From 22b2583f0b2a28fff425961d8f2164da838896a4 Mon Sep 17 00:00:00 2001 From: Ronni Baslund Date: Sun, 24 May 2026 00:35:01 +0200 Subject: [PATCH] chore(services): rename services/provisioning -> services/platform-api O.0 prep from OPERATOR-PLAN.md. Mechanical refactor before adding partner management and operator-specific endpoints. The service now owns more than just provisioning orchestration (it'll soon own partners, tenant lifecycle actions, multi-audience JWT validation), so the name 'platform-api' reflects its scope better. What changed: - Directory: services/provisioning/ -> services/platform-api/ - Package: @dezky/provisioning -> @dezky/platform-api - Docker: container_name dezky-provisioning -> dezky-platform-api; compose service key 'provisioning' -> 'platform-api'; volume provisioning_node_modules -> platform_api_node_modules - Portal: PROVISIONING_INTERNAL_URL env var -> PLATFORM_API_INTERNAL_URL, default URL http://provisioning:3001 -> http://platform-api:3001 in all three proxy routes (me.get.ts, tenants/index.post.ts, tenants/[slug]/ reconcile.post.ts), plus NUXT_API_BASE updated - Health endpoint service identifier and main.ts log lines updated to 'dezky-platform-api' - Docs swept: README, CLAUDE.md, SERVICES.md, AUTHENTIK-SETUP.md, NEXT-STEPS.md, TROUBLESHOOTING.md, OPERATOR-PLAN.md, traefik/dynamic.yml What deliberately stays: - Internal module names ProvisioningService / ProvisioningModule (those describe an orchestration sub-concern, not the service's purpose) - Tenant.provisioningStatus / provisioningErrors field names (state per integration, not service name) - File services/platform-api/src/tenants/provisioning.service.ts - 'Hetzner provisioning' references in production-prep docs (infrastructure provisioning, unrelated) Verified end-to-end after rename: /api/me returns 200 with profile + 2 tenants + subscription, /api/tenants/dezky/reconcile returns 200 with Authentik integration still ok. OPERATOR-PLAN.md O.0 checkboxes ticked. --- CLAUDE.md | 8 +++---- README.md | 2 +- apps/portal/nuxt.config.ts | 2 +- apps/portal/server/api/me.get.ts | 8 +++---- .../api/tenants/[slug]/reconcile.post.ts | 2 +- apps/portal/server/api/tenants/index.post.ts | 10 ++++---- docs/AUTHENTIK-SETUP.md | 8 +++---- docs/NEXT-STEPS.md | 12 +++++----- docs/OPERATOR-PLAN.md | 23 +++++++++++-------- docs/SERVICES.md | 16 ++++++------- docs/TROUBLESHOOTING.md | 2 +- .../configs/traefik/dynamic.yml | 2 +- .../docker-compose/docker-compose.yml | 16 +++++++------ .../package.json | 4 ++-- .../pnpm-lock.yaml | 0 .../src/app.module.ts | 0 .../src/auth/actor.service.ts | 0 .../src/auth/auth.module.ts | 0 .../src/auth/current-user.decorator.ts | 0 .../src/auth/jwt-auth.guard.ts | 0 .../src/auth/jwt-payload.interface.ts | 0 .../src/health.controller.ts | 2 +- .../src/integrations/authentik.client.ts | 0 .../src/integrations/integrations.module.ts | 0 .../src/integrations/ocis.client.ts | 0 .../src/integrations/stalwart.client.ts | 0 .../src/main.ts | 9 ++++---- .../src/schemas/subscription.schema.ts | 0 .../src/schemas/tenant.schema.ts | 0 .../src/schemas/user.schema.ts | 0 .../src/seed/seed.module.ts | 0 .../src/seed/seed.service.ts | 0 .../dto/create-subscription.dto.ts | 0 .../dto/update-subscription.dto.ts | 0 .../subscriptions/subscriptions.controller.ts | 0 .../src/subscriptions/subscriptions.module.ts | 0 .../subscriptions/subscriptions.service.ts | 0 .../src/tenants/dto/create-tenant.dto.ts | 0 .../src/tenants/dto/update-tenant.dto.ts | 0 .../src/tenants/provisioning.service.ts | 0 .../src/tenants/tenants.controller.ts | 0 .../src/tenants/tenants.module.ts | 0 .../src/tenants/tenants.service.ts | 0 .../src/users/dto/create-user.dto.ts | 0 .../src/users/dto/update-user.dto.ts | 0 .../src/users/users.controller.ts | 0 .../src/users/users.module.ts | 0 .../src/users/users.service.ts | 0 .../tsconfig.json | 0 49 files changed, 66 insertions(+), 60 deletions(-) rename services/{provisioning => platform-api}/package.json (86%) rename services/{provisioning => platform-api}/pnpm-lock.yaml (100%) rename services/{provisioning => platform-api}/src/app.module.ts (100%) rename services/{provisioning => platform-api}/src/auth/actor.service.ts (100%) rename services/{provisioning => platform-api}/src/auth/auth.module.ts (100%) rename services/{provisioning => platform-api}/src/auth/current-user.decorator.ts (100%) rename services/{provisioning => platform-api}/src/auth/jwt-auth.guard.ts (100%) rename services/{provisioning => platform-api}/src/auth/jwt-payload.interface.ts (100%) rename services/{provisioning => platform-api}/src/health.controller.ts (85%) rename services/{provisioning => platform-api}/src/integrations/authentik.client.ts (100%) rename services/{provisioning => platform-api}/src/integrations/integrations.module.ts (100%) rename services/{provisioning => platform-api}/src/integrations/ocis.client.ts (100%) rename services/{provisioning => platform-api}/src/integrations/stalwart.client.ts (100%) rename services/{provisioning => platform-api}/src/main.ts (72%) rename services/{provisioning => platform-api}/src/schemas/subscription.schema.ts (100%) rename services/{provisioning => platform-api}/src/schemas/tenant.schema.ts (100%) rename services/{provisioning => platform-api}/src/schemas/user.schema.ts (100%) rename services/{provisioning => platform-api}/src/seed/seed.module.ts (100%) rename services/{provisioning => platform-api}/src/seed/seed.service.ts (100%) rename services/{provisioning => platform-api}/src/subscriptions/dto/create-subscription.dto.ts (100%) rename services/{provisioning => platform-api}/src/subscriptions/dto/update-subscription.dto.ts (100%) rename services/{provisioning => platform-api}/src/subscriptions/subscriptions.controller.ts (100%) rename services/{provisioning => platform-api}/src/subscriptions/subscriptions.module.ts (100%) rename services/{provisioning => platform-api}/src/subscriptions/subscriptions.service.ts (100%) rename services/{provisioning => platform-api}/src/tenants/dto/create-tenant.dto.ts (100%) rename services/{provisioning => platform-api}/src/tenants/dto/update-tenant.dto.ts (100%) rename services/{provisioning => platform-api}/src/tenants/provisioning.service.ts (100%) rename services/{provisioning => platform-api}/src/tenants/tenants.controller.ts (100%) rename services/{provisioning => platform-api}/src/tenants/tenants.module.ts (100%) rename services/{provisioning => platform-api}/src/tenants/tenants.service.ts (100%) rename services/{provisioning => platform-api}/src/users/dto/create-user.dto.ts (100%) rename services/{provisioning => platform-api}/src/users/dto/update-user.dto.ts (100%) rename services/{provisioning => platform-api}/src/users/users.controller.ts (100%) rename services/{provisioning => platform-api}/src/users/users.module.ts (100%) rename services/{provisioning => platform-api}/src/users/users.service.ts (100%) rename services/{provisioning => platform-api}/tsconfig.json (100%) diff --git a/CLAUDE.md b/CLAUDE.md index fae46df..ea6fa2b 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -27,7 +27,7 @@ All components are Apache 2.0 / MIT licensed for clean commercial multi-tenant h | OCIS | `owncloud/ocis:7.0` | File storage (S3-compatible backend) | `https://files.dezky.local` | | Collabora | `collabora/code:latest` | Office document editor inside OCIS | `https://office.dezky.local` | | Portal stub | (built from `./apps/portal`) | Nuxt 3 customer portal | `https://app.dezky.local` | -| Provisioning | (built from `./services/provisioning`) | NestJS provisioning worker | (internal, port 3001) | +| Platform API | (built from `./services/platform-api`) | NestJS service · tenants/partners/users/provisioning orchestration | `api.dezky.local` (+ internal port 3001) | **NOT included in this dev setup** (added in later phases): - Jitsi Meet (4-5 sub-containers — see `docker-compose.optional.yml` when ready) @@ -65,7 +65,7 @@ dezky/ ├── apps/ │ └── portal/ # Nuxt 3 portal (stub for now) ├── services/ -│ └── provisioning/ # NestJS worker (stub for now) +│ └── platform-api/ # NestJS service · platform control plane ├── packages/ # Shared TypeScript packages (empty for now) ├── infrastructure/ │ └── docker-compose/ @@ -226,8 +226,8 @@ See `docs/TROUBLESHOOTING.md` for detailed solutions. ## After local dev works 1. Build out the Nuxt portal (`apps/portal`) — start with auth flow via Authentik OIDC -2. Build the provisioning service (`services/provisioning`) — first endpoint: create tenant -3. Wire portal → provisioning → Authentik/OCIS/Stalwart admin APIs +2. Build the platform API (`services/platform-api`) — first endpoint: create tenant +3. Wire portal → platform-api → Authentik/OCIS/Stalwart admin APIs 4. Add Zulip + Jitsi when ready (`docker-compose.optional.yml`) 5. When portal MVP is solid → migrate to Hetzner AX41 production diff --git a/README.md b/README.md index 3de6097..603323d 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ The bootstrap script: ``` dezky/ ├── apps/portal/ Nuxt 3 customer portal -├── services/provisioning/ NestJS provisioning worker +├── services/platform-api/ NestJS service · tenants, partners, users, provisioning orchestration ├── packages/ Shared TypeScript libraries ├── infrastructure/ │ └── docker-compose/ Local development stack diff --git a/apps/portal/nuxt.config.ts b/apps/portal/nuxt.config.ts index c3bcc68..c2c8579 100644 --- a/apps/portal/nuxt.config.ts +++ b/apps/portal/nuxt.config.ts @@ -63,7 +63,7 @@ export default defineNuxtConfig({ // Authentik's access tokens aren't always parseable as JWT — skip strict parsing skipAccessTokenParsing: true, // Expose access token in the server-side session so Nitro route handlers can - // forward it to provisioning. Token never reaches the browser. + // forward it to platform-api. Token never reaches the browser. exposeAccessToken: true, }, }, diff --git a/apps/portal/server/api/me.get.ts b/apps/portal/server/api/me.get.ts index 8978ff3..0197ae2 100644 --- a/apps/portal/server/api/me.get.ts +++ b/apps/portal/server/api/me.get.ts @@ -1,8 +1,8 @@ // Scaffolding route: pulls the signed-in user's profile + tenants + subscriptions -// from the provisioning service, using the user's Authentik access token forwarded -// from the encrypted server-side session. +// from platform-api, using the user's Authentik access token forwarded from the +// encrypted server-side session. // -// Verifies the full chain: portal session → access token → provisioning JWT guard → Mongo. +// Verifies the full chain: portal session → access token → platform-api JWT guard → Mongo. import { getUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.js' @@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => { throw createError({ statusCode: 401, statusMessage: 'Not signed in or no access token' }) } - const base = process.env.PROVISIONING_INTERNAL_URL ?? 'http://provisioning:3001' + const base = process.env.PLATFORM_API_INTERNAL_URL ?? 'http://platform-api:3001' const headers = { Authorization: `Bearer ${accessToken}` } const [profile, tenants, subscriptions] = await Promise.all([ diff --git a/apps/portal/server/api/tenants/[slug]/reconcile.post.ts b/apps/portal/server/api/tenants/[slug]/reconcile.post.ts index e5ab024..cbf6bf5 100644 --- a/apps/portal/server/api/tenants/[slug]/reconcile.post.ts +++ b/apps/portal/server/api/tenants/[slug]/reconcile.post.ts @@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => { throw createError({ statusCode: 401, statusMessage: 'Not signed in' }) } const slug = getRouterParam(event, 'slug') - const base = process.env.PROVISIONING_INTERNAL_URL ?? 'http://provisioning:3001' + const base = process.env.PLATFORM_API_INTERNAL_URL ?? 'http://platform-api:3001' return $fetch(`${base}/tenants/${slug}/reconcile`, { method: 'POST', headers: { Authorization: `Bearer ${accessToken}` }, diff --git a/apps/portal/server/api/tenants/index.post.ts b/apps/portal/server/api/tenants/index.post.ts index 0bcd7b3..43ceb44 100644 --- a/apps/portal/server/api/tenants/index.post.ts +++ b/apps/portal/server/api/tenants/index.post.ts @@ -1,7 +1,7 @@ -// Dev/scaffolding: proxies POST /tenants to the provisioning service with the -// logged-in user's access token. Lets you create a tenant from the browser -// without minting tokens by hand. Will be replaced by a real "create workspace" -// flow with proper UI later. +// Dev/scaffolding: proxies POST /tenants to platform-api with the logged-in +// user's access token. Lets you create a tenant from the browser without +// minting tokens by hand. Will be replaced by a real "create workspace" flow +// with proper UI later. import { getUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.js' @@ -13,7 +13,7 @@ export default defineEventHandler(async (event) => { } const body = await readBody(event) - const base = process.env.PROVISIONING_INTERNAL_URL ?? 'http://provisioning:3001' + const base = process.env.PLATFORM_API_INTERNAL_URL ?? 'http://platform-api:3001' return $fetch(`${base}/tenants`, { method: 'POST', diff --git a/docs/AUTHENTIK-SETUP.md b/docs/AUTHENTIK-SETUP.md index 7701864..cc6ab69 100644 --- a/docs/AUTHENTIK-SETUP.md +++ b/docs/AUTHENTIK-SETUP.md @@ -130,9 +130,9 @@ EOF Note: Stalwart's OIDC integration is configured in `infrastructure/docker-compose/configs/stalwart/config.toml`. For local dev with internal users, OIDC is optional. -## 4. Get the API token for provisioning service +## 4. Get the API token for platform-api -The provisioning service needs to call Authentik's API to create tenants, users, and applications. `.env` holds a pre-generated value in `AUTHENTIK_BOOTSTRAP_TOKEN`, but Authentik 2025.10 does **not** materialize that env var into a usable API token on first boot. You need to create the token once and bind it to `akadmin`. +platform-api needs to call Authentik's API to create tenants, users, and applications. `.env` holds a pre-generated value in `AUTHENTIK_BOOTSTRAP_TOKEN`, but Authentik 2025.10 does **not** materialize that env var into a usable API token on first boot. You need to create the token once and bind it to `akadmin`. ### One-time setup @@ -158,7 +158,7 @@ print('Token bound to akadmin') " ``` -Alternative: create the token through the UI — **Directory → Tokens & App passwords → Create**, set `Intent: API`, `User: akadmin`, then copy the key into `.env` and restart the provisioning service. +Alternative: create the token through the UI — **Directory → Tokens & App passwords → Create**, set `Intent: API`, `User: akadmin`, then copy the key into `.env` and restart platform-api. ### Verify it works @@ -187,7 +187,7 @@ For local dev, you can either: - Tenant subdomain pattern: `{tenant}.auth.dezky.local` - More realistic but more setup overhead -For dev, start with Option A. The provisioning service should be built to support Option B from day one (data model includes `tenantId`). +For dev, start with Option A. platform-api should be built to support Option B from day one (data model includes `tenantId`). ## 6. Test SSO flow end-to-end diff --git a/docs/NEXT-STEPS.md b/docs/NEXT-STEPS.md index d5a125f..433a6f4 100644 --- a/docs/NEXT-STEPS.md +++ b/docs/NEXT-STEPS.md @@ -41,15 +41,15 @@ Goal: Users can log in to the portal via Authentik. ## Phase 3: Tenant data model (week 1-2) — done -- [x] Mongoose schemas in `services/provisioning/src/schemas/` (Tenant, User, Subscription) +- [x] Mongoose schemas in `services/platform-api/src/schemas/` (Tenant, User, Subscription) - [x] Tenant: slug, name, status, plan, domains, authentikGroupId, ocisSpaceId, stalwartDomain, billingInfo - [x] User: authentikSubjectId, tenantIds[], email, name, role, active, lastLoginAt - [x] Subscription: tenantId, plan, status, stripeCustomerId, stripeSubscriptionId, period dates - [x] CRUD endpoints behind `JwtAuthGuard` (validates Authentik JWT via JWKS) - [x] Group-based authorization: users see only tenants whose slug matches one of their Authentik `groups`; `dezky-platform-admins` group has global access - [x] Idempotent seed (`SeedService`) creates the `dezky` tenant + matching subscription on bootstrap -- [x] Provisioning exposed at `https://api.dezky.local` (Traefik label, dev only) and via internal `http://provisioning:3001` -- [x] Portal Nitro route at `/api/me` forwards the user's encrypted access token to provisioning — verified end-to-end +- [x] platform-api exposed at `https://api.dezky.local` (Traefik label, dev only) and via internal `http://platform-api:3001` +- [x] Portal Nitro route at `/api/me` forwards the user's encrypted access token to platform-api — verified end-to-end ### Endpoints @@ -91,9 +91,9 @@ upstream-specific work. | Concern | File | |---|---| -| Integration clients | `services/provisioning/src/integrations/{authentik,stalwart,ocis}.client.ts` | -| Orchestration | `services/provisioning/src/tenants/provisioning.service.ts` | -| `/tenants/:slug/reconcile` | `services/provisioning/src/tenants/tenants.controller.ts` | +| Integration clients | `services/platform-api/src/integrations/{authentik,stalwart,ocis}.client.ts` | +| Orchestration | `services/platform-api/src/tenants/provisioning.service.ts` | +| `/tenants/:slug/reconcile` | `services/platform-api/src/tenants/tenants.controller.ts` | | Portal proxy routes | `apps/portal/server/api/tenants/index.post.ts` + `[slug]/reconcile.post.ts` | ### Quick smoke test diff --git a/docs/OPERATOR-PLAN.md b/docs/OPERATOR-PLAN.md index d34a7c7..e18e27d 100644 --- a/docs/OPERATOR-PLAN.md +++ b/docs/OPERATOR-PLAN.md @@ -5,7 +5,7 @@ for Dezky staff: managing tenants, partners, operating the platform. Distinct from the customer portal at `app.dezky.local`. Different OAuth client, different cookie domain, different surface — though they share Authentik as the -IdP and (eventually) the provisioning service as the backend. +IdP and (eventually) platform-api as the backend. This file is the running record of decisions made during the design grilling session. Updated inline as questions resolve. @@ -42,7 +42,7 @@ renders against mock-data fixtures until its backend is built. Two genuinely new things on the backend: -1. **Partner schema and CRUD** in `services/provisioning` — id, name, domain, +1. **Partner schema and CRUD** in `services/platform-api` — id, name, domain, status, customers count (computed), MRR (computed), margin, sinceDate. Tenants gain an optional `partnerId` field. The existing `dezky` seed gets no partner. 2. **Tenant lifecycle actions** beyond create — suspend, resume, change plan, @@ -247,15 +247,18 @@ In rough priority order: Tick boxes as work lands. Each phase is roughly one commit. Phases must be done in order — earlier ones unblock later ones. -### O.0 · Prep — service rename +### O.0 · Prep — service rename ✓ -- [ ] Rename `services/provisioning/` → `services/platform-api/` -- [ ] Update `package.json` name → `@dezky/platform-api` -- [ ] Update `docker-compose.yml`: container name, service key, network - alias, volume names, env var `PROVISIONING_INTERNAL_URL` → - `PLATFORM_API_INTERNAL_URL` -- [ ] Update portal proxy routes to point at `http://platform-api:3001` -- [ ] Verify customer portal `/api/me` still works end-to-end after rename +- [x] Rename `services/provisioning/` → `services/platform-api/` +- [x] Update `package.json` name → `@dezky/platform-api` +- [x] Update `docker-compose.yml`: container name, service key, volume name, + env var `PROVISIONING_INTERNAL_URL` → `PLATFORM_API_INTERNAL_URL`, + NUXT_API_BASE points at new hostname +- [x] Update portal proxy routes to read `PLATFORM_API_INTERNAL_URL` and + default to `http://platform-api:3001` +- [x] Sweep docs (README, CLAUDE.md, SERVICES.md, AUTHENTIK-SETUP.md, + NEXT-STEPS.md, TROUBLESHOOTING.md) for stale references +- [x] Verify customer portal `/api/me` still works end-to-end after rename ### O.1 · Authentik — operator OAuth client diff --git a/docs/SERVICES.md b/docs/SERVICES.md index ae3f33c..2aecc77 100644 --- a/docs/SERVICES.md +++ b/docs/SERVICES.md @@ -219,7 +219,7 @@ curl -k https://office.dezky.local/hosting/discovery **Environment:** - `NUXT_PUBLIC_AUTH_URL`: Authentik URL (client-side) -- `NUXT_API_BASE`: provisioning service URL (server-side) +- `NUXT_API_BASE`: platform-api URL (server-side) - `MONGODB_URI`: MongoDB connection string **Debug:** @@ -233,12 +233,12 @@ docker compose exec portal sh --- -## Provisioning Service (NestJS) +## Platform API (NestJS) -**Container:** `dezky-provisioning` -**Port:** 3001 (internal only) -**Source:** `services/provisioning/` -**Purpose:** Tenant lifecycle, billing webhooks, service orchestration +**Container:** `dezky-platform-api` +**Port:** 3001 (also exposed via Traefik at `api.dezky.local`) +**Source:** `services/platform-api/` +**Purpose:** Platform control plane — tenants, partners, users, subscriptions, provisioning orchestration, billing webhooks **Endpoints to implement:** - `POST /tenants` — Create tenant @@ -255,8 +255,8 @@ docker compose exec portal sh **Debug:** ```bash -docker compose logs -f provisioning +docker compose logs -f platform-api # Test health endpoint -docker compose exec provisioning wget -qO- http://localhost:3001/health +docker compose exec platform-api wget -qO- http://localhost:3001/health ``` diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md index 55f26d8..6f74d52 100644 --- a/docs/TROUBLESHOOTING.md +++ b/docs/TROUBLESHOOTING.md @@ -203,7 +203,7 @@ export default defineNuxtConfig({ }) ``` -### NestJS provisioning doesn't restart +### NestJS platform-api doesn't restart Same issue. The `start:dev` command uses nodemon under the hood. Make sure your `package.json` has: ```json diff --git a/infrastructure/docker-compose/configs/traefik/dynamic.yml b/infrastructure/docker-compose/configs/traefik/dynamic.yml index 588d018..a65c0b9 100644 --- a/infrastructure/docker-compose/configs/traefik/dynamic.yml +++ b/infrastructure/docker-compose/configs/traefik/dynamic.yml @@ -31,7 +31,7 @@ http: stsSeconds: 15552000 customFrameOptionsValue: "SAMEORIGIN" - # CORS for API calls between portal and provisioning service + # CORS for API calls between portal and platform-api cors: headers: accessControlAllowMethods: diff --git a/infrastructure/docker-compose/docker-compose.yml b/infrastructure/docker-compose/docker-compose.yml index 6e52951..4bf49a9 100644 --- a/infrastructure/docker-compose/docker-compose.yml +++ b/infrastructure/docker-compose/docker-compose.yml @@ -29,7 +29,7 @@ volumes: ocis_config: ocis_data: portal_node_modules: - provisioning_node_modules: + platform_api_node_modules: services: # ───────────────────────────────────────────────────────────────── @@ -361,7 +361,8 @@ services: NUXT_PORT: 3000 NUXT_PUBLIC_AUTH_URL: https://auth.dezky.local NUXT_PUBLIC_PORTAL_URL: https://app.dezky.local - NUXT_API_BASE: http://provisioning:3001 + NUXT_API_BASE: http://platform-api:3001 + PLATFORM_API_INTERNAL_URL: http://platform-api:3001 MONGODB_URI: mongodb://root:${MONGO_ROOT_PASSWORD}@mongo:27017/dezky?authSource=admin # OIDC (confidential client) — used by Nuxt server middleware NUXT_OIDC_CLIENT_ID: ${PORTAL_OIDC_CLIENT_ID} @@ -389,11 +390,12 @@ services: - traefik.http.services.portal.loadbalancer.server.port=3000 # ───────────────────────────────────────────────────────────────── - # Provisioning service — NestJS worker for tenant lifecycle + # platform-api — NestJS service. Owns tenants, partners, users, + # subscriptions, and provisioning orchestration. # ───────────────────────────────────────────────────────────────── - provisioning: + platform-api: image: node:20-alpine - container_name: dezky-provisioning + container_name: dezky-platform-api restart: unless-stopped working_dir: /app command: sh -c "corepack enable && corepack prepare pnpm@latest --activate && pnpm install && pnpm start:dev" @@ -414,8 +416,8 @@ services: # Trust mkcert root CA for Node fetch (dev only) NODE_EXTRA_CA_CERTS: /etc/ssl/mkcert-root.pem volumes: - - ../../services/provisioning:/app - - provisioning_node_modules:/app/node_modules + - ../../services/platform-api:/app + - platform_api_node_modules:/app/node_modules - ./certs/mkcert-root.pem:/etc/ssl/mkcert-root.pem:ro networks: [dezky] depends_on: diff --git a/services/provisioning/package.json b/services/platform-api/package.json similarity index 86% rename from services/provisioning/package.json rename to services/platform-api/package.json index 40f2ec6..d5649dd 100644 --- a/services/provisioning/package.json +++ b/services/platform-api/package.json @@ -1,8 +1,8 @@ { - "name": "@dezky/provisioning", + "name": "@dezky/platform-api", "version": "0.0.1", "private": true, - "description": "Dezky tenant provisioning worker — NestJS", + "description": "Dezky platform API — tenants, partners, users, provisioning orchestration (NestJS)", "scripts": { "build": "nest build", "start": "nest start", diff --git a/services/provisioning/pnpm-lock.yaml b/services/platform-api/pnpm-lock.yaml similarity index 100% rename from services/provisioning/pnpm-lock.yaml rename to services/platform-api/pnpm-lock.yaml diff --git a/services/provisioning/src/app.module.ts b/services/platform-api/src/app.module.ts similarity index 100% rename from services/provisioning/src/app.module.ts rename to services/platform-api/src/app.module.ts diff --git a/services/provisioning/src/auth/actor.service.ts b/services/platform-api/src/auth/actor.service.ts similarity index 100% rename from services/provisioning/src/auth/actor.service.ts rename to services/platform-api/src/auth/actor.service.ts diff --git a/services/provisioning/src/auth/auth.module.ts b/services/platform-api/src/auth/auth.module.ts similarity index 100% rename from services/provisioning/src/auth/auth.module.ts rename to services/platform-api/src/auth/auth.module.ts diff --git a/services/provisioning/src/auth/current-user.decorator.ts b/services/platform-api/src/auth/current-user.decorator.ts similarity index 100% rename from services/provisioning/src/auth/current-user.decorator.ts rename to services/platform-api/src/auth/current-user.decorator.ts diff --git a/services/provisioning/src/auth/jwt-auth.guard.ts b/services/platform-api/src/auth/jwt-auth.guard.ts similarity index 100% rename from services/provisioning/src/auth/jwt-auth.guard.ts rename to services/platform-api/src/auth/jwt-auth.guard.ts diff --git a/services/provisioning/src/auth/jwt-payload.interface.ts b/services/platform-api/src/auth/jwt-payload.interface.ts similarity index 100% rename from services/provisioning/src/auth/jwt-payload.interface.ts rename to services/platform-api/src/auth/jwt-payload.interface.ts diff --git a/services/provisioning/src/health.controller.ts b/services/platform-api/src/health.controller.ts similarity index 85% rename from services/provisioning/src/health.controller.ts rename to services/platform-api/src/health.controller.ts index eb7e4a2..c97d951 100644 --- a/services/provisioning/src/health.controller.ts +++ b/services/platform-api/src/health.controller.ts @@ -6,7 +6,7 @@ export class HealthController { check() { return { status: 'ok', - service: 'dezky-provisioning', + service: 'dezky-platform-api', timestamp: new Date().toISOString(), } } diff --git a/services/provisioning/src/integrations/authentik.client.ts b/services/platform-api/src/integrations/authentik.client.ts similarity index 100% rename from services/provisioning/src/integrations/authentik.client.ts rename to services/platform-api/src/integrations/authentik.client.ts diff --git a/services/provisioning/src/integrations/integrations.module.ts b/services/platform-api/src/integrations/integrations.module.ts similarity index 100% rename from services/provisioning/src/integrations/integrations.module.ts rename to services/platform-api/src/integrations/integrations.module.ts diff --git a/services/provisioning/src/integrations/ocis.client.ts b/services/platform-api/src/integrations/ocis.client.ts similarity index 100% rename from services/provisioning/src/integrations/ocis.client.ts rename to services/platform-api/src/integrations/ocis.client.ts diff --git a/services/provisioning/src/integrations/stalwart.client.ts b/services/platform-api/src/integrations/stalwart.client.ts similarity index 100% rename from services/provisioning/src/integrations/stalwart.client.ts rename to services/platform-api/src/integrations/stalwart.client.ts diff --git a/services/provisioning/src/main.ts b/services/platform-api/src/main.ts similarity index 72% rename from services/provisioning/src/main.ts rename to services/platform-api/src/main.ts index 2eb0c14..ce4315c 100644 --- a/services/provisioning/src/main.ts +++ b/services/platform-api/src/main.ts @@ -1,5 +1,6 @@ -// Dezky Provisioning Service — Entry point -// Handles tenant lifecycle: create, suspend, delete, billing webhooks. +// Dezky platform API — Entry point. +// Owns the platform control plane: tenants, partners, users, subscriptions, +// plus the provisioning orchestration (Authentik / Stalwart / OCIS). import { ValidationPipe } from '@nestjs/common' import { NestFactory } from '@nestjs/core' @@ -29,10 +30,10 @@ async function bootstrap() { const port = Number(process.env.PORT ?? 3001) await app.listen(port, '0.0.0.0') - console.log(`Provisioning service listening on http://0.0.0.0:${port}`) + console.log(`platform-api listening on http://0.0.0.0:${port}`) } bootstrap().catch((err) => { - console.error('Failed to start provisioning service', err) + console.error('Failed to start platform-api', err) process.exit(1) }) diff --git a/services/provisioning/src/schemas/subscription.schema.ts b/services/platform-api/src/schemas/subscription.schema.ts similarity index 100% rename from services/provisioning/src/schemas/subscription.schema.ts rename to services/platform-api/src/schemas/subscription.schema.ts diff --git a/services/provisioning/src/schemas/tenant.schema.ts b/services/platform-api/src/schemas/tenant.schema.ts similarity index 100% rename from services/provisioning/src/schemas/tenant.schema.ts rename to services/platform-api/src/schemas/tenant.schema.ts diff --git a/services/provisioning/src/schemas/user.schema.ts b/services/platform-api/src/schemas/user.schema.ts similarity index 100% rename from services/provisioning/src/schemas/user.schema.ts rename to services/platform-api/src/schemas/user.schema.ts diff --git a/services/provisioning/src/seed/seed.module.ts b/services/platform-api/src/seed/seed.module.ts similarity index 100% rename from services/provisioning/src/seed/seed.module.ts rename to services/platform-api/src/seed/seed.module.ts diff --git a/services/provisioning/src/seed/seed.service.ts b/services/platform-api/src/seed/seed.service.ts similarity index 100% rename from services/provisioning/src/seed/seed.service.ts rename to services/platform-api/src/seed/seed.service.ts diff --git a/services/provisioning/src/subscriptions/dto/create-subscription.dto.ts b/services/platform-api/src/subscriptions/dto/create-subscription.dto.ts similarity index 100% rename from services/provisioning/src/subscriptions/dto/create-subscription.dto.ts rename to services/platform-api/src/subscriptions/dto/create-subscription.dto.ts diff --git a/services/provisioning/src/subscriptions/dto/update-subscription.dto.ts b/services/platform-api/src/subscriptions/dto/update-subscription.dto.ts similarity index 100% rename from services/provisioning/src/subscriptions/dto/update-subscription.dto.ts rename to services/platform-api/src/subscriptions/dto/update-subscription.dto.ts diff --git a/services/provisioning/src/subscriptions/subscriptions.controller.ts b/services/platform-api/src/subscriptions/subscriptions.controller.ts similarity index 100% rename from services/provisioning/src/subscriptions/subscriptions.controller.ts rename to services/platform-api/src/subscriptions/subscriptions.controller.ts diff --git a/services/provisioning/src/subscriptions/subscriptions.module.ts b/services/platform-api/src/subscriptions/subscriptions.module.ts similarity index 100% rename from services/provisioning/src/subscriptions/subscriptions.module.ts rename to services/platform-api/src/subscriptions/subscriptions.module.ts diff --git a/services/provisioning/src/subscriptions/subscriptions.service.ts b/services/platform-api/src/subscriptions/subscriptions.service.ts similarity index 100% rename from services/provisioning/src/subscriptions/subscriptions.service.ts rename to services/platform-api/src/subscriptions/subscriptions.service.ts diff --git a/services/provisioning/src/tenants/dto/create-tenant.dto.ts b/services/platform-api/src/tenants/dto/create-tenant.dto.ts similarity index 100% rename from services/provisioning/src/tenants/dto/create-tenant.dto.ts rename to services/platform-api/src/tenants/dto/create-tenant.dto.ts diff --git a/services/provisioning/src/tenants/dto/update-tenant.dto.ts b/services/platform-api/src/tenants/dto/update-tenant.dto.ts similarity index 100% rename from services/provisioning/src/tenants/dto/update-tenant.dto.ts rename to services/platform-api/src/tenants/dto/update-tenant.dto.ts diff --git a/services/provisioning/src/tenants/provisioning.service.ts b/services/platform-api/src/tenants/provisioning.service.ts similarity index 100% rename from services/provisioning/src/tenants/provisioning.service.ts rename to services/platform-api/src/tenants/provisioning.service.ts diff --git a/services/provisioning/src/tenants/tenants.controller.ts b/services/platform-api/src/tenants/tenants.controller.ts similarity index 100% rename from services/provisioning/src/tenants/tenants.controller.ts rename to services/platform-api/src/tenants/tenants.controller.ts diff --git a/services/provisioning/src/tenants/tenants.module.ts b/services/platform-api/src/tenants/tenants.module.ts similarity index 100% rename from services/provisioning/src/tenants/tenants.module.ts rename to services/platform-api/src/tenants/tenants.module.ts diff --git a/services/provisioning/src/tenants/tenants.service.ts b/services/platform-api/src/tenants/tenants.service.ts similarity index 100% rename from services/provisioning/src/tenants/tenants.service.ts rename to services/platform-api/src/tenants/tenants.service.ts diff --git a/services/provisioning/src/users/dto/create-user.dto.ts b/services/platform-api/src/users/dto/create-user.dto.ts similarity index 100% rename from services/provisioning/src/users/dto/create-user.dto.ts rename to services/platform-api/src/users/dto/create-user.dto.ts diff --git a/services/provisioning/src/users/dto/update-user.dto.ts b/services/platform-api/src/users/dto/update-user.dto.ts similarity index 100% rename from services/provisioning/src/users/dto/update-user.dto.ts rename to services/platform-api/src/users/dto/update-user.dto.ts diff --git a/services/provisioning/src/users/users.controller.ts b/services/platform-api/src/users/users.controller.ts similarity index 100% rename from services/provisioning/src/users/users.controller.ts rename to services/platform-api/src/users/users.controller.ts diff --git a/services/provisioning/src/users/users.module.ts b/services/platform-api/src/users/users.module.ts similarity index 100% rename from services/provisioning/src/users/users.module.ts rename to services/platform-api/src/users/users.module.ts diff --git a/services/provisioning/src/users/users.service.ts b/services/platform-api/src/users/users.service.ts similarity index 100% rename from services/provisioning/src/users/users.service.ts rename to services/platform-api/src/users/users.service.ts diff --git a/services/provisioning/tsconfig.json b/services/platform-api/tsconfig.json similarity index 100% rename from services/provisioning/tsconfig.json rename to services/platform-api/tsconfig.json