Recido Backend

Module Deep Dives

Detailed module-level behavior, guards, and implementation notes for Auth, Business, Members, Customers, Products, Documents, Sales, User profile, and REST file handling.

Back to Main Docs

Auth Module

  • register validates password match and terms acceptance before creating user.
  • login checks password hash and returns JWT token.
  • forgotPassword returns success even when user is missing to avoid account enumeration.
  • resetPassword validates reset token and token type password-reset.
  • verifyEmail marks isEmailVerified = true for valid token.
  • changePassword requires auth and old password verification.

Business Module

CRUD operations for tenant containers and settings like taxRate, disclaimer, documentColor, and currency data.

Key operations: businesses, business, createBusiness, updateBusiness, updateBusinessSettings, deleteBusiness.

Business Members and Permissions

  • BusinessAccessGuard resolves business context and attaches role/member to request.
  • PermissionGuard enforces RequirePermissions metadata for SALES_REP users.
  • OWNER and MANAGER bypass permission checks.
  • Operations: businessMembers, addBusinessMember, updateBusinessMember, updateMemberPermissions, removeBusinessMember.

Customer Module

  • customers query requires VIEW_CUSTOMERS permission.
  • createCustomer requires CREATE_CUSTOMER permission.
  • Address lifecycle supported via add/update/delete/setDefault address mutations.
  • customerCreated subscription emits per businessId.

Product (Inventory) Module

  • products query requires VIEW_INVENTORY.
  • createProduct requires CREATE_INVENTORY_ITEM.
  • adjustProductQuantity mutates stock by adjustment delta.
  • inventoryUpdated subscription streams changes by business.

Document Module (Invoice, Quotation, Receipt)

Unified document model with type field INVOICE, RECEIPT, QUOTATION.

  • createDocument calculates subtotal/total and document sequence number.
  • saveToInventory on items can auto-create product records.
  • updateDocument can replace all items and recompute totals.
  • updateDocumentStatus enforces valid transition map and emits subscription events.
  • markDocumentPaid is a paid status helper wrapper.
  • convertQuotationToInvoice and convertInvoiceToReceipt preserve conversion chain through sourceDocumentId.
DRAFT -> PENDING | CANCELLED
PENDING -> PAID | UNPAID | CANCELLED | ACCEPTED | REJECTED | EXPIRED
UNPAID -> PAID | OVERDUE | CANCELLED
OVERDUE -> PAID | CANCELLED
OUTSTANDING -> PAID | CANCELLED
ACCEPTED -> CONVERTED

Sale Module

  • Sales are snapshot records linked optionally to Product and Document.
  • salesSummary aggregates total sales, quantity, and count across date ranges.
  • saleCreated subscription emits by businessId.

User Module

Operations include updateProfile, updateSettings, and deleteAccount with AuthGuard protection.

Locale and currency settings here affect user-level defaults for experiences and documents.

Infrastructure and Cross-Cutting Behavior

  • GraphQL context includes locale, prisma, and pubsub references.
  • Redis cache interceptor caches selected resolver responses with scoped keys.
  • Validation errors are flattened into property/message arrays via custom filter.
  • i18n resolvers support websocket, headers, query parameters, and Accept-Language.

File REST API

DocumentController handles upload and file retrieval routes with image filtering and size limits.

curl -X POST "$BASE_URL/file/upload/public/image" \
  -H "Authorization: Bearer $TOKEN" \
  -F "file=@./logo.png"