Update .gitlab-ci.yml file

[FEAT/BE][US#159,160,161,162,163,164,255,256] : Purchase Request, Purchase Order, Sales Order, Delivery Order, Expense Submission, Expense Realization

See merge request mbugroup/lti-api!71

.env.example

@@ -1,34 +0,0 @@
-# server configuration
-# Env value : prod || dev
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=http://localhost:8081
-
-# database configuration
-DB_HOST=postgresdb
-DB_USER=postgres
-DB_PASSWORD=changeme
-DB_NAME=db_lti_erp
-DB_PORT=5432
-DB_PORT_HOST=5542
-
-# JWT
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# CORS
-CORS_ALLOW_ORIGINS=changeme
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# Redis
-REDIS_URL=redis://redis:6379/0
-REDIS_PORT_HOST=6381

.gitignore

@@ -10,8 +10,13 @@ bin/
 *.exe
 *.out
 
+Makefile
+docker-compose.local.yml
+docker-compose.yaml
+Dockerfile.local
 # Go build cache
 .gocache/
+vendor
 
 # Logs & reports
 *.log

.gitlab-ci.yml

@@ -0,0 +1,91 @@
+stages:
+  - deploy
+
+deploy-dev:
+  stage: deploy
+  image: alpine:3.20
+  variables:
+    DEPLOY_APP: "LTI-MBUGROUP"
+    # Opsional: kalau pakai submodule, ini bikin clone submodule pakai SSH juga
+    GIT_SUBMODULE_STRATEGY: recursive
+    GIT_DEPTH: "1"
+
+  before_script:
+    - echo "🧰 Installing dependencies..."
+    - apk update && apk add --no-cache openssh git curl bash
+
+    # Setup SSH di runner
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - eval "$(ssh-agent -s)"
+    - ssh-add ~/.ssh/id_rsa
+
+    # Trust host keys (server + gitlab) biar SSH gak nanya interaktif
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+    - ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
+
+  script:
+    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
+
+    - >
+      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
+        set -e
+
+        cd /home/devops/docker/deployment/development/lti-api
+
+        # Pastikan remote origin SSH (antisipasi kalau pernah ke-set HTTPS)
+        git remote set-url origin git@gitlab.com:mbugroup/lti-api.git
+
+        # Pastikan server percaya gitlab.com juga (untuk git fetch via SSH)
+        mkdir -p ~/.ssh
+        ssh-keyscan -H gitlab.com >> ~/.ssh/known_hosts
+
+        # Fetch/reset pakai SSH
+        GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git fetch origin development
+        git reset --hard origin/development
+
+        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
+      "; then
+        STATUS='success';
+      else
+        STATUS='failed';
+      fi;
+
+      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
+
+      if [ "$STATUS" = "success" ]; then
+        COLOR=3066993;
+        TITLE="✅ Deployment API Succeeded";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
+      else
+        COLOR=15158332;
+        TITLE="❌ Deployment API Failed Gaes";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
+      fi;
+
+      echo "{
+        \"username\": \"CI Bot\",
+        \"embeds\": [{
+          \"title\": \"$TITLE\",
+          \"description\": \"$DESC\",
+          \"color\": $COLOR,
+          \"fields\": [
+            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
+            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
+            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
+            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
+          ]
+        }]
+      }" > payload.json;
+
+      echo "📡 Sending notification to Discord...";
+      curl -sS -H "Content-Type: application/json" \
+        -d @payload.json "$DISCORD_WEBHOOK_URL";
+
+  only:
+    - development
+    - devops-ec2
+
+  environment:
+    name: development

Makefile

@@ -1,120 +0,0 @@
-# --- Load .env kalau ada, dan export ke shell child ---
-ifneq (,$(wildcard .env))
-include .env
-export
-endif
-
-# --- Konfigurasi umum ---
-COMPOSE          ?= docker compose -f docker-compose.local.yml
-NETWORK          ?= lti-api_go-network
-MIGRATE_IMAGE    ?= migrate/migrate
-MIGRATIONS_DIR   := $(PWD)/internal/database/migrations
-
-# Fallback agar tetap jalan meski .env kosong
-DB_HOST          ?= postgresdb
-DB_PORT          ?= 5432
-DB_USER          ?= postgres
-DB_PASSWORD      ?= postgres
-DB_NAME          ?= db_lti_erp
-
-DB_URL           := postgres://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=disable
-
-# Tunggu DB ready memakai pg_isready dari image postgres
-WAIT_DB          := docker run --rm --network $(NETWORK) postgres:alpine \
-	sh -c 'until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER) -d $(DB_NAME); do echo "waiting for postgres..."; sleep 1; done'
-
-# Default target
-.DEFAULT_GOAL := start
-
-# --- Daftar phony targets ---
-.PHONY: start build test lint gen \
-        db-up wait-db \
-        migration-% migrate-up migrate-down migrate-fresh \
-        seed \
-        docker-local docker-down docker-nuke docker-cache psql
-
-# --- Go workflow ---
-start:
-	@go run cmd/api/main.go
-
-build:
-	@go build -o tmp/app ./cmd/api
-
-test:
-	@go test ./test/...
-
-lint:
-	@golangci-lint run
-
-# --- Compose / DB helpers ---
-db-up:
-	@$(COMPOSE) up -d postgresdb
-
-wait-db:
-	@$(WAIT_DB)
-
-# --- Migration (pembuatan file) ---
-# Contoh: make migration-create_users_table
-# ":" akan diubah ke "_" (biar aman untuk nama file)
-migration-%:
-	@migrate create -ext sql -dir $(MIGRATIONS_DIR) $(subst :,_,$*)
-
-# --- Migration (apply via docker image 'migrate') ---
-migrate-up: db-up wait-db
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" up
-
-# Contoh:
-#   make migrate-down step=2   → rollback 2 step
-#   make migrate-down          → rollback semua
-
-migrate-down: db-up wait-db
-	@if [ -n "$(step)" ]; then \
-		echo "⬇️  Migrating down $(step) step(s)..."; \
-		docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-			$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" down $(step); \
-	else \
-		echo "⬇️  Migrating down ALL steps..."; \
-		docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-			$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" down -all; \
-	fi
-
-migrate-fresh: migrate-down migrate-up
-	@true
-
-# Pakai: make migrate-force v=20250917120000
-migrate-force:
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" force $(v)
-
-
-# --- Seeder ---
-seed: db-up wait-db
-	@$(COMPOSE) run --rm app go run cmd/seed/main.go
-
-# --- Docker orchestration convenience ---
-docker-local:
-	@$(COMPOSE) up --build -d
-
-docker-down:
-	@$(COMPOSE) down --remove-orphans
-
-# ⚠️ Akan menghapus container, images dan volumes.
-docker-nuke:
-	@$(COMPOSE) down --rmi all --volumes --remove-orphans
-
-docker-cache:
-	@docker builder prune -f
-
-# --- PSQL shell ke DB di container ---
-psql: db-up
-	@$(COMPOSE) exec -it postgresdb psql -U $(DB_USER) -d $(DB_NAME)
-
-# Single feature
-# example: make gen feat=product-category
-
-# Sub feature
-# make gen feat=master/area
-gen:
-	@go run tools/gen.go $(feat)
-# 	@goimports -w internal

cmd/api/main.go

@@ -9,10 +9,13 @@ import (
 	"syscall"
 	"time"
 
+	"gitlab.com/mbugroup/lti-api.git/internal/cache"
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
 	"gitlab.com/mbugroup/lti-api.git/internal/database"
 	"gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
 	"gitlab.com/mbugroup/lti-api.git/internal/route"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 
 	"github.com/gofiber/fiber/v2"
@@ -33,6 +36,7 @@ func main() {
 	defer closeDatabase(db)
 	rdb := setupRedis()
 	defer rdb.Close()
+	setupSSO(ctx, rdb)
 	setupRoutes(app, db, rdb)
 
 	address := fmt.Sprintf("%s:%d", config.AppHost, config.AppPort)
@@ -52,10 +56,47 @@ func setupRedis() *redis.Client {
 	if err := rdb.Ping(context.Background()).Err(); err != nil {
 		utils.Log.Fatalf("Redis ping failed: %v", err)
 	}
+	cache.SetRedis(rdb)
 	utils.Log.Infof("Redis connected: %s", config.RedisURL)
 	return rdb
 }
 
+func setupSSO(ctx context.Context, rdb *redis.Client) {
+	const (
+		maxAttempts = 12
+		retryDelay  = 5 * time.Second
+	)
+
+	var lastErr error
+	for attempt := 1; attempt <= maxAttempts; attempt++ {
+		if err := sso.Init(ctx, config.SSOJWKSURL, config.SSOIssuer, config.SSOAllowedAudiences); err != nil {
+			lastErr = err
+			utils.Log.WithError(err).Warnf("SSO initialization attempt %d/%d failed", attempt, maxAttempts)
+			select {
+			case <-ctx.Done():
+				utils.Log.Fatalf("SSO initialization aborted: %v", ctx.Err())
+			case <-time.After(retryDelay):
+			}
+			continue
+		}
+		lastErr = nil
+		if attempt > 1 {
+			utils.Log.Infof("SSO initialization succeeded after %d attempts", attempt)
+		}
+		break
+	}
+
+	if lastErr != nil {
+		utils.Log.Fatalf("SSO initialization failed: %v", lastErr)
+	}
+
+	if rdb != nil {
+		session.SetRevocationStore(session.NewRevocationStore(rdb, config.SSOTokenBlacklistPrefix))
+	} else {
+		session.SetRevocationStore(nil)
+	}
+}
+
 func setupFiberApp() *fiber.App {
 	app := fiber.New(config.FiberConfig())
 

credential/.env.db

@@ -0,0 +1,3 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=Postgres@Secure2025!
+POSTGRES_DB=db_lti_erp

credential/01_init_app_user.sql

@@ -0,0 +1,47 @@
+-- ============================================================
+-- 🧩 INIT SCRIPT: CREATE LIMITED APP USER FOR LTI API
+-- ============================================================
+
+-- Buat user aplikasi jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'app_lti_user') THEN
+        CREATE ROLE app_lti_user WITH LOGIN PASSWORD 'AppLti@Secure2025!' NOINHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER;
+        RAISE NOTICE '✅ Role app_lti_user created successfully.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Role app_lti_user already exists.';
+    END IF;
+END
+$$;
+
+-- Buat database jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_database WHERE datname = 'db_lti_erp') THEN
+        CREATE DATABASE db_lti_erp OWNER app_lti_user;
+        RAISE NOTICE '✅ Database db_lti_erp created and owned by app_lti_user.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Database db_lti_erp already exists.';
+    END IF;
+END
+$$;
+
+\connect db_lti_erp
+
+-- Beri hak CRUD untuk app_lti_user
+GRANT CONNECT ON DATABASE db_lti_erp TO app_lti_user;
+GRANT USAGE ON SCHEMA public TO app_lti_user;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_lti_user;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_lti_user;
+
+-- Set default privileges agar tabel baru juga bisa diakses
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_lti_user;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT USAGE, SELECT ON SEQUENCES TO app_lti_user;
+
+-- Tampilkan hasil
+\du app_lti_user

docker-compose.yaml

@@ -0,0 +1,98 @@
+services:
+  dev-api-lti:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: dev-api-lti
+    working_dir: /lti-api
+    command: ["/bin/sh", "scripts/entrypoint.sh"]
+    ports:
+      - "8081:8081"
+    env_file:
+      - .env
+    environment:
+      # override agar koneksi ke container internal
+      DB_HOST: dev-postgres-lti
+      DB_PORT: 5432
+      REDIS_URL: redis://dev-redis-lti:6379/0
+    volumes:
+      - .:/lti-api
+      - ./.air.toml:/lti-api/.air.toml:ro
+      - ./internal/config/jwtRS256.key:/run/keys/jwtRS256.key
+      - ./internal/config/jwtRS256.key.pub:/run/keys/jwtRS256.key.pub
+    depends_on:
+      - dev-postgres-lti
+      - dev-redis-lti
+    networks:
+      - lti-network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:8081/healthz || exit 1"]
+      interval: 10s
+      timeout: 3s
+      retries: 10
+      start_period: 10s
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 2G
+        reservations:
+          cpus: "1.0"
+          memory: 512M
+
+  dev-postgres-lti:
+    image: postgres:15-alpine
+    container_name: dev-postgres-lti
+    restart: always
+    env_file:
+      - credential/.env.db
+    ports:
+      - "5433:5432"
+    volumes:
+      - dev-postgres-lti-data:/var/lib/postgresql/data
+      - ./credential:/docker-entrypoint-initdb.d:ro
+    networks:
+      - lti-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-db_lti_erp}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 5s
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 2G
+        reservations:
+          cpus: "0.5"
+          memory: 512M
+
+  dev-redis-lti:
+    image: redis:7-alpine
+    container_name: dev-redis-lti
+    restart: always
+    ports:
+      - "6380:6379"
+    networks:
+      - lti-network
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 10
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+        reservations:
+          cpus: "0.2"
+          memory: 256M
+
+networks:
+  lti-network:
+    driver: bridge
+
+volumes:
+  dev-postgres-lti-data:

go.mod

@@ -3,12 +3,13 @@ module gitlab.com/mbugroup/lti-api.git
 go 1.23
 
 require (
+	github.com/MicahParks/keyfunc/v2 v2.1.0
 	github.com/bytedance/sonic v1.12.1
-	github.com/glebarez/sqlite v1.11.0
 	github.com/go-playground/validator/v10 v10.27.0
 	github.com/gofiber/contrib/jwt v1.0.10
 	github.com/gofiber/fiber/v2 v2.52.5
 	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/jackc/pgconn v1.14.1
 	github.com/redis/go-redis/v9 v9.14.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/viper v1.19.0
@@ -18,23 +19,23 @@ require (
 )
 
 require (
-	github.com/MicahParks/keyfunc/v2 v2.1.0 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
 	github.com/bytedance/sonic/loader v0.2.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
-	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
+	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
+	github.com/jackc/pgproto3/v2 v2.3.2 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
 	github.com/jackc/pgx/v5 v5.5.5 // indirect
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
@@ -50,7 +51,6 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/philhofer/fwd v1.1.2 // indirect
-	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
@@ -75,8 +75,4 @@ require (
 	golang.org/x/text v0.22.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.22.5 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.5.0 // indirect
-	modernc.org/sqlite v1.23.1 // indirect
 )

go.sum

@@ -17,24 +17,22 @@ github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
-github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
-github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
-github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
-github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
-github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -43,6 +41,7 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4=
 github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/gofiber/contrib/jwt v1.0.10 h1:/ilGepl6i0Bntl0Zcd+lAzagY8BiS1+fEiAj32HMApk=
 github.com/gofiber/contrib/jwt v1.0.10/go.mod h1:1qBENE6sZ6PPT4xIpBzx1VxeyROQO7sj48OlM1I9qdU=
 github.com/gofiber/fiber/v2 v2.52.5 h1:tWoP1MJQjGEe4GB5TUGOi7P2E0ZMMRx5ZTG4rT+yGMo=
@@ -51,18 +50,51 @@ github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17w
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
-github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
+github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
+github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
+github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
+github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
+github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
+github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
+github.com/jackc/pgconn v1.14.1 h1:smbxIaZA08n6YuxEX1sDyjV/qkbtUtkH20qLkR9MUR4=
+github.com/jackc/pgconn v1.14.1/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E=
+github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
+github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
+github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.3.2 h1:7eY55bdBeCz1F2fTzSz69QC+pG46jYq9/jtSPiJ5nn0=
+github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
 github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
 github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
+github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
+github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
+github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
+github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
+github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
+github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
 github.com/jackc/pgx/v5 v5.5.5 h1:amBjrZVmksIdNjxGW/IiIMzxMKZFelXbUoPNb+8sjQw=
 github.com/jackc/pgx/v5 v5.5.5/go.mod h1:ez9gk+OAat140fv9ErkZDYFWmXLfV+++K0uAOiwgm1A=
+github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
 github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
@@ -75,16 +107,28 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02
 github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU=
 github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
@@ -96,23 +140,28 @@ github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/philhofer/fwd v1.1.2 h1:bnDivRJ1EWPjUIRXV5KfORO897HTbpFAQddBdE8t7Gw=
 github.com/philhofer/fwd v1.1.2/go.mod h1:qkPdfjR2SIEbspLqpe1tO4n5yICnr2DY7mqEx2tUTP0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/redis/go-redis/v9 v9.14.0 h1:u4tNCjXOyzfgeLN+vAZaW1xUooqWDqVEsZN0U01jfAE=
 github.com/redis/go-redis/v9 v9.14.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
-github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
-github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
+github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
+github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
@@ -126,10 +175,15 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
 github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
@@ -150,24 +204,41 @@ github.com/valyala/fasthttp v1.55.0/go.mod h1:NkY9JtkrpPKmgwV3HTaS2HWaJss9RSIsRV
 github.com/valyala/tcplisten v1.0.0 h1:rBHj/Xf+E1tRGZyWIWwJDiRY0zc1Js+CV5DqwacVSA8=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
 golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -175,7 +246,14 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
 golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -184,28 +262,43 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
+golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -213,12 +306,4 @@ gorm.io/driver/postgres v1.5.9 h1:DkegyItji119OlcaLjqN11kHoUgZ/j13E0jkJZgD6A8=
 gorm.io/driver/postgres v1.5.9/go.mod h1:DX3GReXH+3FPWGrrgffdvCk3DQ1dwDPdmbenSkweRGI=
 gorm.io/gorm v1.25.11 h1:/Wfyg1B/je1hnDx3sMkX+gAlxrlZpn6X0BXRlwXlvHg=
 gorm.io/gorm v1.25.11/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ=
-modernc.org/libc v1.22.5 h1:91BNch/e5B0uPbJFgqbxXuOnxBQjlS//icfQEGmvyjE=
-modernc.org/libc v1.22.5/go.mod h1:jj+Z7dTNX8fBScMVNRAYZ/jF91K8fdT2hYMThc3YjBY=
-modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
-modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
-modernc.org/memory v1.5.0 h1:N+/8c5rE6EqugZwHii4IFsaJ7MUhoWX07J5tC/iI5Ds=
-modernc.org/memory v1.5.0/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
-modernc.org/sqlite v1.23.1 h1:nrSBg4aRQQwq59JpvGEQ15tNxoO5pX/kUjcRNwSAGQM=
-modernc.org/sqlite v1.23.1/go.mod h1:OrDj17Mggn6MhE+iPbBNf7RGKODDE9NFT0f3EwDzJqk=
 nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=

internal/cache/cache.go

@@ -0,0 +1,38 @@
+package cache
+
+import (
+	"errors"
+	"sync"
+
+	"github.com/redis/go-redis/v9"
+)
+
+var (
+	redisClient *redis.Client
+	mu          sync.RWMutex
+)
+
+// SetRedis assigns the global redis client used across the application.
+func SetRedis(client *redis.Client) {
+	mu.Lock()
+	defer mu.Unlock()
+	redisClient = client
+}
+
+// Redis returns the configured redis client. It may be nil if not yet initialised.
+func Redis() *redis.Client {
+	mu.RLock()
+	defer mu.RUnlock()
+	return redisClient
+}
+
+// MustRedis returns the redis client or panics if it has not been set.
+func MustRedis() *redis.Client {
+	mu.RLock()
+	client := redisClient
+	mu.RUnlock()
+	if client == nil {
+		panic(errors.New("redis client not initialised"))
+	}
+	return client
+}

internal/capabilities/capabilities.go

@@ -0,0 +1,44 @@
+package capabilities
+
+import (
+	"strings"
+
+	recordings "gitlab.com/mbugroup/lti-api.git/internal/modules/production/recordings"
+)
+
+// FromPermissions returns a filtered map of capabilities that the frontend can use
+// to toggle features. Only permissions recognized by the application are exposed.
+func FromPermissions(perms []string) map[string]bool {
+	if len(perms) == 0 {
+		return nil
+	}
+
+	out := make(map[string]bool)
+	for _, perm := range perms {
+		if key, ok := normalizeAndAllow(perm); ok {
+			out[key] = true
+		}
+	}
+	if len(out) == 0 {
+		return nil
+	}
+	return out
+}
+
+func normalizeAndAllow(perm string) (string, bool) {
+	perm = strings.ToLower(strings.TrimSpace(perm))
+	if perm == "" {
+		return "", false
+	}
+	if _, ok := allowed[perm]; !ok {
+		return "", false
+	}
+	return perm, true
+}
+
+var allowed = map[string]struct{}{
+	recordings.PermissionRecordingRead:   {},
+	recordings.PermissionRecordingCreate: {},
+	recordings.PermissionRecordingUpdate: {},
+	recordings.PermissionRecordingDelete: {},
+}

internal/common/repository/common.approval.repository..go

@@ -13,6 +13,7 @@ type ApprovalRepository interface {
 	FindByTarget(ctx context.Context, workflow string, approvableID uint, modifier func(*gorm.DB) *gorm.DB) ([]entity.Approval, error)
 	LatestByTarget(ctx context.Context, workflow string, approvableID uint, modifier func(*gorm.DB) *gorm.DB) (*entity.Approval, error)
 	LatestByTargets(ctx context.Context, workflow string, approvableIDs []uint, modifier func(*gorm.DB) *gorm.DB) (map[uint]entity.Approval, error)
+	DeleteByTarget(ctx context.Context, workflow string, approvableID uint) error
 }
 
 type approvalRepositoryImpl struct {
@@ -104,3 +105,13 @@ func (r *approvalRepositoryImpl) LatestByTargets(
 
 	return result, nil
 }
+
+func (r *approvalRepositoryImpl) DeleteByTarget(
+	ctx context.Context,
+	workflow string,
+	approvableID uint,
+) error {
+	return r.DB().WithContext(ctx).
+		Where("approvable_type = ? AND approvable_id = ?", workflow, approvableID).
+		Delete(&entity.Approval{}).Error
+}

internal/common/repository/common.base.repository.go

@@ -11,6 +11,7 @@ type BaseRepository[T any] interface {
 	GetAll(ctx context.Context, offset, limit int, modifier func(*gorm.DB) *gorm.DB) ([]T, int64, error)
 	GetByID(ctx context.Context, id uint, modifier func(*gorm.DB) *gorm.DB) (*T, error)
 	GetByIDs(ctx context.Context, ids []uint, modifier func(*gorm.DB) *gorm.DB) ([]T, error)
+	First(ctx context.Context, modifier func(*gorm.DB) *gorm.DB) (*T, error)
 
 	CreateOne(ctx context.Context, entity *T, modifier func(*gorm.DB) *gorm.DB) error
 	CreateMany(ctx context.Context, entities []*T, modifier func(*gorm.DB) *gorm.DB) error
@@ -96,6 +97,21 @@ func (r *BaseRepositoryImpl[T]) GetByIDs(
 	return entities, nil
 }
 
+func (r *BaseRepositoryImpl[T]) First(
+	ctx context.Context,
+	modifier func(*gorm.DB) *gorm.DB,
+) (*T, error) {
+	entity := new(T)
+	q := r.db.WithContext(ctx)
+	if modifier != nil {
+		q = modifier(q)
+	}
+	if err := q.First(entity).Error; err != nil {
+		return nil, err
+	}
+	return entity, nil
+}
+
 // ---- CREATE ----
 func (r *BaseRepositoryImpl[T]) CreateOne(
 	ctx context.Context,

internal/common/validation/validation.go

@@ -3,6 +3,8 @@ package validation
 import (
 	"errors"
 	"fmt"
+	"reflect"
+	"strings"
 
 	"github.com/go-playground/validator/v10"
 )
@@ -21,34 +23,41 @@ var customMessages = map[string]string{
 	"alphanum": "Field %s must contain only alphanumeric characters",
 	"oneof":    "Invalid value for field %s",
 	"password": "Field %s must be at least 8 characters, contain uppercase, lowercase, number, and special character",
+	"gt":       "Invalid %s, must be greater than %s",
 }
 
-func CustomErrorMessages(err error) map[string]string {
+func CustomErrorMessages(err error) (string, map[string]string) {
 	var validationErrors validator.ValidationErrors
 	if errors.As(err, &validationErrors) {
 		return generateErrorMessages(validationErrors)
 	}
-	return nil
+	return "", nil
 }
 
-func generateErrorMessages(validationErrors validator.ValidationErrors) map[string]string {
+func generateErrorMessages(validationErrors validator.ValidationErrors) (string, map[string]string) {
 	errorsMap := make(map[string]string)
-	for _, err := range validationErrors {
+	var firstMessage string
+	for i, err := range validationErrors {
 		fieldName := err.StructNamespace()
 		tag := err.Tag()
 
 		customMessage := customMessages[tag]
+		var msg string
 		if customMessage != "" {
-			errorsMap[fieldName] = formatErrorMessage(customMessage, err, tag)
+			msg = formatErrorMessage(customMessage, err, tag)
 		} else {
-			errorsMap[fieldName] = defaultErrorMessage(err)
+			msg = defaultErrorMessage(err)
+		}
+		errorsMap[fieldName] = msg
+		if i == 0 {
+			firstMessage = msg
 		}
 	}
-	return errorsMap
+	return firstMessage, errorsMap
 }
 
 func formatErrorMessage(customMessage string, err validator.FieldError, tag string) string {
-	if tag == "min" || tag == "max" || tag == "len" {
+	if tag == "min" || tag == "max" || tag == "len" || tag == "gt" {
 		return fmt.Sprintf(customMessage, err.Field(), err.Param())
 	}
 	return fmt.Sprintf(customMessage, err.Field())
@@ -61,6 +70,16 @@ func defaultErrorMessage(err validator.FieldError) string {
 func Validator() *validator.Validate {
 	validate := validator.New()
 
+	validate.RegisterTagNameFunc(func(fld reflect.StructField) string {
+		if jsonTag := getTagName(fld, "json"); jsonTag != "" {
+			return jsonTag
+		}
+		if queryTag := getTagName(fld, "query"); queryTag != "" {
+			return queryTag
+		}
+		return fld.Name
+	})
+
 	if err := validate.RegisterValidation("password", Password); err != nil {
 		return nil
 	}
@@ -72,3 +91,16 @@ func Validator() *validator.Validate {
 	}
 	return validate
 }
+
+func getTagName(fld reflect.StructField, tag string) string {
+	value, ok := fld.Tag.Lookup(tag)
+	if !ok || value == "-" {
+		return ""
+	}
+
+	name := strings.Split(value, ",")[0]
+	if name == "" || name == "-" {
+		return ""
+	}
+	return name
+}

internal/config/config.go

@@ -2,36 +2,69 @@ package config
 
 import (
 	"encoding/json"
+	"fmt"
 	"strings"
+	"time"
 
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 
 	"github.com/spf13/viper"
 )
 
+type SSOClientConfig struct {
+	PublicID    string `json:"public_id"`
+	RedirectURI string `json:"redirect_uri"`
+	Scope       string `json:"scope"`
+	// Prompt               string   `json:"prompt"`
+	DefaultReturnURI     string   `json:"default_return_uri"`
+	AllowedReturnOrigins []string `json:"allowed_return_origins"`
+	SyncSecret           string   `json:"sync_secret"`
+}
+
 var (
-	IsProd               bool
-	AppHost              string
-	Version              string
-	LogLevel             string
-	AppPort              int
-	DBHost               string
-	DBUser               string
-	DBPassword           string
-	DBName               string
-	DBPort               int
-	JWTSecret            string
-	JWTAccessExp         int
-	JWTRefreshExp        int
-	JWTResetPasswordExp  int
-	JWTVerifyEmailExp    int
-	RedisURL             string
-	CORSAllowOrigins     []string
-	CORSAllowMethods     []string
-	CORSAllowHeaders     []string
-	CORSExposeHeaders    []string
-	CORSAllowCredentials bool
-	CORSMaxAge           int
+	IsProd                  bool
+	AppHost                 string
+	Version                 string
+	LogLevel                string
+	AppPort                 int
+	DBHost                  string
+	DBUser                  string
+	DBPassword              string
+	DBName                  string
+	DBPort                  int
+	DBSSLMode               string
+	DBSSLRootCert           string
+	DBSSLCert               string
+	DBSSLKey                string
+	JWTSecret               string
+	JWTAccessExp            int
+	JWTRefreshExp           int
+	JWTResetPasswordExp     int
+	JWTVerifyEmailExp       int
+	RedisURL                string
+	CORSAllowOrigins        []string
+	CORSAllowMethods        []string
+	CORSAllowHeaders        []string
+	CORSExposeHeaders       []string
+	CORSAllowCredentials    bool
+	CORSMaxAge              int
+	SSOIssuer               string
+	SSOJWKSURL              string
+	SSOAllowedAudiences     []string
+	SSOAuthorizeURL         string
+	SSOTokenURL             string
+	SSOGetMeURL             string
+	SSOClients              map[string]SSOClientConfig
+	SSOAccessCookieName     string
+	SSORefreshCookieName    string
+	SSOCookieDomain         string
+	SSOCookieSecure         bool
+	SSOCookieSameSite       string
+	SSOTokenBlacklistPrefix string
+	SSOPKCETTL              time.Duration
+	SSOUserSyncDrift        time.Duration
+	SSOUserSyncNonceTTL     time.Duration
+	SSOUserSyncMaxBodyBytes int
 )
 
 func init() {
@@ -50,6 +83,10 @@ func init() {
 	DBPassword = viper.GetString("DB_PASSWORD")
 	DBName = viper.GetString("DB_NAME")
 	DBPort = viper.GetInt("DB_PORT")
+	DBSSLMode = defaultString(viper.GetString("DB_SSLMODE"), "disable")
+	DBSSLRootCert = strings.TrimSpace(viper.GetString("DB_SSLROOTCERT"))
+	DBSSLCert = strings.TrimSpace(viper.GetString("DB_SSLCERT"))
+	DBSSLKey = strings.TrimSpace(viper.GetString("DB_SSLKEY"))
 
 	// jwt configuration
 	JWTSecret = viper.GetString("JWT_SECRET")
@@ -68,6 +105,44 @@ func init() {
 
 	// Redis
 	RedisURL = viper.GetString("REDIS_URL")
+
+	// SSO integration
+	SSOIssuer = viper.GetString("SSO_ISSUER")
+	SSOJWKSURL = viper.GetString("SSO_JWKS_URL")
+	SSOAllowedAudiences = parseList("SSO_ALLOWED_AUDIENCES")
+	SSOAuthorizeURL = viper.GetString("SSO_AUTHORIZE_URL")
+	SSOTokenURL = viper.GetString("SSO_TOKEN_URL")
+	SSOGetMeURL = viper.GetString("SSO_GETME_URL")
+	SSOAccessCookieName = defaultString(viper.GetString("SSO_ACCESS_COOKIE_NAME"), "sso_access")
+	SSORefreshCookieName = defaultString(viper.GetString("SSO_REFRESH_COOKIE_NAME"), "sso_refresh")
+	SSOCookieDomain = viper.GetString("SSO_COOKIE_DOMAIN")
+	SSOCookieSecure = viper.GetBool("SSO_COOKIE_SECURE")
+	SSOCookieSameSite = defaultString(viper.GetString("SSO_COOKIE_SAMESITE"), "Lax")
+	SSOTokenBlacklistPrefix = defaultString(viper.GetString("SSO_TOKEN_BLACKLIST_PREFIX"), "sso:blacklist")
+	if ttl := viper.GetInt("SSO_PKCE_TTL_SECONDS"); ttl > 0 {
+		SSOPKCETTL = time.Duration(ttl) * time.Second
+	} else {
+		SSOPKCETTL = 5 * time.Minute
+	}
+	SSOClients = loadSSOClients("SSO_CLIENTS")
+	if drift := viper.GetInt("SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS"); drift > 0 {
+		SSOUserSyncDrift = time.Duration(drift) * time.Second
+	} else {
+		SSOUserSyncDrift = 2 * time.Minute
+	}
+	if ttl := viper.GetInt("SSO_USER_SYNC_NONCE_TTL_SECONDS"); ttl > 0 {
+		SSOUserSyncNonceTTL = time.Duration(ttl) * time.Second
+	} else {
+		SSOUserSyncNonceTTL = 10 * time.Minute
+	}
+	SSOUserSyncMaxBodyBytes = viper.GetInt("SSO_USER_SYNC_MAX_BODY_BYTES")
+	if SSOUserSyncMaxBodyBytes <= 0 {
+		SSOUserSyncMaxBodyBytes = 32 * 1024
+	}
+
+	if IsProd {
+		ensureProdConfig()
+	}
 }
 
 func loadConfig() {
@@ -117,3 +192,70 @@ func parseListWithDefault(key, def string) []string {
 	}
 	return parts
 }
+
+func loadSSOClients(key string) map[string]SSOClientConfig {
+	clients := make(map[string]SSOClientConfig)
+	raw := strings.TrimSpace(viper.GetString(key))
+	if raw == "" {
+		return clients
+	}
+	if err := json.Unmarshal([]byte(raw), &clients); err != nil {
+		utils.Log.Errorf("Failed to parse %s: %v", key, err)
+		return make(map[string]SSOClientConfig)
+	}
+	result := make(map[string]SSOClientConfig, len(clients))
+	for alias, cfg := range clients {
+		alias = strings.ToLower(strings.TrimSpace(alias))
+		for i, origin := range cfg.AllowedReturnOrigins {
+			cfg.AllowedReturnOrigins[i] = strings.TrimSpace(origin)
+		}
+		cfg.SyncSecret = strings.TrimSpace(cfg.SyncSecret)
+		result[alias] = cfg
+	}
+	return result
+}
+
+func defaultString(v, def string) string {
+	if strings.TrimSpace(v) == "" {
+		return def
+	}
+	return v
+}
+
+func ensureProdConfig() {
+	if SSOAuthorizeURL == "" || !strings.HasPrefix(SSOAuthorizeURL, "https://") {
+		panic("SSO_AUTHORIZE_URL must be https in production")
+	}
+	if SSOTokenURL == "" || !strings.HasPrefix(SSOTokenURL, "https://") {
+		panic("SSO_TOKEN_URL must be https in production")
+	}
+	if SSOGetMeURL == "" || !strings.HasPrefix(SSOGetMeURL, "https://") {
+		panic("SSO_GETME_URL must be https in production")
+	}
+	if !SSOCookieSecure {
+		panic("SSO_COOKIE_SECURE must be true in production")
+	}
+	if SSOCookieDomain == "" {
+		panic("SSO_COOKIE_DOMAIN must be configured in production")
+	}
+	if len(SSOAllowedAudiences) == 0 {
+		panic("SSO_ALLOWED_AUDIENCES must contain at least one audience in production")
+	}
+	for alias, cfg := range SSOClients {
+		if strings.TrimSpace(cfg.SyncSecret) == "" {
+			panic(fmt.Sprintf("SSO_CLIENTS[%s].sync_secret must be configured in production", alias))
+		}
+		if len(cfg.SyncSecret) < 16 {
+			panic(fmt.Sprintf("SSO_CLIENTS[%s].sync_secret must be at least 16 characters", alias))
+		}
+	}
+	if SSOUserSyncDrift <= 0 {
+		panic("SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS must be greater than zero in production")
+	}
+	if SSOUserSyncNonceTTL <= 0 {
+		panic("SSO_USER_SYNC_NONCE_TTL_SECONDS must be greater than zero in production")
+	}
+	if SSOUserSyncMaxBodyBytes <= 0 {
+		panic("SSO_USER_SYNC_MAX_BODY_BYTES must be greater than zero in production")
+	}
+}

internal/database/database.go

@@ -2,6 +2,7 @@ package database
 
 import (
 	"fmt"
+	"strings"
 	"time"
 
 	"gitlab.com/mbugroup/lti-api.git/internal/config"
@@ -13,10 +14,25 @@ import (
 )
 
 func Connect(dbHost, dbName string) *gorm.DB {
-	dsn := fmt.Sprintf(
-		"host=%s user=%s password=%s dbname=%s port=%d sslmode=disable TimeZone=Asia/Shanghai",
-		dbHost, config.DBUser, config.DBPassword, dbName, config.DBPort,
-	)
+	parts := []string{
+		fmt.Sprintf("host=%s", dbHost),
+		fmt.Sprintf("user=%s", config.DBUser),
+		fmt.Sprintf("password=%s", config.DBPassword),
+		fmt.Sprintf("dbname=%s", dbName),
+		fmt.Sprintf("port=%d", config.DBPort),
+		fmt.Sprintf("sslmode=%s", config.DBSSLMode),
+		"TimeZone=Asia/Shanghai",
+	}
+	if config.DBSSLRootCert != "" {
+		parts = append(parts, fmt.Sprintf("sslrootcert=%s", config.DBSSLRootCert))
+	}
+	if config.DBSSLCert != "" {
+		parts = append(parts, fmt.Sprintf("sslcert=%s", config.DBSSLCert))
+	}
+	if config.DBSSLKey != "" {
+		parts = append(parts, fmt.Sprintf("sslkey=%s", config.DBSSLKey))
+	}
+	dsn := strings.Join(parts, " ")
 
 	db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{
 		Logger:                 logger.Default.LogMode(logger.Info),

internal/database/migrations/20250925040409_create_master_tables.up.sql

@@ -9,13 +9,9 @@ CREATE TABLE users (
     deleted_at TIMESTAMPTZ
 );
 
-CREATE UNIQUE INDEX users_id_user_unique ON users (id_user)
-WHERE
-    deleted_at IS NULL;
+CREATE UNIQUE INDEX users_id_user_unique ON users (id_user) WHERE deleted_at IS NULL;
 
-CREATE UNIQUE INDEX users_email_unique ON users (email)
-WHERE
-    deleted_at IS NULL;
+CREATE UNIQUE INDEX users_email_unique ON users (email) WHERE deleted_at IS NULL;
 
 -- FLAGS
 CREATE TABLE flags (

internal/database/migrations/20251007091700_add_unique_constraint_users_id_user.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users
+    DROP CONSTRAINT IF EXISTS users_id_user_key;

internal/database/migrations/20251007091700_add_unique_constraint_users_id_user.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE users
+    ADD CONSTRAINT users_id_user_key UNIQUE (id_user);

internal/database/migrations/20251104084540_purchase-items.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS purchase_items;

internal/database/migrations/20251104084540_purchase-items.up.sql

@@ -0,0 +1,54 @@
+CREATE TABLE IF NOT EXISTS purchase_items (
+    id BIGSERIAL PRIMARY KEY,
+    purchase_id BIGINT NOT NULL,
+    product_id BIGINT NOT NULL,
+    warehouse_id BIGINT NOT NULL,
+    product_warehouse_id BIGINT,
+    received_date TIMESTAMPTZ,
+    travel_number VARCHAR,
+    travel_number_docs VARCHAR,
+    vehicle_number VARCHAR,
+    sub_qty NUMERIC(15, 3) NOT NULL,
+    total_qty NUMERIC(15, 3) NOT NULL DEFAULT 0,
+    total_used NUMERIC(15, 3) NOT NULL DEFAULT 0,
+    price NUMERIC(15, 3) NOT NULL DEFAULT 0,
+    total_price NUMERIC(15, 3) NOT NULL DEFAULT 0,
+    CONSTRAINT uq_purchase_items_purchase_product_warehouse
+        UNIQUE (purchase_id, product_id, warehouse_id)
+);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'products') THEN
+        EXECUTE
+        'ALTER TABLE purchase_items
+         ADD CONSTRAINT fk_purchase_items_product
+         FOREIGN KEY (product_id)
+         REFERENCES products(id)
+         ON DELETE RESTRICT ON UPDATE CASCADE';
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'warehouses') THEN
+        EXECUTE
+        'ALTER TABLE purchase_items
+         ADD CONSTRAINT fk_purchase_items_warehouse
+         FOREIGN KEY (warehouse_id)
+         REFERENCES warehouses(id)
+         ON DELETE RESTRICT ON UPDATE CASCADE';
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'product_warehouses') THEN
+        EXECUTE
+        'ALTER TABLE purchase_items
+         ADD CONSTRAINT fk_purchase_items_product_warehouse
+         FOREIGN KEY (product_warehouse_id)
+         REFERENCES product_warehouses(id)
+         ON DELETE SET NULL ON UPDATE CASCADE';
+    END IF;
+
+END $$;
+
+CREATE INDEX IF NOT EXISTS idx_purchase_items_product_id ON purchase_items (product_id);
+CREATE INDEX IF NOT EXISTS idx_purchase_items_warehouse_id ON purchase_items (warehouse_id);
+CREATE INDEX IF NOT EXISTS idx_purchase_items_product_warehouse_id ON purchase_items (product_warehouse_id);
+CREATE INDEX IF NOT EXISTS idx_purchase_items_purchase_id ON purchase_items (purchase_id);

internal/database/migrations/20251104084555_purchases.down.sql

@@ -0,0 +1,14 @@
+DO $$
+BEGIN
+    IF EXISTS (
+        SELECT 1
+        FROM pg_constraint
+        WHERE conname = 'fk_purchase_items_purchase'
+            AND conrelid = 'purchase_items'::regclass
+    ) THEN
+        ALTER TABLE purchase_items
+            DROP CONSTRAINT fk_purchase_items_purchase;
+    END IF;
+END $$;
+
+DROP TABLE IF EXISTS purchases;

internal/database/migrations/20251104084555_purchases.up.sql

@@ -0,0 +1,58 @@
+CREATE TABLE IF NOT EXISTS purchases (
+    id BIGSERIAL PRIMARY KEY,
+    pr_number VARCHAR NOT NULL,
+    po_number VARCHAR NULL,
+    po_date TIMESTAMPTZ NULL,
+    supplier_id BIGINT NOT NULL,
+    credit_term INT NOT NULL,
+    due_date TIMESTAMPTZ,
+    grand_total NUMERIC(15, 3) NOT NULL,
+    notes TEXT,
+    created_at TIMESTAMPTZ NOT NULL,
+    updated_at TIMESTAMPTZ NOT NULL,
+    deleted_at TIMESTAMPTZ,
+    created_by BIGINT NOT NULL,
+    CONSTRAINT uq_purchases_pr_number UNIQUE (pr_number),
+    CONSTRAINT uq_purchases_po_number UNIQUE (po_number)
+);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'suppliers') THEN
+        EXECUTE
+        'ALTER TABLE purchases
+         ADD CONSTRAINT fk_purchases_supplier
+         FOREIGN KEY (supplier_id)
+         REFERENCES suppliers(id)
+         ON DELETE RESTRICT ON UPDATE CASCADE';
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'users') THEN
+        EXECUTE
+        'ALTER TABLE purchases
+         ADD CONSTRAINT fk_purchases_created_by
+         FOREIGN KEY (created_by)
+         REFERENCES users(id)
+         ON DELETE RESTRICT ON UPDATE CASCADE';
+    END IF;
+
+    IF EXISTS (
+        SELECT 1 FROM pg_tables WHERE tablename = 'purchase_items'
+    ) AND NOT EXISTS (
+        SELECT 1
+        FROM pg_constraint
+        WHERE conname = 'fk_purchase_items_purchase'
+    ) THEN
+        EXECUTE
+        'ALTER TABLE purchase_items
+         ADD CONSTRAINT fk_purchase_items_purchase
+         FOREIGN KEY (purchase_id)
+         REFERENCES purchases(id)
+         ON DELETE CASCADE ON UPDATE CASCADE';
+    END IF;
+END $$;
+
+CREATE INDEX IF NOT EXISTS idx_purchases_supplier_id ON purchases (supplier_id);
+CREATE INDEX IF NOT EXISTS idx_purchases_created_by ON purchases (created_by);
+CREATE INDEX IF NOT EXISTS idx_purchases_po_date ON purchases (po_date);
+CREATE INDEX IF NOT EXISTS idx_purchases_deleted_at ON purchases (deleted_at);

internal/database/migrations/20251107013921_create_marketings.down.sql

@@ -0,0 +1,5 @@
+DROP TABLE IF EXISTS marketing_delivery_products CASCADE;
+
+DROP TABLE IF EXISTS marketing_products CASCADE;
+
+DROP TABLE IF EXISTS marketings CASCADE;

internal/database/migrations/20251107013921_create_marketings.up.sql

@@ -0,0 +1,44 @@
+CREATE TABLE marketings (
+    id BIGSERIAL PRIMARY KEY,
+    so_number VARCHAR(255) UNIQUE NOT NULL,
+    customer_id BIGINT NOT NULL,
+    so_docs VARCHAR(20),
+    so_date DATE NOT NULL,
+    sales_person_id BIGINT NOT NULL,
+    notes TEXT,
+    created_by BIGINT NOT NULL,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    deleted_at TIMESTAMPTZ
+);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'customers') THEN
+        ALTER TABLE marketings
+            ADD CONSTRAINT fk_marketings_customer_id 
+            FOREIGN KEY (customer_id) REFERENCES customers(id) ON DELETE RESTRICT;
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'users') THEN
+        ALTER TABLE marketings
+            ADD CONSTRAINT fk_marketings_sales_person_id 
+            FOREIGN KEY (sales_person_id) REFERENCES users(id) ON DELETE RESTRICT;
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'users') THEN
+        ALTER TABLE marketings
+            ADD CONSTRAINT fk_marketings_created_by 
+            FOREIGN KEY (created_by) REFERENCES users(id) ON DELETE RESTRICT;
+    END IF;
+END $$;
+
+CREATE INDEX idx_marketings_customer_id ON marketings (customer_id);
+
+CREATE INDEX idx_marketings_sales_person_id ON marketings (sales_person_id);
+
+CREATE INDEX idx_marketings_created_by ON marketings (created_by);
+
+CREATE INDEX idx_marketings_so_date ON marketings (so_date);
+
+CREATE INDEX idx_marketings_deleted_at ON marketings (deleted_at);

internal/database/migrations/20251107015122_create_marketing_products.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS marketing_products CASCADE;

internal/database/migrations/20251107015122_create_marketing_products.up.sql

@@ -0,0 +1,34 @@
+CREATE TABLE marketing_products (
+    id BIGSERIAL PRIMARY KEY,
+    marketing_id BIGINT NOT NULL,
+    product_warehouse_id BIGINT NOT NULL,
+    qty NUMERIC(15, 3) NOT NULL,
+    unit_price NUMERIC(15, 3) NOT NULL,
+    avg_weight NUMERIC(15, 3) NOT NULL,
+    total_weight NUMERIC(15, 3) NOT NULL,
+    total_price NUMERIC(15, 3) NOT NULL,
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    deleted_at TIMESTAMPTZ
+);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'marketings') THEN
+        ALTER TABLE marketing_products
+            ADD CONSTRAINT fk_marketing_products_marketing_id 
+            FOREIGN KEY (marketing_id) REFERENCES marketings(id) ON DELETE CASCADE;
+    END IF;
+
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'product_warehouses') THEN
+        ALTER TABLE marketing_products
+            ADD CONSTRAINT fk_marketing_products_product_warehouse_id 
+            FOREIGN KEY (product_warehouse_id) REFERENCES product_warehouses(id) ON DELETE RESTRICT;
+    END IF;
+END $$;
+
+CREATE INDEX idx_marketing_products_marketing_id ON marketing_products (marketing_id);
+
+CREATE INDEX idx_marketing_products_product_warehouse_id ON marketing_products (product_warehouse_id);
+
+CREATE INDEX idx_marketing_products_deleted_at ON marketing_products (deleted_at);

internal/database/migrations/20251107015128_create_marketing_product_deliveries.down.sql

@@ -0,0 +1,2 @@
+
+DROP TABLE IF EXISTS marketing_delivery_products CASCADE;

internal/database/migrations/20251107015128_create_marketing_product_deliveries.up.sql

@@ -0,0 +1,29 @@
+CREATE TABLE marketing_delivery_products (
+    id BIGSERIAL PRIMARY KEY,
+    marketing_product_id BIGINT UNIQUE NOT NULL,
+    qty NUMERIC(15, 3) NOT NULL,
+    unit_price NUMERIC(15, 3) NOT NULL,
+    total_weight NUMERIC(15, 3) NOT NULL,
+    avg_weight NUMERIC(15, 3) NOT NULL,
+    total_price NUMERIC(15, 3) NOT NULL,
+    delivery_date DATE,
+    vehicle_number VARCHAR(50),
+    created_at TIMESTAMPTZ DEFAULT NOW(),
+    updated_at TIMESTAMPTZ DEFAULT NOW(),
+    deleted_at TIMESTAMPTZ
+);
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'marketing_products') THEN
+        ALTER TABLE marketing_delivery_products
+            ADD CONSTRAINT fk_marketing_delivery_products_marketing_product_id 
+            FOREIGN KEY (marketing_product_id) REFERENCES marketing_products(id) ON DELETE CASCADE;
+    END IF;
+END $$;
+
+CREATE INDEX idx_marketing_delivery_products_marketing_product_id ON marketing_delivery_products (marketing_product_id);
+
+CREATE INDEX idx_marketing_delivery_products_delivery_date ON marketing_delivery_products (delivery_date);
+
+CREATE INDEX idx_marketing_delivery_products_deleted_at ON marketing_delivery_products (deleted_at);

internal/database/migrations/20251114084320_update_kandang_capacity.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE kandangs
+    DROP COLUMN IF EXISTS capacity;

internal/database/migrations/20251114084320_update_kandang_capacity.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE kandangs
+    ADD COLUMN capacity NUMERIC(15,3) NOT NULL;

internal/database/migrations/20251117034511_create_expenses_table.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS expenses;

internal/database/migrations/20251117034511_create_expenses_table.up.sql

@@ -0,0 +1,50 @@
+CREATE TABLE expenses (
+    id BIGSERIAL PRIMARY KEY,
+    reference_number VARCHAR(50) UNIQUE NOT NULL,
+    supplier_id BIGINT NULL,
+    category VARCHAR(50) NOT NULL CHECK (
+        category IN ('BOP', 'NON-BOP')
+    ),
+    po_number VARCHAR(50) NULL,
+    document_path JSON,
+    realization_document_path JSON,
+    expense_date DATE NOT NULL,
+    realization_date DATE,
+    grand_total NUMERIC(15, 3) DEFAULT 0,
+    note TEXT,
+    created_by BIGINT,
+    created_at TIMESTAMPTZ DEFAULT now(),
+    updated_at TIMESTAMPTZ DEFAULT now(),
+    deleted_at TIMESTAMPTZ
+);
+
+CREATE SEQUENCE expenses_ref_seq INCREMENT BY 1 START WITH 1;
+
+-- Tambahkan Foreign Key ke suppliers
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'suppliers') THEN
+        ALTER TABLE expenses
+            ADD CONSTRAINT fk_expenses_supplier_id 
+            FOREIGN KEY (supplier_id) REFERENCES suppliers(id);
+
+END IF;
+
+END $$;
+
+-- Tambahkan Foreign Key ke users (created_by)
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'users') THEN
+        ALTER TABLE expenses
+            ADD CONSTRAINT fk_expenses_created_by
+            FOREIGN KEY (created_by) REFERENCES users(id);
+    END IF;
+END $$;
+
+-- Index
+CREATE INDEX idx_expenses_supplier_id ON expenses (supplier_id);
+
+CREATE INDEX idx_expenses_expense_date ON expenses (expense_date);
+
+CREATE INDEX idx_expenses_deleted_at ON expenses (deleted_at);

internal/database/migrations/20251117034529_create_expense_nonstocks_table.down.sql

@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS expense_nonstocks;
+
+DROP SEQUENCE expenses_ref_seq;

internal/database/migrations/20251117034529_create_expense_nonstocks_table.up.sql

@@ -0,0 +1,56 @@
+CREATE TABLE expense_nonstocks (
+    id BIGSERIAL PRIMARY KEY,
+    expense_id BIGINT NOT NULL,
+    project_flock_kandang_id BIGINT NULL,
+    kandang_id BIGINT NULL,
+    nonstock_id BIGINT,
+    qty NUMERIC(15, 3) NOT NULL,
+    unit_price NUMERIC(15, 3) NOT NULL,
+    total_price NUMERIC(15, 3) NOT NULL,
+    note TEXT NULL
+);
+
+-- Tambahkan Foreign Key ke expenses
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'expenses') THEN
+        ALTER TABLE expense_nonstocks
+            ADD CONSTRAINT fk_expense_nonstocks_expense_id 
+            FOREIGN KEY (expense_id) REFERENCES expenses(id);
+    END IF;
+END $$;
+
+-- Tambahkan Foreign Key ke project_flock_kandangs
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'project_flock_kandangs') THEN
+        ALTER TABLE expense_nonstocks
+            ADD CONSTRAINT fk_expense_nonstocks_kandang_id 
+            FOREIGN KEY (project_flock_kandang_id) REFERENCES project_flock_kandangs(id);
+    END IF;
+END $$;
+
+-- Tambahkan Foreign key ke kandang_id
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'kandangs') THEN
+        ALTER TABLE expense_nonstocks
+            ADD CONSTRAINT fk_expense_nonstocks_kandang_id_2 
+            FOREIGN KEY (kandang_id) REFERENCES kandangs(id);
+    END IF;
+END $$;
+
+-- Tambahkan Foreign Key ke nonstocks
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'nonstocks') THEN
+        ALTER TABLE expense_nonstocks
+            ADD CONSTRAINT fk_expense_nonstocks_nonstock_id 
+            FOREIGN KEY (nonstock_id) REFERENCES nonstocks(id);
+    END IF;
+END $$;
+
+-- Index
+CREATE INDEX idx_expense_nonstocks_expense_id ON expense_nonstocks (expense_id);
+
+CREATE INDEX idx_expense_nonstocks_nonstock_id ON expense_nonstocks (nonstock_id);

internal/database/migrations/20251117034538_create_expense_realizations_table.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS expense_realizations;

internal/database/migrations/20251117034538_create_expense_realizations_table.up.sql

@@ -0,0 +1,35 @@
+CREATE TABLE expense_realizations (
+    id BIGSERIAL PRIMARY KEY,
+    expense_nonstock_id BIGINT UNIQUE,
+    realization_qty NUMERIC(15, 3) NOT NULL,
+    realization_unit_price NUMERIC(15, 3) NOT NULL,
+    realization_total_price NUMERIC(15, 3) NOT NULL,
+    realization_date DATE NOT NULL,
+    note TEXT,
+    created_by BIGINT
+);
+
+-- Tambahkan Foreign Key ke expense_nonstocks
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'expense_nonstocks') THEN
+        ALTER TABLE expense_realizations
+            ADD CONSTRAINT fk_expense_realizations_nonstock_id 
+            FOREIGN KEY (expense_nonstock_id) REFERENCES expense_nonstocks(id);
+    END IF;
+END $$;
+
+-- Tambahkan Foreign Key ke users (created_by)
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_tables WHERE tablename = 'users') THEN
+        ALTER TABLE expense_realizations
+            ADD CONSTRAINT fk_expense_realizations_created_by
+            FOREIGN KEY (created_by) REFERENCES users(id);
+    END IF;
+END $$;
+
+-- Index
+CREATE INDEX idx_expense_realizations_nonstock_id ON expense_realizations (expense_nonstock_id);
+
+CREATE INDEX idx_expense_realizations_date ON expense_realizations (realization_date);

internal/database/migrations/20251117092514_adjustment_projectflock_period.down.sql

@@ -0,0 +1,16 @@
+BEGIN;
+
+ALTER TABLE project_flock_kandangs
+    DROP COLUMN IF EXISTS period;
+
+ALTER TABLE project_flocks
+    ADD COLUMN IF NOT EXISTS period INT NOT NULL DEFAULT 0;
+
+CREATE UNIQUE INDEX IF NOT EXISTS project_flocks_base_period_unique
+    ON project_flocks (
+        LOWER(TRIM(regexp_replace(flock_name, '\\s+\\d+(\\s+\\d+)*$', '', 'g'))),
+        period
+    )
+    WHERE deleted_at IS NULL;
+
+COMMIT;

internal/database/migrations/20251117092514_adjustment_projectflock_period.up.sql

@@ -0,0 +1,29 @@
+BEGIN;
+
+ALTER TABLE project_flock_kandangs
+    ADD COLUMN IF NOT EXISTS period INT;
+
+UPDATE project_flock_kandangs pfk
+SET period = pf.period
+FROM project_flocks pf
+WHERE pfk.project_flock_id = pf.id
+  AND (pfk.period IS NULL OR pfk.period = 0)
+  AND pf.period IS NOT NULL;
+
+ALTER TABLE project_flock_kandangs
+    ALTER COLUMN period SET DEFAULT 0;
+
+UPDATE project_flock_kandangs
+SET period = 0
+WHERE period IS NULL;
+
+ALTER TABLE project_flock_kandangs
+    ALTER COLUMN period SET NOT NULL;
+
+-- Drop period from project_flocks as the source of truth
+DROP INDEX IF EXISTS project_flocks_base_period_unique;
+
+ALTER TABLE project_flocks
+    DROP COLUMN IF EXISTS period;
+
+COMMIT;

internal/database/migrations/20251118044026_update_marketing_product_and_marketing_delivery.down.sql

@@ -0,0 +1,11 @@
+-- Add back timestamp columns to marketing_products table
+ALTER TABLE marketing_products
+ADD COLUMN IF NOT EXISTS created_at TIMESTAMPTZ DEFAULT NOW(),
+ADD COLUMN IF NOT EXISTS updated_at TIMESTAMPTZ DEFAULT NOW(),
+ADD COLUMN IF NOT EXISTS deleted_at TIMESTAMPTZ;
+
+-- Add back timestamp columns to marketing_delivery_products table
+ALTER TABLE marketing_delivery_products
+ADD COLUMN IF NOT EXISTS created_at TIMESTAMPTZ DEFAULT NOW(),
+ADD COLUMN IF NOT EXISTS updated_at TIMESTAMPTZ DEFAULT NOW(),
+ADD COLUMN IF NOT EXISTS deleted_at TIMESTAMPTZ;

internal/database/migrations/20251118044026_update_marketing_product_and_marketing_delivery.up.sql

@@ -0,0 +1,27 @@
+-- Drop timestamp columns from marketing_products table if it exists
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_products' AND column_name = 'created_at') THEN
+        ALTER TABLE marketing_products DROP COLUMN created_at;
+    END IF;
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_products' AND column_name = 'updated_at') THEN
+        ALTER TABLE marketing_products DROP COLUMN updated_at;
+    END IF;
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_products' AND column_name = 'deleted_at') THEN
+        ALTER TABLE marketing_products DROP COLUMN deleted_at;
+    END IF;
+END $$;
+
+-- Drop timestamp columns from marketing_delivery_products table if it exists
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_delivery_products' AND column_name = 'created_at') THEN
+        ALTER TABLE marketing_delivery_products DROP COLUMN created_at;
+    END IF;
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_delivery_products' AND column_name = 'updated_at') THEN
+        ALTER TABLE marketing_delivery_products DROP COLUMN updated_at;
+    END IF;
+    IF EXISTS (SELECT 1 FROM information_schema.columns WHERE table_name = 'marketing_delivery_products' AND column_name = 'deleted_at') THEN
+        ALTER TABLE marketing_delivery_products DROP COLUMN deleted_at;
+    END IF;
+END $$;

internal/database/seed/seeder.go

@@ -82,7 +82,7 @@ func Run(db *gorm.DB) error {
 			return err
 		}
 
-		if err := seedTransferStock(tx, adminID); err != nil {
+		if err := seedTransferStock(tx); err != nil {
 			return err
 		}
 		fmt.Println("✅ Master data seeding completed")
@@ -235,13 +235,14 @@ func seedKandangs(tx *gorm.DB, createdBy uint, locations map[string]uint, users
 	seeds := []struct {
 		Name     string
 		Status   utils.KandangStatus
+		Capacity float64
 		Location string
 		PicKey   string
 	}{
-		{Name: "Singaparna 1", Status: utils.KandangStatusNonActive, Location: "Singaparna", PicKey: "admin"},
-		{Name: "Singaparna 2", Status: utils.KandangStatusNonActive, Location: "Singaparna", PicKey: "admin"},
-		{Name: "Cikaum 1", Status: utils.KandangStatusNonActive, Location: "Cikaum", PicKey: "admin"},
-		{Name: "Cikaum 2", Status: utils.KandangStatusNonActive, Location: "Cikaum", PicKey: "admin"},
+		{Name: "Singaparna 1", Status: utils.KandangStatusNonActive, Capacity: 50000, Location: "Singaparna", PicKey: "admin"},
+		{Name: "Singaparna 2", Status: utils.KandangStatusNonActive, Capacity: 50000, Location: "Singaparna", PicKey: "admin"},
+		{Name: "Cikaum 1", Status: utils.KandangStatusNonActive, Capacity: 50000, Location: "Cikaum", PicKey: "admin"},
+		{Name: "Cikaum 2", Status: utils.KandangStatusNonActive, Capacity: 50000, Location: "Cikaum", PicKey: "admin"},
 	}
 
 	result := make(map[string]uint, len(seeds))
@@ -691,7 +692,7 @@ func seedProducts(tx *gorm.DB, createdBy uint, uoms map[string]uint, categories
 			var existing entity.ProductSupplier
 			err := tx.Where("product_id = ? AND supplier_id = ?", product.Id, supplierID).First(&existing).Error
 			if errors.Is(err, gorm.ErrRecordNotFound) {
-				link := entity.ProductSupplier{ProductID: product.Id, SupplierID: supplierID}
+				link := entity.ProductSupplier{ProductId: product.Id, SupplierId: supplierID}
 				if err := tx.Create(&link).Error; err != nil {
 					return err
 				}
@@ -764,7 +765,7 @@ func seedNonstocks(tx *gorm.DB, createdBy uint, uoms map[string]uint, suppliers
 			var existing entity.NonstockSupplier
 			err := tx.Where("nonstock_id = ? AND supplier_id = ?", nonstock.Id, supplierID).First(&existing).Error
 			if errors.Is(err, gorm.ErrRecordNotFound) {
-				link := entity.NonstockSupplier{NonstockID: nonstock.Id, SupplierID: supplierID}
+				link := entity.NonstockSupplier{NonstockId: nonstock.Id, SupplierId: supplierID}
 				if err := tx.Create(&link).Error; err != nil {
 					return err
 				}
@@ -928,7 +929,7 @@ func seedProductWarehouse(tx *gorm.DB, createdBy uint) error {
 	return nil
 }
 
-func seedTransferStock(tx *gorm.DB, createdBy uint) error {
+func seedTransferStock(tx *gorm.DB) error {
 
 	transfer := entity.StockTransfer{
 		FromWarehouseId: 1,

internal/entities/expense.go

@@ -0,0 +1,32 @@
+package entities
+
+import (
+	"database/sql"
+	"time"
+
+	"gorm.io/gorm"
+)
+
+type Expense struct {
+	Id                      uint64         `gorm:"primaryKey;autoIncrement"`
+	ReferenceNumber         string         `gorm:"type:varchar(50);uniqueIndex"`
+	SupplierId              uint64         `gorm:""`
+	Category                string         `gorm:"type:varchar(50);not null"`
+	PoNumber                string         `gorm:"type:varchar(50)"`
+	DocumentPath            sql.NullString `gorm:"type:json"`                                  // Dokumen pengajuan
+	RealizationDocumentPath sql.NullString `gorm:"type:json;column:realization_document_path"` // Dokumen realisasi
+	RealizationDate         time.Time      `gorm:"type:date;column:realization_date"`          // Tanggal realisasi
+	ExpenseDate             time.Time      `gorm:"type:date;not null"`
+	GrandTotal              float64        `gorm:"type:numeric(15,3);default:0"`
+	Note                    string         `gorm:"type:text"`
+	CreatedBy               uint64         `gorm:""`
+	CreatedAt               time.Time      `gorm:"autoCreateTime"`
+	UpdatedAt               time.Time      `gorm:"autoUpdateTime"`
+	DeletedAt               gorm.DeletedAt `gorm:"index" json:"-"`
+
+	// Relations
+	Supplier       *Supplier         `gorm:"foreignKey:SupplierId;references:Id"`
+	CreatedUser    *User             `gorm:"foreignKey:CreatedBy;references:Id"`
+	Nonstocks      []ExpenseNonstock `gorm:"foreignKey:ExpenseId;references:Id"`
+	LatestApproval *Approval         `gorm:"-" json:"latest_approval,omitempty"`
+}

internal/entities/expense_nonstock.go

@@ -0,0 +1,20 @@
+package entities
+
+type ExpenseNonstock struct {
+	Id                    uint64 `gorm:"primaryKey;autoIncrement"`
+	ExpenseId             *uint64 `gorm:""`
+	ProjectFlockKandangId *uint64 `gorm:""`
+	KandangId             *uint64 `gorm:""`
+	NonstockId            *uint64 `gorm:""`
+	Qty                   float64 `gorm:"type:numeric(15,3);not null"`
+	UnitPrice             float64 `gorm:"type:numeric(15,3);not null"`
+	TotalPrice            float64 `gorm:"type:numeric(15,3);not null"`
+	Note                  string  `gorm:"type:text"`
+
+	// Relations
+	Expense             *Expense             `gorm:"foreignKey:ExpenseId;references:Id"`
+	ProjectFlockKandang *ProjectFlockKandang `gorm:"foreignKey:ProjectFlockKandangId;references:Id"`
+	Kandang             *Kandang             `gorm:"foreignKey:KandangId;references:Id"`
+	Nonstock            *Nonstock            `gorm:"foreignKey:NonstockId;references:Id"`
+	Realization         *ExpenseRealization  `gorm:"foreignKey:ExpenseNonstockId;references:Id"`
+}

internal/entities/expense_realization.go

@@ -0,0 +1,20 @@
+package entities
+
+import (
+	"time"
+)
+
+type ExpenseRealization struct {
+	Id                    uint64  `gorm:"primaryKey;autoIncrement"`
+	ExpenseNonstockId     *uint64 `gorm:""`
+	RealizationQty        float64 `gorm:"type:numeric(15,3);not null"`
+	RealizationUnitPrice  float64 `gorm:"type:numeric(15,3);not null"`
+	RealizationTotalPrice float64 `gorm:"type:numeric(15,3);not null"`
+	RealizationDate       time.Time `gorm:"type:date;not null"`
+	Note                  *string  `gorm:"type:text"`
+	CreatedBy             *uint64  `gorm:""`
+
+	// Relations
+	ExpenseNonstock *ExpenseNonstock `gorm:"foreignKey:ExpenseNonstockId;references:Id"`
+	CreatedUser     *User            `gorm:"foreignKey:CreatedBy;references:Id"`
+}

internal/entities/kandang.go

@@ -7,17 +7,18 @@ import (
 )
 
 type Kandang struct {
-	Id          uint           `gorm:"primaryKey"`
-	Name        string         `gorm:"not null;uniqueIndex:kandangs_name_unique,where:deleted_at IS NULL"`
-	Status      string         `gorm:"type:varchar(50);not null"`
-	LocationId  uint           `gorm:"not null"`
-	PicId       uint           `gorm:"not null"`
-	CreatedBy   uint           `gorm:"not null"`
-	CreatedAt   time.Time      `gorm:"autoCreateTime"`
-	UpdatedAt   time.Time      `gorm:"autoUpdateTime"`
-	DeletedAt   gorm.DeletedAt `gorm:"index" json:"-"`
-	CreatedUser User           `gorm:"foreignKey:CreatedBy;references:Id"`
-	Location    Location       `gorm:"foreignKey:LocationId;references:Id"`
-	Pic         User           `gorm:"foreignKey:PicId;references:Id"`
+	Id                   uint                  `gorm:"primaryKey"`
+	Name                 string                `gorm:"not null;uniqueIndex:kandangs_name_unique,where:deleted_at IS NULL"`
+	Status               string                `gorm:"type:varchar(50);not null"`
+	LocationId           uint                  `gorm:"not null"`
+	Capacity             float64               `gorm:"not null"`
+	PicId                uint                  `gorm:"not null"`
+	CreatedBy            uint                  `gorm:"not null"`
+	CreatedAt            time.Time             `gorm:"autoCreateTime"`
+	UpdatedAt            time.Time             `gorm:"autoUpdateTime"`
+	DeletedAt            gorm.DeletedAt        `gorm:"index" json:"-"`
+	CreatedUser          User                  `gorm:"foreignKey:CreatedBy;references:Id"`
+	Location             Location              `gorm:"foreignKey:LocationId;references:Id"`
+	Pic                  User                  `gorm:"foreignKey:PicId;references:Id"`
 	ProjectFlockKandangs []ProjectFlockKandang `gorm:"foreignKey:KandangId;references:Id" json:"-"`
 }

internal/entities/location.go

@@ -16,6 +16,7 @@ type Location struct {
 	UpdatedAt time.Time      `gorm:"autoUpdateTime"`
 	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
 
-	CreatedUser User `gorm:"foreignKey:CreatedBy;references:Id"`
-	Area        Area `gorm:"foreignKey:AreaId;references:Id"`
+	CreatedUser User      `gorm:"foreignKey:CreatedBy;references:Id"`
+	Area        Area      `gorm:"foreignKey:AreaId;references:Id"`
+	Kandangs    []Kandang `gorm:"foreignKey:LocationId;references:Id"`
 }

internal/entities/marketing.go

@@ -0,0 +1,27 @@
+package entities
+
+import (
+	"time"
+
+	"gorm.io/gorm"
+)
+
+type Marketing struct {
+	Id            uint           `gorm:"primaryKey;autoIncrement"`
+	SoNumber      string         `gorm:"uniqueIndex;not null"`
+	CustomerId    uint           `gorm:"not null"`
+	SoDocs        string         `gorm:"type:varchar(20)"`
+	SoDate        time.Time      `gorm:"type:date;not null"`
+	SalesPersonId uint           `gorm:"not null"`
+	Notes         string         `gorm:"type:text"`
+	CreatedBy     uint           `gorm:"not null"`
+	CreatedAt     time.Time      `gorm:"autoCreateTime"`
+	UpdatedAt     time.Time      `gorm:"autoUpdateTime"`
+	DeletedAt     gorm.DeletedAt `gorm:"index" json:"-"`
+
+	Customer       Customer           `gorm:"foreignKey:CustomerId;references:Id"`
+	SalesPerson    User               `gorm:"foreignKey:SalesPersonId;references:Id"`
+	CreatedUser    User               `gorm:"foreignKey:CreatedBy;references:Id"`
+	Products       []MarketingProduct `gorm:"foreignKey:MarketingId;references:Id"`
+	LatestApproval *Approval          `gorm:"-" json:"latest_approval,omitempty"`
+}

internal/entities/marketing_delivery_product.go

@@ -0,0 +1,19 @@
+package entities
+
+import (
+	"time"
+)
+
+type MarketingDeliveryProduct struct {
+	Id                 uint       `gorm:"primaryKey;autoIncrement"`
+	MarketingProductId uint       `gorm:"uniqueIndex;not null"`
+	Qty                float64    `gorm:"type:numeric(15,3)"`
+	UnitPrice          float64    `gorm:"type:numeric(15,3)"`
+	TotalWeight        float64    `gorm:"type:numeric(15,3)"`
+	AvgWeight          float64    `gorm:"type:numeric(15,3)"`
+	TotalPrice         float64    `gorm:"type:numeric(15,3)"`
+	DeliveryDate       *time.Time `gorm:"type:timestamptz"`
+	VehicleNumber      string     `gorm:"type:varchar(50)"`
+
+	MarketingProduct MarketingProduct `gorm:"foreignKey:MarketingProductId;references:Id"`
+}

internal/entities/marketing_product.go

@@ -0,0 +1,16 @@
+package entities
+
+type MarketingProduct struct {
+	Id                 uint    `gorm:"primaryKey;autoIncrement"`
+	MarketingId        uint    `gorm:"not null"`
+	ProductWarehouseId uint    `gorm:"not null"`
+	Qty                float64 `gorm:"type:numeric(15,3);not null"`
+	UnitPrice          float64 `gorm:"type:numeric(15,3);not null"`
+	AvgWeight          float64 `gorm:"type:numeric(15,3);not null"`
+	TotalWeight        float64 `gorm:"type:numeric(15,3);not null"`
+	TotalPrice         float64 `gorm:"type:numeric(15,3);not null"`
+
+	Marketing        Marketing                 `gorm:"foreignKey:MarketingId;references:Id"`
+	ProductWarehouse ProductWarehouse          `gorm:"foreignKey:ProductWarehouseId;references:Id"`
+	DeliveryProduct  *MarketingDeliveryProduct `gorm:"foreignKey:MarketingProductId;references:Id"`
+}

internal/entities/nonstock.go

@@ -15,8 +15,8 @@ type Nonstock struct {
 	UpdatedAt time.Time      `gorm:"autoUpdateTime"`
 	DeletedAt gorm.DeletedAt `gorm:"index" json:"-"`
 
-	CreatedUser User       `gorm:"foreignKey:CreatedBy;references:Id"`
-	Uom         Uom        `gorm:"foreignKey:UomId;references:Id"`
-	Suppliers   []Supplier `gorm:"many2many:nonstock_suppliers;joinForeignKey:NonstockID;joinReferences:SupplierID"`
-	Flags       []Flag     `gorm:"polymorphic:Flagable;polymorphicValue:nonstocks"`
+	CreatedUser       User               `gorm:"foreignKey:CreatedBy;references:Id"`
+	Uom               Uom                `gorm:"foreignKey:UomId;references:Id"`
+	NonstockSuppliers []NonstockSupplier `gorm:"foreignKey:NonstockId;references:Id"`
+	Flags             []Flag             `gorm:"polymorphic:Flagable;polymorphicValue:nonstocks"`
 }

internal/entities/nonstock_supplier.go

@@ -3,7 +3,10 @@ package entities
 import "time"
 
 type NonstockSupplier struct {
-	NonstockID uint      `gorm:"primaryKey"`
-	SupplierID uint      `gorm:"primaryKey"`
+	NonstockId uint      `gorm:"not null"`
+	SupplierId uint      `gorm:"not null"`
 	CreatedAt  time.Time `gorm:"autoCreateTime"`
+
+	Nonstock Nonstock `gorm:"foreignKey:NonstockId;references:Id"`
+	Supplier Supplier `gorm:"foreignKey:SupplierId;references:Id"`
 }

internal/entities/product.go

@@ -22,9 +22,9 @@ type Product struct {
 	UpdatedAt         time.Time      `gorm:"autoUpdateTime"`
 	DeletedAt         gorm.DeletedAt `gorm:"index" json:"-"`
 
-	CreatedUser     User            `gorm:"foreignKey:CreatedBy;references:Id"`
-	Uom             Uom             `gorm:"foreignKey:UomId;references:Id"`
-	ProductCategory ProductCategory `gorm:"foreignKey:ProductCategoryId;references:Id"`
-	Suppliers       []Supplier      `gorm:"many2many:product_suppliers;joinForeignKey:ProductID;joinReferences:SupplierID"`
-	Flags           []Flag          `gorm:"polymorphic:Flagable;polymorphicValue:products"`
+	CreatedUser      User              `gorm:"foreignKey:CreatedBy;references:Id"`
+	Uom              Uom               `gorm:"foreignKey:UomId;references:Id"`
+	ProductCategory  ProductCategory   `gorm:"foreignKey:ProductCategoryId;references:Id"`
+	ProductSuppliers []ProductSupplier `gorm:"foreignKey:ProductId;references:Id"`
+	Flags            []Flag            `gorm:"polymorphic:Flagable;polymorphicValue:products"`
 }

internal/entities/product_supplier.go

@@ -3,7 +3,10 @@ package entities
 import "time"
 
 type ProductSupplier struct {
-	ProductID  uint      `gorm:"primaryKey"`
-	SupplierID uint      `gorm:"primaryKey"`
+	ProductId  uint      `gorm:"not null"`
+	SupplierId uint      `gorm:"not null"`
 	CreatedAt  time.Time `gorm:"autoCreateTime"`
+
+	Product  Product  `gorm:"foreignKey:ProductId;references:Id"`
+	Supplier Supplier `gorm:"foreignKey:SupplierId;references:Id"`
 }

internal/entities/projectflock.go

@@ -13,7 +13,6 @@ type ProjectFlock struct {
 	Category   string         `gorm:"type:varchar(20);not null"`
 	FcrId      uint           `gorm:"not null"`
 	LocationId uint           `gorm:"not null"`
-	Period     int            `gorm:"not null"`
 	CreatedBy  uint           `gorm:"not null"`
 	CreatedAt  time.Time      `gorm:"autoCreateTime"`
 	UpdatedAt  time.Time      `gorm:"autoUpdateTime"`
@@ -28,4 +27,3 @@ type ProjectFlock struct {
 
 	LatestApproval *Approval `gorm:"-" json:"-"`
 }
-

internal/entities/projectflock_kandang.go

@@ -6,6 +6,7 @@ type ProjectFlockKandang struct {
 	Id             uint      `gorm:"primaryKey"`
 	ProjectFlockId uint      `gorm:"not null;index:idx_project_flock_kandangs_project;uniqueIndex:idx_project_flock_kandangs_unique"`
 	KandangId      uint      `gorm:"not null;index:idx_project_flock_kandangs_kandang;uniqueIndex:idx_project_flock_kandangs_unique"`
+	Period         int       `gorm:"not null"`
 	CreatedAt      time.Time `gorm:"autoCreateTime"`
 
 	ProjectFlock   ProjectFlock     `gorm:"foreignKey:ProjectFlockId;references:Id"`

internal/entities/purchase.go

@@ -0,0 +1,27 @@
+package entities
+
+import (
+	"time"
+)
+
+type Purchase struct {
+	Id         uint64 `gorm:"primaryKey;autoIncrement"`
+	PrNumber   string `gorm:"not null"`
+	PoNumber   *string
+	PoDate     *time.Time
+	SupplierId uint64 `gorm:"not null"`
+	CreditTerm *int
+	DueDate    *time.Time
+	GrandTotal float64 `gorm:"type:numeric(15,3);default:0"`
+	Notes      *string
+	CreatedAt  time.Time  `gorm:"autoCreateTime"`
+	UpdatedAt  time.Time  `gorm:"autoUpdateTime"`
+	DeletedAt  *time.Time `gorm:"index"`
+	CreatedBy  uint64     `gorm:"not null"`
+
+	// Relations
+	Supplier       Supplier       `gorm:"foreignKey:SupplierId;references:Id"`
+	Items          []PurchaseItem `gorm:"foreignKey:PurchaseId"`
+	CreatedUser    User           `gorm:"foreignKey:CreatedBy;references:Id"`
+	LatestApproval *Approval      `gorm:"-" json:"-"`
+}

internal/entities/purchase_item.go

@@ -0,0 +1,28 @@
+package entities
+
+import (
+	"time"
+)
+
+type PurchaseItem struct {
+	Id                 uint64 `gorm:"primaryKey;autoIncrement"`
+	PurchaseId         uint64 `gorm:"not null"`
+	ProductId          uint64 `gorm:"not null"`
+	WarehouseId        uint64 `gorm:"not null"`
+	ProductWarehouseId *uint64
+	ReceivedDate       *time.Time
+	TravelNumber       *string
+	TravelNumberDocs   *string
+	VehicleNumber      *string
+	SubQty             float64 `gorm:"type:numeric(15,3);not null"`
+	TotalQty           float64 `gorm:"type:numeric(15,3);default:0"`
+	TotalUsed          float64 `gorm:"type:numeric(15,3);default:0"`
+	Price              float64 `gorm:"type:numeric(15,3);default:0"`
+	TotalPrice         float64 `gorm:"type:numeric(15,3);default:0"`
+
+	// Relations
+	Purchase         *Purchase         `gorm:"foreignKey:PurchaseId;references:Id"`
+	Product          *Product          `gorm:"foreignKey:ProductId;references:Id"`
+	Warehouse        *Warehouse        `gorm:"foreignKey:WarehouseId;references:Id"`
+	ProductWarehouse *ProductWarehouse `gorm:"foreignKey:ProductWarehouseId;references:Id"`
+}

internal/entities/supplier.go

@@ -26,5 +26,7 @@ type Supplier struct {
 	UpdatedAt     time.Time      `gorm:"autoUpdateTime"`
 	DeletedAt     gorm.DeletedAt `gorm:"index" json:"-"`
 
-	CreatedUser User `gorm:"foreignKey:CreatedBy;references:Id"`
+	CreatedUser       User               `gorm:"foreignKey:CreatedBy;references:Id"`
+	ProductSuppliers  []ProductSupplier  `gorm:"foreignKey:SupplierId;references:Id"`
+	NonstockSuppliers []NonstockSupplier `gorm:"foreignKey:SupplierId;references:Id"`
 }

internal/middleware/auth.go

@@ -1,101 +1,193 @@
 package middleware
 
-// import (
-// 	"strings"
+import (
+	"strings"
 
-// 	"gitlab.com/mbugroup/lti-api.git/internal/config"
-// 	service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
-// 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
+	"gitlab.com/mbugroup/lti-api.git/internal/config"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/sso/session"
+	service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+	"gitlab.com/mbugroup/lti-api.git/internal/sso"
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 
-// 	"github.com/gofiber/fiber/v2"
-// )
+	"github.com/gofiber/fiber/v2"
+)
 
-// func Auth(userService service.UserService, requiredRights ...string) fiber.Handler {
-// 	return func(c *fiber.Ctx) error {
-// 		authHeader := c.Get("Authorization")
-// 		token := strings.TrimSpace(strings.TrimPrefix(authHeader, "Bearer "))
+const (
+	authContextLocalsKey = "auth.context"
+	authUserLocalsKey    = "auth.user"
+)
 
-// 		if token == "" {
-// 			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 		}
+// AuthContext keeps authentication details captured by the middleware.
+type AuthContext struct {
+	Token        string
+	Verification *sso.VerificationResult
+	User         *entity.User
+	Roles        []sso.Role
+	Permissions  map[string]struct{}
+}
 
-// 		userID, err := utils.VerifyToken(token, config.JWTSecret, config.TokenTypeAccess)
-// 		if err != nil {
-// 			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 		}
+// Auth validates the incoming request against the central SSO access token and
+// loads the corresponding local user. Optional scopes can be provided to enforce
+// fine-grained authorization using the SSO access token scopes.
+func Auth(userService service.UserService, requiredScopes ...string) fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		token := bearerToken(c)
+		if token == "" {
+			token = strings.TrimSpace(c.Cookies(config.SSOAccessCookieName))
+		}
+		if token == "" {
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-// 		// Only end-user subjects are allowed by this middleware. Service tokens
-// 		if verification.UserID == 0 {
-// 			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 		}
+		verification, err := sso.VerifyAccessToken(token)
+		if err != nil {
+			utils.Log.WithError(err).Warn("auth: token verification failed")
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-// 		// Fail-closed on revocation check errors for stricter security posture.
-// 		if revoker := session.GetRevocationStore(); revoker != nil {
-// 			if fingerprint := session.TokenFingerprint(token); fingerprint != "" {
-// 				revoked, err := revoker.IsRevoked(c.Context(), fingerprint)
-// 				if err != nil {
-// 					utils.Log.WithError(err).Warn("failed to check token revocation")
-// 					return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 				}
-// 				if revoked {
-// 					return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 				}
-// 			}
-// 		}
+		if verification.UserID == 0 {
+			return fiber.NewError(fiber.StatusForbidden, "Service authentication is not permitted for this endpoint")
+		}
 
-// 		user, err := userService.GetBySSOUserID(c, verification.UserID)
-// 		if err != nil || user == nil {
-// 			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
-// 		}
+		if err := ensureNotRevoked(c, token, verification); err != nil {
+			return err
+		}
 
-// 		if len(requiredRights) > 0 && verification.Claims != nil {
-// 			if !hasAllScopes(verification.Claims.Scopes(), requiredRights) {
-// 				return fiber.NewError(fiber.StatusForbidden, "Insufficient scope")
-// 			}
-// 		}
+		user, err := userService.GetBySSOUserID(c, verification.UserID)
+		if err != nil || user == nil {
+			utils.Log.WithError(err).Warn("auth: failed to resolve user from repository")
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
 
-// 		c.Locals("user", user)
+		if len(requiredScopes) > 0 {
+			if verification.Claims == nil || !hasAllScopes(verification.Claims.Scopes(), requiredScopes) {
+				return fiber.NewError(fiber.StatusForbidden, "Insufficient scope")
+			}
+		}
 
-// 		// if len(requiredRights) > 0 {
-// 		// 	userRights, hasRights := config.RoleRights[user.Role]
-// 		// 	if (!hasRights || !hasAllRights(userRights, requiredRights)) && c.Params("userId") != userID {
-// 		// 		return fiber.NewError(fiber.StatusForbidden, "You don't have permission to access this resource")
-// 		// 	}
-// 		// }
+		var roles []sso.Role
+		permissions := make(map[string]struct{})
+		if verification.UserID != 0 {
+			if profile, err := sso.FetchProfile(c.Context(), token, verification); err != nil {
+				utils.Log.WithError(err).Warn("auth: failed to fetch sso profile")
+			} else if profile != nil {
+				roles = profile.Roles
+				for _, perm := range profile.PermissionNames() {
+					if perm != "" {
+						permissions[perm] = struct{}{}
+					}
+				}
+			}
+		}
 
-// 		return c.Next()
-// 	}
-// }
+		ctx := &AuthContext{
+			Token:        token,
+			Verification: verification,
+			User:         user,
+			Roles:        roles,
+			Permissions:  permissions,
+		}
 
-// // bearerToken extracts a Bearer token from the Authorization header using
-// // case-insensitive scheme matching and tolerant whitespace handling.
-// func bearerToken(c *fiber.Ctx) string {
-// 	parts := strings.Fields(c.Get("Authorization"))
-// 	if len(parts) == 2 && strings.EqualFold(parts[0], "Bearer") {
-// 		return strings.TrimSpace(parts[1])
-// 	}
-// 	return ""
-// }
+		c.Locals(authContextLocalsKey, ctx)
+		c.Locals(authUserLocalsKey, user)
 
-// func hasAllScopes(have, required []string) bool {
-// 	if len(required) == 0 {
-// 		return true
-// 	}
-// 	set := make(map[string]struct{}, len(have))
-// 	for _, s := range have {
-// 		s = strings.ToLower(strings.TrimSpace(s))
-// 		if s != "" {
-// 			set[s] = struct{}{}
-// 		}
-// 	}
-// 	for _, r := range required {
-// 		r = strings.ToLower(strings.TrimSpace(r))
-// 		if r == "" {
-// 			continue
-// 		}
-// 		if _, ok := set[r]; !ok {
-// 			return false
-// 		}
-// 	}
-// 	return true
-// }
+		return c.Next()
+	}
+}
+
+// AuthenticatedUser returns the authenticated user populated by Auth.
+func AuthenticatedUser(c *fiber.Ctx) (*entity.User, bool) {
+	value := c.Locals(authUserLocalsKey)
+	if user, ok := value.(*entity.User); ok && user != nil {
+		return user, true
+	}
+	return nil, false
+}
+
+// AuthDetails returns the full authentication context (token, claims, user).
+func AuthDetails(c *fiber.Ctx) (*AuthContext, bool) {
+	value := c.Locals(authContextLocalsKey)
+	if ctx, ok := value.(*AuthContext); ok && ctx != nil {
+		return ctx, true
+	}
+	return nil, false
+}
+
+// ensureNotRevoked ensures the token is not revoked or superseded by a forced logout.
+func ensureNotRevoked(c *fiber.Ctx, token string, verification *sso.VerificationResult) error {
+	revoker := session.GetRevocationStore()
+	if revoker == nil {
+		return nil
+	}
+
+	if fingerprint := session.TokenFingerprint(token); fingerprint != "" {
+		revoked, err := revoker.IsRevoked(c.Context(), fingerprint)
+		if err != nil {
+			utils.Log.WithError(err).Warn("auth: token revocation check failed")
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
+		if revoked {
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
+	}
+
+	if verification.UserID == 0 {
+		return nil
+	}
+
+	logoutAt, err := revoker.UserLogoutTime(c.Context(), verification.UserID)
+	if err != nil {
+		utils.Log.WithError(err).Warn("auth: failed to load user logout marker")
+		return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+	}
+	if logoutAt.IsZero() {
+		return nil
+	}
+
+	claims := verification.Claims
+	if claims == nil || claims.IssuedAt == nil {
+		return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+	}
+
+	issuedAt := claims.IssuedAt.Time
+	// Treat tokens issued at or before the forced logout timestamp as invalid.
+	if !issuedAt.After(logoutAt) {
+		return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+	}
+
+	return nil
+}
+
+// bearerToken extracts a Bearer token from the Authorization header using
+// case-insensitive scheme matching and tolerant whitespace handling.
+func bearerToken(c *fiber.Ctx) string {
+	parts := strings.Fields(c.Get("Authorization"))
+	if len(parts) == 2 && strings.EqualFold(parts[0], "Bearer") {
+		return strings.TrimSpace(parts[1])
+	}
+	return ""
+}
+
+func hasAllScopes(have, required []string) bool {
+	if len(required) == 0 {
+		return true
+	}
+	set := make(map[string]struct{}, len(have))
+	for _, s := range have {
+		s = strings.ToLower(strings.TrimSpace(s))
+		if s != "" {
+			set[s] = struct{}{}
+		}
+	}
+	for _, r := range required {
+		r = strings.ToLower(strings.TrimSpace(r))
+		if r == "" {
+			continue
+		}
+		if _, ok := set[r]; !ok {
+			return false
+		}
+	}
+	return true
+}

internal/middleware/limiter.go

@@ -24,3 +24,24 @@ func LimiterConfig() fiber.Handler {
 		SkipSuccessfulRequests: true,
 	})
 }
+
+func NewLimiter(max int, expiration time.Duration) fiber.Handler {
+	if max <= 0 {
+		max = 10
+	}
+	if expiration <= 0 {
+		expiration = time.Minute
+	}
+	return limiter.New(limiter.Config{
+		Max:        max,
+		Expiration: expiration,
+		LimitReached: func(c *fiber.Ctx) error {
+			return c.Status(fiber.StatusTooManyRequests).
+				JSON(response.Common{
+					Code:    fiber.StatusTooManyRequests,
+					Status:  "error",
+					Message: "Too many requests, please try again later",
+				})
+		},
+	})
+}

internal/middleware/permissions.go

@@ -0,0 +1,75 @@
+package middleware
+
+import (
+	"strings"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+// RequirePermissions ensures the authenticated user possesses all specified permissions.
+func RequirePermissions(perms ...string) fiber.Handler {
+	required := canonicalPermissions(perms)
+	return func(c *fiber.Ctx) error {
+		if len(required) == 0 {
+			return c.Next()
+		}
+
+		ctx, ok := AuthDetails(c)
+		if !ok || ctx == nil {
+			return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+		}
+
+		userPerms := ctx.permissionSet()
+		if len(userPerms) == 0 {
+			return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
+		}
+
+		for _, perm := range required {
+			if _, has := userPerms[perm]; !has {
+				return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
+			}
+		}
+
+		return c.Next()
+	}
+}
+
+// HasPermission reports whether the current request context includes the given permission.
+func HasPermission(c *fiber.Ctx, perm string) bool {
+	ctx, ok := AuthDetails(c)
+	if !ok || ctx == nil {
+		return false
+	}
+	perm = canonicalPermission(perm)
+	if perm == "" {
+		return false
+	}
+	_, has := ctx.permissionSet()[perm]
+	return has
+}
+
+func (a *AuthContext) permissionSet() map[string]struct{} {
+	if a == nil || a.Permissions == nil {
+		return nil
+	}
+	return a.Permissions
+}
+
+func canonicalPermissions(perms []string) []string {
+	out := make([]string, 0, len(perms))
+	seen := make(map[string]struct{}, len(perms))
+	for _, perm := range perms {
+		if canonical := canonicalPermission(perm); canonical != "" {
+			if _, ok := seen[canonical]; ok {
+				continue
+			}
+			seen[canonical] = struct{}{}
+			out = append(out, canonical)
+		}
+	}
+	return out
+}
+
+func canonicalPermission(perm string) string {
+	return strings.ToLower(strings.TrimSpace(perm))
+}

internal/middleware/trim/json_body.go

@@ -16,6 +16,10 @@ func JSONBody() fiber.Handler {
 			return c.Next()
 		}
 
+		if strings.EqualFold(c.Path(), "/api/sso/users/sync") {
+			return c.Next()
+		}
+
 		body := c.Body()
 		if len(body) == 0 {
 			return c.Next()

internal/modules/approvals/controllers/approval.controller.go

@@ -85,7 +85,7 @@ func (u *ApprovalController) GetAll(c *fiber.Ctx) error {
 
 	flat := dto.ToApprovalDTOs(records)
 	return c.Status(fiber.StatusOK).
-		JSON(response.SuccessWithPaginate[dto.ApprovalBaseDTO]{
+		JSON(response.SuccessWithPaginate[dto.ApprovalRelationDTO]{
 			Code:    fiber.StatusOK,
 			Status:  "success",
 			Message: "Get All approvals successfully",

internal/modules/approvals/dto/approval.dto.go

@@ -10,23 +10,25 @@ import (
 	approvalutils "gitlab.com/mbugroup/lti-api.git/internal/utils/approvals"
 )
 
-type ApprovalBaseDTO struct {
-	StepNumber uint16              `json:"step_number"`
-	StepName   string              `json:"step_name"`
-	Action     *string             `json:"action"`
-	Notes      *string             `json:"notes"`
-	ActionBy   userDTO.UserBaseDTO `json:"action_by"`
-	ActionAt   time.Time           `json:"action_at"`
+type ApprovalRelationDTO struct {
+	Id         uint                    `json:"id"`
+	StepNumber uint16                  `json:"step_number"`
+	StepName   string                  `json:"step_name"`
+	Action     *string                 `json:"action"`
+	Notes      *string                 `json:"notes"`
+	ActionBy   userDTO.UserRelationDTO `json:"action_by"`
+	ActionAt   time.Time               `json:"action_at"`
 }
 
 type ApprovalGroupDTO struct {
-	StepNumber uint16            `json:"step_number"`
-	StepName   string            `json:"step_name"`
-	Approvals  []ApprovalBaseDTO `json:"approvals"`
+	StepNumber uint16                `json:"step_number"`
+	StepName   string                `json:"step_name"`
+	Approvals  []ApprovalRelationDTO `json:"approvals"`
 }
 
-func ToApprovalDTO(e entity.Approval) ApprovalBaseDTO {
-	dto := ApprovalBaseDTO{
+func ToApprovalDTO(e entity.Approval) ApprovalRelationDTO {
+	dto := ApprovalRelationDTO{
+		Id:    e.Id,
 		Notes: e.Notes,
 	}
 
@@ -52,10 +54,10 @@ func ToApprovalDTO(e entity.Approval) ApprovalBaseDTO {
 	}
 
 	if e.ActionUser != nil && e.ActionUser.Id != 0 {
-		user := userDTO.ToUserBaseDTO(*e.ActionUser)
+		user := userDTO.ToUserRelationDTO(*e.ActionUser)
 		dto.ActionBy = user
 	} else if e.ActionBy != nil && *e.ActionBy != 0 {
-		dto.ActionBy = userDTO.UserBaseDTO{
+		dto.ActionBy = userDTO.UserRelationDTO{
 			Id:     *e.ActionBy,
 			IdUser: int64(*e.ActionBy),
 		}
@@ -69,8 +71,8 @@ func ToApprovalDTO(e entity.Approval) ApprovalBaseDTO {
 	return dto
 }
 
-func ToApprovalDTOs(items []entity.Approval) []ApprovalBaseDTO {
-	result := make([]ApprovalBaseDTO, len(items))
+func ToApprovalDTOs(items []entity.Approval) []ApprovalRelationDTO {
+	result := make([]ApprovalRelationDTO, len(items))
 	for i, item := range items {
 		result[i] = ToApprovalDTO(item)
 	}
@@ -84,7 +86,7 @@ func ToApprovalGroupDTOs(items []entity.Approval) []ApprovalGroupDTO {
 
 	type groupAccumulator struct {
 		StepName  string
-		Approvals []ApprovalBaseDTO
+		Approvals []ApprovalRelationDTO
 	}
 
 	groups := make(map[uint16]*groupAccumulator)

internal/modules/expenses/controllers/expense.controller.go

@@ -0,0 +1,391 @@
+package controller
+
+import (
+	"encoding/json"
+	"fmt"
+	"math"
+	"strconv"
+	"strings"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/dto"
+	service "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/services"
+	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/validations"
+	"gitlab.com/mbugroup/lti-api.git/internal/response"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+type ExpenseController struct {
+	ExpenseService service.ExpenseService
+}
+
+func NewExpenseController(expenseService service.ExpenseService) *ExpenseController {
+	return &ExpenseController{
+		ExpenseService: expenseService,
+	}
+}
+
+func (u *ExpenseController) GetAll(c *fiber.Ctx) error {
+	query := &validation.Query{
+		Page:   c.QueryInt("page", 1),
+		Limit:  c.QueryInt("limit", 10),
+		Search: c.Query("search", ""),
+	}
+
+	if query.Page < 1 || query.Limit < 1 {
+		return fiber.NewError(fiber.StatusBadRequest, "page and limit must be greater than 0")
+	}
+
+	result, totalResults, err := u.ExpenseService.GetAll(c, query)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.SuccessWithPaginate[dto.ExpenseListDTO]{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Get all expenses successfully",
+			Meta: response.Meta{
+				Page:         query.Page,
+				Limit:        query.Limit,
+				TotalPages:   int64(math.Ceil(float64(totalResults) / float64(query.Limit))),
+				TotalResults: totalResults,
+			},
+			Data: result,
+		})
+}
+
+func (u *ExpenseController) GetOne(c *fiber.Ctx) error {
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	result, err := u.ExpenseService.GetOne(c, uint(id))
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Get expense successfully",
+			Data:    result,
+		})
+}
+
+func (u *ExpenseController) CreateOne(c *fiber.Ctx) error {
+	req := new(validation.Create)
+
+	req.TransactionDate = c.FormValue("transaction_date")
+	req.Category = c.FormValue("category")
+
+	supplierID, err := strconv.ParseUint(c.FormValue("supplier_id"), 10, 64)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid supplier_id format")
+	}
+	req.SupplierID = supplierID
+
+	form, err := c.MultipartForm()
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid multipart form")
+	}
+	req.Documents = form.File["documents"]
+
+	costPerKandangJSON := c.FormValue("cost_per_kandangs")
+	if costPerKandangJSON != "" {
+
+		if err := json.Unmarshal([]byte(costPerKandangJSON), &req.CostPerKandangs); err != nil {
+
+			var singleCostPerKandang validation.CostPerKandang
+			if err := json.Unmarshal([]byte(costPerKandangJSON), &singleCostPerKandang); err != nil {
+				return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid cost_per_kandangs JSON: %v", err))
+			}
+
+			if singleCostPerKandang.KandangID == 0 {
+				return fiber.NewError(fiber.StatusBadRequest, "Field KandangID is required")
+			}
+
+			req.CostPerKandangs = []validation.CostPerKandang{singleCostPerKandang}
+		} else {
+			for i, costPerKandang := range req.CostPerKandangs {
+				if costPerKandang.KandangID == 0 {
+					return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Field KandangID is required for cost_per_kandangs[%d]", i))
+				}
+			}
+		}
+	} else {
+		return fiber.NewError(fiber.StatusBadRequest, "Field cost_per_kandangs is required")
+	}
+
+	result, err := u.ExpenseService.CreateOne(c, req)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusCreated).
+		JSON(response.Success{
+			Code:    fiber.StatusCreated,
+			Status:  "success",
+			Message: "Create expense successfully",
+			Data:    result,
+		})
+}
+
+func (u *ExpenseController) UpdateOne(c *fiber.Ctx) error {
+	req := new(validation.Update)
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	form, err := c.MultipartForm()
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid multipart form")
+	}
+
+	req.Documents = form.File["documents"]
+	if transactionDate := c.FormValue("transaction_date"); transactionDate != "" {
+		req.TransactionDate = &transactionDate
+	}
+
+	costPerKandangJSON := c.FormValue("cost_per_kandang")
+	if costPerKandangJSON != "" {
+		var costPerKandang []validation.CostPerKandang
+		if err := json.Unmarshal([]byte(costPerKandangJSON), &costPerKandang); err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid cost_per_kandang JSON: %v", err))
+		}
+
+		for i, costPerKandang := range costPerKandang {
+			if costPerKandang.KandangID == 0 {
+				return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Field KandangID is required for cost_per_kandang[%d]", i))
+			}
+		}
+
+		req.CostPerKandang = &costPerKandang
+	}
+
+	result, err := u.ExpenseService.UpdateOne(c, req, uint(id))
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Update expense successfully",
+			Data:    result,
+		})
+}
+
+func (u *ExpenseController) DeleteOne(c *fiber.Ctx) error {
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	if err := u.ExpenseService.DeleteOne(c, uint(id)); err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Common{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Delete expense successfully",
+		})
+}
+
+func (u *ExpenseController) Approval(c *fiber.Ctx) error {
+	req := new(validation.ApprovalRequest)
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	path := c.Path()
+	approvalType := ""
+	if strings.Contains(path, "/approvals/manager") {
+		approvalType = "manager"
+	} else if strings.Contains(path, "/approvals/finance") {
+		approvalType = "finance"
+	} else {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid approval path")
+	}
+
+	results, err := u.ExpenseService.Approval(c, req, approvalType)
+	if err != nil {
+		return err
+	}
+
+	var (
+		data    interface{}
+		message = "Submit expense approval successfully"
+	)
+	if len(results) == 1 {
+		data = results[0]
+	} else {
+		message = "Submit expense approvals successfully"
+		data = results
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: message,
+			Data:    data,
+		})
+}
+
+func (u *ExpenseController) CreateRealization(c *fiber.Ctx) error {
+	expenseID := c.Params("id")
+	id, err := strconv.Atoi(expenseID)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid expense ID")
+	}
+
+	req := new(validation.CreateRealization)
+
+	form, err := c.MultipartForm()
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid multipart form")
+	}
+	req.Documents = form.File["documents"]
+	req.RealizationDate = c.FormValue("realization_date")
+
+	realizationsJSON := c.FormValue("realizations")
+	if realizationsJSON != "" {
+		if err := json.Unmarshal([]byte(realizationsJSON), &req.Realizations); err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid realizations JSON: %v", err))
+		}
+	}
+
+	expense, err := u.ExpenseService.CreateRealization(c, uint(id), req)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusCreated).
+		JSON(response.Success{
+			Code:    fiber.StatusCreated,
+			Status:  "success",
+			Message: "Create realization successfully",
+			Data:    expense,
+		})
+}
+
+func (u *ExpenseController) UpdateRealization(c *fiber.Ctx) error {
+	expenseID := c.Params("id")
+	id, err := strconv.Atoi(expenseID)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid expense ID")
+	}
+
+	var req validation.UpdateRealization
+
+	form, err := c.MultipartForm()
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid multipart form")
+	}
+
+	req.Documents = form.File["documents"]
+
+	req.RealizationDate = c.FormValue("realization_date")
+
+	realizationsJSON := c.FormValue("realizations")
+	if realizationsJSON != "" {
+		if err := json.Unmarshal([]byte(realizationsJSON), &req.Realizations); err != nil {
+			return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid realizations JSON: %v", err))
+		}
+	}
+
+	expense, err := u.ExpenseService.UpdateRealization(c, uint(id), &req)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Update realization successfully",
+			Data:    expense,
+		})
+}
+
+func (u *ExpenseController) CompleteExpense(c *fiber.Ctx) error {
+	expenseID := c.Params("id")
+	id, err := strconv.Atoi(expenseID)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid expense ID")
+	}
+
+	expense, err := u.ExpenseService.CompleteExpense(c, uint(id), nil)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Complete expense successfully",
+			Data:    expense,
+		})
+}
+
+func (u *ExpenseController) DeleteDocument(c *fiber.Ctx) error {
+	expenseID, err := strconv.Atoi(c.Params("id"))
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid expense ID")
+	}
+
+	documentID, err := strconv.ParseUint(c.Params("documentId"), 10, 64)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid document ID")
+	}
+
+	if err := u.ExpenseService.DeleteDocument(c, uint(expenseID), documentID, false); err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Common{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Delete document successfully",
+		})
+}
+
+func (u *ExpenseController) DeleteRealizationDocument(c *fiber.Ctx) error {
+	expenseID, err := strconv.Atoi(c.Params("id"))
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid expense ID")
+	}
+
+	documentID, err := strconv.ParseUint(c.Params("documentId"), 10, 64)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid document ID")
+	}
+
+	if err := u.ExpenseService.DeleteDocument(c, uint(expenseID), documentID, true); err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Common{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Delete realization document successfully",
+		})
+}

internal/modules/expenses/dto/expense.dto.go

@@ -0,0 +1,321 @@
+package dto
+
+import (
+	"encoding/json"
+	"time"
+
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	approvalDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/approvals/dto"
+	locationDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/master/locations/dto"
+	nonstockDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/master/nonstocks/dto"
+	supplierDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/master/suppliers/dto"
+	userDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/users/dto"
+)
+
+// === DTO Structs ===
+
+type ExpenseRelationDTO struct {
+	Id          uint64    `json:"id"`
+	PoNumber    string    `json:"po_number"`
+	ExpenseDate time.Time `json:"expense_date"`
+	GrandTotal  float64   `json:"grand_total"`
+}
+
+type ExpenseBaseDTO struct {
+	Id              uint64                           `json:"id"`
+	ReferenceNumber string                           `json:"reference_number"`
+	PoNumber        string                           `json:"po_number"`
+	Category        string                           `json:"category"`
+	Supplier        *supplierDTO.SupplierRelationDTO `json:"supplier,omitempty"`
+	RealizationDate *time.Time                       `json:"realization_date,omitempty"`
+	ExpenseDate     time.Time                        `json:"expense_date"`
+	GrandTotal      float64                          `json:"grand_total"`
+	Location        *locationDTO.LocationRelationDTO `json:"location,omitempty"`
+}
+
+type ExpenseListDTO struct {
+	ExpenseBaseDTO
+	CreatedUser    *userDTO.UserRelationDTO         `json:"created_user,omitempty"`
+	CreatedAt      time.Time                        `json:"created_at"`
+	UpdatedAt      time.Time                        `json:"updated_at"`
+	LatestApproval *approvalDTO.ApprovalRelationDTO `json:"latest_approval,omitempty"`
+}
+
+type ExpenseDetailDTO struct {
+	ExpenseBaseDTO
+	Documents       []DocumentDTO                    `json:"documents,omitempty"`
+	RealizationDocs []DocumentDTO                    `json:"realization_docs,omitempty"`
+	Kandangs        []KandangGroupDTO                `json:"kandangs,omitempty"`
+	TotalPengajuan  float64                          `json:"total_pengajuan"`
+	TotalRealisasi  float64                          `json:"total_realisasi"`
+	CreatedAt       time.Time                        `json:"created_at"`
+	UpdatedAt       time.Time                        `json:"updated_at"`
+	CreatedUser     *userDTO.UserRelationDTO         `json:"created_user,omitempty"`
+	LatestApproval  *approvalDTO.ApprovalRelationDTO `json:"latest_approval,omitempty"`
+}
+
+type ExpenseNonstockDTO struct {
+	Id         uint64                           `json:"id"`
+	Qty        float64                          `json:"qty"`
+	UnitPrice  float64                          `json:"unit_price"`
+	TotalPrice float64                          `json:"total_price"`
+	Note       *string                          `json:"note,omitempty"`
+	Nonstock   *nonstockDTO.NonstockRelationDTO `json:"nonstock,omitempty"`
+}
+
+type ExpenseRealizationDTO struct {
+	Id         uint64                           `json:"id"`
+	Qty        float64                          `json:"qty"`
+	UnitPrice  float64                          `json:"unit_price"`
+	TotalPrice float64                          `json:"total_price"`
+	Note       *string                          `json:"note,omitempty"`
+	Nonstock   *nonstockDTO.NonstockRelationDTO `json:"nonstock,omitempty"`
+}
+
+type KandangGroupDTO struct {
+	Id         uint64                  `json:"id"`
+	KandangId  uint64                  `json:"kandang_id"`
+	Name       string                  `json:"name,omitempty"`
+	Pengajuans []ExpenseNonstockDTO    `json:"pengajuans,omitempty"`
+	Realisasi  []ExpenseRealizationDTO `json:"realisasi,omitempty"`
+}
+
+type DocumentDTO struct {
+	ID   uint64 `json:"id"`
+	Path string `json:"path"`
+}
+
+// === MAPPERS ===
+
+func ToExpenseRelationDTO(e entity.Expense) ExpenseRelationDTO {
+	return ExpenseRelationDTO{
+		Id:          e.Id,
+		PoNumber:    e.PoNumber,
+		ExpenseDate: e.ExpenseDate,
+		GrandTotal:  e.GrandTotal,
+	}
+}
+
+func ToExpenseBaseDTO(e *entity.Expense) ExpenseBaseDTO {
+	var location *locationDTO.LocationRelationDTO
+	var supplier *supplierDTO.SupplierRelationDTO
+
+	var realizationDate *time.Time
+	if !e.RealizationDate.IsZero() {
+		realizationDate = &e.RealizationDate
+	}
+
+	if len(e.Nonstocks) > 0 && e.Nonstocks[0].Kandang != nil {
+		if e.Nonstocks[0].Kandang.Location.Id != 0 {
+			mapped := locationDTO.ToLocationRelationDTO(e.Nonstocks[0].Kandang.Location)
+			location = &mapped
+		}
+	}
+
+	if e.Supplier != nil && e.Supplier.Id != 0 {
+		mapped := supplierDTO.ToSupplierRelationDTO(*e.Supplier)
+		supplier = &mapped
+	}
+
+	return ExpenseBaseDTO{
+		Id:              e.Id,
+		ReferenceNumber: e.ReferenceNumber,
+		PoNumber:        e.PoNumber,
+		Category:        e.Category,
+		Supplier:        supplier,
+		RealizationDate: realizationDate,
+		ExpenseDate:     e.ExpenseDate,
+		GrandTotal:      e.GrandTotal,
+		Location:        location,
+	}
+}
+
+func ToExpenseListDTO(e entity.Expense) ExpenseListDTO {
+	var createdUser *userDTO.UserRelationDTO
+	if e.CreatedUser.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(*e.CreatedUser)
+		createdUser = &mapped
+	}
+
+	var latestApproval *approvalDTO.ApprovalRelationDTO
+	if e.LatestApproval != nil {
+		mapped := approvalDTO.ToApprovalDTO(*e.LatestApproval)
+		latestApproval = &mapped
+	}
+
+	return ExpenseListDTO{
+		ExpenseBaseDTO: ToExpenseBaseDTO(&e),
+		CreatedUser:    createdUser,
+		CreatedAt:      e.CreatedAt,
+		UpdatedAt:      e.UpdatedAt,
+		LatestApproval: latestApproval,
+	}
+}
+
+func ToExpenseListDTOs(expenses []entity.Expense) []ExpenseListDTO {
+	result := make([]ExpenseListDTO, len(expenses))
+	for i, expense := range expenses {
+		result[i] = ToExpenseListDTO(expense)
+	}
+	return result
+}
+
+func ToExpenseDetailDTO(e *entity.Expense) ExpenseDetailDTO {
+	var documents []DocumentDTO
+	var realizationDocs []DocumentDTO
+	var createdUser *userDTO.UserRelationDTO
+	if e.CreatedUser != nil && e.CreatedUser.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(*e.CreatedUser)
+		createdUser = &mapped
+	}
+
+	var latestApproval *approvalDTO.ApprovalRelationDTO
+	if e.LatestApproval != nil {
+		mapped := approvalDTO.ToApprovalDTO(*e.LatestApproval)
+		latestApproval = &mapped
+	}
+
+	var pengajuans []ExpenseNonstockDTO
+	var realisasi []ExpenseRealizationDTO
+
+	if e.DocumentPath.Valid && e.DocumentPath.String != "" {
+		json.Unmarshal([]byte(e.DocumentPath.String), &documents)
+	}
+
+	if e.RealizationDocumentPath.Valid && e.RealizationDocumentPath.String != "" {
+		json.Unmarshal([]byte(e.RealizationDocumentPath.String), &realizationDocs)
+	}
+
+	if len(e.Nonstocks) > 0 {
+		pengajuans = make([]ExpenseNonstockDTO, 0)
+		realisasi = make([]ExpenseRealizationDTO, 0)
+
+		for _, ns := range e.Nonstocks {
+			pengajuanDTO := ToExpenseNonstockDTO(ns)
+
+			pengajuans = append(pengajuans, pengajuanDTO)
+
+			if ns.Realization != nil && ns.Realization.Id != 0 {
+				var nonstock *nonstockDTO.NonstockRelationDTO
+				if ns.Nonstock != nil && ns.Nonstock.Id != 0 {
+					mapped := nonstockDTO.ToNonstockRelationDTO(*ns.Nonstock)
+					nonstock = &mapped
+				}
+
+				realisasiDTO := ExpenseRealizationDTO{
+					Id:         ns.Realization.Id,
+					Qty:        ns.Realization.RealizationQty,
+					UnitPrice:  ns.Realization.RealizationUnitPrice,
+					TotalPrice: ns.Realization.RealizationTotalPrice,
+					Note:       ns.Realization.Note,
+					Nonstock:   nonstock,
+				}
+				realisasi = append(realisasi, realisasiDTO)
+			}
+		}
+	}
+
+	var totalPengajuan float64
+	for _, p := range pengajuans {
+		totalPengajuan += p.TotalPrice
+	}
+
+	var totalRealisasi float64
+	for _, r := range realisasi {
+		totalRealisasi += r.TotalPrice
+	}
+	kandangs := ToKandangGroupDTO(pengajuans, realisasi, e.Nonstocks)
+
+	return ExpenseDetailDTO{
+		ExpenseBaseDTO:  ToExpenseBaseDTO(e),
+		Documents:       documents,
+		RealizationDocs: realizationDocs,
+		CreatedUser:     createdUser,
+		Kandangs:        kandangs,
+		TotalPengajuan:  totalPengajuan,
+		TotalRealisasi:  totalRealisasi,
+		CreatedAt:       e.CreatedAt,
+		UpdatedAt:       e.UpdatedAt,
+		LatestApproval:  latestApproval,
+	}
+}
+
+func ToExpenseNonstockDTO(ns entity.ExpenseNonstock) ExpenseNonstockDTO {
+	var nonstock *nonstockDTO.NonstockRelationDTO
+	if ns.Nonstock != nil && ns.Nonstock.Id != 0 {
+		mapped := nonstockDTO.ToNonstockRelationDTO(*ns.Nonstock)
+		nonstock = &mapped
+	}
+
+	return ExpenseNonstockDTO{
+		Id:         ns.Id,
+		Qty:        ns.Qty,
+		UnitPrice:  ns.UnitPrice,
+		TotalPrice: ns.TotalPrice,
+		Note:       &ns.Note,
+		Nonstock:   nonstock,
+	}
+}
+
+func ToKandangGroupDTO(pengajuans []ExpenseNonstockDTO, realisasi []ExpenseRealizationDTO, nonstocks []entity.ExpenseNonstock) []KandangGroupDTO {
+	kandangMap := make(map[uint64]*KandangGroupDTO)
+
+	for _, p := range pengajuans {
+		var kandangId uint64
+		var kandangName string
+
+		for _, ns := range nonstocks {
+			if ns.Id == p.Id && ns.Kandang != nil {
+				kandangId = uint64(ns.Kandang.Id)
+				kandangName = ns.Kandang.Name
+				break
+			}
+		}
+
+		if kandangId > 0 {
+			if kandangMap[kandangId] == nil {
+				kandangMap[kandangId] = &KandangGroupDTO{
+					Id:         kandangId,
+					KandangId:  kandangId,
+					Name:       kandangName,
+					Pengajuans: []ExpenseNonstockDTO{},
+					Realisasi:  []ExpenseRealizationDTO{},
+				}
+			}
+			kandangMap[kandangId].Pengajuans = append(kandangMap[kandangId].Pengajuans, p)
+		}
+	}
+
+	for _, r := range realisasi {
+		var kandangId uint64
+		var kandangName string
+
+		for _, ns := range nonstocks {
+			if ns.Realization != nil && ns.Realization.Id == r.Id && ns.Kandang != nil {
+				kandangId = uint64(ns.Kandang.Id)
+				kandangName = ns.Kandang.Name
+				break
+			}
+		}
+
+		if kandangId > 0 {
+			if kandangMap[kandangId] == nil {
+				kandangMap[kandangId] = &KandangGroupDTO{
+					Id:         kandangId,
+					KandangId:  kandangId,
+					Name:       kandangName,
+					Pengajuans: []ExpenseNonstockDTO{},
+					Realisasi:  []ExpenseRealizationDTO{},
+				}
+			}
+			kandangMap[kandangId].Realisasi = append(kandangMap[kandangId].Realisasi, r)
+		}
+	}
+
+	var kandangs []KandangGroupDTO
+	for _, k := range kandangMap {
+		kandangs = append(kandangs, *k)
+	}
+
+	return kandangs
+}

internal/modules/expenses/module.go

@@ -0,0 +1,47 @@
+package expenses
+
+import (
+	"fmt"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+
+	commonRepo "gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	commonSvc "gitlab.com/mbugroup/lti-api.git/internal/common/service"
+	rExpense "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/repositories"
+	sExpense "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/services"
+
+	rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
+	sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+
+	rNonstock "gitlab.com/mbugroup/lti-api.git/internal/modules/master/nonstocks/repositories"
+	rSupplier "gitlab.com/mbugroup/lti-api.git/internal/modules/master/suppliers/repositories"
+	rProjectFlockKandang "gitlab.com/mbugroup/lti-api.git/internal/modules/production/project_flocks/repositories"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"
+)
+
+type ExpenseModule struct{}
+
+func (ExpenseModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
+	expenseRepo := rExpense.NewExpenseRepository(db)
+	userRepo := rUser.NewUserRepository(db)
+	supplierRepo := rSupplier.NewSupplierRepository(db)
+	nonstockRepo := rNonstock.NewNonstockRepository(db)
+	approvalRepo := commonRepo.NewApprovalRepository(db)
+	realizationRepo := rExpense.NewExpenseRealizationRepository(db)
+	projectFlockKandangRepo := rProjectFlockKandang.NewProjectFlockKandangRepository(db)
+
+	approvalSvc := commonSvc.NewApprovalService(approvalRepo)
+
+	// Register workflow steps for EXPENSES approval
+	if err := approvalSvc.RegisterWorkflowSteps(utils.ApprovalWorkflowExpense, utils.ExpenseApprovalSteps); err != nil {
+		panic(fmt.Sprintf("failed to register expense approval workflow: %v", err))
+	}
+
+	expenseService := sExpense.NewExpenseService(expenseRepo, supplierRepo, nonstockRepo, approvalSvc, realizationRepo, projectFlockKandangRepo, validate)
+	userService := sUser.NewUserService(userRepo, validate)
+
+	ExpenseRoutes(router, userService, expenseService)
+}

internal/modules/expenses/repositories/expense.repository.go

@@ -0,0 +1,51 @@
+package repository
+
+import (
+	"context"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gorm.io/gorm"
+)
+
+type ExpenseRepository interface {
+	repository.BaseRepository[entity.Expense]
+	IdExists(ctx context.Context, id uint64) (bool, error)
+	GetNextSequence(ctx context.Context) (int, error)
+	GetWithSupplier(ctx context.Context, id uint64) (*entity.Expense, error)
+}
+
+type ExpenseRepositoryImpl struct {
+	*repository.BaseRepositoryImpl[entity.Expense]
+}
+
+func NewExpenseRepository(db *gorm.DB) ExpenseRepository {
+	return &ExpenseRepositoryImpl{
+		BaseRepositoryImpl: repository.NewBaseRepository[entity.Expense](db),
+	}
+}
+
+func (r *ExpenseRepositoryImpl) IdExists(ctx context.Context, id uint64) (bool, error) {
+	return repository.Exists[entity.Expense](ctx, r.DB(), uint(id))
+}
+
+func (r *ExpenseRepositoryImpl) GetNextSequence(ctx context.Context) (int, error) {
+	var sequence int
+	err := r.DB().Raw("SELECT nextval('expenses_ref_seq')").Scan(&sequence).Error
+	if err != nil {
+		return 0, err
+	}
+	return sequence, nil
+}
+
+func (r *ExpenseRepositoryImpl) GetWithSupplier(ctx context.Context, id uint64) (*entity.Expense, error) {
+	var expense entity.Expense
+	err := r.DB().WithContext(ctx).
+		Where("id = ?", id).
+		Preload("Supplier").
+		First(&expense).Error
+	if err != nil {
+		return nil, err
+	}
+	return &expense, nil
+}

internal/modules/expenses/repositories/expense_nonstock.repository.go

@@ -0,0 +1,55 @@
+package repository
+
+import (
+	"context"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gorm.io/gorm"
+)
+
+type ExpenseNonstockRepository interface {
+	repository.BaseRepository[entity.ExpenseNonstock]
+	IdExists(ctx context.Context, id uint64) (bool, error)
+	GetByExpenseID(ctx context.Context, expenseID uint64, id uint64) (bool, error)
+	GetWithRelations(ctx context.Context, id uint64) (*entity.ExpenseNonstock, error)
+}
+
+type ExpenseNonstockRepositoryImpl struct {
+	*repository.BaseRepositoryImpl[entity.ExpenseNonstock]
+}
+
+func NewExpenseNonstockRepository(db *gorm.DB) ExpenseNonstockRepository {
+	return &ExpenseNonstockRepositoryImpl{
+		BaseRepositoryImpl: repository.NewBaseRepository[entity.ExpenseNonstock](db),
+	}
+}
+
+func (r *ExpenseNonstockRepositoryImpl) IdExists(ctx context.Context, id uint64) (bool, error) {
+	return repository.Exists[entity.ExpenseNonstock](ctx, r.DB(), uint(id))
+}
+
+func (r *ExpenseNonstockRepositoryImpl) GetByExpenseID(ctx context.Context, expenseID uint64, id uint64) (bool, error) {
+	var count int64
+	err := r.DB().WithContext(ctx).Model(&entity.ExpenseNonstock{}).
+		Where("id = ? AND expense_id = ?", id, expenseID).
+		Count(&count).Error
+	if err != nil {
+		return false, err
+	}
+	return count > 0, nil
+}
+
+func (r *ExpenseNonstockRepositoryImpl) GetWithRelations(ctx context.Context, id uint64) (*entity.ExpenseNonstock, error) {
+	var expenseNonstock entity.ExpenseNonstock
+	err := r.DB().WithContext(ctx).
+		Where("id = ?", id).
+		Preload("Nonstock", func(db *gorm.DB) *gorm.DB {
+			return db.Preload("Suppliers")
+		}).
+		First(&expenseNonstock).Error
+	if err != nil {
+		return nil, err
+	}
+	return &expenseNonstock, nil
+}

internal/modules/expenses/repositories/expense_realization.repository.go

@@ -0,0 +1,40 @@
+package repository
+
+import (
+	"context"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gorm.io/gorm"
+)
+
+type ExpenseRealizationRepository interface {
+	repository.BaseRepository[entity.ExpenseRealization]
+	IdExists(ctx context.Context, id uint64) (bool, error)
+	GetByExpenseNonstockID(ctx context.Context, expenseNonstockID uint64) (*entity.ExpenseRealization, error)
+}
+
+type ExpenseRealizationRepositoryImpl struct {
+	*repository.BaseRepositoryImpl[entity.ExpenseRealization]
+}
+
+func NewExpenseRealizationRepository(db *gorm.DB) ExpenseRealizationRepository {
+	return &ExpenseRealizationRepositoryImpl{
+		BaseRepositoryImpl: repository.NewBaseRepository[entity.ExpenseRealization](db),
+	}
+}
+
+func (r *ExpenseRealizationRepositoryImpl) IdExists(ctx context.Context, id uint64) (bool, error) {
+	return repository.Exists[entity.ExpenseRealization](ctx, r.DB(), uint(id))
+}
+
+func (r *ExpenseRealizationRepositoryImpl) GetByExpenseNonstockID(ctx context.Context, expenseNonstockID uint64) (*entity.ExpenseRealization, error) {
+	var realization entity.ExpenseRealization
+	err := r.DB().WithContext(ctx).
+		Where("expense_nonstock_id = ?", expenseNonstockID).
+		First(&realization).Error
+	if err != nil {
+		return nil, err
+	}
+	return &realization, nil
+}

internal/modules/expenses/route.go

@@ -0,0 +1,35 @@
+package expenses
+
+import (
+	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/controllers"
+	expense "gitlab.com/mbugroup/lti-api.git/internal/modules/expenses/services"
+	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+func ExpenseRoutes(v1 fiber.Router, u user.UserService, s expense.ExpenseService) {
+	ctrl := controller.NewExpenseController(s)
+
+	route := v1.Group("/expenses")
+
+	// route.Get("/", m.Auth(u), ctrl.GetAll)
+	// route.Post("/", m.Auth(u), ctrl.CreateOne)
+	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
+	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
+	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
+
+	route.Get("/", ctrl.GetAll)
+	route.Post("/", ctrl.CreateOne)
+	route.Get("/:id", ctrl.GetOne)
+	route.Patch("/:id", ctrl.UpdateOne)
+	route.Delete("/:id", ctrl.DeleteOne)
+	route.Post("/approvals/manager", ctrl.Approval)
+	route.Post("/approvals/finance", ctrl.Approval)
+	route.Post("/:id/realizations", ctrl.CreateRealization)
+	route.Patch("/:id/realizations", ctrl.UpdateRealization)
+	route.Post("/:id/complete", ctrl.CompleteExpense)
+	route.Delete("/:id/documents/:documentId", ctrl.DeleteDocument)
+	route.Delete("/:id/realization-documents/:documentId", ctrl.DeleteRealizationDocument)
+}

internal/modules/expenses/validations/expense.validation.go

@@ -0,0 +1,64 @@
+package validation
+
+import (
+	"mime/multipart"
+)
+
+type Create struct {
+	PoNumber        string                  `form:"po_number" json:"po_number" validate:"omitempty,max=50"`
+	TransactionDate string                  `form:"transaction_date" json:"transaction_date" validate:"required,datetime=2006-01-02"`
+	Category        string                  `form:"category" json:"category" validate:"required,oneof=BOP NON-BOP"`
+	SupplierID      uint64                  `form:"supplier_id" json:"supplier_id" validate:"required,gt=0"`
+	Documents       []*multipart.FileHeader `form:"documents" json:"documents" validate:"omitempty,dive"`
+	CostPerKandangs []CostPerKandang        `form:"cost_per_kandangs" json:"cost_per_kandangs" validate:"required,min=1,dive"`
+}
+
+type CostPerKandang struct {
+	KandangID uint64     `form:"kandang_id" json:"kandang_id" validate:"required,gt=0"`
+	CostItems []CostItem `form:"cost_items" json:"cost_items" validate:"required,min=1,dive"`
+}
+
+type CostItem struct {
+	NonstockID uint64  `form:"nonstock_id" json:"nonstock_id" validate:"required,gt=0"`
+	Quantity   float64 `form:"quantity" json:"quantity" validate:"required,gt=0"`
+	TotalCost  float64 `form:"total_cost" json:"total_cost" validate:"required,gt=0"`
+	Notes      string  `form:"notes" json:"notes" validate:"required,max=500"`
+}
+
+type Update struct {
+	TransactionDate *string                 `form:"transaction_date" json:"transaction_date" validate:"omitempty,datetime=2006-01-02"`
+	CostPerKandang  *[]CostPerKandang       `form:"cost_per_kandang" json:"cost_per_kandang" validate:"omitempty,min=1,dive"`
+	Documents       []*multipart.FileHeader `form:"documents" json:"documents" validate:"omitempty,dive"`
+}
+
+type Query struct {
+	Page   int    `query:"page" validate:"omitempty,number,min=1,gt=0"`
+	Limit  int    `query:"limit" validate:"omitempty,number,min=1,max=100,gt=0"`
+	Search string `query:"search" validate:"omitempty,max=50"`
+}
+
+type CreateRealization struct {
+	RealizationDate string                  `form:"realization_date" json:"realization_date" validate:"required,datetime=2006-01-02"`
+	Documents       []*multipart.FileHeader `form:"documents" json:"documents" validate:"omitempty,dive"`
+	Realizations    []RealizationItem       `form:"realizations" json:"realizations" validate:"required,min=1,dive"`
+}
+
+type UpdateRealization struct {
+	RealizationDate string                  `form:"realization_date" json:"realization_date" validate:"omitempty,datetime=2006-01-02"`
+	Documents       []*multipart.FileHeader `form:"documents" json:"documents" validate:"omitempty,dive"`
+	Realizations    []RealizationItem       `form:"realizations" json:"realizations" validate:"required,min=1,dive"`
+}
+
+type RealizationItem struct {
+	ExpenseNonstockID uint64  `form:"expense_nonstock_id" json:"expense_nonstock_id" validate:"required,gt=0"`
+	Qty               float64 `form:"qty" json:"qty" validate:"required,gt=0"`
+	UnitPrice         float64 `form:"unit_price" json:"unit_price" validate:"required,gt=0"`
+	TotalPrice        float64 `form:"total_price" json:"total_price" validate:"required,gt=0"`
+	Notes             *string `form:"notes" json:"notes" validate:"omitempty,max=500"`
+}
+
+type ApprovalRequest struct {
+	Action        string  `json:"action" form:"action" validate:"required,oneof=APPROVED REJECTED"`
+	ApprovableIds []uint  `json:"approvable_ids" validate:"required,min=1,dive,gt=0"`
+	Notes         *string `json:"notes" form:"notes"`
+}

internal/modules/inventory/adjustments/dto/adjustment.dto.go

@@ -10,28 +10,28 @@ import (
 
 // === DTO Structs ===
 
-type ProductBaseDTO struct {
-	Id              uint                                       `json:"id"`
-	Name            string                                     `json:"name"`
-	SKU             string                                     `json:"sku"`
-	ProductCategory *productCategoryDTO.ProductCategoryBaseDTO `json:"product_category,omitempty"`
+type ProductRelationDTO struct {
+	Id              uint                                           `json:"id"`
+	Name            string                                         `json:"name"`
+	SKU             string                                         `json:"sku"`
+	ProductCategory *productCategoryDTO.ProductCategoryRelationDTO `json:"product_category,omitempty"`
 }
 
-type WarehouseBaseDTO struct {
+type WarehouseRelationDTO struct {
 	Id   uint   `json:"id"`
 	Name string `json:"name"`
 }
 
 type ProductWarehouseDTO struct {
-	Id          uint              `json:"id"`
-	ProductId   uint              `json:"product_id"`
-	WarehouseId uint              `json:"warehouse_id"`
-	Quantity    float64           `json:"quantity"`
-	Product     *ProductBaseDTO   `json:"product,omitempty"`
-	Warehouse   *WarehouseBaseDTO `json:"warehouse,omitempty"`
+	Id          uint                  `json:"id"`
+	ProductId   uint                  `json:"product_id"`
+	WarehouseId uint                  `json:"warehouse_id"`
+	Quantity    float64               `json:"quantity"`
+	Product     *ProductRelationDTO   `json:"product,omitempty"`
+	Warehouse   *WarehouseRelationDTO `json:"warehouse,omitempty"`
 }
 
-type AdjustmentBaseDTO struct {
+type AdjustmentRelationDTO struct {
 	Id                 uint                 `json:"id"`
 	TransactionType    string               `json:"transaction_type"`
 	Quantity           float64              `json:"quantity"`
@@ -43,9 +43,9 @@ type AdjustmentBaseDTO struct {
 }
 
 type AdjustmentListDTO struct {
-	AdjustmentBaseDTO
-	CreatedUser *userDTO.UserBaseDTO `json:"created_user,omitempty"`
-	CreatedAt   time.Time            `json:"created_at"`
+	AdjustmentRelationDTO
+	CreatedUser *userDTO.UserRelationDTO `json:"created_user,omitempty"`
+	CreatedAt   time.Time                `json:"created_at"`
 }
 
 type AdjustmentDetailDTO struct {
@@ -55,7 +55,7 @@ type AdjustmentDetailDTO struct {
 
 // === Mapper Functions ===
 
-func ToProductBaseDTO(e *entity.Product) *ProductBaseDTO {
+func ToProductRelationDTO(e *entity.Product) *ProductRelationDTO {
 	if e == nil {
 		return nil
 	}
@@ -64,13 +64,13 @@ func ToProductBaseDTO(e *entity.Product) *ProductBaseDTO {
 		sku = *e.Sku
 	}
 
-	var category *productCategoryDTO.ProductCategoryBaseDTO
+	var category *productCategoryDTO.ProductCategoryRelationDTO
 	if e.ProductCategory.Id != 0 {
-		mapped := productCategoryDTO.ToProductCategoryBaseDTO(e.ProductCategory)
+		mapped := productCategoryDTO.ToProductCategoryRelationDTO(e.ProductCategory)
 		category = &mapped
 	}
 
-	return &ProductBaseDTO{
+	return &ProductRelationDTO{
 		Id:              e.Id,
 		Name:            e.Name,
 		SKU:             sku,
@@ -78,11 +78,11 @@ func ToProductBaseDTO(e *entity.Product) *ProductBaseDTO {
 	}
 }
 
-func ToWarehouseBaseDTO(e *entity.Warehouse) *WarehouseBaseDTO {
+func ToWarehouseRelationDTO(e *entity.Warehouse) *WarehouseRelationDTO {
 	if e == nil {
 		return nil
 	}
-	return &WarehouseBaseDTO{
+	return &WarehouseRelationDTO{
 		Id:   e.Id,
 		Name: e.Name,
 	}
@@ -97,13 +97,13 @@ func ToProductWarehouseDTO(e *entity.ProductWarehouse) *ProductWarehouseDTO {
 		ProductId:   e.ProductId,
 		WarehouseId: e.WarehouseId,
 		Quantity:    e.Quantity,
-		Product:     ToProductBaseDTO(&e.Product),
-		Warehouse:   ToWarehouseBaseDTO(&e.Warehouse),
+		Product:     ToProductRelationDTO(&e.Product),
+		Warehouse:   ToWarehouseRelationDTO(&e.Warehouse),
 	}
 }
 
-func ToAdjustmentBaseDTO(e *entity.StockLog) AdjustmentBaseDTO {
-	return AdjustmentBaseDTO{
+func ToAdjustmentRelationDTO(e *entity.StockLog) AdjustmentRelationDTO {
+	return AdjustmentRelationDTO{
 		Id:                 e.Id,
 		TransactionType:    e.TransactionType,
 		Quantity:           e.Quantity,
@@ -116,9 +116,9 @@ func ToAdjustmentBaseDTO(e *entity.StockLog) AdjustmentBaseDTO {
 }
 
 func ToAdjustmentListDTO(e *entity.StockLog) AdjustmentListDTO {
-	var createdUser *userDTO.UserBaseDTO
+	var createdUser *userDTO.UserRelationDTO
 	if e.CreatedUser != nil {
-		createdUser = &userDTO.UserBaseDTO{
+		createdUser = &userDTO.UserRelationDTO{
 			Id:     e.CreatedUser.Id,
 			IdUser: e.CreatedUser.IdUser,
 			Email:  e.CreatedUser.Email,
@@ -127,9 +127,9 @@ func ToAdjustmentListDTO(e *entity.StockLog) AdjustmentListDTO {
 	}
 
 	return AdjustmentListDTO{
-		AdjustmentBaseDTO: ToAdjustmentBaseDTO(e),
-		CreatedUser:       createdUser,
-		CreatedAt:         e.CreatedAt,
+		AdjustmentRelationDTO: ToAdjustmentRelationDTO(e),
+		CreatedUser:           createdUser,
+		CreatedAt:             e.CreatedAt,
 	}
 }
 

internal/modules/inventory/marketing-delivery-products/repositories/marketing-delivery-products.repository.go

@@ -0,0 +1,51 @@
+package repository
+
+import (
+	"context"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	"gorm.io/gorm"
+)
+
+type MarketingDeliveryProductRepository interface {
+	repository.BaseRepository[entity.MarketingDeliveryProduct]
+	GetByMarketingProductID(ctx context.Context, marketingProductID uint) (*entity.MarketingDeliveryProduct, error)
+	GetByMarketingId(ctx context.Context, marketingId uint) ([]entity.MarketingDeliveryProduct, error)
+}
+
+type MarketingDeliveryProductRepositoryImpl struct {
+	*repository.BaseRepositoryImpl[entity.MarketingDeliveryProduct]
+}
+
+func NewMarketingDeliveryProductRepository(db *gorm.DB) MarketingDeliveryProductRepository {
+	return &MarketingDeliveryProductRepositoryImpl{
+		BaseRepositoryImpl: repository.NewBaseRepository[entity.MarketingDeliveryProduct](db),
+	}
+}
+
+func (r *MarketingDeliveryProductRepositoryImpl) GetByMarketingProductID(ctx context.Context, marketingProductID uint) (*entity.MarketingDeliveryProduct, error) {
+	var deliveryProduct entity.MarketingDeliveryProduct
+	if err := r.DB().WithContext(ctx).Where("marketing_product_id = ?", marketingProductID).First(&deliveryProduct).Error; err != nil {
+		return nil, err
+	}
+	return &deliveryProduct, nil
+}
+
+func (r *MarketingDeliveryProductRepositoryImpl) GetByMarketingId(ctx context.Context, marketingId uint) ([]entity.MarketingDeliveryProduct, error) {
+	var deliveryProducts []entity.MarketingDeliveryProduct
+
+	// Raw query untuk mengambil delivery products berdasarkan marketing ID dengan preload MarketingProduct
+	// Filter: hanya ambil yang sudah memiliki delivery_date (delivery date tidak null)
+	if err := r.DB().WithContext(ctx).
+		Preload("MarketingProduct").
+		Joins("INNER JOIN marketing_products mp ON marketing_delivery_products.marketing_product_id = mp.id").
+		Where("mp.marketing_id = ?", marketingId).
+		Where("marketing_delivery_products.delivery_date IS NOT NULL").
+		Order("marketing_delivery_products.id ASC").
+		Find(&deliveryProducts).Error; err != nil {
+		return nil, err
+	}
+
+	return deliveryProducts, nil
+}

internal/modules/inventory/product-warehouses/controllers/product_warehouse.controller.go

@@ -29,6 +29,7 @@ func (u *ProductWarehouseController) GetAll(c *fiber.Ctx) error {
 		ProductId:   uint(c.QueryInt("product_id", 0)),
 		WarehouseId: uint(c.QueryInt("warehouse_id", 0)),
 		Flags:       c.Query("flags", ""),
+		KandangId:   uint(c.QueryInt("kandang_id", 0)),
 	}
 
 	if query.Page < 1 || query.Limit < 1 {

internal/modules/inventory/product-warehouses/dto/product_warehouse.dto.go

@@ -4,27 +4,34 @@ import (
 	"time"
 
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	productDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/master/products/dto"
 )
 
 // === DTO Structs ===
 
-type ProductWarehouseBaseDTO struct {
+type ProductWarehouseRelationDTO struct {
 	Id          uint    `json:"id"`
 	ProductId   uint    `json:"product_id"`
 	WarehouseId uint    `json:"warehouse_id"`
 	Quantity    float64 `json:"quantity"`
 }
 
-type ProductWarehouseListDTO struct {
-	ProductWarehouseBaseDTO
-	Product     *ProductBaseDTO   `json:"product,omitempty"`
-	Warehouse   *WarehouseBaseDTO `json:"warehouse,omitempty"`
-	CreatedUser *UserBaseDTO      `json:"created_user,omitempty"`
-	CreatedAt   time.Time         `json:"created_at"`
-	UpdatedAt   time.Time         `json:"updated_at"`
+type ProductWarehousNestedDTO struct {
+	Id        uint                           `json:"id"`
+	Product   *productDTO.ProductRelationDTO `json:"product,omitempty"`
+	Warehouse *WarehouseRelationDTO          `json:"warehouse,omitempty"`
 }
 
-type UserBaseDTO struct {
+type ProductWarehouseListDTO struct {
+	ProductWarehouseRelationDTO
+	Product     *productDTO.ProductRelationDTO `json:"product,omitempty"`
+	Warehouse   *WarehouseRelationDTO          `json:"warehouse,omitempty"`
+	CreatedUser *UserRelationDTO               `json:"created_user,omitempty"`
+	CreatedAt   time.Time                      `json:"created_at"`
+	UpdatedAt   time.Time                      `json:"updated_at"`
+}
+
+type UserRelationDTO struct {
 	Id       uint   `json:"id"`
 	Username string `json:"username"`
 }
@@ -34,40 +41,40 @@ type ProductWarehouseDetailDTO struct {
 }
 
 // Nested DTOs for relations
-type ProductBaseDTO struct {
+type ProductRelationDTO struct {
 	Id    uint     `json:"id"`
 	Name  string   `json:"name"`
 	Sku   string   `json:"sku"`
 	Flags []string `json:"flags"`
 }
 
-type WarehouseBaseDTO struct {
-	Id       uint             `json:"id"`
-	Name     string           `json:"name"`
-	Kandang  *KandangBaseDTO  `json:"kandang,omitempty"`
-	Location *LocationBaseDTO `json:"location,omitempty"`
-	Area     *AreaBaseDTO     `json:"area,omitempty"`
+type WarehouseRelationDTO struct {
+	Id       uint                 `json:"id"`
+	Name     string               `json:"name"`
+	Kandang  *KandangRelationDTO  `json:"kandang,omitempty"`
+	Location *LocationRelationDTO `json:"location,omitempty"`
+	Area     *AreaRelationDTO     `json:"area,omitempty"`
 }
 
-type KandangBaseDTO struct {
+type KandangRelationDTO struct {
 	Id   uint   `json:"id"`
 	Name string `json:"name"`
 }
 
-type LocationBaseDTO struct {
+type LocationRelationDTO struct {
 	Id   uint   `json:"id"`
 	Name string `json:"name"`
 }
 
-type AreaBaseDTO struct {
+type AreaRelationDTO struct {
 	Id   uint   `json:"id"`
 	Name string `json:"name"`
 }
 
 // === Mapper Functions ===
 
-func ToProductWarehouseBaseDTO(e entity.ProductWarehouse) ProductWarehouseBaseDTO {
-	return ProductWarehouseBaseDTO{
+func ToProductWarehouseRelationDTO(e entity.ProductWarehouse) ProductWarehouseRelationDTO {
+	return ProductWarehouseRelationDTO{
 		Id:          e.Id,
 		ProductId:   e.ProductId,   // Field yang benar dari entity
 		WarehouseId: e.WarehouseId, // Field yang benar dari entity
@@ -75,53 +82,55 @@ func ToProductWarehouseBaseDTO(e entity.ProductWarehouse) ProductWarehouseBaseDT
 	}
 }
 
+func ToProductWarehouseNestedDTO(e entity.ProductWarehouse) ProductWarehousNestedDTO {
+	product := productDTO.ToProductRelationDTO(e.Product)
+
+	return ProductWarehousNestedDTO{
+		Id:      e.Id,
+		Product: &product,
+		Warehouse: &WarehouseRelationDTO{
+			Id:   e.Warehouse.Id,
+			Name: e.Warehouse.Name,
+		},
+	}
+}
+
 func ToProductWarehouseListDTO(e entity.ProductWarehouse) ProductWarehouseListDTO {
 	dto := ProductWarehouseListDTO{
-		ProductWarehouseBaseDTO: ToProductWarehouseBaseDTO(e),
-		CreatedAt:               e.CreatedAt,
-		UpdatedAt:               e.UpdatedAt,
+		ProductWarehouseRelationDTO: ToProductWarehouseRelationDTO(e),
+		CreatedAt:                   e.CreatedAt,
+		UpdatedAt:                   e.UpdatedAt,
 	}
 
 	// Map Product relation jika ada
 	if e.Product.Id != 0 {
-		product := ProductBaseDTO{
-			Id:   e.Product.Id,
-			Name: e.Product.Name,
-		}
-		if e.Product.Sku != nil {
-			product.Sku = *e.Product.Sku
-		}
-		if len(e.Product.Flags) > 0 {
-			for _, f := range e.Product.Flags {
-				product.Flags = append(product.Flags, f.Name)
-			}
-		}
+		product := productDTO.ToProductRelationDTO(e.Product)
 		dto.Product = &product
 	}
 
 	// Map Warehouse relation jika ada
 	if e.Warehouse.Id != 0 {
-		warehouse := WarehouseBaseDTO{
+		warehouse := WarehouseRelationDTO{
 			Id:   e.Warehouse.Id,
 			Name: e.Warehouse.Name,
 		}
 		// Map Kandang jika ada
 		if e.Warehouse.Kandang != nil && e.Warehouse.Kandang.Id != 0 {
-			warehouse.Kandang = &KandangBaseDTO{
+			warehouse.Kandang = &KandangRelationDTO{
 				Id:   e.Warehouse.Kandang.Id,
 				Name: e.Warehouse.Kandang.Name,
 			}
 		}
 		// Map Location jika ada
 		if e.Warehouse.Location != nil && e.Warehouse.Location.Id != 0 {
-			warehouse.Location = &LocationBaseDTO{
+			warehouse.Location = &LocationRelationDTO{
 				Id:   e.Warehouse.Location.Id,
 				Name: e.Warehouse.Location.Name,
 			}
 		}
 
-		if &e.Warehouse.Area != nil && e.Warehouse.Area.Id != 0 {
-			warehouse.Area = &AreaBaseDTO{
+		if e.Warehouse.Area.Id != 0 {
+			warehouse.Area = &AreaRelationDTO{
 				Id:   e.Warehouse.Area.Id,
 				Name: e.Warehouse.Area.Name,
 			}
@@ -132,7 +141,7 @@ func ToProductWarehouseListDTO(e entity.ProductWarehouse) ProductWarehouseListDT
 
 	// Map CreatedUser relation jika ada
 	if e.CreatedUser.Id != 0 {
-		user := UserBaseDTO{
+		user := UserRelationDTO{
 			Id:       e.CreatedUser.Id,
 			Username: e.CreatedUser.Name,
 		}
@@ -156,22 +165,22 @@ func ToProductWarehouseDetailDTO(e entity.ProductWarehouse) ProductWarehouseDeta
 	}
 }
 
-func ToKandangBaseDTO(e entity.Kandang) KandangBaseDTO {
-	return KandangBaseDTO{
+func ToKandangRelationDTO(e entity.Kandang) KandangRelationDTO {
+	return KandangRelationDTO{
 		Id:   e.Id,
 		Name: e.Name,
 	}
 }
 
-func ToLocationBaseDTO(e entity.Location) LocationBaseDTO {
-	return LocationBaseDTO{
+func ToLocationRelationDTO(e entity.Location) LocationRelationDTO {
+	return LocationRelationDTO{
 		Id:   e.Id,
 		Name: e.Name,
 	}
 }
 
-func ToAreaBaseDTO(e entity.Area) AreaBaseDTO {
-	return AreaBaseDTO{
+func ToAreaRelationDTO(e entity.Area) AreaRelationDTO {
+	return AreaRelationDTO{
 		Id:   e.Id,
 		Name: e.Name,
 	}

internal/modules/inventory/product-warehouses/module.go

@@ -7,6 +7,7 @@ import (
 
 	rProductWarehouse "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/repositories"
 	sProductWarehouse "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/services"
+	rKandang "gitlab.com/mbugroup/lti-api.git/internal/modules/master/kandangs/repositories"
 
 	rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
 	sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -17,10 +18,10 @@ type ProductWarehouseModule struct{}
 func (ProductWarehouseModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
 	productWarehouseRepo := rProductWarehouse.NewProductWarehouseRepository(db)
 	userRepo := rUser.NewUserRepository(db)
+	kandangRepo := rKandang.NewKandangRepository(db)
 
-	productWarehouseService := sProductWarehouse.NewProductWarehouseService(productWarehouseRepo, validate)
+	productWarehouseService := sProductWarehouse.NewProductWarehouseService(productWarehouseRepo, validate, kandangRepo)
 	userService := sUser.NewUserService(userRepo, validate)
 
 	ProductWarehouseRoutes(router, userService, productWarehouseService)
 }
-

internal/modules/inventory/product-warehouses/repositories/product_warehouse.repository.go

@@ -2,6 +2,7 @@ package repository
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"gitlab.com/mbugroup/lti-api.git/internal/common/repository"
@@ -23,6 +24,10 @@ type ProductWarehouseRepository interface {
 	GetFirstProductByFlag(ctx context.Context, flagName string) (*entity.Product, error)
 	ApplyFlagsFilter(db *gorm.DB, flags []string) *gorm.DB
 	AdjustQuantities(ctx context.Context, deltas map[uint]float64, modifier func(*gorm.DB) *gorm.DB) error
+	GetDetailByID(ctx context.Context, id uint) (*entity.ProductWarehouse, error)
+	IdExists(ctx context.Context, id uint) (bool, error)
+	CleanupEmpty(ctx context.Context, affected map[uint]struct{}) error
+	EnsureProductWarehouse(ctx context.Context, productID, warehouseID uint, createdBy uint64) (uint, error)
 }
 
 type ProductWarehouseRepositoryImpl struct {
@@ -46,6 +51,10 @@ func (r *ProductWarehouseRepositoryImpl) ExistsByID(ctx context.Context, id uint
 	return repository.Exists[entity.ProductWarehouse](ctx, r.DB(), id)
 }
 
+func (r *ProductWarehouseRepositoryImpl) IdExists(ctx context.Context, id uint) (bool, error) {
+	return repository.Exists[entity.ProductWarehouse](ctx, r.DB(), id)
+}
+
 func (r *ProductWarehouseRepositoryImpl) ProductWarehouseExists(ctx context.Context, productId, warehouseId uint, excludeID *uint) (bool, error) {
 	var count int64
 	query := r.DB().WithContext(ctx).Model(&entity.ProductWarehouse{}).
@@ -149,6 +158,87 @@ func (r *ProductWarehouseRepositoryImpl) AdjustQuantities(ctx context.Context, d
 	return nil
 }
 
+func (r *ProductWarehouseRepositoryImpl) CleanupEmpty(ctx context.Context, affected map[uint]struct{}) error {
+	if len(affected) == 0 {
+		return nil
+	}
+
+	ids := make([]uint, 0, len(affected))
+	for id := range affected {
+		ids = append(ids, id)
+	}
+
+	var emptyIDs []uint
+	if err := r.DB().WithContext(ctx).
+		Model(&entity.ProductWarehouse{}).
+		Where("id IN ? AND COALESCE(quantity,0) <= 0", ids).
+		Pluck("id", &emptyIDs).Error; err != nil {
+		return err
+	}
+	if len(emptyIDs) == 0 {
+		return nil
+	}
+
+	if err := r.DB().WithContext(ctx).
+		Model(&entity.PurchaseItem{}).
+		Where("product_warehouse_id IN ?", emptyIDs).
+		Update("product_warehouse_id", nil).Error; err != nil {
+		return err
+	}
+
+	if err := r.DB().WithContext(ctx).
+		Where("id IN ?", emptyIDs).
+		Delete(&entity.ProductWarehouse{}).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *ProductWarehouseRepositoryImpl) EnsureProductWarehouse(
+	ctx context.Context,
+	productID uint,
+	warehouseID uint,
+	createdBy uint64,
+) (uint, error) {
+	record, err := r.GetProductWarehouseByProductAndWarehouseID(ctx, productID, warehouseID)
+	if err == nil {
+		return record.Id, nil
+	}
+	if !errors.Is(err, gorm.ErrRecordNotFound) {
+		return 0, err
+	}
+
+	entity := &entity.ProductWarehouse{
+		ProductId:   productID,
+		WarehouseId: warehouseID,
+		Quantity:    0,
+		CreatedBy:   uint(createdBy),
+	}
+	if entity.CreatedBy == 0 {
+		entity.CreatedBy = 1
+	}
+
+	if err := r.CreateOne(ctx, entity, nil); err != nil {
+		return 0, err
+	}
+	return entity.Id, nil
+}
+
+func (r *ProductWarehouseRepositoryImpl) GetDetailByID(ctx context.Context, id uint) (*entity.ProductWarehouse, error) {
+	var productWarehouse entity.ProductWarehouse
+	err := r.DB().WithContext(ctx).
+		Preload("Product").
+		Preload("Warehouse").
+		Preload("Warehouse.Area").
+		Preload("Warehouse.Location").
+		First(&productWarehouse, id).Error
+	if err != nil {
+		return nil, err
+	}
+	return &productWarehouse, nil
+}
+
 func (r *ProductWarehouseRepositoryImpl) GetFirstProductByCategoryCode(ctx context.Context, categoryCode string) (*entity.Product, error) {
 	var product entity.Product
 	err := r.DB().WithContext(ctx).
@@ -165,7 +255,7 @@ func (r *ProductWarehouseRepositoryImpl) GetByFlagAndWarehouseID(ctx context.Con
 	var productWarehouses []entity.ProductWarehouse
 	err := r.DB().WithContext(ctx).Model(&entity.ProductWarehouse{}).
 		Joins("JOIN products ON products.id = product_warehouses.product_id").
-		Joins("JOIN flags ON flags.flagable_id = products.id AND flags.flagable_type = ?", "products").
+		Joins("JOIN flags ON flags.flagable_id = products.id AND flags.flagable_type = 'products'").
 		Where("flags.name = ? AND product_warehouses.warehouse_id = ?", flagName, warehouseId).
 		Order("product_warehouses.created_at DESC").
 		Preload("Product").Preload("Warehouse").
@@ -179,7 +269,7 @@ func (r *ProductWarehouseRepositoryImpl) GetByFlagAndWarehouseID(ctx context.Con
 func (r *ProductWarehouseRepositoryImpl) GetFirstProductByFlag(ctx context.Context, flagName string) (*entity.Product, error) {
 	var product entity.Product
 	err := r.DB().WithContext(ctx).
-		Joins("JOIN flags ON flags.flagable_id = products.id AND flags.flagable_type = ?", "products").
+		Joins("JOIN flags ON flags.flagable_id = products.id AND flags.flagable_type = 'products'").
 		Where("flags.name = ?", flagName).
 		First(&product).Error
 	if err != nil {

internal/modules/inventory/product-warehouses/route.go

@@ -1,7 +1,7 @@
 package productWarehouses
 
 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/controllers"
 	productWarehouse "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,12 +13,7 @@ func ProductWarehouseRoutes(v1 fiber.Router, u user.UserService, s productWareho
 	ctrl := controller.NewProductWarehouseController(s)
 
 	route := v1.Group("/product-warehouses")
-
-	// route.Get("/", m.Auth(u), ctrl.GetAll)
-	// route.Post("/", m.Auth(u), ctrl.CreateOne)
-	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
-	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
-	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
+	route.Use(m.Auth(u))
 
 	route.Get("/", ctrl.GetAll)
 	route.Get("/:id", ctrl.GetOne)

internal/modules/inventory/product-warehouses/services/product_warehouse.service.go

@@ -6,6 +6,7 @@ import (
 	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
 	repository "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/repositories"
 	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/validations"
+	kandangrepo "gitlab.com/mbugroup/lti-api.git/internal/modules/master/kandangs/repositories"
 	"gitlab.com/mbugroup/lti-api.git/internal/utils"
 
 	"github.com/go-playground/validator/v10"
@@ -20,16 +21,18 @@ type ProductWarehouseService interface {
 }
 
 type productWarehouseService struct {
-	Log        *logrus.Logger
-	Validate   *validator.Validate
-	Repository repository.ProductWarehouseRepository
+	Log         *logrus.Logger
+	Validate    *validator.Validate
+	Repository  repository.ProductWarehouseRepository
+	KandangRepo kandangrepo.KandangRepository
 }
 
-func NewProductWarehouseService(repo repository.ProductWarehouseRepository, validate *validator.Validate) ProductWarehouseService {
+func NewProductWarehouseService(repo repository.ProductWarehouseRepository, validate *validator.Validate, kandangRepo kandangrepo.KandangRepository) ProductWarehouseService {
 	return &productWarehouseService{
-		Log:        utils.Log,
-		Validate:   validate,
-		Repository: repo,
+		Log:         utils.Log,
+		Validate:    validate,
+		Repository:  repo,
+		KandangRepo: kandangRepo,
 	}
 }
 
@@ -69,6 +72,16 @@ func (s productWarehouseService) GetAll(c *fiber.Ctx, params *validation.Query)
 		}
 	}
 
+	if params.KandangId > 0 {
+		isKandangExist, err := s.KandangRepo.IdExists(c.Context(), params.KandangId)
+		if err != nil {
+			return nil, 0, err
+		}
+		if !isKandangExist {
+			return nil, 0, fiber.NewError(fiber.StatusNotFound, "Kandang not found")
+		}
+	}
+
 	offset := (params.Page - 1) * params.Limit
 
 	cleanFlags := utils.ParseFlags(params.Flags)
@@ -80,6 +93,11 @@ func (s productWarehouseService) GetAll(c *fiber.Ctx, params *validation.Query)
 			db = db.Where("product_id = ?", params.ProductId)
 		}
 
+		if params.KandangId != 0 {
+			db = db.Joins("JOIN warehouses ON product_warehouses.warehouse_id = warehouses.id").
+				Where("warehouses.kandang_id = ?", params.KandangId)
+		}
+
 		if params.WarehouseId != 0 {
 			db = db.Where("warehouse_id = ?", params.WarehouseId)
 		}

internal/modules/inventory/product-warehouses/validations/product_warehouse.validation.go

@@ -18,4 +18,5 @@ type Query struct {
 	ProductId   uint   `query:"product_id" validate:"omitempty,number,min=1"`
 	WarehouseId uint   `query:"warehouse_id" validate:"omitempty,number,min=1"`
 	Flags       string `query:"flags" validate:"omitempty"`
+	KandangId   uint   `query:"kandang_id" validate:"omitempty,number,min=1"`
 }

internal/modules/inventory/route.go

@@ -7,8 +7,8 @@ import (
 	"github.com/gofiber/fiber/v2"
 	"gorm.io/gorm"
 
-	productWarehouses "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses"
 	adjustments "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/adjustments"
+	productWarehouses "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses"
 	transfers "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/transfers"
 	// MODULE IMPORTS
 )

internal/modules/inventory/transfers/dto/transfer.dto.go

@@ -9,7 +9,7 @@ import (
 
 // === DTO Structs ===
 
-type TransferBaseDTO struct {
+type TransferRelationDTO struct {
 	Id                   uint64              `json:"id"`
 	TransferReason       string              `json:"transfer_reason"`
 	TransferDate         string              `json:"transfer_date"`
@@ -51,12 +51,12 @@ type WarehouseDetailDTO struct {
 }
 
 type TransferListDTO struct {
-	TransferBaseDTO
-	CreatedUser *userDTO.UserBaseDTO    `json:"created_user,omitempty"`
-	CreatedAt   time.Time               `json:"created_at"`
-	UpdatedAt   time.Time               `json:"updated_at"`
-	Details     []TransferDetailItemDTO `json:"details"`
-	Deliveries  []TransferDeliveryDTO   `json:"deliveries"`
+	TransferRelationDTO
+	CreatedUser *userDTO.UserRelationDTO `json:"created_user,omitempty"`
+	CreatedAt   time.Time                `json:"created_at"`
+	UpdatedAt   time.Time                `json:"updated_at"`
+	Details     []TransferDetailItemDTO  `json:"details"`
+	Deliveries  []TransferDeliveryDTO    `json:"deliveries"`
 }
 
 type TransferDetailDTO struct {
@@ -93,7 +93,7 @@ type TransferDeliveryItemDTO struct {
 
 // === Mapper Functions ===
 
-func ToTransferBaseDTO(e entity.StockTransfer) TransferBaseDTO {
+func ToTransferRelationDTO(e entity.StockTransfer) TransferRelationDTO {
 
 	var sourceWarehouse *WarehouseDetailDTO
 	if e.FromWarehouse != nil && e.FromWarehouse.Id != 0 {
@@ -103,7 +103,7 @@ func ToTransferBaseDTO(e entity.StockTransfer) TransferBaseDTO {
 	if e.ToWarehouse != nil && e.ToWarehouse.Id != 0 {
 		destinationWarehouse = toWarehouseDetailDTO(e.ToWarehouse)
 	}
-	return TransferBaseDTO{
+	return TransferRelationDTO{
 		Id:                   e.Id,
 		TransferReason:       e.Reason,
 		TransferDate:         e.CreatedAt.Format("2006-01-02"),
@@ -145,9 +145,9 @@ func toWarehouseDetailDTO(w *entity.Warehouse) *WarehouseDetailDTO {
 }
 
 func ToTransferListDTO(e entity.StockTransfer) TransferListDTO {
-	var createdUser *userDTO.UserBaseDTO
+	var createdUser *userDTO.UserRelationDTO
 	if e.CreatedUser != nil {
-		mapped := userDTO.ToUserBaseDTO(*e.CreatedUser)
+		mapped := userDTO.ToUserRelationDTO(*e.CreatedUser)
 		createdUser = &mapped
 	}
 	// Map details
@@ -190,12 +190,12 @@ func ToTransferListDTO(e entity.StockTransfer) TransferListDTO {
 		})
 	}
 	return TransferListDTO{
-		TransferBaseDTO: ToTransferBaseDTO(e),
-		CreatedUser:     createdUser,
-		CreatedAt:       e.CreatedAt,
-		UpdatedAt:       e.UpdatedAt,
-		Details:         details,
-		Deliveries:      deliveries,
+		TransferRelationDTO: ToTransferRelationDTO(e),
+		CreatedUser:         createdUser,
+		CreatedAt:           e.CreatedAt,
+		UpdatedAt:           e.UpdatedAt,
+		Details:             details,
+		Deliveries:          deliveries,
 	}
 }
 

internal/modules/inventory/transfers/route.go

@@ -1,7 +1,7 @@
 package transfers
 
 import (
-	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
 	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/transfers/controllers"
 	transfer "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/transfers/services"
 	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
@@ -13,12 +13,7 @@ func TransferRoutes(v1 fiber.Router, u user.UserService, s transfer.TransferServ
 	ctrl := controller.NewTransferController(s)
 
 	route := v1.Group("/transfers")
-
-	// route.Get("/", m.Auth(u), ctrl.GetAll)
-	// route.Post("/", m.Auth(u), ctrl.CreateOne)
-	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
-	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
-	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
+	route.Use(m.Auth(u))
 
 	route.Get("/", ctrl.GetAll)
 	route.Post("/", ctrl.CreateOne)

internal/modules/marketing/delivery-orderss/controllers/delivery-orders.controller.go

@@ -0,0 +1,124 @@
+package controller
+
+import (
+	"math"
+	"strconv"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/dto"
+	service "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/services"
+	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/validations"
+	"gitlab.com/mbugroup/lti-api.git/internal/response"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+type DeliveryOrdersController struct {
+	DeliveryOrdersService service.DeliveryOrdersService
+}
+
+func NewDeliveryOrdersController(deliveryOrdersService service.DeliveryOrdersService) *DeliveryOrdersController {
+	return &DeliveryOrdersController{
+		DeliveryOrdersService: deliveryOrdersService,
+	}
+}
+
+func (u *DeliveryOrdersController) GetAll(c *fiber.Ctx) error {
+	query := &validation.Query{
+		Page:        c.QueryInt("page", 1),
+		Limit:       c.QueryInt("limit", 10),
+		MarketingId: uint(c.QueryInt("marketing_id", 0)),
+	}
+
+	if query.Page < 1 || query.Limit < 1 {
+		return fiber.NewError(fiber.StatusBadRequest, "page and limit must be greater than 0")
+	}
+
+	result, totalResults, err := u.DeliveryOrdersService.GetAll(c, query)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.SuccessWithPaginate[dto.MarketingListDTO]{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Get all deliveryOrderss successfully",
+			Meta: response.Meta{
+				Page:         query.Page,
+				Limit:        query.Limit,
+				TotalPages:   int64(math.Ceil(float64(totalResults) / float64(query.Limit))),
+				TotalResults: totalResults,
+			},
+			Data: result,
+		})
+}
+
+func (u *DeliveryOrdersController) GetOne(c *fiber.Ctx) error {
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	result, err := u.DeliveryOrdersService.GetOne(c, uint(id))
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Get deliveryOrders successfully",
+			Data:    *result,
+		})
+}
+
+func (u *DeliveryOrdersController) CreateOne(c *fiber.Ctx) error {
+	req := new(validation.Create)
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	result, err := u.DeliveryOrdersService.CreateOne(c, req)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusCreated).
+		JSON(response.Success{
+			Code:    fiber.StatusCreated,
+			Status:  "success",
+			Message: "Create delivery products successfully",
+			Data:    result,
+		})
+}
+
+func (u *DeliveryOrdersController) UpdateOne(c *fiber.Ctx) error {
+	req := new(validation.Update)
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	result, err := u.DeliveryOrdersService.UpdateOne(c, req, uint(id))
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Update deliveryOrders successfully",
+			Data:    result,
+		})
+}

internal/modules/marketing/delivery-orderss/dto/delivery-orders.dto.go

@@ -0,0 +1,336 @@
+package dto
+
+import (
+	"fmt"
+	"sort"
+	"time"
+
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	approvalDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/approvals/dto"
+	productwarehouseDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/dto"
+	customerDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/master/customers/dto"
+	userDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/users/dto"
+)
+
+type MarketingRelationDTO struct {
+	Id       uint      `json:"id"`
+	SoNumber string    `json:"so_number"`
+	SoDate   time.Time `json:"so_date"`
+	Notes    string    `json:"notes,omitempty"`
+}
+
+type MarketingListDTO struct {
+	MarketingRelationDTO
+	Customer       customerDTO.CustomerRelationDTO `json:"customer"`
+	SalesPerson    userDTO.UserRelationDTO         `json:"sales_person"`
+	SoDocs         string                          `json:"so_docs"`
+	SalesOrder     []MarketingProductDTO           `json:"sales_order"`
+	CreatedUser    userDTO.UserRelationDTO         `json:"created_user"`
+	CreatedAt      time.Time                       `json:"created_at"`
+	UpdatedAt      time.Time                       `json:"updated_at"`
+	LatestApproval approvalDTO.ApprovalRelationDTO `json:"latest_approval"`
+}
+
+type MarketingDetailDTO struct {
+	MarketingRelationDTO
+	Customer       customerDTO.CustomerRelationDTO `json:"customer"`
+	SalesPerson    userDTO.UserRelationDTO         `json:"sales_person"`
+	SoDocs         string                          `json:"so_docs"`
+	SalesOrder     []MarketingProductDTO           `json:"sales_order"`
+	DeliveryOrder  []DeliveryGroupDTO              `json:"delivery_order"`
+	CreatedUser    userDTO.UserRelationDTO         `json:"created_user"`
+	CreatedAt      time.Time                       `json:"created_at"`
+	UpdatedAt      time.Time                       `json:"updated_at"`
+	LatestApproval approvalDTO.ApprovalRelationDTO `json:"latest_approval"`
+}
+type MarketingDeliveryProductDTO struct {
+	Id                 uint                                          `json:"id"`
+	MarketingProductId uint                                          `json:"marketing_product_id"`
+	Qty                float64                                       `json:"qty"`
+	UnitPrice          float64                                       `json:"unit_price"`
+	TotalWeight        float64                                       `json:"total_weight"`
+	AvgWeight          float64                                       `json:"avg_weight"`
+	TotalPrice         float64                                       `json:"total_price"`
+	DeliveryDate       *time.Time                                    `json:"delivery_date"`
+	VehicleNumber      string                                        `json:"vehicle_number"`
+	ProductWarehouse   *productwarehouseDTO.ProductWarehousNestedDTO `json:"product_warehouse,omitempty"`
+}
+
+type DeliveryItemDTO struct {
+	ProductWarehouse *productwarehouseDTO.ProductWarehousNestedDTO `json:"product_warehouse"`
+	Qty              float64                                       `json:"qty"`
+	UnitPrice        float64                                       `json:"unit_price"`
+	TotalWeight      float64                                       `json:"total_weight"`
+	AvgWeight        float64                                       `json:"avg_weight"`
+	TotalPrice       float64                                       `json:"total_price"`
+	VehicleNumber    string                                        `json:"vehicle_number"`
+}
+
+type DeliveryGroupDTO struct {
+	DoNumber     string                                    `json:"do_number"`
+	DeliveryDate *time.Time                                `json:"delivery_date"`
+	Warehouse    *productwarehouseDTO.WarehouseRelationDTO `json:"warehouse,omitempty"`
+	Deliveries   []DeliveryItemDTO                         `json:"deliveries"`
+}
+
+type MarketingProductDTO struct {
+	Id                 uint                                          `json:"id"`
+	MarketingId        uint                                          `json:"marketing_id"`
+	ProductWarehouseId uint                                          `json:"product_warehouse_id"`
+	Qty                float64                                       `json:"qty"`
+	UnitPrice          float64                                       `json:"unit_price"`
+	AvgWeight          float64                                       `json:"avg_weight"`
+	TotalWeight        float64                                       `json:"total_weight"`
+	TotalPrice         float64                                       `json:"total_price"`
+	ProductWarehouse   *productwarehouseDTO.ProductWarehousNestedDTO `json:"product_warehouse,omitempty"`
+	VehicleNumber      string                                        `json:"vehicle_number,omitempty"`
+}
+
+func ToMarketingRelationDTO(marketing *entity.Marketing) MarketingRelationDTO {
+	return MarketingRelationDTO{
+		Id:       marketing.Id,
+		SoNumber: marketing.SoNumber,
+		SoDate:   marketing.SoDate,
+		Notes:    marketing.Notes,
+	}
+}
+
+func ToMarketingProductDTO(e entity.MarketingProduct) MarketingProductDTO {
+	var productWarehouse *productwarehouseDTO.ProductWarehousNestedDTO
+	if e.ProductWarehouse.Id != 0 {
+		mapped := productwarehouseDTO.ToProductWarehouseNestedDTO(e.ProductWarehouse)
+		productWarehouse = &mapped
+	}
+
+	return MarketingProductDTO{
+		Id:                 e.Id,
+		MarketingId:        e.MarketingId,
+		ProductWarehouseId: e.ProductWarehouseId,
+		Qty:                e.Qty,
+		UnitPrice:          e.UnitPrice,
+		AvgWeight:          e.AvgWeight,
+		TotalWeight:        e.TotalWeight,
+		TotalPrice:         e.TotalPrice,
+		ProductWarehouse:   productWarehouse,
+		VehicleNumber:      getVehicleNumber(e),
+	}
+}
+
+func ToMarketingDeliveryProductDTO(e entity.MarketingDeliveryProduct) MarketingDeliveryProductDTO {
+	return MarketingDeliveryProductDTO{
+		Id:                 e.Id,
+		MarketingProductId: e.MarketingProductId,
+		Qty:                e.Qty,
+		UnitPrice:          e.UnitPrice,
+		TotalWeight:        e.TotalWeight,
+		AvgWeight:          e.AvgWeight,
+		TotalPrice:         e.TotalPrice,
+		DeliveryDate:       e.DeliveryDate,
+		VehicleNumber:      e.VehicleNumber,
+	}
+}
+
+func ToMarketingListDTO(marketing *entity.Marketing, deliveryProducts []entity.MarketingDeliveryProduct) MarketingListDTO {
+	var createdUser userDTO.UserRelationDTO
+	if marketing.CreatedUser.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(marketing.CreatedUser)
+		createdUser = mapped
+	}
+
+	var customer customerDTO.CustomerRelationDTO
+	if marketing.Customer.Id != 0 {
+		mapped := customerDTO.ToCustomerRelationDTO(marketing.Customer)
+		customer = mapped
+	}
+
+	var salesPerson userDTO.UserRelationDTO
+	if marketing.SalesPerson.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(marketing.SalesPerson)
+		salesPerson = mapped
+	}
+
+	var latestApproval approvalDTO.ApprovalRelationDTO
+	if marketing.LatestApproval != nil {
+		mapped := approvalDTO.ToApprovalDTO(*marketing.LatestApproval)
+		latestApproval = mapped
+	}
+
+	var salesOrderProducts []MarketingProductDTO
+	if len(marketing.Products) > 0 {
+		salesOrderProducts = make([]MarketingProductDTO, len(marketing.Products))
+		for i, product := range marketing.Products {
+			salesOrderProducts[i] = ToMarketingProductDTO(product)
+		}
+	}
+
+	return MarketingListDTO{
+		MarketingRelationDTO: ToMarketingRelationDTO(marketing),
+		Customer:             customer,
+		SalesPerson:          salesPerson,
+		SoDocs:               marketing.SoDocs,
+		SalesOrder:           salesOrderProducts,
+		CreatedUser:          createdUser,
+		CreatedAt:            marketing.CreatedAt,
+		UpdatedAt:            marketing.UpdatedAt,
+		LatestApproval:       latestApproval,
+	}
+}
+
+func ToMarketingDetailDTO(marketing *entity.Marketing, deliveryProducts []entity.MarketingDeliveryProduct) MarketingDetailDTO {
+	var createdUser userDTO.UserRelationDTO
+	if marketing.CreatedUser.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(marketing.CreatedUser)
+		createdUser = mapped
+	}
+
+	var customer customerDTO.CustomerRelationDTO
+	if marketing.Customer.Id != 0 {
+		mapped := customerDTO.ToCustomerRelationDTO(marketing.Customer)
+		customer = mapped
+	}
+
+	var salesPerson userDTO.UserRelationDTO
+	if marketing.SalesPerson.Id != 0 {
+		mapped := userDTO.ToUserRelationDTO(marketing.SalesPerson)
+		salesPerson = mapped
+	}
+
+	var salesOrderProducts []MarketingProductDTO
+	if len(marketing.Products) > 0 {
+		salesOrderProducts = make([]MarketingProductDTO, len(marketing.Products))
+		for i, product := range marketing.Products {
+			salesOrderProducts[i] = ToMarketingProductDTO(product)
+		}
+	}
+
+	var deliveryProductsDTOs []MarketingDeliveryProductDTO
+	if len(deliveryProducts) > 0 {
+		deliveryProductsDTOs = make([]MarketingDeliveryProductDTO, len(deliveryProducts))
+		for i, dp := range deliveryProducts {
+			deliveryProductsDTOs[i] = ToMarketingDeliveryProductDTO(dp)
+		}
+		deliveryProductsDTOs = enrichDeliveryProductDTOsWithWarehouse(deliveryProductsDTOs, marketing)
+	}
+
+	deliveryGroups := groupDeliveryProducts(deliveryProductsDTOs, marketing.SoNumber)
+
+	var latestApproval approvalDTO.ApprovalRelationDTO
+	if marketing.LatestApproval != nil {
+		mapped := approvalDTO.ToApprovalDTO(*marketing.LatestApproval)
+		latestApproval = mapped
+	}
+
+	return MarketingDetailDTO{
+		MarketingRelationDTO: ToMarketingRelationDTO(marketing),
+		SoDocs:               marketing.SoDocs,
+		Customer:             customer,
+		SalesPerson:          salesPerson,
+		SalesOrder:           salesOrderProducts,
+		DeliveryOrder:        deliveryGroups,
+		CreatedUser:          createdUser,
+		CreatedAt:            marketing.CreatedAt,
+		UpdatedAt:            marketing.UpdatedAt,
+		LatestApproval:       latestApproval,
+	}
+}
+
+func ToMarketingListDTOs(marketings []entity.Marketing) []MarketingListDTO {
+	result := make([]MarketingListDTO, len(marketings))
+	for i, m := range marketings {
+		result[i] = ToMarketingListDTO(&m, []entity.MarketingDeliveryProduct{})
+	}
+	return result
+}
+
+func enrichDeliveryProductDTOsWithWarehouse(deliveryProductDTOs []MarketingDeliveryProductDTO, marketing *entity.Marketing) []MarketingDeliveryProductDTO {
+	if len(deliveryProductDTOs) == 0 || marketing == nil || len(marketing.Products) == 0 {
+		return deliveryProductDTOs
+	}
+
+	productMap := make(map[uint]*entity.MarketingProduct)
+	for i := range marketing.Products {
+		productMap[marketing.Products[i].Id] = &marketing.Products[i]
+	}
+
+	for i := range deliveryProductDTOs {
+		if product, exists := productMap[deliveryProductDTOs[i].MarketingProductId]; exists {
+			if product.ProductWarehouse.Id != 0 {
+				mapped := productwarehouseDTO.ToProductWarehouseNestedDTO(product.ProductWarehouse)
+				deliveryProductDTOs[i].ProductWarehouse = &mapped
+			}
+		}
+	}
+
+	return deliveryProductDTOs
+}
+
+func groupDeliveryProducts(products []MarketingDeliveryProductDTO, soNumber string) []DeliveryGroupDTO {
+	groupMap := make(map[string]*DeliveryGroupDTO)
+
+	for _, product := range products {
+		if product.DeliveryDate == nil {
+			continue
+		}
+
+		var warehouseId uint
+		var warehouseName string
+		if product.ProductWarehouse != nil {
+			warehouseId = product.ProductWarehouse.Warehouse.Id
+			warehouseName = product.ProductWarehouse.Warehouse.Name
+		}
+
+		key := fmt.Sprintf("%d_%s", warehouseId, product.DeliveryDate.Format("2006-01-02"))
+
+		group, exists := groupMap[key]
+		if !exists {
+			group = &DeliveryGroupDTO{
+				DeliveryDate: product.DeliveryDate,
+				Warehouse: &productwarehouseDTO.WarehouseRelationDTO{
+					Id:   warehouseId,
+					Name: warehouseName,
+				},
+				Deliveries: []DeliveryItemDTO{},
+			}
+			groupMap[key] = group
+		}
+
+		deliveryItem := DeliveryItemDTO{
+			ProductWarehouse: product.ProductWarehouse,
+			Qty:              product.Qty,
+			UnitPrice:        product.UnitPrice,
+			TotalWeight:      product.TotalWeight,
+			AvgWeight:        product.AvgWeight,
+			TotalPrice:       product.TotalPrice,
+			VehicleNumber:    product.VehicleNumber,
+		}
+		group.Deliveries = append(group.Deliveries, deliveryItem)
+	}
+
+	var groups []DeliveryGroupDTO
+	for _, group := range groupMap {
+		groups = append(groups, *group)
+	}
+
+	sort.Slice(groups, func(i, j int) bool {
+		if groups[i].DeliveryDate == nil || groups[j].DeliveryDate == nil {
+			return false
+		}
+		return groups[i].DeliveryDate.Before(*groups[j].DeliveryDate)
+	})
+
+	for i := range groups {
+		if groups[i].DeliveryDate != nil {
+			dateStr := groups[i].DeliveryDate.Format("20060102")
+			groups[i].DoNumber = fmt.Sprintf("%s-%s-%d", soNumber, dateStr, groups[i].Warehouse.Id)
+		}
+	}
+
+	return groups
+}
+
+func getVehicleNumber(e entity.MarketingProduct) string {
+	if e.DeliveryProduct != nil && e.DeliveryProduct.VehicleNumber != "" {
+		return e.DeliveryProduct.VehicleNumber
+	}
+	return ""
+}

internal/modules/marketing/delivery-orderss/module.go

@@ -0,0 +1,39 @@
+package delivery_orderss
+
+import (
+	"fmt"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+
+	commonRepo "gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	commonSvc "gitlab.com/mbugroup/lti-api.git/internal/common/service"
+	rMarketingDeliveryProduct "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/marketing-delivery-products/repositories"
+	sDeliveryOrders "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/services"
+	rMarketing "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/repositories"
+	rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
+	sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"
+)
+
+type DeliveryOrdersModule struct{}
+
+func (DeliveryOrdersModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
+	marketingRepo := rMarketing.NewMarketingRepository(db)
+	marketingProductRepo := rMarketing.NewMarketingProductRepository(db)
+	marketingDeliveryProductRepo := rMarketingDeliveryProduct.NewMarketingDeliveryProductRepository(db)
+	userRepo := rUser.NewUserRepository(db)
+	approvalRepo := commonRepo.NewApprovalRepository(db)
+	approvalSvc := commonSvc.NewApprovalService(approvalRepo)
+
+	// Register workflow steps for MARKETINGS approval
+	if err := approvalSvc.RegisterWorkflowSteps(utils.ApprovalWorkflowMarketing, utils.MarketingApprovalSteps); err != nil {
+		panic(fmt.Sprintf("failed to register marketing approval workflow: %v", err))
+	}
+
+	deliveryOrdersService := sDeliveryOrders.NewDeliveryOrdersService(marketingRepo, marketingProductRepo, marketingDeliveryProductRepo, approvalSvc, validate)
+	userService := sUser.NewUserService(userRepo, validate)
+
+	DeliveryOrdersRoutes(router, userService, deliveryOrdersService)
+}

internal/modules/marketing/delivery-orderss/route.go

@@ -0,0 +1,30 @@
+package delivery_orderss
+
+import (
+	// m "gitlab.com/mbugroup/lti-api.git/internal/middleware"
+	controller "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/controllers"
+	deliveryOrders "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/services"
+	user "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+func DeliveryOrdersRoutes(v1 fiber.Router, u user.UserService, s deliveryOrders.DeliveryOrdersService) {
+	ctrl := controller.NewDeliveryOrdersController(s)
+
+	v1.Get("/", ctrl.GetAll)
+	v1.Get("/:id", ctrl.GetOne)
+
+	// Sisanya di group /delivery-orders
+	route := v1.Group("/delivery-orders")
+
+	// route.Get("/", m.Auth(u), ctrl.GetAll)
+	// route.Post("/", m.Auth(u), ctrl.CreateOne)
+	// route.Get("/:id", m.Auth(u), ctrl.GetOne)
+	// route.Patch("/:id", m.Auth(u), ctrl.UpdateOne)
+	// route.Delete("/:id", m.Auth(u), ctrl.DeleteOne)
+
+	route.Post("/", ctrl.CreateOne)
+	route.Patch("/:id", ctrl.UpdateOne)
+
+}

internal/modules/marketing/delivery-orderss/services/delivery-orders.service.go

@@ -0,0 +1,427 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	commonRepo "gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	commonSvc "gitlab.com/mbugroup/lti-api.git/internal/common/service"
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	marketingDeliveryProductRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/marketing-delivery-products/repositories"
+	productWarehouseRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/repositories"
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/dto"
+	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss/validations"
+	marketingRepo "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/repositories"
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"github.com/sirupsen/logrus"
+	"gorm.io/gorm"
+)
+
+type DeliveryOrdersService interface {
+	GetAll(ctx *fiber.Ctx, params *validation.Query) ([]dto.MarketingListDTO, int64, error)
+	GetOne(ctx *fiber.Ctx, id uint) (*dto.MarketingDetailDTO, error)
+	CreateOne(ctx *fiber.Ctx, req *validation.Create) (*dto.MarketingDetailDTO, error)
+	UpdateOne(ctx *fiber.Ctx, req *validation.Update, id uint) (*dto.MarketingDetailDTO, error)
+}
+
+type deliveryOrdersService struct {
+	Log                          *logrus.Logger
+	Validate                     *validator.Validate
+	MarketingRepo                marketingRepo.MarketingRepository
+	MarketingProductRepo         marketingRepo.MarketingProductRepository
+	MarketingDeliveryProductRepo marketingDeliveryProductRepo.MarketingDeliveryProductRepository
+	ApprovalSvc                  commonSvc.ApprovalService
+}
+
+func NewDeliveryOrdersService(
+	marketingRepo marketingRepo.MarketingRepository,
+	marketingProductRepo marketingRepo.MarketingProductRepository,
+	marketingDeliveryProductRepo marketingDeliveryProductRepo.MarketingDeliveryProductRepository,
+	approvalSvc commonSvc.ApprovalService,
+	validate *validator.Validate,
+) DeliveryOrdersService {
+	return &deliveryOrdersService{
+		Log:                          utils.Log,
+		Validate:                     validate,
+		MarketingRepo:                marketingRepo,
+		MarketingProductRepo:         marketingProductRepo,
+		MarketingDeliveryProductRepo: marketingDeliveryProductRepo,
+		ApprovalSvc:                  approvalSvc,
+	}
+}
+
+func (s deliveryOrdersService) withRelations(db *gorm.DB) *gorm.DB {
+	return db.
+		Preload("CreatedUser").
+		Preload("Customer").
+		Preload("SalesPerson").
+		Preload("Products.ProductWarehouse.Product").
+		Preload("Products.ProductWarehouse.Warehouse").
+		Preload("Products.DeliveryProduct")
+}
+
+func (s deliveryOrdersService) getMarketingWithDeliveries(c *fiber.Ctx, marketingId uint) (*dto.MarketingDetailDTO, error) {
+	marketing, err := s.MarketingRepo.GetByID(c.Context(), marketingId, s.withRelations)
+	if err != nil {
+		return nil, fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch marketing")
+	}
+
+	latestApproval, err := s.ApprovalSvc.LatestByTarget(c.Context(), utils.ApprovalWorkflowMarketing, marketingId, nil)
+	if err != nil {
+	}
+	marketing.LatestApproval = latestApproval
+
+	allDeliveryProducts, err := s.MarketingDeliveryProductRepo.GetByMarketingId(c.Context(), marketingId)
+	if err != nil {
+		allDeliveryProducts = []entity.MarketingDeliveryProduct{}
+	}
+
+	responseDTO := dto.ToMarketingDetailDTO(marketing, allDeliveryProducts)
+	return &responseDTO, nil
+}
+
+func (s deliveryOrdersService) GetAll(c *fiber.Ctx, params *validation.Query) ([]dto.MarketingListDTO, int64, error) {
+	if err := s.Validate.Struct(params); err != nil {
+		return nil, 0, err
+	}
+
+	offset := (params.Page - 1) * params.Limit
+
+	marketings, total, err := s.MarketingRepo.GetAll(c.Context(), offset, params.Limit, func(db *gorm.DB) *gorm.DB {
+		db = db.
+			Preload("CreatedUser").
+			Preload("Customer").
+			Preload("SalesPerson").
+			Preload("Products.ProductWarehouse.Product").
+			Preload("Products.ProductWarehouse.Warehouse").
+			Preload("Products.DeliveryProduct")
+
+		if params.MarketingId != 0 {
+			return db.Where("id = ?", params.MarketingId)
+		}
+		return db.Order("created_at DESC").Order("updated_at DESC")
+	})
+
+	if err != nil {
+		s.Log.Errorf("Failed to get marketings: %+v", err)
+		return nil, 0, err
+	}
+	for i := range marketings {
+		latestApproval, err := s.ApprovalSvc.LatestByTarget(c.Context(), utils.ApprovalWorkflowMarketing, marketings[i].Id, func(db *gorm.DB) *gorm.DB {
+			return db.Preload("ActionUser")
+		})
+		if err != nil {
+			s.Log.Warnf("Failed to load approval for marketing %d: %+v", marketings[i].Id, err)
+		}
+		marketings[i].LatestApproval = latestApproval
+	}
+
+	result := make([]dto.MarketingListDTO, len(marketings))
+	for i, marketing := range marketings {
+		result[i] = dto.ToMarketingListDTO(&marketing, []entity.MarketingDeliveryProduct{})
+	}
+
+	return result, total, nil
+}
+
+func (s deliveryOrdersService) GetOne(c *fiber.Ctx, id uint) (*dto.MarketingDetailDTO, error) {
+
+	marketing, err := s.MarketingRepo.GetByID(c.Context(), id, s.withRelations)
+	if errors.Is(err, gorm.ErrRecordNotFound) {
+		return nil, fiber.NewError(fiber.StatusNotFound, "Marketing not found")
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	allDeliveryProducts, err := s.MarketingDeliveryProductRepo.GetByMarketingId(c.Context(), id)
+	if err != nil {
+		allDeliveryProducts = []entity.MarketingDeliveryProduct{}
+	}
+
+	if s.ApprovalSvc != nil {
+		approvals, err := s.ApprovalSvc.ListByTarget(c.Context(), utils.ApprovalWorkflowMarketing, marketing.Id, func(db *gorm.DB) *gorm.DB {
+			return db.Preload("ActionUser")
+		})
+		if err != nil {
+
+		} else if len(approvals) > 0 {
+			if marketing.LatestApproval == nil {
+				latest := approvals[len(approvals)-1]
+				marketing.LatestApproval = &latest
+			}
+		} else {
+			marketing.LatestApproval = nil
+		}
+	}
+
+	responseDTO := dto.ToMarketingDetailDTO(marketing, allDeliveryProducts)
+	return &responseDTO, nil
+}
+
+func (s *deliveryOrdersService) CreateOne(c *fiber.Ctx, req *validation.Create) (*dto.MarketingDetailDTO, error) {
+	if err := s.Validate.Struct(req); err != nil {
+		return nil, err
+	}
+
+	if err := commonSvc.EnsureRelations(c.Context(),
+		commonSvc.RelationCheck{Name: "Marketing", ID: &req.MarketingId, Exists: s.MarketingRepo.IdExists},
+	); err != nil {
+		return nil, err
+	}
+
+	approvalSvc := commonSvc.NewApprovalService(commonRepo.NewApprovalRepository(s.MarketingRepo.DB()))
+
+	latestApproval, err := approvalSvc.LatestByTarget(c.Context(), utils.ApprovalWorkflowMarketing, req.MarketingId, nil)
+	if err != nil {
+		return nil, fiber.NewError(fiber.StatusInternalServerError, "Failed to check approval status")
+	}
+	if latestApproval == nil {
+		return nil, fiber.NewError(fiber.StatusBadRequest, "Marketing has not been submitted for approval")
+	}
+	if latestApproval.StepNumber < uint16(utils.MarketingStepSalesOrder) {
+		return nil, fiber.NewError(fiber.StatusBadRequest, "Marketing must be approved to Sales Order step before creating delivery order")
+	}
+	if latestApproval.StepNumber >= uint16(utils.MarketingDeliveryOrder) {
+		return nil, fiber.NewError(fiber.StatusBadRequest, "Delivery order already exists for this marketing")
+	}
+	if latestApproval.Action == nil || *latestApproval.Action != entity.ApprovalActionApproved {
+		return nil, fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Marketing is not approved - current status: %v", *latestApproval.Action))
+	}
+
+	err = s.MarketingRepo.DB().WithContext(c.Context()).Transaction(func(dbTransaction *gorm.DB) error {
+
+		marketingProductRepositoryTx := marketingRepo.NewMarketingProductRepository(dbTransaction)
+		marketingDeliveryProductRepositoryTx := marketingDeliveryProductRepo.NewMarketingDeliveryProductRepository(dbTransaction)
+		approvalSvcTx := commonSvc.NewApprovalService(commonRepo.NewApprovalRepository(dbTransaction))
+
+		allMarketingProducts, err := marketingProductRepositoryTx.GetByMarketingID(c.Context(), req.MarketingId)
+		if err != nil {
+			if errors.Is(err, gorm.ErrRecordNotFound) {
+				return fiber.NewError(fiber.StatusNotFound, fmt.Sprintf("No marketing products found for marketing %d", req.MarketingId))
+			}
+			return fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch marketing products")
+		}
+
+		for _, requestedProduct := range req.DeliveryProducts {
+			var foundMarketingProduct *entity.MarketingProduct
+			for i := range allMarketingProducts {
+				if allMarketingProducts[i].Id == requestedProduct.MarketingProductId {
+					foundMarketingProduct = &allMarketingProducts[i]
+					break
+				}
+			}
+			if foundMarketingProduct == nil {
+				return fiber.NewError(fiber.StatusNotFound, fmt.Sprintf("Marketing product %d not found for this marketing", requestedProduct.MarketingProductId))
+			}
+
+			deliveryProduct, err := marketingDeliveryProductRepositoryTx.GetByMarketingProductID(c.Context(), foundMarketingProduct.Id)
+			if err != nil {
+				if errors.Is(err, gorm.ErrRecordNotFound) {
+					return fiber.NewError(fiber.StatusNotFound, fmt.Sprintf("Delivery product for marketing product %d not found", requestedProduct.MarketingProductId))
+				}
+				return fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch delivery product")
+			}
+
+			var itemDeliveryDate *time.Time
+			if requestedProduct.DeliveryDate != "" {
+				parsedDate, err := utils.ParseDateString(requestedProduct.DeliveryDate)
+				if err != nil {
+					return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid delivery date format for product %d: %v", requestedProduct.MarketingProductId, err))
+				}
+				itemDeliveryDate = &parsedDate
+			}
+
+			deliveryProduct.Qty = requestedProduct.Qty
+			deliveryProduct.UnitPrice = requestedProduct.UnitPrice
+			deliveryProduct.AvgWeight = requestedProduct.AvgWeight
+			deliveryProduct.TotalWeight = requestedProduct.TotalWeight
+			deliveryProduct.TotalPrice = requestedProduct.TotalPrice
+			deliveryProduct.DeliveryDate = itemDeliveryDate
+			deliveryProduct.VehicleNumber = requestedProduct.VehicleNumber
+
+			if requestedProduct.Qty > 0 {
+				if err := s.validateAndReduceProductWarehouse(c.Context(), dbTransaction, foundMarketingProduct, requestedProduct.Qty); err != nil {
+					return err
+				}
+			}
+			if err := marketingDeliveryProductRepositoryTx.UpdateOne(c.Context(), deliveryProduct.Id, deliveryProduct, nil); err != nil {
+				return fiber.NewError(fiber.StatusInternalServerError, "Failed to update delivery product")
+			}
+
+		}
+
+		actorID := uint(1) // TODO: ambil dari auth context
+		approvalAction := entity.ApprovalActionApproved
+		if _, err := approvalSvcTx.CreateApproval(
+			c.Context(),
+			utils.ApprovalWorkflowMarketing,
+			req.MarketingId,
+			utils.MarketingDeliveryOrder,
+			&approvalAction,
+			actorID,
+			nil); err != nil {
+			if !errors.Is(err, gorm.ErrDuplicatedKey) {
+				return fiber.NewError(fiber.StatusInternalServerError, "Failed to create delivery order approval")
+			}
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		if fiberErr, ok := err.(*fiber.Error); ok {
+			return nil, fiberErr
+		}
+		return nil, fiber.NewError(fiber.StatusInternalServerError, "Failed to create delivery order")
+	}
+
+	return s.getMarketingWithDeliveries(c, req.MarketingId)
+}
+
+func (s deliveryOrdersService) UpdateOne(c *fiber.Ctx, req *validation.Update, id uint) (*dto.MarketingDetailDTO, error) {
+	if err := s.Validate.Struct(req); err != nil {
+		return nil, err
+	}
+
+	if err := commonSvc.EnsureRelations(c.Context(),
+		commonSvc.RelationCheck{Name: "Marketing", ID: &id, Exists: s.MarketingRepo.IdExists},
+	); err != nil {
+		return nil, err
+	}
+
+	err := s.MarketingRepo.DB().WithContext(c.Context()).Transaction(func(dbTransaction *gorm.DB) error {
+
+		marketingProductRepositoryTx := marketingRepo.NewMarketingProductRepository(dbTransaction)
+		marketingDeliveryProductRepositoryTx := marketingDeliveryProductRepo.NewMarketingDeliveryProductRepository(dbTransaction)
+
+		allMarketingProducts, err := marketingProductRepositoryTx.GetByMarketingID(c.Context(), id)
+		if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+			return fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch marketing products")
+		}
+
+		if len(req.DeliveryProducts) > 0 {
+			for _, requestedProduct := range req.DeliveryProducts {
+
+				var foundMarketingProduct *entity.MarketingProduct
+				for i := range allMarketingProducts {
+					if allMarketingProducts[i].Id == requestedProduct.MarketingProductId {
+						foundMarketingProduct = &allMarketingProducts[i]
+						break
+					}
+				}
+				if foundMarketingProduct == nil {
+					return fiber.NewError(fiber.StatusNotFound, fmt.Sprintf("Marketing product %d not found for this marketing", requestedProduct.MarketingProductId))
+				}
+
+				deliveryProduct, err := marketingDeliveryProductRepositoryTx.GetByMarketingProductID(c.Context(), foundMarketingProduct.Id)
+				if err != nil {
+					if errors.Is(err, gorm.ErrRecordNotFound) {
+						return fiber.NewError(fiber.StatusNotFound, fmt.Sprintf("Delivery product for marketing product %d not found", requestedProduct.MarketingProductId))
+					}
+					return fiber.NewError(fiber.StatusInternalServerError, "Failed to fetch delivery product")
+				}
+
+				var itemDeliveryDate *time.Time
+				if requestedProduct.DeliveryDate != "" {
+					parsedDate, err := utils.ParseDateString(requestedProduct.DeliveryDate)
+					if err != nil {
+						return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Invalid delivery date format for product %d: %v", requestedProduct.MarketingProductId, err))
+					}
+					itemDeliveryDate = &parsedDate
+				} else if deliveryProduct.DeliveryDate != nil {
+					itemDeliveryDate = deliveryProduct.DeliveryDate
+				}
+
+				oldQty := deliveryProduct.Qty
+				deliveryProduct.Qty = requestedProduct.Qty
+				deliveryProduct.UnitPrice = requestedProduct.UnitPrice
+				deliveryProduct.AvgWeight = requestedProduct.AvgWeight
+				deliveryProduct.TotalWeight = requestedProduct.TotalWeight
+				deliveryProduct.TotalPrice = requestedProduct.TotalPrice
+				deliveryProduct.DeliveryDate = itemDeliveryDate
+				deliveryProduct.VehicleNumber = requestedProduct.VehicleNumber
+
+				qtyChange := requestedProduct.Qty - oldQty
+				if qtyChange > 0 {
+					if err := s.validateAndReduceProductWarehouse(c.Context(), dbTransaction, foundMarketingProduct, qtyChange); err != nil {
+						return err
+					}
+				} else if qtyChange < 0 {
+					if err := s.restoreProductWarehouseStock(c.Context(), dbTransaction, foundMarketingProduct, -qtyChange); err != nil {
+						return err
+					}
+				}
+
+				if err := marketingDeliveryProductRepositoryTx.UpdateOne(c.Context(), deliveryProduct.Id, deliveryProduct, nil); err != nil {
+					return fiber.NewError(fiber.StatusInternalServerError, "Failed to update delivery product")
+				}
+			}
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		if fiberErr, ok := err.(*fiber.Error); ok {
+			return nil, fiberErr
+		}
+		return nil, fiber.NewError(fiber.StatusInternalServerError, "Failed to update delivery order")
+	}
+
+	return s.getMarketingWithDeliveries(c, id)
+}
+
+func (s deliveryOrdersService) validateAndReduceProductWarehouse(ctx context.Context, tx *gorm.DB, marketingProduct *entity.MarketingProduct, qtyDeliver float64) error {
+	if marketingProduct == nil || marketingProduct.ProductWarehouseId == 0 {
+		return fiber.NewError(fiber.StatusInternalServerError, "Product warehouse not found")
+	}
+
+	pwRepo := productWarehouseRepo.NewProductWarehouseRepository(tx)
+
+	pw, err := pwRepo.GetByID(ctx, marketingProduct.ProductWarehouseId, nil)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return fiber.NewError(fiber.StatusNotFound, "Product warehouse not found")
+		}
+		return fiber.NewError(fiber.StatusInternalServerError, "Failed to check stock")
+	}
+
+	if pw.Quantity < qtyDeliver {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("Insufficient stock for warehouse - available: %.2f, requested: %.2f", pw.Quantity, qtyDeliver))
+	}
+
+	pw.Quantity = pw.Quantity - qtyDeliver
+	if err := pwRepo.UpdateOne(ctx, pw.Id, pw, nil); err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, "Failed to update stock")
+	}
+	return nil
+}
+
+func (s deliveryOrdersService) restoreProductWarehouseStock(ctx context.Context, tx *gorm.DB, marketingProduct *entity.MarketingProduct, qtyRestore float64) error {
+	if marketingProduct == nil || marketingProduct.ProductWarehouseId == 0 {
+		return fiber.NewError(fiber.StatusInternalServerError, "Product warehouse not found")
+	}
+
+	pwRepo := productWarehouseRepo.NewProductWarehouseRepository(tx)
+	pw, err := pwRepo.GetByID(ctx, marketingProduct.ProductWarehouseId, nil)
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			return fiber.NewError(fiber.StatusNotFound, "Product warehouse not found")
+		}
+
+		return fiber.NewError(fiber.StatusInternalServerError, "Failed to check stock")
+	}
+
+	pw.Quantity = pw.Quantity + qtyRestore
+	if err := pwRepo.UpdateOne(ctx, pw.Id, pw, nil); err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, "Failed to update stock")
+	}
+
+	return nil
+}

internal/modules/marketing/delivery-orderss/validations/delivery-orders.validation.go

@@ -0,0 +1,33 @@
+package validation
+
+type DeliveryProduct struct {
+	MarketingProductId uint    `json:"marketing_product_id" validate:"required,gt=0"`
+	Qty                float64 `json:"qty" validate:"omitempty,gte=0"`
+	UnitPrice          float64 `json:"unit_price" validate:"omitempty,gte=0"`
+	AvgWeight          float64 `json:"avg_weight" validate:"omitempty,gte=0"`
+	TotalWeight        float64 `json:"total_weight" validate:"omitempty,gte=0"`
+	TotalPrice         float64 `json:"total_price" validate:"omitempty,gte=0"`
+	DeliveryDate       string  `json:"delivery_date" validate:"omitempty,datetime=2006-01-02"`
+	VehicleNumber      string  `json:"vehicle_number" validate:"omitempty,max=50"`
+}
+
+type Create struct {
+	MarketingId      uint              `json:"marketing_id" validate:"required,gt=0"`
+	DeliveryProducts []DeliveryProduct `json:"delivery_products" validate:"required,min=1,dive"`
+}
+
+type Update struct {
+	DeliveryProducts []DeliveryProduct `json:"delivery_products" validate:"omitempty,min=1,dive"`
+}
+
+type Query struct {
+	Page        int  `query:"page" validate:"omitempty,number,min=1,gt=0"`
+	Limit       int  `query:"limit" validate:"omitempty,number,min=1,max=100,gt=0"`
+	MarketingId uint `query:"marketing_id" validate:"omitempty,gt=0"`
+}
+
+type Approve struct {
+	Action        string  `json:"action" validate:"required_strict"`
+	ApprovableIds []uint  `json:"approvable_ids" validate:"required_strict,min=1,dive,gt=0"`
+	Notes         *string `json:"notes,omitempty" validate:"omitempty,max=500"`
+}

internal/modules/marketing/module.go

@@ -0,0 +1,13 @@
+package marketing
+
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+)
+
+type MarketingModule struct{}
+
+func (MarketingModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
+	RegisterRoutes(router, db, validate)
+}

internal/modules/marketing/route.go

@@ -0,0 +1,27 @@
+package marketing
+
+import (
+	"gitlab.com/mbugroup/lti-api.git/internal/modules"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+
+	salesOrderss "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders"
+	deliveryOrderss "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/delivery-orderss"
+	// MODULE IMPORTS
+)
+
+func RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
+	group := router.Group("/marketing")
+
+	allModules := []modules.Module{
+		salesOrderss.SalesOrdersModule{},
+		deliveryOrderss.DeliveryOrdersModule{},
+		// MODULE REGISTRY
+	}
+
+	for _, m := range allModules {
+		m.RegisterRoutes(group, db, validate)
+	}
+}

internal/modules/marketing/sales-orders/controllers/sales-orders.controller.go

@@ -0,0 +1,122 @@
+package controller
+
+import (
+	"strconv"
+
+	"gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/dto"
+	service "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/services"
+	validation "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/validations"
+	"gitlab.com/mbugroup/lti-api.git/internal/response"
+
+	"github.com/gofiber/fiber/v2"
+)
+
+type SalesOrdersController struct {
+	SalesOrdersService service.SalesOrdersService
+}
+
+func NewSalesOrdersController(salesOrdersService service.SalesOrdersService) *SalesOrdersController {
+	return &SalesOrdersController{
+		SalesOrdersService: salesOrdersService,
+	}
+}
+
+func (u *SalesOrdersController) CreateOne(c *fiber.Ctx) error {
+	req := new(validation.Create)
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	result, err := u.SalesOrdersService.CreateOne(c, req)
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusCreated).
+		JSON(response.Success{
+			Code:    fiber.StatusCreated,
+			Status:  "success",
+			Message: "Create salesOrders successfully",
+			Data:    dto.ToSalesOrdersListDTOFromMarketing(*result),
+		})
+}
+
+func (u *SalesOrdersController) UpdateOne(c *fiber.Ctx) error {
+	req := new(validation.Update)
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	result, err := u.SalesOrdersService.UpdateOne(c, req, uint(id))
+	if err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Update salesOrders successfully",
+			Data:    dto.ToSalesOrdersListDTOFromMarketing(*result),
+		})
+}
+
+func (u *SalesOrdersController) DeleteOne(c *fiber.Ctx) error {
+	param := c.Params("id")
+
+	id, err := strconv.Atoi(param)
+	if err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid Id")
+	}
+
+	if err := u.SalesOrdersService.DeleteOne(c, uint(id)); err != nil {
+		return err
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Common{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: "Delete salesOrders successfully",
+		})
+}
+
+func (u *SalesOrdersController) Approval(c *fiber.Ctx) error {
+	req := new(validation.Approve)
+
+	if err := c.BodyParser(req); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, "Invalid request body")
+	}
+
+	results, err := u.SalesOrdersService.Approval(c, req)
+	if err != nil {
+		return err
+	}
+
+	var (
+		data    interface{}
+		message = "Submit sales order approval successfully"
+	)
+	if len(results) == 1 {
+		data = dto.ToSalesOrdersListDTOFromMarketing(results[0])
+	} else {
+		message = "Submit sales order approvals successfully"
+		data = dto.ToSalesOrdersListDTOsFromMarketing(results)
+	}
+
+	return c.Status(fiber.StatusOK).
+		JSON(response.Success{
+			Code:    fiber.StatusOK,
+			Status:  "success",
+			Message: message,
+			Data:    data,
+		})
+}

internal/modules/marketing/sales-orders/dto/sales-orders.dto.go

@@ -0,0 +1,90 @@
+package dto
+
+import (
+	"time"
+
+	entity "gitlab.com/mbugroup/lti-api.git/internal/entities"
+	productWarehouseDTO "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/dto"
+)
+
+// === DTO Structs ===
+
+type MarketingProductDTO struct {
+	Id               uint                                          `json:"id"`
+	Qty              float64                                       `json:"qty"`
+	UnitPrice        float64                                       `json:"unit_price"`
+	AvgWeight        float64                                       `json:"avg_weight"`
+	TotalWeight      float64                                       `json:"total_weight"`
+	TotalPrice       float64                                       `json:"total_price"`
+	ProductWarehouse *productWarehouseDTO.ProductWarehousNestedDTO `json:"product_warehouse,omitempty"`
+}
+
+type SalesOrdersListDTO struct {
+	Id         uint                  `json:"id"`
+	SoNumber   string                `json:"so_number"`
+	SoDate     time.Time             `json:"so_date"`
+	Notes      string                `json:"notes,omitempty"`
+	SalesOrder []MarketingProductDTO `json:"sales_order,omitempty"`
+}
+
+// === Mapper Functions ===
+
+func ToMarketingProductDTO(e entity.MarketingProduct) MarketingProductDTO {
+	var productWarehouse *productWarehouseDTO.ProductWarehousNestedDTO
+
+	if e.ProductWarehouse.Id != 0 {
+		mapped := productWarehouseDTO.ToProductWarehouseNestedDTO(e.ProductWarehouse)
+		productWarehouse = &mapped
+	}
+
+	return MarketingProductDTO{
+		Id:               e.Id,
+		Qty:              e.Qty,
+		UnitPrice:        e.UnitPrice,
+		AvgWeight:        e.AvgWeight,
+		TotalWeight:      e.TotalWeight,
+		TotalPrice:       e.TotalPrice,
+		ProductWarehouse: productWarehouse,
+	}
+}
+
+func ToSalesOrdersListDTO(e entity.Marketing) SalesOrdersListDTO {
+	products := make([]MarketingProductDTO, len(e.Products))
+	for i, p := range e.Products {
+		products[i] = ToMarketingProductDTO(p)
+	}
+
+	return SalesOrdersListDTO{
+		Id:         e.Id,
+		SoNumber:   e.SoNumber,
+		SoDate:     e.SoDate,
+		Notes:      e.Notes,
+		SalesOrder: products,
+	}
+}
+
+func ToSalesOrdersListDTOFromMarketing(e entity.Marketing) SalesOrdersListDTO {
+	var salesOrder []MarketingProductDTO
+	if len(e.Products) > 0 {
+		salesOrder = make([]MarketingProductDTO, len(e.Products))
+		for i, product := range e.Products {
+			salesOrder[i] = ToMarketingProductDTO(product)
+		}
+	}
+
+	return SalesOrdersListDTO{
+		Id:         e.Id,
+		SoNumber:   e.SoNumber,
+		SoDate:     e.SoDate,
+		Notes:      e.Notes,
+		SalesOrder: salesOrder,
+	}
+}
+
+func ToSalesOrdersListDTOsFromMarketing(e []entity.Marketing) []SalesOrdersListDTO {
+	result := make([]SalesOrdersListDTO, len(e))
+	for i, r := range e {
+		result[i] = ToSalesOrdersListDTOFromMarketing(r)
+	}
+	return result
+}

internal/modules/marketing/sales-orders/module.go

@@ -0,0 +1,39 @@
+package sales_orders
+
+import (
+	"fmt"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"gorm.io/gorm"
+
+	commonRepo "gitlab.com/mbugroup/lti-api.git/internal/common/repository"
+	commonSvc "gitlab.com/mbugroup/lti-api.git/internal/common/service"
+	rProductWarehouse "gitlab.com/mbugroup/lti-api.git/internal/modules/inventory/product-warehouses/repositories"
+	rSalesOrders "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/repositories"
+	sSalesOrders "gitlab.com/mbugroup/lti-api.git/internal/modules/marketing/sales-orders/services"
+	rCustomer "gitlab.com/mbugroup/lti-api.git/internal/modules/master/customers/repositories"
+	rUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/repositories"
+	sUser "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
+	"gitlab.com/mbugroup/lti-api.git/internal/utils"
+)
+
+type SalesOrdersModule struct{}
+
+func (SalesOrdersModule) RegisterRoutes(router fiber.Router, db *gorm.DB, validate *validator.Validate) {
+	marketingRepo := rSalesOrders.NewMarketingRepository(db)
+	userRepo := rUser.NewUserRepository(db)
+	customerRepo := rCustomer.NewCustomerRepository(db)
+	productWarehouseRepo := rProductWarehouse.NewProductWarehouseRepository(db)
+
+	approvalSvc := commonSvc.NewApprovalService(commonRepo.NewApprovalRepository(db))
+
+	if err := approvalSvc.RegisterWorkflowSteps(utils.ApprovalWorkflowMarketing, utils.MarketingApprovalSteps); err != nil {
+		panic(fmt.Sprintf("failed to register marketing approval workflow: %v", err))
+	}
+
+	salesOrdersService := sSalesOrders.NewSalesOrdersService(marketingRepo, customerRepo, productWarehouseRepo, userRepo, approvalSvc, validate)
+	userService := sUser.NewUserService(userRepo, validate)
+
+	SalesOrdersRoutes(router, userService, salesOrdersService)
+}