GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

64 lines
4.1 KiB

# Global Enterprise Rules
## Tujuan
Platform Enterprise Portal berbasis Laravel, PostgreSQL, LDAP, CMS, API Management.
## Prinsip
- Security First
- Audit First
- API First
- Approval First
- Production Ready Only
## Requirement Wajib
- MFA Ready
- SSO Ready
- Audit Trail Immutable
- Maker Checker
- Four Eyes Principle
- Multi Database
- Docker Ready
- PWA Ready
---
## Status Implementasi (geonet-console vs cursor-exsisting)
Referensi audit: `cursor-exsisting/`, kode `geonet-console/`, tanggal 2026-06-12.
### Tujuan
| Poin | Status | Catatan | Dapat diimplementasi |
|------|--------|---------|----------------------|
| Laravel | ✅ Sudah | Laravel 11 (`composer.json` ^11.31). Bukan Laravel 12 seperti baseline enterprise. | Ya — upgrade major saat siap |
| PostgreSQL | ✅ Sudah | App metadata + audit di PostgreSQL Docker (`audit-postgres`). Koneksi terpisah `pgsql` + `audit`. | Sudah ada |
| LDAP | ✅ Sudah | Auth web & API via `LdapAuthService`, manajemen user/grup, password reset. | Sudah ada |
| CMS | ❌ Belum | Tidak ada modul CMS (page, post, workflow). Scope geonet-console = ops console, bukan portal CMS. | Tidak relevan untuk scope saat ini; bisa modul terpisah jika portal CMS dibutuhkan |
| API Management | ⚠ Partial | API v1 + Passport OAuth2 + API token + scope middleware + Swagger UI. Belum ada gateway/rate-plan/portal developer penuh. | Ya — perluas API management layer |
### Prinsip
| Poin | Status | Catatan | Dapat diimplementasi |
|------|--------|---------|----------------------|
| Security First | ⚠ Partial | CSRF, LDAP auth, API scope, throttle login, encrypted DB passwords. Belum MFA/SSO formal, RBAC granular, security headers khusus. | Ya |
| Audit First | ✅ Sudah | `AuditLogService`, middleware web/API, beacon UI page-view/duration, halaman audit logs. | Sudah ada |
| API First | ⚠ Partial | REST API v1 lengkap untuk DB/LDAP; web UI juga ada. Bukan headless-only. | Ya — sudah dual channel |
| Approval First | ❌ Belum | Tidak ada workflow approval / maker-checker di UI maupun API. Aksi admin langsung dieksekusi. | Ya — butuh desain workflow + tabel approval |
| Production Ready Only | ⚠ Partial | Docker + healthcheck + deploy script + Nginx reverse proxy produksi. Tidak ada test suite, Tailwind CDN di prod, default password di compose example. | Ya — hardening bertahap |
### Requirement Wajib
| Poin | Status | Catatan | Dapat diimplementasi |
|------|--------|---------|----------------------|
| MFA Ready | ❌ Belum | Tidak ada TOTP/WebAuthn/SMS. Login hanya username+password LDAP. | Ya — integrasi LDAP + step-up MFA atau IdP |
| SSO Ready | ❌ Belum | OAuth2 hanya untuk **API client credentials**, bukan SSO user (SAML/OIDC federation). Login web = LDAP bind langsung. | Ya — SAML/OIDC via Laravel Socialite atau IdP proxy |
| Audit Trail Immutable | ⚠ Partial | Append-only di praktik (hanya `create`, tidak ada route update/delete). Belum ada DB trigger, hash chain, atau WORM storage. Model Eloquent tetap bisa diubah lewat kode. | Ya — trigger PostgreSQL + revoke UPDATE/DELETE role |
| Maker Checker | ❌ Belum | Tidak ada entitas maker/checker, antrian persetujuan, atau pemisahan role submit/approve. | Ya — modul baru (queue approval + UI) |
| Four Eyes Principle | ❌ Belum | Aksi sensitif (offline DB, reset password LDAP, revoke token) tanpa verifikasi dual control. | Ya — bergantung maker-checker |
| Multi Database | ✅ Sudah | Koneksi dinamis SQL Server, PostgreSQL, MySQL/MariaDB via `DatabaseConnectionManager`. UI switch connection. | Sudah ada |
| Docker Ready | ✅ Sudah | `Dockerfile`, `compose.yaml`, volume eksternal, healthcheck, Dockge stack produksi. | Sudah ada |
| PWA Ready | ⚠ Partial | Manifest, SW, install prompt, offline shell/login cache (`cursor-exsisting/08-pwa-offline.mdc`). Belum push notification & background sync. | Ya — push/sync fase lanjutan |
### Ringkasan 00-global
- **Sudah (5):** Laravel, PostgreSQL, LDAP, Multi Database, Docker Ready
- **Partial (6):** API Management, Security/Audit/API/Production principles, Audit Immutable, PWA Ready
- **Belum (5):** CMS, MFA, SSO user, Maker Checker, Four Eyes, Approval First