin UI           |
 | **Reverse Proxy** | lcbp3-npm        | npm.np-dms.work     | Nginx Proxy Manager      | Reverse Proxy & SSL         |
 | **Workflow**      | lcbp3-n8n        | n8n.np-dms.work     | n8n                      | Workflow Automation         |
@@ -154,7 +154,7 @@ graph TB
 - Workflow Engine
 - Background Jobs (Notifications, Cleanup)

-### 3.4 Database (MariaDB 10.11)
+### 3.4 Database (MariaDB 11.8)

 **Features:**

--- a/specs/03-implementation/document-numbering.md
+++ b/specs/03-implementation/document-numbering.md
@@ -21,7 +21,7 @@ related:

 - **Backend Framework**: NestJS 10.x
 - **ORM**: TypeORM 0.3.x
- **Database**: MariaDB 10.11
+- **Database**: MariaDB 11.8
 - **Cache/Lock**: Redis 7.x + Redlock
 - **Message Queue**: BullMQ
 - **Monitoring**: Prometheus + Grafana
--- a/specs/03-implementation/fullftack-js-v1.5.0.md
+++ b/specs/03-implementation/fullftack-js-v1.5.0.md
@@ -183,7 +183,7 @@ export class DocumentCounter {

 #### **3.2.2 Virtual Columns for JSON Performance**

-เนื่องจากเราใช้ MariaDB 10.11 และมีการเก็บข้อมูล JSON (Details) ให้ใช้ **Generated Columns (Virtual)** สำหรับ Field ที่ต้อง Search/Sort บ่อยๆ และทำ Index บน Virtual Column นั้น
+เนื่องจากเราใช้ MariaDB 11.8 และมีการเก็บข้อมูล JSON (Details) ให้ใช้ **Generated Columns (Virtual)** สำหรับ Field ที่ต้อง Search/Sort บ่อยๆ และทำ Index บน Virtual Column นั้น

 ```sql
 -- ตัวอย่าง SQL Migration
@@ -408,7 +408,7 @@ Unified Workflow Engine (Core Architecture)
 | ----------------------- | ---------------------------------------------------- | -------------------------------------- |
 | **Framework**           | `@nestjs/core`, `@nestjs/common`                     | Core Framework                         |
 | **Language**            | `TypeScript`                                         | ใช้ TypeScript ทั้งระบบ                   |
-| **Database**            | `MariaDB 10.11`                                      | ฐานข้อมูลหลัก                             |
+| **Database**            | `MariaDB 11.8`                                       | ฐานข้อมูลหลัก                             |
 | **ORM**                 | `@nestjs/typeorm`, `typeorm`                         | 🗃️จัดการการเชื่อมต่อและ Query ฐานข้อมูล       |
 | **Validation**          | `class-validator`, `class-transformer`               | 📦ตรวจสอบและแปลงข้อมูลใน DTO              |
 | **Auth**                | `@nestjs/jwt`, `@nestjs/passport`, `passport-jwt`    | 🔐การยืนยันตัวตนด้วย JWT                    |
--- a/specs/03-implementation/testing-strategy.md
+++ b/specs/03-implementation/testing-strategy.md
@@ -52,11 +52,11 @@ related:

 ### Test Distribution

-| Level       | Coverage | Speed      | Purpose                         |
-| ----------- | -------- | ---------- | ------------------------------- |
-| Unit        | 60%      | Fast (ms)  | ทดสอบตรรกะแต่ละ Function        |
+| Level       | Coverage | Speed      | Purpose                      |
+| ----------- | -------- | ---------- | ---------------------------- |
+| Unit        | 60%      | Fast (ms)  | ทดสอบตรรกะแต่ละ Function      |
 | Integration | 30%      | Medium (s) | ทดสอบการทำงานร่วมกันของ Modules |
-| E2E         | 10%      | Slow (m)   | ทดสอบ User Journey ทั้งหมด      |
+| E2E         | 10%      | Slow (m)   | ทดสอบ User Journey ทั้งหมด     |

 ---

@@ -958,7 +958,7 @@ jobs:
    runs-on: ubuntu-latest
    services:
      mariadb:
-        image: mariadb:10.11
+        image: mariadb:11.8
        env:
          MYSQL_ROOT_PASSWORD: test
          MYSQL_DATABASE: lcbp3_test
--- a/specs/04-operations/README.md
+++ b/specs/04-operations/README.md
@@ -16,23 +16,23 @@ This directory contains operational documentation for deploying, maintaining, an

 ### Deployment & Infrastructure

-| Document                                       | Description                                            | Status      |
-| ---------------------------------------------- | ------------------------------------------------------ | ----------- |
+| Document                                       | Description                                            | Status     |
+| ---------------------------------------------- | ------------------------------------------------------ | ---------- |
 | [deployment-guide.md](./deployment-guide.md)   | Docker deployment procedures on QNAP Container Station | ✅ Complete |
 | [environment-setup.md](./environment-setup.md) | Environment variables and configuration management     | ✅ Complete |

 ### Monitoring & Maintenance

-| Document                                                 | Description                                         | Status      |
-| -------------------------------------------------------- | --------------------------------------------------- | ----------- |
+| Document                                                 | Description                                         | Status     |
+| -------------------------------------------------------- | --------------------------------------------------- | ---------- |
 | [monitoring-alerting.md](./monitoring-alerting.md)       | Monitoring setup, health checks, and alerting rules | ✅ Complete |
 | [backup-recovery.md](./backup-recovery.md)               | Backup strategies and disaster recovery procedures  | ✅ Complete |
 | [maintenance-procedures.md](./maintenance-procedures.md) | Routine maintenance and update procedures           | ✅ Complete |

 ### Security & Compliance

-| Document                                           | Description                                    | Status      |
-| -------------------------------------------------- | ---------------------------------------------- | ----------- |
+| Document                                           | Description                                    | Status     |
+| -------------------------------------------------- | ---------------------------------------------- | ---------- |
 | [security-operations.md](./security-operations.md) | Security monitoring and incident response      | ✅ Complete |
 | [incident-response.md](./incident-response.md)     | Incident classification and response playbooks | ✅ Complete |

@@ -74,7 +74,7 @@ graph TB
            NGINX[NGINX<br/>Reverse Proxy<br/>Port 80/443]
            Backend[NestJS Backend<br/>Port 3000]
            Frontend[Next.js Frontend<br/>Port 3001]
-            MariaDB[(MariaDB 10.11<br/>Port 3306)]
+            MariaDB[(MariaDB 11.8<br/>Port 3306)]
            Redis[(Redis 7.2<br/>Port 6379)]
            ES[(Elasticsearch<br/>Port 9200)]
        end
--- a/specs/04-operations/deployment-guide.md
+++ b/specs/04-operations/deployment-guide.md
@@ -28,13 +28,13 @@ This guide provides step-by-step instructions for deploying the LCBP3-DMS system

 ### Hardware Requirements

-| Component      | Minimum Specification      |
-| -------------- | -------------------------- |
-| CPU            | 4 cores @ 2.0 GHz          |
-| RAM            | 16 GB                      |
-| Storage        | 500 GB SSD (System + Data) |
-| Network        | 1 Gbps Ethernet            |
-| QNAP Model     | TS-473A or equivalent      |
+| Component  | Minimum Specification      |
+| ---------- | -------------------------- |
+| CPU        | 4 cores @ 2.0 GHz          |
+| RAM        | 16 GB                      |
+| Storage    | 500 GB SSD (System + Data) |
+| Network    | 1 Gbps Ethernet            |
+| QNAP Model | TS-473A or equivalent      |

 ### Software Requirements

@@ -267,7 +267,7 @@ services:
      retries: 3

  mariadb:
-    image: mariadb:10.11
+    image: mariadb:11.8
    container_name: lcbp3-mariadb
    restart: unless-stopped
    environment:
--- a/specs/04-operations/document-numbering-operations.md
+++ b/specs/04-operations/document-numbering-operations.md
@@ -72,7 +72,7 @@ related:
 # docker-compose.yml
 services:
  mariadb-master:
-    image: mariadb:10.11
+    image: mariadb:11.8
    environment:
      MYSQL_REPLICATION_MODE: master
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
@@ -82,7 +82,7 @@ services:
      - backend

  mariadb-replica:
-    image: mariadb:10.11
+    image: mariadb:11.8
    environment:
      MYSQL_REPLICATION_MODE: slave
      MYSQL_MASTER_HOST: mariadb-master
--- a/specs/04-operations/environment-setup.md
+++ b/specs/04-operations/environment-setup.md
@@ -162,7 +162,7 @@ services:

  # MariaDB Database
  mariadb:
-    image: mariadb:10.11
+    image: mariadb:11.8
    container_name: lcbp3-mariadb
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
--- a/specs/04-operations/security-operations.md
+++ b/specs/04-operations/security-operations.md
@@ -190,7 +190,7 @@ npm audit --production
 # Scan Docker images
 trivy image --severity HIGH,CRITICAL lcbp3-backend:latest
 trivy image --severity HIGH,CRITICAL lcbp3-frontend:latest
-trivy image --severity HIGH,CRITICAL mariadb:10.11
+trivy image --severity HIGH,CRITICAL mariadb:11.8
 trivy image --severity HIGH,CRITICAL redis:7.2-alpine
 ```

--- a/specs/05-decisions/ADR-005-technology-stack.md
+++ b/specs/05-decisions/ADR-005-technology-stack.md
@@ -95,7 +95,7 @@ LCBP3-DMS ต้องเลือก Technology Stack สำหรับพั
 | **Framework**      | NestJS          | Modular, TypeScript-first, similar to Angular  |
 | **Language**       | TypeScript 5.x  | Type safety, better DX                         |
 | **ORM**            | TypeORM         | TypeScript support, migrations, repositories   |
-| **Database**       | MariaDB 10.11   | JSON support, virtual columns, QNAP compatible |
+| **Database**       | MariaDB 11.8    | JSON support, virtual columns, QNAP compatible |
 | **Validation**     | class-validator | Decorator-based, integrates with NestJS        |
 | **Authentication** | Passport + JWT  | Standard, well-supported                       |
 | **Authorization**  | CASL            | Flexible RBAC implementation                   |
@@ -112,7 +112,7 @@ LCBP3-DMS ต้องเลือก Technology Stack สำหรับพั
 | **Styling**           | Tailwind CSS        | Utility-first, fast development        |
 | **Component Library** | shadcn/ui           | Accessible, customizable, TypeScript   |
 | **State Management**  | TanStack Query      | Server state management                |
-| **Form Handling**     | React Hook Form     | Performance, ต้ validation with Zod    |
+| **Form Handling**     | React Hook Form     | Performance, ต้ validation with Zod     |
 | **Testing**           | Vitest + Playwright | Fast unit tests, reliable E2E          |

 #### Infrastructure
@@ -121,7 +121,7 @@ LCBP3-DMS ต้องเลือก Technology Stack สำหรับพั
 | :------------------- | :---------------------- | :------------------------------- |
 | **Containerization** | Docker + Docker Compose | QNAP Container Station           |
 | **Reverse Proxy**    | Nginx Proxy Manager     | UI-based SSL management          |
-| **Database**         | MariaDB 10.11           | Robust, JSON support             |
+| **Database**         | MariaDB 11.8            | Robust, JSON support             |
 | **Cache**            | Redis 7                 | Session, locks, queue management |
 | **Search**           | Elasticsearch 8         | Full-text search                 |
 | **Workflow**         | n8n                     | Visual workflow automation       |
@@ -212,7 +212,7 @@ lcbp3-dms/

 ### Database Choice

-**Chosen:** MariaDB 10.11 (Not PostgreSQL)
+**Chosen:** MariaDB 11.8 (Not PostgreSQL)

 **Rationale:**

--- a/specs/05-decisions/ADR-015-deployment-infrastructure.md
+++ b/specs/05-decisions/ADR-015-deployment-infrastructure.md
@@ -64,7 +64,7 @@ services:
      - lcbp3-network

  mariadb:
-    image: mariadb:10.11
+    image: mariadb:11.8
    volumes:
      - mariadb-data:/var/lib/mysql
    networks:
--- a/specs/07-database/data-dictionary-v1.5.1.md
+++ b/specs/07-database/data-dictionary-v1.5.1.md
--- a/specs/07-database/data-dictionary-v1.5.1.sql
+++ b/specs/07-database/data-dictionary-v1.5.1.sql
--- a/specs/07-database/lcbp3-v1.5.1-schema.sql
+++ b/specs/07-database/lcbp3-v1.5.1-schema.sql
@@ -2,7 +2,7 @@
 -- DMS v1.5.1 Document Management System Database
 -- Deploy Script Schema
 -- Server: Container Station on QNAP TS-473A
-- Database service: MariaDB 10.11
+-- Database service: MariaDB 11.8
 -- database web ui: phpmyadmin 5-apache
 -- database development ui: DBeaver
 -- backend service: NestJS
@@ -190,6 +190,8 @@ DROP TABLE IF EXISTS contracts;

 DROP TABLE IF EXISTS projects;

+DROP TABLE IF EXISTS refresh_tokens;
+
 DROP TABLE IF EXISTS users;

 -- Referenced by user_preferences, audit_logs, etc.
@@ -268,6 +270,18 @@ CREATE TABLE users (
  SET NULL
 ) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตาราง Master เก็บข้อมูลผู้ใช้งาน (User)';

+-- ตารางเก็บ Refresh Tokens สำหรับ Authentication
+CREATE TABLE refresh_tokens (
+  token_id INT PRIMARY KEY AUTO_INCREMENT COMMENT 'ID ของตาราง',
+  user_id INT NOT NULL COMMENT 'เจ้าของ Token',
+  token_hash VARCHAR(255) NOT NULL COMMENT 'Hash ของ Refresh Token',
+  expires_at DATETIME NOT NULL COMMENT 'วันหมดอายุ',
+  is_revoked TINYINT(1) DEFAULT 0 COMMENT 'สถานะยกเลิก (1=Revoked)',
+  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP COMMENT 'วันที่สร้าง',
+  replaced_by_token VARCHAR(255) NULL COMMENT 'Token ใหม่ที่มาแทนที่ (Rotation)',
+  FOREIGN KEY (user_id) REFERENCES users (user_id) ON DELETE CASCADE
+) ENGINE = InnoDB DEFAULT CHARSET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = 'ตารางเก็บ Refresh Tokens สำหรับ Authentication';
+
 -- ตาราง Master เก็บ "บทบาท" ของผู้ใช้ในระบบ
 CREATE TABLE roles (
  role_id INT PRIMARY KEY AUTO_INCREMENT COMMENT 'ID ของตาราง',
@@ -1232,7 +1246,7 @@ CREATE TABLE backup_logs (
 -- 4.2 Virtual Columns for JSON Search (ตัวอย่างสำหรับ Correspondence)
 -- รองรับ: Backend Plan T2.1, Req 3.11.3
 -- เหตุผล: เพิ่มความเร็วในการ Search/Sort ข้อมูลที่อยู่ใน JSON details
-- หมายเหตุ: ต้องมั่นใจว่า MariaDB เวอร์ชัน 10.11+ รองรับ Syntax นี้
+-- หมายเหตุ: ต้องมั่นใจว่า MariaDB เวอร์ชัน 11.8+ รองรับ Syntax นี้
 -- ตัวอย่าง: ดึง Project ID ที่อ้างอิงใน details ออกมาทำ Index
 ALTER TABLE correspondence_revisions
 ADD COLUMN v_ref_project_id INT GENERATED ALWAYS AS (