Minimata

Minimata

Minimal-Data-Dependency CRM with PostgreSQL and Prisma

---

Table of Contents

• Project Overview
• Directory Structure
• Tools and Technologies
• Getting Started
• Implementation Steps
• Database Schema with Prisma
• Plan of Action and Milestones

Project Overview

Minimata is a robust and scalable CRM (Customer Relationship Management) system with minimal reliance on third-party tools. It leverages PostgreSQL as the database and Prisma as the (Object-Relational Mapping) ORM for efficient data interaction. The system features custom authentication, role-based access control, secure password storage, and session management, all implemented from scratch to maximize control and minimize external dependencies. Ad-ons include integration with Neon for enhanced scalability and serverless capabilities.

Core Functionalities

• Custom Authentication System: Secure user login and registration without external services.
• Role-Based Access Control (RBAC): Define and manage user roles (Administrator, Editor, User) and access levels.
• Secure Password Storage: Robust password hashing (e.g., Argon2, scrypt) to protect credentials.
• Session Management: Custom server-side session management for secure, persistent user states.
• User Management: CRUD (Create, Read, Update, and Delete) operations for user accounts, profiles, and role assignments.
• Account Management: CRUD for company/organization accounts, tracking associated businesses.
• Contact Management: CRUD for individual contacts, including details and company relationships.
• Custom KPI Tracking: Define, track, and analyze custom Key Performance Indicators (KPIs).

Directory Structure

Minimata Project Root
├── README.md                             # Project documentation
├── package.json                          # Monorepo config, root scripts
├── .env                                  # Environment variables
├── turbo.json                            # Turborepo pipeline config
├── apps/                                 # All deployable applications
│   ├── web/                              # Next.js Front-End SPA
│   │   ├── __tests__/                    # Unit/Component Tests
│   │   ├── public/                       # Static assets
│   │   ├── src/
│   │   │   ├── app/                      # Next.js app directory (routing)
│   │   │   │   ├── api/                  # Next.js API routes (replaces Express)
│   │   │   │   │   ├── auth/             # Authentication API endpoints
|   |   |   |   |   |   ├── approve/
|   |   |   |   |   |   │   └── route.ts  # Approve API (migrated from Express)
|   |   |   |   |   |   ├── me/
|   |   |   |   |   |   │   └── route.ts  # Get authenticated user info (Next.js API)
|   |   |   |   |   |   ├── new-users/
|   |   |   |   |   |       └── route.ts  # List new users (migrated from Express)
│   │   │   │   │   ├── contact/          # Contact form processing endpoint
│   │   │   │   │   ├── accounts/         # CRUD endpoints for accounts/CRM
│   │   │   │   │   └── middleware.ts     # Optional middleware for API routes
│   │   │   │   ├── contact/              # Contact page and components
│   │   │   │   ├── dashboard/            # Dashboard route (role-based)
│   │   │   │   ├── login/                # Login page
│   │   │   │   ├── register/             # Register page
│   │   │   │   ├── unauthorized/         # Unauthorized page
│   │   │   │   ├── page.tsx              # Home page
│   │   │   │   ├── layout.tsx            # App-wide layout
│   │   │   │   ├── tailwind.css           # Global styles
│   │   │   │   └── favicon.ico           # Favicon
│   │   │   ├── components/               # Shared UI components
│   │   │   ├── hooks/                    # Custom React hooks
│   │   │   ├── utils/                    # Shared utilities
│   │   │   ├── prisma/                   # Prisma client and schema
│   │   │   └── types/                    # Local types
│   │   ├── package.json                  # Next.js app dependencies
│   │   └── tsconfig.json                 # TS config for web app
├── packages/                             # Shared libraries
│   ├── ui/                               # Shared UI components (lib)
│   ├── utils/                            # Shared utilities (lib)
│   ├── types/                            # Shared TypeScript types
│   └── db/                               # Prisma client and helpers
│       ├── prisma/
│       ├── package.json
├── scripts/                              # Dev/ops scripts
├── tests/                                # End-to-end/integration tests

Key Files and Folders

• README.md — Project overview, setup, and instructions.
• package.json — Project dependencies and scripts.
• .env — Environment variables (e.g., database connection string, JWT secrets).
• prisma/ — Database schema and migrations.
  • schema.prisma — Database schema (Prisma SDL).
  • migrations/ — Database migration files.
• scripts/ — Utility scripts for development/ops tasks.
• tests/ — General test suites.
  • client/ — Client-side E2E/integration tests.

---

Backend: src/server/

• src/server/
  • auth/
    • auth.service.ts — Authentication logic (registration, login, logout).
    • auth.controller.ts — API endpoints for authentication.
    • auth.model.ts — Authentication data structures.
  • middleware/ — Express/Node middleware (JWT, RBAC, error handler, CSRF, etc.).
  • routes/ — API routes and handlers (user, account, contact, KPI, etc.).
  • utils/ — Utility functions (password, JWT, CORS, logger, Prisma client singleton, etc.).
  • validators/ — Input validation and sanitization logic.
  • server.ts — Server entry point.

---

Classic React Client: client/

• client/
  • src/
    • components/ — Reusable UI components.
    • context/ — React context providers.
    • pages/ — Application pages.
    • utils/ — Client-side utilities.
    • (other: services/, styles/, App.tsx as needed)
  • (optional) public/ — Static assets for classic React.

---

Next.js Front-End App: apps/web/

• apps/web/
  • public/ — Static assets for Next.js app.
  • __tests__/ — Next.js-specific unit/integration tests.
  • src/
    • app/ — Next.js 13+ app directory (layouts, routing, server components).
      • (auth)/login — Login page/route.
      • (auth)/register — Registration page/route.
      • (protected)/dashboard — Protected dashboard page/route.
      • (public)/contact — Public contact page/route.
      • (public)/unauthorized — Unauthorized page/route.
    • components/ — Shared UI components.
    • hooks/ — Custom React hooks.
    • pages/
      • api/ — Next.js API routes (hybrid API).
        • auth/ — API routes for authentication.
    • utils/ — Client-side utilities (e.g., sanitization, API helpers).

---

Types and Shared

• src/types/ — Shared type definitions.
  • express/ — Express request/response extensions (e.g., req.user type).

---

Prisma

• prisma/
  • schema.prisma — Main DB schema.
  • migrations/ — All migration folders.

---

Other

Notes on Arcitectural Best Practices

• Separation: Next.js and classic React are fully separated for migration or parallel support.
• Database: Prisma schema and migrations are versioned and tracked.
• Testing: Client and server tests are separated and clearly organized.
• Types: Shared types are centralized for backend and (if needed) frontend use.
• Utilities and Middleware: Both client and server have isolated utility/middleware directories.
• Scalability: The structure cleanly supports further modularization (e.g., extracting shared packages or types).

---

Tools and Technologies

Backend:

• Node.js (server-side execution)
• TypeScript (type safety)
• Express.js (web server framework)
• PostgreSQL (relational database)
• Prisma (ORM)
• JWT (authentication)
• Argon2, scrypt, bcrypt (password hashing)
• body-parser (request parsing)
• CORS (cross-origin resource sharing)
• helmet (security headers)
• express-rate-limit (rate limiting)
• express-session (session management, if used)
• cluster (Node.js built-in, for multi-core scaling)
• express-validator (request validation)
• zod (schema validation)

Frontend:

• React (UI)
• Next.js (React framework for SSR/SSG)
• CSS/SASS (styling)

Dev Tools:

• ts-node (run TypeScript directly)
• typescript (type safety)
• eslint/prettier (linting/formatting)
• nodemon (dev server reloads)
• cross-env (cross-platform env vars)
• dotenv (environment variable management)

Logging:

• morgan (HTTP request logging)
• winston (advanced logging, integrates with morgan)

API & Docs:

• swagger-jsdoc (OpenAPI docs generation)
• swagger-ui-express (serve Swagger docs)

Testing:

• supertest (API endpoint testing)

Deployment & Scaling:

• PM2 (process manager, clustering/scaling)
• Node.js Cluster (built-in multi-core scaling)

Deployment (Exclusive Feature):

• Neon (serverless PostgreSQL, autoscaling, branching)

Getting Started

1. Update Packages

Update the package list and upgrade existing packages:

sudo apt update
sudo apt upgrade

2. Install Node.js and npm (or yarn)

Using nvm (Node Version Manager) is recommended for managing multiple Node.js versions:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
source ~/.bashrc
nvm install --lts
nvm use --lts

Alternatively, install directly:

sudo apt install nodejs npm

3. Install PostgreSQL

sudo apt install postgresql postgresql-contrib

4. Install Prisma CLI:

npm install -g prisma

5. Start PostgreSQL service

sudo service postgresql start

or via Docker:

# Create Container
docker-compose up -d

# Verify Initialization Logs
docker logs postgres_container # Look for message similar to "PostgreSQL init process complete; ready for start up."

# Access the PostgreSQL Container
docker exec -it postgres_container bash

6. Create PostgreSQL User and Database (replace your_username and your_database)

# Open PostgeSQL Database
sudo -u postgres psql

# Create Username and Password
CREATE USER your_username WITH PASSWORD 'your_password';          # Bypass if using .env

# Create Database with Owner
CREATE DATABASE your_database WITH OWNER your_username;           # Bypass if using .env

# Grant Privileges to User
GRANT ALL PRIVILEGES ON DATABASE your_database TO your_username;  # Bypass if using .env

# List Roles
\du

# List DBs
\l

# Exit PostgreSQL
\q

# Exit Docker Postgres Container
exit

7. Navigate to the project directory

If not already navigate your project directory:

cd <project_directory>

8. Install project dependencies

# Generate Default JSON Package
npm init -y

# Install dependencies
npm install # Or yarn

# Generate Secure JWT Secret
npx generate-jwt-secret --length 32

1. Set up environment variables:

Create a .env file in the project root directory and populate it with necessary environment variables, including the PostgreSQL connection string. Ensure this file is excluded from version control (add it to .gitignore). Example:

DATABASE_URL=postgresql://your_username:your_password@localhost:5432/your_database?schema=public

JWT_SECRET=your_secure_jwt_secret

10. Generate Prisma Client and Run Migrations

# Create Prisma Directory
mkdir -p prisma

# Create Prisma Schema File (Model Definitions)
touch prisma/schema.prisma

# Generate Prisma Client
npx prisma generate

# Run Migrations
npx prisma migrate dev --name init

11. Install & Run the Development Servers

• Backend: (Assuming your package.json has a script like start:server)

    npm run start:server
  

• Frontend: (Assuming your package.json has a script like start:client)

    # From New Terminal
    npm run start:client
  

1. Access the application: Open your web browser and navigate to http://localhost:3000 (or the port specified in your server configuration) to access the application.

Implementation

Authentication

Backend:

• Express.js server setup for API endpoints and middleware (helmet, express-rate-limit, morgan, CORS, body-parser).
• User Registration: /register endpoint for user data (email, password, name, role). Hash password (Argon2, scrypt) and store in User table.
• User Login: /login endpoint for credentials. Verify password hash, generate JWT (and refresh token if needed), return to client.
• Session Management: (Alternative to JWT) Create server-side session, store user data, issue session ID.
• Authorization Middleware: Verify JWT/session for protected routes, enforce RBAC.
• CORS Configuration: Set CORS headers for frontend origin, allowed methods/headers.

Frontend:

• Login Form: React component for login, submits to /login.
• Registration Form: React component for registration, submits to /register.
• JWT Handling: Store JWT (and refresh token) securely (localStorage/sessionStorage or HTTP-only cookies). Attach JWT to requests.
• Conditional Rendering: Redirect users based on authentication status and role.
• Next.js: Use for server-side rendering (SSR), static site generation (SSG), and API routes for frontend logic. Integrate authentication and data fetching using Next.js features.

Authorization Middleware (JWT)

• JWT Authentication Middleware is implemented in jwt.ts to protect routes and attach user info to requests.
• The middleware checks for a Bearer token in the Authorization header, verifies it, and attaches the decoded user info to req.user.
• Use in combination with RBAC middleware for fine-grained access control.

How it works:

1. Import and use the middleware in your route: import { authenticateJWT } from ‘./middleware/jwt’;
2. Protect a route: app.use(‘/api/protected’, authenticateJWT, rbac([‘admin’]));
3. The middleware will reject requests with missing, invalid, or expired tokens.

User Interfaces

• Login Page: User credential entry and authentication.
• Registration Page: New user account creation.
• Contact Page: Form for inquiries/feedback, submits to backend.
• Role-Based Dashboards: Dynamic dashboard content based on user role (leverages RBAC).

Database Schema with Prisma

• Define models in prisma/schema.prisma: User, Account, Contact, KpiDefinition, KpiValue (with fields/relationships).
• Run migrations: npx prisma migrate dev --name <migration_name> to create/update tables.

Request Validation

• express-validator is used to validate and sanitize incoming request data for all API endpoints.
• Validation is applied as middleware in route definitions, ensuring only valid data reaches your business logic.
• All validation errors are returned in a consistent format for easy frontend handling.

How it works:

1. Add validation chains (e.g., body('email').isEmail()) to route handlers.
2. Use validationResult(req) to check for errors and return them if present.
3. Example for /api/auth/register and /api/auth/login.

Role-Based Access Control (RBAC)

• RBAC Middleware is implemented in src/server/middleware/rbac.ts to enforce role-based access for protected routes.
• The middleware checks the user’s roles (populated by authentication middleware, e.g., JWT) and ensures the user has at least one of the allowed roles for the route.
• Returns 401 if no user/roles are found, 403 if the user lacks the required role.

How it works:

1. Import and use the middleware in your route: import { rbac } from './middleware/rbac';
2. Protect a route: app.use('/admin', rbac(['admin']));
3. Assumes req.user.roles is set by your authentication/JWT middleware.

Advanced Logging

• Winston is used for robust, production-grade logging. Logs are output in JSON format for production and colorized for development.
• Morgan is integrated with Winston to capture HTTP request logs and forward them to the main logger.
• All error logs and HTTP logs are handled by Winston for consistency and scalability.

How it works:

1. Winston logger is defined in src/server/utils/logger.ts.
2. Morgan is configured in src/server/server.ts to use Winston as its output stream.
3. All errors are logged using Winston in the error-handling middleware.

Testing

• Jest is used for unit and integration testing of backend logic.
• Supertest is used to test API endpoints, ensuring they behave as expected.
• ts-jest is configured for TypeScript support in Jest tests.
• Tests are located in the tests/ directory, with separate files for unit tests and integration tests.
• Run tests with npm test or npx jest.

API Documentation (Swagger)

• Swagger UI and swagger-jsdoc are used to generate and serve OpenAPI documentation for all API endpoints.
• Documentation is available at /api/docs and is generated from JSDoc comments in your route files.
• The Swagger setup is in src/server/utils/swagger.ts and integrated in src/server/server.ts.

How it works:

1. Add JSDoc comments to your route files (see Swagger/OpenAPI spec for syntax).
2. The docs are auto-generated and served at /api/docs.

Clustering & Scaling

• Node.js Cluster: The src/server/server.cluster.ts file uses the Node.js cluster module to spawn multiple worker processes, leveraging all available CPU cores for maximum throughput and resilience.
• PM2: For production, use PM2 to manage, monitor, and scale your Node.js processes. PM2 provides zero-downtime reloads, process monitoring, and easy log management.

How it works:

1. Run the clustered server with ts-node src/server/server.cluster.ts (or compile and run the JS output).
2. PM2 can be used to manage the cluster: pm2 start dist/server/server.cluster.js -i max (for max CPU scaling).
3. PM2 provides monitoring, log rotation, and automatic restarts for robust production deployments.

PM2 Example Commands:

# Install PM2 globally
npm install -g pm2

# Start the clustered server with max workers
pm2 start dist/server/server.cluster.js -i max --name minimata-api

# Monitor logs and processes
pm2 logs
pm2 monit

# Reload with zero downtime
pm2 reload minimata-api

# Stop and delete
pm2 stop minimata-api
pm2 delete minimata-api

Plan of Action and Milestones

Phase 1: Core Authentication & Database Setup (Weeks 1-3)

• Initial project setup (Node.js, TypeScript, PostgreSQL, Prisma)
• Implement User schema and CRUD (Prisma)
• Secure password hashing and JWT/session generation/validation
• Login and registration API endpoints
• Basic frontend login/registration forms

Phase 2: CRM Core Features (Weeks 4-6)

• Account and Contact schemas and CRUD (Prisma)
• API endpoints for account/contact management
• Frontend pages/components for accounts/contacts
• RBAC for user roles and access control (middleware-based, scalable)

Phase 3: Custom KPI Tracking & UI Refinements (Weeks 7-9)

• KpiDefinition and KpiValue schemas and CRUD
• API endpoints for KPIs
• Frontend components for KPI definition/data entry
• UI/UX refinements

Phase 4: Optimization & Future Enhancements (Weeks 10+)

• Connection pooling, read replicas for performance
• Integrate with Neon for serverless deployment
• Comprehensive testing (unit, integration, e2e)
• Monitoring for database and application

---

This roadmap provides a structured approach to building the CRM, allowing for phased development and ensuring a robust and scalable solution while minimizing third-party dependencies.