initial commit

target/classes/application-dev.yml

@@ -0,0 +1,48 @@
+server:
+  port: 8080
+
+spring:
+  config:
+    activate:
+      on-profile: dev
+  jackson:
+    time-zone: Asia/Jakarta
+  datasource:
+    url: jdbc:postgresql://localhost:5432/utmsng
+    username: utms
+    password: utms1234
+  jpa:
+    hibernate:
+      ddl-auto: update
+    properties:
+      hibernate:
+        format_sql: true
+    open-in-view: true
+  data:
+    redis:
+      host: localhost
+      port: 6379
+      timeout: 2s
+  cache:
+    type: redis
+  activemq:
+    broker-url: tcp://localhost:61616
+    user: admin
+    password: admin
+  jms:
+    listener:
+      acknowledge-mode: auto
+app:
+  security:
+    login:
+      max-failed-attempts: 5
+      failed-attempt-window-seconds: 900
+      lockout-duration-seconds: 300
+    single-login:
+      enabled: false
+  jwt:
+    secret: change-me-this-is-a-very-long-dev-jwt-secret-key-256-bits-min
+  seed:
+    enabled: true
+
+

target/classes/application-local.yml

@@ -0,0 +1,48 @@
+server:
+  port: 9191
+
+spring:
+  config:
+    activate:
+      on-profile: local
+  jackson:
+    time-zone: Asia/Jakarta
+  datasource:
+    url: jdbc:postgresql://localhost:5432/utmsng
+    username: utms
+    password: utms1234
+  jpa:
+    hibernate:
+      ddl-auto: update
+    properties:
+      hibernate:
+        format_sql: true
+    open-in-view: true
+  data:
+    redis:
+      host: localhost
+      port: 6379
+      timeout: 2s
+  cache:
+    type: redis
+  activemq:
+    broker-url: tcp://localhost:61616
+    user: admin
+    password: admin
+  jms:
+    listener:
+      acknowledge-mode: auto
+app:
+  security:
+    login:
+      max-failed-attempts: 5
+      failed-attempt-window-seconds: 900
+      lockout-duration-seconds: 300
+    single-login:
+      enabled: false
+  jwt:
+    secret: local-dev-fallback-jwt-secret-key-for-local-dev-environment-256-bits-min
+  seed:
+    enabled: true
+
+

target/classes/application-prd.yml

@@ -0,0 +1,51 @@
+server:
+  port: 8080
+
+spring:
+  config:
+    activate:
+      on-profile: prd
+  jackson:
+    time-zone: Asia/Jakarta
+  datasource:
+    url: ${DB_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+  jpa:
+    hibernate:
+      ddl-auto: validate
+    properties:
+      hibernate:
+        format_sql: false
+        jdbc:
+          time_zone: UTC
+    open-in-view: false
+  data:
+    redis:
+      host: ${REDIS_HOST}
+      port: ${REDIS_PORT:6379}
+      password: ${REDIS_PASSWORD:}
+      timeout: ${REDIS_TIMEOUT:2s}
+  cache:
+    type: redis
+  activemq:
+    broker-url: ${ACTIVEMQ_BROKER_URL}
+    user: ${ACTIVEMQ_USER}
+    password: ${ACTIVEMQ_PASSWORD}
+  jms:
+    listener:
+      acknowledge-mode: auto
+app:
+  security:
+    login:
+      max-failed-attempts: ${MAX_LOGIN_ATTEMPTS:5}
+      failed-attempt-window-seconds: ${LOGIN_FAILED_WINDOW_SECONDS:900}
+      lockout-duration-seconds: ${LOGIN_LOCKOUT_SECONDS:300}
+    single-login:
+      enabled: ${SINGLE_LOGIN_ENABLED:false}
+  jwt:
+    secret: ${JWT_SECRET}
+  seed:
+    enabled: false
+
+

target/classes/application.yml

@@ -0,0 +1,55 @@
+server:
+  port: 8080
+
+spring:
+  application:
+    name: utms-ng-be
+  profiles:
+    active: dev
+  jackson:
+    time-zone: Asia/Jakarta
+  messages:
+    basename: i18n/messages
+    default-locale: en_US
+
+app:
+  security:
+    single-login:
+      enabled: false
+  jwt:
+    access-token-minutes: 15
+    refresh-token-days: 7
+  seed:
+    enabled: false
+  ldap:
+    enabled: false
+    url: ldap://localhost:389
+    base: dc=example,dc=org
+    manager-dn: ""
+    manager-password: ""
+    user-search-base: ou=people
+    user-search-filter: (uid={0})
+    group-search-base: ou=groups
+    group-search-filter: (uniqueMember={0})
+
+springdoc:
+  api-docs:
+    path: /v3/api-docs
+  swagger-ui:
+    path: /swagger-ui.html
+    persist-authorization: true
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info
+
+logging:
+  level:
+    org.springframework.security: INFO
+    id.iptek.utms: INFO
+
+spring.mvc:
+  locale: en_US
+

target/classes/db/schema.sql

@@ -0,0 +1,172 @@
+-- Optional reference schema for PostgreSQL (JPA ddl-auto=update is enabled by default)
+
+create table if not exists sys_tenants (
+  id uuid primary key,
+  tenant_id varchar(100) not null unique,
+  name varchar(255) not null,
+  active boolean not null,
+  created_at timestamp with time zone not null
+);
+
+create table if not exists sec_permissions (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  code varchar(100) not null,
+  name varchar(255) not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255),
+  constraint sec_uk_permissions_tenant_code unique (tenant_id, code)
+);
+
+create table if not exists sec_roles (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  code varchar(100) not null,
+  name varchar(255) not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255),
+  constraint sec_uk_roles_tenant_code unique (tenant_id, code)
+);
+
+create table if not exists sec_users (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  username varchar(100) not null,
+  password varchar(255),
+  auth_source varchar(20) not null default 'LOCAL',
+  ldap_dn varchar(512),
+  enabled boolean not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255),
+  constraint sec_uk_users_tenant_username unique (tenant_id, username)
+);
+
+create table if not exists sec_user_roles (
+  user_id uuid not null references sec_users(id),
+  role_id uuid not null references sec_roles(id),
+  primary key (user_id, role_id)
+);
+
+create table if not exists sec_role_permissions (
+  role_id uuid not null references sec_roles(id),
+  permission_id uuid not null references sec_permissions(id),
+  primary key (role_id, permission_id)
+);
+
+create table if not exists sec_user_ui_preferences (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  user_id uuid not null references sec_users(id),
+  preference_key varchar(255) not null,
+  value_json text not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255),
+  constraint sec_uk_user_ui_preferences unique (tenant_id, user_id, preference_key)
+);
+create index if not exists sec_idx_user_ui_preferences_tenant_user_updated on sec_user_ui_preferences (tenant_id, user_id, updated_at);
+create index if not exists sec_idx_user_ui_preferences_tenant_user on sec_user_ui_preferences (tenant_id, user_id);
+create index if not exists sec_idx_user_ui_preferences_user on sec_user_ui_preferences (user_id);
+
+create table if not exists sec_refresh_tokens (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  user_id uuid not null references sec_users(id),
+  token varchar(512) not null unique,
+  expires_at timestamp with time zone not null,
+  revoked boolean not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255)
+);
+
+create table if not exists sys_system_modules (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  code varchar(100) not null,
+  name varchar(255) not null,
+  enabled boolean not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255),
+  constraint sys_uk_system_modules_tenant_code unique (tenant_id, code)
+);
+
+create table if not exists sys_approval_requests (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  resource_type varchar(255) not null,
+  resource_id varchar(255) not null,
+  payload text,
+  status varchar(50) not null,
+  required_steps integer not null,
+  current_step integer not null,
+  maker_username varchar(255) not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255)
+);
+
+create table if not exists sys_approval_steps (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  request_id uuid not null references sys_approval_requests(id),
+  step_order integer not null,
+  checker_role varchar(255) not null,
+  status varchar(50) not null,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255)
+);
+
+create table if not exists sys_approval_history (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  request_id uuid not null references sys_approval_requests(id),
+  action varchar(50) not null,
+  actor_username varchar(255) not null,
+  notes text,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255)
+);
+
+create table if not exists sys_audit_trails (
+  id uuid primary key,
+  tenant_id varchar(100) not null,
+  correlation_id varchar(100),
+  actor varchar(255) not null,
+  action varchar(100) not null,
+  domain varchar(100),
+  resource_type varchar(100),
+  resource_id varchar(255),
+  outcome varchar(20) not null,
+  http_method varchar(20),
+  request_path varchar(500),
+  client_ip varchar(80),
+  error_message varchar(1000),
+  details text,
+  before_state text,
+  after_state text,
+  created_at timestamp with time zone,
+  updated_at timestamp with time zone,
+  created_by varchar(255),
+  updated_by varchar(255)
+);
+
+create index if not exists sys_idx_audit_tenant_created_on on sys_audit_trails (tenant_id, created_at);
+create index if not exists sys_idx_audit_correlation on sys_audit_trails (correlation_id);
+create index if not exists sys_idx_audit_actor on sys_audit_trails (actor);
+create index if not exists sys_idx_audit_action on sys_audit_trails (action);

target/classes/i18n/messages.properties

@@ -0,0 +1,33 @@
+auth.login.success=Login successful
+auth.refresh.success=Token refreshed successfully
+auth.logout.success=Logout successful
+user.me.success=Current user fetched successfully
+workflow.request.created=Approval request created
+workflow.request.approved=Approval request approved
+workflow.request.rejected=Approval request rejected
+workflow.request.listed=Workflow requests fetched
+module.list.success=Modules fetched
+module.toggle.success=Module updated
+audit.list.success=Audit trail fetched
+error.validation=Validation failed
+error.forbidden=Access denied
+error.internal=Internal server error
+user.management.request.created=User management request created
+role.management.request.created=Role management request created
+auth.invalid.credentials=Invalid username or password
+auth.login.locked=Account locked. Please try again in {0} seconds
+auth.user.notfound=User not found
+auth.user.notfound.for.ldap=LDAP user authenticated but not provisioned in this tenant
+auth.refresh.notfound=Refresh token not found
+auth.refresh.invalid=Refresh token expired or revoked
+auth.single.login.invalid_session=Session is no longer active. Please log in again.
+tenant.header.required=X-Tenant-Id header is required
+tenant.header.mismatch=X-Tenant-Id header does not match authenticated tenant context
+user.preferences.get.success=Preferences retrieved
+user.preferences.upsert.success=Table preference saved
+user.preferences.reset.table.success=Table preference reset
+user.preferences.reset.all.success=All UI preferences reset
+user.preferences.invalid.key=Invalid preference key
+user.preferences.invalid.columns=Invalid visible columns
+user.preferences.serialize.failed=Unable to save preference
+user.preferences.invalid.value=Stored preference value is invalid

target/classes/i18n/messages_id.properties

@@ -0,0 +1,33 @@
+auth.login.success=Login berhasil
+auth.refresh.success=Token berhasil diperbarui
+auth.logout.success=Logout berhasil
+user.me.success=Data pengguna berhasil diambil
+workflow.request.created=Permintaan persetujuan berhasil dibuat
+workflow.request.approved=Permintaan persetujuan disetujui
+workflow.request.rejected=Permintaan persetujuan ditolak
+workflow.request.listed=Permintaan persetujuan diambil
+module.list.success=Daftar modul berhasil diambil
+module.toggle.success=Status modul berhasil diperbarui
+audit.list.success=Riwayat audit berhasil diambil
+error.validation=Validasi gagal
+error.forbidden=Akses ditolak
+error.internal=Terjadi kesalahan internal
+user.management.request.created=Permintaan manajemen pengguna telah dibuat
+role.management.request.created=Permintaan manajemen peran telah dibuat
+auth.invalid.credentials=Username atau password tidak valid
+auth.login.locked=Akun terkunci. Silakan coba lagi dalam {0} detik
+auth.user.notfound=Pengguna tidak ditemukan
+auth.user.notfound.for.ldap=Pengguna LDAP berhasil diautentikasi tetapi belum diprovisioning di tenant ini
+auth.refresh.notfound=Token refresh tidak ditemukan
+auth.refresh.invalid=Token refresh kedaluwarsa atau dibatalkan
+auth.single.login.invalid_session=Session tidak lagi aktif. Silakan masuk kembali.
+tenant.header.required=Header X-Tenant-Id wajib diisi
+tenant.header.mismatch=Header X-Tenant-Id tidak sesuai dengan tenant yang terautentikasi
+user.preferences.get.success=Preferensi berhasil diambil
+user.preferences.upsert.success=Preferensi tabel berhasil disimpan
+user.preferences.reset.table.success=Preferensi tabel berhasil diatur ulang
+user.preferences.reset.all.success=Semua preferensi UI berhasil dihapus
+user.preferences.invalid.key=Kunci preferensi tidak valid
+user.preferences.invalid.columns=Kolom yang terlihat tidak valid
+user.preferences.serialize.failed=Tidak dapat menyimpan preferensi
+user.preferences.invalid.value=Nilai preferensi tersimpan tidak valid