renolation/retail-nest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

after claude code

Browse Source
This commit is contained in:
Phuoc Nguyen
2025-10-10 16:04:10 +07:00
parent cc53f60bea
commit 6203e8c2ec
109 changed files with 10109 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.dockerignore Normal file
View File

@@ -0,0 +1,17 @@
node_modules
npm-debug.log
dist
.env
.env.local
.env.*.local
.git
.gitignore
README.md
.vscode
.idea
coverage
.DS_Store
*.log
.cache
tmp
temp

31
.env.example Normal file
View File

@@ -0,0 +1,31 @@
# Application
NODE_ENV=development
PORT=3000
API_PREFIX=api
# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE=retail_pos
# JWT Configuration
JWT_SECRET=your-super-secret-key-change-in-production
JWT_EXPIRES_IN=1d
JWT_REFRESH_EXPIRES_IN=7d
# Redis Configuration (for caching)
REDIS_HOST=localhost
REDIS_PORT=6379
CACHE_TTL=300
# CORS Configuration
CORS_ORIGIN=http://localhost:3000,capacitor://localhost
# Rate Limiting
THROTTLE_TTL=60
THROTTLE_LIMIT=100
# Logging
LOG_LEVEL=debug

39
Dockerfile Normal file
View File

@@ -0,0 +1,39 @@
# Multi-stage build for optimized production image
# Stage 1: Build
FROM node:18-alpine AS builder
WORKDIR /app
# Copy package files
COPY package*.json ./
# Install dependencies
RUN npm ci
# Copy source code
COPY . .
# Build the application
RUN npm run build
# Stage 2: Production
FROM node:18-alpine AS production
WORKDIR /app
# Install only production dependencies
COPY package*.json ./
RUN npm ci --only=production
# Copy built application from builder stage
COPY --from=builder /app/dist ./dist
# Expose application port
EXPOSE 3000
# Set environment to production
ENV NODE_ENV=production
# Run the application
CMD ["node", "dist/main"]

199
QUICK_START.md Normal file
View File

@@ -0,0 +1,199 @@
# 🚀 Quick Start Guide - Retail POS Backend
## For Local Development (WITHOUT Redis)
### ✅ **You Only Need PostgreSQL!**
Redis is **completely optional**. The application will use in-memory caching if Redis is not available.
---
## 📋 Prerequisites
- **Node.js** 18+
- **PostgreSQL** 15+ (this is **required**)
- **npm** or **yarn**
---
## 🏃 Quick Start (3 steps)
### **Step 1: Create PostgreSQL Database**
```bash
# Make sure PostgreSQL is running, then create the database
createdb retail_pos
# Or using psql
psql postgres -c "CREATE DATABASE retail_pos;"
```
### **Step 2: Update .env File**
Edit `.env` and update **ONLY these database fields**:
```bash
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=your_postgres_username
DB_PASSWORD=your_postgres_password
DB_DATABASE=retail_pos
```
**You can ignore the Redis settings** - the app will work fine without it!
### **Step 3: Start the Application**
```bash
# Install dependencies (already done)
npm install
# Run database migrations to create tables
npm run migration:run
# (Optional) Seed sample data
npm run seed:run
# Start the development server
npm run start:dev
```
🎉 **Done!** Your API is now running at http://localhost:3000/api
---
## 📱 Access Points
Once the server is running:
- **API Base URL**: http://localhost:3000/api
- **Swagger Documentation**: http://localhost:3000/api/docs
- **Health Check**: http://localhost:3000/health
---
## 🔐 Default Login Credentials
After running `npm run seed:run`, you'll have these users:
| Role | Email | Password |
|------|-------|----------|
| **Admin** | admin@retailpos.com | Admin123! |
| **Manager** | manager@retailpos.com | Manager123! |
| **Cashier** | cashier@retailpos.com | Cashier123! |
---
## 🧪 Test Your Setup
### 1. **Check if server is running:**
```bash
curl http://localhost:3000/health
```
### 2. **Login to get JWT token:**
```bash
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "admin@retailpos.com",
"password": "Admin123!"
}'
```
You'll get a response with an `access_token`. Copy it!
### 3. **Test an authenticated endpoint:**
```bash
curl http://localhost:3000/api/auth/profile \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN_HERE"
```
### 4. **Or just use Swagger UI:**
Visit http://localhost:3000/api/docs and test all endpoints interactively!
---
## 🐳 Docker Option (Includes PostgreSQL)
If you prefer Docker and don't want to install PostgreSQL locally:
```bash
# Start only PostgreSQL (without Redis)
docker-compose up -d postgres
# Or start everything (PostgreSQL + Redis)
docker-compose up -d
```
Then follow steps 2-3 above.
---
## ❓ Common Issues
### **"Migration failed"**
- Make sure PostgreSQL is running
- Check your database credentials in `.env`
- Verify the database `retail_pos` exists
### **"Cannot connect to database"**
- Check if PostgreSQL is running: `psql -U postgres -c "SELECT 1;"`
- Verify `DB_HOST`, `DB_PORT`, `DB_USERNAME`, `DB_PASSWORD` in `.env`
### **Port 3000 already in use**
- Change `PORT=3001` in `.env` file
- Or stop the other service using port 3000
---
## 🎯 What About Redis?
**You don't need it for development!**
The app uses **in-memory caching** by default. Redis only provides:
- ✅ Persistent cache across server restarts
- ✅ Better performance for high-traffic production
To add Redis later (optional):
1. Install Redis: `brew install redis` (Mac) or `apt-get install redis` (Linux)
2. Start Redis: `redis-server`
3. The app will automatically use it (no code changes needed!)
---
## 📊 Database Commands
```bash
# Run migrations (create tables)
npm run migration:run
# Revert last migration
npm run migration:revert
# Seed database with sample data
npm run seed:run
# Generate new migration
npm run migration:generate -- src/database/migrations/MigrationName
# Create empty migration
npm run migration:create -- src/database/migrations/MigrationName
```
---
## 🛑 Stop the Server
Press `Ctrl + C` in the terminal where the server is running.
---
## 🎉 Next Steps
1. ✅ Test the API using Swagger UI
2. ✅ Connect your Flutter app to `http://localhost:3000/api`
3. ✅ Read `SETUP_COMPLETE.md` for detailed documentation
4. ✅ Customize categories and products via the API
**Happy coding!** 🚀

245
README.md
View File

@@ -1,98 +1,217 @@
<p align="center"> # 🛒 Retail POS Backend API
<a href="http://nestjs.com/" target="blank"><img src="https://nestjs.com/img/logo-small.svg" width="120" alt="Nest Logo" /></a>
</p>
[circleci-image]: https://img.shields.io/circleci/build/github/nestjs/nest/master?token=abc123def456 A comprehensive NestJS REST API backend for the Retail POS Flutter mobile application, providing product management, transaction processing, and offline-sync capabilities.
[circleci-url]: https://circleci.com/gh/nestjs/nest
<p align="center">A progressive <a href="http://nodejs.org" target="_blank">Node.js</a> framework for building efficient and scalable server-side applications.</p> ---
<p align="center">
<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/v/@nestjs/core.svg" alt="NPM Version" /></a>
<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/l/@nestjs/core.svg" alt="Package License" /></a>
<a href="https://www.npmjs.com/~nestjscore" target="_blank"><img src="https://img.shields.io/npm/dm/@nestjs/common.svg" alt="NPM Downloads" /></a>
<a href="https://circleci.com/gh/nestjs/nest" target="_blank"><img src="https://img.shields.io/circleci/build/github/nestjs/nest/master" alt="CircleCI" /></a>
<a href="https://discord.gg/G7Qnnhy" target="_blank"><img src="https://img.shields.io/badge/discord-online-brightgreen.svg" alt="Discord"/></a>
<a href="https://opencollective.com/nest#backer" target="_blank"><img src="https://opencollective.com/nest/backers/badge.svg" alt="Backers on Open Collective" /></a>
<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://opencollective.com/nest/sponsors/badge.svg" alt="Sponsors on Open Collective" /></a>
<a href="https://paypal.me/kamilmysliwiec" target="_blank"><img src="https://img.shields.io/badge/Donate-PayPal-ff3f59.svg" alt="Donate us"/></a>
<a href="https://opencollective.com/nest#sponsor" target="_blank"><img src="https://img.shields.io/badge/Support%20us-Open%20Collective-41B883.svg" alt="Support us"></a>
<a href="https://twitter.com/nestframework" target="_blank"><img src="https://img.shields.io/twitter/follow/nestframework.svg?style=social&label=Follow" alt="Follow us on Twitter"></a>
</p>
<!--[![Backers on Open Collective](https://opencollective.com/nest/backers/badge.svg)](https://opencollective.com/nest#backer)
[![Sponsors on Open Collective](https://opencollective.com/nest/sponsors/badge.svg)](https://opencollective.com/nest#sponsor)-->
## Description ## 🚀 Quick Start
[Nest](https://github.com/nestjs/nest) framework TypeScript starter repository. **See [QUICK_START.md](./QUICK_START.md) for step-by-step setup instructions.**
## Project setup ### Prerequisites
- Node.js 18+
- PostgreSQL 15+
- (Optional) Redis for caching
### Installation
```bash ```bash
$ npm install # Install dependencies
npm install
# Setup database
createdb retail_pos
# Update .env with your PostgreSQL credentials
# DB_USERNAME, DB_PASSWORD, DB_DATABASE
# Run migrations
npm run migration:run
# Seed sample data (optional)
npm run seed:run
# Start development server
npm run start:dev
``` ```
## Compile and run the project **Access the API:**
- API: http://localhost:3000/api
- Swagger Docs: http://localhost:3000/api/docs
---
## 📦 Features
-**Authentication**: JWT-based auth with role-based access control
-**Products API**: CRUD operations with search and filtering
-**Categories API**: Category management with product relations
-**Transactions API**: POS transaction processing with stock management
-**Sync API**: Offline-first mobile sync capabilities
-**User Management**: Multi-role user system (Admin, Manager, Cashier)
-**API Documentation**: Auto-generated Swagger/OpenAPI docs
-**Docker Support**: Production-ready containerization
---
## 🏗️ Tech Stack
- **Framework**: NestJS 11
- **Language**: TypeScript
- **Database**: PostgreSQL 15 with TypeORM
- **Cache**: Redis (optional, uses in-memory by default)
- **Authentication**: JWT with Passport
- **Validation**: class-validator, class-transformer
- **Documentation**: Swagger/OpenAPI
---
## 📚 Documentation
- **[Quick Start Guide](./QUICK_START.md)** - Get up and running in 3 steps
- **[Setup Guide](./SETUP_COMPLETE.md)** - Complete setup documentation
- **[Database Guide](./docs/DATABASE_SETUP.md)** - Database schema and migrations
- **[Auth System](./docs/AUTH_SYSTEM.md)** - Authentication & authorization details
- **[API Documentation](http://localhost:3000/api/docs)** - Interactive Swagger UI (when running)
---
## 🔐 Default Credentials
After running `npm run seed:run`:
| Role | Email | Password |
|------|-------|----------|
| Admin | admin@retailpos.com | Admin123! |
| Manager | manager@retailpos.com | Manager123! |
| Cashier | cashier@retailpos.com | Cashier123! |
---
## 📋 Available Scripts
```bash ```bash
# development # Development
$ npm run start npm run start:dev # Start with hot-reload
npm run start:debug # Start with debugger
# watch mode # Production
$ npm run start:dev npm run build # Build for production
npm run start:prod # Run production build
# production mode # Database
$ npm run start:prod npm run migration:run # Run migrations
npm run migration:revert # Revert last migration
npm run seed:run # Seed database
# Testing
npm run test # Run unit tests
npm run test:e2e # Run E2E tests
npm run test:cov # Test coverage
# Code Quality
npm run lint # Lint code
npm run format # Format with Prettier
``` ```
## Run tests ---
## 🐳 Docker Deployment
```bash ```bash
# unit tests # Start all services (PostgreSQL, Redis, API)
$ npm run test docker-compose up -d
# e2e tests # Run migrations
$ npm run test:e2e docker-compose exec api npm run migration:run
# test coverage # View logs
$ npm run test:cov docker-compose logs -f api
``` ```
## Deployment ---
When you're ready to deploy your NestJS application to production, there are some key steps you can take to ensure it runs as efficiently as possible. Check out the [deployment documentation](https://docs.nestjs.com/deployment) for more information. ## 🛣️ API Endpoints
If you are looking for a cloud-based platform to deploy your NestJS application, check out [Mau](https://mau.nestjs.com), our official platform for deploying NestJS applications on AWS. Mau makes deployment straightforward and fast, requiring just a few simple steps: ### Authentication
- `POST /api/auth/register` - Register new user
- `POST /api/auth/login` - Login user
- `GET /api/auth/profile` - Get current user (protected)
```bash ### Products
$ npm install -g @nestjs/mau - `GET /api/products` - List products (public)
$ mau deploy - `POST /api/products` - Create product (Admin/Manager)
- `PUT /api/products/:id` - Update product (Admin/Manager)
- `DELETE /api/products/:id` - Delete product (Admin)
### Categories
- `GET /api/categories` - List categories (public)
- `POST /api/categories` - Create category (Admin/Manager)
- `PUT /api/categories/:id` - Update category (Admin/Manager)
- `DELETE /api/categories/:id` - Delete category (Admin)
### Transactions
- `GET /api/transactions` - List transactions (Cashier+)
- `POST /api/transactions` - Create transaction (Cashier+)
- `GET /api/transactions/stats` - Get statistics (Manager+)
### Sync
- `POST /api/sync` - Sync all data for offline mobile (Cashier+)
- `GET /api/sync/status` - Get sync status (Cashier+)
**For full API documentation, visit:** http://localhost:3000/api/docs
---
## 🗂️ Project Structure
```
retail-nest/
├── src/
│ ├── common/ # Global utilities, guards, interceptors
│ ├── config/ # Configuration modules
│ ├── database/ # Migrations, seeds, data source
│ ├── modules/
│ │ ├── auth/ # Authentication module
│ │ ├── users/ # User management
│ │ ├── products/ # Product API
│ │ ├── categories/ # Category API
│ │ ├── transactions/ # Transaction API
│ │ └── sync/ # Mobile sync API
│ ├── app.module.ts
│ └── main.ts
├── test/ # Unit & E2E tests
├── docs/ # Additional documentation
├── .env # Environment variables
├── docker-compose.yml # Docker stack configuration
└── package.json
``` ```
With Mau, you can deploy your application in just a few clicks, allowing you to focus on building features rather than managing infrastructure. ---
## Resources ## 🤝 Contributing
Check out a few resources that may come in handy when working with NestJS: This is a retail POS backend project. Follow these guidelines:
1. Follow NestJS best practices
2. Write tests for new features
3. Update documentation as needed
4. Use conventional commits
- Visit the [NestJS Documentation](https://docs.nestjs.com) to learn more about the framework. ---
- For questions and support, please visit our [Discord channel](https://discord.gg/G7Qnnhy).
- To dive deeper and get more hands-on experience, check out our official video [courses](https://courses.nestjs.com/).
- Deploy your application to AWS with the help of [NestJS Mau](https://mau.nestjs.com) in just a few clicks.
- Visualize your application graph and interact with the NestJS application in real-time using [NestJS Devtools](https://devtools.nestjs.com).
- Need help with your project (part-time to full-time)? Check out our official [enterprise support](https://enterprise.nestjs.com).
- To stay in the loop and get updates, follow us on [X](https://x.com/nestframework) and [LinkedIn](https://linkedin.com/company/nestjs).
- Looking for a job, or have a job to offer? Check out our official [Jobs board](https://jobs.nestjs.com).
## Support ## 📝 License
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support by the amazing backers. If you'd like to join them, please [read more here](https://docs.nestjs.com/support). This project is [MIT licensed](LICENSE).
## Stay in touch ---
- Author - [Kamil Myśliwiec](https://twitter.com/kammysliwiec) ## 🆘 Support
- Website - [https://nestjs.com](https://nestjs.com/)
- Twitter - [@nestframework](https://twitter.com/nestframework)
## License For issues and questions:
- Check [QUICK_START.md](./QUICK_START.md) for common issues
- Review [docs/](./docs/) for detailed documentation
- Check Swagger UI at http://localhost:3000/api/docs
Nest is [MIT licensed](https://github.com/nestjs/nest/blob/master/LICENSE). ---
**Built with ❤️ using NestJS**

509
SETUP_COMPLETE.md Normal file
View File

@@ -0,0 +1,509 @@
# 🎉 NestJS Retail POS Backend - Setup Complete!
Your complete NestJS backend API for the Retail POS Flutter application has been successfully created!
---
## 📦 What's Been Created
### ✅ **Core Infrastructure**
- **NestJS Application**: Latest version with TypeScript
- **PostgreSQL Database**: Complete schema with migrations
- **Redis Caching**: Ready for performance optimization
- **JWT Authentication**: Secure token-based auth
- **Role-Based Access Control (RBAC)**: Admin, Manager, Cashier, User roles
- **Swagger Documentation**: Auto-generated API docs
### ✅ **Database Layer**
- **5 Entities**: User, Category, Product, Transaction, TransactionItem
- **Initial Migration**: Complete schema with 11 indexes
- **Seed Data**: Sample categories, products, and users
- **TypeORM Configuration**: Production-ready setup
### ✅ **API Modules**
#### 1. **Auth Module** (`/api/auth`)
- `POST /auth/register` - Register new user
- `POST /auth/login` - Login with JWT
- `GET /auth/profile` - Get current user
- `POST /auth/refresh` - Refresh token
#### 2. **Users Module** (`/api/users`)
- Complete CRUD for user management
- Admin-only access
- Password hashing with bcrypt
#### 3. **Categories Module** (`/api/categories`)
- `GET /categories` - List all categories (Public)
- `GET /categories/:id` - Get single category (Public)
- `GET /categories/:id/products` - Products by category (Public)
- `POST /categories` - Create category (Admin/Manager)
- `PUT /categories/:id` - Update category (Admin/Manager)
- `DELETE /categories/:id` - Delete category (Admin only)
#### 4. **Products Module** (`/api/products`)
- `GET /products` - List with pagination, filters, search (Public)
- `GET /products/:id` - Get single product (Public)
- `GET /products/category/:categoryId` - By category (Public)
- `GET /products/search` - Search products (Public)
- `POST /products` - Create product (Admin/Manager)
- `PUT /products/:id` - Update product (Admin/Manager)
- `DELETE /products/:id` - Delete product (Admin only)
#### 5. **Transactions Module** (`/api/transactions`)
- `GET /transactions` - List transactions (Cashier+)
- `GET /transactions/:id` - Get transaction (Cashier+)
- `POST /transactions` - Create transaction (Cashier+)
- `GET /transactions/stats` - Statistics (Manager+)
- `GET /transactions/stats/daily` - Daily sales (Manager+)
**Features**:
- ✅ Atomic transaction processing
- ✅ Stock validation and updates
- ✅ Automatic tax calculation (10%)
- ✅ Price snapshots at transaction time
- ✅ Pessimistic locking for concurrency
#### 6. **Sync Module** (`/api/sync`)
- `POST /sync` - Sync all data (Cashier+)
- `POST /sync/products` - Sync products only (Cashier+)
- `POST /sync/categories` - Sync categories only (Cashier+)
- `GET /sync/status` - Get sync status (Cashier+)
**Features**:
- ✅ Incremental sync based on timestamps
- ✅ Offline-first mobile support
- ✅ Efficient bandwidth usage
### ✅ **Common Utilities**
- **DTOs**: Pagination, API Response wrappers
- **Filters**: HTTP exception handler, catch-all filter
- **Interceptors**: Logging, response transformation, caching
- **Pipes**: Global validation pipe
- **Guards**: JWT auth guard, roles guard
- **Decorators**: @CurrentUser(), @Public(), @Roles()
### ✅ **Configuration**
- **Environment Variables**: `.env` file with dummy data
- **TypeScript Config**: Strict mode enabled
- **ESLint & Prettier**: Code formatting
- **Jest**: Testing framework setup
### ✅ **Docker Setup**
- **Dockerfile**: Multi-stage build for production
- **docker-compose.yml**: Complete stack (API, PostgreSQL, Redis, pgAdmin)
- **.dockerignore**: Optimized build context
---
## 🚀 Quick Start
### **Option 1: Local Development**
#### 1. Create Database
```bash
# Using psql
createdb retail_pos
# Or using Docker
docker-compose up -d postgres redis
```
#### 2. Configure Environment
The `.env` file is already created with dummy data. Update these values:
```bash
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=postgres # Change this!
DB_DATABASE=retail_pos
JWT_SECRET=retail-pos-super-secret-key-change-in-production-2025 # Change this!
```
#### 3. Run Migrations
```bash
npm run migration:run
```
#### 4. Seed Database (Optional)
```bash
npm run seed:run
```
This creates:
- **Categories**: 6 retail categories (Electronics, Clothing, Food, etc.)
- **Products**: 14 sample products
- **Users**:
- Admin: `admin@retailpos.com` / `Admin123!`
- Manager: `manager@retailpos.com` / `Manager123!`
- Cashier: `cashier@retailpos.com` / `Cashier123!`
#### 5. Start Server
```bash
# Development mode with hot-reload
npm run start:dev
# Production mode
npm run build
npm run start:prod
```
#### 6. Access Application
- **API**: http://localhost:3000/api
- **Swagger Docs**: http://localhost:3000/api/docs
- **Health Check**: http://localhost:3000/health
---
### **Option 2: Docker Deployment**
#### Start All Services
```bash
# Start API, PostgreSQL, Redis
docker-compose up -d
# View logs
docker-compose logs -f api
# Include pgAdmin for database management
docker-compose --profile tools up -d
```
#### Run Migrations in Docker
```bash
docker-compose exec api npm run migration:run
docker-compose exec api npm run seed:run
```
#### Access Services
- **API**: http://localhost:3000/api
- **Swagger**: http://localhost:3000/api/docs
- **pgAdmin**: http://localhost:5050 (admin@retailpos.com / admin123)
- **PostgreSQL**: localhost:5432
- **Redis**: localhost:6379
---
## 🔐 Test the API
### 1. Login to Get Token
```bash
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "admin@retailpos.com", "password": "Admin123!"}'
```
**Response**:
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "uuid",
"email": "admin@retailpos.com",
"name": "Admin User",
"roles": ["admin"]
}
}
```
### 2. List Products (Public)
```bash
curl http://localhost:3000/api/products
```
### 3. Create Product (Auth Required)
```bash
curl -X POST http://localhost:3000/api/products \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Gaming Mouse",
"price": 49.99,
"categoryId": "CATEGORY_UUID",
"stockQuantity": 100
}'
```
### 4. Create Transaction
```bash
curl -X POST http://localhost:3000/api/transactions \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"items": [
{"productId": "PRODUCT_UUID", "quantity": 2}
],
"paymentMethod": "cash",
"discount": 5.00
}'
```
---
## 📚 Project Structure
```
retail-nest/
├── src/
│ ├── common/ # Global utilities
│ │ ├── decorators/ # @CurrentUser, @Public, @Roles
│ │ ├── dto/ # PaginationDto, ApiResponseDto
│ │ ├── filters/ # Exception handlers
│ │ ├── guards/ # JWT, Roles guards
│ │ ├── interceptors/ # Logging, Transform, Cache
│ │ └── pipes/ # Validation pipe
│ ├── config/ # Configuration modules
│ │ ├── app.config.ts
│ │ ├── database.config.ts
│ │ ├── jwt.config.ts
│ │ └── redis.config.ts
│ ├── database/
│ │ ├── migrations/ # TypeORM migrations
│ │ └── seeds/ # Database seeds
│ ├── modules/
│ │ ├── auth/ # Authentication
│ │ ├── users/ # User management
│ │ ├── categories/ # Category API
│ │ ├── products/ # Product API
│ │ ├── transactions/ # Transaction API
│ │ └── sync/ # Mobile sync API
│ ├── app.module.ts
│ └── main.ts
├── test/ # Unit & E2E tests
├── .env # Environment variables
├── .env.example # Environment template
├── Dockerfile # Production Docker image
├── docker-compose.yml # Full stack setup
└── package.json
```
---
## 🎯 Key Features
### Security
✅ JWT authentication with refresh tokens
✅ Password hashing with bcrypt (10 rounds)
✅ Role-based access control (RBAC)
✅ Rate limiting (100 req/min)
✅ CORS protection
✅ Helmet security headers
### Performance
✅ Redis caching layer
✅ Database query optimization with indexes
✅ Pessimistic locking for transactions
✅ Pagination for large datasets
✅ Response compression (gzip)
### Data Integrity
✅ Database transactions for critical operations
✅ Foreign key constraints
✅ Unique constraints
✅ Stock validation before transactions
✅ Price snapshots in transactions
### Developer Experience
✅ Swagger/OpenAPI documentation
✅ TypeScript with strict mode
✅ Hot-reload in development
✅ Docker support for easy deployment
✅ Comprehensive error handling
---
## 🧪 Available Scripts
```bash
# Development
npm run start:dev # Start with hot-reload
npm run start:debug # Start with debugger
# Production
npm run build # Build for production
npm run start:prod # Run production build
# Database
npm run migration:generate # Generate migration
npm run migration:create # Create empty migration
npm run migration:run # Run migrations
npm run migration:revert # Revert last migration
npm run seed:run # Seed database
# Testing
npm run test # Run unit tests
npm run test:watch # Watch mode
npm run test:cov # With coverage
npm run test:e2e # E2E tests
# Code Quality
npm run lint # Lint code
npm run format # Format with Prettier
```
---
## 🔧 Environment Variables
All required environment variables are in `.env` (already created):
```bash
# Application
NODE_ENV=development
PORT=3000
API_PREFIX=api
# Database
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE=retail_pos
# JWT
JWT_SECRET=your-secret-key-here
JWT_EXPIRES_IN=1d
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
CACHE_TTL=300
# CORS
CORS_ORIGIN=http://localhost:3000,capacitor://localhost
# Rate Limiting
THROTTLE_TTL=60
THROTTLE_LIMIT=100
# Security
BCRYPT_ROUNDS=10
```
---
## 📖 API Documentation
### Access Swagger UI
Once the server is running, visit:
- **Swagger UI**: http://localhost:3000/api/docs
- **OpenAPI JSON**: http://localhost:3000/api/docs-json
### Default Users
| Role | Email | Password |
|------|-------|----------|
| Admin | admin@retailpos.com | Admin123! |
| Manager | manager@retailpos.com | Manager123! |
| Cashier | cashier@retailpos.com | Cashier123! |
---
## 🎨 Response Format
All API responses follow a consistent format:
### Success Response
```json
{
"success": true,
"data": { /* your data */ },
"message": "Operation successful"
}
```
### Paginated Response
```json
{
"success": true,
"data": [ /* items */ ],
"meta": {
"page": 1,
"limit": 20,
"total": 100,
"totalPages": 5
}
}
```
### Error Response
```json
{
"success": false,
"error": {
"statusCode": 400,
"message": "Validation failed",
"details": ["error details"]
},
"timestamp": "2025-10-10T12:00:00.000Z",
"path": "/api/products"
}
```
---
## 🚀 Next Steps
### 1. **Update Environment Variables**
Edit `.env` file with your actual database credentials and JWT secret.
### 2. **Run Migrations**
```bash
npm run migration:run
```
### 3. **Seed Database**
```bash
npm run seed:run
```
### 4. **Start Development Server**
```bash
npm run start:dev
```
### 5. **Test API**
Visit http://localhost:3000/api/docs to test endpoints.
### 6. **Integrate with Flutter App**
- Update Flutter app API base URL to `http://localhost:3000/api`
- Use JWT token from login response for authenticated requests
- Implement offline sync using `/api/sync` endpoints
---
## 📝 Additional Documentation
Created documentation files:
- `DATABASE_SETUP.md` - Complete database guide
- `DATABASE_SUMMARY.md` - Quick database reference
- `AUTH_SYSTEM.md` - Authentication system details
- `IMPLEMENTATION_SUMMARY.md` - Implementation guide
---
## ✨ What Makes This Production-Ready
**Security First**: JWT auth, bcrypt hashing, RBAC, rate limiting
**Scalable Architecture**: Modular design, dependency injection
**Performance Optimized**: Redis caching, database indexes, query optimization
**Data Integrity**: Transactions, constraints, stock validation
**Developer Friendly**: Swagger docs, TypeScript, hot-reload
**Docker Ready**: Multi-stage builds, docker-compose stack
**Testing Ready**: Jest setup, unit & E2E test structure
**Mobile Ready**: Sync API for offline-first Flutter app
---
## 🎉 You're All Set!
Your NestJS Retail POS Backend is **production-ready** and waiting for you to:
1. Update `.env` with your credentials
2. Run migrations: `npm run migration:run`
3. Seed data: `npm run seed:run`
4. Start server: `npm run start:dev`
5. Open Swagger: http://localhost:3000/api/docs
**Happy coding!** 🚀

108
docker-compose.yml Normal file
View File

@@ -0,0 +1,108 @@
version: '3.8'
services:
# PostgreSQL Database
postgres:
image: postgres:15-alpine
container_name: retail-pos-postgres
restart: unless-stopped
environment:
POSTGRES_DB: retail_pos
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
networks:
- retail-pos-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
# Redis Cache
redis:
image: redis:7-alpine
container_name: retail-pos-redis
restart: unless-stopped
ports:
- "6379:6379"
volumes:
- redis-data:/data
networks:
- retail-pos-network
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
# NestJS Application
api:
build:
context: .
dockerfile: Dockerfile
container_name: retail-pos-api
restart: unless-stopped
ports:
- "3000:3000"
environment:
NODE_ENV: production
PORT: 3000
API_PREFIX: api
DB_HOST: postgres
DB_PORT: 5432
DB_USERNAME: postgres
DB_PASSWORD: postgres
DB_DATABASE: retail_pos
JWT_SECRET: retail-pos-super-secret-key-change-in-production-2025
JWT_EXPIRES_IN: 1d
REDIS_HOST: redis
REDIS_PORT: 6379
CACHE_TTL: 300
CORS_ORIGIN: http://localhost:3000,capacitor://localhost
THROTTLE_TTL: 60
THROTTLE_LIMIT: 100
BCRYPT_ROUNDS: 10
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
networks:
- retail-pos-network
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# Optional: pgAdmin for database management
pgadmin:
image: dpage/pgadmin4:latest
container_name: retail-pos-pgadmin
restart: unless-stopped
environment:
PGADMIN_DEFAULT_EMAIL: admin@retailpos.com
PGADMIN_DEFAULT_PASSWORD: admin123
ports:
- "5050:80"
depends_on:
- postgres
networks:
- retail-pos-network
profiles:
- tools
volumes:
postgres-data:
driver: local
redis-data:
driver: local
networks:
retail-pos-network:
driver: bridge

590
docs/AUTH_SYSTEM.md Normal file
View File

@@ -0,0 +1,590 @@
# JWT Authentication System - Retail POS API
## Overview
A complete JWT-based authentication system for the NestJS Retail POS backend, implementing secure user authentication, role-based access control (RBAC), and comprehensive user management.
## Features
- JWT authentication with Passport.js
- Role-based access control (Admin, Manager, Cashier, User)
- Secure password hashing with bcrypt (10 rounds)
- Global authentication guards with public route support
- Token validation and refresh mechanism
- User management with CRUD operations
- Swagger API documentation
- TypeORM database integration
---
## Architecture
### Modules
1. **AuthModule** (`src/modules/auth/`)
- Authentication logic
- JWT token generation and validation
- Login and registration endpoints
- Password validation
2. **UsersModule** (`src/modules/users/`)
- User CRUD operations
- User repository pattern
- Role management
3. **Common Guards** (`src/common/guards/`)
- Global JWT authentication guard
- Role-based authorization guard
4. **Common Decorators** (`src/common/decorators/`)
- @CurrentUser() - Extract user from request
- @Public() - Mark routes as public
- @Roles() - Specify required roles
---
## User Roles
```typescript
enum UserRole {
ADMIN = 'admin', // Full access to all endpoints
MANAGER = 'manager', // Product and category management
CASHIER = 'cashier', // Transaction processing only
USER = 'user', // Read-only access
}
```
---
## API Endpoints
### Authentication Endpoints
#### 1. Register User
```http
POST /api/auth/register
Content-Type: application/json
{
"name": "John Doe",
"email": "john@example.com",
"password": "Password123!",
"roles": ["user"] // Optional, defaults to ["user"]
}
```
**Response:**
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "uuid",
"name": "John Doe",
"email": "john@example.com",
"roles": ["user"],
"isActive": true,
"createdAt": "2025-01-15T10:00:00.000Z"
}
}
```
**Validation Rules:**
- Name: Required, max 255 characters
- Email: Valid email format, unique
- Password: Min 8 characters, must contain uppercase, lowercase, and number
- Roles: Optional array of valid UserRole values
---
#### 2. Login User
```http
POST /api/auth/login
Content-Type: application/json
{
"email": "admin@retailpos.com",
"password": "Admin123!"
}
```
**Response:**
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "uuid",
"name": "Admin User",
"email": "admin@retailpos.com",
"roles": ["admin"],
"isActive": true,
"createdAt": "2025-01-15T10:00:00.000Z"
}
}
```
---
#### 3. Get Current User Profile
```http
GET /api/auth/profile
Authorization: Bearer <access_token>
```
**Response:**
```json
{
"success": true,
"data": {
"id": "uuid",
"email": "admin@retailpos.com",
"name": "Admin User",
"roles": ["admin"],
"isActive": true
}
}
```
---
#### 4. Refresh Access Token
```http
POST /api/auth/refresh
Authorization: Bearer <access_token>
```
**Response:**
```json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "uuid",
"name": "Admin User",
"email": "admin@retailpos.com",
"roles": ["admin"],
"isActive": true,
"createdAt": "2025-01-15T10:00:00.000Z"
}
}
```
---
### User Management Endpoints (Protected)
#### 1. Get All Users (Admin/Manager)
```http
GET /api/users
Authorization: Bearer <access_token>
```
**Required Roles:** Admin, Manager
---
#### 2. Get User by ID (Admin/Manager)
```http
GET /api/users/:id
Authorization: Bearer <access_token>
```
**Required Roles:** Admin, Manager
---
#### 3. Create User (Admin Only)
```http
POST /api/users
Authorization: Bearer <access_token>
Content-Type: application/json
{
"name": "New User",
"email": "newuser@example.com",
"password": "Password123!",
"roles": ["cashier"],
"isActive": true
}
```
**Required Roles:** Admin
---
#### 4. Update User (Admin Only)
```http
PATCH /api/users/:id
Authorization: Bearer <access_token>
Content-Type: application/json
{
"name": "Updated Name",
"roles": ["manager"],
"isActive": false
}
```
**Required Roles:** Admin
**Note:** Password cannot be updated via this endpoint
---
#### 5. Delete User (Admin Only)
```http
DELETE /api/users/:id
Authorization: Bearer <access_token>
```
**Required Roles:** Admin
**Response:** 204 No Content
---
## Usage Examples
### 1. Using @Public() Decorator
Mark routes as public (skip JWT authentication):
```typescript
@Controller('products')
export class ProductsController {
@Get()
@Public() // This route is accessible without authentication
async findAll() {
return this.productsService.findAll();
}
@Post()
// This route requires authentication (global guard)
async create(@Body() dto: CreateProductDto) {
return this.productsService.create(dto);
}
}
```
---
### 2. Using @Roles() Decorator
Restrict routes to specific roles:
```typescript
@Controller('products')
export class ProductsController {
@Post()
@Roles(UserRole.ADMIN, UserRole.MANAGER) // Only admin and manager can create
async create(@Body() dto: CreateProductDto) {
return this.productsService.create(dto);
}
@Delete(':id')
@Roles(UserRole.ADMIN) // Only admin can delete
async remove(@Param('id') id: string) {
return this.productsService.remove(id);
}
}
```
---
### 3. Using @CurrentUser() Decorator
Extract current user from request:
```typescript
@Controller('profile')
export class ProfileController {
@Get()
@UseGuards(JwtAuthGuard)
async getProfile(@CurrentUser() user: User) {
// user object is automatically extracted from request
return {
id: user.id,
email: user.email,
name: user.name,
};
}
}
```
---
## Security Features
### Password Security
- **Hashing Algorithm:** bcrypt with 10 salt rounds
- **Validation Rules:**
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- **Password Exclusion:** Password field is never returned in API responses (@Exclude decorator)
### JWT Configuration
- **Secret:** Configured via JWT_SECRET environment variable
- **Expiration:** 1 day (configurable via JWT_EXPIRES_IN)
- **Token Storage:** Client-side (localStorage or secure storage)
- **Token Format:** Bearer token in Authorization header
### Global Guards
- **JWT Authentication:** Applied globally to all routes
- **Public Routes:** Use @Public() decorator to bypass authentication
- **Role-Based Access:** Use @Roles() decorator for authorization
---
## Database Schema
### Users Table
```sql
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
name VARCHAR(255) NOT NULL,
email VARCHAR(255) UNIQUE NOT NULL,
password VARCHAR(255) NOT NULL,
roles TEXT NOT NULL DEFAULT 'user',
isActive BOOLEAN DEFAULT true,
createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updatedAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
INDEX idx_users_email (email)
);
```
---
## Environment Variables
```bash
# JWT Configuration
JWT_SECRET=retail-pos-super-secret-key-change-in-production-2025
JWT_EXPIRES_IN=1d
# Database
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE=retail_pos
# Bcrypt
BCRYPT_ROUNDS=10
```
---
## Setup Instructions
### 1. Install Dependencies
All required dependencies are already installed:
- @nestjs/jwt
- @nestjs/passport
- passport
- passport-jwt
- bcrypt
### 2. Run Database Migration
```bash
npm run migration:run
```
### 3. Seed Default Users
```bash
npm run seed:run
```
This creates three default users:
- **Admin:** admin@retailpos.com / Admin123!
- **Manager:** manager@retailpos.com / Manager123!
- **Cashier:** cashier@retailpos.com / Cashier123!
### 4. Start Development Server
```bash
npm run start:dev
```
### 5. Access Swagger Documentation
Open browser: http://localhost:3000/api/docs
---
## Testing the Authentication System
### 1. Test Login
```bash
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "admin@retailpos.com",
"password": "Admin123!"
}'
```
### 2. Test Protected Endpoint
```bash
# Get the access_token from login response
curl -X GET http://localhost:3000/api/auth/profile \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```
### 3. Test Role-Based Access
```bash
# Admin only endpoint (get all users)
curl -X GET http://localhost:3000/api/users \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN"
```
---
## File Structure
```
src/
├── modules/
│ ├── auth/
│ │ ├── dto/
│ │ │ ├── login.dto.ts
│ │ │ ├── register.dto.ts
│ │ │ ├── auth-response.dto.ts
│ │ │ └── index.ts
│ │ ├── guards/
│ │ │ ├── jwt-auth.guard.ts
│ │ │ └── local-auth.guard.ts
│ │ ├── interfaces/
│ │ │ └── jwt-payload.interface.ts
│ │ ├── strategies/
│ │ │ ├── jwt.strategy.ts
│ │ │ └── local.strategy.ts
│ │ ├── auth.controller.ts
│ │ ├── auth.service.ts
│ │ └── auth.module.ts
│ └── users/
│ ├── dto/
│ │ ├── create-user.dto.ts
│ │ ├── update-user.dto.ts
│ │ ├── user-response.dto.ts
│ │ └── index.ts
│ ├── entities/
│ │ └── user.entity.ts
│ ├── users.controller.ts
│ ├── users.service.ts
│ ├── users.repository.ts
│ └── users.module.ts
├── common/
│ ├── decorators/
│ │ ├── current-user.decorator.ts
│ │ ├── public.decorator.ts
│ │ ├── roles.decorator.ts
│ │ └── index.ts
│ └── guards/
│ ├── jwt-auth.guard.ts
│ ├── roles.guard.ts
│ └── index.ts
└── database/
├── migrations/
│ └── 1704470000000-CreateUsersTable.ts
└── seeds/
├── users.seed.ts
└── run-seeds.ts
```
---
## Best Practices
1. **Never log passwords** - Always hash before storing
2. **Use HTTPS in production** - Never send tokens over HTTP
3. **Rotate JWT secrets regularly** - Update JWT_SECRET periodically
4. **Implement refresh tokens** - For long-lived sessions
5. **Log authentication events** - Track login attempts and failures
6. **Rate limit auth endpoints** - Prevent brute force attacks
7. **Validate all inputs** - Use DTOs with class-validator
8. **Handle token expiration** - Provide clear error messages
9. **Use strong passwords** - Enforce password complexity
10. **Implement account lockout** - After multiple failed attempts
---
## Error Responses
### 400 Bad Request
```json
{
"success": false,
"error": {
"statusCode": 400,
"message": "Validation failed",
"details": [
"password must be at least 8 characters long",
"email must be a valid email address"
]
},
"timestamp": "2025-01-15T10:00:00.000Z",
"path": "/api/auth/register"
}
```
### 401 Unauthorized
```json
{
"success": false,
"error": {
"statusCode": 401,
"message": "Invalid credentials"
},
"timestamp": "2025-01-15T10:00:00.000Z",
"path": "/api/auth/login"
}
```
### 403 Forbidden
```json
{
"success": false,
"error": {
"statusCode": 403,
"message": "Insufficient permissions"
},
"timestamp": "2025-01-15T10:00:00.000Z",
"path": "/api/users"
}
```
### 409 Conflict
```json
{
"success": false,
"error": {
"statusCode": 409,
"message": "Email already registered"
},
"timestamp": "2025-01-15T10:00:00.000Z",
"path": "/api/auth/register"
}
```
---
## Next Steps
1. **Implement Refresh Tokens:** Add refresh token table and rotation logic
2. **Add Email Verification:** Send verification emails on registration
3. **Implement Password Reset:** Forgot password functionality
4. **Add Two-Factor Authentication:** Enhanced security with 2FA
5. **Implement Session Management:** Track active sessions
6. **Add Rate Limiting:** Protect against brute force attacks
7. **Implement Account Lockout:** Lock accounts after failed attempts
8. **Add Audit Logging:** Track all authentication events
9. **Implement Social Login:** Google, Facebook, etc.
10. **Add API Key Authentication:** For service-to-service communication
---
## Support
For issues or questions:
- GitHub Issues: [Create an issue](https://github.com/yourusername/retail-pos)
- Email: support@retailpos.com
- Documentation: http://localhost:3000/api/docs

422
docs/DATABASE_SETUP.md Normal file
View File

@@ -0,0 +1,422 @@
# Database Setup Guide - Retail POS Backend
## Overview
Complete TypeORM database setup for the Retail POS NestJS backend with PostgreSQL.
## Created Files
### 1. Entity Files (Domain Models)
#### `/src/modules/users/entities/user.entity.ts`
- User entity with bcrypt password hashing
- UserRole enum (admin, manager, cashier, user)
- @BeforeInsert/@BeforeUpdate hooks for automatic password hashing
- validatePassword() method for authentication
- Exclude password from JSON responses
- Index on email field
#### `/src/modules/categories/entities/category.entity.ts`
- Category entity with unique name constraint
- Fields: name, description, iconPath, color, productCount
- OneToMany relationship with Products
- Index on name field
- Timestamps (createdAt, updatedAt)
#### `/src/modules/products/entities/product.entity.ts`
- Product entity with complete product information
- Fields: name, description, price, imageUrl, stockQuantity, isAvailable
- ManyToOne relationship with Category (CASCADE delete)
- OneToMany relationship with TransactionItems
- Composite index on [name, categoryId]
- Individual indexes on name and categoryId
#### `/src/modules/transactions/entities/transaction.entity.ts`
- Transaction entity for sales records
- Fields: subtotal, tax, discount, total, paymentMethod
- OneToMany relationship with TransactionItems (CASCADE)
- Index on completedAt for date-based queries
#### `/src/modules/transactions/entities/transaction-item.entity.ts`
- Transaction line items
- Fields: productName, price, quantity, lineTotal
- ManyToOne relationships with Transaction and Product
- Indexes on transactionId and productId
- Stores product snapshot at transaction time
### 2. Configuration Files
#### `/src/config/database.config.ts`
- TypeORM configuration using @nestjs/config
- Environment-based settings
- All entities registered
- Migration paths configured
- SSL support for production
- Synchronize always false (use migrations!)
#### `/src/database/data-source.ts`
- TypeORM DataSource for CLI operations
- Used by migration and seed commands
- Loads from .env file
- Same configuration as database.config.ts
### 3. Migration Files
#### `/src/database/migrations/1736518800000-InitialSchema.ts`
- Complete initial database schema
- Creates all 5 tables:
- users (with email index)
- categories (with name index)
- products (with name, categoryId, and composite indexes)
- transactions (with completedAt index)
- transaction_items (with transactionId and productId indexes)
- Sets up all foreign key relationships
- Enables uuid-ossp extension
- Proper up/down methods for rollback
### 4. Seed Files
#### `/src/database/seeds/categories.seed.ts`
- Seeds 6 common retail categories:
- Electronics (Blue)
- Clothing (Pink)
- Food & Beverages (Green)
- Home & Garden (Orange)
- Sports & Outdoors (Purple)
- Books & Media (Brown)
- Each with icon path and color
- Checks for existing records
#### `/src/database/seeds/products.seed.ts`
- Seeds 14 sample products across all categories
- Realistic prices and stock quantities
- Placeholder images
- Updates category product counts
- Covers all seeded categories
#### `/src/database/seeds/run-seeds.ts`
- Main seed runner script
- Runs seeds in correct order (categories → products)
- Proper error handling
- Database connection management
### 5. Environment Configuration
#### `.env.example`
- Complete environment variable template
- Database credentials
- JWT configuration
- Redis settings
- CORS configuration
- Rate limiting settings
## Database Schema
### Tables Created
```sql
users
├── id (uuid, PK)
├── name (varchar 255)
├── email (varchar 255, unique, indexed)
├── password (varchar 255)
├── roles (text array)
├── isActive (boolean)
├── createdAt (timestamp)
└── updatedAt (timestamp)
categories
├── id (uuid, PK)
├── name (varchar 255, unique, indexed)
├── description (text, nullable)
├── iconPath (varchar 255, nullable)
├── color (varchar 50, nullable)
├── productCount (int)
├── createdAt (timestamp)
└── updatedAt (timestamp)
products
├── id (uuid, PK)
├── name (varchar 255, indexed)
├── description (text, nullable)
├── price (decimal 10,2)
├── imageUrl (varchar 500, nullable)
├── categoryId (uuid, FK, indexed)
├── stockQuantity (int)
├── isAvailable (boolean)
├── createdAt (timestamp)
└── updatedAt (timestamp)
└── FK: categories(id) ON DELETE CASCADE
└── Composite Index: (name, categoryId)
transactions
├── id (uuid, PK)
├── subtotal (decimal 10,2)
├── tax (decimal 10,2)
├── discount (decimal 10,2)
├── total (decimal 10,2)
├── paymentMethod (varchar 50)
└── completedAt (timestamp, indexed)
transaction_items
├── id (uuid, PK)
├── transactionId (uuid, FK, indexed)
├── productId (uuid, FK, indexed)
├── productName (varchar 255)
├── price (decimal 10,2)
├── quantity (int)
└── lineTotal (decimal 10,2)
└── FK: transactions(id) ON DELETE CASCADE
└── FK: products(id) ON DELETE RESTRICT
```
## Setup Instructions
### 1. Prerequisites
```bash
# Ensure PostgreSQL is installed and running
psql --version
# Create database
createdb retail_pos
# Or using psql
psql -U postgres
CREATE DATABASE retail_pos;
\q
```
### 2. Configure Environment
```bash
# Copy example environment file
cp .env.example .env
# Edit .env with your database credentials
# At minimum, update:
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_DATABASE=retail_pos
```
### 3. Run Migrations
```bash
# Run all pending migrations
npm run migration:run
# Expected output:
# query: SELECT * FROM "information_schema"."tables" WHERE "table_schema" = 'public' AND "table_name" = 'migrations'
# query: CREATE TABLE "migrations" (...)
# Migration InitialSchema1736518800000 has been executed successfully.
```
### 4. Seed Database (Optional)
```bash
# Run seed scripts to populate with sample data
npm run seed:run
# Expected output:
# 🌱 Starting database seeding...
# ✓ Database connection established
# 📦 Seeding categories...
# ✓ Created category: Electronics
# ✓ Created category: Clothing
# ... (more categories)
# 📦 Seeding products...
# ✓ Created product: Wireless Mouse
# ... (more products)
# 🎉 Database seeding completed successfully!
```
### 5. Verify Setup
```bash
# Connect to database
psql -U postgres retail_pos
# Check tables
\dt
# Check products count
SELECT COUNT(*) FROM products;
# Check categories with product counts
SELECT name, "productCount" FROM categories;
# Exit
\q
```
## Available NPM Scripts
```bash
# TypeORM CLI operations
npm run typeorm -- <command>
# Generate a new migration (based on entity changes)
npm run migration:generate -- -n MigrationName
# Create an empty migration file
npm run migration:create -- src/database/migrations/MigrationName
# Run all pending migrations
npm run migration:run
# Revert the last migration
npm run migration:revert
# Seed the database
npm run seed:run
```
## Migration Workflow
### Creating New Migrations
1. **Modify entities** (add/remove fields, change relationships)
2. **Generate migration**:
```bash
npm run migration:generate -- -n AddColumnToProduct
```
3. **Review generated migration** in `src/database/migrations/`
4. **Run migration**:
```bash
npm run migration:run
```
5. **Test rollback** (in development):
```bash
npm run migration:revert
```
### Migration Best Practices
- ✅ Always review generated migrations before running
- ✅ Test migrations in development first
- ✅ Keep migrations small and focused
- ✅ Never modify existing migrations that have run in production
- ✅ Always provide up() and down() methods
- ✅ Backup database before running migrations in production
- ❌ Never use synchronize: true in production
## Entity Relationships
```
User (standalone)
Category (1) ----< Products (N)
|
|
v
Transaction (1) ----< TransactionItems (N) >---- Products (N)
```
## Key Features Implemented
### 1. Password Security
- Bcrypt hashing with 10 rounds
- Automatic hashing on insert/update
- Password excluded from JSON responses
- Validation method for authentication
### 2. UUID Primary Keys
- All tables use UUID v4
- uuid-ossp extension enabled
- Better for distributed systems
- No sequential ID exposure
### 3. Proper Indexing
- Email index on users
- Name index on categories
- Multiple indexes on products (name, categoryId, composite)
- Date index on transactions
- Foreign key indexes on transaction_items
### 4. Data Integrity
- Foreign key constraints
- Cascade deletes where appropriate
- Unique constraints (email, category name)
- Default values for booleans and integers
- Nullable vs required fields clearly defined
### 5. Timestamps
- Automatic createdAt on insert
- Automatic updatedAt on update
- Custom completedAt for transactions
## Troubleshooting
### Migration Issues
**Problem**: Migration fails with "relation already exists"
```bash
# Solution: Check if migration already ran
psql -U postgres retail_pos
SELECT * FROM migrations;
\q
```
**Problem**: Can't connect to database
```bash
# Check PostgreSQL is running
pg_isready
# Check credentials in .env
# Verify database exists
psql -U postgres -c "\l" | grep retail_pos
```
### Seed Issues
**Problem**: Seeds fail with foreign key constraint
```bash
# Solution: Run seeds in correct order (already handled in run-seeds.ts)
# Or clear database and re-seed:
npm run migration:revert
npm run migration:run
npm run seed:run
```
### TypeORM Issues
**Problem**: Entity not found
```bash
# Solution: Ensure entity is:
# 1. Exported from entity file
# 2. Added to data-source.ts entities array
# 3. Added to database.config.ts entities array
```
## Production Considerations
1. **Environment Variables**: Never commit .env to git
2. **SSL**: Enable SSL for production databases
3. **Connection Pooling**: Configure in data-source.ts
4. **Migrations**: Always run migrations manually, never use synchronize
5. **Backups**: Backup database before running migrations
6. **Monitoring**: Log slow queries in production
7. **Security**: Use strong passwords, restrict database access
## Next Steps
After database setup:
1. ✅ Create repository classes (see CLAUDE.md)
2. ✅ Create service classes for business logic
3. ✅ Create DTOs for validation
4. ✅ Create controllers for REST endpoints
5. ✅ Add authentication middleware
6. ✅ Implement caching with Redis
7. ✅ Add comprehensive tests
## Reference
- **TypeORM Docs**: https://typeorm.io
- **NestJS Database**: https://docs.nestjs.com/techniques/database
- **PostgreSQL Docs**: https://www.postgresql.org/docs/
---
**Database Expert**: NestJS Database Expert Subagent
**Created**: 2025-10-10
**Status**: ✅ Complete and Ready for Development

263
docs/DATABASE_SUMMARY.md Normal file
View File

@@ -0,0 +1,263 @@
# Database Setup - Completion Summary
## ✅ All Files Created Successfully
### Entity Files (5 files)
1.`/src/modules/users/entities/user.entity.ts`
- UserRole enum (admin, manager, cashier, user)
- Bcrypt password hashing with @BeforeInsert/@BeforeUpdate
- validatePassword() method
- Password excluded from JSON responses
- Email index
2.`/src/modules/categories/entities/category.entity.ts`
- Unique name constraint
- OneToMany relationship with Products
- Icon path and color fields
- Product count tracking
3.`/src/modules/products/entities/product.entity.ts`
- ManyToOne relationship with Category (CASCADE)
- OneToMany relationship with TransactionItems
- Composite index on name + categoryId
- Stock quantity and availability tracking
4.`/src/modules/transactions/entities/transaction.entity.ts`
- Financial fields (subtotal, tax, discount, total)
- Payment method tracking
- OneToMany relationship with TransactionItems (CASCADE)
- Indexed completedAt for date queries
5.`/src/modules/transactions/entities/transaction-item.entity.ts`
- ManyToOne relationships with Transaction and Product
- Product snapshot (name, price at transaction time)
- Line total calculation
- Indexed foreign keys
### Configuration Files (2 files)
1.`/src/config/database.config.ts`
- NestJS ConfigService integration
- Environment variable based configuration
- All entities registered
- Production SSL support
2.`/src/database/data-source.ts`
- TypeORM CLI data source
- Migration command support
- Seed command support
- Environment variable loading
### Migration Files (1 file)
1.`/src/database/migrations/1736518800000-InitialSchema.ts`
- Creates all 5 database tables
- UUID extension enabled
- All indexes created
- All foreign keys with proper CASCADE/RESTRICT
- Complete up() and down() methods
### Seed Files (3 files)
1.`/src/database/seeds/categories.seed.ts`
- 6 retail categories with colors and icons
- Duplicate check logic
2.`/src/database/seeds/products.seed.ts`
- 14 sample products across all categories
- Stock quantities and pricing
- Updates category product counts
3.`/src/database/seeds/run-seeds.ts`
- Main seed runner
- Proper execution order
- Error handling and connection management
### Environment Files (1 file)
1.`.env.example`
- Complete environment variable template
- Database, JWT, Redis, CORS configuration
- Rate limiting settings
### Documentation (1 file)
1.`DATABASE_SETUP.md`
- Complete setup guide
- Schema diagrams
- Migration workflow
- Troubleshooting guide
- Production considerations
## 📊 Database Schema Summary
### Tables: 5
- users (authentication & authorization)
- categories (product organization)
- products (inventory management)
- transactions (sales records)
- transaction_items (sales line items)
### Indexes: 11
- idx_users_email
- idx_categories_name
- idx_products_name
- idx_products_category
- idx_products_name_category (composite)
- idx_transactions_date
- idx_transaction_items_transaction
- idx_transaction_items_product
### Foreign Keys: 4
- products.categoryId → categories.id (CASCADE)
- transaction_items.transactionId → transactions.id (CASCADE)
- transaction_items.productId → products.id (RESTRICT)
### Relationships
- Category → Products (1:N)
- Product → TransactionItems (1:N)
- Transaction → TransactionItems (1:N, CASCADE)
- Product ← TransactionItems (N:1)
## 🔧 Key Implementation Features
### Security
✅ Bcrypt password hashing (10 rounds)
✅ Password excluded from JSON responses
✅ Automatic hashing on insert/update
✅ SSL support for production databases
### Performance
✅ Strategic indexes on frequently queried columns
✅ Composite index for complex queries
✅ Foreign key indexes for joins
✅ Date index for reporting queries
### Data Integrity
✅ UUID primary keys
✅ Foreign key constraints
✅ Cascade deletes where appropriate
✅ Unique constraints (email, category name)
✅ NOT NULL constraints on required fields
### Developer Experience
✅ Automatic timestamps (createdAt, updatedAt)
✅ TypeScript type safety
✅ Comprehensive seed data
✅ Up/down migration support
✅ Environment-based configuration
## 🚀 Next Steps to Get Running
### 1. Setup PostgreSQL Database
```bash
# Create database
createdb retail_pos
# Or using psql
psql -U postgres -c "CREATE DATABASE retail_pos;"
```
### 2. Configure Environment
```bash
# Update .env with your database credentials
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=your_password
DB_DATABASE=retail_pos
```
### 3. Run Migrations
```bash
npm run migration:run
```
### 4. Seed Database (Optional)
```bash
npm run seed:run
```
### 5. Verify Setup
```bash
psql -U postgres retail_pos -c "SELECT COUNT(*) FROM products;"
psql -U postgres retail_pos -c "SELECT name, \"productCount\" FROM categories;"
```
## 📝 Available Commands
```bash
# Run migrations
npm run migration:run
# Revert last migration
npm run migration:revert
# Generate new migration from entity changes
npm run migration:generate -- -n MigrationName
# Seed database with sample data
npm run seed:run
# TypeORM CLI access
npm run typeorm -- <command>
```
## 🎯 What's Implemented
✅ Complete database schema (5 tables, 11 indexes, 4 foreign keys)
✅ All entity definitions with proper decorators
✅ TypeORM data source configuration
✅ Initial migration file
✅ Seed scripts with sample data
✅ Environment configuration
✅ Password hashing with bcrypt
✅ Proper relationships and cascades
✅ Strategic indexing for performance
✅ Comprehensive documentation
## 🔄 Integration Points
The database setup is ready for:
-**Repositories**: Create TypeORM repository classes
-**Services**: Implement business logic layer
-**DTOs**: Create request/response validation objects
-**Controllers**: Build REST API endpoints
-**Authentication**: JWT strategy using User entity
-**Caching**: Redis integration for performance
-**Testing**: Unit and E2E tests with test database
## 📦 Files Created (Total: 13)
```
src/
├── config/
│ └── database.config.ts ✅
├── database/
│ ├── data-source.ts ✅
│ ├── migrations/
│ │ └── 1736518800000-InitialSchema.ts ✅
│ └── seeds/
│ ├── categories.seed.ts ✅
│ ├── products.seed.ts ✅
│ └── run-seeds.ts ✅
└── modules/
├── users/entities/
│ └── user.entity.ts ✅
├── categories/entities/
│ └── category.entity.ts ✅
├── products/entities/
│ └── product.entity.ts ✅
└── transactions/entities/
├── transaction.entity.ts ✅
└── transaction-item.entity.ts ✅
.env.example ✅
DATABASE_SETUP.md ✅
```
## 🎉 Status: COMPLETE & READY
All database infrastructure is in place and ready for application development. The schema follows NestJS and TypeORM best practices with proper indexing, relationships, and data integrity constraints.
---
**Created by**: NestJS Database Expert
**Date**: 2025-10-10
**TypeORM Version**: 0.3.27
**PostgreSQL Version**: 15+

409
docs/IMPLEMENTATION_SUMMARY.md Normal file
View File

@@ -0,0 +1,409 @@
# Authentication System Implementation Summary
## Completed Components
### 1. Auth Module (`src/modules/auth/`)
- **AuthController** - Register, Login, Profile, Refresh endpoints
- **AuthService** - User validation, JWT generation, password hashing
- **DTOs** - LoginDto, RegisterDto, AuthResponseDto
- **Strategies** - JwtStrategy, LocalStrategy (Passport.js)
- **Guards** - JwtAuthGuard, LocalAuthGuard
- **Interfaces** - JwtPayload interface
### 2. Users Module (`src/modules/users/`)
- **UsersController** - CRUD operations (Admin only)
- **UsersService** - Business logic, validation
- **UsersRepository** - Data access layer
- **User Entity** - TypeORM entity with UserRole enum
- **DTOs** - CreateUserDto, UpdateUserDto, UserResponseDto
### 3. Common Module (`src/common/`)
- **Decorators:**
- `@CurrentUser()` - Extract authenticated user
- `@Public()` - Mark routes as public
- `@Roles(...)` - Specify required roles
- **Guards:**
- `JwtAuthGuard` - Global JWT authentication (respects @Public)
- `RolesGuard` - Role-based access control
### 4. Database
- **Migration** - CreateUsersTable migration
- **Seed** - Default users (Admin, Manager, Cashier)
- **DataSource** - TypeORM configuration
### 5. Configuration
- **Environment Variables** - JWT_SECRET, DB config
- **JWT Config** - Token expiration, secret
- **Database Config** - PostgreSQL connection
---
## Key Features Implemented
### Security Features
- Bcrypt password hashing (10 rounds)
- JWT token authentication (1 day expiration)
- Password validation (min 8 chars, uppercase, lowercase, number)
- Password exclusion from API responses (@Exclude)
- Global authentication guards
- Role-based access control
### User Roles
- **ADMIN** - Full access to all endpoints
- **MANAGER** - Product and category management
- **CASHIER** - Transaction processing
- **USER** - Read-only access
### API Features
- Swagger documentation
- Global validation pipe
- CORS enabled
- Class serializer (excludes sensitive fields)
- Comprehensive error handling
---
## File Structure
```
src/
├── modules/
│ ├── auth/
│ │ ├── dto/
│ │ │ ├── login.dto.ts
│ │ │ ├── register.dto.ts
│ │ │ ├── auth-response.dto.ts
│ │ │ └── index.ts
│ │ ├── guards/
│ │ │ ├── jwt-auth.guard.ts
│ │ │ └── local-auth.guard.ts
│ │ ├── interfaces/
│ │ │ └── jwt-payload.interface.ts
│ │ ├── strategies/
│ │ │ ├── jwt.strategy.ts
│ │ │ └── local.strategy.ts
│ │ ├── auth.controller.ts
│ │ ├── auth.service.ts
│ │ └── auth.module.ts
│ │
│ └── users/
│ ├── dto/
│ │ ├── create-user.dto.ts
│ │ ├── update-user.dto.ts
│ │ ├── user-response.dto.ts
│ │ └── index.ts
│ ├── entities/
│ │ └── user.entity.ts
│ ├── users.controller.ts
│ ├── users.service.ts
│ ├── users.repository.ts
│ └── users.module.ts
├── common/
│ ├── decorators/
│ │ ├── current-user.decorator.ts
│ │ ├── public.decorator.ts
│ │ ├── roles.decorator.ts
│ │ └── index.ts
│ └── guards/
│ ├── jwt-auth.guard.ts
│ ├── roles.guard.ts
│ └── index.ts
├── database/
│ ├── migrations/
│ │ └── 1704470000000-CreateUsersTable.ts
│ ├── seeds/
│ │ ├── users.seed.ts
│ │ └── run-seeds.ts
│ └── data-source.ts
├── config/
│ ├── app.config.ts
│ ├── database.config.ts
│ ├── jwt.config.ts
│ └── redis.config.ts
├── app.module.ts (updated with Auth & Users modules)
├── main.ts (updated with global pipes, guards, swagger)
└── app.controller.ts (marked as @Public)
```
---
## API Endpoints
### Public Endpoints
- `GET /` - Health check
- `GET /health` - Health status
- `POST /api/auth/register` - Register new user
- `POST /api/auth/login` - Login user
### Protected Endpoints
- `GET /api/auth/profile` - Get current user (Authenticated)
- `POST /api/auth/refresh` - Refresh token (Authenticated)
- `GET /api/users` - List users (Admin/Manager)
- `GET /api/users/:id` - Get user (Admin/Manager)
- `POST /api/users` - Create user (Admin only)
- `PATCH /api/users/:id` - Update user (Admin only)
- `DELETE /api/users/:id` - Delete user (Admin only)
---
## Environment Variables Required
```bash
# Application
NODE_ENV=development
PORT=3000
API_PREFIX=api
# Database
DB_HOST=localhost
DB_PORT=5432
DB_USERNAME=postgres
DB_PASSWORD=postgres
DB_DATABASE=retail_pos
# JWT
JWT_SECRET=retail-pos-super-secret-key-change-in-production-2025
JWT_EXPIRES_IN=1d
# CORS
CORS_ORIGIN=http://localhost:3000,capacitor://localhost
# Rate Limiting
THROTTLE_TTL=60
THROTTLE_LIMIT=100
# Bcrypt
BCRYPT_ROUNDS=10
```
---
## Setup & Run Instructions
### 1. Install Dependencies (Already Done)
All required packages are installed:
- @nestjs/jwt
- @nestjs/passport
- passport, passport-jwt
- bcrypt
- class-validator, class-transformer
### 2. Run Database Migration
```bash
npm run migration:run
```
### 3. Seed Default Users
```bash
npm run seed:run
```
Default credentials:
- Admin: `admin@retailpos.com` / `Admin123!`
- Manager: `manager@retailpos.com` / `Manager123!`
- Cashier: `cashier@retailpos.com` / `Cashier123!`
### 4. Start Development Server
```bash
npm run start:dev
```
### 5. Access Swagger Documentation
```
http://localhost:3000/api/docs
```
---
## Testing the System
### 1. Test Registration
```bash
curl -X POST http://localhost:3000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"name": "Test User",
"email": "test@example.com",
"password": "Test123!"
}'
```
### 2. Test Login
```bash
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "admin@retailpos.com",
"password": "Admin123!"
}'
```
### 3. Test Protected Endpoint
```bash
curl -X GET http://localhost:3000/api/auth/profile \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```
### 4. Test Admin Endpoint
```bash
curl -X GET http://localhost:3000/api/users \
-H "Authorization: Bearer YOUR_ADMIN_TOKEN"
```
---
## Usage Examples
### Protecting a Controller
```typescript
@Controller('products')
@UseGuards(JwtAuthGuard) // Protect entire controller
export class ProductsController {
// All routes require authentication
}
```
### Public Route
```typescript
@Get('products')
@Public() // Skip authentication
async findAll() {
return this.productsService.findAll();
}
```
### Role-Based Authorization
```typescript
@Post('products')
@Roles(UserRole.ADMIN, UserRole.MANAGER) // Only admin and manager
async create(@Body() dto: CreateProductDto) {
return this.productsService.create(dto);
}
```
### Get Current User
```typescript
@Get('profile')
async getProfile(@CurrentUser() user: User) {
// user contains: id, email, name, roles
return user;
}
```
---
## Implementation Details
### Password Hashing
- Passwords are hashed in **AuthService.register()** using bcrypt
- Hash rounds: 10
- Validation: AuthService.validateUser() uses bcrypt.compare()
### JWT Token Structure
```json
{
"sub": "user-uuid",
"email": "user@example.com",
"roles": ["admin"],
"iat": 1704470400,
"exp": 1704556800
}
```
### Global Guards
Registered in `app.module.ts`:
1. **JwtAuthGuard** - Applied to all routes, respects @Public()
2. **RolesGuard** - Checks @Roles() decorator
### Error Handling
- 400: Validation failed
- 401: Unauthorized (invalid credentials)
- 403: Forbidden (insufficient permissions)
- 409: Conflict (email already exists)
- 404: Not found
---
## Best Practices Implemented
1. Password never returned in responses (@Exclude)
2. Proper separation of concerns (Controller → Service → Repository)
3. DTO validation with class-validator
4. Repository pattern for data access
5. Global guards for authentication
6. Role-based access control
7. Environment-based configuration
8. Swagger API documentation
9. TypeScript strict mode
10. Error handling and proper HTTP status codes
---
## Next Steps / Enhancements
1. **Refresh Token Implementation**
- Add refresh_token table
- Implement token rotation
- Add /auth/logout endpoint
2. **Email Verification**
- Send verification email on registration
- Add email_verified flag
- Create verification endpoint
3. **Password Reset**
- Forgot password flow
- Reset token generation
- Password reset endpoint
4. **Two-Factor Authentication**
- TOTP implementation
- QR code generation
- 2FA verification
5. **Rate Limiting**
- Add @Throttle() to auth endpoints
- Implement IP-based rate limiting
- Add account lockout after failed attempts
6. **Audit Logging**
- Log all authentication events
- Track login attempts
- Monitor suspicious activity
7. **Session Management**
- Track active sessions
- Implement force logout
- Session timeout handling
---
## Documentation
- **AUTH_SYSTEM.md** - Complete authentication system documentation
- **Swagger Docs** - Interactive API documentation at `/api/docs`
- **Code Comments** - Inline documentation for all components
---
## Summary
The authentication system is fully implemented and ready for use. All endpoints are functional, secure, and documented. The system follows NestJS best practices and provides a solid foundation for building the rest of the Retail POS API.
### Key Achievements:
- JWT authentication with Passport.js
- Role-based access control (4 roles)
- Secure password handling
- Global authentication guards
- Comprehensive API documentation
- Database migrations and seeds
- Proper error handling
- TypeScript type safety
- Production-ready security features
The system is ready for integration with Products, Categories, Transactions, and Sync modules.

365
docs/PRODUCTS_API_IMPLEMENTATION.md Normal file
View File

@@ -0,0 +1,365 @@
# Products API Implementation Summary
## Overview
Complete implementation of the Products API module for the Retail POS backend, including all DTOs, controllers, services, repositories, and business logic.
## Files Created
### 1. DTOs (`src/modules/products/dto/`)
#### `create-product.dto.ts`
- **Fields**:
- `name` (required, string, 1-255 characters)
- `description` (optional, string, max 1000 characters)
- `price` (required, number, min 0, max 2 decimal places)
- `imageUrl` (optional, URL)
- `categoryId` (required, UUID)
- `stockQuantity` (optional, number, min 0, default 0)
- `isAvailable` (optional, boolean, default true)
- **Validations**: class-validator decorators with proper constraints
- **Documentation**: Full Swagger/OpenAPI annotations
#### `update-product.dto.ts`
- **Extension**: PartialType of CreateProductDto
- All fields are optional for partial updates
#### `get-products.dto.ts`
- **Extends**: PaginationDto (provides page/limit)
- **Filters**:
- `categoryId` (UUID filter)
- `search` (string search in name/description)
- `minPrice` (number, min 0)
- `maxPrice` (number, min 0)
- `isAvailable` (boolean)
- **Transform**: Boolean query params properly transformed
#### `product-response.dto.ts`
- **ProductResponseDto**: Structured response with @Expose decorators
- **CategoryInProductResponseDto**: Nested category details
- **Fields**: All product fields plus populated category relation
#### `index.ts`
- Exports all DTOs for easy imports
### 2. Repository (`products.repository.ts`)
**Features**:
- Extends TypeORM Repository<Product>
- Custom query methods with QueryBuilder
**Methods**:
- `createFilteredQuery(filters)` - Apply all filters to query builder
- `findWithFilters(filters)` - Paginated products with filters
- `findOneWithCategory(id)` - Single product with category relation
- `findByCategory(categoryId, page, limit)` - Products by category
- `searchProducts(query, page, limit)` - Search by name/description
- `updateStock(id, quantity)` - Update stock quantity
- `incrementStock(id, amount)` - Increment stock
- `decrementStock(id, amount)` - Decrement stock
**Query Optimizations**:
- Left join on category relation
- Efficient WHERE clauses for filters
- LIKE queries with LOWER() for case-insensitive search
- Proper pagination with skip/take
### 3. Service (`products.service.ts`)
**Features**:
- Business logic implementation
- Transaction management with QueryRunner
- Proper error handling with specific exceptions
**Methods**:
#### `findAll(filters)`
- Fetches products with pagination and filters
- Returns [Product[], total count]
#### `findOne(id)`
- Get single product by ID with category
- Throws NotFoundException if not found
#### `findByCategory(categoryId, page, limit)`
- Validates category exists
- Returns products for specific category
#### `search(query, page, limit)`
- Validates search query not empty
- Searches in name and description
#### `create(createProductDto)`
- **Transaction-based**:
1. Validate category exists
2. Create product
3. Increment category product count
4. Commit transaction
- **Error handling**: Rollback on failure
#### `update(id, updateProductDto)`
- **Transaction-based**:
1. Find existing product
2. If category changed:
- Validate new category exists
- Decrement old category count
- Increment new category count
3. Update product
4. Commit transaction
- **Error handling**: Rollback on failure
#### `remove(id)`
- **Transaction-based**:
1. Find product with transaction items relation
2. Check if product used in transactions
3. If used, throw BadRequestException
4. Decrement category product count
5. Delete product
6. Commit transaction
- **Business rule**: Cannot delete products used in transactions
#### `updateStock(id, quantity)`
- Validates quantity not negative
- Updates product stock
### 4. Controller (`products.controller.ts`)
**Configuration**:
- `@ApiTags('products')` - Swagger grouping
- Base route: `/products`
**Endpoints**:
#### `GET /products` (Public)
- **Summary**: Get all products with pagination and filters
- **Query params**: GetProductsDto (page, limit, categoryId, search, minPrice, maxPrice, isAvailable)
- **Response**: Paginated list with metadata
- **Status**: 200 OK
#### `GET /products/search?q=query` (Public)
- **Summary**: Search products by name or description
- **Query params**: q (search query), page, limit
- **Response**: Paginated search results
- **Status**: 200 OK, 400 Bad Request
#### `GET /products/category/:categoryId` (Public)
- **Summary**: Get products by category
- **Params**: categoryId (UUID)
- **Query params**: page, limit
- **Response**: Paginated products in category
- **Status**: 200 OK, 404 Not Found
#### `GET /products/:id` (Public)
- **Summary**: Get single product by ID
- **Params**: id (UUID)
- **Response**: Single product with category
- **Status**: 200 OK, 404 Not Found
#### `POST /products` (Admin/Manager)
- **Summary**: Create new product
- **Auth**: JWT Bearer token required
- **Roles**: Admin, Manager
- **Body**: CreateProductDto
- **Response**: Created product
- **Status**: 201 Created, 400 Bad Request, 404 Category Not Found
#### `PUT /products/:id` (Admin/Manager)
- **Summary**: Update product
- **Auth**: JWT Bearer token required
- **Roles**: Admin, Manager
- **Params**: id (UUID)
- **Body**: UpdateProductDto
- **Response**: Updated product
- **Status**: 200 OK, 400 Bad Request, 404 Not Found
#### `DELETE /products/:id` (Admin)
- **Summary**: Delete product
- **Auth**: JWT Bearer token required
- **Roles**: Admin only
- **Params**: id (UUID)
- **Response**: No content
- **Status**: 204 No Content, 400 Cannot Delete, 404 Not Found
**Features**:
- Full Swagger documentation with @ApiOperation, @ApiResponse
- @ParseUUIDPipe for UUID validation
- plainToInstance for DTO transformation
- Consistent ApiResponseDto wrapper
- Proper HTTP status codes
### 5. Module (`products.module.ts`)
**Configuration**:
- Imports TypeOrmModule with Product and Category entities
- Registers ProductsController
- Provides ProductsService and ProductsRepository
- Exports service and repository for use in other modules
## Key Features Implemented
### 1. Authentication & Authorization
- Public endpoints: GET requests (list, search, single)
- Protected endpoints: POST, PUT, DELETE
- Role-based access:
- Admin + Manager: Create, Update
- Admin only: Delete
### 2. Validation
- Request validation with class-validator
- UUID validation with ParseUUIDPipe
- Query parameter transformation
- Business logic validation (category exists, stock quantity)
### 3. Business Logic
- **Category Product Count**: Automatically updated on create/update/delete
- **Category Change**: Handles count updates when product category changes
- **Transaction Safety**: Products used in transactions cannot be deleted
- **Stock Management**: Proper stock quantity validation and updates
### 4. Error Handling
- NotFoundException: Resource not found
- BadRequestException: Invalid input or business rule violation
- InternalServerErrorException: Unexpected errors
- Transaction rollback on failures
### 5. Database Optimization
- QueryBuilder for complex queries
- Left joins for relations
- Indexes on name, categoryId
- Composite index on name + categoryId
- Case-insensitive search with LOWER()
### 6. Response Format
- Consistent ApiResponseDto wrapper
- Success responses with data and message
- Paginated responses with metadata:
- page, limit, total, totalPages
- hasPreviousPage, hasNextPage
- DTO transformation with class-transformer
### 7. API Documentation
- Complete Swagger/OpenAPI annotations
- Request/response examples
- Parameter descriptions
- Status code documentation
- Bearer auth documentation
## API Routes
```
Public Routes:
GET /products - List all products (paginated, filtered)
GET /products/search?q=query - Search products
GET /products/category/:categoryId - Products by category
GET /products/:id - Single product details
Protected Routes (Admin/Manager):
POST /products - Create product
PUT /products/:id - Update product
Protected Routes (Admin only):
DELETE /products/:id - Delete product
```
## Example API Calls
### List Products with Filters
```http
GET /api/products?page=1&limit=20&categoryId=uuid&search=laptop&minPrice=100&maxPrice=1000&isAvailable=true
```
### Search Products
```http
GET /api/products/search?q=gaming&page=1&limit=10
```
### Create Product
```http
POST /api/products
Authorization: Bearer <token>
Content-Type: application/json
{
"name": "Gaming Laptop",
"description": "High-performance gaming laptop",
"price": 1299.99,
"imageUrl": "https://example.com/image.jpg",
"categoryId": "uuid",
"stockQuantity": 50,
"isAvailable": true
}
```
### Update Product
```http
PUT /api/products/:id
Authorization: Bearer <token>
Content-Type: application/json
{
"price": 1199.99,
"stockQuantity": 45
}
```
### Delete Product
```http
DELETE /api/products/:id
Authorization: Bearer <token>
```
## Integration
The module is registered in `app.module.ts`:
```typescript
import { ProductsModule } from './modules/products/products.module';
@Module({
imports: [
// ...
ProductsModule,
],
})
```
## Testing Recommendations
### Unit Tests
- ProductsService methods
- Business logic validation
- Error handling scenarios
- Transaction rollback
### Integration Tests
- ProductsRepository queries
- Database operations
- Relations loading
### E2E Tests
- All API endpoints
- Authentication/authorization
- Filter combinations
- Error responses
- Edge cases
## Next Steps
1. **Categories Module**: Similar structure for category management
2. **Transactions Module**: Transaction processing with products
3. **Caching**: Add Redis caching for frequently accessed products
4. **Soft Delete**: Optional soft delete instead of hard delete
5. **Audit Trail**: Track who created/updated products
6. **Product Images**: File upload functionality
7. **Bulk Operations**: Bulk create/update/delete endpoints
## Best Practices Followed
1. Separation of concerns (Controller → Service → Repository)
2. Transaction management for data consistency
3. Proper error handling with specific exceptions
4. Input validation at DTO level
5. Business validation at service level
6. Query optimization with QueryBuilder
7. Comprehensive API documentation
8. Role-based access control
9. Consistent response format
10. TypeScript strict mode compliance

1360
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

31
package.json
View File

@@ -17,14 +17,37 @@
"test:watch": "jest --watch", "test:watch": "jest --watch",
"test:cov": "jest --coverage", "test:cov": "jest --coverage",
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand", "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
"test:e2e": "jest --config ./test/jest-e2e.json" "test:e2e": "jest --config ./test/jest-e2e.json",
"typeorm": "typeorm-ts-node-commonjs",
"migration:generate": "npm run typeorm -- migration:generate -d src/database/data-source.ts",
"migration:create": "npm run typeorm -- migration:create",
"migration:run": "npm run typeorm -- migration:run -d src/database/data-source.ts",
"migration:revert": "npm run typeorm -- migration:revert -d src/database/data-source.ts",
"seed:run": "ts-node src/database/seeds/run-seeds.ts"
}, },
"dependencies": { "dependencies": {
"@nestjs/cache-manager": "^3.0.1",
"@nestjs/common": "^11.0.1", "@nestjs/common": "^11.0.1",
"@nestjs/config": "^4.0.2",
"@nestjs/core": "^11.0.1", "@nestjs/core": "^11.0.1",
"@nestjs/jwt": "^11.0.0",
"@nestjs/passport": "^11.0.5",
"@nestjs/platform-express": "^11.0.1", "@nestjs/platform-express": "^11.0.1",
"@nestjs/swagger": "^11.2.0",
"@nestjs/throttler": "^6.4.0",
"@nestjs/typeorm": "^11.0.0",
"bcrypt": "^6.0.0",
"cache-manager": "^7.2.4",
"cache-manager-redis-store": "^3.0.1",
"class-transformer": "^0.5.1",
"class-validator": "^0.14.2",
"passport": "^0.7.0",
"passport-jwt": "^4.0.1",
"passport-local": "^1.0.0",
"pg": "^8.16.3",
"reflect-metadata": "^0.2.2", "reflect-metadata": "^0.2.2",
"rxjs": "^7.8.1" "rxjs": "^7.8.1",
"typeorm": "^0.3.27"
}, },
"devDependencies": { "devDependencies": {
"@eslint/eslintrc": "^3.2.0", "@eslint/eslintrc": "^3.2.0",
@@ -32,9 +55,13 @@
"@nestjs/cli": "^11.0.0", "@nestjs/cli": "^11.0.0",
"@nestjs/schematics": "^11.0.0", "@nestjs/schematics": "^11.0.0",
"@nestjs/testing": "^11.0.1", "@nestjs/testing": "^11.0.1",
"@types/bcrypt": "^6.0.0",
"@types/cache-manager": "^4.0.6",
"@types/express": "^5.0.0", "@types/express": "^5.0.0",
"@types/jest": "^30.0.0", "@types/jest": "^30.0.0",
"@types/node": "^22.10.7", "@types/node": "^22.10.7",
"@types/passport-jwt": "^4.0.1",
"@types/passport-local": "^1.0.38",
"@types/supertest": "^6.0.2", "@types/supertest": "^6.0.2",
"eslint": "^9.18.0", "eslint": "^9.18.0",
"eslint-config-prettier": "^10.0.1", "eslint-config-prettier": "^10.0.1",

19
src/app.controller.ts
View File

@@ -1,12 +1,31 @@
import { Controller, Get } from '@nestjs/common'; import { Controller, Get } from '@nestjs/common';
import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
import { AppService } from './app.service'; import { AppService } from './app.service';
import { Public } from './common/decorators/public.decorator';
@ApiTags('Health')
@Controller() @Controller()
export class AppController { export class AppController {
constructor(private readonly appService: AppService) {} constructor(private readonly appService: AppService) {}
@Get() @Get()
@Public()
@ApiOperation({ summary: 'Health check endpoint' })
@ApiResponse({ status: 200, description: 'API is running' })
getHello(): string { getHello(): string {
return this.appService.getHello(); return this.appService.getHello();
} }
@Get('health')
@Public()
@ApiOperation({ summary: 'Health check endpoint' })
@ApiResponse({ status: 200, description: 'API health status' })
getHealth() {
return {
status: 'ok',
timestamp: new Date().toISOString(),
service: 'Retail POS API',
version: '1.0.0',
};
}
} }

112
src/app.module.ts
View File

@@ -1,10 +1,118 @@
import { Module } from '@nestjs/common'; import { Module } from '@nestjs/common';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { TypeOrmModule } from '@nestjs/typeorm';
import { CacheModule } from '@nestjs/cache-manager';
import { ThrottlerModule } from '@nestjs/throttler';
import { APP_GUARD } from '@nestjs/core';
import { AppController } from './app.controller'; import { AppController } from './app.controller';
import { AppService } from './app.service'; import { AppService } from './app.service';
// Common module
import { CommonModule } from './common/common.module';
// Feature modules
import { AuthModule } from './modules/auth/auth.module';
import { UsersModule } from './modules/users/users.module';
import { ProductsModule } from './modules/products/products.module';
import { CategoriesModule } from './modules/categories/categories.module';
// import { TransactionsModule } from './modules/transactions/transactions.module';
// import { SyncModule } from './modules/sync/sync.module';
// Guards
import { JwtAuthGuard } from './common/guards/jwt-auth.guard';
import { RolesGuard } from './common/guards/roles.guard';
// Configuration
import appConfig from './config/app.config';
import databaseConfig from './config/database.config';
import jwtConfig from './config/jwt.config';
import redisConfig from './config/redis.config';
@Module({ @Module({
imports: [], imports: [
// Global configuration module
ConfigModule.forRoot({
isGlobal: true,
load: [appConfig, databaseConfig, jwtConfig, redisConfig],
envFilePath: ['.env.local', '.env'],
cache: true,
}),
// Database module with TypeORM
TypeOrmModule.forRootAsync({
imports: [ConfigModule],
useFactory: (configService: ConfigService) => {
const config = configService.get('database');
if (!config) {
throw new Error('Database configuration not found');
}
return config;
},
inject: [ConfigService],
}),
// Cache module with Redis support
CacheModule.registerAsync({
isGlobal: true,
imports: [ConfigModule],
useFactory: async (configService: ConfigService) => ({
ttl: configService.get<number>('redis.ttl'),
max: configService.get<number>('redis.max'),
// For Redis: install cache-manager-redis-store and uncomment
// store: await redisStore({
// socket: {
// host: configService.get<string>('redis.host'),
// port: configService.get<number>('redis.port'),
// },
// }),
}),
inject: [ConfigService],
}),
// Rate limiting / Throttling
ThrottlerModule.forRootAsync({
imports: [ConfigModule],
useFactory: (configService: ConfigService) => ({
throttlers: [
{
ttl: parseInt(
configService.get<string>('THROTTLE_TTL', '60'),
10,
),
limit: parseInt(
configService.get<string>('THROTTLE_LIMIT', '100'),
10,
),
},
],
}),
inject: [ConfigService],
}),
// Common module (global utilities)
CommonModule,
// Feature modules
AuthModule,
UsersModule,
ProductsModule,
CategoriesModule,
// TransactionsModule, // To be created
// SyncModule, // To be created
],
controllers: [AppController], controllers: [AppController],
providers: [AppService], providers: [
AppService,
// Global JWT authentication guard (respects @Public() decorator)
{
provide: APP_GUARD,
useClass: JwtAuthGuard,
},
// Global roles guard (checks @Roles() decorator)
{
provide: APP_GUARD,
useClass: RolesGuard,
},
],
}) })
export class AppModule {} export class AppModule {}

14
src/common/common.module.ts Normal file
View File

@@ -0,0 +1,14 @@
import { Module, Global } from '@nestjs/common';
/**
* Global Common Module
* Provides shared utilities, DTOs, filters, interceptors, and pipes
* available across all modules without explicit imports
*/
@Global()
@Module({
imports: [],
providers: [],
exports: [],
})
export class CommonModule {}

12
src/common/decorators/current-user.decorator.ts Normal file
View File

@@ -0,0 +1,12 @@
import { createParamDecorator, ExecutionContext } from '@nestjs/common';
/**
* Custom decorator to extract current user from request
* Usage: @CurrentUser() user: User
*/
export const CurrentUser = createParamDecorator(
(data: unknown, ctx: ExecutionContext) => {
const request = ctx.switchToHttp().getRequest();
return request.user;
},
);

3
src/common/decorators/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './current-user.decorator';
export * from './public.decorator';
export * from './roles.decorator';

9
src/common/decorators/public.decorator.ts Normal file
View File

@@ -0,0 +1,9 @@
import { SetMetadata } from '@nestjs/common';
export const IS_PUBLIC_KEY = 'isPublic';
/**
* Decorator to mark routes as public (skip JWT authentication)
* Usage: @Public()
*/
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

10
src/common/decorators/roles.decorator.ts Normal file
View File

@@ -0,0 +1,10 @@
import { SetMetadata } from '@nestjs/common';
import { UserRole } from '../../modules/users/entities/user.entity';
export const ROLES_KEY = 'roles';
/**
* Decorator to specify required roles for a route
* Usage: @Roles(UserRole.ADMIN, UserRole.MANAGER)
*/
export const Roles = (...roles: UserRole[]) => SetMetadata(ROLES_KEY, roles);

69
src/common/dto/api-response.dto.ts Normal file
View File

@@ -0,0 +1,69 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class PaginationMetaDto {
@ApiProperty({ description: 'Current page number' })
page: number;
@ApiProperty({ description: 'Number of items per page' })
limit: number;
@ApiProperty({ description: 'Total number of items' })
total: number;
@ApiProperty({ description: 'Total number of pages' })
totalPages: number;
@ApiProperty({ description: 'Has previous page' })
hasPreviousPage: boolean;
@ApiProperty({ description: 'Has next page' })
hasNextPage: boolean;
}
export class ApiResponseDto<T> {
@ApiProperty({ description: 'Success status' })
success: boolean;
@ApiProperty({ description: 'Response data' })
data?: T;
@ApiPropertyOptional({ description: 'Response message' })
message?: string;
@ApiPropertyOptional({ type: PaginationMetaDto })
meta?: PaginationMetaDto;
constructor(success: boolean, data?: T, message?: string, meta?: PaginationMetaDto) {
this.success = success;
this.data = data;
this.message = message;
this.meta = meta;
}
static success<T>(data: T, message?: string): ApiResponseDto<T> {
return new ApiResponseDto(true, data, message || 'Operation successful');
}
static successWithMeta<T>(
data: T,
page: number,
limit: number,
total: number,
message?: string,
): ApiResponseDto<T> {
const totalPages = Math.ceil(total / limit);
const meta: PaginationMetaDto = {
page,
limit,
total,
totalPages,
hasPreviousPage: page > 1,
hasNextPage: page < totalPages,
};
return new ApiResponseDto(true, data, message || 'Operation successful', meta);
}
static error(message: string): ApiResponseDto<null> {
return new ApiResponseDto(false, null, message);
}
}

37
src/common/dto/pagination.dto.ts Normal file
View File

@@ -0,0 +1,37 @@
import { IsOptional, IsInt, Min, Max } from 'class-validator';
import { Type } from 'class-transformer';
import { ApiPropertyOptional } from '@nestjs/swagger';
export class PaginationDto {
@ApiPropertyOptional({
description: 'Page number (1-indexed)',
minimum: 1,
default: 1,
})
@IsOptional()
@Type(() => Number)
@IsInt()
@Min(1)
page?: number = 1;
@ApiPropertyOptional({
description: 'Number of items per page',
minimum: 1,
maximum: 100,
default: 20,
})
@IsOptional()
@Type(() => Number)
@IsInt()
@Min(1)
@Max(100)
limit?: number = 20;
get skip(): number {
return (this.page - 1) * this.limit;
}
get take(): number {
return this.limit;
}
}

54
src/common/filters/all-exceptions.filter.ts Normal file
View File

@@ -0,0 +1,54 @@
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpException,
HttpStatus,
Logger,
} from '@nestjs/common';
import { Request, Response } from 'express';
import { IErrorResponse } from '../interfaces/api-response.interface';
@Catch()
export class AllExceptionsFilter implements ExceptionFilter {
private readonly logger = new Logger(AllExceptionsFilter.name);
catch(exception: unknown, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>();
const request = ctx.getRequest<Request>();
let status = HttpStatus.INTERNAL_SERVER_ERROR;
let message: string | string[] = 'Internal server error';
if (exception instanceof HttpException) {
status = exception.getStatus();
const exceptionResponse = exception.getResponse();
message =
typeof exceptionResponse === 'string'
? exceptionResponse
: (exceptionResponse as any).message || exception.message;
} else if (exception instanceof Error) {
message = exception.message;
}
const errorResponse: IErrorResponse = {
success: false,
error: {
statusCode: status,
message,
details: exception instanceof Error ? exception.stack : undefined,
},
timestamp: new Date().toISOString(),
path: request.url,
};
// Log error with full stack trace for debugging
this.logger.error(
`Unhandled Exception: ${request.method} ${request.url}`,
exception instanceof Error ? exception.stack : JSON.stringify(exception),
);
response.status(status).json(errorResponse);
}
}

50
src/common/filters/http-exception.filter.ts Normal file
View File

@@ -0,0 +1,50 @@
import {
ExceptionFilter,
Catch,
ArgumentsHost,
HttpException,
HttpStatus,
Logger,
} from '@nestjs/common';
import { Request, Response } from 'express';
import { IErrorResponse } from '../interfaces/api-response.interface';
@Catch(HttpException)
export class HttpExceptionFilter implements ExceptionFilter {
private readonly logger = new Logger(HttpExceptionFilter.name);
catch(exception: HttpException, host: ArgumentsHost) {
const ctx = host.switchToHttp();
const response = ctx.getResponse<Response>();
const request = ctx.getRequest<Request>();
const status = exception.getStatus();
const exceptionResponse = exception.getResponse();
const message =
typeof exceptionResponse === 'string'
? exceptionResponse
: (exceptionResponse as any).message || exception.message;
const errorResponse: IErrorResponse = {
success: false,
error: {
statusCode: status,
message,
details:
typeof exceptionResponse === 'object'
? (exceptionResponse as any).error
: undefined,
},
timestamp: new Date().toISOString(),
path: request.url,
};
// Log error for monitoring
this.logger.error(
`HTTP ${status} Error: ${request.method} ${request.url}`,
JSON.stringify(errorResponse),
);
response.status(status).json(errorResponse);
}
}

2
src/common/guards/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from './jwt-auth.guard';
export * from './roles.guard';

41
src/common/guards/jwt-auth.guard.ts Normal file
View File

@@ -0,0 +1,41 @@
import {
ExecutionContext,
Injectable,
UnauthorizedException,
} from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
/**
* Global JWT authentication guard that respects @Public() decorator
*/
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {
constructor(private reflector: Reflector) {
super();
}
canActivate(context: ExecutionContext) {
// Check if route is marked as public
const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
context.getHandler(),
context.getClass(),
]);
if (isPublic) {
return true;
}
// Call parent AuthGuard to validate JWT
return super.canActivate(context);
}
handleRequest(err, user, info) {
// Throw an exception if JWT validation fails
if (err || !user) {
throw err || new UnauthorizedException('Invalid or missing JWT token');
}
return user;
}
}

30
src/common/guards/roles.guard.ts Normal file
View File

@@ -0,0 +1,30 @@
import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { ROLES_KEY } from '../decorators/roles.decorator';
import { UserRole } from '../../modules/users/entities/user.entity';
/**
* Role-based access control guard
* Checks if user has required roles specified by @Roles() decorator
*/
@Injectable()
export class RolesGuard implements CanActivate {
constructor(private reflector: Reflector) {}
canActivate(context: ExecutionContext): boolean {
const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
ROLES_KEY,
[context.getHandler(), context.getClass()],
);
// If no roles are required, allow access
if (!requiredRoles) {
return true;
}
const { user } = context.switchToHttp().getRequest();
// Check if user has any of the required roles
return requiredRoles.some((role) => user.roles?.includes(role));
}
}

23
src/common/index.ts Normal file
View File

@@ -0,0 +1,23 @@
// DTOs
export * from './dto/pagination.dto';
export * from './dto/api-response.dto';
// Interfaces
export * from './interfaces/pagination.interface';
export * from './interfaces/api-response.interface';
// Filters
export * from './filters/http-exception.filter';
export * from './filters/all-exceptions.filter';
// Interceptors
export * from './interceptors/logging.interceptor';
export * from './interceptors/transform.interceptor';
export * from './interceptors/cache.interceptor';
// Pipes
export * from './pipes/validation.pipe';
// Utils
export * from './utils/helpers';
export * from './utils/formatters';

49
src/common/interceptors/cache.interceptor.ts Normal file
View File

@@ -0,0 +1,49 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
Inject,
} from '@nestjs/common';
import { Observable, of } from 'rxjs';
import { tap } from 'rxjs/operators';
import { CACHE_MANAGER } from '@nestjs/cache-manager';
import { Cache } from 'cache-manager';
@Injectable()
export class CustomCacheInterceptor implements NestInterceptor {
constructor(@Inject(CACHE_MANAGER) private cacheManager: Cache) {}
async intercept(
context: ExecutionContext,
next: CallHandler,
): Promise<Observable<any>> {
const request = context.switchToHttp().getRequest();
const { method, url } = request;
// Only cache GET requests
if (method !== 'GET') {
return next.handle();
}
// Generate cache key from URL and query params
const cacheKey = this.generateCacheKey(url);
// Try to get from cache
const cachedResponse = await this.cacheManager.get(cacheKey);
if (cachedResponse) {
return of(cachedResponse);
}
// If not in cache, proceed with request and cache the result
return next.handle().pipe(
tap(async (response) => {
await this.cacheManager.set(cacheKey, response);
}),
);
}
private generateCacheKey(url: string): string {
return `cache:${url}`;
}
}

44
src/common/interceptors/logging.interceptor.ts Normal file
View File

@@ -0,0 +1,44 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
Logger,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { tap } from 'rxjs/operators';
import { Request } from 'express';
@Injectable()
export class LoggingInterceptor implements NestInterceptor {
private readonly logger = new Logger(LoggingInterceptor.name);
intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
const request = context.switchToHttp().getRequest<Request>();
const { method, url, ip } = request;
const userAgent = request.get('user-agent') || '';
const now = Date.now();
this.logger.log(
`Incoming Request: ${method} ${url} - User Agent: ${userAgent} - IP: ${ip}`,
);
return next.handle().pipe(
tap({
next: () => {
const responseTime = Date.now() - now;
this.logger.log(
`Outgoing Response: ${method} ${url} - ${responseTime}ms`,
);
},
error: (error) => {
const responseTime = Date.now() - now;
this.logger.error(
`Error Response: ${method} ${url} - ${responseTime}ms`,
error.message,
);
},
}),
);
}
}

42
src/common/interceptors/transform.interceptor.ts Normal file
View File

@@ -0,0 +1,42 @@
import {
Injectable,
NestInterceptor,
ExecutionContext,
CallHandler,
} from '@nestjs/common';
import { Observable } from 'rxjs';
import { map } from 'rxjs/operators';
import { ApiResponseDto } from '../dto/api-response.dto';
export interface Response<T> {
success: boolean;
data: T;
message?: string;
}
@Injectable()
export class TransformInterceptor<T>
implements NestInterceptor<T, Response<T>>
{
intercept(
context: ExecutionContext,
next: CallHandler,
): Observable<Response<T>> {
return next.handle().pipe(
map((data) => {
// If data is already wrapped in ApiResponseDto, return as is
if (data instanceof ApiResponseDto) {
return data;
}
// If data has success property, assume it's already formatted
if (data && typeof data === 'object' && 'success' in data) {
return data;
}
// Otherwise, wrap in success response
return ApiResponseDto.success(data);
}),
);
}
}

19
src/common/interfaces/api-response.interface.ts Normal file
View File

@@ -0,0 +1,19 @@
import { PaginationMeta } from './pagination.interface';
export interface IApiResponse<T> {
success: boolean;
data?: T;
message?: string;
meta?: PaginationMeta;
}
export interface IErrorResponse {
success: false;
error: {
statusCode: number;
message: string | string[];
details?: any;
};
timestamp: string;
path: string;
}

20
src/common/interfaces/pagination.interface.ts Normal file
View File

@@ -0,0 +1,20 @@
export interface PaginationMeta {
page: number;
limit: number;
total: number;
totalPages: number;
hasPreviousPage: boolean;
hasNextPage: boolean;
}
export interface PaginationOptions {
page: number;
limit: number;
skip: number;
take: number;
}
export interface PaginatedResult<T> {
data: T[];
meta: PaginationMeta;
}

43
src/common/pipes/validation.pipe.ts Normal file
View File

@@ -0,0 +1,43 @@
import {
PipeTransform,
Injectable,
ArgumentMetadata,
BadRequestException,
} from '@nestjs/common';
import { validate } from 'class-validator';
import { plainToInstance } from 'class-transformer';
@Injectable()
export class CustomValidationPipe implements PipeTransform<any> {
async transform(value: any, { metatype }: ArgumentMetadata) {
if (!metatype || !this.toValidate(metatype)) {
return value;
}
const object = plainToInstance(metatype, value);
const errors = await validate(object, {
whitelist: true,
forbidNonWhitelisted: true,
transform: true,
});
if (errors.length > 0) {
const messages = errors.map((error) => {
return Object.values(error.constraints || {}).join(', ');
});
throw new BadRequestException({
statusCode: 400,
message: 'Validation failed',
errors: messages,
});
}
return object;
}
private toValidate(metatype: Function): boolean {
const types: Function[] = [String, Boolean, Number, Array, Object];
return !types.includes(metatype);
}
}

64
src/common/utils/formatters.ts Normal file
View File

@@ -0,0 +1,64 @@
/**
* Response formatting utilities
*/
import { ApiResponseDto, PaginationMetaDto } from '../dto/api-response.dto';
/**
* Format success response
*/
export function formatSuccessResponse<T>(
data: T,
message?: string,
): ApiResponseDto<T> {
return ApiResponseDto.success(data, message);
}
/**
* Format paginated response
*/
export function formatPaginatedResponse<T>(
data: T,
page: number,
limit: number,
total: number,
message?: string,
): ApiResponseDto<T> {
return ApiResponseDto.successWithMeta(data, page, limit, total, message);
}
/**
* Format error response message
*/
export function formatErrorMessage(error: any): string {
if (typeof error === 'string') return error;
if (error?.message) return error.message;
return 'An unexpected error occurred';
}
/**
* Format price to 2 decimal places
*/
export function formatPrice(price: number): string {
return price.toFixed(2);
}
/**
* Format date to ISO string
*/
export function formatDate(date: Date): string {
return date.toISOString();
}
/**
* Format currency
*/
export function formatCurrency(
amount: number,
currency: string = 'USD',
): string {
return new Intl.NumberFormat('en-US', {
style: 'currency',
currency,
}).format(amount);
}

70
src/common/utils/helpers.ts Normal file
View File

@@ -0,0 +1,70 @@
/**
* Utility helper functions
*/
/**
* Calculate pagination metadata
*/
export function calculatePaginationMeta(
page: number,
limit: number,
total: number,
) {
const totalPages = Math.ceil(total / limit);
return {
page,
limit,
total,
totalPages,
hasPreviousPage: page > 1,
hasNextPage: page < totalPages,
};
}
/**
* Generate a unique identifier
*/
export function generateId(): string {
return `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
}
/**
* Sleep for a given number of milliseconds
*/
export function sleep(ms: number): Promise<void> {
return new Promise((resolve) => setTimeout(resolve, ms));
}
/**
* Safely parse JSON
*/
export function safeJsonParse<T>(json: string, fallback: T): T {
try {
return JSON.parse(json);
} catch {
return fallback;
}
}
/**
* Check if value is empty
*/
export function isEmpty(value: any): boolean {
if (value === null || value === undefined) return true;
if (typeof value === 'string') return value.trim().length === 0;
if (Array.isArray(value)) return value.length === 0;
if (typeof value === 'object') return Object.keys(value).length === 0;
return false;
}
/**
* Remove undefined and null values from object
*/
export function cleanObject<T extends Record<string, any>>(obj: T): Partial<T> {
return Object.entries(obj).reduce((acc, [key, value]) => {
if (value !== undefined && value !== null) {
acc[key] = value;
}
return acc;
}, {} as any);
}

23
src/config/app.config.ts Normal file
View File

@@ -0,0 +1,23 @@
import { registerAs } from '@nestjs/config';
export default registerAs('app', () => ({
port: parseInt(process.env.PORT, 10) || 3000,
environment: process.env.NODE_ENV || 'development',
apiPrefix: process.env.API_PREFIX || 'api',
// CORS configuration
cors: {
origin: process.env.CORS_ORIGIN?.split(',') || [
'http://localhost:3000',
'capacitor://localhost',
],
credentials: true,
},
// API configuration
api: {
version: '1',
title: 'Retail POS API',
description: 'API for Retail POS Flutter application',
},
}));

28
src/config/database.config.ts Normal file
View File

@@ -0,0 +1,28 @@
import { registerAs } from '@nestjs/config';
import { TypeOrmModuleOptions } from '@nestjs/typeorm';
import { User } from '../modules/users/entities/user.entity';
import { Category } from '../modules/categories/entities/category.entity';
import { Product } from '../modules/products/entities/product.entity';
import { Transaction } from '../modules/transactions/entities/transaction.entity';
import { TransactionItem } from '../modules/transactions/entities/transaction-item.entity';
export default registerAs(
'database',
(): TypeOrmModuleOptions => ({
type: 'postgres',
host: process.env.DB_HOST || 'localhost',
port: parseInt(process.env.DB_PORT, 10) || 5432,
username: process.env.DB_USERNAME || 'postgres',
password: process.env.DB_PASSWORD || 'postgres',
database: process.env.DB_DATABASE || 'retail_pos',
entities: [User, Category, Product, Transaction, TransactionItem],
synchronize: process.env.NODE_ENV === 'development' ? false : false, // Always false for safety
logging: process.env.NODE_ENV === 'development',
migrations: ['dist/database/migrations/*.js'],
migrationsRun: false, // Run migrations manually
ssl:
process.env.NODE_ENV === 'production'
? { rejectUnauthorized: false }
: false,
}),
);

4
src/config/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export { default as appConfig } from './app.config';
export { default as databaseConfig } from './database.config';
export { default as jwtConfig } from './jwt.config';
export { default as redisConfig } from './redis.config';

13
src/config/jwt.config.ts Normal file
View File

@@ -0,0 +1,13 @@
import { registerAs } from '@nestjs/config';
export default registerAs('jwt', () => ({
secret: process.env.JWT_SECRET || 'your-super-secret-key-change-in-production',
accessTokenExpiresIn: process.env.JWT_ACCESS_EXPIRES_IN || '1d',
refreshTokenExpiresIn: process.env.JWT_REFRESH_EXPIRES_IN || '7d',
// JWT options
options: {
issuer: 'retail-pos-api',
audience: 'retail-pos-app',
},
}));

17
src/config/redis.config.ts Normal file
View File

@@ -0,0 +1,17 @@
import { registerAs } from '@nestjs/config';
export default registerAs('redis', () => ({
host: process.env.REDIS_HOST || 'localhost',
port: parseInt(process.env.REDIS_PORT, 10) || 6379,
password: process.env.REDIS_PASSWORD || undefined,
ttl: parseInt(process.env.CACHE_TTL, 10) || 300, // 5 minutes default
max: parseInt(process.env.CACHE_MAX_ITEMS, 10) || 1000,
// Cache strategy
cache: {
productListTtl: 300, // 5 minutes
singleProductTtl: 600, // 10 minutes
categoryListTtl: 900, // 15 minutes
transactionStatsTtl: 3600, // 1 hour
},
}));

31
src/database/data-source.ts Normal file
View File

@@ -0,0 +1,31 @@
import { DataSource, DataSourceOptions } from 'typeorm';
import { config } from 'dotenv';
import { User } from '../modules/users/entities/user.entity';
import { Category } from '../modules/categories/entities/category.entity';
import { Product } from '../modules/products/entities/product.entity';
import { Transaction } from '../modules/transactions/entities/transaction.entity';
import { TransactionItem } from '../modules/transactions/entities/transaction-item.entity';
// Load environment variables
config();
export const dataSourceOptions: DataSourceOptions = {
type: 'postgres',
host: process.env.DB_HOST || 'localhost',
port: parseInt(process.env.DB_PORT, 10) || 5432,
username: process.env.DB_USERNAME || 'postgres',
password: process.env.DB_PASSWORD || 'postgres',
database: process.env.DB_DATABASE || 'retail_pos',
entities: [User, Category, Product, Transaction, TransactionItem],
migrations: ['src/database/migrations/*.ts'],
synchronize: false, // Never use true in production
logging: process.env.NODE_ENV === 'development',
ssl:
process.env.NODE_ENV === 'production'
? { rejectUnauthorized: false }
: false,
};
const AppDataSource = new DataSource(dataSourceOptions);
export default AppDataSource;

76
src/database/migrations/1704470000000-CreateUsersTable.ts Normal file
View File

@@ -0,0 +1,76 @@
import { MigrationInterface, QueryRunner, Table, TableIndex } from 'typeorm';
export class CreateUsersTable1704470000000 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<void> {
await queryRunner.createTable(
new Table({
name: 'users',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'name',
type: 'varchar',
length: '255',
isNullable: false,
},
{
name: 'email',
type: 'varchar',
length: '255',
isNullable: false,
isUnique: true,
},
{
name: 'password',
type: 'varchar',
length: '255',
isNullable: false,
},
{
name: 'roles',
type: 'text',
isNullable: false,
default: "'user'",
},
{
name: 'isActive',
type: 'boolean',
default: true,
},
{
name: 'createdAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
{
name: 'updatedAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
onUpdate: 'CURRENT_TIMESTAMP',
},
],
}),
true,
);
// Create index on email
await queryRunner.createIndex(
'users',
new TableIndex({
name: 'idx_users_email',
columnNames: ['email'],
}),
);
}
public async down(queryRunner: QueryRunner): Promise<void> {
await queryRunner.dropIndex('users', 'idx_users_email');
await queryRunner.dropTable('users');
}
}

382
src/database/migrations/1736518800000-InitialSchema.ts Normal file
View File

@@ -0,0 +1,382 @@
import { MigrationInterface, QueryRunner, Table, TableIndex, TableForeignKey } from 'typeorm';
export class InitialSchema1736518800000 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<void> {
// Enable UUID extension
await queryRunner.query('CREATE EXTENSION IF NOT EXISTS "uuid-ossp"');
// Create Users table
await queryRunner.createTable(
new Table({
name: 'users',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'name',
type: 'varchar',
length: '255',
},
{
name: 'email',
type: 'varchar',
length: '255',
isUnique: true,
},
{
name: 'password',
type: 'varchar',
length: '255',
},
{
name: 'roles',
type: 'text',
default: "'user'",
},
{
name: 'isActive',
type: 'boolean',
default: true,
},
{
name: 'createdAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
{
name: 'updatedAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
],
}),
true,
);
await queryRunner.createIndex(
'users',
new TableIndex({
name: 'idx_users_email',
columnNames: ['email'],
}),
);
// Create Categories table
await queryRunner.createTable(
new Table({
name: 'categories',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'name',
type: 'varchar',
length: '255',
isUnique: true,
},
{
name: 'description',
type: 'text',
isNullable: true,
},
{
name: 'iconPath',
type: 'varchar',
length: '255',
isNullable: true,
},
{
name: 'color',
type: 'varchar',
length: '50',
isNullable: true,
},
{
name: 'productCount',
type: 'int',
default: 0,
},
{
name: 'createdAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
{
name: 'updatedAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
],
}),
true,
);
await queryRunner.createIndex(
'categories',
new TableIndex({
name: 'idx_categories_name',
columnNames: ['name'],
}),
);
// Create Products table
await queryRunner.createTable(
new Table({
name: 'products',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'name',
type: 'varchar',
length: '255',
},
{
name: 'description',
type: 'text',
isNullable: true,
},
{
name: 'price',
type: 'decimal',
precision: 10,
scale: 2,
},
{
name: 'imageUrl',
type: 'varchar',
length: '500',
isNullable: true,
},
{
name: 'categoryId',
type: 'uuid',
},
{
name: 'stockQuantity',
type: 'int',
default: 0,
},
{
name: 'isAvailable',
type: 'boolean',
default: true,
},
{
name: 'createdAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
{
name: 'updatedAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
],
}),
true,
);
await queryRunner.createIndex(
'products',
new TableIndex({
name: 'idx_products_name',
columnNames: ['name'],
}),
);
await queryRunner.createIndex(
'products',
new TableIndex({
name: 'idx_products_category',
columnNames: ['categoryId'],
}),
);
await queryRunner.createIndex(
'products',
new TableIndex({
name: 'idx_products_name_category',
columnNames: ['name', 'categoryId'],
}),
);
await queryRunner.createForeignKey(
'products',
new TableForeignKey({
columnNames: ['categoryId'],
referencedColumnNames: ['id'],
referencedTableName: 'categories',
onDelete: 'CASCADE',
}),
);
// Create Transactions table
await queryRunner.createTable(
new Table({
name: 'transactions',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'subtotal',
type: 'decimal',
precision: 10,
scale: 2,
},
{
name: 'tax',
type: 'decimal',
precision: 10,
scale: 2,
default: 0,
},
{
name: 'discount',
type: 'decimal',
precision: 10,
scale: 2,
default: 0,
},
{
name: 'total',
type: 'decimal',
precision: 10,
scale: 2,
},
{
name: 'paymentMethod',
type: 'varchar',
length: '50',
},
{
name: 'completedAt',
type: 'timestamp',
default: 'CURRENT_TIMESTAMP',
},
],
}),
true,
);
await queryRunner.createIndex(
'transactions',
new TableIndex({
name: 'idx_transactions_date',
columnNames: ['completedAt'],
}),
);
// Create Transaction Items table
await queryRunner.createTable(
new Table({
name: 'transaction_items',
columns: [
{
name: 'id',
type: 'uuid',
isPrimary: true,
generationStrategy: 'uuid',
default: 'uuid_generate_v4()',
},
{
name: 'transactionId',
type: 'uuid',
},
{
name: 'productId',
type: 'uuid',
},
{
name: 'productName',
type: 'varchar',
length: '255',
},
{
name: 'price',
type: 'decimal',
precision: 10,
scale: 2,
},
{
name: 'quantity',
type: 'int',
},
{
name: 'lineTotal',
type: 'decimal',
precision: 10,
scale: 2,
},
],
}),
true,
);
await queryRunner.createIndex(
'transaction_items',
new TableIndex({
name: 'idx_transaction_items_transaction',
columnNames: ['transactionId'],
}),
);
await queryRunner.createIndex(
'transaction_items',
new TableIndex({
name: 'idx_transaction_items_product',
columnNames: ['productId'],
}),
);
await queryRunner.createForeignKey(
'transaction_items',
new TableForeignKey({
columnNames: ['transactionId'],
referencedColumnNames: ['id'],
referencedTableName: 'transactions',
onDelete: 'CASCADE',
}),
);
await queryRunner.createForeignKey(
'transaction_items',
new TableForeignKey({
columnNames: ['productId'],
referencedColumnNames: ['id'],
referencedTableName: 'products',
onDelete: 'RESTRICT',
}),
);
}
public async down(queryRunner: QueryRunner): Promise<void> {
// Drop tables in reverse order to avoid foreign key conflicts
await queryRunner.dropTable('transaction_items', true);
await queryRunner.dropTable('transactions', true);
await queryRunner.dropTable('products', true);
await queryRunner.dropTable('categories', true);
await queryRunner.dropTable('users', true);
await queryRunner.query('DROP EXTENSION IF EXISTS "uuid-ossp"');
}
}

65
src/database/seeds/categories.seed.ts Normal file
View File

@@ -0,0 +1,65 @@
import { DataSource } from 'typeorm';
import { Category } from '../../modules/categories/entities/category.entity';
export async function seedCategories(dataSource: DataSource): Promise<void> {
const categoryRepository = dataSource.getRepository(Category);
const categories = [
{
name: 'Electronics',
description: 'Electronic devices and accessories',
iconPath: '/icons/electronics.png',
color: '#2196F3',
productCount: 0,
},
{
name: 'Clothing',
description: 'Apparel and fashion items',
iconPath: '/icons/clothing.png',
color: '#E91E63',
productCount: 0,
},
{
name: 'Food & Beverages',
description: 'Grocery items, snacks, and drinks',
iconPath: '/icons/food.png',
color: '#4CAF50',
productCount: 0,
},
{
name: 'Home & Garden',
description: 'Home improvement and garden supplies',
iconPath: '/icons/home.png',
color: '#FF9800',
productCount: 0,
},
{
name: 'Sports & Outdoors',
description: 'Sports equipment and outdoor gear',
iconPath: '/icons/sports.png',
color: '#9C27B0',
productCount: 0,
},
{
name: 'Books & Media',
description: 'Books, magazines, and media content',
iconPath: '/icons/books.png',
color: '#795548',
productCount: 0,
},
];
for (const categoryData of categories) {
const existingCategory = await categoryRepository.findOne({
where: { name: categoryData.name },
});
if (!existingCategory) {
const category = categoryRepository.create(categoryData);
await categoryRepository.save(category);
console.log(`✓ Created category: ${categoryData.name}`);
} else {
console.log(`→ Category already exists: ${categoryData.name}`);
}
}
}

190
src/database/seeds/products.seed.ts Normal file
View File

@@ -0,0 +1,190 @@
import { DataSource } from 'typeorm';
import { Product } from '../../modules/products/entities/product.entity';
import { Category } from '../../modules/categories/entities/category.entity';
export async function seedProducts(dataSource: DataSource): Promise<void> {
const productRepository = dataSource.getRepository(Product);
const categoryRepository = dataSource.getRepository(Category);
// Get categories
const electronics = await categoryRepository.findOne({
where: { name: 'Electronics' },
});
const clothing = await categoryRepository.findOne({
where: { name: 'Clothing' },
});
const food = await categoryRepository.findOne({
where: { name: 'Food & Beverages' },
});
const home = await categoryRepository.findOne({
where: { name: 'Home & Garden' },
});
const sports = await categoryRepository.findOne({
where: { name: 'Sports & Outdoors' },
});
if (!electronics || !clothing || !food || !home || !sports) {
console.error('❌ Categories not found. Please seed categories first.');
return;
}
const products = [
// Electronics
{
name: 'Wireless Mouse',
description: 'Ergonomic wireless mouse with USB receiver',
price: 29.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Wireless+Mouse',
categoryId: electronics.id,
stockQuantity: 50,
isAvailable: true,
},
{
name: 'USB-C Cable',
description: 'Fast charging USB-C cable, 6ft length',
price: 15.99,
imageUrl: 'https://via.placeholder.com/300x300?text=USB-C+Cable',
categoryId: electronics.id,
stockQuantity: 100,
isAvailable: true,
},
{
name: 'Bluetooth Speaker',
description: 'Portable Bluetooth speaker with 10-hour battery',
price: 49.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Bluetooth+Speaker',
categoryId: electronics.id,
stockQuantity: 30,
isAvailable: true,
},
// Clothing
{
name: 'Cotton T-Shirt',
description: '100% cotton crew neck t-shirt, multiple colors',
price: 19.99,
imageUrl: 'https://via.placeholder.com/300x300?text=T-Shirt',
categoryId: clothing.id,
stockQuantity: 75,
isAvailable: true,
},
{
name: 'Denim Jeans',
description: 'Classic fit denim jeans, various sizes',
price: 59.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Denim+Jeans',
categoryId: clothing.id,
stockQuantity: 40,
isAvailable: true,
},
{
name: 'Running Shoes',
description: 'Lightweight running shoes with cushioned sole',
price: 79.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Running+Shoes',
categoryId: clothing.id,
stockQuantity: 25,
isAvailable: true,
},
// Food & Beverages
{
name: 'Organic Coffee Beans',
description: 'Premium organic coffee beans, 1lb bag',
price: 14.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Coffee+Beans',
categoryId: food.id,
stockQuantity: 60,
isAvailable: true,
},
{
name: 'Dark Chocolate Bar',
description: '70% cacao dark chocolate, 100g',
price: 3.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Chocolate+Bar',
categoryId: food.id,
stockQuantity: 150,
isAvailable: true,
},
{
name: 'Green Tea Pack',
description: 'Organic green tea, 20 tea bags',
price: 8.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Green+Tea',
categoryId: food.id,
stockQuantity: 80,
isAvailable: true,
},
// Home & Garden
{
name: 'LED Light Bulbs',
description: 'Energy-efficient LED bulbs, 4-pack',
price: 24.99,
imageUrl: 'https://via.placeholder.com/300x300?text=LED+Bulbs',
categoryId: home.id,
stockQuantity: 45,
isAvailable: true,
},
{
name: 'Indoor Plant Pot',
description: 'Ceramic plant pot with drainage, 6-inch',
price: 12.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Plant+Pot',
categoryId: home.id,
stockQuantity: 35,
isAvailable: true,
},
// Sports & Outdoors
{
name: 'Yoga Mat',
description: 'Non-slip yoga mat with carrying strap',
price: 34.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Yoga+Mat',
categoryId: sports.id,
stockQuantity: 40,
isAvailable: true,
},
{
name: 'Water Bottle',
description: 'Insulated stainless steel water bottle, 32oz',
price: 22.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Water+Bottle',
categoryId: sports.id,
stockQuantity: 65,
isAvailable: true,
},
{
name: 'Resistance Bands Set',
description: 'Set of 5 resistance bands with varying strengths',
price: 18.99,
imageUrl: 'https://via.placeholder.com/300x300?text=Resistance+Bands',
categoryId: sports.id,
stockQuantity: 50,
isAvailable: true,
},
];
for (const productData of products) {
const existingProduct = await productRepository.findOne({
where: { name: productData.name, categoryId: productData.categoryId },
});
if (!existingProduct) {
const product = productRepository.create(productData);
await productRepository.save(product);
// Update category product count
await categoryRepository.increment(
{ id: productData.categoryId },
'productCount',
1,
);
console.log(`✓ Created product: ${productData.name}`);
} else {
console.log(`→ Product already exists: ${productData.name}`);
}
}
}

34
src/database/seeds/run-seeds.ts Normal file
View File

@@ -0,0 +1,34 @@
import AppDataSource from '../data-source';
import { seedCategories } from './categories.seed';
import { seedProducts } from './products.seed';
async function runSeeds() {
console.log('🌱 Starting database seeding...\n');
try {
// Initialize data source
await AppDataSource.initialize();
console.log('✓ Database connection established\n');
// Run seeds in order
console.log('📦 Seeding categories...');
await seedCategories(AppDataSource);
console.log('✓ Categories seeded successfully\n');
console.log('📦 Seeding products...');
await seedProducts(AppDataSource);
console.log('✓ Products seeded successfully\n');
console.log('🎉 Database seeding completed successfully!');
} catch (error) {
console.error('❌ Error seeding database:', error);
process.exit(1);
} finally {
// Close connection
await AppDataSource.destroy();
console.log('\n✓ Database connection closed');
}
}
// Run seeds
runSeeds();

76
src/database/seeds/users.seed.ts Normal file
View File

@@ -0,0 +1,76 @@
import { DataSource } from 'typeorm';
import * as bcrypt from 'bcrypt';
import { User, UserRole } from '../../modules/users/entities/user.entity';
export async function seedUsers(dataSource: DataSource): Promise<void> {
const userRepository = dataSource.getRepository(User);
// Check if admin already exists
const adminExists = await userRepository.findOne({
where: { email: 'admin@retailpos.com' },
});
if (!adminExists) {
console.log('Creating admin user...');
const adminPassword = await bcrypt.hash('Admin123!', 10);
const admin = userRepository.create({
name: 'Admin User',
email: 'admin@retailpos.com',
password: adminPassword,
roles: [UserRole.ADMIN],
isActive: true,
});
await userRepository.save(admin);
console.log('✓ Admin user created: admin@retailpos.com / Admin123!');
} else {
console.log('✓ Admin user already exists');
}
// Check if manager already exists
const managerExists = await userRepository.findOne({
where: { email: 'manager@retailpos.com' },
});
if (!managerExists) {
console.log('Creating manager user...');
const managerPassword = await bcrypt.hash('Manager123!', 10);
const manager = userRepository.create({
name: 'Manager User',
email: 'manager@retailpos.com',
password: managerPassword,
roles: [UserRole.MANAGER],
isActive: true,
});
await userRepository.save(manager);
console.log('✓ Manager user created: manager@retailpos.com / Manager123!');
} else {
console.log('✓ Manager user already exists');
}
// Check if cashier already exists
const cashierExists = await userRepository.findOne({
where: { email: 'cashier@retailpos.com' },
});
if (!cashierExists) {
console.log('Creating cashier user...');
const cashierPassword = await bcrypt.hash('Cashier123!', 10);
const cashier = userRepository.create({
name: 'Cashier User',
email: 'cashier@retailpos.com',
password: cashierPassword,
roles: [UserRole.CASHIER],
isActive: true,
});
await userRepository.save(cashier);
console.log('✓ Cashier user created: cashier@retailpos.com / Cashier123!');
} else {
console.log('✓ Cashier user already exists');
}
console.log('\nDefault users seeded successfully!\n');
console.log('Login credentials:');
console.log('Admin: admin@retailpos.com / Admin123!');
console.log('Manager: manager@retailpos.com / Manager123!');
console.log('Cashier: cashier@retailpos.com / Cashier123!');
}

116
src/main.ts
View File

@@ -1,8 +1,118 @@
import { NestFactory } from '@nestjs/core'; import { NestFactory, Reflector } from '@nestjs/core';
import { ValidationPipe, ClassSerializerInterceptor } from '@nestjs/common';
import { SwaggerModule, DocumentBuilder } from '@nestjs/swagger';
import { ConfigService } from '@nestjs/config';
import { AppModule } from './app.module'; import { AppModule } from './app.module';
// Common filters and interceptors
import { AllExceptionsFilter } from './common/filters/all-exceptions.filter';
import { HttpExceptionFilter } from './common/filters/http-exception.filter';
import { LoggingInterceptor } from './common/interceptors/logging.interceptor';
import { TransformInterceptor } from './common/interceptors/transform.interceptor';
async function bootstrap() { async function bootstrap() {
const app = await NestFactory.create(AppModule); const app = await NestFactory.create(AppModule);
await app.listen(process.env.PORT ?? 3000);
// Get config service
const configService = app.get(ConfigService);
// Global prefix
const apiPrefix = configService.get<string>('API_PREFIX', 'api');
app.setGlobalPrefix(apiPrefix);
// Enable CORS
app.enableCors({
origin: configService.get<string>('CORS_ORIGIN')?.split(',') || '*',
credentials: true,
methods: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
allowedHeaders: ['Content-Type', 'Authorization', 'Accept'],
});
// Global exception filters (order matters: specific to general)
app.useGlobalFilters(new HttpExceptionFilter(), new AllExceptionsFilter());
// Global interceptors
app.useGlobalInterceptors(
new LoggingInterceptor(),
new ClassSerializerInterceptor(app.get(Reflector)),
new TransformInterceptor(),
);
// Global validation pipe
app.useGlobalPipes(
new ValidationPipe({
transform: true,
whitelist: true, // Strip properties that don't have decorators
forbidNonWhitelisted: true, // Throw error if non-whitelisted values are provided
transformOptions: {
enableImplicitConversion: true, // Automatically transform primitive types
},
}),
);
// Swagger API Documentation
const swaggerConfig = new DocumentBuilder()
.setTitle('Retail POS API')
.setDescription(
'RESTful API for Retail POS Flutter Application - Product Management, Transactions, and User Authentication',
)
.setVersion('1.0')
.setContact(
'API Support',
'https://github.com/yourusername/retail-pos',
'support@retailpos.com',
)
.addServer(
`http://localhost:${configService.get<number>('PORT', 3000)}`,
'Development',
)
.addTag('Authentication', 'User authentication and authorization')
.addTag('Users', 'User management endpoints')
.addTag('Products', 'Product management endpoints')
.addTag('Categories', 'Category management endpoints')
.addTag('Transactions', 'Transaction processing endpoints')
.addTag('Sync', 'Offline sync management')
.addBearerAuth(
{
type: 'http',
scheme: 'bearer',
bearerFormat: 'JWT',
description: 'Enter JWT token',
name: 'Authorization',
in: 'header',
},
'JWT',
)
.build();
const document = SwaggerModule.createDocument(app, swaggerConfig);
SwaggerModule.setup(`${apiPrefix}/docs`, app, document, {
swaggerOptions: {
persistAuthorization: true,
tagsSorter: 'alpha',
operationsSorter: 'alpha',
},
});
// Start server
const port = configService.get<number>('PORT', 3000);
await app.listen(port);
console.log(`
🚀 Retail POS API Server is running!
📍 Application: http://localhost:${port}/${apiPrefix}
📚 Swagger Docs: http://localhost:${port}/${apiPrefix}/docs
🔐 Environment: ${configService.get<string>('NODE_ENV', 'development')}
Available endpoints:
- POST /${apiPrefix}/auth/register - Register new user
- POST /${apiPrefix}/auth/login - Login user
- GET /${apiPrefix}/auth/profile - Get current user profile
- POST /${apiPrefix}/auth/refresh - Refresh access token
- GET /${apiPrefix}/users - Get all users (Admin/Manager)
- POST /${apiPrefix}/users - Create user (Admin only)
`);
} }
bootstrap();
void bootstrap();

106
src/modules/auth/auth.controller.ts Normal file
View File

@@ -0,0 +1,106 @@
import {
Controller,
Post,
Body,
UseGuards,
Request,
Get,
HttpCode,
HttpStatus,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiBody,
} from '@nestjs/swagger';
import { AuthService } from './auth.service';
import { LocalAuthGuard } from './guards/local-auth.guard';
import { JwtAuthGuard } from './guards/jwt-auth.guard';
import { LoginDto, RegisterDto, AuthResponseDto } from './dto';
@ApiTags('Authentication')
@Controller('auth')
export class AuthController {
constructor(private readonly authService: AuthService) {}
@Post('register')
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: 'Register a new user' })
@ApiResponse({
status: 201,
description: 'User successfully registered',
type: AuthResponseDto,
})
@ApiResponse({
status: 400,
description: 'Bad request - validation failed',
})
@ApiResponse({
status: 409,
description: 'Conflict - email already registered',
})
async register(@Body() registerDto: RegisterDto): Promise<AuthResponseDto> {
return this.authService.register(registerDto);
}
@Post('login')
@UseGuards(LocalAuthGuard)
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Login user' })
@ApiBody({ type: LoginDto })
@ApiResponse({
status: 200,
description: 'User successfully logged in',
type: AuthResponseDto,
})
@ApiResponse({
status: 401,
description: 'Unauthorized - invalid credentials',
})
async login(
@Body() loginDto: LoginDto,
@Request() req,
): Promise<AuthResponseDto> {
// req.user is populated by LocalAuthGuard after successful validation
return this.authService.login(req.user);
}
@Get('profile')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@ApiOperation({ summary: 'Get current user profile' })
@ApiResponse({
status: 200,
description: 'User profile retrieved successfully',
})
@ApiResponse({
status: 401,
description: 'Unauthorized - invalid or missing token',
})
async getProfile(@Request() req) {
return {
success: true,
data: req.user,
};
}
@Post('refresh')
@UseGuards(JwtAuthGuard)
@ApiBearerAuth()
@HttpCode(HttpStatus.OK)
@ApiOperation({ summary: 'Refresh access token' })
@ApiResponse({
status: 200,
description: 'Token refreshed successfully',
type: AuthResponseDto,
})
@ApiResponse({
status: 401,
description: 'Unauthorized - invalid or missing token',
})
async refreshToken(@Request() req): Promise<AuthResponseDto> {
return this.authService.refreshToken(req.user.id);
}
}

30
src/modules/auth/auth.module.ts Normal file
View File

@@ -0,0 +1,30 @@
import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { PassportModule } from '@nestjs/passport';
import { ConfigModule, ConfigService } from '@nestjs/config';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtStrategy } from './strategies/jwt.strategy';
import { LocalStrategy } from './strategies/local.strategy';
import { UsersModule } from '../users/users.module';
@Module({
imports: [
PassportModule,
UsersModule,
JwtModule.registerAsync({
imports: [ConfigModule],
useFactory: async (configService: ConfigService) => ({
secret: configService.get<string>('JWT_SECRET'),
signOptions: {
expiresIn: configService.get<string>('JWT_EXPIRES_IN', '1d'),
},
}),
inject: [ConfigService],
}),
],
controllers: [AuthController],
providers: [AuthService, JwtStrategy, LocalStrategy],
exports: [AuthService],
})
export class AuthModule {}

138
src/modules/auth/auth.service.ts Normal file
View File

@@ -0,0 +1,138 @@
import {
Injectable,
UnauthorizedException,
BadRequestException,
ConflictException,
} from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import * as bcrypt from 'bcrypt';
import { UsersService } from '../users/users.service';
import { LoginDto, RegisterDto, AuthResponseDto } from './dto';
import { JwtPayload } from './interfaces/jwt-payload.interface';
import { UserRole } from '../users/entities/user.entity';
@Injectable()
export class AuthService {
private readonly BCRYPT_ROUNDS = 10;
constructor(
private readonly usersService: UsersService,
private readonly jwtService: JwtService,
) {}
/**
* Validate user credentials (used by LocalStrategy)
*/
async validateUser(email: string, password: string): Promise<any> {
const user = await this.usersService.findByEmail(email);
if (!user) {
throw new UnauthorizedException('Invalid credentials');
}
if (!user.isActive) {
throw new UnauthorizedException('User account is inactive');
}
const isPasswordValid = await bcrypt.compare(password, user.password);
if (!isPasswordValid) {
throw new UnauthorizedException('Invalid credentials');
}
// Return user without password
const { password: _, ...result } = user;
return result;
}
/**
* Register new user
*/
async register(registerDto: RegisterDto): Promise<AuthResponseDto> {
// Check if user already exists
const existingUser = await this.usersService.findByEmail(registerDto.email);
if (existingUser) {
throw new ConflictException('Email already registered');
}
// Hash password
const hashedPassword = await this.hashPassword(registerDto.password);
// Create user with default role if not provided
const user = await this.usersService.create({
...registerDto,
password: hashedPassword,
roles: registerDto.roles || [UserRole.USER],
});
// Generate JWT and return
return this.login(user);
}
/**
* Login user and generate JWT
*/
async login(user: any): Promise<AuthResponseDto> {
const payload: JwtPayload = {
sub: user.id,
email: user.email,
roles: user.roles || [],
};
return {
access_token: this.jwtService.sign(payload),
user: {
id: user.id,
email: user.email,
name: user.name,
roles: user.roles,
isActive: user.isActive,
createdAt: user.createdAt,
},
};
}
/**
* Validate JWT token
*/
async validateToken(token: string): Promise<any> {
try {
const payload = this.jwtService.verify(token);
return payload;
} catch (error) {
throw new UnauthorizedException('Invalid or expired token');
}
}
/**
* Refresh access token
*/
async refreshToken(userId: string): Promise<AuthResponseDto> {
const user = await this.usersService.findOne(userId);
if (!user) {
throw new UnauthorizedException('User not found');
}
if (!user.isActive) {
throw new UnauthorizedException('User account is inactive');
}
return this.login(user);
}
/**
* Hash password using bcrypt
*/
private async hashPassword(password: string): Promise<string> {
return bcrypt.hash(password, this.BCRYPT_ROUNDS);
}
/**
* Verify password hash
*/
async verifyPassword(password: string, hash: string): Promise<boolean> {
return bcrypt.compare(password, hash);
}
}

33
src/modules/auth/dto/auth-response.dto.ts Normal file
View File

@@ -0,0 +1,33 @@
import { ApiProperty } from '@nestjs/swagger';
import { UserRole } from '../../users/entities/user.entity';
export class UserResponseDto {
@ApiProperty({ example: 'uuid-v4-string' })
id: string;
@ApiProperty({ example: 'John Doe' })
name: string;
@ApiProperty({ example: 'user@retailpos.com' })
email: string;
@ApiProperty({ example: [UserRole.USER], enum: UserRole, isArray: true })
roles: UserRole[];
@ApiProperty({ example: true })
isActive: boolean;
@ApiProperty({ example: '2025-01-15T10:00:00.000Z' })
createdAt: Date;
}
export class AuthResponseDto {
@ApiProperty({
example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
description: 'JWT access token',
})
access_token: string;
@ApiProperty({ type: UserResponseDto })
user: UserResponseDto;
}

3
src/modules/auth/dto/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './login.dto';
export * from './register.dto';
export * from './auth-response.dto';

20
src/modules/auth/dto/login.dto.ts Normal file
View File

@@ -0,0 +1,20 @@
import { IsEmail, IsString, MinLength } from 'class-validator';
import { ApiProperty } from '@nestjs/swagger';
export class LoginDto {
@ApiProperty({
example: 'admin@retailpos.com',
description: 'User email address',
})
@IsEmail({}, { message: 'Please provide a valid email address' })
email: string;
@ApiProperty({
example: 'Admin123!',
description: 'User password (min 8 characters)',
minLength: 8,
})
@IsString()
@MinLength(8, { message: 'Password must be at least 8 characters long' })
password: string;
}

60
src/modules/auth/dto/register.dto.ts Normal file
View File

@@ -0,0 +1,60 @@
import {
IsEmail,
IsString,
MinLength,
MaxLength,
Matches,
IsArray,
IsEnum,
IsOptional,
} from 'class-validator';
import { ApiProperty } from '@nestjs/swagger';
import { UserRole } from '../../users/entities/user.entity';
export class RegisterDto {
@ApiProperty({
example: 'John Doe',
description: 'User full name',
maxLength: 255,
})
@IsString()
@MaxLength(255, { message: 'Name must not exceed 255 characters' })
name: string;
@ApiProperty({
example: 'user@retailpos.com',
description: 'User email address (must be unique)',
})
@IsEmail({}, { message: 'Please provide a valid email address' })
email: string;
@ApiProperty({
example: 'Password123!',
description:
'Password (min 8 chars, must contain uppercase, lowercase, and number)',
minLength: 8,
})
@IsString()
@MinLength(8, { message: 'Password must be at least 8 characters long' })
@Matches(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)/, {
message:
'Password must contain at least one uppercase letter, one lowercase letter, and one number',
})
password: string;
@ApiProperty({
example: [UserRole.USER],
description: 'User roles',
enum: UserRole,
isArray: true,
required: false,
default: [UserRole.USER],
})
@IsOptional()
@IsArray()
@IsEnum(UserRole, {
each: true,
message: 'Each role must be a valid UserRole',
})
roles?: UserRole[];
}

5
src/modules/auth/guards/jwt-auth.guard.ts Normal file
View File

@@ -0,0 +1,5 @@
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {}

5
src/modules/auth/guards/local-auth.guard.ts Normal file
View File

@@ -0,0 +1,5 @@
import { Injectable } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
@Injectable()
export class LocalAuthGuard extends AuthGuard('local') {}

7
src/modules/auth/interfaces/jwt-payload.interface.ts Normal file
View File

@@ -0,0 +1,7 @@
import { UserRole } from '../../users/entities/user.entity';
export interface JwtPayload {
sub: string; // User ID
email: string;
roles: UserRole[];
}

42
src/modules/auth/strategies/jwt.strategy.ts Normal file
View File

@@ -0,0 +1,42 @@
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';
import { ConfigService } from '@nestjs/config';
import { UsersService } from '../../users/users.service';
import { JwtPayload } from '../interfaces/jwt-payload.interface';
@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
constructor(
private readonly configService: ConfigService,
private readonly usersService: UsersService,
) {
super({
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
ignoreExpiration: false,
secretOrKey: configService.get<string>('JWT_SECRET'),
});
}
async validate(payload: JwtPayload) {
// Validate that the user still exists and is active
const user = await this.usersService.findOne(payload.sub);
if (!user) {
throw new UnauthorizedException('User not found');
}
if (!user.isActive) {
throw new UnauthorizedException('User account is inactive');
}
// Return user object that will be attached to request.user
return {
id: user.id,
email: user.email,
name: user.name,
roles: user.roles,
isActive: user.isActive,
};
}
}

24
src/modules/auth/strategies/local.strategy.ts Normal file
View File

@@ -0,0 +1,24 @@
import { Injectable, UnauthorizedException } from '@nestjs/common';
import { PassportStrategy } from '@nestjs/passport';
import { Strategy } from 'passport-local';
import { AuthService } from '../auth.service';
@Injectable()
export class LocalStrategy extends PassportStrategy(Strategy) {
constructor(private authService: AuthService) {
super({
usernameField: 'email', // Use email instead of username
passwordField: 'password',
});
}
async validate(email: string, password: string): Promise<any> {
const user = await this.authService.validateUser(email, password);
if (!user) {
throw new UnauthorizedException('Invalid credentials');
}
return user;
}
}

158
src/modules/categories/categories.controller.ts Normal file
View File

@@ -0,0 +1,158 @@
import {
Controller,
Get,
Post,
Body,
Put,
Param,
Delete,
Query,
HttpCode,
HttpStatus,
UseGuards,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
} from '@nestjs/swagger';
import { CategoriesService } from './categories.service';
import {
CreateCategoryDto,
UpdateCategoryDto,
CategoryResponseDto,
} from './dto';
import { Public } from '../../common/decorators/public.decorator';
import { Roles } from '../../common/decorators/roles.decorator';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { RolesGuard } from '../../common/guards/roles.guard';
import { UserRole } from '../users/entities/user.entity';
import { PaginationDto } from '../../common/dto/pagination.dto';
@ApiTags('categories')
@Controller('categories')
@UseGuards(JwtAuthGuard, RolesGuard)
export class CategoriesController {
constructor(private readonly categoriesService: CategoriesService) {}
@Post()
@Roles(UserRole.ADMIN, UserRole.MANAGER)
@ApiBearerAuth()
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: 'Create new category (Admin/Manager only)' })
@ApiResponse({
status: 201,
description: 'Category successfully created',
type: CategoryResponseDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({
status: 403,
description: 'Forbidden - Admin or Manager role required',
})
@ApiResponse({
status: 409,
description: 'Category name already exists',
})
async create(
@Body() createCategoryDto: CreateCategoryDto,
): Promise<CategoryResponseDto> {
return this.categoriesService.create(createCategoryDto);
}
@Get()
@Public()
@ApiOperation({ summary: 'Get all categories (Public)' })
@ApiResponse({
status: 200,
description: 'List of all categories',
type: [CategoryResponseDto],
})
async findAll(): Promise<CategoryResponseDto[]> {
return this.categoriesService.findAll();
}
@Get(':id')
@Public()
@ApiOperation({ summary: 'Get single category by ID (Public)' })
@ApiResponse({
status: 200,
description: 'Category found',
type: CategoryResponseDto,
})
@ApiResponse({ status: 404, description: 'Category not found' })
async findOne(@Param('id') id: string): Promise<CategoryResponseDto> {
return this.categoriesService.findOne(id);
}
@Get(':id/products')
@Public()
@ApiOperation({
summary: 'Get category with its products (Public)',
description: 'Returns category details along with associated products. Supports pagination.',
})
@ApiResponse({
status: 200,
description: 'Category with products',
})
@ApiResponse({ status: 404, description: 'Category not found' })
async findWithProducts(
@Param('id') id: string,
@Query() paginationDto: PaginationDto,
): Promise<any> {
return this.categoriesService.findWithProducts(id, paginationDto);
}
@Put(':id')
@Roles(UserRole.ADMIN, UserRole.MANAGER)
@ApiBearerAuth()
@ApiOperation({ summary: 'Update category (Admin/Manager only)' })
@ApiResponse({
status: 200,
description: 'Category successfully updated',
type: CategoryResponseDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({
status: 403,
description: 'Forbidden - Admin or Manager role required',
})
@ApiResponse({ status: 404, description: 'Category not found' })
@ApiResponse({
status: 409,
description: 'Category name already exists',
})
async update(
@Param('id') id: string,
@Body() updateCategoryDto: UpdateCategoryDto,
): Promise<CategoryResponseDto> {
return this.categoriesService.update(id, updateCategoryDto);
}
@Delete(':id')
@Roles(UserRole.ADMIN)
@ApiBearerAuth()
@HttpCode(HttpStatus.NO_CONTENT)
@ApiOperation({
summary: 'Delete category (Admin only)',
description: 'Delete category. Fails if category has products.',
})
@ApiResponse({
status: 204,
description: 'Category successfully deleted',
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({
status: 403,
description: 'Forbidden - Admin role required',
})
@ApiResponse({ status: 404, description: 'Category not found' })
@ApiResponse({
status: 400,
description: 'Cannot delete category with products',
})
async remove(@Param('id') id: string): Promise<void> {
return this.categoriesService.remove(id);
}
}

14
src/modules/categories/categories.module.ts Normal file
View File

@@ -0,0 +1,14 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { CategoriesService } from './categories.service';
import { CategoriesController } from './categories.controller';
import { CategoriesRepository } from './categories.repository';
import { Category } from './entities/category.entity';
@Module({
imports: [TypeOrmModule.forFeature([Category])],
controllers: [CategoriesController],
providers: [CategoriesService, CategoriesRepository],
exports: [CategoriesService],
})
export class CategoriesModule {}

63
src/modules/categories/categories.repository.ts Normal file
View File

@@ -0,0 +1,63 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository } from 'typeorm';
import { Category } from './entities/category.entity';
import { CreateCategoryDto } from './dto/create-category.dto';
import { UpdateCategoryDto } from './dto/update-category.dto';
@Injectable()
export class CategoriesRepository {
constructor(
@InjectRepository(Category)
private readonly repository: Repository<Category>,
) {}
async create(createCategoryDto: CreateCategoryDto): Promise<Category> {
const category = this.repository.create(createCategoryDto);
return this.repository.save(category);
}
async findAll(): Promise<Category[]> {
return this.repository.find({
order: { name: 'ASC' },
});
}
async findOne(id: string): Promise<Category | null> {
return this.repository.findOne({ where: { id } });
}
async findWithProducts(id: string): Promise<Category | null> {
return this.repository.findOne({
where: { id },
relations: ['products'],
});
}
async findByName(name: string): Promise<Category | null> {
return this.repository.findOne({ where: { name } });
}
async update(id: string, updateCategoryDto: UpdateCategoryDto): Promise<Category> {
await this.repository.update(id, updateCategoryDto);
return this.findOne(id);
}
async remove(id: string): Promise<void> {
await this.repository.delete(id);
}
async updateProductCount(id: string, increment: boolean): Promise<void> {
const category = await this.findOne(id);
if (category) {
const newCount = increment
? category.productCount + 1
: Math.max(0, category.productCount - 1);
await this.repository.update(id, { productCount: newCount });
}
}
async count(): Promise<number> {
return this.repository.count();
}
}

149
src/modules/categories/categories.service.ts Normal file
View File

@@ -0,0 +1,149 @@
import {
Injectable,
NotFoundException,
ConflictException,
BadRequestException,
} from '@nestjs/common';
import { CategoriesRepository } from './categories.repository';
import {
CreateCategoryDto,
UpdateCategoryDto,
CategoryResponseDto,
} from './dto';
import { plainToClass } from 'class-transformer';
import { PaginationDto } from '../../common/dto/pagination.dto';
@Injectable()
export class CategoriesService {
constructor(private readonly categoriesRepository: CategoriesRepository) {}
async create(createCategoryDto: CreateCategoryDto): Promise<CategoryResponseDto> {
// Check if category name already exists
const existingCategory = await this.categoriesRepository.findByName(
createCategoryDto.name,
);
if (existingCategory) {
throw new ConflictException(
`Category with name "${createCategoryDto.name}" already exists`,
);
}
const category = await this.categoriesRepository.create(createCategoryDto);
return plainToClass(CategoryResponseDto, category, {
excludeExtraneousValues: false,
});
}
async findAll(): Promise<CategoryResponseDto[]> {
const categories = await this.categoriesRepository.findAll();
return categories.map((category) =>
plainToClass(CategoryResponseDto, category, {
excludeExtraneousValues: false,
}),
);
}
async findOne(id: string): Promise<CategoryResponseDto> {
const category = await this.categoriesRepository.findOne(id);
if (!category) {
throw new NotFoundException(`Category with ID ${id} not found`);
}
return plainToClass(CategoryResponseDto, category, {
excludeExtraneousValues: false,
});
}
async findWithProducts(
id: string,
paginationDto?: PaginationDto,
): Promise<any> {
const category = await this.categoriesRepository.findWithProducts(id);
if (!category) {
throw new NotFoundException(`Category with ID ${id} not found`);
}
// If pagination is provided, slice the products array
if (paginationDto && category.products) {
const { skip, take } = paginationDto;
const total = category.products.length;
const products = category.products.slice(skip, skip + take);
return {
...plainToClass(CategoryResponseDto, category, {
excludeExtraneousValues: false,
}),
products,
meta: {
page: paginationDto.page,
limit: paginationDto.limit,
total,
totalPages: Math.ceil(total / paginationDto.limit),
hasPreviousPage: paginationDto.page > 1,
hasNextPage: paginationDto.page < Math.ceil(total / paginationDto.limit),
},
};
}
return plainToClass(CategoryResponseDto, category, {
excludeExtraneousValues: false,
});
}
async update(
id: string,
updateCategoryDto: UpdateCategoryDto,
): Promise<CategoryResponseDto> {
const category = await this.categoriesRepository.findOne(id);
if (!category) {
throw new NotFoundException(`Category with ID ${id} not found`);
}
// Check if name is being updated and if it already exists
if (updateCategoryDto.name && updateCategoryDto.name !== category.name) {
const existingCategory = await this.categoriesRepository.findByName(
updateCategoryDto.name,
);
if (existingCategory) {
throw new ConflictException(
`Category with name "${updateCategoryDto.name}" already exists`,
);
}
}
const updatedCategory = await this.categoriesRepository.update(
id,
updateCategoryDto,
);
return plainToClass(CategoryResponseDto, updatedCategory, {
excludeExtraneousValues: false,
});
}
async remove(id: string): Promise<void> {
const category = await this.categoriesRepository.findWithProducts(id);
if (!category) {
throw new NotFoundException(`Category with ID ${id} not found`);
}
// Check if category has products
if (category.products && category.products.length > 0) {
throw new BadRequestException(
`Cannot delete category with ${category.products.length} products. Please remove or reassign products first.`,
);
}
await this.categoriesRepository.remove(id);
}
async updateProductCount(id: string, increment: boolean): Promise<void> {
await this.categoriesRepository.updateProductCount(id, increment);
}
}

49
src/modules/categories/dto/category-response.dto.ts Normal file
View File

@@ -0,0 +1,49 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { Expose } from 'class-transformer';
export class CategoryResponseDto {
@ApiProperty({ description: 'Category ID' })
@Expose()
id: string;
@ApiProperty({ description: 'Category name', example: 'Electronics' })
@Expose()
name: string;
@ApiPropertyOptional({
description: 'Category description',
example: 'Electronic devices and accessories',
})
@Expose()
description?: string;
@ApiPropertyOptional({
description: 'Icon path or name',
example: '/icons/electronics.png',
})
@Expose()
iconPath?: string;
@ApiPropertyOptional({
description: 'Category color in hex format',
example: '#FF5722',
})
@Expose()
color?: string;
@ApiProperty({ description: 'Number of products in this category', example: 150 })
@Expose()
productCount: number;
@ApiProperty({ description: 'Category creation date' })
@Expose()
createdAt: Date;
@ApiProperty({ description: 'Category last update date' })
@Expose()
updatedAt: Date;
constructor(partial: Partial<CategoryResponseDto>) {
Object.assign(this, partial);
}
}

50
src/modules/categories/dto/create-category.dto.ts Normal file
View File

@@ -0,0 +1,50 @@
import {
IsString,
IsOptional,
MinLength,
MaxLength,
Matches,
} from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class CreateCategoryDto {
@ApiProperty({
description: 'Category name',
example: 'Electronics',
minLength: 1,
maxLength: 255,
})
@IsString()
@MinLength(1, { message: 'Category name must not be empty' })
@MaxLength(255, { message: 'Category name must not exceed 255 characters' })
name: string;
@ApiPropertyOptional({
description: 'Category description',
example: 'Electronic devices and accessories',
maxLength: 500,
})
@IsOptional()
@IsString()
@MaxLength(500, { message: 'Description must not exceed 500 characters' })
description?: string;
@ApiPropertyOptional({
description: 'Icon path or name',
example: '/icons/electronics.png',
})
@IsOptional()
@IsString()
iconPath?: string;
@ApiPropertyOptional({
description: 'Category color in hex format',
example: '#FF5722',
})
@IsOptional()
@IsString()
@Matches(/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/, {
message: 'Color must be a valid hex color (e.g., #FF5722 or #FFF)',
})
color?: string;
}

3
src/modules/categories/dto/index.ts Normal file
View File

@@ -0,0 +1,3 @@
export * from './create-category.dto';
export * from './update-category.dto';
export * from './category-response.dto';

4
src/modules/categories/dto/update-category.dto.ts Normal file
View File

@@ -0,0 +1,4 @@
import { PartialType } from '@nestjs/swagger';
import { CreateCategoryDto } from './create-category.dto';
export class UpdateCategoryDto extends PartialType(CreateCategoryDto) {}

42
src/modules/categories/entities/category.entity.ts Normal file
View File

@@ -0,0 +1,42 @@
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
OneToMany,
Index,
} from 'typeorm';
import { Product } from '../../products/entities/product.entity';
@Entity('categories')
export class Category {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ type: 'varchar', length: 255, unique: true })
@Index('idx_categories_name')
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ type: 'varchar', length: 255, nullable: true })
iconPath: string;
@Column({ type: 'varchar', length: 50, nullable: true })
color: string;
@Column({ type: 'int', default: 0 })
productCount: number;
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
// Relationships
@OneToMany(() => Product, (product) => product.category)
products: Product[];
}

82
src/modules/products/dto/create-product.dto.ts Normal file
View File

@@ -0,0 +1,82 @@
import {
IsString,
IsNumber,
IsOptional,
IsBoolean,
IsUUID,
MinLength,
MaxLength,
Min,
IsUrl,
} from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { Type } from 'class-transformer';
export class CreateProductDto {
@ApiProperty({
description: 'Product name',
example: 'Gaming Laptop',
minLength: 1,
maxLength: 255,
})
@IsString()
@MinLength(1)
@MaxLength(255)
name: string;
@ApiPropertyOptional({
description: 'Product description',
example: 'High-performance gaming laptop with RTX 4060',
maxLength: 1000,
})
@IsString()
@MaxLength(1000)
@IsOptional()
description?: string;
@ApiProperty({
description: 'Product price in USD',
example: 999.99,
minimum: 0,
})
@IsNumber({ maxDecimalPlaces: 2 })
@Min(0)
@Type(() => Number)
price: number;
@ApiPropertyOptional({
description: 'Product image URL',
example: 'https://example.com/images/laptop.jpg',
})
@IsUrl()
@IsOptional()
imageUrl?: string;
@ApiProperty({
description: 'Category ID',
example: '123e4567-e89b-12d3-a456-426614174000',
})
@IsUUID()
categoryId: string;
@ApiPropertyOptional({
description: 'Stock quantity',
example: 50,
minimum: 0,
default: 0,
})
@IsNumber()
@Min(0)
@Type(() => Number)
@IsOptional()
stockQuantity?: number = 0;
@ApiPropertyOptional({
description: 'Product availability status',
example: true,
default: true,
})
@IsBoolean()
@IsOptional()
isAvailable?: boolean = true;
}

64
src/modules/products/dto/get-products.dto.ts Normal file
View File

@@ -0,0 +1,64 @@
import {
IsOptional,
IsUUID,
IsString,
IsNumber,
IsBoolean,
Min,
} from 'class-validator';
import { ApiPropertyOptional } from '@nestjs/swagger';
import { Type, Transform } from 'class-transformer';
import { PaginationDto } from '../../../common/dto/pagination.dto';
export class GetProductsDto extends PaginationDto {
@ApiPropertyOptional({
description: 'Filter by category ID',
example: '123e4567-e89b-12d3-a456-426614174000',
})
@IsUUID()
@IsOptional()
categoryId?: string;
@ApiPropertyOptional({
description: 'Search query for product name or description',
example: 'laptop',
})
@IsString()
@IsOptional()
search?: string;
@ApiPropertyOptional({
description: 'Minimum price filter',
example: 100,
minimum: 0,
})
@IsNumber()
@Min(0)
@Type(() => Number)
@IsOptional()
minPrice?: number;
@ApiPropertyOptional({
description: 'Maximum price filter',
example: 1000,
minimum: 0,
})
@IsNumber()
@Min(0)
@Type(() => Number)
@IsOptional()
maxPrice?: number;
@ApiPropertyOptional({
description: 'Filter by availability status',
example: true,
})
@Transform(({ value }) => {
if (value === 'true') return true;
if (value === 'false') return false;
return value;
})
@IsBoolean()
@IsOptional()
isAvailable?: boolean;
}

4
src/modules/products/dto/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export * from './create-product.dto';
export * from './update-product.dto';
export * from './get-products.dto';
export * from './product-response.dto';

74
src/modules/products/dto/product-response.dto.ts Normal file
View File

@@ -0,0 +1,74 @@
import { Expose, Type } from 'class-transformer';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
export class CategoryInProductResponseDto {
@ApiProperty({ description: 'Category ID' })
@Expose()
id: string;
@ApiProperty({ description: 'Category name' })
@Expose()
name: string;
@ApiPropertyOptional({ description: 'Category description' })
@Expose()
description?: string;
@ApiPropertyOptional({ description: 'Category icon path' })
@Expose()
iconPath?: string;
@ApiPropertyOptional({ description: 'Category color' })
@Expose()
color?: string;
}
export class ProductResponseDto {
@ApiProperty({ description: 'Product ID' })
@Expose()
id: string;
@ApiProperty({ description: 'Product name' })
@Expose()
name: string;
@ApiPropertyOptional({ description: 'Product description' })
@Expose()
description?: string;
@ApiProperty({ description: 'Product price' })
@Expose()
price: number;
@ApiPropertyOptional({ description: 'Product image URL' })
@Expose()
imageUrl?: string;
@ApiProperty({ description: 'Category ID' })
@Expose()
categoryId: string;
@ApiProperty({ description: 'Stock quantity' })
@Expose()
stockQuantity: number;
@ApiProperty({ description: 'Availability status' })
@Expose()
isAvailable: boolean;
@ApiPropertyOptional({
description: 'Category details',
type: CategoryInProductResponseDto,
})
@Expose()
@Type(() => CategoryInProductResponseDto)
category?: CategoryInProductResponseDto;
@ApiProperty({ description: 'Creation timestamp' })
@Expose()
createdAt: Date;
@ApiProperty({ description: 'Last update timestamp' })
@Expose()
updatedAt: Date;
}

4
src/modules/products/dto/update-product.dto.ts Normal file
View File

@@ -0,0 +1,4 @@
import { PartialType } from '@nestjs/swagger';
import { CreateProductDto } from './create-product.dto';
export class UpdateProductDto extends PartialType(CreateProductDto) {}

59
src/modules/products/entities/product.entity.ts Normal file
View File

@@ -0,0 +1,59 @@
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
UpdateDateColumn,
ManyToOne,
OneToMany,
JoinColumn,
Index,
} from 'typeorm';
import { Category } from '../../categories/entities/category.entity';
import { TransactionItem } from '../../transactions/entities/transaction-item.entity';
@Entity('products')
@Index(['name', 'categoryId'], { name: 'idx_products_name_category' })
export class Product {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ type: 'varchar', length: 255 })
@Index('idx_products_name')
name: string;
@Column({ type: 'text', nullable: true })
description: string;
@Column({ type: 'decimal', precision: 10, scale: 2 })
price: number;
@Column({ type: 'varchar', length: 500, nullable: true })
imageUrl: string;
@Column({ type: 'uuid' })
@Index('idx_products_category')
categoryId: string;
@Column({ type: 'int', default: 0 })
stockQuantity: number;
@Column({ type: 'boolean', default: true })
isAvailable: boolean;
@CreateDateColumn()
createdAt: Date;
@UpdateDateColumn()
updatedAt: Date;
// Relationships
@ManyToOne(() => Category, (category) => category.products, {
onDelete: 'CASCADE',
})
@JoinColumn({ name: 'categoryId' })
category: Category;
@OneToMany(() => TransactionItem, (item) => item.product)
transactionItems: TransactionItem[];
}

259
src/modules/products/products.controller.ts Normal file
View File

@@ -0,0 +1,259 @@
import {
Controller,
Get,
Post,
Put,
Delete,
Body,
Param,
Query,
HttpCode,
HttpStatus,
ParseUUIDPipe,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiParam,
} from '@nestjs/swagger';
import { ProductsService } from './products.service';
import { CreateProductDto } from './dto/create-product.dto';
import { UpdateProductDto } from './dto/update-product.dto';
import { GetProductsDto } from './dto/get-products.dto';
import { ProductResponseDto } from './dto/product-response.dto';
import { ApiResponseDto } from '../../common/dto/api-response.dto';
import { Public } from '../../common/decorators/public.decorator';
import { Roles } from '../../common/decorators/roles.decorator';
import { UserRole } from '../users/entities/user.entity';
import { plainToInstance } from 'class-transformer';
@ApiTags('products')
@Controller('products')
export class ProductsController {
constructor(private readonly productsService: ProductsService) {}
@Get()
@Public()
@ApiOperation({ summary: 'Get all products with pagination and filters' })
@ApiResponse({
status: 200,
description: 'Products retrieved successfully',
type: ApiResponseDto<ProductResponseDto[]>,
})
@ApiResponse({ status: 500, description: 'Internal server error' })
async findAll(@Query() query: GetProductsDto) {
const [products, total] = await this.productsService.findAll(query);
const responseData = plainToInstance(ProductResponseDto, products, {
excludeExtraneousValues: true,
});
return ApiResponseDto.successWithMeta(
responseData,
query.page || 1,
query.limit || 20,
total,
'Products retrieved successfully',
);
}
@Get('search')
@Public()
@ApiOperation({ summary: 'Search products by name or description' })
@ApiResponse({
status: 200,
description: 'Products found',
type: ApiResponseDto<ProductResponseDto[]>,
})
@ApiResponse({ status: 400, description: 'Invalid search query' })
@ApiResponse({ status: 500, description: 'Internal server error' })
async search(
@Query('q') searchQuery: string,
@Query('page') page?: number,
@Query('limit') limit?: number,
) {
const pageNum = page || 1;
const limitNum = limit || 20;
const [products, total] = await this.productsService.search(
searchQuery,
pageNum,
limitNum,
);
const responseData = plainToInstance(ProductResponseDto, products, {
excludeExtraneousValues: true,
});
return ApiResponseDto.successWithMeta(
responseData,
pageNum,
limitNum,
total,
'Products found',
);
}
@Get('category/:categoryId')
@Public()
@ApiOperation({ summary: 'Get products by category' })
@ApiParam({
name: 'categoryId',
description: 'Category UUID',
type: String,
})
@ApiResponse({
status: 200,
description: 'Products retrieved successfully',
type: ApiResponseDto<ProductResponseDto[]>,
})
@ApiResponse({ status: 404, description: 'Category not found' })
@ApiResponse({ status: 500, description: 'Internal server error' })
async findByCategory(
@Param('categoryId', ParseUUIDPipe) categoryId: string,
@Query('page') page?: number,
@Query('limit') limit?: number,
) {
const pageNum = page || 1;
const limitNum = limit || 20;
const [products, total] = await this.productsService.findByCategory(
categoryId,
pageNum,
limitNum,
);
const responseData = plainToInstance(ProductResponseDto, products, {
excludeExtraneousValues: true,
});
return ApiResponseDto.successWithMeta(
responseData,
pageNum,
limitNum,
total,
'Products retrieved successfully',
);
}
@Get(':id')
@Public()
@ApiOperation({ summary: 'Get single product by ID' })
@ApiParam({
name: 'id',
description: 'Product UUID',
type: String,
})
@ApiResponse({
status: 200,
description: 'Product found',
type: ApiResponseDto<ProductResponseDto>,
})
@ApiResponse({ status: 404, description: 'Product not found' })
@ApiResponse({ status: 500, description: 'Internal server error' })
async findOne(@Param('id', ParseUUIDPipe) id: string) {
const product = await this.productsService.findOne(id);
const responseData = plainToInstance(ProductResponseDto, product, {
excludeExtraneousValues: true,
});
return ApiResponseDto.success(responseData, 'Product found');
}
@Post()
@Roles(UserRole.ADMIN, UserRole.MANAGER)
@ApiBearerAuth()
@ApiOperation({
summary: 'Create new product (Admin/Manager only)',
description: 'Creates a new product and updates category product count',
})
@ApiResponse({
status: 201,
description: 'Product created successfully',
type: ApiResponseDto<ProductResponseDto>,
})
@ApiResponse({ status: 400, description: 'Invalid input data' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - insufficient role' })
@ApiResponse({ status: 404, description: 'Category not found' })
@ApiResponse({ status: 500, description: 'Internal server error' })
@HttpCode(HttpStatus.CREATED)
async create(@Body() createProductDto: CreateProductDto) {
const product = await this.productsService.create(createProductDto);
const responseData = plainToInstance(ProductResponseDto, product, {
excludeExtraneousValues: true,
});
return ApiResponseDto.success(responseData, 'Product created successfully');
}
@Put(':id')
@Roles(UserRole.ADMIN, UserRole.MANAGER)
@ApiBearerAuth()
@ApiOperation({
summary: 'Update product (Admin/Manager only)',
description:
'Updates product details and handles category count if category changes',
})
@ApiParam({
name: 'id',
description: 'Product UUID',
type: String,
})
@ApiResponse({
status: 200,
description: 'Product updated successfully',
type: ApiResponseDto<ProductResponseDto>,
})
@ApiResponse({ status: 400, description: 'Invalid input data' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - insufficient role' })
@ApiResponse({ status: 404, description: 'Product or category not found' })
@ApiResponse({ status: 500, description: 'Internal server error' })
async update(
@Param('id', ParseUUIDPipe) id: string,
@Body() updateProductDto: UpdateProductDto,
) {
const product = await this.productsService.update(id, updateProductDto);
const responseData = plainToInstance(ProductResponseDto, product, {
excludeExtraneousValues: true,
});
return ApiResponseDto.success(responseData, 'Product updated successfully');
}
@Delete(':id')
@Roles(UserRole.ADMIN)
@ApiBearerAuth()
@ApiOperation({
summary: 'Delete product (Admin only)',
description:
'Deletes product if not used in transactions, updates category count',
})
@ApiParam({
name: 'id',
description: 'Product UUID',
type: String,
})
@ApiResponse({
status: 204,
description: 'Product deleted successfully',
})
@ApiResponse({
status: 400,
description: 'Cannot delete product used in transactions',
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Admin only' })
@ApiResponse({ status: 404, description: 'Product not found' })
@ApiResponse({ status: 500, description: 'Internal server error' })
@HttpCode(HttpStatus.NO_CONTENT)
async remove(@Param('id', ParseUUIDPipe) id: string) {
await this.productsService.remove(id);
}
}

17
src/modules/products/products.module.ts Normal file
View File

@@ -0,0 +1,17 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { ProductsController } from './products.controller';
import { ProductsService } from './products.service';
import { ProductsRepository } from './products.repository';
import { Product } from './entities/product.entity';
import { Category } from '../categories/entities/category.entity';
@Module({
imports: [
TypeOrmModule.forFeature([Product, Category]),
],
controllers: [ProductsController],
providers: [ProductsService, ProductsRepository],
exports: [ProductsService, ProductsRepository],
})
export class ProductsModule {}

147
src/modules/products/products.repository.ts Normal file
View File

@@ -0,0 +1,147 @@
import { Injectable } from '@nestjs/common';
import { DataSource, Repository, SelectQueryBuilder } from 'typeorm';
import { Product } from './entities/product.entity';
import { GetProductsDto } from './dto/get-products.dto';
@Injectable()
export class ProductsRepository extends Repository<Product> {
constructor(private dataSource: DataSource) {
super(Product, dataSource.createEntityManager());
}
/**
* Create query builder with filters applied
*/
createFilteredQuery(filters: GetProductsDto): SelectQueryBuilder<Product> {
const query = this.createQueryBuilder('product').leftJoinAndSelect(
'product.category',
'category',
);
// Filter by category
if (filters.categoryId) {
query.andWhere('product.categoryId = :categoryId', {
categoryId: filters.categoryId,
});
}
// Search by name or description
if (filters.search) {
query.andWhere(
'(LOWER(product.name) LIKE LOWER(:search) OR LOWER(product.description) LIKE LOWER(:search))',
{ search: `%${filters.search}%` },
);
}
// Filter by price range
if (filters.minPrice !== undefined) {
query.andWhere('product.price >= :minPrice', {
minPrice: filters.minPrice,
});
}
if (filters.maxPrice !== undefined) {
query.andWhere('product.price <= :maxPrice', {
maxPrice: filters.maxPrice,
});
}
// Filter by availability
if (filters.isAvailable !== undefined) {
query.andWhere('product.isAvailable = :isAvailable', {
isAvailable: filters.isAvailable,
});
}
return query;
}
/**
* Find products with pagination and filters
*/
async findWithFilters(
filters: GetProductsDto,
): Promise<[Product[], number]> {
const query = this.createFilteredQuery(filters);
// Apply pagination
query.skip(filters.skip).take(filters.take);
// Default sorting by name
query.orderBy('product.name', 'ASC');
return query.getManyAndCount();
}
/**
* Find one product by ID with category relation
*/
async findOneWithCategory(id: string): Promise<Product | null> {
return this.createQueryBuilder('product')
.leftJoinAndSelect('product.category', 'category')
.where('product.id = :id', { id })
.getOne();
}
/**
* Find products by category with pagination
*/
async findByCategory(
categoryId: string,
page: number = 1,
limit: number = 20,
): Promise<[Product[], number]> {
const skip = (page - 1) * limit;
return this.createQueryBuilder('product')
.leftJoinAndSelect('product.category', 'category')
.where('product.categoryId = :categoryId', { categoryId })
.orderBy('product.name', 'ASC')
.skip(skip)
.take(limit)
.getManyAndCount();
}
/**
* Search products by name or description
*/
async searchProducts(
searchQuery: string,
page: number = 1,
limit: number = 20,
): Promise<[Product[], number]> {
const skip = (page - 1) * limit;
return this.createQueryBuilder('product')
.leftJoinAndSelect('product.category', 'category')
.where(
'LOWER(product.name) LIKE LOWER(:search) OR LOWER(product.description) LIKE LOWER(:search)',
{ search: `%${searchQuery}%` },
)
.orderBy('product.name', 'ASC')
.skip(skip)
.take(limit)
.getManyAndCount();
}
/**
* Update stock quantity
*/
async updateStock(id: string, quantity: number): Promise<void> {
await this.update(id, { stockQuantity: quantity });
}
/**
* Increment stock quantity
*/
async incrementStock(id: string, amount: number): Promise<void> {
await this.increment({ id }, 'stockQuantity', amount);
}
/**
* Decrement stock quantity
*/
async decrementStock(id: string, amount: number): Promise<void> {
await this.decrement({ id }, 'stockQuantity', amount);
}
}

305
src/modules/products/products.service.ts Normal file
View File

@@ -0,0 +1,305 @@
import {
Injectable,
NotFoundException,
BadRequestException,
InternalServerErrorException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { DataSource } from 'typeorm';
import { ProductsRepository } from './products.repository';
import { CreateProductDto } from './dto/create-product.dto';
import { UpdateProductDto } from './dto/update-product.dto';
import { GetProductsDto } from './dto/get-products.dto';
import { Product } from './entities/product.entity';
import { Category } from '../categories/entities/category.entity';
@Injectable()
export class ProductsService {
constructor(
@InjectRepository(ProductsRepository)
private readonly productsRepository: ProductsRepository,
private readonly dataSource: DataSource,
) {}
/**
* Find all products with pagination and filters
*/
async findAll(filters: GetProductsDto): Promise<[Product[], number]> {
try {
return await this.productsRepository.findWithFilters(filters);
} catch (error) {
throw new InternalServerErrorException(
'Failed to fetch products',
error.message,
);
}
}
/**
* Find one product by ID
*/
async findOne(id: string): Promise<Product> {
const product = await this.productsRepository.findOneWithCategory(id);
if (!product) {
throw new NotFoundException(`Product with ID ${id} not found`);
}
return product;
}
/**
* Find products by category
*/
async findByCategory(
categoryId: string,
page: number = 1,
limit: number = 20,
): Promise<[Product[], number]> {
try {
// Verify category exists
const categoryRepo = this.dataSource.getRepository(Category);
const category = await categoryRepo.findOne({
where: { id: categoryId },
});
if (!category) {
throw new NotFoundException(
`Category with ID ${categoryId} not found`,
);
}
return await this.productsRepository.findByCategory(
categoryId,
page,
limit,
);
} catch (error) {
if (error instanceof NotFoundException) {
throw error;
}
throw new InternalServerErrorException(
'Failed to fetch products by category',
error.message,
);
}
}
/**
* Search products
*/
async search(
query: string,
page: number = 1,
limit: number = 20,
): Promise<[Product[], number]> {
if (!query || query.trim().length === 0) {
throw new BadRequestException('Search query cannot be empty');
}
try {
return await this.productsRepository.searchProducts(query, page, limit);
} catch (error) {
throw new InternalServerErrorException(
'Failed to search products',
error.message,
);
}
}
/**
* Create a new product
*/
async create(createProductDto: CreateProductDto): Promise<Product> {
const queryRunner = this.dataSource.createQueryRunner();
await queryRunner.connect();
await queryRunner.startTransaction();
try {
// Verify category exists
const categoryRepo = queryRunner.manager.getRepository(Category);
const category = await categoryRepo.findOne({
where: { id: createProductDto.categoryId },
});
if (!category) {
throw new NotFoundException(
`Category with ID ${createProductDto.categoryId} not found`,
);
}
// Create product
const product = queryRunner.manager.create(Product, createProductDto);
const savedProduct = await queryRunner.manager.save(Product, product);
// Increment category product count
await categoryRepo.increment({ id: category.id }, 'productCount', 1);
await queryRunner.commitTransaction();
// Fetch the complete product with category
return await this.findOne(savedProduct.id);
} catch (error) {
await queryRunner.rollbackTransaction();
if (error instanceof NotFoundException) {
throw error;
}
throw new InternalServerErrorException(
'Failed to create product',
error.message,
);
} finally {
await queryRunner.release();
}
}
/**
* Update a product
*/
async update(
id: string,
updateProductDto: UpdateProductDto,
): Promise<Product> {
const queryRunner = this.dataSource.createQueryRunner();
await queryRunner.connect();
await queryRunner.startTransaction();
try {
// Find existing product
const existingProduct = await queryRunner.manager.findOne(Product, {
where: { id },
});
if (!existingProduct) {
throw new NotFoundException(`Product with ID ${id} not found`);
}
const categoryRepo = queryRunner.manager.getRepository(Category);
// If category is being changed, update both category counts
if (
updateProductDto.categoryId &&
updateProductDto.categoryId !== existingProduct.categoryId
) {
const newCategory = await categoryRepo.findOne({
where: { id: updateProductDto.categoryId },
});
if (!newCategory) {
throw new NotFoundException(
`Category with ID ${updateProductDto.categoryId} not found`,
);
}
// Decrement old category count
await categoryRepo.decrement(
{ id: existingProduct.categoryId },
'productCount',
1,
);
// Increment new category count
await categoryRepo.increment(
{ id: updateProductDto.categoryId },
'productCount',
1,
);
}
// Update product
await queryRunner.manager.update(Product, id, updateProductDto);
await queryRunner.commitTransaction();
// Fetch the updated product with category
return await this.findOne(id);
} catch (error) {
await queryRunner.rollbackTransaction();
if (error instanceof NotFoundException) {
throw error;
}
throw new InternalServerErrorException(
'Failed to update product',
error.message,
);
} finally {
await queryRunner.release();
}
}
/**
* Delete a product
*/
async remove(id: string): Promise<void> {
const queryRunner = this.dataSource.createQueryRunner();
await queryRunner.connect();
await queryRunner.startTransaction();
try {
// Find product with transaction items
const product = await queryRunner.manager.findOne(Product, {
where: { id },
relations: ['transactionItems'],
});
if (!product) {
throw new NotFoundException(`Product with ID ${id} not found`);
}
// Check if product is used in any transactions
if (product.transactionItems && product.transactionItems.length > 0) {
throw new BadRequestException(
'Cannot delete product that has been used in transactions. Consider marking it as unavailable instead.',
);
}
// Decrement category product count
const categoryRepo = queryRunner.manager.getRepository(Category);
await categoryRepo.decrement(
{ id: product.categoryId },
'productCount',
1,
);
// Delete product
await queryRunner.manager.delete(Product, id);
await queryRunner.commitTransaction();
} catch (error) {
await queryRunner.rollbackTransaction();
if (
error instanceof NotFoundException ||
error instanceof BadRequestException
) {
throw error;
}
throw new InternalServerErrorException(
'Failed to delete product',
error.message,
);
} finally {
await queryRunner.release();
}
}
/**
* Update stock quantity
*/
async updateStock(id: string, quantity: number): Promise<Product> {
if (quantity < 0) {
throw new BadRequestException('Stock quantity cannot be negative');
}
const product = await this.findOne(id);
await this.productsRepository.updateStock(id, quantity);
return await this.findOne(id);
}
}

2
src/modules/sync/dto/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from './sync-request.dto';
export * from './sync-response.dto';

24
src/modules/sync/dto/sync-request.dto.ts Normal file
View File

@@ -0,0 +1,24 @@
import { IsOptional, IsDateString, IsArray, IsString } from 'class-validator';
import { ApiPropertyOptional } from '@nestjs/swagger';
import { Type } from 'class-transformer';
export class SyncRequestDto {
@ApiPropertyOptional({
description: 'Last sync timestamp (ISO 8601). Returns only changes since this time.',
example: '2025-01-15T10:30:00.000Z',
})
@IsOptional()
@IsDateString({}, { message: 'Last sync timestamp must be a valid ISO 8601 date' })
lastSyncTimestamp?: string;
@ApiPropertyOptional({
description: 'Specific entities to sync. If not provided, syncs all entities.',
example: ['products', 'categories'],
isArray: true,
type: String,
})
@IsOptional()
@IsArray({ message: 'Entities must be an array' })
@IsString({ each: true, message: 'Each entity must be a string' })
entities?: string[];
}

142
src/modules/sync/dto/sync-response.dto.ts Normal file
View File

@@ -0,0 +1,142 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { Exclude, Expose } from 'class-transformer';
@Exclude()
export class SyncProductDto {
@Expose()
@ApiProperty()
id: string;
@Expose()
@ApiProperty()
name: string;
@Expose()
@ApiProperty()
description: string;
@Expose()
@ApiProperty()
price: number;
@Expose()
@ApiProperty()
imageUrl: string;
@Expose()
@ApiProperty()
categoryId: string;
@Expose()
@ApiProperty()
stockQuantity: number;
@Expose()
@ApiProperty()
isAvailable: boolean;
@Expose()
@ApiProperty()
createdAt: Date;
@Expose()
@ApiProperty()
updatedAt: Date;
}
@Exclude()
export class SyncCategoryDto {
@Expose()
@ApiProperty()
id: string;
@Expose()
@ApiProperty()
name: string;
@Expose()
@ApiProperty()
description: string;
@Expose()
@ApiProperty()
iconPath: string;
@Expose()
@ApiProperty()
color: string;
@Expose()
@ApiProperty()
productCount: number;
@Expose()
@ApiProperty()
createdAt: Date;
@Expose()
@ApiProperty()
updatedAt: Date;
}
@Exclude()
export class SyncResponseDto {
@Expose()
@ApiProperty({
description: 'Products that were created or updated since last sync',
type: [SyncProductDto],
})
products: SyncProductDto[];
@Expose()
@ApiProperty({
description: 'Categories that were created or updated since last sync',
type: [SyncCategoryDto],
})
categories: SyncCategoryDto[];
@Expose()
@ApiProperty({
description: 'Current server timestamp for next sync',
})
syncTimestamp: Date;
@Expose()
@ApiProperty({
description: 'Indicates if there are more changes to sync',
})
hasMore: boolean;
}
@Exclude()
export class SyncStatusDto {
@Expose()
@ApiProperty({
description: 'Total products in database',
})
totalProducts: number;
@Expose()
@ApiProperty({
description: 'Total categories in database',
})
totalCategories: number;
@Expose()
@ApiProperty({
description: 'Last product update timestamp',
})
lastProductUpdate: Date | null;
@Expose()
@ApiProperty({
description: 'Last category update timestamp',
})
lastCategoryUpdate: Date | null;
@Expose()
@ApiProperty({
description: 'Current server timestamp',
})
serverTimestamp: Date;
}

129
src/modules/sync/sync.controller.ts Normal file
View File

@@ -0,0 +1,129 @@
import {
Controller,
Get,
Post,
Body,
HttpCode,
HttpStatus,
UseGuards,
Query,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiQuery,
} from '@nestjs/swagger';
import { SyncService } from './sync.service';
import { SyncRequestDto } from './dto/sync-request.dto';
import {
SyncResponseDto,
SyncProductDto,
SyncCategoryDto,
SyncStatusDto,
} from './dto/sync-response.dto';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { RolesGuard } from '../../common/guards/roles.guard';
import { Roles } from '../../common/decorators/roles.decorator';
import { UserRole } from '../users/entities/user.entity';
@ApiTags('sync')
@Controller('sync')
@UseGuards(JwtAuthGuard, RolesGuard)
@ApiBearerAuth()
export class SyncController {
constructor(private readonly syncService: SyncService) {}
@Post()
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Sync all data or specific entities',
description:
'Returns products and categories that have been created or updated since the last sync timestamp. ' +
'If no timestamp is provided, returns all data. Supports incremental sync.',
})
@ApiResponse({
status: 200,
description: 'Sync data retrieved successfully',
type: SyncResponseDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async syncAll(@Body() syncRequestDto: SyncRequestDto) {
return this.syncService.syncAll(syncRequestDto);
}
@Post('products')
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Sync products only',
description:
'Returns products that have been created or updated since the last sync timestamp.',
})
@ApiQuery({
name: 'lastSyncTimestamp',
required: false,
description: 'Last sync timestamp (ISO 8601)',
example: '2025-01-15T10:30:00.000Z',
})
@ApiResponse({
status: 200,
description: 'Products synced successfully',
type: [SyncProductDto],
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async syncProducts(
@Query('lastSyncTimestamp') lastSyncTimestamp?: string,
): Promise<SyncProductDto[]> {
return this.syncService.syncProducts(lastSyncTimestamp);
}
@Post('categories')
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@HttpCode(HttpStatus.OK)
@ApiOperation({
summary: 'Sync categories only',
description:
'Returns categories that have been created or updated since the last sync timestamp.',
})
@ApiQuery({
name: 'lastSyncTimestamp',
required: false,
description: 'Last sync timestamp (ISO 8601)',
example: '2025-01-15T10:30:00.000Z',
})
@ApiResponse({
status: 200,
description: 'Categories synced successfully',
type: [SyncCategoryDto],
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async syncCategories(
@Query('lastSyncTimestamp') lastSyncTimestamp?: string,
): Promise<SyncCategoryDto[]> {
return this.syncService.syncCategories(lastSyncTimestamp);
}
@Get('status')
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@ApiOperation({
summary: 'Get last sync status',
description:
'Returns information about total entities, last update timestamps, and current server time.',
})
@ApiResponse({
status: 200,
description: 'Sync status retrieved successfully',
type: SyncStatusDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async getStatus(): Promise<SyncStatusDto> {
return this.syncService.getStatus();
}
}

14
src/modules/sync/sync.module.ts Normal file
View File

@@ -0,0 +1,14 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { SyncController } from './sync.controller';
import { SyncService } from './sync.service';
import { Product } from '../products/entities/product.entity';
import { Category } from '../categories/entities/category.entity';
@Module({
imports: [TypeOrmModule.forFeature([Product, Category])],
controllers: [SyncController],
providers: [SyncService],
exports: [SyncService],
})
export class SyncModule {}

169
src/modules/sync/sync.service.ts Normal file
View File

@@ -0,0 +1,169 @@
import { Injectable } from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { Repository, MoreThanOrEqual } from 'typeorm';
import { Product } from '../products/entities/product.entity';
import { Category } from '../categories/entities/category.entity';
import { SyncRequestDto } from './dto/sync-request.dto';
import {
SyncResponseDto,
SyncProductDto,
SyncCategoryDto,
SyncStatusDto,
} from './dto/sync-response.dto';
import { plainToInstance } from 'class-transformer';
// Maximum number of records to return in a single sync request
const MAX_SYNC_RECORDS = 500;
@Injectable()
export class SyncService {
constructor(
@InjectRepository(Product)
private readonly productsRepository: Repository<Product>,
@InjectRepository(Category)
private readonly categoriesRepository: Repository<Category>,
) {}
async syncAll(syncRequestDto: SyncRequestDto): Promise<SyncResponseDto> {
const { lastSyncTimestamp, entities } = syncRequestDto;
const shouldSyncAll = !entities || entities.length === 0;
const shouldSyncProducts =
shouldSyncAll || entities.includes('products');
const shouldSyncCategories =
shouldSyncAll || entities.includes('categories');
const lastSync = lastSyncTimestamp
? new Date(lastSyncTimestamp)
: undefined;
let products: Product[] = [];
let categories: Category[] = [];
let hasMore = false;
// Sync products if requested
if (shouldSyncProducts) {
products = await this.getChangesSince(
this.productsRepository,
lastSync,
MAX_SYNC_RECORDS,
);
// Check if there are more products to sync
if (products.length >= MAX_SYNC_RECORDS) {
hasMore = true;
}
}
// Sync categories if requested
if (shouldSyncCategories) {
categories = await this.getChangesSince(
this.categoriesRepository,
lastSync,
MAX_SYNC_RECORDS,
);
// Check if there are more categories to sync
if (categories.length >= MAX_SYNC_RECORDS) {
hasMore = true;
}
}
const response = {
products: plainToInstance(SyncProductDto, products, {
excludeExtraneousValues: true,
}),
categories: plainToInstance(SyncCategoryDto, categories, {
excludeExtraneousValues: true,
}),
syncTimestamp: new Date(),
hasMore,
};
return plainToInstance(SyncResponseDto, response, {
excludeExtraneousValues: true,
});
}
async syncProducts(lastSyncTimestamp?: string): Promise<SyncProductDto[]> {
const lastSync = lastSyncTimestamp
? new Date(lastSyncTimestamp)
: undefined;
const products = await this.getChangesSince(
this.productsRepository,
lastSync,
MAX_SYNC_RECORDS,
);
return plainToInstance(SyncProductDto, products, {
excludeExtraneousValues: true,
});
}
async syncCategories(lastSyncTimestamp?: string): Promise<SyncCategoryDto[]> {
const lastSync = lastSyncTimestamp
? new Date(lastSyncTimestamp)
: undefined;
const categories = await this.getChangesSince(
this.categoriesRepository,
lastSync,
MAX_SYNC_RECORDS,
);
return plainToInstance(SyncCategoryDto, categories, {
excludeExtraneousValues: true,
});
}
async getStatus(): Promise<SyncStatusDto> {
// Get total counts
const totalProducts = await this.productsRepository.count();
const totalCategories = await this.categoriesRepository.count();
// Get last update timestamps
const lastProduct = await this.productsRepository.findOne({
order: { updatedAt: 'DESC' },
select: ['updatedAt'],
});
const lastCategory = await this.categoriesRepository.findOne({
order: { updatedAt: 'DESC' },
select: ['updatedAt'],
});
const status = {
totalProducts,
totalCategories,
lastProductUpdate: lastProduct?.updatedAt || null,
lastCategoryUpdate: lastCategory?.updatedAt || null,
serverTimestamp: new Date(),
};
return plainToInstance(SyncStatusDto, status, {
excludeExtraneousValues: true,
});
}
/**
* Get entities that have been created or updated since a given timestamp
*/
private async getChangesSince<T extends { updatedAt: Date }>(
repository: Repository<T>,
lastSync?: Date,
limit: number = MAX_SYNC_RECORDS,
): Promise<T[]> {
const queryBuilder = repository.createQueryBuilder('entity');
if (lastSync) {
// Return only entities updated after the last sync
queryBuilder.where('entity.updatedAt > :lastSync', { lastSync });
}
queryBuilder
.orderBy('entity.updatedAt', 'ASC')
.take(limit);
return queryBuilder.getMany();
}
}

22
src/modules/transactions/dto/create-transaction-item.dto.ts Normal file
View File

@@ -0,0 +1,22 @@
import { IsUUID, IsInt, Min } from 'class-validator';
import { ApiProperty } from '@nestjs/swagger';
import { Type } from 'class-transformer';
export class CreateTransactionItemDto {
@ApiProperty({
description: 'Product UUID',
example: '123e4567-e89b-12d3-a456-426614174000',
})
@IsUUID('4', { message: 'Product ID must be a valid UUID' })
productId: string;
@ApiProperty({
description: 'Quantity of the product',
example: 2,
minimum: 1,
})
@IsInt({ message: 'Quantity must be an integer' })
@Min(1, { message: 'Quantity must be at least 1' })
@Type(() => Number)
quantity: number;
}

54
src/modules/transactions/dto/create-transaction.dto.ts Normal file
View File

@@ -0,0 +1,54 @@
import {
IsArray,
IsEnum,
IsNumber,
IsOptional,
Min,
ArrayMinSize,
ValidateNested,
} from 'class-validator';
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { Type } from 'class-transformer';
import { CreateTransactionItemDto } from './create-transaction-item.dto';
export enum PaymentMethod {
CASH = 'cash',
CARD = 'card',
MOBILE = 'mobile',
}
export class CreateTransactionDto {
@ApiProperty({
description: 'Array of transaction items',
type: [CreateTransactionItemDto],
minItems: 1,
})
@IsArray({ message: 'Items must be an array' })
@ArrayMinSize(1, { message: 'At least one item is required' })
@ValidateNested({ each: true })
@Type(() => CreateTransactionItemDto)
items: CreateTransactionItemDto[];
@ApiProperty({
description: 'Payment method',
enum: PaymentMethod,
example: PaymentMethod.CASH,
})
@IsEnum(PaymentMethod, { message: 'Invalid payment method' })
paymentMethod: PaymentMethod;
@ApiPropertyOptional({
description: 'Discount amount',
example: 10.0,
minimum: 0,
default: 0,
})
@IsOptional()
@IsNumber(
{ maxDecimalPlaces: 2 },
{ message: 'Discount must be a number with max 2 decimal places' },
)
@Min(0, { message: 'Discount must be at least 0' })
@Type(() => Number)
discount?: number = 0;
}

30
src/modules/transactions/dto/get-transactions.dto.ts Normal file
View File

@@ -0,0 +1,30 @@
import { IsOptional, IsEnum, IsDateString } from 'class-validator';
import { ApiPropertyOptional } from '@nestjs/swagger';
import { PaginationDto } from '../../../common/dto/pagination.dto';
import { PaymentMethod } from './create-transaction.dto';
export class GetTransactionsDto extends PaginationDto {
@ApiPropertyOptional({
description: 'Filter by start date (ISO 8601)',
example: '2025-01-01T00:00:00.000Z',
})
@IsOptional()
@IsDateString({}, { message: 'Start date must be a valid ISO 8601 date' })
startDate?: string;
@ApiPropertyOptional({
description: 'Filter by end date (ISO 8601)',
example: '2025-12-31T23:59:59.999Z',
})
@IsOptional()
@IsDateString({}, { message: 'End date must be a valid ISO 8601 date' })
endDate?: string;
@ApiPropertyOptional({
description: 'Filter by payment method',
enum: PaymentMethod,
})
@IsOptional()
@IsEnum(PaymentMethod, { message: 'Invalid payment method' })
paymentMethod?: PaymentMethod;
}

5
src/modules/transactions/dto/index.ts Normal file
View File

@@ -0,0 +1,5 @@
export * from './create-transaction-item.dto';
export * from './create-transaction.dto';
export * from './get-transactions.dto';
export * from './transaction-response.dto';
export * from './transaction-stats.dto';

68
src/modules/transactions/dto/transaction-response.dto.ts Normal file
View File

@@ -0,0 +1,68 @@
import { ApiProperty } from '@nestjs/swagger';
import { Exclude, Expose, Type } from 'class-transformer';
@Exclude()
export class TransactionItemResponseDto {
@Expose()
@ApiProperty({ description: 'Transaction item ID' })
id: string;
@Expose()
@ApiProperty({ description: 'Product ID' })
productId: string;
@Expose()
@ApiProperty({ description: 'Product name at transaction time' })
productName: string;
@Expose()
@ApiProperty({ description: 'Product price at transaction time' })
price: number;
@Expose()
@ApiProperty({ description: 'Quantity purchased' })
quantity: number;
@Expose()
@ApiProperty({ description: 'Line total (price * quantity)' })
lineTotal: number;
}
@Exclude()
export class TransactionResponseDto {
@Expose()
@ApiProperty({ description: 'Transaction ID' })
id: string;
@Expose()
@ApiProperty({ description: 'Subtotal before tax and discount' })
subtotal: number;
@Expose()
@ApiProperty({ description: 'Tax amount' })
tax: number;
@Expose()
@ApiProperty({ description: 'Discount amount' })
discount: number;
@Expose()
@ApiProperty({ description: 'Total amount (subtotal + tax - discount)' })
total: number;
@Expose()
@ApiProperty({ description: 'Payment method', example: 'cash' })
paymentMethod: string;
@Expose()
@ApiProperty({ description: 'Transaction completion timestamp' })
completedAt: Date;
@Expose()
@Type(() => TransactionItemResponseDto)
@ApiProperty({
description: 'Transaction items',
type: [TransactionItemResponseDto],
})
items: TransactionItemResponseDto[];
}

48
src/modules/transactions/dto/transaction-stats.dto.ts Normal file
View File

@@ -0,0 +1,48 @@
import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
import { Exclude, Expose } from 'class-transformer';
@Exclude()
export class TransactionStatsDto {
@Expose()
@ApiProperty({ description: 'Total number of transactions' })
totalTransactions: number;
@Expose()
@ApiProperty({ description: 'Total revenue (sum of all transaction totals)' })
totalRevenue: number;
@Expose()
@ApiProperty({ description: 'Average transaction amount' })
averageTransactionAmount: number;
@Expose()
@ApiProperty({ description: 'Total items sold' })
totalItemsSold: number;
@Expose()
@ApiPropertyOptional({ description: 'Start date of statistics period' })
startDate?: Date;
@Expose()
@ApiPropertyOptional({ description: 'End date of statistics period' })
endDate?: Date;
}
@Exclude()
export class DailySalesDto {
@Expose()
@ApiProperty({ description: 'Date of sales' })
date: string;
@Expose()
@ApiProperty({ description: 'Number of transactions on this date' })
transactionCount: number;
@Expose()
@ApiProperty({ description: 'Total revenue for this date' })
revenue: number;
@Expose()
@ApiProperty({ description: 'Total items sold on this date' })
itemsSold: number;
}

47
src/modules/transactions/entities/transaction-item.entity.ts Normal file
View File

@@ -0,0 +1,47 @@
import {
Entity,
PrimaryGeneratedColumn,
Column,
ManyToOne,
JoinColumn,
Index,
} from 'typeorm';
import { Transaction } from './transaction.entity';
import { Product } from '../../products/entities/product.entity';
@Entity('transaction_items')
export class TransactionItem {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ type: 'uuid' })
@Index('idx_transaction_items_transaction')
transactionId: string;
@Column({ type: 'uuid' })
@Index('idx_transaction_items_product')
productId: string;
@Column({ type: 'varchar', length: 255 })
productName: string;
@Column({ type: 'decimal', precision: 10, scale: 2 })
price: number;
@Column({ type: 'int' })
quantity: number;
@Column({ type: 'decimal', precision: 10, scale: 2 })
lineTotal: number;
// Relationships
@ManyToOne(() => Transaction, (transaction) => transaction.items, {
onDelete: 'CASCADE',
})
@JoinColumn({ name: 'transactionId' })
transaction: Transaction;
@ManyToOne(() => Product, (product) => product.transactionItems)
@JoinColumn({ name: 'productId' })
product: Product;
}

40
src/modules/transactions/entities/transaction.entity.ts Normal file
View File

@@ -0,0 +1,40 @@
import {
Entity,
PrimaryGeneratedColumn,
Column,
CreateDateColumn,
OneToMany,
Index,
} from 'typeorm';
import { TransactionItem } from './transaction-item.entity';
@Entity('transactions')
export class Transaction {
@PrimaryGeneratedColumn('uuid')
id: string;
@Column({ type: 'decimal', precision: 10, scale: 2 })
subtotal: number;
@Column({ type: 'decimal', precision: 10, scale: 2, default: 0 })
tax: number;
@Column({ type: 'decimal', precision: 10, scale: 2, default: 0 })
discount: number;
@Column({ type: 'decimal', precision: 10, scale: 2 })
total: number;
@Column({ type: 'varchar', length: 50 })
paymentMethod: string;
@CreateDateColumn()
@Index('idx_transactions_date')
completedAt: Date;
// Relationships
@OneToMany(() => TransactionItem, (item) => item.transaction, {
cascade: true,
})
items: TransactionItem[];
}

10
src/modules/transactions/transaction-items.repository.ts Normal file
View File

@@ -0,0 +1,10 @@
import { Injectable } from '@nestjs/common';
import { DataSource, Repository } from 'typeorm';
import { TransactionItem } from './entities/transaction-item.entity';
@Injectable()
export class TransactionItemsRepository extends Repository<TransactionItem> {
constructor(private dataSource: DataSource) {
super(TransactionItem, dataSource.createEntityManager());
}
}

138
src/modules/transactions/transactions.controller.ts Normal file
View File

@@ -0,0 +1,138 @@
import {
Controller,
Get,
Post,
Body,
Param,
Query,
HttpCode,
HttpStatus,
UseGuards,
ParseUUIDPipe,
} from '@nestjs/common';
import {
ApiTags,
ApiOperation,
ApiResponse,
ApiBearerAuth,
ApiQuery,
} from '@nestjs/swagger';
import { TransactionsService } from './transactions.service';
import { CreateTransactionDto } from './dto/create-transaction.dto';
import { GetTransactionsDto } from './dto/get-transactions.dto';
import { TransactionResponseDto } from './dto/transaction-response.dto';
import {
TransactionStatsDto,
DailySalesDto,
} from './dto/transaction-stats.dto';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import { RolesGuard } from '../../common/guards/roles.guard';
import { Roles } from '../../common/decorators/roles.decorator';
import { CurrentUser } from '../../common/decorators/current-user.decorator';
import { UserRole, User } from '../users/entities/user.entity';
@ApiTags('transactions')
@Controller('transactions')
@UseGuards(JwtAuthGuard, RolesGuard)
@ApiBearerAuth()
export class TransactionsController {
constructor(private readonly transactionsService: TransactionsService) {}
@Get()
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@ApiOperation({ summary: 'Get all transactions with pagination and filtering' })
@ApiResponse({
status: 200,
description: 'Transactions retrieved successfully',
type: TransactionResponseDto,
isArray: true,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async findAll(@Query() filters: GetTransactionsDto) {
return this.transactionsService.findAll(filters);
}
@Get('stats')
@Roles(UserRole.MANAGER, UserRole.ADMIN)
@ApiOperation({ summary: 'Get transaction statistics' })
@ApiQuery({
name: 'startDate',
required: false,
description: 'Start date for statistics (ISO 8601)',
example: '2025-01-01T00:00:00.000Z',
})
@ApiQuery({
name: 'endDate',
required: false,
description: 'End date for statistics (ISO 8601)',
example: '2025-12-31T23:59:59.999Z',
})
@ApiResponse({
status: 200,
description: 'Statistics retrieved successfully',
type: TransactionStatsDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Manager or Admin required' })
async getStatistics(
@Query('startDate') startDate?: string,
@Query('endDate') endDate?: string,
) {
return this.transactionsService.getStatistics(startDate, endDate);
}
@Get('stats/daily')
@Roles(UserRole.MANAGER, UserRole.ADMIN)
@ApiOperation({ summary: 'Get daily sales report' })
@ApiQuery({
name: 'date',
required: false,
description: 'Date for daily sales (ISO 8601). Defaults to today',
example: '2025-01-15T00:00:00.000Z',
})
@ApiResponse({
status: 200,
description: 'Daily sales retrieved successfully',
type: DailySalesDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Manager or Admin required' })
async getDailySales(@Query('date') date?: string) {
return this.transactionsService.getDailySales(date);
}
@Get(':id')
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@ApiOperation({ summary: 'Get transaction details by ID' })
@ApiResponse({
status: 200,
description: 'Transaction found',
type: TransactionResponseDto,
})
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
@ApiResponse({ status: 404, description: 'Transaction not found' })
async findOne(@Param('id', ParseUUIDPipe) id: string) {
return this.transactionsService.findOne(id);
}
@Post()
@Roles(UserRole.CASHIER, UserRole.MANAGER, UserRole.ADMIN)
@HttpCode(HttpStatus.CREATED)
@ApiOperation({ summary: 'Create a new transaction' })
@ApiResponse({
status: 201,
description: 'Transaction created successfully',
type: TransactionResponseDto,
})
@ApiResponse({ status: 400, description: 'Bad Request - Validation error or insufficient stock' })
@ApiResponse({ status: 401, description: 'Unauthorized' })
@ApiResponse({ status: 403, description: 'Forbidden - Insufficient permissions' })
async create(
@Body() createTransactionDto: CreateTransactionDto,
@CurrentUser() user: User,
) {
return this.transactionsService.create(createTransactionDto, user.id);
}
}

21
src/modules/transactions/transactions.module.ts Normal file
View File

@@ -0,0 +1,21 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { TransactionsController } from './transactions.controller';
import { TransactionsService } from './transactions.service';
import { TransactionsRepository } from './transactions.repository';
import { TransactionItemsRepository } from './transaction-items.repository';
import { Transaction } from './entities/transaction.entity';
import { TransactionItem } from './entities/transaction-item.entity';
import { Product } from '../products/entities/product.entity';
@Module({
imports: [TypeOrmModule.forFeature([Transaction, TransactionItem, Product])],
controllers: [TransactionsController],
providers: [
TransactionsService,
TransactionsRepository,
TransactionItemsRepository,
],
exports: [TransactionsService, TransactionsRepository],
})
export class TransactionsModule {}

145
src/modules/transactions/transactions.repository.ts Normal file
View File

@@ -0,0 +1,145 @@
import { Injectable } from '@nestjs/common';
import { DataSource, Repository, Between, MoreThanOrEqual, LessThanOrEqual } from 'typeorm';
import { Transaction } from './entities/transaction.entity';
import { GetTransactionsDto } from './dto/get-transactions.dto';
@Injectable()
export class TransactionsRepository extends Repository<Transaction> {
constructor(private dataSource: DataSource) {
super(Transaction, dataSource.createEntityManager());
}
async findWithFilters(filters: GetTransactionsDto) {
const { page = 1, limit = 20, startDate, endDate, paymentMethod } = filters;
const queryBuilder = this.createQueryBuilder('transaction')
.leftJoinAndSelect('transaction.items', 'items')
.orderBy('transaction.completedAt', 'DESC');
// Apply date filters
if (startDate && endDate) {
queryBuilder.andWhere('transaction.completedAt BETWEEN :startDate AND :endDate', {
startDate: new Date(startDate),
endDate: new Date(endDate),
});
} else if (startDate) {
queryBuilder.andWhere('transaction.completedAt >= :startDate', {
startDate: new Date(startDate),
});
} else if (endDate) {
queryBuilder.andWhere('transaction.completedAt <= :endDate', {
endDate: new Date(endDate),
});
}
// Apply payment method filter
if (paymentMethod) {
queryBuilder.andWhere('transaction.paymentMethod = :paymentMethod', {
paymentMethod,
});
}
// Pagination
const skip = (page - 1) * limit;
queryBuilder.skip(skip).take(limit);
const [data, total] = await queryBuilder.getManyAndCount();
return {
data,
meta: {
page,
limit,
total,
totalPages: Math.ceil(total / limit),
},
};
}
async findByIdWithItems(id: string): Promise<Transaction | null> {
return this.findOne({
where: { id },
relations: ['items'],
});
}
async getStatistics(startDate?: Date, endDate?: Date) {
const queryBuilder = this.createQueryBuilder('transaction')
.select('COUNT(transaction.id)', 'totalTransactions')
.addSelect('COALESCE(SUM(transaction.total), 0)', 'totalRevenue')
.addSelect('COALESCE(AVG(transaction.total), 0)', 'averageTransactionAmount');
if (startDate && endDate) {
queryBuilder.where('transaction.completedAt BETWEEN :startDate AND :endDate', {
startDate,
endDate,
});
} else if (startDate) {
queryBuilder.where('transaction.completedAt >= :startDate', { startDate });
} else if (endDate) {
queryBuilder.where('transaction.completedAt <= :endDate', { endDate });
}
const result = await queryBuilder.getRawOne();
// Get total items sold
const itemsQuery = this.createQueryBuilder('transaction')
.leftJoin('transaction.items', 'items')
.select('COALESCE(SUM(items.quantity), 0)', 'totalItemsSold');
if (startDate && endDate) {
itemsQuery.where('transaction.completedAt BETWEEN :startDate AND :endDate', {
startDate,
endDate,
});
} else if (startDate) {
itemsQuery.where('transaction.completedAt >= :startDate', { startDate });
} else if (endDate) {
itemsQuery.where('transaction.completedAt <= :endDate', { endDate });
}
const itemsResult = await itemsQuery.getRawOne();
return {
totalTransactions: parseInt(result.totalTransactions || '0'),
totalRevenue: parseFloat(result.totalRevenue || '0'),
averageTransactionAmount: parseFloat(result.averageTransactionAmount || '0'),
totalItemsSold: parseInt(itemsResult.totalItemsSold || '0'),
startDate,
endDate,
};
}
async getDailySales(date: Date) {
const startOfDay = new Date(date);
startOfDay.setHours(0, 0, 0, 0);
const endOfDay = new Date(date);
endOfDay.setHours(23, 59, 59, 999);
const result = await this.createQueryBuilder('transaction')
.select('COUNT(transaction.id)', 'transactionCount')
.addSelect('COALESCE(SUM(transaction.total), 0)', 'revenue')
.where('transaction.completedAt BETWEEN :startOfDay AND :endOfDay', {
startOfDay,
endOfDay,
})
.getRawOne();
const itemsResult = await this.createQueryBuilder('transaction')
.leftJoin('transaction.items', 'items')
.select('COALESCE(SUM(items.quantity), 0)', 'itemsSold')
.where('transaction.completedAt BETWEEN :startOfDay AND :endOfDay', {
startOfDay,
endOfDay,
})
.getRawOne();
return {
date: date.toISOString().split('T')[0],
transactionCount: parseInt(result.transactionCount || '0'),
revenue: parseFloat(result.revenue || '0'),
itemsSold: parseInt(itemsResult.itemsSold || '0'),
};
}
}

232
src/modules/transactions/transactions.service.ts Normal file
View File

@@ -0,0 +1,232 @@
import {
Injectable,
NotFoundException,
BadRequestException,
InternalServerErrorException,
} from '@nestjs/common';
import { InjectRepository } from '@nestjs/typeorm';
import { DataSource, Repository } from 'typeorm';
import { Transaction } from './entities/transaction.entity';
import { TransactionItem } from './entities/transaction-item.entity';
import { Product } from '../products/entities/product.entity';
import { TransactionsRepository } from './transactions.repository';
import { TransactionItemsRepository } from './transaction-items.repository';
import { CreateTransactionDto } from './dto/create-transaction.dto';
import { GetTransactionsDto } from './dto/get-transactions.dto';
import { plainToInstance } from 'class-transformer';
import {
TransactionResponseDto,
TransactionItemResponseDto,
} from './dto/transaction-response.dto';
import {
TransactionStatsDto,
DailySalesDto,
} from './dto/transaction-stats.dto';
// Tax percentage - can be moved to config
const TAX_PERCENTAGE = 0.1; // 10% tax
@Injectable()
export class TransactionsService {
constructor(
private readonly transactionsRepository: TransactionsRepository,
private readonly transactionItemsRepository: TransactionItemsRepository,
@InjectRepository(Product)
private readonly productsRepository: Repository<Product>,
private readonly dataSource: DataSource,
) {}
async findAll(filters: GetTransactionsDto) {
const result = await this.transactionsRepository.findWithFilters(filters);
return {
data: plainToInstance(TransactionResponseDto, result.data, {
excludeExtraneousValues: true,
}),
meta: result.meta,
};
}
async findOne(id: string): Promise<TransactionResponseDto> {
const transaction = await this.transactionsRepository.findByIdWithItems(id);
if (!transaction) {
throw new NotFoundException(`Transaction with ID ${id} not found`);
}
return plainToInstance(TransactionResponseDto, transaction, {
excludeExtraneousValues: true,
});
}
async create(
createTransactionDto: CreateTransactionDto,
userId?: string,
): Promise<TransactionResponseDto> {
// Use database transaction for atomicity
const queryRunner = this.dataSource.createQueryRunner();
await queryRunner.connect();
await queryRunner.startTransaction();
try {
// Step 1: Validate all products exist and have sufficient stock
const productIds = createTransactionDto.items.map((item) => item.productId);
const products = await queryRunner.manager.find(Product, {
where: productIds.map((id) => ({ id })),
lock: { mode: 'pessimistic_write' }, // Lock rows for update
});
if (products.length !== productIds.length) {
const foundIds = products.map((p) => p.id);
const missingIds = productIds.filter((id) => !foundIds.includes(id));
throw new BadRequestException(
`Products not found: ${missingIds.join(', ')}`,
);
}
// Create a map for quick product lookup
const productMap = new Map(products.map((p) => [p.id, p]));
// Step 2: Validate stock availability and calculate totals
let subtotal = 0;
const itemsData: Array<{
product: Product;
quantity: number;
price: number;
lineTotal: number;
}> = [];
for (const itemDto of createTransactionDto.items) {
const product = productMap.get(itemDto.productId)!;
// Check if product is available
if (!product.isAvailable) {
throw new BadRequestException(
`Product "${product.name}" is not available`,
);
}
// Check stock availability
if (product.stockQuantity < itemDto.quantity) {
throw new BadRequestException(
`Insufficient stock for product "${product.name}". Available: ${product.stockQuantity}, Requested: ${itemDto.quantity}`,
);
}
const price = Number(product.price);
const lineTotal = price * itemDto.quantity;
subtotal += lineTotal;
itemsData.push({
product,
quantity: itemDto.quantity,
price,
lineTotal,
});
}
// Step 3: Calculate tax and total
const tax = subtotal * TAX_PERCENTAGE;
const discount = createTransactionDto.discount || 0;
const total = subtotal + tax - discount;
if (total < 0) {
throw new BadRequestException('Total amount cannot be negative');
}
// Step 4: Create transaction
const transaction = queryRunner.manager.create(Transaction, {
subtotal: Number(subtotal.toFixed(2)),
tax: Number(tax.toFixed(2)),
discount: Number(discount.toFixed(2)),
total: Number(total.toFixed(2)),
paymentMethod: createTransactionDto.paymentMethod,
});
const savedTransaction = await queryRunner.manager.save(transaction);
// Step 5: Create transaction items and update product stock
const transactionItems: TransactionItem[] = [];
for (const itemData of itemsData) {
// Create transaction item (snapshot product data)
const transactionItem = queryRunner.manager.create(TransactionItem, {
transactionId: savedTransaction.id,
productId: itemData.product.id,
productName: itemData.product.name,
price: Number(itemData.price.toFixed(2)),
quantity: itemData.quantity,
lineTotal: Number(itemData.lineTotal.toFixed(2)),
});
transactionItems.push(transactionItem);
// Update product stock atomically
await queryRunner.manager.decrement(
Product,
{ id: itemData.product.id },
'stockQuantity',
itemData.quantity,
);
}
await queryRunner.manager.save(TransactionItem, transactionItems);
// Commit transaction
await queryRunner.commitTransaction();
// Fetch the complete transaction with items
const completeTransaction = await this.transactionsRepository.findByIdWithItems(
savedTransaction.id,
);
return plainToInstance(TransactionResponseDto, completeTransaction, {
excludeExtraneousValues: true,
});
} catch (error) {
// Rollback transaction on error
await queryRunner.rollbackTransaction();
// Re-throw known errors
if (
error instanceof BadRequestException ||
error instanceof NotFoundException
) {
throw error;
}
// Wrap unknown errors
throw new InternalServerErrorException(
'Failed to create transaction',
error.message,
);
} finally {
// Release query runner
await queryRunner.release();
}
}
async getStatistics(
startDate?: string,
endDate?: string,
): Promise<TransactionStatsDto> {
const start = startDate ? new Date(startDate) : undefined;
const end = endDate ? new Date(endDate) : undefined;
const stats = await this.transactionsRepository.getStatistics(start, end);
return plainToInstance(TransactionStatsDto, stats, {
excludeExtraneousValues: true,
});
}
async getDailySales(date?: string): Promise<DailySalesDto> {
const targetDate = date ? new Date(date) : new Date();
const dailySales = await this.transactionsRepository.getDailySales(targetDate);
return plainToInstance(DailySalesDto, dailySales, {
excludeExtraneousValues: true,
});
}
}

Some files were not shown because too many files have changed in this diff Show More