Fixed critical issues with the profile page (/dashboard/profile):
1. **Form data not persisting on page refresh**:
- Added useEffect to update form values when user data loads
- Forms now properly populate after auth context loads user data
2. **Blank page on refresh**:
- Added loading and error states for better UX
- Handle case where user is not loaded yet (loading spinner)
- Handle case where user fails to load (retry button)
3. **Password change API endpoint correction**:
- Fixed: POST /api/v1/users/change-password (incorrect)
- Corrected to: PATCH /api/v1/users/me/password (matches backend)
- Updated return type to include { message: string }
The root cause was that useForm defaultValues were set once at
component mount when user was still null. The form never updated
when user data was subsequently loaded by the auth context.
Now the form properly resets with user data via useEffect, and
proper loading/error states prevent showing a blank page.
Refs: apps/frontend/app/dashboard/profile/page.tsx:68-78
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix password change feature that was previously non-functional:
- Add changePassword function in frontend API (src/lib/api/users.ts)
- Update API endpoint to match backend: PATCH /api/v1/users/me/password
- Connect profile page to real API instead of mock implementation
- Export changePassword function from API index
The backend endpoint was already implemented but frontend was using
a placeholder Promise.resolve(). Now properly calls the backend API.
Refs: apps/frontend/app/dashboard/profile/page.tsx:87-105
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Replace full logo (1875x1699) with simplified icon (512x512) optimized for favicon display
- Implement CSS media queries for automatic theme adaptation:
* Dark mode: white X (#FFFFFF) with cyan dot (#34CCCD)
* Light mode: dark blue X and dot (#1D3865)
- Remove old logo files (xpeditis-icon.svg, xpeditis-logo.svg)
- Simplified design with clean X shape and accent dot for better visibility at small sizes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace the icon with the full Xpeditis logo (logo-black.svg) as requested.
Updated references in:
- app/icon.svg (favicon)
- app/layout.tsx (metadata and social cards)
- public/manifest.json (PWA icon)
Note: The full logo (1875x1699px) will be scaled down in browser tabs.
Consider creating a square optimized version for better display in small sizes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add site favicon and enhance metadata for better SEO and social sharing:
- Added app/icon.svg from existing logo for browser tab icon
- Enhanced metadata with Open Graph and Twitter card support
- Created manifest.json for PWA support
- Added metadataBase for proper social image resolution
- Updated .env.example with NEXT_PUBLIC_APP_URL
The Xpeditis logo (blue background with cyan X) now appears in:
- Browser tabs (favicon)
- Bookmarks
- Mobile home screen (PWA)
- Social media shares (Open Graph)
Configuration for different environments:
- Dev: NEXT_PUBLIC_APP_URL=http://localhost:3000
- Preprod: NEXT_PUBLIC_APP_URL=https://app.preprod.xpeditis.com
- Prod: NEXT_PUBLIC_APP_URL=https://xpeditis.com🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace hardcoded localhost:4000 URLs with NEXT_PUBLIC_API_URL environment variable
in carrier portal pages to support different environments (dev/staging/production).
Pages updated:
- app/carrier/accept/[token]/page.tsx
- app/carrier/reject/[token]/page.tsx
This fixes the issue where preprod environment (app.preprod.xpeditis.com) was calling
localhost:4000 instead of the correct API endpoint (api.preprod.xpeditis.com).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Problems Fixed:
1. **User Creation (Invite)**
- ❌ Missing password field (required by API)
- ❌ Hardcoded organizationId 'default-org-id'
- ❌ Wrong role format (lowercase instead of ADMIN/USER/MANAGER)
- ✅ Now uses currentUser.organizationId from auth context
- ✅ Added password field with validation (min 8 chars)
- ✅ Fixed role enum to match backend (ADMIN, USER, MANAGER, VIEWER)
2. **Role Change (PATCH)**
- ❌ Used 'as any' masking type errors
- ❌ Lowercase role values
- ✅ Proper typing with uppercase roles
- ✅ Added success/error feedback
- ✅ Disabled state during mutation
3. **Toggle Active (PATCH)**
- ✅ Was working but added better feedback
- ✅ Added disabled state during mutation
4. **Delete User (DELETE)**
- ✅ Was working but added better feedback
- ✅ Added disabled state during mutation
5. **UI Improvements**
- Added success messages with auto-dismiss (3s)
- Added error messages with auto-dismiss (5s)
- Added loading states on all action buttons
- Fixed role badge colors to use uppercase keys
- Better form validation before API call
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Problem:
- CSV files uploaded to MinIO via admin panel
- But getAvailableCsvFiles() only listed local filesystem
- Result: rate search returned 0 results even though files exist in MinIO
Solution:
- Modified getAvailableCsvFiles() to check MinIO first
- Lists files from csv_rate_configs table with minioObjectKey
- Falls back to local filesystem if MinIO not configured
- Logs clearly which source is being used
This ensures rate search uses the uploaded CSV files from MinIO storage.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Fixed test user migration to use real Argon2id hash for Password123!
- Replaced random uuidv4() with fixed UUIDs in organization seeds
- Updated auth.service.ts to use DEFAULT_ORG_ID constant
- Added ON CONFLICT DO UPDATE to migration for existing users
- Ensures consistent UUIDs across environments (dev/preprod/prod)
Fixes:
- Registration 500 error (foreign key constraint violation)
- Login 401 error (invalid password hash)
- Organization ID mismatch between migrations and application code
Test users (Password: Password123!):
- admin@xpeditis.com (ADMIN)
- manager@xpeditis.com (MANAGER)
- user@xpeditis.com (USER)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
CRITICAL FIX: Frontend was serving raw CSS with uncompiled @tailwind directives,
resulting in completely unstyled pages (plain text without any CSS).
Root cause:
- postcss.config.js and tailwind.config.js/ts were excluded in .dockerignore
- This prevented PostCSS/Tailwind from compiling CSS during Docker builds
- Local builds worked because config files were present
Changes:
1. apps/frontend/.dockerignore:
- Commented out postcss.config.js exclusion
- Commented out tailwind.config.js/ts exclusions
- Added explanatory comments about why these files are needed
2. apps/backend/Dockerfile:
- Copy src/ directory to production stage for CSV upload paths
- Create csv-storage/rates directory with proper permissions
- Fix EACCES errors when uploading CSV files
3. apps/backend/src/application/controllers/admin/csv-rates.controller.ts:
- Add getCsvUploadPath() helper function
- Support both local dev and Docker environments
- Use absolute paths instead of relative paths
4. docker-compose.dev.yml:
- Change backend port mapping to 4001:4000 (avoid local dev conflicts)
- Change frontend port mapping to 3001:3000
- Update CORS_ORIGIN and NEXT_PUBLIC_API_URL accordingly
Impact:
- ✅ Fixes completely broken frontend CSS in Docker/production
- ✅ Applies to CI/CD builds (uses apps/frontend/.dockerignore)
- ✅ Applies to Portainer deployments (pulls from CI/CD images)
- ✅ Fixes CSV upload permission errors in backend
- ✅ Enables local Docker testing on Mac ARM64
Testing:
- Local Docker build now shows compiled Tailwind CSS (60KB+)
- Frontend displays properly styled pages at http://localhost:3001
- Backend CSV uploads work without permission errors
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add fs and path imports at top of file
- Remove inline require() statements that violated ESLint rules
- Fixes 6 @typescript-eslint/no-var-requires errors
- Export S3StorageAdapter directly from StorageModule
- Import StorageModule and ConfigModule in CsvRateModule
- Fix dependency injection for S3StorageAdapter in CSV controllers
- Upload CSV files to MinIO/S3 after validation
- Store MinIO object key in database metadata
- Support loading CSV from MinIO with fallback to local files
- Delete from both MinIO and local storage when removing files
- Add migration script to upload existing CSV files to MinIO
- Graceful degradation if MinIO is not configured
Fixed CSV file upload to properly generate filename based on company name. The previous implementation tried to read `req.body.companyName` in multer's filename callback, but the body is not yet parsed at that point, causing files to be named "unknown.csv".
## Solution
1. Use temporary filename during upload (timestamp + random)
2. After validation and parsing, rename file to proper company name format
3. Delete old file if it exists before renaming
4. Store final filename in database configuration
## Changes
- Multer filename callback now generates temporary filename
- Added file renaming logic after successful validation
- Updated database records to use final filename instead of temp name
- Added logging for file operations
## Impact
- New CSV uploads will have correct filenames (e.g., "ssc-consolidation.csv")
- No more "unknown.csv" files
- Existing "unknown.csv" needs to be manually deleted via dashboard
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed CSV rate upload to use the company name provided in the upload form instead of reading it from the CSV file's companyName column. This prevents "unknown" or incorrect company names from being used.
## Changes
**Domain Layer**
- Updated `CsvRateLoaderPort` interface to accept optional `companyNameOverride` parameter
- Modified `CsvRateSearchService.loadAllRates()` to pass company name from config when loading rates
**Infrastructure Layer**
- Updated `CsvRateLoaderAdapter.loadRatesFromCsv()` to accept `companyNameOverride` parameter
- Modified `mapToCsvRate()` to use override company name if provided, otherwise fallback to CSV column value
- Added logging to show which company name is being used (from override or CSV)
**Application Layer**
- Updated CSV upload controller to pass `dto.companyName` to the loader
## Impact
- When uploading a CSV file through the admin interface, the company name from the form is now correctly used
- Existing CSV files with "unknown" in the companyName column will now show the correct company name from the database configuration
- Backward compatible: if no override is provided, the CSV column value is still used
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added comprehensive CSV rates management interface to the frontend dashboard with full CRUD operations.
## Backend Changes
- Added `GET /api/v1/admin/csv-rates/files` endpoint to list all uploaded CSV files with metadata
- Added `DELETE /api/v1/admin/csv-rates/files/:filename` endpoint to delete CSV files and their configurations
- Both endpoints provide frontend-compatible responses with file info (filename, size, rowCount, uploadedAt)
- File deletion includes both filesystem cleanup and database configuration removal
## Frontend Changes
- Added "CSV Rates" navigation item to dashboard sidebar (ADMIN only)
- Moved CSV rates page from `/app/admin/csv-rates` to `/app/dashboard/admin/csv-rates` for proper dashboard integration
- Updated CsvUpload component to include required `companyEmail` field
- Component now properly validates and sends all required fields (companyName, companyEmail, file)
- Enhanced form validation with email input type
## Features
- ✅ Upload CSV rate files with company name and email
- ✅ List all uploaded CSV files with metadata (filename, size, row count, upload date)
- ✅ Delete CSV files with confirmation dialog
- ✅ Real-time file validation (format, size limit 10MB)
- ✅ Auto-refresh after successful operations
- ✅ ADMIN role-based access control
- ✅ Integrated into dashboard navigation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
The .dockerignore was excluding package-lock.json, causing npm ci to fail
with "The npm ci command can only install with an existing package-lock.json".
Commented out the package-lock.json line in .dockerignore to allow it to be
copied into the Docker build context.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Set explicit "builder": "tsc" in nest-cli.json
- Simplified tsconfig.build.json to only extend base config
- Updated build script back to `nest build && tsc-alias`
This ensures NestJS uses the TypeScript compiler that properly respects path mappings in tsconfig.json.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Changed build script from `nest build` to `tsc -p tsconfig.build.json`
- This ensures TypeScript path aliases (@domain/*, @application/*, @infrastructure/*) are properly resolved during compilation
- tsc-alias then converts the resolved paths to relative imports in the output
- Reverted tsconfig.json to original baseUrl: "./" configuration
- Added explicit path aliases to tsconfig.build.json for clarity
Root cause: NestJS's `nest build` command doesn't fully support TypeScript path aliases out of the box. Using `tsc` directly ensures proper path resolution.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
