feat: remove OTP gate from transactions, fix categories auth, add implementation plan

- Remove OtpGateGuard from transactions controller (OTP verified at login) - Fix categories controller to use authenticated user instead of TEMP_USER_ID - Add comprehensive implementation plan document - Update .env.example with WEB_APP_URL - Prepare for admin dashboard development
2025-10-11 14:00:11 +07:00
parent 0da6071eb3
commit 249f3a9d7d
159 changed files with 13748 additions and 3369 deletions
--- a/apps/api/prisma/migrations/20251010054217_add_custom_auth_and_otp/migration.sql
+++ b/apps/api/prisma/migrations/20251010054217_add_custom_auth_and_otp/migration.sql
@@ -0,0 +1,37 @@
+/*
+  Warnings:
+
+  - Made the column `email` on table `User` required. This step will fail if there are existing NULL values in that column.
+
+*/
+-- AlterTable
+ALTER TABLE "public"."User" ADD COLUMN     "emailVerified" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "otpEmailEnabled" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "otpTotpEnabled" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "otpTotpSecret" TEXT,
+ADD COLUMN     "passwordHash" TEXT,
+ALTER COLUMN "email" SET NOT NULL;
+
+-- AlterTable
+ALTER TABLE "public"."Wallet" ADD COLUMN     "initialAmount" DECIMAL(18,2),
+ADD COLUMN     "pricePerUnit" DECIMAL(18,2);
+
+-- CreateTable
+CREATE TABLE "public"."Category" (
+    "id" TEXT NOT NULL,
+    "userId" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "Category_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE INDEX "Category_userId_idx" ON "public"."Category"("userId");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Category_userId_name_key" ON "public"."Category"("userId", "name");
+
+-- AddForeignKey
+ALTER TABLE "public"."Category" ADD CONSTRAINT "Category_userId_fkey" FOREIGN KEY ("userId") REFERENCES "public"."User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
--- a/apps/api/prisma/migrations/20251010132022_add_phone_and_whatsapp_otp/migration.sql
+++ b/apps/api/prisma/migrations/20251010132022_add_phone_and_whatsapp_otp/migration.sql
@@ -0,0 +1,12 @@
+/*
+  Warnings:
+
+  - A unique constraint covering the columns `[phone]` on the table `User` will be added. If there are existing duplicate values, this will fail.
+
+*/
+-- AlterTable
+ALTER TABLE "public"."User" ADD COLUMN     "otpWhatsappEnabled" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "phone" TEXT;
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_phone_key" ON "public"."User"("phone");
--- a/apps/api/prisma/schema.prisma
+++ b/apps/api/prisma/schema.prisma
@@ -5,7 +5,7 @@ generator client {
 datasource db {
  provider          = "postgresql"
  url               = env("DATABASE_URL")
-  shadowDatabaseUrl = env("SHADOW_DATABASE_URL")
+  shadowDatabaseUrl = env("DATABASE_URL_SHADOW")
 }

 model User {
@@ -13,11 +13,19 @@ model User {
  createdAt       DateTime      @default(now())
  updatedAt       DateTime      @updatedAt
  status          String        @default("active")
-  email           String?       @unique
+  email           String        @unique
+  emailVerified   Boolean       @default(false)
+  passwordHash    String?
  name            String?
  avatarUrl       String?
+  phone           String?       @unique
  defaultCurrency String?
  timeZone        String?
+  // OTP/MFA fields
+  otpEmailEnabled    Boolean       @default(false)
+  otpWhatsappEnabled Boolean       @default(false)
+  otpTotpEnabled     Boolean       @default(false)
+  otpTotpSecret      String?
  authAccounts    AuthAccount[]
  categories      Category[]
  Recurrence      Recurrence[]