|
|
# Global Enterprise Rules |
|
|
## Tujuan |
|
|
Platform Enterprise Portal berbasis Laravel, PostgreSQL, LDAP, CMS, API Management. |
|
|
|
|
|
## Prinsip |
|
|
- Security First |
|
|
- Audit First |
|
|
- API First |
|
|
- Approval First |
|
|
- Production Ready Only |
|
|
|
|
|
## Requirement Wajib |
|
|
- MFA Ready |
|
|
- SSO Ready |
|
|
- Audit Trail Immutable |
|
|
- Maker Checker |
|
|
- Four Eyes Principle |
|
|
- Multi Database |
|
|
- Docker Ready |
|
|
- PWA Ready |
|
|
|
|
|
--- |
|
|
|
|
|
## Status Implementasi (geonet-console vs cursor-exsisting) |
|
|
|
|
|
Referensi audit: `cursor-exsisting/`, kode `geonet-console/`, tanggal 2026-06-12. |
|
|
|
|
|
### Tujuan |
|
|
|
|
|
| Poin | Status | Catatan | Dapat diimplementasi | |
|
|
|------|--------|---------|----------------------| |
|
|
| Laravel | ✅ Sudah | Laravel 11 (`composer.json` ^11.31). Bukan Laravel 12 seperti baseline enterprise. | Ya — upgrade major saat siap | |
|
|
| PostgreSQL | ✅ Sudah | App metadata + audit di PostgreSQL Docker (`audit-postgres`). Koneksi terpisah `pgsql` + `audit`. | Sudah ada | |
|
|
| LDAP | ✅ Sudah | Auth web & API via `LdapAuthService`, manajemen user/grup, password reset. | Sudah ada | |
|
|
| CMS | ❌ Belum | Tidak ada modul CMS (page, post, workflow). Scope geonet-console = ops console, bukan portal CMS. | Tidak relevan untuk scope saat ini; bisa modul terpisah jika portal CMS dibutuhkan | |
|
|
| API Management | ⚠️ Partial | API v1 + Passport OAuth2 + API token + scope middleware + Swagger UI. Belum ada gateway/rate-plan/portal developer penuh. | Ya — perluas API management layer | |
|
|
|
|
|
### Prinsip |
|
|
|
|
|
| Poin | Status | Catatan | Dapat diimplementasi | |
|
|
|------|--------|---------|----------------------| |
|
|
| Security First | ⚠️ Partial | CSRF, LDAP auth, API scope, throttle login, encrypted DB passwords. Belum MFA/SSO formal, RBAC granular, security headers khusus. | Ya | |
|
|
| Audit First | ✅ Sudah | `AuditLogService`, middleware web/API, beacon UI page-view/duration, halaman audit logs. | Sudah ada | |
|
|
| API First | ⚠️ Partial | REST API v1 lengkap untuk DB/LDAP; web UI juga ada. Bukan headless-only. | Ya — sudah dual channel | |
|
|
| Approval First | ❌ Belum | Tidak ada workflow approval / maker-checker di UI maupun API. Aksi admin langsung dieksekusi. | Ya — butuh desain workflow + tabel approval | |
|
|
| Production Ready Only | ⚠️ Partial | Docker + healthcheck + deploy script + Nginx reverse proxy produksi. Tidak ada test suite, Tailwind CDN di prod, default password di compose example. | Ya — hardening bertahap | |
|
|
|
|
|
### Requirement Wajib |
|
|
|
|
|
| Poin | Status | Catatan | Dapat diimplementasi | |
|
|
|------|--------|---------|----------------------| |
|
|
| MFA Ready | ❌ Belum | Tidak ada TOTP/WebAuthn/SMS. Login hanya username+password LDAP. | Ya — integrasi LDAP + step-up MFA atau IdP | |
|
|
| SSO Ready | ❌ Belum | OAuth2 hanya untuk **API client credentials**, bukan SSO user (SAML/OIDC federation). Login web = LDAP bind langsung. | Ya — SAML/OIDC via Laravel Socialite atau IdP proxy | |
|
|
| Audit Trail Immutable | ⚠️ Partial | Append-only di praktik (hanya `create`, tidak ada route update/delete). Belum ada DB trigger, hash chain, atau WORM storage. Model Eloquent tetap bisa diubah lewat kode. | Ya — trigger PostgreSQL + revoke UPDATE/DELETE role | |
|
|
| Maker Checker | ❌ Belum | Tidak ada entitas maker/checker, antrian persetujuan, atau pemisahan role submit/approve. | Ya — modul baru (queue approval + UI) | |
|
|
| Four Eyes Principle | ❌ Belum | Aksi sensitif (offline DB, reset password LDAP, revoke token) tanpa verifikasi dual control. | Ya — bergantung maker-checker | |
|
|
| Multi Database | ✅ Sudah | Koneksi dinamis SQL Server, PostgreSQL, MySQL/MariaDB via `DatabaseConnectionManager`. UI switch connection. | Sudah ada | |
|
|
| Docker Ready | ✅ Sudah | `Dockerfile`, `compose.yaml`, volume eksternal, healthcheck, Dockge stack produksi. | Sudah ada | |
|
|
| PWA Ready | ⚠️ Partial | Manifest, SW, install prompt, offline shell/login cache (`cursor-exsisting/08-pwa-offline.mdc`). Belum push notification & background sync. | Ya — push/sync fase lanjutan | |
|
|
|
|
|
### Ringkasan 00-global |
|
|
- **Sudah (5):** Laravel, PostgreSQL, LDAP, Multi Database, Docker Ready |
|
|
- **Partial (6):** API Management, Security/Audit/API/Production principles, Audit Immutable, PWA Ready |
|
|
- **Belum (5):** CMS, MFA, SSO user, Maker Checker, Four Eyes, Approval First
|
|
|
|