HSHaloShop README

Final Result Documentation

This public README defines final architecture, pages, API routes, data model, tenant rules, UI strategy, and operational setup for the HaloShop implementation.

Last updated: 2026-05-22

1. System Overview

HaloShop is a multi-tenant restaurant operations platform where one owner can create and operate multiple shops. All operational data and actions are shop-scoped.

2. Infrastructure and Runtime

  • Public domain: https://haloshop.halomoan.id
  • Legacy domain remains available: https://resto-manager.halomoan.id
  • Next.js served on :10001 and proxied by Nginx
  • Go API served on :10002 and proxied under /api
  • PostgreSQL is the primary database
  • Systemd services: simresto-next, simresto-api
  • TLS managed by Let's Encrypt (Certbot)

3. UI System and Experience

  • Owner routes use Soft UI / Neumorphism: rounded cards, soft shadows, pastel gradients.
  • POS route uses tablet-first interaction: large buttons, fast taps, simple workflow.
  • Landing uses a premium marketing layout with clear CTA hierarchy.
  • Mobile-first responsive behavior is enforced for all user-facing pages.

4. Page Map and Purpose

PathPurpose
/Marketing landing and primary entrypoint
/ownerOwner dashboard home and module navigation
/owner/loginGoogle-based owner sign-in
/owner/registerGoogle-based owner first-time registration
/owner/shops/newCreate and review owner shops
/owner/staffCreate/list/update/deactivate staff per shop
/owner/attendanceRecord and review check-in/check-out logs per shop
/owner/leaveCreate and review leave requests per shop
/posTablet-first cashier POS demo flow
/implementation-phaseLegacy public status URL (redirects to /readme)
/readmePublic functional and technical README

5. API Route Map

MethodRouteAuthNotes
GET/healthNoService health
GET/api/v1NoAPI readiness message
POST/api/v1/auth/googleNoGoogle token verify and owner JWT issue
POST/api/v1/auth/register-ownerNoDisabled intentionally (Google-only)
POST/api/v1/auth/loginNoDisabled intentionally (Google-only)
GET/api/v1/shopsYesList owner shops
POST/api/v1/shopsYesCreate owner shop
GET/api/v1/staff?shop_id=:idYesList shop staff
POST/api/v1/staffYesCreate staff in shop
PATCH/api/v1/staffYesUpdate staff profile/status
DELETE/api/v1/staff?id=:staffId&shop_id=:shopIdYesDeactivate staff
GET/api/v1/attendance?shop_id=:idYesList latest attendance logs
POST/api/v1/attendanceYesCreate check_in/check_out entry
GET/api/v1/leave?shop_id=:idYesList latest leave requests
POST/api/v1/leaveYesCreate leave request for staff
PATCH/api/v1/leaveYesApprove/reject/cancel leave request

6. Data Model Details

owners - Top-level owner identity

  • id (bigserial, pk)
  • full_name (text)
  • email (unique)
  • password_hash (text; random internal hash when using Google auth)
  • phone_no (text, optional)
  • is_active (boolean)
  • created_at, updated_at (timestamptz)

shops - Tenant root linked to owner

  • id (bigserial, pk)
  • owner_id (fk -> owners.id)
  • name (text)
  • slug (text, unique)
  • is_active (boolean)
  • created_at, updated_at (timestamptz)

shop_users - Shop-scoped staff accounts

  • id (bigserial, pk)
  • shop_id (fk -> shops.id)
  • full_name (text)
  • email (unique per shop)
  • password_hash (text)
  • role (staff/cashier/manager)
  • is_active (boolean)
  • created_at, updated_at (timestamptz)

attendance_logs - Attendance events per staff in a shop

  • id (bigserial, pk)
  • shop_id (fk -> shops.id)
  • staff_id (fk -> shop_users.id)
  • action (check_in/check_out)
  • note (text, optional)
  • created_at (timestamptz)

leave_requests - Leave lifecycle per staff in a shop

  • id (bigserial, pk)
  • shop_id (fk -> shops.id)
  • staff_id (fk -> shop_users.id)
  • start_date, end_date (date)
  • reason (text, optional)
  • status (pending/approved/rejected/cancelled)
  • review_note (text, optional)
  • reviewed_at (timestamptz, optional)
  • reviewed_by_owner_id (fk -> owners.id, optional)
  • created_at, updated_at (timestamptz)

schema_migrations - Applied migration records

  • version
  • applied_at

7. End-to-End Owner Flow

  • Open /owner/login or /owner/register and authenticate with Google.
  • Frontend sends Google credential to POST /api/v1/auth/google.
  • Backend verifies Google token audience and email verification, then issues JWT.
  • JWT is stored in browser localStorage as haloshop_token.
  • Owner creates shop(s) via /owner/shops/new.
  • Owner manages staff via /owner/staff.
  • Owner records/monitors attendance via /owner/attendance.
  • Owner manages staff leave lifecycle via /owner/leave.

8. Tenant Isolation Rules

  • Every operational request is scoped by shop_id.
  • Owner can only operate on shops they own.
  • Staff and attendance operations validate owner -> shop -> staff chain.
  • Unauthorized or cross-tenant access is rejected.

9. Current Completion Snapshot

  • Google-based owner auth flow implemented (client ID config required on server env).
  • Shop lifecycle implemented (create/list).
  • Staff lifecycle implemented (create/list/update/deactivate).
  • Attendance lifecycle implemented (check_in/check_out + list recent logs).
  • Leave lifecycle implemented (create/list/approve/reject/cancel).
  • Public project status page and public README page available.
  • Production domain, SSL, Nginx proxy, and deployment script operational.

10. Next Implementation Targets

  • Attendance approval/verification workflow and richer query filters.
  • Inventory/material and purchase workflows.
  • Menu and recipe management.
  • Dashboard analytics and pagination standards for all tables.

11. Full Implementation Plan (Canonical)

  • Phase 0 - Foundation: architecture baseline, conventions, env setup, deployment discipline.
  • Phase 1 - Tenant Core + Auth: owner account, multi-shop tenant root, Google-based owner auth.
  • Phase 2 - Staff Management: shop-scoped staff lifecycle (create/list/update/deactivate) with role labels.
  • Phase 3 - Attendance: check_in/check_out logging, listing, and operational review flow.
  • Phase 4 - Leave: leave request lifecycle with owner/manager approval paths.
  • Phase 5 - Material/Inventory: material catalog, purchase history, and combined material calculations.
  • Phase 6 - Menu/Recipe: menu items, recipe composition, and cost derivation.
  • Phase 7 - Dashboard/Analytics: shop KPIs, summaries, and paginated operational views.
  • Phase 8 - Hardening: tests, security controls, observability, and production quality gates.