From 4129c36f9eaa1bba5ce0a993f36d50850d7edab7 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Thu, 6 Nov 2025 14:33:42 +0700
Subject: [PATCH] chore(CI): ignore and delete configurations

---
 .env.dev                        |  59 --------------
 .env.example                    |  56 -------------
 .env.lti-api                    |  58 -------------
 Dockerfile.dev => Dockerfile    |   0
 Dockerfile.local                |  20 -----
 Makefile.dev                    | 139 --------------------------------
 Makefile.local                  | 120 ---------------------------
 credential/.env.db              |   3 +
 credential/01_init_app_user.sql |  47 +++++++++++
 docker-compose.dev.yaml         |  98 ----------------------
 docker-compose.local.yml        |  75 -----------------
 docker-compose.yaml             |  65 ++++++++++-----
 scripts/entrypoint.sh           |  12 +++
 13 files changed, 105 insertions(+), 647 deletions(-)
 delete mode 100644 .env.dev
 delete mode 100644 .env.example
 delete mode 100644 .env.lti-api
 rename Dockerfile.dev => Dockerfile (100%)
 delete mode 100644 Dockerfile.local
 delete mode 100644 Makefile.dev
 delete mode 100644 Makefile.local
 create mode 100644 credential/.env.db
 create mode 100644 credential/01_init_app_user.sql
 delete mode 100644 docker-compose.dev.yaml
 delete mode 100644 docker-compose.local.yml
 create mode 100755 scripts/entrypoint.sh

diff --git a/.env.dev b/.env.dev
deleted file mode 100644
index 9294be56..00000000
--- a/.env.dev
+++ /dev/null
@@ -1,59 +0,0 @@
-# .env.lti-api (Development Server with Domain)
-# =============================================
-
-# Server configuration
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=https://dev-api-lti.mbugroup.id
-
-# Database configuration (pakai PostgreSQL milik SSO)
-DB_HOST=dev-postgres-lti
-DB_USER=app_lti_user
-DB_PASSWORD=AppLti@Secure2025!
-DB_NAME=db_lti_erp
-DB_PORT=5432
-
-# JWT configuration
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# Redis (pakai Redis milik SSO)
-REDIS_URL=redis://sso-redis:6379/0
-
-# CORS configuration
-CORS_ALLOW_ORIGINS=https://dev-api-sso.mbugroup.id,https://dev-lti.mbugroup.id,https://dev-api-lti.mbugroup.id,http://localhost:3000
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# SSO Integration (Gunakan domain backend SSO)
-SSO_ISSUER=https://dev-api-sso.mbugroup.id
-SSO_JWKS_URL=https://dev-api-sso.mbugroup.id/api/.well-known/jwks.json
-SSO_ALLOWED_AUDIENCES=
-SSO_AUTHORIZE_URL=https://dev-api-sso.mbugroup.id/api/sso/authorize
-SSO_TOKEN_URL=https://dev-api-sso.mbugroup.id/api/sso/token
-SSO_GETME_URL=https://dev-api-sso.mbugroup.id/api/auth/get-me
-
-# Cookie & session configuration
-SSO_ACCESS_COOKIE_NAME=sso_access
-SSO_REFRESH_COOKIE_NAME=sso_refresh
-SSO_COOKIE_DOMAIN=.mbugroup.id
-SSO_COOKIE_SECURE=true
-SSO_COOKIE_SAMESITE=Lax
-SSO_PKCE_TTL_SECONDS=300
-
-# SSO webhook / user sync settings
-SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS=120
-SSO_USER_SYNC_NONCE_TTL_SECONDS=600
-SSO_USER_SYNC_MAX_BODY_BYTES=32768
-
-# Client registration for SSO
-#SSO_CLIENTS={"Lumbung-Telur-Indonesia":{"public_id":"Lumbung-Telur-Indonesia","redirect_uri":"https://dev-api-lti.mbugroup.id/api/sso/callback","scope":"openid profile","default_return_uri":"https://dev-lti.mbugroup.id","allowed_return_origins":["https://dev-lti.mbugroup.id","http://localhost:3000"],"sync_secret":"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr"}}
-SSO_CLIENTS="{\"Lumbung-Telur-Indonesia\":{\"public_id\":\"Lumbung-Telur-Indonesia\",\"redirect_uri\":\"https://dev-api-lti.mbugroup.id/api/sso/callback\",\"scope\":\"openid profile\",\"default_return_uri\":\"https://dev-lti.mbugroup.id\",\"allowed_return_origins\":[\"https://dev-lti.mbugroup.id\",\"http://localhost:3000\"],\"sync_secret\":\"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr\"}}"
\ No newline at end of file
diff --git a/.env.example b/.env.example
deleted file mode 100644
index 2bee26d1..00000000
--- a/.env.example
+++ /dev/null
@@ -1,56 +0,0 @@
-# server configuration
-# Env value : prod || dev
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=http://localhost:8081
-
-# database configuration
-DB_HOST=postgresdb
-DB_USER=postgres
-DB_PASSWORD=changeme
-DB_NAME=db_lti_erp
-DB_PORT=5432
-DB_PORT_HOST=5542
-
-# JWT
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# CORS
-CORS_ALLOW_ORIGINS=changeme
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# Redis
-REDIS_URL=redis://redis:6379/0
-REDIS_PORT_HOST=6381
-
-# SSO Integration
-SSO_ISSUER=http://localhost:8080/api
-# SSO_JWKS_URL=http://localhost:8080/api/.well-known/jwks.json
-SSO_JWKS_URL=http://host.docker.internal:8080/api/.well-known/jwks.json
-SSO_ALLOWED_AUDIENCES=client:lti-api
-SSO_AUTHORIZE_URL=http://localhost:8080/sso/authorize
-SSO_TOKEN_URL=http://localhost:8080/sso/token
-SSO_GETME_URL=http://localhost:8080/api/auth/get-me
-SSO_ACCESS_COOKIE_NAME=sso_access
-SSO_REFRESH_COOKIE_NAME=sso_refresh
-SSO_COOKIE_DOMAIN=
-SSO_COOKIE_SECURE=false
-SSO_COOKIE_SAMESITE=Lax
-SSO_TOKEN_BLACKLIST_PREFIX=sso:blacklist
-SSO_PKCE_TTL_SECONDS=300
-# Security window and payload limits for SSO user sync webhook
-SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS=120
-SSO_USER_SYNC_NONCE_TTL_SECONDS=600
-SSO_USER_SYNC_MAX_BODY_BYTES=32768
-# Example JSON (single-line) of client configs (each client requires a unique sync_secret)
-SSO_CLIENTS={"LTI":{"public_id":"Lumbung-Telur-Indonesia","redirect_uri":"http://localhost:8081/api/sso/callback","scope":"openid profile","default_return_uri":"http://localhost:3000","allowed_return_origins":["http://localhost:3000"],"sync_secret":"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr"}}
diff --git a/.env.lti-api b/.env.lti-api
deleted file mode 100644
index de2305cf..00000000
--- a/.env.lti-api
+++ /dev/null
@@ -1,58 +0,0 @@
-# .env.lti-api (Development Server with Domain)
-# =============================================
-
-# Server configuration
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=https://dev-api-lti.mbugroup.id
-
-# Database configuration (pakai PostgreSQL milik SSO)
-DB_HOST=sso-postgres
-DB_USER=postgres
-DB_PASSWORD=postgres
-DB_NAME=db_lti_erp
-DB_PORT=5432
-
-# JWT configuration
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# Redis (pakai Redis milik SSO)
-REDIS_URL=redis://sso-redis:6379/0
-
-# CORS configuration
-CORS_ALLOW_ORIGINS=https://dev-api-sso.mbugroup.id,https://dev-lti.mbugroup.id,https://dev-api-lti.mbugroup.id,http://localhost:3000
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# SSO Integration (Gunakan domain backend SSO)
-SSO_ISSUER=https://dev-api-sso.mbugroup.id
-SSO_JWKS_URL=https://dev-api-sso.mbugroup.id/api/.well-known/jwks.json
-SSO_ALLOWED_AUDIENCES=
-SSO_AUTHORIZE_URL=https://dev-api-sso.mbugroup.id/api/sso/authorize
-SSO_TOKEN_URL=https://dev-api-sso.mbugroup.id/api/sso/token
-SSO_GETME_URL=https://dev-api-sso.mbugroup.id/api/auth/get-me
-
-# Cookie & session configuration
-SSO_ACCESS_COOKIE_NAME=sso_access
-SSO_REFRESH_COOKIE_NAME=sso_refresh
-SSO_COOKIE_DOMAIN=.mbugroup.id
-SSO_COOKIE_SECURE=true
-SSO_COOKIE_SAMESITE=Lax
-SSO_PKCE_TTL_SECONDS=300
-
-# SSO webhook / user sync settings
-SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS=120
-SSO_USER_SYNC_NONCE_TTL_SECONDS=600
-SSO_USER_SYNC_MAX_BODY_BYTES=32768
-
-# Client registration for SSO
-SSO_CLIENTS={"Lumbung-Telur-Indonesia":{"public_id":"Lumbung-Telur-Indonesia","redirect_uri":"https://dev-api-lti.mbugroup.id/api/sso/callback","scope":"openid profile","default_return_uri":"https://dev-lti.mbugroup.id","allowed_return_origins":["https://dev-lti.mbugroup.id","http://localhost:3000"],"sync_secret":"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr"}}
diff --git a/Dockerfile.dev b/Dockerfile
similarity index 100%
rename from Dockerfile.dev
rename to Dockerfile
diff --git a/Dockerfile.local b/Dockerfile.local
deleted file mode 100644
index 87781228..00000000
--- a/Dockerfile.local
+++ /dev/null
@@ -1,20 +0,0 @@
-FROM golang:1.23-alpine
-
-# Install dependensi dasar
-RUN apk add --no-cache git curl bash build-base
-
-# Install Air (pakai repo baru air-verse)
-RUN go install github.com/air-verse/air@v1.52.3
-
-WORKDIR /lti-api
-
-# Cache dependencies
-COPY go.mod go.sum ./
-RUN go mod download
-
-# Copy source code
-COPY . .
-
-EXPOSE 8081
-
-CMD ["air", "-c", ".air.toml"]
diff --git a/Makefile.dev b/Makefile.dev
deleted file mode 100644
index 723c8421..00000000
--- a/Makefile.dev
+++ /dev/null
@@ -1,139 +0,0 @@
-# ============================================================
-# 🧠 MAKEFILE — DEV ENVIRONMENT (SSO-MBUGROUP)
-# ============================================================
-
-# --- Load environment ---
-ifneq (,$(wildcard .env.dev))
-include .env.dev
-export
-endif
-
-# --- Configuration ---
-COMPOSE        ?= docker compose -f docker-compose.dev.yaml
-NETWORK        ?= lti-api_lti-network
-APP_CONTAINER  ?= dev-api-sso
-DB_CONTAINER   ?= dev-postgres-sso
-REDIS_CONTAINER?= dev-redis-sso
-MIGRATE_IMAGE  ?= migrate/migrate:v4.15.2
-MIGRATIONS_DIR := $(PWD)/internal/database/migrations
-
-DB_USER        ?= postgres
-DB_PASSWORD    ?= Postgres@Secure2025!
-DB_NAME        ?= db_lti_erp
-DB_PORT        ?= 5432
-DB_HOST        ?= dev-postgres-lti
-
-DB_URL := postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable
-
-# ============================================================
-# 🧱 DATABASE MIGRATION COMMANDS
-# ============================================================
-
-migrate-up:
-	@echo "🧱 Running database migrations..."
-	@docker run --rm \
-		--network $(NETWORK) \
-		-v $(MIGRATIONS_DIR):/migrations \
-		$(MIGRATE_IMAGE) \
-		-path=/migrations/ -database "$(DB_URL)" up
-
-migrate-down:
-	@echo "⬇️ Rolling back last migration..."
-	@docker run --rm \
-		--network $(NETWORK) \
-		-v $(MIGRATIONS_DIR):/migrations \
-		$(MIGRATE_IMAGE) \
-		-path=/migrations/ -database "$(DB_URL)" down 1
-
-migrate-fresh:
-	@echo "🧱 Rebuilding database from scratch..."
-	@echo "🔹 Terminating active connections..."
-	@docker exec -i $(DB_CONTAINER) psql -U $(DB_USER) -d postgres -c \
-	"SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='$(DB_NAME)' AND pid <> pg_backend_pid();" || true
-	@echo "🔹 Dropping and recreating database..."
-	@docker exec -i $(DB_CONTAINER) psql -U $(DB_USER) -d postgres -c "DROP DATABASE IF EXISTS $(DB_NAME);" || true
-	@docker exec -i $(DB_CONTAINER) psql -U $(DB_USER) -d postgres -c "CREATE DATABASE $(DB_NAME);" || true
-	@sleep 3
-	@make -f Makefile.dev migrate-up
-	@make -f Makefile.dev seed
-	@echo "✅ Fresh migration complete!"
-
-# ==========================================
-# 🧹 FIX DIRTY MIGRATION / FORCE VERSION
-# ==========================================
-
-# Pakai: make migrate-force v=20250825071938
-migrate-force:
-	@if [ -z "$(v)" ]; then \
-		echo "❌ Error: versi migrasi belum ditentukan!"; \
-		echo "Gunakan contoh: make migrate-force v=20250825071938"; \
-		exit 1; \
-	fi; \
-	echo "⚙️ Forcing migration version $(v)..."; \
-	docker run --rm \
-		-v $(PWD)/internal/database/migrations:/migrations \
-		--network $(NETWORK) \
-		$(MIGRATE_IMAGE) \
-		-path=/migrations/ -database "$(DB_URL)" force $(v); \
-	echo "✅ Migration forced to version $(v)"
-
-
-migrate-super:
-	@echo "🚀 Running migration as superuser..."
-	@docker cp internal/database/migrations/superuser_migrations.sql $(DB_CONTAINER):/tmp/superuser_migrations.sql
-	@docker exec -it $(DB_CONTAINER) psql -U $(DB_USER) -d $(DB_NAME) -f /tmp/superuser_migrations.sql
-	@echo "✅ Superuser migrations complete!"
-	
-# ============================================================
-# 🌱 SEEDER
-# ============================================================
-
-seed:
-	@echo "🌱 Running Go-based seeder..."
-	@docker run --rm \
-		--network $(NETWORK) \
-		--env-file .env.dev \
-		-v $(PWD):/app \
-		-w /app \
-		golang:1.23-alpine \
-		sh -c "apk add --no-cache git && go run cmd/seed/main.go"
-	@echo "✅ Seeder completed successfully!"
-
-# ============================================================
-# 🐳 DOCKER MANAGEMENT
-# ============================================================
-
-up:
-	@echo "🚀 Starting all containers..."
-	@$(COMPOSE) up -d
-
-down:
-	@echo "🧹 Stopping all containers..."
-	@$(COMPOSE) down --remove-orphans
-
-restart:
-	@echo "♻️ Restarting application container..."
-	@docker restart $(APP_CONTAINER)
-
-ps:
-	@$(COMPOSE) ps
-
-logs:
-	@docker logs -f $(APP_CONTAINER)
-
-psql:
-	@docker exec -it $(DB_CONTAINER) psql -U $(DB_USER) -d $(DB_NAME)
-
-# ============================================================
-# ⚙️ UTILITIES
-# ============================================================
-
-fix-db:
-	@echo "🔧 Checking if database exists..."
-	@docker exec -i $(DB_CONTAINER) psql -U $(DB_USER) -tc "SELECT 1 FROM pg_database WHERE datname='$(DB_NAME)';" | grep -q 1 \
-		&& echo "✅ Database exists: $(DB_NAME)" \
-		|| (echo "⚠️  Creating database..." && docker exec -i $(DB_CONTAINER) psql -U $(DB_USER) -c "CREATE DATABASE $(DB_NAME);")
-
-clean:
-	@echo "🧹 Removing dangling images and cache..."
-	@docker builder prune -f
\ No newline at end of file
diff --git a/Makefile.local b/Makefile.local
deleted file mode 100644
index 5533dc7f..00000000
--- a/Makefile.local
+++ /dev/null
@@ -1,120 +0,0 @@
-# --- Load .env kalau ada, dan export ke shell child ---
-ifneq (,$(wildcard .env))
-include .env
-export
-endif
-
-# --- Konfigurasi umum ---
-COMPOSE          ?= docker compose -f docker-compose.local.yml
-NETWORK          ?= lti-api_go-network
-MIGRATE_IMAGE    ?= migrate/migrate
-MIGRATIONS_DIR   := $(PWD)/internal/database/migrations
-
-# Fallback agar tetap jalan meski .env kosong
-DB_HOST          ?= postgresdb
-DB_PORT          ?= 5432
-DB_USER          ?= postgres
-DB_PASSWORD      ?= postgres
-DB_NAME          ?= db_lti_erp
-
-DB_URL           := postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable
-
-# Tunggu DB ready memakai pg_isready dari image postgres
-WAIT_DB          := docker run --rm --network $(NETWORK) postgres:alpine \
-	sh -c 'until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER) -d $(DB_NAME); do echo "waiting for postgres..."; sleep 1; done'
-
-# Default target
-.DEFAULT_GOAL := start
-
-# --- Daftar phony targets ---
-.PHONY: start build test lint gen \
-        db-up wait-db \
-        migration-% migrate-up migrate-down migrate-fresh \
-        seed \
-        docker-local docker-down docker-nuke docker-cache psql
-
-# --- Go workflow ---
-start:
-	@go run cmd/api/main.go
-
-build:
-	@go build -o tmp/app ./cmd/api
-
-test:
-	@go test ./test/...
-
-lint:
-	@golangci-lint run
-
-# --- Compose / DB helpers ---
-db-up:
-	@$(COMPOSE) up -d postgresdb
-
-wait-db:
-	@$(WAIT_DB)
-
-# --- Migration (pembuatan file) ---
-# Contoh: make migration-create_users_table
-# ":" akan diubah ke "_" (biar aman untuk nama file)
-migration-%:
-	@migrate create -ext sql -dir $(MIGRATIONS_DIR) $(subst :,_,$*)
-
-# --- Migration (apply via docker image 'migrate') ---
-migrate-up: db-up wait-db
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" up
-
-# Contoh:
-#   make migrate-down step=2   → rollback 2 step
-#   make migrate-down          → rollback semua
-
-migrate-down: db-up wait-db
-	@if [ -n "$(step)" ]; then \
-		echo "⬇️  Migrating down $(step) step(s)..."; \
-		docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-			$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" down $(step); \
-	else \
-		echo "⬇️  Migrating down ALL steps..."; \
-		docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-			$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" down -all; \
-	fi
-
-migrate-fresh: migrate-down migrate-up
-	@true
-
-# Pakai: make migrate-force v=20250917120000
-migrate-force:
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" force $(v)
-
-
-# --- Seeder ---
-seed: db-up wait-db
-	@$(COMPOSE) run --rm app go run cmd/seed/main.go
-
-# --- Docker orchestration convenience ---
-docker-local:
-	@$(COMPOSE) up --build -d
-
-docker-down:
-	@$(COMPOSE) down --remove-orphans
-
-# ⚠️ Akan menghapus container, images dan volumes.
-docker-nuke:
-	@$(COMPOSE) down --rmi all --volumes --remove-orphans
-
-docker-cache:
-	@docker builder prune -f
-
-# --- PSQL shell ke DB di container ---
-psql: db-up
-	@$(COMPOSE) exec -it postgresdb psql -U $(DB_USER) -d $(DB_NAME)
-
-# Single feature
-# example: make gen feat=product-category
-
-# Sub feature
-# make gen feat=master/area
-gen:
-	@go run tools/gen.go $(feat)
-# 	@goimports -w internal
diff --git a/credential/.env.db b/credential/.env.db
new file mode 100644
index 00000000..d2bed6b7
--- /dev/null
+++ b/credential/.env.db
@@ -0,0 +1,3 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=Postgres@Secure2025!
+POSTGRES_DB=db_lti_erp
\ No newline at end of file
diff --git a/credential/01_init_app_user.sql b/credential/01_init_app_user.sql
new file mode 100644
index 00000000..0587d4c1
--- /dev/null
+++ b/credential/01_init_app_user.sql
@@ -0,0 +1,47 @@
+-- ============================================================
+-- 🧩 INIT SCRIPT: CREATE LIMITED APP USER FOR LTI API
+-- ============================================================
+
+-- Buat user aplikasi jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'app_lti_user') THEN
+        CREATE ROLE app_lti_user WITH LOGIN PASSWORD 'AppLti@Secure2025!' NOINHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER;
+        RAISE NOTICE '✅ Role app_lti_user created successfully.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Role app_lti_user already exists.';
+    END IF;
+END
+$$;
+
+-- Buat database jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_database WHERE datname = 'db_lti_erp') THEN
+        CREATE DATABASE db_lti_erp OWNER app_lti_user;
+        RAISE NOTICE '✅ Database db_lti_erp created and owned by app_lti_user.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Database db_lti_erp already exists.';
+    END IF;
+END
+$$;
+
+\connect db_lti_erp
+
+-- Beri hak CRUD untuk app_lti_user
+GRANT CONNECT ON DATABASE db_lti_erp TO app_lti_user;
+GRANT USAGE ON SCHEMA public TO app_lti_user;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_lti_user;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_lti_user;
+
+-- Set default privileges agar tabel baru juga bisa diakses
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_lti_user;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT USAGE, SELECT ON SEQUENCES TO app_lti_user;
+
+-- Tampilkan hasil
+\du app_lti_user
diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml
deleted file mode 100644
index 161b1177..00000000
--- a/docker-compose.dev.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-services:
-  dev-api-lti:
-    build:
-      context: .
-      dockerfile: Dockerfile.dev
-    container_name: dev-api-lti
-    working_dir: /lti-api
-    command: ["/bin/sh", "credential/entrypoint.sh"]
-    ports:
-      - "8081:8081"
-    env_file:
-      - .env.dev
-    environment:
-      # override agar koneksi ke container internal
-      DB_HOST: dev-postgres-lti
-      DB_PORT: 5432
-      REDIS_URL: redis://dev-redis-lti:6379/0
-    volumes:
-      - .:/lti-api
-      - ./.air.toml:/lti-api/.air.toml:ro
-      - ./internal/config/jwtRS256.key:/run/keys/jwtRS256.key
-      - ./internal/config/jwtRS256.key.pub:/run/keys/jwtRS256.key.pub
-    depends_on:
-      - dev-postgres-lti
-      - dev-redis-lti
-    networks:
-      - lti-network
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost:8081/healthz || exit 1"]
-      interval: 10s
-      timeout: 3s
-      retries: 10
-      start_period: 10s
-    deploy:
-      resources:
-        limits:
-          cpus: "2.0"
-          memory: 2G
-        reservations:
-          cpus: "1.0"
-          memory: 512M
-
-  dev-postgres-lti:
-    image: postgres:15-alpine
-    container_name: dev-postgres-lti
-    restart: always
-    env_file:
-      - credential/.env.db
-    ports:
-      - "5433:5432"
-    volumes:
-      - dev-postgres-lti-data:/var/lib/postgresql/data
-      - ./credential:/docker-entrypoint-initdb.d:ro
-    networks:
-      - lti-network
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-db_lti_erp}"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 5s
-    deploy:
-      resources:
-        limits:
-          cpus: "1.0"
-          memory: 2G
-        reservations:
-          cpus: "0.5"
-          memory: 512M
-
-  dev-redis-lti:
-    image: redis:7-alpine
-    container_name: dev-redis-lti
-    restart: always
-    ports:
-      - "6380:6379"
-    networks:
-      - lti-network
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 3s
-      retries: 10
-    deploy:
-      resources:
-        limits:
-          cpus: "0.5"
-          memory: 512M
-        reservations:
-          cpus: "0.2"
-          memory: 256M
-
-networks:
-  lti-network:
-    driver: bridge
-
-volumes:
-  dev-postgres-lti-data:
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
deleted file mode 100644
index 64f71c70..00000000
--- a/docker-compose.local.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-services:
-  postgresdb:
-    image: postgres:alpine
-    restart: always
-    ports:
-      - "${DB_PORT_HOST:-5542}:5432"
-    environment:
-      POSTGRES_USER: ${DB_USER:-postgres}
-      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
-      POSTGRES_DB: ${DB_NAME:-db_lti_erp}
-    volumes:
-      - dbdata:/var/lib/postgresql/data
-      - ./internal/database/init:/docker-entrypoint-initdb.d
-    networks: [go-network]
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-db_lti_erp}",
-        ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
-    ports:
-      - "${REDIS_PORT_HOST:-6381}:6379"
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      interval: 5s
-      timeout: 3s
-      retries: 10
-    networks: [go-network]
-
-  app:
-    build:
-      context: .
-      dockerfile: Dockerfile.local
-    image: cosmtrek/air:v1.52.3
-    working_dir: /lti-api
-    volumes:
-      - .:/lti-api
-    command: air -c .air.toml
-    env_file:
-      - .env
-    environment:
-      DB_HOST: postgresdb
-      DB_PORT: 5432
-      DB_USER: ${DB_USER:-postgres}
-      DB_PASSWORD: ${DB_PASSWORD:-postgres}
-      DB_NAME: ${DB_NAME:-db_lti_erp}
-      REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
-    ports:
-      - "${APP_PORT:-8081}:8081"
-    depends_on:
-      postgresdb:
-        condition: service_healthy
-    networks: [go-network]
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost:8081/healthz || exit 1"]
-      interval: 10s
-      timeout: 3s
-      retries: 10
-      start_period: 10s
-
-volumes:
-  dbdata:
-  go-mod-cache:
-  go-build-cache:
-
-networks:
-  go-network:
-    name: lti-api_go-network
-    driver: bridge
diff --git a/docker-compose.yaml b/docker-compose.yaml
index d280455c..161b1177 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,30 +1,28 @@
-version: "3.9"
-
 services:
-  dev-lti-api:
-    container_name: dev-lti-api
+  dev-api-lti:
     build:
       context: .
-      dockerfile: Dockerfile.local
-    image: dev-lti-api:latest
+      dockerfile: Dockerfile.dev
+    container_name: dev-api-lti
     working_dir: /lti-api
-    command: air -c .air.toml
+    command: ["/bin/sh", "credential/entrypoint.sh"]
     ports:
       - "8081:8081"
     env_file:
-      - .env.lti-api
+      - .env.dev
     environment:
       # override agar koneksi ke container internal
-      DB_HOST: dev-lti-postgres
+      DB_HOST: dev-postgres-lti
       DB_PORT: 5432
-      REDIS_URL: redis://dev-lti-redis:6379/0
+      REDIS_URL: redis://dev-redis-lti:6379/0
     volumes:
       - .:/lti-api
+      - ./.air.toml:/lti-api/.air.toml:ro
       - ./internal/config/jwtRS256.key:/run/keys/jwtRS256.key
       - ./internal/config/jwtRS256.key.pub:/run/keys/jwtRS256.key.pub
     depends_on:
-      - dev-lti-postgres
-      - dev-lti-redis
+      - dev-postgres-lti
+      - dev-redis-lti
     networks:
       - lti-network
     healthcheck:
@@ -33,19 +31,26 @@ services:
       timeout: 3s
       retries: 10
       start_period: 10s
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 2G
+        reservations:
+          cpus: "1.0"
+          memory: 512M
 
-  dev-lti-postgres:
+  dev-postgres-lti:
     image: postgres:15-alpine
-    container_name: dev-lti-postgres
+    container_name: dev-postgres-lti
     restart: always
-    environment:
-      POSTGRES_USER: ${DB_USER:-postgres}
-      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
-      POSTGRES_DB: ${DB_NAME:-db_lti_erp}
+    env_file:
+      - credential/.env.db
     ports:
       - "5433:5432"
     volumes:
-      - dev-lti-postgres-data:/var/lib/postgresql/data
+      - dev-postgres-lti-data:/var/lib/postgresql/data
+      - ./credential:/docker-entrypoint-initdb.d:ro
     networks:
       - lti-network
     healthcheck:
@@ -54,10 +59,18 @@ services:
       timeout: 5s
       retries: 5
       start_period: 5s
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 2G
+        reservations:
+          cpus: "0.5"
+          memory: 512M
 
-  dev-lti-redis:
+  dev-redis-lti:
     image: redis:7-alpine
-    container_name: dev-lti-redis
+    container_name: dev-redis-lti
     restart: always
     ports:
       - "6380:6379"
@@ -68,10 +81,18 @@ services:
       interval: 10s
       timeout: 3s
       retries: 10
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+        reservations:
+          cpus: "0.2"
+          memory: 256M
 
 networks:
   lti-network:
     driver: bridge
 
 volumes:
-  dev-lti-postgres-data:
+  dev-postgres-lti-data:
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
new file mode 100755
index 00000000..2882dcf7
--- /dev/null
+++ b/scripts/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+echo "🔍 Waiting for PostgreSQL at $DB_HOST:$DB_PORT..."
+until nc -z "$DB_HOST" "$DB_PORT"; do
+  echo "⏳ PostgreSQL is not ready yet..."
+  sleep 2
+done
+echo "✅ PostgreSQL is ready!"
+
+echo "🏁 Starting LTI API (with Air hot reload)..."
+exec air -c .air.toml
\ No newline at end of file