Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
b2b5729
update comiit changes and adding issue.md
swandrax Apr 13, 2026
01ed49a
initial commit
ProgrammingDevelopment May 18, 2026
a37be6f
feat: implement CCTV module and optimize image payload
ProgrammingDevelopment May 18, 2026
4249348
chore: setup production and staging environments
ProgrammingDevelopment May 18, 2026
77d818a
chore: setup production and staging environments
ProgrammingDevelopment May 18, 2026
033940d
fix: revert image optimization to true to support static export
ProgrammingDevelopment May 18, 2026
18f7fbc
feat: setup vercel microservices config
ProgrammingDevelopment May 18, 2026
cac1ed8
Merge stagging into main
ProgrammingDevelopment May 18, 2026
0eb40dc
feat: integrate supabase, realtime notifications & dark mode layout
ProgrammingDevelopment May 18, 2026
2590a60
Merge branch 'stagging'
ProgrammingDevelopment May 18, 2026
b683ed8
chore: optimize supabase connection, resolve package vulnerabilities,…
ProgrammingDevelopment May 18, 2026
578f19d
chore: merge stagging changes and resolve all package audit warnings …
ProgrammingDevelopment May 18, 2026
72d9911
security: add CSP and HSTS headers to public/_headers to pass securit…
ProgrammingDevelopment May 18, 2026
ab5c881
feat: integrate supabase, RLS security, layout endpoint
ProgrammingDevelopment May 18, 2026
9d1163f
update code theme
ProgrammingDevelopment May 18, 2026
fe36edd
chore: overhaul SIAGA AI with Groq API, fix production 403 WAF blocks…
ProgrammingDevelopment May 18, 2026
28c2362
fixed security and implement featured UI layer
ProgrammingDevelopment May 19, 2026
fc901a6
feat: implement PRD Design Spec for Exceptional UX Standards
ProgrammingDevelopment May 19, 2026
173767d
fix: resolve TypeScript errors in useAuth and add jsdom types
ProgrammingDevelopment May 19, 2026
2500b46
modified services and gateway
ProgrammingDevelopment May 19, 2026
81cceb5
fix supabase auth
ProgrammingDevelopment May 19, 2026
803582f
fixed security
ProgrammingDevelopment May 21, 2026
0a5211e
feat: fix 403 Forbidden register and profile page theme alignment, an…
ProgrammingDevelopment May 22, 2026
326f668
feat(auth): support personal @gmail.com emails & add data security no…
ProgrammingDevelopment May 22, 2026
d235ad2
feat(security): apply database hardening, email validation, and PRISM…
ProgrammingDevelopment May 22, 2026
ba957e1
fix(auth,ui): resolve login submit crash and enable mobile-scaled the…
ProgrammingDevelopment May 22, 2026
477021b
fix(rt-warga): fix citizen login crash, improve hero carousel aesthet…
ProgrammingDevelopment May 22, 2026
0a95081
feat: implement multitenancy, Mbak PRISMA AI chat, feedback tracking,…
ProgrammingDevelopment May 28, 2026
a6a8077
Optimize SEO, Performance, and fix Linter warnings
ProgrammingDevelopment Jun 7, 2026
0211a45
Fix build errors related to proxy and createClient
ProgrammingDevelopment Jun 7, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .env.production.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# PRODUCTION ENVIRONMENT VARIABLES
# Copy this file to Cloudflare Pages / Vercel Environment Variables section for the Production branch (main).

NEXT_PUBLIC_APP_URL="https://prisma-rt04.pages.dev"
NEXT_PUBLIC_ENVIRONMENT="production"

# Database Configuration (Production SQLite / Supabase)
DATABASE_URL="file:./prisma_prod.db"

# API Keys & Secrets
# TELEGRAM_BOT_TOKEN="your_prod_telegram_bot_token"
# ADMIN_CHAT_ID="your_prod_admin_chat_id"
# NEXT_PUBLIC_SUPABASE_URL="your_prod_supabase_url"
# NEXT_PUBLIC_SUPABASE_ANON_KEY="your_prod_supabase_anon_key"
14 changes: 14 additions & 0 deletions .env.staging.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# STAGING ENVIRONMENT VARIABLES
# Copy this file to Cloudflare Pages / Vercel Environment Variables section for the Preview branch (staging).

NEXT_PUBLIC_APP_URL="https://staging.prisma-rt04.pages.dev"
NEXT_PUBLIC_ENVIRONMENT="staging"

# Database Configuration (Staging SQLite / Supabase)
DATABASE_URL="file:./prisma_staging.db"

# API Keys & Secrets
# TELEGRAM_BOT_TOKEN="your_staging_telegram_bot_token"
# ADMIN_CHAT_ID="your_staging_admin_chat_id"
# NEXT_PUBLIC_SUPABASE_URL="your_staging_supabase_url"
# NEXT_PUBLIC_SUPABASE_ANON_KEY="your_staging_supabase_anon_key"
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: CI/CD Pipeline - Build, Test, Security & Deploy

on:
push:
branches: [ main ]
branches: [ main, staging, stagging ]
pull_request:
branches: [ main ]
branches: [ main, staging, stagging ]

# Cancel in-progress runs for the same PR/branch
concurrency:
Expand Down Expand Up @@ -156,10 +156,10 @@ jobs:
grep -l "CSRFToken\|csrf" src/lib/security*.ts && echo "✅ CSRF tokens present" || echo "❌ Missing CSRF protection"

echo "--- Rate Limiting ---"
grep -l "rateLimit\|checkRateLimit" src/lib/security*.ts src/app/api/middleware.ts && echo "✅ Rate limiting present" || echo "❌ Missing rate limiting"
grep -l "rateLimit\|checkRateLimit" src/lib/security*.ts && echo "✅ Rate limiting present" || echo "❌ Missing rate limiting"

echo "--- Input Sanitization ---"
grep -l "sanitizeInput\|sanitizeServerInput" src/lib/security*.ts src/app/api/middleware.ts && echo "✅ Input sanitization present" || echo "❌ Missing input sanitization"
grep -l "sanitizeInput\|sanitizeServerInput" src/lib/security*.ts && echo "✅ Input sanitization present" || echo "❌ Missing input sanitization"

# ============================================
# JOB 3: Deploy to Cloudflare Pages
Expand All @@ -168,7 +168,7 @@ jobs:
runs-on: ubuntu-latest
name: 🚀 Deploy to Cloudflare Pages
needs: [build-and-test, security-audit]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/stagging')

permissions:
contents: read
Expand All @@ -189,7 +189,7 @@ jobs:
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy out/ --project-name=prisma-rt04
command: pages deploy out/ --project-name=prisma-rt04 --branch=${{ github.ref_name }}

- name: ✅ Deployment Summary
run: |
Expand Down
14 changes: 14 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,17 @@ public/lighthouse-*.json

# Bot temp files
bot-temp/

# Secure files
prompt/
docs/
keys/

# Internal prompt/documentation files (not for GitHub)
PRISMA_PROJECT_PROMPT.md
DEPLOY_CLOUDFLARE.md
TESTING_REPORT.md
CREDENTIALS.md
datasccience prisma.txt
*.txt
!public/**/*.txt
116 changes: 0 additions & 116 deletions DEPLOY_CLOUDFLARE.md

This file was deleted.

105 changes: 105 additions & 0 deletions MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
# Panduan Migrasi ke Arsitektur Multi-Tenant PRISMA Kemayoran

Dokumen ini berisi panduan lengkap untuk melakukan migrasi dari aplikasi PRISMA RT04 (Single-Tenant) ke PRISMA Kemayoran (Multi-Tenant).

---

## 1. Pre-Migration Checklist

Sebelum melakukan migrasi di environment production, pastikan Anda telah menyelesaikan hal-hal berikut:

- [ ] **Backup Database**: Lakukan full backup database Supabase Anda saat ini melalui dashboard Supabase (Database -> Backups).
- [ ] **Staging Environment**: Sangat disarankan untuk menguji proses ini di project Supabase dan Vercel khusus staging terlebih dahulu.
- [ ] **Domain & DNS**: Pastikan domain utama (`prisma-kemayoran.id`) telah terhubung dengan Vercel/Cloudflare dan Anda bisa mengatur *wildcard DNS* (`*.prisma-kemayoran.id`) mengarah ke server Vercel.
- [ ] **Informasikan Warga**: Berikan pengumuman bahwa aplikasi akan mengalami *downtime* atau pemeliharaan singkat selama proses migrasi.

---

## 2. Step-by-step Migration

Ikuti langkah-langkah berikut secara berurutan:

### Step 1: Jalankan SQL Migration
1. Buka Supabase Dashboard > SQL Editor.
2. Salin isi file `supabase/migrations/20260528000002_multitenant.sql`.
3. Jalankan *query* tersebut. Script ini akan:
- Membuat tabel `rt_units` dan `rw_admins`.
- Mengisi data awal untuk RT 04 (agar data yang sudah ada tidak hilang).
- Menambahkan kolom `rt_id` pada semua tabel jika belum ada, dan menghubungkannya dengan ID RT04.
- Mengganti seluruh *Row Level Security* (RLS) agar berbasis RT.

### Step 2: Update Environment Variables
1. Perbarui environment variables di Vercel atau `.env.local` lokal Anda.
2. Pastikan variabel berikut tersedia:
```env
NEXT_PUBLIC_DEFAULT_RT_ID="<id-rt04-dari-database>"
NEXT_PUBLIC_SITE_URL="https://prisma-kemayoran.id"
```
*(Opsional jika menggunakan setup lokal, ganti `NEXT_PUBLIC_SITE_URL` dengan `http://localhost:3000`)*

### Step 3: Deploy Kode Terbaru (Middleware)
1. Lakukan push/deploy kode terbaru yang berisi pembaruan `src/middleware.ts` ke Vercel.
2. Middleware ini bertugas mencegat (*intercept*) subdomain dan mengatur *header* tenant.

### Step 4: Setup Domain Wildcard di Vercel
1. Masuk ke dashboard proyek di Vercel > Settings > Domains.
2. Tambahkan domain: `*.prisma-kemayoran.id`.
3. Pastikan `vercel.json` dengan konfigurasi *rewrites* sudah ter-deploy.

### Step 5: Test Subdomain RT04
1. Buka `https://rt04.prisma-kemayoran.id` di browser.
2. Pastikan halaman termuat dengan benar.
3. Login sebagai pengurus dan warga RT 04.

### Step 6: Verifikasi Data Aksesibilitas
1. Periksa apakah data pengumuman, keuangan, dan surat pengajuan RT04 lama masih muncul.
2. Cobalah buat surat pengajuan baru, pastikan berhasil masuk.

### Step 7: Jalankan Isolation Test
Jika Anda memiliki akses terminal ke CI/CD atau lokal:
```bash
npm run test tests/isolation.test.ts
```
Pastikan seluruh tes untuk *Data Isolation* berwarna hijau (Lulus).

### Step 8: Pengumuman Berhasil
Beri tahu warga RT04 bahwa URL aplikasi sekarang telah berubah menjadi `rt04.prisma-kemayoran.id`.

---

## 3. Rollback Plan

Jika terjadi *critical failure* (misalnya: tidak ada user yang bisa login, data hilang dari dashboard) dalam waktu 24 jam setelah migrasi, ikuti prosedur berikut:

1. **Revert Routing Vercel**:
- Hapus aturan domain wildcard `*.prisma-kemayoran.id` dari Vercel.
- Rollback *deployment* Vercel ke versi sebelum middleware baru di-deploy (menggunakan fitur *Instant Rollback* Vercel).

2. **Revert Database RLS**:
- Buka SQL Editor di Supabase.
- Hapus policy multi-tenant dan kembalikan ke policy sederhana tanpa cek `rt_id`:
```sql
-- Contoh untuk tabel pengumuman
DROP POLICY IF EXISTS "Warga Read pengumuman" ON public.pengumuman;
CREATE POLICY "Enable read access for all users" ON public.pengumuman FOR SELECT USING (true);
-- Lakukan hal serupa untuk policy lain jika diperlukan secara darurat.
```
- (Alternatif) Cukup matikan RLS sementara untuk *recovery* darurat (SANGAT TIDAK DISARANKAN KECUALI DARURAT):
```sql
ALTER TABLE public.pengumuman DISABLE ROW LEVEL SECURITY;
```

3. **Restore Backup**:
Jika skema terlanjur rusak parah, *restore* database Supabase dari *Point in Time Recovery* (PITR) ke 1 jam sebelum proses migrasi.

---

## 4. Post-Migration Checklist

Setelah migrasi selesai dan dinilai stabil:

- [ ] Seluruh RLS policy berbasis `get_user_rt_id()` telah aktif di semua tabel.
- [ ] Isolation test passed tanpa *error*.
- [ ] Data historical RT04 dapat diakses 100%.
- [ ] Integrasi webhook Telegram bot masih merespons `chat_id` yang benar.
- [ ] PWA `manifest.json` tetap bekerja pada *start_url* subdomain.
Loading
Loading