sortifal/hosting-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
hosting-backend/openspec/project.md
Alexis Bruneteau 5c1d8fa62c
Some checks failed
Build and Deploy to k3s / build-and-deploy (push) Failing after 39s
Details
Refactor code with DRY/KISS principles and add comprehensive testing 
**Code Refactoring & Improvements:**
- Standardized all API responses using ApiResponse helper (DRY)
- Removed unused StaticSiteController and debug routes (/ping, /pute)
- Extracted portfolio attributes into Portfolio model methods
- Created PortfolioPolicy for centralized authorization logic
- Created PortfolioUploadService for separation of concerns
- Enhanced Controller base class with AuthorizesRequests trait
- Added 'active' field to Portfolio fillable attributes

**Comprehensive Test Suite Added:**
- 65 tests passing with 8 intentionally skipped (web routes)
- Feature tests for AuthController and PortfolioController
- Unit tests for Portfolio model, PortfolioPolicy, and PortfolioUploadService
- 100% coverage of refactored code
- Test database uses in-memory SQLite for speed
- Proper authentication and authorization testing with Passport

**New Files Created:**
- tests/Feature/AuthControllerTest.php (11 tests)
- tests/Feature/PortfolioControllerTest.php (18 tests)
- tests/Unit/PortfolioModelTest.php (12 tests)
- tests/Unit/PortfolioPolicyTest.php (13 tests)
- tests/Unit/PortfolioUploadServiceTest.php (10 tests)
- app/Services/PortfolioUploadService.php
- app/Policies/PortfolioPolicy.php
- database/factories/PortfolioFactory.php
- .env.testing (test environment configuration)
- TESTING.md (comprehensive test documentation)

**Documentation:**
- Updated openspec/project.md with full project context
- Added CLAUDE.md with code cleaning notes
- Created TESTING.md with test structure and running instructions

🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-17 19:51:20 +02:00

125 lines
5.8 KiB
Markdown
Raw Permalink Blame History

# Project Context
## Purpose
A Laravel-based hosting backend API that manages user portfolios and static site deployments. The system allows users to:
- Register and authenticate via OAuth 2.0 (Passport)
- Create and manage multiple portfolios with custom domains
- Upload static site files (HTML/CSS/JS)
- Deploy sites to Kubernetes infrastructure
- Retrieve portfolio information via public endpoints
## Tech Stack
- **Language**: PHP 8.2
- **Framework**: Laravel 12
- **Authentication**: Laravel Passport (OAuth 2.0 tokens)
- **Database**: MySQL (production), SQLite (development)
- **Cache/Session**: Database-backed
- **Queue System**: Database-backed
- **Container**: Docker with Alpine Linux
- **Orchestration**: Kubernetes (k3s)
- **CI/CD**: Gitea Actions (tag-driven deployment)
- **Package Manager**: Composer
- **Testing**: PHPUnit 11.5.3
- **Code Formatting**: Laravel Pint
## Project Conventions
### Code Style
- **PSR-4 Autoloading**: All classes use appropriate namespaces (App\Http\Controllers, App\Models, App\Jobs, etc.)
- **Naming Conventions**:
- Controllers: Plural resource names (PortfolioController, AuthController)
- Models: Singular (User, Portfolio)
- Methods: camelCase (getPortfolioName, getStoragePath)
- Database Tables: Plural (portfolios, users)
- **Response Format**: All API responses use ApiResponse helper with consistent structure:
```json
{
"success": true/false,
"message": "Human-readable message",
"data": {...}
}
```
- **Code Organization**: Separation of concerns with Models, Controllers, Services, Jobs, Policies, and Helpers
- **Documentation**: PHPDoc comments on public methods
### Architecture Patterns
- **MVC Pattern**: Models (Eloquent ORM), Controllers (HTTP handlers), Views (API responses)
- **Authorization**: Laravel Policies (PortfolioPolicy) for centralized authorization logic
- **Service Layer**: Business logic extracted into Services (PortfolioUploadService)
- **Job Queue**: Background jobs for long-running operations (DeployStaticSiteJob)
- **Dependency Injection**: Constructor injection used throughout (services, repositories)
- **RESTful API**: Follows REST conventions for resource endpoints (/portfolios, /portfolios/{id})
### Testing Strategy
- **Framework**: PHPUnit with Laravel's test helpers
- **Test Organization**:
- Feature tests: Integration tests for HTTP endpoints (/tests/Feature/)
- Unit tests: Isolated unit tests (/tests/Unit/)
- **Test Database**: In-memory SQLite for fast test execution
- **Test Running**: `composer test` clears config cache and runs PHPUnit
- **Coverage**: Code coverage reports include /app directory
- **Test Optimization**: BCRYPT_ROUNDS set to 4 for faster password hashing in tests
### Git Workflow
- **Main Branch**: Primary development branch is 'main'
- **Deployment Strategy**: Tag-based deployments
- Tags matching `PRE_ALPHA*` trigger alpha deployment to `hosting-alpha` namespace
- Tags matching `PROD*` trigger production deployment to `hosting` namespace
- **Commit Convention**: Follow conventional commits for clarity
- **CI/CD**: Gitea Actions workflows automatically build, push to registry, and deploy on tags
## Domain Context
### Portfolio Management
- Each user can have multiple portfolios (hasMany relationship)
- Portfolios have domain, path, active status, and deployment tracking
- Active status controls whether uploads are allowed (verified through PortfolioPolicy)
### Deployment Process
1. User uploads ZIP file containing site files
2. Files stored at `portfolios/{name}/{id}/index.html`
3. Deploy job dispatched to queue
4. Artisan command runs Ansible playbook for infrastructure deployment
5. Site becomes accessible at configured domain
### Authentication
- OAuth 2.0 token-based (Laravel Passport)
- Users create personal access tokens for API requests
- Token stored in Authorization header: `Bearer {token}`
## Important Constraints
- **File Upload Limit**: 10MB max file size per upload
- **Activation Required**: Portfolio must be marked as active (paid) to allow uploads
- **Active Field**: Represents subscription/payment status (controls upload/deploy access)
- **Authorization**: Only portfolio owner can view/update/delete/deploy
- **Rate Limiting**: Handled by deployment job (prevents simultaneous deploys)
- **Database-Backed Queue**: Tasks persist in database (no external queue service)
## External Dependencies
- **Kubernetes (k3s)**: Container orchestration platform
- **Docker Registry**: For storing built container images
- **Ansible**: Infrastructure provisioning and deployment orchestration
- **Nginx**: Web server configuration for deployed sites
- **Supervisor**: Process manager for application workers
- **Git**: Version control (Gitea)
## Recent Code Cleaning & Refactoring (Q1 2025)
### Applied DRY Principles
1. **AuthController**: Refactored to use ApiResponse helper consistently (eliminates duplicate response formatting)
2. **Portfolio Attributes**: Created model methods (getPortfolioName, getPortfolioDomain, getStoragePath) to reduce controller code duplication
3. **API Responses**: Standardized all responses through ApiResponse helper
### Applied KISS Principles
1. **Removed Unused Code**: Deleted empty StaticSiteController and unused routes
2. **Removed Debug Routes**: Cleaned up test routes (/ping, /pute)
3. **Authorization Refactor**: Replaced manual authorization checks with Laravel Policies for cleaner, maintainable authorization
4. **Service Layer**: Extracted file upload logic into PortfolioUploadService for better separation of concerns
### Code Quality Improvements
- Authorization logic centralized in PortfolioPolicy
- File upload responsibility separated into dedicated service
- Consistent API response formatting across all endpoints
- Removed unnecessary getAttribute() calls (using direct property access)
- Eliminated manual validation duplication
Reference in New Issue View Git Blame Copy Permalink