Currently GET /api/images/:key with arbitrary key results in HTTP 500

Currently, frontend nor backend partially restrict the creation of duplicate inventory entries (same warehouse and product IDs)

Users should be able to create demo accounts via

• Frontend navbar button
• Register form

This demo account should create:

• A user account that have no login credentials and is marked as isDemo
• This account should be deleted after 24 hours
• This account should have the following pre-defined entities:
  • 1 organization
  • 4 warehouses
  • 30 product definitions
  • randomly distributed inventory items in all warehouses

This demo can be themed for a car parts store. Three warehouses can be physical store locations. Products are oil filters, alternators, and spark plugs.

Add a panel for managing members of the organization

Front

• Ability to view members with pagination
• Dropdown to change member role
• Button to remove a user from an organization with a popup confirmation
• Page to add new members to the organization

Back

• List members (paginated) endpoint
• POST Add/update rule endpoint
• DELETE rule endpoint
• Invite member endpoint

Dashboard total sales chart shows fake data:

There are missing tests that cause CI to fail

• Auth Module
• Inventory Module
• Products Module
• Organizations Module
• Inventory controler
• Organization controller

this button is disabled

Currently the second fields does nothing

Updating user preferences on the demo account currently disables the demo mode.

• Consistency on Create / Update / Delete between warehouses and org warehouse references
• Delete inventory on warehouse delete
• Delete inventory on product delete

Mocks for model-based services and repositories became very messy and need to be cleaned. For example this is mock for products repository

const regularMockFindFunction = (id?: Types.ObjectId) => {
	return {
		_id: id,
		name: 'test-product',
		buyPrice: 10,
		sellPrice: 10,
		imageKey: 'image-key',
	};
};

const mockProductsRepository = {
	create: jest.fn((dto: CreateProductDto) => {
		return dto;
	}),
	find: jest.fn(() => new Array(10).fill(() => regularMockFindFunction(new Types.ObjectId()))),
	findById: jest.fn((id: Types.ObjectId) => regularMockFindFunction(id)),
	deleteOneById: jest.fn((id: Types.ObjectId) => regularMockFindFunction(id)),
	exist: jest.fn(() => true),
	findOneByIdAndUpdate: jest.fn((id: Types.ObjectId, query: any) => ({
		...regularMockFindFunction(id),
		...query,
	})),
	countDocuments: jest.fn(() => 100),
	paginate: jest.fn(() => ({ data: [regularMockFindFunction(new Types.ObjectId())] })),
};

Which is just tons of duplicate code over all the tests, this can be siplified to:

const mockProductsRepository = new MockEntityRepository<Product>({
		name: 'test-product',
		buyPrice: 10,
		sellPrice: 10,
		imageKey: 'image-key',
	});

Current inaccuracies:

• Warehouse delete should remove inventory items
• Product delete should delete inventory items
• Organization delete should delete inventory items, products and warehouses

Demo users can request a password reset on /password-reset which is then sent to, my personal inbox.

The same goes for other email endpoints. This can be protected by NotDemoGuard and user object checks

deleting warehouse should call for org value recalculation

• ImagesController
• ImagesService

• OrganizationController should not be responsible for listing warehouses, this should be done by WarehousesController

Currently removing all user accounts that are part of an organization leaves the organization (and associated warehouses, products and items) polluting the database.

Currenly, a user creating an account faces a choice to create a demo or regular account. This choice is fine but I think the register option should be the main option and the demo should be smaller in size, they should not be just similarly sized options.

Currently, all images are uploaded as is to s3. They should be resized to same-size squares before uploading, probably using sharp

All service tests have been recently rewritten to MockEntityRepository, controllers should receive similar treatment, probably using something like MockEntityService.

• ProductsController
• InventoryController
• WarehousesController
• OrganizationsController

The organization view is missing the update page

The following resources have missing delete forms while API routes are complete

• Organization
• Warehouse
• Product
• Inventory Item

StockedUp currently has a messy structure regarding module references. There are a couple of god modules, that have dependencies for half of the project. Most modules use forwardRefs. Many modules depend on each other unnecessarily. The goal of this issue is to check all modules and implement fixes regarding their imports and exports.

Progress:

• AuthModule
• AuthEmailsModule
• DemoModule
• EmailsModule
• GravatarModule
• ImagesModule
• InventoryModule
• OrganizationsModule
• ProductsModule
• UsersModule
• WarehousesModule
• OrganizationResolverModule
• RedisModule
• S3Module
• S3CacheModule
• SecurityModule

Currently login/password-reset returns 404

User will need to re-confirm thier password to do that

Using <input type="file" /> was always tricky. There can be a nice layer of abstraction added to properly upload files to the backend.

Ideally a FormImageInput should have a simple signature:

<FromInput {...register('image')} />

Honesty I am not quite sure if it is possible with react-hook form. But this is the ideal solution.

This element should serve multiple purposes:

• The user should be able to view the current image
• The user should be able to set or replace the image
• The user should be able to delete the image

These actions should return probably ImageDto to react hook form? If that's even possible, there is multipart/form-data' encoding required,

Users should be able to delete their accounts

The current code logic around cascade deleting is messy, violates SOLID and makes a lot of barely used dependencies (and also a ton of forwardRef). There are services which are responsible for deleting other entities (this should not happen)

Instead, there should be Event Emmiters configured to send and listen to delete events. For example organizationsService can fire OrganizationDeleteEvent and product and warehouse services can listen to it.

This needs to be changed in the following files:

• organizations.service.ts - deleting warehouses and products
• organizations.service.ts - deleting and adding warehouse refs to org
• products.service.ts - deleting inventory items
• warehouses.service.ts - deleting inventory items
• users.service.ts - deleting ACL rules and empty orgs

Following resources use placeholder photos

• User avatars
• Products

These resources should have the ability to upload and retrieve images from Rest API to S3

Blocked by: #8

The current setup of organization settings is lacking and blocks the ability to add new features

Mock:

Progress:

• Create elements for creating a generic settings page with react-router routing
• Implement this element for organization pages
• Organization details page with buttons to edit, delete and leave
• Warehouse details page
• Settings page
• #32

There are currently some issues that are blocked by the lack of space on user settings page such as:

• #19
• #21

This page should be reworked using <SettingsLayout /> element. Mock design:

Currently the auth-related email actions such as:

• Confirming user email
• Resetting user password

(And maybe in the future things like confirming account deletion or changing password)

Are handled by AuthController and AuthService which is I guess not that bad place for these, but kind of makes the auth module bear too much responsibility.

https://github.com/MrBartusek/stocked-up/blob/master/apps/api/src/auth/auth.controller.ts#L68-L97

These actions should be moved to a separate module, that depends on token service, auth service and email service. It can be named something like AuthEmailsModule

Many tests are missing:

• Basic auth: register, login, logout
• creating demo accounts
• Updating user profile
• CRUD on organizations
• CRUD on products
• CRUD on warehouses
• CRUD on inventory items

Most of the tables have whitespaces in rows where there should be none

Similarly to #48 and #49 product count should also be rewritten to Event Emmiters. 388645b already removed old logic so the product count is not currently working.

Implementation

Organization service should listen to events:

• product.created
• product.deleted

and call products service to calculate new products count per organization, then save it

This project lacks a propert SETUP.md file with setup guide. There should also be a mention of this file in

• README section
• Contributing section

Currently, any logged user can modify any org resources. This should restricted via some access control system

List of ways that security module can be called:

• HasOrganizationAccessPipe when org id is passed via params
• HasProductAccess, HasWarehouseAccess and other similar pipes that will fetch org id
• SecurityValidationPipe to validate DTOs with custom decorators (with reflect-metadata)

StockeUp currently lacks an email system to notify and validate important account steps.

• Basic email system
• Workflow for tokens and confirmable emails
• Confirming email (via user token)
• Reseting password (via user token)

The following tools can be used:

• https://resend.com
• https://react.email

Users that are not admin or higher will be rightfully blocked from creating, deleting and updating of security rules by backend. But, buttons for them are still enabled.

A lot of data in the main dashboard currently is not working, not implemented or fake elements. They need to be replaced before 1.0:

The following resources should be paginated, filterable and searchable:

Backend:

• Organizations
  • Pagination
• Products
  • Pagination
  • Search by: name
  • Sort by: buyPrice, sellPrice, name
• Inventory Items
  • Pagination
  • Sort by: quantity
• Warehouses
  • Pagination

Frontend:

• Products
• Inventory Items
• Organizations
• Warehouses

There is a button for user settings that is not used:

This page should include the ability to

• Change username
• Change password
• Change avatar
• Delete account

Current inventory move page returns under construction element

The current code logic around recalculating org values is messy and hard to use. Services need to manually call value recalculation on each action. Instead, there should be Event Emmiters configured to listen to create, update and delete events inside warehouseStatsService and call recalculation independently.

This needs to be changed in the following files:

• organizations-stats.service.ts
• warehouse-stats.service.ts
• inventory-stats.service.ts
• any other files that manual call recalculation

This is the chart of how this logic should be implemented:

This implementation features two queues to prevent duplicate events from firing and hopefully optimize this whole process. There are situations where recalculation is fired multiple times and acting on it is wasting resources

• Deleting organization calls warehouse recalculate for each deleted inventory item and product. Each of this recalculations calls organization recalculate
• Deleting warehouse calls recalculation for each deleted inventory item
• Deleting product call recalculation for each deleted inventory item

Updating quantity might be tricky and prone to error if it is just an input field.

The objective is to add a better experience for adding and removing inventory on this page. There should be option to

• Type quantity manually (like right now)
• Add/Remove specific ammount

this button does nothing.

Ideally, users should be redirected to another tab in their profile to request a new email.

Currently /inventory/add doesn't allow for selection of product definition to add. Instead, it redirects to the products page.

Product selection button should open a popup with simplified ProductsTable and search bar to easily select product

The current workflow for changing e-mail address of user is just simple input field with PUT to API. The actions of changing user email should be more robust:

• First, the email changing page should be another sub-page in user settings
• Changing emails needs to require the current user password
• The user needs to re-confirm this email