update endpoint callback

replace-configuration

See merge request mbugroup/lti-api!56

.env.example

@@ -1,56 +0,0 @@
-# server configuration
-# Env value : prod || dev
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=http://localhost:8081
-
-# database configuration
-DB_HOST=postgresdb
-DB_USER=postgres
-DB_PASSWORD=changeme
-DB_NAME=db_lti_erp
-DB_PORT=5432
-DB_PORT_HOST=5542
-
-# JWT
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# CORS
-CORS_ALLOW_ORIGINS=changeme
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# Redis
-REDIS_URL=redis://redis:6379/0
-REDIS_PORT_HOST=6381
-
-# SSO Integration
-SSO_ISSUER=http://localhost:8080/api
-# SSO_JWKS_URL=http://localhost:8080/api/.well-known/jwks.json
-SSO_JWKS_URL=http://host.docker.internal:8080/api/.well-known/jwks.json
-SSO_ALLOWED_AUDIENCES=client:lti-api
-SSO_AUTHORIZE_URL=http://localhost:8080/sso/authorize
-SSO_TOKEN_URL=http://localhost:8080/sso/token
-SSO_GETME_URL=http://localhost:8080/api/auth/get-me
-SSO_ACCESS_COOKIE_NAME=sso_access
-SSO_REFRESH_COOKIE_NAME=sso_refresh
-SSO_COOKIE_DOMAIN=
-SSO_COOKIE_SECURE=false
-SSO_COOKIE_SAMESITE=Lax
-SSO_TOKEN_BLACKLIST_PREFIX=sso:blacklist
-SSO_PKCE_TTL_SECONDS=300
-# Security window and payload limits for SSO user sync webhook
-SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS=120
-SSO_USER_SYNC_NONCE_TTL_SECONDS=600
-SSO_USER_SYNC_MAX_BODY_BYTES=32768
-# Example JSON (single-line) of client configs (each client requires a unique sync_secret)
-SSO_CLIENTS={"LTI":{"public_id":"Lumbung-Telur-Indonesia","redirect_uri":"http://localhost:8081/api/sso/callback","scope":"openid profile","default_return_uri":"http://localhost:3000","allowed_return_origins":["http://localhost:3000"],"sync_secret":"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr"}}

.env.lti-api

@@ -1,58 +0,0 @@
-# .env.lti-api (Development Server with Domain)
-# =============================================
-
-# Server configuration
-VERSION=0.0.1
-APP_ENV=dev
-APP_HOST=0.0.0.0
-APP_PORT=8081
-APP_URL=https://dev-api-lti.mbugroup.id
-
-# Database configuration (pakai PostgreSQL milik SSO)
-DB_HOST=sso-postgres
-DB_USER=postgres
-DB_PASSWORD=postgres
-DB_NAME=db_lti_erp
-DB_PORT=5432
-
-# JWT configuration
-JWT_SECRET=changeme
-JWT_ACCESS_EXP_MINUTES=30
-JWT_REFRESH_EXP_DAYS=30
-JWT_RESET_PASSWORD_EXP_MINUTES=10
-JWT_VERIFY_EMAIL_EXP_MINUTES=10
-
-# Redis (pakai Redis milik SSO)
-REDIS_URL=redis://sso-redis:6379/0
-
-# CORS configuration
-CORS_ALLOW_ORIGINS=https://dev-api-sso.mbugroup.id,https://dev-lti.mbugroup.id,https://dev-api-lti.mbugroup.id,http://localhost:3000
-CORS_ALLOW_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
-CORS_ALLOW_HEADERS=Authorization,Content-Type,X-Requested-With
-CORS_EXPOSE_HEADERS=Link,Location
-CORS_ALLOW_CREDENTIALS=true
-CORS_MAX_AGE=600
-
-# SSO Integration (Gunakan domain backend SSO)
-SSO_ISSUER=https://dev-api-sso.mbugroup.id
-SSO_JWKS_URL=https://dev-api-sso.mbugroup.id/api/.well-known/jwks.json
-SSO_ALLOWED_AUDIENCES=
-SSO_AUTHORIZE_URL=https://dev-api-sso.mbugroup.id/api/sso/authorize
-SSO_TOKEN_URL=https://dev-api-sso.mbugroup.id/api/sso/token
-SSO_GETME_URL=https://dev-api-sso.mbugroup.id/api/auth/get-me
-
-# Cookie & session configuration
-SSO_ACCESS_COOKIE_NAME=sso_access
-SSO_REFRESH_COOKIE_NAME=sso_refresh
-SSO_COOKIE_DOMAIN=.mbugroup.id
-SSO_COOKIE_SECURE=true
-SSO_COOKIE_SAMESITE=Lax
-SSO_PKCE_TTL_SECONDS=300
-
-# SSO webhook / user sync settings
-SSO_USER_SYNC_SIGNATURE_DRIFT_SECONDS=120
-SSO_USER_SYNC_NONCE_TTL_SECONDS=600
-SSO_USER_SYNC_MAX_BODY_BYTES=32768
-
-# Client registration for SSO
-SSO_CLIENTS={"Lumbung-Telur-Indonesia":{"public_id":"Lumbung-Telur-Indonesia","redirect_uri":"https://dev-api-lti.mbugroup.id/api/sso/callback","scope":"openid profile","default_return_uri":"https://dev-lti.mbugroup.id","allowed_return_origins":["https://dev-lti.mbugroup.id","http://localhost:3000"],"sync_secret":"onUyfODIMHOh4TgGLgyWLmsNeVNxFRHqoLJFLPjr"}}

.gitignore

@@ -16,7 +16,7 @@ docker-compose.yaml
 Dockerfile.local
 # Go build cache
 .gocache/
-vendor/
+vendor
 
 # Logs & reports
 *.log

.gitlab-ci.yml

@@ -0,0 +1,69 @@
+stages:
+  - deploy
+
+deploy-dev:
+  stage: deploy
+  image: alpine:3.20
+  variables:
+    DEPLOY_APP: "LTI-MBUGROUP"
+
+  before_script:
+    - echo "🧰 Installing dependencies..."
+    - apk update && apk add --no-cache openssh git curl
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - eval $(ssh-agent -s)
+    - ssh-add ~/.ssh/id_rsa
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+
+  script:
+    - echo "🚀 Deploying latest code to $SERVER_USER@$SERVER_IP"
+    - >
+      if ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
+        cd /home/devops/docker/deployment/development/lti-api &&
+        git fetch origin development &&
+        git reset --hard origin/development &&
+        docker compose restart dev-api-lti || docker compose up -d dev-api-lti
+      "; then
+        STATUS='success';
+      else
+        STATUS='failed';
+      fi;
+
+      RUN_URL="${CI_PROJECT_URL}/-/pipelines/${CI_PIPELINE_ID}";
+
+      if [ "$STATUS" = "success" ]; then
+        COLOR=3066993;
+        TITLE="✅ Deployment API Succeeded";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` completed successfully.";
+      else
+        COLOR=15158332;
+        TITLE="❌ Deployment API Failed Gaes";
+        DESC="Deployment job on branch \`${CI_COMMIT_REF_NAME}\` failed.";
+      fi;
+
+      echo "{
+        \"username\": \"CI Bot\",
+        \"embeds\": [{
+          \"title\": \"$TITLE\",
+          \"description\": \"$DESC\",
+          \"color\": $COLOR,
+          \"fields\": [
+            {\"name\": \"Repository\", \"value\": \"${CI_PROJECT_PATH}\", \"inline\": true},
+            {\"name\": \"Actor\", \"value\": \"${GITLAB_USER_LOGIN}\", \"inline\": true},
+            {\"name\": \"Commit\", \"value\": \"${CI_COMMIT_SHA}\", \"inline\": false},
+            {\"name\": \"Pipeline\", \"value\": \"[Open run](${RUN_URL})\", \"inline\": false}
+          ]
+        }]
+      }" > payload.json;
+
+      echo "📡 Sending notification to Discord...";
+      curl -sS -H "Content-Type: application/json" \
+        -d @payload.json "$DISCORD_WEBHOOK_URL";
+
+  only:
+    - development
+
+  environment:
+    name: development

Makefile

@@ -1,59 +0,0 @@
-# ===============================
-# LTI-API Makefile (Docker Setup)
-# ===============================
-
-APP_NAME := lti-api
-COMPOSE := docker compose -f docker-compose.yaml
-NETWORK := lti-network
-ENV_FILE := .env.lti-api
-
-include $(ENV_FILE)
-export $(shell sed 's/=.*//' $(ENV_FILE))
-
-MIGRATIONS_DIR := ./migrations
-MIGRATE_IMAGE := migrate/migrate:v4.15.2
-DB_URL := postgres://$(DB_USER):$(DB_PASSWORD)@lti-postgres:5432/$(DB_NAME)?sslmode=disable
-
-# --- Docker ---
-docker-local:
-	@echo "🚀 Starting $(APP_NAME) with local PostgreSQL & Redis..."
-	@$(COMPOSE) up --build -d
-
-docker-down:
-	@$(COMPOSE) down --remove-orphans
-
-docker-nuke:
-	@echo "💣 Removing all containers, images, and volumes..."
-	@$(COMPOSE) down --rmi all --volumes --remove-orphans
-
-# --- Database / Migration ---
-
-wait-db:
-	@echo "⏳ Waiting for database lti-postgres to be ready (inside Docker network)..."
-	@$(COMPOSE) run --rm app sh -c 'until nc -z lti-postgres 5432; do echo "Waiting for DB..."; sleep 2; done; echo "✅ Database is ready!"'
-
-migrate-up: wait-db
-	@echo "⬆️  Running migrations..."
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" up
-
-migrate-down: wait-db
-	@echo "⬇️  Rolling back all migrations..."
-	@docker run --rm -v $(MIGRATIONS_DIR):/migrations --network $(NETWORK) \
-		$(MIGRATE_IMAGE) -path=/migrations/ -database "$(DB_URL)" down -all
-
-seed:
-	@echo "🌱 Running seed script..."
-	@$(COMPOSE) run --rm app go run cmd/seed/main.go
-
-psql:
-	@docker exec -it lti-postgres psql -U $(DB_USER) -d $(DB_NAME)
-
-logs:
-	@$(COMPOSE) logs -f app
-
-restart:
-	@$(COMPOSE) restart
-
-status:
-	@$(COMPOSE) ps

credential/.env.db

@@ -0,0 +1,3 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=Postgres@Secure2025!
+POSTGRES_DB=db_lti_erp

credential/01_init_app_user.sql

@@ -0,0 +1,47 @@
+-- ============================================================
+-- 🧩 INIT SCRIPT: CREATE LIMITED APP USER FOR LTI API
+-- ============================================================
+
+-- Buat user aplikasi jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'app_lti_user') THEN
+        CREATE ROLE app_lti_user WITH LOGIN PASSWORD 'AppLti@Secure2025!' NOINHERIT NOCREATEROLE NOCREATEDB NOSUPERUSER;
+        RAISE NOTICE '✅ Role app_lti_user created successfully.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Role app_lti_user already exists.';
+    END IF;
+END
+$$;
+
+-- Buat database jika belum ada
+DO
+$$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_database WHERE datname = 'db_lti_erp') THEN
+        CREATE DATABASE db_lti_erp OWNER app_lti_user;
+        RAISE NOTICE '✅ Database db_lti_erp created and owned by app_lti_user.';
+    ELSE
+        RAISE NOTICE 'ℹ️ Database db_lti_erp already exists.';
+    END IF;
+END
+$$;
+
+\connect db_lti_erp
+
+-- Beri hak CRUD untuk app_lti_user
+GRANT CONNECT ON DATABASE db_lti_erp TO app_lti_user;
+GRANT USAGE ON SCHEMA public TO app_lti_user;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO app_lti_user;
+GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO app_lti_user;
+
+-- Set default privileges agar tabel baru juga bisa diakses
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO app_lti_user;
+
+ALTER DEFAULT PRIVILEGES IN SCHEMA public
+GRANT USAGE, SELECT ON SEQUENCES TO app_lti_user;
+
+-- Tampilkan hasil
+\du app_lti_user

docker-compose.local.yml

@@ -1,75 +0,0 @@
-services:
-  postgresdb:
-    image: postgres:alpine
-    restart: always
-    ports:
-      - "${DB_PORT_HOST:-5542}:5432"
-    environment:
-      POSTGRES_USER: ${DB_USER:-postgres}
-      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
-      POSTGRES_DB: ${DB_NAME:-db_lti_erp}
-    volumes:
-      - dbdata:/var/lib/postgresql/data
-      - ./internal/database/init:/docker-entrypoint-initdb.d
-    networks: [go-network]
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "pg_isready -U ${DB_USER:-postgres} -d ${DB_NAME:-db_lti_erp}",
-        ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
-    ports:
-      - "${REDIS_PORT_HOST:-6381}:6379"
-    healthcheck:
-      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
-      interval: 5s
-      timeout: 3s
-      retries: 10
-    networks: [go-network]
-
-  app:
-    build:
-      context: .
-      dockerfile: Dockerfile.local
-    image: cosmtrek/air:v1.52.3
-    working_dir: /lti-api
-    volumes:
-      - .:/lti-api
-    command: air -c .air.toml
-    env_file:
-      - .env
-    environment:
-      DB_HOST: postgresdb
-      DB_PORT: 5432
-      DB_USER: ${DB_USER:-postgres}
-      DB_PASSWORD: ${DB_PASSWORD:-postgres}
-      DB_NAME: ${DB_NAME:-db_lti_erp}
-      REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
-    ports:
-      - "${APP_PORT:-8081}:8081"
-    depends_on:
-      postgresdb:
-        condition: service_healthy
-    networks: [go-network]
-    healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost:8081/healthz || exit 1"]
-      interval: 10s
-      timeout: 3s
-      retries: 10
-      start_period: 10s
-
-volumes:
-  dbdata:
-  go-mod-cache:
-  go-build-cache:
-
-networks:
-  go-network:
-    name: lti-api_go-network
-    driver: bridge

docker-compose.yaml

@@ -1,30 +1,28 @@
-version: "3.9"
-
 services:
-  dev-lti-api:
+  dev-api-lti:
-    container_name: dev-lti-api
     build:
       context: .
-      dockerfile: Dockerfile.local
+      dockerfile: Dockerfile
-    image: dev-lti-api:latest
+    container_name: dev-api-lti
     working_dir: /lti-api
-    command: air -c .air.toml
+    command: ["/bin/sh", "scripts/entrypoint.sh"]
     ports:
       - "8081:8081"
     env_file:
-      - .env.lti-api
+      - .env
     environment:
       # override agar koneksi ke container internal
-      DB_HOST: dev-lti-postgres
+      DB_HOST: dev-postgres-lti
       DB_PORT: 5432
-      REDIS_URL: redis://dev-lti-redis:6379/0
+      REDIS_URL: redis://dev-redis-lti:6379/0
     volumes:
       - .:/lti-api
+      - ./.air.toml:/lti-api/.air.toml:ro
       - ./internal/config/jwtRS256.key:/run/keys/jwtRS256.key
       - ./internal/config/jwtRS256.key.pub:/run/keys/jwtRS256.key.pub
     depends_on:
-      - dev-lti-postgres
+      - dev-postgres-lti
-      - dev-lti-redis
+      - dev-redis-lti
     networks:
       - lti-network
     healthcheck:
@@ -33,19 +31,26 @@ services:
       timeout: 3s
       retries: 10
       start_period: 10s
+    deploy:
+      resources:
+        limits:
+          cpus: "2.0"
+          memory: 2G
+        reservations:
+          cpus: "1.0"
+          memory: 512M
 
-  dev-lti-postgres:
+  dev-postgres-lti:
     image: postgres:15-alpine
-    container_name: dev-lti-postgres
+    container_name: dev-postgres-lti
     restart: always
-    environment:
+    env_file:
-      POSTGRES_USER: ${DB_USER:-postgres}
+      - credential/.env.db
-      POSTGRES_PASSWORD: ${DB_PASSWORD:-postgres}
-      POSTGRES_DB: ${DB_NAME:-db_lti_erp}
     ports:
       - "5433:5432"
     volumes:
-      - dev-lti-postgres-data:/var/lib/postgresql/data
+      - dev-postgres-lti-data:/var/lib/postgresql/data
+      - ./credential:/docker-entrypoint-initdb.d:ro
     networks:
       - lti-network
     healthcheck:
@@ -54,10 +59,18 @@ services:
       timeout: 5s
       retries: 5
       start_period: 5s
+    deploy:
+      resources:
+        limits:
+          cpus: "1.0"
+          memory: 2G
+        reservations:
+          cpus: "0.5"
+          memory: 512M
 
-  dev-lti-redis:
+  dev-redis-lti:
     image: redis:7-alpine
-    container_name: dev-lti-redis
+    container_name: dev-redis-lti
     restart: always
     ports:
       - "6380:6379"
@@ -68,10 +81,18 @@ services:
       interval: 10s
       timeout: 3s
       retries: 10
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+        reservations:
+          cpus: "0.2"
+          memory: 256M
 
 networks:
   lti-network:
     driver: bridge
 
 volumes:
-  dev-lti-postgres-data:
+  dev-postgres-lti-data:

internal/modules/production/project_flocks/route.go

@@ -12,7 +12,7 @@ import (
 func ProjectflockRoutes(v1 fiber.Router, u user.UserService, s projectflock.ProjectflockService) {
 	ctrl := controller.NewProjectflockController(s)
 
-	route := v1.Group("/project_flocks")
+	route := v1.Group("/project-flocks")
 	route.Use(m.Auth(u))
 
 	route.Get("/", ctrl.GetAll)

scripts/entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+echo "🔍 Waiting for PostgreSQL at $DB_HOST:$DB_PORT..."
+until nc -z "$DB_HOST" "$DB_PORT"; do
+  echo "⏳ PostgreSQL is not ready yet..."
+  sleep 2
+done
+echo "✅ PostgreSQL is ready!"
+
+echo "🏁 Starting LTI API (with Air hot reload)..."
+exec air -c .air.toml