diff --git a/README.md b/README.md index 4387c4a..f3cf161 100644 --- a/README.md +++ b/README.md @@ -1,53 +1,58 @@ -# biiproject-kit v1 +# ⚡ biiproject-kit v1 -Aplikasi web manajemen bisnis berbasis **Laravel 13** dengan PostgreSQL, Redis, dan WebSocket real-time. +[![Laravel](https://img.shields.io/badge/Laravel-13.x-FF2D20?style=for-the-badge&logo=laravel)](https://laravel.com) +[![PostgreSQL](https://img.shields.io/badge/PostgreSQL-15-4169E1?style=for-the-badge&logo=postgresql)](https://www.postgresql.org) +[![Redis](https://img.shields.io/badge/Redis-Alpine-DC382D?style=for-the-badge&logo=redis)](https://redis.io) +[![Tests](https://img.shields.io/badge/Tests-371%20Passed-31C653?style=for-the-badge)]() +[![Pint](https://img.shields.io/badge/Pint-Clean-007ACC?style=for-the-badge)]() +[![Larastan](https://img.shields.io/badge/Larastan-Level%205-blue?style=for-the-badge)]() -[![Tests](https://img.shields.io/badge/tests-371%20passed-brightgreen)]() [![Larastan](https://img.shields.io/badge/Larastan-level%205-blue)]() [![Pint](https://img.shields.io/badge/Pint-clean-blue)]() [![License](https://img.shields.io/badge/license-Proprietary-red)]() +Aplikasi web manajemen bisnis berbasis **Laravel 13** dengan PostgreSQL, Redis, dan WebSocket real-time. Didesain secara tangguh, kaya fitur keamanan bawaan, dan diintegrasikan dengan AI Intelligence Engine. --- -## Fitur Utama +## 🛠️ Fitur Utama -- **Dashboard Admin Real-time** — ringkasan CPU/RAM/Disk/Live Users/Queue dengan update via WebSocket (Reverb). Widget bisa disembunyikan, diurutkan ulang (drag), dan disimpan per-user. Fallback ke polling 30 detik jika Reverb tidak terhubung. -- **Custom Dashboard Widgets** — 7 widget bawaan (cpu, ram, disk, live users, queues, activity feed, AI insight). Per-user layout tersimpan di `dashboard_widget_preferences`. Toggle show/hide + drag-to-reorder via SortableJS. -- **Manajemen Pengguna** — role & permission granular (Spatie), soft delete + restore + force delete, bulk action -- **Global Settings** — branding, keamanan, email, AI, SAP, backup, dan lainnya dalam satu panel -- **Mobile Settings** — kontrol remote konfigurasi aplikasi Android/iOS -- **Maintenance Mode** — offline page dengan countdown, bypass key, dan IP whitelist -- **Backup & Restore** — Local, Amazon S3, atau Google Drive dengan enkripsi opsional -- **System Monitoring** — log Laravel, log SAP, log mobile, background job, AI usage, health check -- **Notifikasi Real-time** — WebSocket via Laravel Reverb + Notification Center. Dashboard stats di-push tiap menit via `dashboard:broadcast-stats`. -- **Granular Tab Permissions** — 85 permission level tab untuk Global/Mobile Settings. `CheckTabPermission` middleware + `@cantab`/`@managetab` Blade directives. Picker role dengan UI two-panel drag-drop dan category headers. -- **Session Manager** — lihat & paksa logout sesi aktif, single-session enforcement opsional -- **Legal & Content** — Privacy Policy, ToS, About (WYSIWYG), kepatuhan UU PDP No. 27/2022 -- **Mobile App** — React Native + Expo dengan API Sanctum, OTP, device token (push notification) -- **Audit Trail** — semua perubahan tercatat via Spatie ActivityLog + Action Log -- **Error Monitoring** — Sentry integration untuk production error tracking -- **Passkeys (WebAuthn)** — login biometrik/FIDO2 -- **Social OAuth** — Google, Facebook, GitHub (callback aman terhadap identity-overwrite) -- **AI Intelligence Engine** — Integrasi OpenAI, Gemini, Claude, DeepSeek, Mistral, dll. -- **Smart Search (CMD+K)** — Navigasi cerdas & AI Assistant terintegrasi -- **AI Security Audit** — Skor keamanan otomatis & rekomendasi perkuatan (hardening) -- **AI Error Diagnostics** — Analisis otomatis & saran perbaikan saat terjadi error sistem -- **API Documentation** — Swagger/OpenAPI otomatis (l5-swagger) dengan bantuan AI +* 📊 **Dashboard Admin Real-time** — ringkasan CPU/RAM/Disk/Live Users/Queue dengan update via WebSocket (Reverb). Widget bisa disembunyikan, diurutkan ulang (drag), dan disimpan per-user. Fallback ke polling 30 detik jika Reverb tidak terhubung. +* 🧩 **Custom Dashboard Widgets** — 7 widget bawaan (cpu, ram, disk, live users, queues, activity feed, AI insight). Per-user layout tersimpan di `dashboard_widget_preferences`. Toggle show/hide + drag-to-reorder via SortableJS. +* 👤 **Manajemen Pengguna** — role & permission granular (Spatie), soft delete + restore + force delete, bulk action. +* ⚙️ **Global Settings** — branding, keamanan, email, AI, SAP, backup, dan lainnya dalam satu panel. +* 📱 **Mobile Settings** — kontrol remote konfigurasi aplikasi Android/iOS. +* 🚧 **Maintenance Mode** — offline page dengan countdown, bypass key, dan IP whitelist. +* 💾 **Backup & Restore** — Local, Amazon S3, atau Google Drive dengan enkripsi opsional. +* 🩺 **System Monitoring** — log Laravel, log SAP, log mobile, background job, AI usage, health check. +* 📢 **Notifikasi Real-time** — WebSocket via Laravel Reverb + Notification Center. Dashboard stats di-push tiap menit via `dashboard:broadcast-stats`. +* 🛡️ **Granular Tab Permissions** — 85 permission level tab untuk Global/Mobile Settings. `CheckTabPermission` middleware + `@cantab`/`@managetab` Blade directives. Picker role dengan UI two-panel drag-drop dan category headers. +* 🔌 **Session Manager** — lihat & paksa logout sesi aktif, single-session enforcement opsional. +* ⚖️ **Legal & Content** — Privacy Policy, ToS, About (WYSIWYG), kepatuhan UU PDP No. 27/2022. +* 📱 **Mobile App** — React Native + Expo dengan API Sanctum, OTP, device token (push notification). +* 🪵 **Audit Trail** — semua perubahan tercatat via Spatie ActivityLog + Action Log. +* 🚨 **Error Monitoring** — Sentry integration untuk production error tracking. +* 🔑 **Passkeys (WebAuthn)** — login biometrik/FIDO2. +* 🤝 **Social OAuth** — Google, Facebook, GitHub (callback aman terhadap identity-overwrite). +* 🤖 **AI Intelligence Engine** — Integrasi OpenAI, Gemini, Claude, DeepSeek, Mistral, dll. +* 🔍 **Smart Search (CMD+K)** — Navigasi cerdas & AI Assistant terintegrasi. +* 🛡️ **AI Security Audit** — Skor keamanan otomatis & rekomendasi perkuatan (hardening). +* 🩺 **AI Error Diagnostics** — Analisis otomatis & saran perbaikan saat terjadi error sistem. +* 📘 **API Documentation** — Swagger/OpenAPI otomatis (l5-swagger) dengan bantuan AI. --- -## Keamanan Bawaan +## 🛡️ Keamanan Bawaan -- **Security headers**: `X-Content-Type-Options`, `X-Frame-Options`, `Referrer-Policy`, `Permissions-Policy`, `X-XSS-Protection`, dan `Strict-Transport-Security` (HTTPS) di-set otomatis oleh middleware global. -- **Rate limiting**: throttle pada `/login`, `/2fa`, `/forgot-password`, `/api/v1/otp/*`, dan endpoint mobile lain. Per-IP bucket terisolasi. -- **Password policy**: panjang min/max, charset wajib, expiry, dan **history reuse blocker** (Bcrypt 12 rounds). -- **IP access control**: whitelist admin, blacklist global, auto-block on burst (24 jam) dengan alert Telegram. -- **Data integrity**: FK constraint penuh di semua tabel audit; soft-delete cascade tested. -- **Data retention otomatis**: 10 tabel/model memiliki kebijakan retensi — OTP & trusted device dipangkas saat expired, log AI & healing 90 hari, password history 365 hari, Telescope 48 jam. Dijalankan via `model:prune` + `telescope:prune` setiap dini hari. +* **Security Headers**: `X-Content-Type-Options`, `X-Frame-Options`, `Referrer-Policy`, `Permissions-Policy`, `X-XSS-Protection`, dan `Strict-Transport-Security` (HTTPS) di-set otomatis oleh middleware global. +* **Rate Limiting**: throttle pada `/login`, `/2fa`, `/forgot-password`, `/api/v1/otp/*`, dan endpoint mobile lain. Per-IP bucket terisolasi. +* **Password Policy**: panjang min/max, charset wajib, expiry, dan **history reuse blocker** (Bcrypt 12 rounds). +* **IP Access Control**: whitelist admin, blacklist global, auto-block on burst (24 jam) dengan alert Telegram. +* **Data Integrity**: FK constraint penuh di semua tabel audit; soft-delete cascade tested. +* **Data Retention Otomatis**: 10 tabel/model memiliki kebijakan retensi — OTP & trusted device dipangkas saat expired, log AI & healing 90 hari, password history 365 hari, Telescope 48 jam. Dijalankan via `model:prune` + `telescope:prune` setiap dini hari. --- -## Quality Gate +## ⚡ Quality Gate | Check | Status | Tool | -|-------|--------|------| +|---|---|---| | Unit & feature tests | **371 / 371 ✓** | Pest 4 | | Static analysis | **clean** | Larastan level 5 (baseline) | | Code style | **clean** | Laravel Pint (PSR-12) | @@ -65,12 +70,12 @@ CI menjalankan keempatnya di setiap push/PR — lihat [`.github/workflows/ci.yml --- -## Perintah Artisan Khusus +## 🛠️ Perintah Artisan Khusus Sistem ini dilengkapi dengan perintah CLI tambahan untuk memudahkan administrasi: | Perintah | Deskripsi | -|----------|-----------| +|---|---| | `php artisan system:check` | Audit kesehatan infrastruktur (DB, Redis, Storage, AI). | | `php artisan system:optimize` | Optimasi cache & pembersihan log produksi. | | `php artisan ai:swagger {path}` | Menghasilkan anotasi Swagger otomatis menggunakan AI. | @@ -83,7 +88,7 @@ Sistem ini dilengkapi dengan perintah CLI tambahan untuk memudahkan administrasi --- -## Mulai Cepat (Development) +## 🚀 Mulai Cepat (Development) ### Tanpa Docker @@ -114,7 +119,8 @@ composer run dev Aplikasi dapat diakses di `http://localhost:8000`. -> **Penting:** Jika seeder dijalankan, selalu clear cache setelahnya agar perubahan muncul di aplikasi: +> [!TIP] +> Jika seeder dijalankan, selalu hapus cache setelahnya agar perubahan muncul di aplikasi: > ```bash > ./vendor/bin/sail artisan cache:clear > ``` @@ -131,93 +137,96 @@ Aplikasi dapat diakses di `http://localhost:8000`. --- -## Akun Default (setelah seed) +## 🔐 Akun Default (Setelah Seed) + +Use the default credentials below to test the RBAC capabilities of the starter kit: | Role | Email | Password | -|------|-------|----------| -| Super Admin | superadmin@biiproject.com | password | -| Admin | admin@biiproject.com | password | -| User | user@biiproject.com | password | +|---|---|---| +| **Super Admin** | `superadmin@biiproject.com` | `password` | +| **Admin** | `admin@biiproject.com` | `password` | +| **User** | `user@biiproject.com` | `password` | +> [!IMPORTANT] > Ganti password segera setelah deploy. Bcrypt 12 rounds + history block aktif by default. --- -## Dokumentasi +## 📖 Dokumentasi | Dokumen | Untuk Siapa | Isi | -|---------|-------------|-----| +|---|---|---| | [README.md](README.md) | Semua | Ringkasan & quick start (file ini) | | [USER_GUIDE.md](USER_GUIDE.md) | Admin / Operator | Cara pakai panel admin | | [TECH_STACK.md](TECH_STACK.md) | Developer | Framework, library, plugin, tooling, CI | | [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) | DevOps | Instalasi server produksi | -| [SECURITY.md](SECURITY.md) | All | Reporting & supply-chain advisory | -| [CHANGELOG.md](CHANGELOG.md) | All | Log perubahan | +| [SECURITY.md](SECURITY.md) | Semua | Reporting & supply-chain advisory | +| [CHANGELOG.md](CHANGELOG.md) | Semua | Log perubahan | | [mobile/README.md](mobile/README.md) | Mobile Dev | Build & pengembangan aplikasi Android/iOS | --- -## Struktur Direktori +## 📂 Struktur Direktori -``` +```text Project/ ├── app/ -│ ├── Exceptions/ SystemConfig/Backup/Monitoring exception classes -│ ├── Helpers/ SettingsHelper, SessionHelper, ImpersonateHelper, PasswordRuleHelper +│ ├── Exceptions/ # SystemConfig/Backup/Monitoring exception classes +│ ├── Helpers/ # SettingsHelper, SessionHelper, ImpersonateHelper, PasswordRuleHelper │ ├── Http/ │ │ ├── Controllers/ -│ │ │ ├── AccessControl/ User, Role, Permission, ActionLog management -│ │ │ ├── Admin/ Mobile settings -│ │ │ ├── Api/ Sanctum-protected mobile API (v1) + Health -│ │ │ ├── Auth/ Login, 2FA, Passkey (WebAuthn), Social OAuth -│ │ │ ├── SystemSettings/ Global settings, monitoring, backup, maintenance -│ │ │ ├── WebAuthn/ Laragear WebAuthn login/register controllers +│ │ │ ├── AccessControl/ # User, Role, Permission, ActionLog management +│ │ │ ├── Admin/ # Mobile settings +│ │ │ ├── Api/ # Sanctum-protected mobile API (v1) + Health +│ │ │ ├── Auth/ # Login, 2FA, Passkey (WebAuthn), Social OAuth +│ │ │ ├── SystemSettings/ # Global settings, monitoring, backup, maintenance +│ │ │ ├── WebAuthn/ # Laragear WebAuthn login/register controllers │ │ │ ├── DashboardController.php │ │ │ ├── ImpersonateController.php │ │ │ ├── LegalController.php │ │ │ └── ProfileController.php -│ │ ├── Helpers/ ApiResponse -│ │ └── Middleware/ SecurityHeaders, IpAccessControl, CheckActivePermission, -│ │ CheckLegalAgreement, PasswordExpiry, GzipCompression +│ │ ├── Helpers/ # ApiResponse +│ │ └── Middleware/ # SecurityHeaders, IpAccessControl, CheckActivePermission, +│ │ # CheckLegalAgreement, PasswordExpiry, GzipCompression │ ├── Services/ -│ │ ├── Auth/ PasswordPolicyService -│ │ ├── AI/ Multi-provider AI service abstraction -│ │ ├── MobileConfig/ MobileConfigService (admin → mobile sync) -│ │ ├── Monitoring/ SystemMonitoringService + MonitoringFormatter -│ │ ├── Notification/ FCM, Telegram adapters -│ │ ├── System/ BackupManagementService, MaintenanceManagementService, -│ │ │ ActivityFormatter, GlobalSearchService -│ │ └── SystemConfig/ SystemConfigService + SettingDefinitions + -│ │ SettingValueCaster + SettingFileUploader -│ └── Models/ User, Role, Permission, SystemSetting (+ Revision), -│ MobileSetting, OtpCode, PasswordHistory, DeviceToken, -│ DashboardWidgetPreference, ... -├── config/ Konfigurasi Laravel +│ │ ├── Auth/ # PasswordPolicyService +│ │ ├── AI/ # Multi-provider AI service abstraction +│ │ ├── MobileConfig/ # MobileConfigService (admin → mobile sync) +│ │ ├── Monitoring/ # SystemMonitoringService + MonitoringFormatter +│ │ ├── Notification/ # FCM, Telegram adapters +│ │ ├── System/ # BackupManagementService, MaintenanceManagementService, +│ │ │ # ActivityFormatter, GlobalSearchService +│ │ └── SystemConfig/ # SystemConfigService + SettingDefinitions + +│ │ # SettingValueCaster + SettingFileUploader +│ └── Models/ # User, Role, Permission, SystemSetting (+ Revision), +│ # MobileSetting, OtpCode, PasswordHistory, DeviceToken, +│ # DashboardWidgetPreference, ... +├── config/ # Konfigurasi Laravel ├── database/ -│ ├── migrations/ Skema database (40+ tabel) -│ └── seeders/ RoleAndPermission, SystemSetting, MobileSetting, AdminUser -├── docker/ Konfigurasi Sail (PHP, Postgres, Redis) -├── mobile/ Aplikasi React Native (Expo SDK 54+) -├── resources/views/ Template Blade +│ ├── migrations/ # Skema database (40+ tabel) +│ └── seeders/ # RoleAndPermission, SystemSetting, MobileSetting, AdminUser +├── docker/ # Konfigurasi Sail (PHP, Postgres, Redis) +├── mobile/ # Aplikasi React Native (Expo SDK 54+) +├── resources/views/ # Template Blade ├── routes/ -│ ├── web.php Rute web (admin panel) -│ ├── api.php Rute API mobile (prefix /api/v1) -│ ├── auth.php Rute autentikasi Breeze + 2FA + WebAuthn -│ ├── ai.php Endpoint AI assistant -│ ├── channels.php Broadcast channel auth -│ └── console.php Schedule kernel -├── storage/api-docs/ Generated OpenAPI/Swagger spec -├── storage/logs/ File log aplikasi +│ ├── web.php # Rute web (admin panel) +│ ├── api.php # Rute API mobile (prefix /api/v1) +│ ├── auth.php # Rute autentikasi Breeze + 2FA + WebAuthn +│ ├── ai.php # Endpoint AI assistant +│ ├── channels.php # Broadcast channel auth +│ └── console.php # Schedule kernel +├── storage/api-docs/ # Generated OpenAPI/Swagger spec +├── storage/logs/ # File log aplikasi ├── tests/ -│ ├── Feature/ HTTP + integration tests -│ └── Unit/ Pure logic (Formatter, Caster, Helpers, Exceptions) -├── phpstan.neon Larastan config (level 5) -├── phpstan-baseline.neon Pre-existing errors silenced -└── .github/workflows/ci.yml Test + Lint + Static Analysis pipeline +│ ├── Feature/ # HTTP + integration tests +│ └── Unit/ # Pure logic (Formatter, Caster, Helpers, Exceptions) +├── phpstan.neon # Larastan config (level 5) +├── phpstan-baseline.neon # Pre-existing errors silenced +└── .github/workflows/ci.yml # Test + Lint + Static Analysis pipeline ``` --- -## Lisensi +## 📄 Lisensi & Ketentuan Proprietary © 2026 Andika Debi Putra. Lihat header tiap file. Dirancang dengan kepatuhan terhadap **UU PDP No. 27/2022**.