chore: add automated database backup service and tighten backend security
All checks were successful
Build and Deploy / build-and-push (push) Successful in 1m56s
All checks were successful
Build and Deploy / build-and-push (push) Successful in 1m56s
- Added `databack/mysql-backup` service to the production docker-compose Swarm stack, scheduling a daily 02:55 AM cron backup of the database with a 3-day local retention policy. - Fixed a critical race condition in the backend JWT authentication middleware where an invalid token returning 401 could crash the response flow if the route executed before the defensive checks caught it. - Added strict undefined defensive checks to the `getUserById` endpoint and RBAC middleware to gracefully reject requests that somehow bypass the token parser. - Updated `GEMINI.md` technical documentation to fully match the real codebase logic. - Fixed UX rule to prevent `manager` role from seeing Funnels or Origins tabs in the sidebar. - Blocked `agent` role from modifying their own 'fullName' string in the Profile UI.
This commit is contained in:
Cauê Faleiros
50
GEMINI.md
50
GEMINI.md
@@ -7,38 +7,44 @@ Fasto is a commercial team management system built with React (Vite) on the fron
|
||||
We have transitioned from a mock-based prototype to a **secure, multi-tenant production architecture**:
|
||||
|
||||
- **Multi-Tenancy & Data Isolation:** All backend routes (Users, Teams, Attendances) now strictly enforce `tenant_id` checks. It is technically impossible for one organization to query data from another.
|
||||
- **God Mode (Tenant Impersonation):** Super Admins can securely impersonate Tenant Admins via a specialized, temporary JWT (`/api/impersonate/:tenantId`). This allows seamless cross-domain support without storing passwords, while strictly maintaining state isolation through forced React reloads and locking mechanisms.
|
||||
- **Dynamic Funnel Customization:**
|
||||
- Funnel stages are no longer hardcoded ENUMs. Each tenant can create multiple dynamic funnels via the `funnels` and `funnel_stages` tables.
|
||||
- Managers can assign specific Teams to specific Funnels.
|
||||
- The Dashboard, User Detail, and Attendance Detail pages now dynamically map and color-code stages based on the active team's assigned funnel.
|
||||
- **Real-Time Notification System:**
|
||||
- Built a persistent notification tray (`/api/notifications`) with real-time polling (10s intervals) and a hidden HTML5 `<audio>` player for cross-browser sound playback.
|
||||
- Automated Triggers: Super Admins are notified of new organizations; Tenant Admins/Managers are notified of new user setups; Users are notified of team assignment changes.
|
||||
- **Role-Based Access Control (RBAC):**
|
||||
- **Super Admin:** Global management of all tenants and users (via the hidden `system` tenant).
|
||||
- **Admin/Manager:** Full control over members and teams within their specific organization.
|
||||
- **Advanced 2-Token Authentication (Rolling Sessions):**
|
||||
- Replaced the vulnerable 1-year static JWT with a highly secure dual-token system.
|
||||
- Generates a short-lived `AccessToken` (15 min) and a stateful `RefreshToken` (30 days) stored in the DB (`refresh_tokens` table).
|
||||
- Built an Axios-like `apiFetch` interceptor on the frontend that automatically catches 401 Unauthorized errors, fetches a new Access Token in the background, extends the Refresh Token by another 30 days (Sliding Expiration), and retries the original request without logging the user out.
|
||||
- Full remote revocation capability (Logout drops the token from the DB immediately).
|
||||
- **God Mode (Tenant Impersonation):** Super Admins can securely impersonate Tenant Admins via a specialized, temporary JWT (`/api/impersonate/:tenantId`). This allows seamless cross-domain support without storing passwords.
|
||||
- **Role-Based Access Control (RBAC) Simplification:**
|
||||
- Removed the redundant 'owner' role. The system now strictly relies on 4 tiers:
|
||||
- **Super Admin:** Global management of all tenants and API keys (via the hidden `system` tenant).
|
||||
- **Admin:** Full control over members, teams, funnels, and origins within their specific organization.
|
||||
- **Manager:** Mid-level control. Can edit basic info of users in their specific team, but cannot change user roles or re-assign users to different teams (only Admins can).
|
||||
- **Agent:** Restricted access. Can only view their own performance metrics and historical attendances.
|
||||
- **Dynamic Funnel & Origin Managers:**
|
||||
- Funnel stages and Lead Origins are no longer hardcoded ENUMs. Each tenant can create multiple dynamic funnel/origin groups via relational tables (`funnels`, `funnel_stages`, `origin_groups`, `origin_items`).
|
||||
- Admins can customize the exact Tailwind color class (e.g., "bg-green-100") for each stage and origin via visual UI pickers.
|
||||
- Admins assign specific Teams to specific Funnels/Origin Groups.
|
||||
- The Dashboard pie charts and data tables strictly filter and color-code data based on the active team's configuration. Deleted data falls back to an "Outros" category to prevent chart breakage.
|
||||
- **n8n / External API Webhooks (Completed):**
|
||||
- Super Admins can generate persistent `api_keys` for specific tenants.
|
||||
- `GET /api/integration/users`, `/funnels`, and `/origins` allow the n8n AI to dynamically map the tenant's actual agents and workflow stages before processing a chat.
|
||||
- `POST /api/integration/attendances` accepts the AI's final JSON payload (including the `full_summary` text) and injects it directly into the dashboard.
|
||||
- **Real-Time Notification System:**
|
||||
- Built a persistent notification tray (`/api/notifications`) with real-time polling (10s intervals) and a hidden HTML5 `<audio>` player for cross-browser sound playback (custom `.mp3` loaded via Vite).
|
||||
- Automated Triggers: Super Admins are notified of new organizations; Admins/Super Admins are notified of new user setups; Agents are notified of team assignment changes; Managers get "Venda Fechada" alerts when n8n posts a converted lead.
|
||||
- **Enhanced UI/UX:**
|
||||
- Premium "Onyx & Gold" True Black dark mode.
|
||||
- Premium "Onyx & Gold" True Black dark mode (Zinc scale).
|
||||
- Fully collapsible interactive sidebar with memory (`localStorage`).
|
||||
- Action buttons across all data tables are permanently visible for faster discoverability (removed hover requirements).
|
||||
- Loading states embedded directly into action buttons to prevent double-submissions.
|
||||
- **Secure File Uploads:** Profile avatars use `multer` with strict mimetype validation (JPG/PNG/WEBP), 2MB size limits, and UUID generation.
|
||||
- All Date/Time displays localized to strict Brazilian formatting (`pt-BR`, 24h, `DD/MM/YY`).
|
||||
|
||||
## 📌 Roadmap / To-Do
|
||||
- [ ] **n8n / External API Integration (Priority 1):**
|
||||
- Create an `api_keys` table to allow generating persistent, secure API keys for each Tenant.
|
||||
- Build `GET /api/integration/users` so n8n can map its chat agents to Fasto's internal `user_id`s.
|
||||
- Build `POST /api/integration/attendances` to allow n8n to programmatically create new attendances linked to specific tenants and users.
|
||||
- [ ] **Sales & Quality Notification Triggers:** Implement backend logic to automatically notify Managers when an attendance is marked as "Won" (Ganhos), receives a critically low quality score, or breaches a specific Response Time SLA.
|
||||
- [ ] **Advanced AI Notification Triggers:** Implement backend logic to automatically notify Managers when an attendance payload from n8n receives a critically low quality score (`score < 50`), or breaches a specific Response Time SLA (e.g., `first_response_time_min > 60`).
|
||||
- [ ] **Data Export/Reporting:** Allow Admins to export attendance and KPI data to CSV/Excel.
|
||||
- [ ] **Billing/Subscription Management:** Integrate a payment gateway (e.g., Stripe/Asaas) to manage tenant trial periods and active statuses dynamically.
|
||||
|
||||
## 🛠 Architecture
|
||||
- **Frontend**: React 19, TypeScript, Vite, TailwindCSS (CDN), Recharts, Lucide React.
|
||||
- **Backend**: Node.js, Express, MySQL2 (Pool-based), Nodemailer.
|
||||
- **Database**: MySQL 8.0 (Schema: `fasto_db`).
|
||||
- **Database**: MySQL 8.0 (Schema: `fasto_db` or `agenciac_comia` depending on `.env`).
|
||||
- **Deployment**: Docker Compose for local development; Gitea Actions for CI/CD pushing to a Gitea Registry and deploying via Portainer webhook.
|
||||
|
||||
## 📋 Prerequisites
|
||||
@@ -55,7 +61,7 @@ cp .env.example .env
|
||||
*Note:* The backend automatically strips literal quotes from Docker `.env` string values (like `SMTP_PASS`) to prevent authentication crashes.
|
||||
|
||||
### 2. Database
|
||||
The project expects a MySQL database. The `docker-compose.local.yml` initializes it. The Node.js backend automatically runs non-destructive schema migrations on startup (adding tables like `notifications`, `funnels`, `funnel_stages`, and modifying `attendances`).
|
||||
The project expects a MySQL database. The Node.js backend automatically runs non-destructive schema migrations on startup (adding tables like `refresh_tokens`, `api_keys`, `origin_groups`, etc.).
|
||||
|
||||
### 3. Running Locally (Docker Compose)
|
||||
To start the application and database locally:
|
||||
|
||||
Reference in New Issue
Block a user