# biiproject Aplikasi web manajemen bisnis berbasis **Laravel 13** dengan PostgreSQL, Redis, dan WebSocket real-time. [![Tests](https://img.shields.io/badge/tests-371%20passed-brightgreen)]() [![Larastan](https://img.shields.io/badge/Larastan-level%205-blue)]() [![Pint](https://img.shields.io/badge/Pint-clean-blue)]() [![License](https://img.shields.io/badge/license-Proprietary-red)]() --- ## Fitur Utama - **Dashboard Admin Real-time** — ringkasan CPU/RAM/Disk/Live Users/Queue dengan update via WebSocket (Reverb). Widget bisa disembunyikan, diurutkan ulang (drag), dan disimpan per-user. Fallback ke polling 30 detik jika Reverb tidak terhubung. - **Custom Dashboard Widgets** — 7 widget bawaan (cpu, ram, disk, live users, queues, activity feed, AI insight). Per-user layout tersimpan di `dashboard_widget_preferences`. Toggle show/hide + drag-to-reorder via SortableJS. - **Manajemen Pengguna** — role & permission granular (Spatie), soft delete + restore + force delete, bulk action - **Global Settings** — branding, keamanan, email, AI, SAP, backup, dan lainnya dalam satu panel - **Mobile Settings** — kontrol remote konfigurasi aplikasi Android/iOS - **Maintenance Mode** — offline page dengan countdown, bypass key, dan IP whitelist - **Backup & Restore** — Local, Amazon S3, atau Google Drive dengan enkripsi opsional - **System Monitoring** — log Laravel, log SAP, log mobile, background job, AI usage, health check - **Notifikasi Real-time** — WebSocket via Laravel Reverb + Notification Center. Dashboard stats di-push tiap menit via `dashboard:broadcast-stats`. - **Granular Tab Permissions** — 85 permission level tab untuk Global/Mobile Settings. `CheckTabPermission` middleware + `@cantab`/`@managetab` Blade directives. Picker role dengan UI two-panel drag-drop dan category headers. - **Session Manager** — lihat & paksa logout sesi aktif, single-session enforcement opsional - **Legal & Content** — Privacy Policy, ToS, About (WYSIWYG), kepatuhan UU PDP No. 27/2022 - **Mobile App** — React Native + Expo dengan API Sanctum, OTP, device token (push notification) - **Audit Trail** — semua perubahan tercatat via Spatie ActivityLog + Action Log - **Error Monitoring** — Sentry integration untuk production error tracking - **Passkeys (WebAuthn)** — login biometrik/FIDO2 - **Social OAuth** — Google, Facebook, GitHub (callback aman terhadap identity-overwrite) - **AI Intelligence Engine** — Integrasi OpenAI, Gemini, Claude, DeepSeek, Mistral, dll. - **Smart Search (CMD+K)** — Navigasi cerdas & AI Assistant terintegrasi - **AI Security Audit** — Skor keamanan otomatis & rekomendasi perkuatan (hardening) - **AI Error Diagnostics** — Analisis otomatis & saran perbaikan saat terjadi error sistem - **API Documentation** — Swagger/OpenAPI otomatis (l5-swagger) dengan bantuan AI --- ## Keamanan Bawaan - **Security headers**: `X-Content-Type-Options`, `X-Frame-Options`, `Referrer-Policy`, `Permissions-Policy`, `X-XSS-Protection`, dan `Strict-Transport-Security` (HTTPS) di-set otomatis oleh middleware global. - **Rate limiting**: throttle pada `/login`, `/2fa`, `/forgot-password`, `/api/v1/otp/*`, dan endpoint mobile lain. Per-IP bucket terisolasi. - **Password policy**: panjang min/max, charset wajib, expiry, dan **history reuse blocker** (Bcrypt 12 rounds). - **IP access control**: whitelist admin, blacklist global, auto-block on burst (24 jam) dengan alert Telegram. - **Data integrity**: FK constraint penuh di semua tabel audit; soft-delete cascade tested. - **Data retention otomatis**: 10 tabel/model memiliki kebijakan retensi — OTP & trusted device dipangkas saat expired, log AI & healing 90 hari, password history 365 hari, Telescope 48 jam. Dijalankan via `model:prune` + `telescope:prune` setiap dini hari. --- ## Quality Gate | Check | Status | Tool | |-------|--------|------| | Unit & feature tests | **371 / 371 ✓** | Pest 4 | | Static analysis | **clean** | Larastan level 5 (baseline) | | Code style | **clean** | Laravel Pint (PSR-12) | | Dependency audit | **0 vulns** | `composer audit` | | N+1 regression locks | **3 datatables** | Pest + Query Log | CI menjalankan keempatnya di setiap push/PR — lihat [`.github/workflows/ci.yml`](.github/workflows/ci.yml). ```bash ./vendor/bin/sail artisan test ./vendor/bin/sail bin phpstan analyse ./vendor/bin/sail bin pint --test ./vendor/bin/sail composer audit ``` --- ## Perintah Artisan Khusus Sistem ini dilengkapi dengan perintah CLI tambahan untuk memudahkan administrasi: | Perintah | Deskripsi | |----------|-----------| | `php artisan system:check` | Audit kesehatan infrastruktur (DB, Redis, Storage, AI). | | `php artisan system:optimize` | Optimasi cache & pembersihan log produksi. | | `php artisan ai:swagger {path}` | Menghasilkan anotasi Swagger otomatis menggunakan AI. | | `php artisan system:send-digest` | Mengirim ringkasan kesehatan sistem mingguan ke Admin. | | `php artisan backups:verify` | Verifikasi integritas file cadangan di cloud/lokal. | | `php artisan l5-swagger:generate` | Regenerasi dokumentasi API OpenAPI. | | `php artisan model:prune` | Pangkas data kedaluwarsa (OTP, trusted device, AI log, password history, dll). | | `php artisan telescope:prune --hours=48` | Hapus Telescope entries lebih dari 48 jam. | | `php artisan dashboard:broadcast-stats` | Broadcast statistik sistem terbaru ke channel WebSocket `admin.monitoring`. Dijadwalkan tiap menit. | --- ## Mulai Cepat (Development) ### Tanpa Docker ```bash # 1. Clone & install git clone Project && cd Project composer install npm install # 2. Environment cp .env.example .env # Edit .env: DB_HOST=127.0.0.1, REDIS_HOST=127.0.0.1 php artisan key:generate # 3. Database & seed php artisan migrate --seed # 4. Jalankan (server + vite + reverb + queue + scheduler) composer run dev ``` ### Via Docker (Laravel Sail) — Direkomendasikan ```bash ./vendor/bin/sail up -d ./vendor/bin/sail artisan migrate --seed ``` Aplikasi dapat diakses di `http://localhost:8000`. > **Penting:** Jika seeder dijalankan, selalu clear cache setelahnya agar perubahan muncul di aplikasi: > ```bash > ./vendor/bin/sail artisan cache:clear > ``` ### Menjalankan Test Suite ```bash ./vendor/bin/sail artisan test # 371 tests (full) ./vendor/bin/sail artisan test --filter Auth # filter ./vendor/bin/sail bin phpstan analyse # static analysis ./vendor/bin/sail bin pint --test # code style check ./vendor/bin/sail bin pint # code style auto-fix ``` --- ## Akun Default (setelah seed) | Role | Email | Password | |------|-------|----------| | Super Admin | superadmin@biiproject.com | password | | Admin | admin@biiproject.com | password | | User | user@biiproject.com | password | > Ganti password segera setelah deploy. Bcrypt 12 rounds + history block aktif by default. --- ## Dokumentasi | Dokumen | Untuk Siapa | Isi | |---------|-------------|-----| | [README.md](README.md) | Semua | Ringkasan & quick start (file ini) | | [USER_GUIDE.md](USER_GUIDE.md) | Admin / Operator | Cara pakai panel admin | | [TECH_STACK.md](TECH_STACK.md) | Developer | Framework, library, plugin, tooling, CI | | [DEPLOYMENT_GUIDE.md](DEPLOYMENT_GUIDE.md) | DevOps | Instalasi server produksi | | [SECURITY.md](SECURITY.md) | All | Reporting & supply-chain advisory | | [CHANGELOG.md](CHANGELOG.md) | All | Log perubahan | | [mobile/README.md](mobile/README.md) | Mobile Dev | Build & pengembangan aplikasi Android/iOS | --- ## Struktur Direktori ``` Project/ ├── app/ │ ├── Exceptions/ SystemConfig/Backup/Monitoring exception classes │ ├── Helpers/ SettingsHelper, SessionHelper, ImpersonateHelper, PasswordRuleHelper │ ├── Http/ │ │ ├── Controllers/ │ │ │ ├── AccessControl/ User, Role, Permission, ActionLog management │ │ │ ├── Admin/ Mobile settings │ │ │ ├── Api/ Sanctum-protected mobile API (v1) + Health │ │ │ ├── Auth/ Login, 2FA, Passkey (WebAuthn), Social OAuth │ │ │ ├── SystemSettings/ Global settings, monitoring, backup, maintenance │ │ │ ├── WebAuthn/ Laragear WebAuthn login/register controllers │ │ │ ├── DashboardController.php │ │ │ ├── ImpersonateController.php │ │ │ ├── LegalController.php │ │ │ └── ProfileController.php │ │ ├── Helpers/ ApiResponse │ │ └── Middleware/ SecurityHeaders, IpAccessControl, CheckActivePermission, │ │ CheckLegalAgreement, PasswordExpiry, GzipCompression │ ├── Services/ │ │ ├── Auth/ PasswordPolicyService │ │ ├── AI/ Multi-provider AI service abstraction │ │ ├── MobileConfig/ MobileConfigService (admin → mobile sync) │ │ ├── Monitoring/ SystemMonitoringService + MonitoringFormatter │ │ ├── Notification/ FCM, Telegram adapters │ │ ├── System/ BackupManagementService, MaintenanceManagementService, │ │ │ ActivityFormatter, GlobalSearchService │ │ └── SystemConfig/ SystemConfigService + SettingDefinitions + │ │ SettingValueCaster + SettingFileUploader │ └── Models/ User, Role, Permission, SystemSetting (+ Revision), │ MobileSetting, OtpCode, PasswordHistory, DeviceToken, │ DashboardWidgetPreference, ... ├── config/ Konfigurasi Laravel ├── database/ │ ├── migrations/ Skema database (40+ tabel) │ └── seeders/ RoleAndPermission, SystemSetting, MobileSetting, AdminUser ├── docker/ Konfigurasi Sail (PHP, Postgres, Redis) ├── mobile/ Aplikasi React Native (Expo SDK 54+) ├── resources/views/ Template Blade ├── routes/ │ ├── web.php Rute web (admin panel) │ ├── api.php Rute API mobile (prefix /api/v1) │ ├── auth.php Rute autentikasi Breeze + 2FA + WebAuthn │ ├── ai.php Endpoint AI assistant │ ├── channels.php Broadcast channel auth │ └── console.php Schedule kernel ├── storage/api-docs/ Generated OpenAPI/Swagger spec ├── storage/logs/ File log aplikasi ├── tests/ │ ├── Feature/ HTTP + integration tests │ └── Unit/ Pure logic (Formatter, Caster, Helpers, Exceptions) ├── phpstan.neon Larastan config (level 5) ├── phpstan-baseline.neon Pre-existing errors silenced └── .github/workflows/ci.yml Test + Lint + Static Analysis pipeline ``` --- ## Lisensi Proprietary © 2026 Andika Debi Putra. Lihat header tiap file. Dirancang dengan kepatuhan terhadap **UU PDP No. 27/2022**.