Feat/auth refresh

.github/workflows/quality.yml

@@ -27,6 +27,7 @@ jobs:
         with:
           version: latest
           args: --timeout=5m
+          install-mode: goinstall
 
       - name: Run Tests (With Coverage)
         run: go test -v -coverprofile=coverage.out ./...

.golangci.yml

@@ -1,19 +1,15 @@
 run:
   timeout: 5m
-  modules-download-mode: readonly
 
 linters:
+  disable-all: true
   enable:
     - errcheck
-    - gosimple
     - govet
     - ineffassign
     - staticcheck
-    - typecheck
     - unused
     - revive    # Replacement for golint (enforces comments)
-    - gofmt
-    - goimports
     - misspell
     - unconvert
     - unparam

Makefile

@@ -9,7 +9,7 @@ API_CMD=$(GO_RUN) ./cmd/api
 # Database Connection (for psql)
 DB_DSN=$(DATABASE_URL)
 
-.PHONY: all build run test clean lint migrate-up migrate-down migrate-status docker-up docker-down help
+.PHONY: all build run test clean lint migrate-up migrate-down migrate-status docker-up docker-down help setup
 
 help: ## Show this help message
 	@echo 'Usage:'
@@ -18,6 +18,16 @@ help: ## Show this help message
 	@echo 'Targets:'
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
+setup: ## Install developer dependencies (goose, swag, pkgsite, gomarkdoc, golangci-lint)
+	@echo "Installing Go tools..."
+	$(GO_CMD) install github.com/pressly/goose/v3/cmd/goose@latest
+	$(GO_CMD) install github.com/swaggo/swag/cmd/swag@latest
+	$(GO_CMD) install golang.org/x/pkgsite/cmd/pkgsite@latest
+	$(GO_CMD) install github.com/princjef/gomarkdoc/cmd/gomarkdoc@latest
+	@echo "Installing golangci-lint via official install script..."
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(shell go env GOPATH)/bin v1.64.4
+	@echo "Setup complete. Make sure $$(go env GOPATH)/bin is in your PATH."
+
 all: lint test build ## Run linter, tests, and build
 
 build: ## Build the API binary

README.md

@@ -22,7 +22,15 @@ cd sal
 cp .env.example .env
 ```
 
-### 2. Start the database
+### 2. Install Dependencies
+
+Install the Go toolchain tools required by the Makefile (linter, swagger generator, database migration tool, and documentation server).
+
+```bash
+make setup
+```
+
+### 3. Start the database
 
 ```bash
 docker compose up postgres -d
@@ -70,6 +78,7 @@ We use `make` for common tasks:
 
 | Command | Description |
 |---------|-------------|
+| `make setup` | Install Go development tools and linters |
 | `make all` | Run linter, tests, and build |
 | `make run` | Run API locally |
 | `make test` | Run tests with coverage |

cmd/api/server.go

@@ -70,7 +70,7 @@ func (s *Server) routes() {
 	s.Router.Use(middleware.Logger)
 	s.Router.Use(middleware.Recoverer)
 	s.Router.Use(cors.Handler(cors.Options{
-		AllowedOrigins:   []string{"*"}, // TODO: Restrict in production
+		AllowedOrigins:   s.Config.AllowedOrigins,
 		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
 		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
 		ExposedHeaders:   []string{"Link"},
@@ -91,7 +91,7 @@ func (s *Server) routes() {
 
 	// API Group
 	s.Router.Route("/api/v1", func(r chi.Router) {
-		r.Get("/", func(w http.ResponseWriter, r *http.Request) {
+		r.Get("/", func(w http.ResponseWriter, _ *http.Request) {
 			response.JSON(w, http.StatusOK, map[string]string{"message": "Welcome to Sal API v1"})
 		})
 

docs/ROADMAP.md

@@ -39,11 +39,27 @@ Replcaed Supabase Auth. Complete.
 
 ### 3d. Middleware
 - [x] **Auth Middleware**: Check `Authorization: Bearer ...`.
-- [ ] **Permission Middleware**: Check `staff.permissions` JSON.
+- [x] **Permission Middleware**: Check `staff.permissions` JSON.
 
 ---
 
-## 🔮 Phase 4: Organization Management
+## 🔮 Phase 4: Billing & Onboarding (SaaS/Stripe)
+
+Manage paid subscriptions, Stripe integration, and the onboarding flow. Estimated: **4-5 Days**.
+
+### 4a. Stripe Integration (Backend)
+- [ ] **Data Models**: Add `subscriptions`, `packages` tables, and link `stripe_customer_id` to organizations.
+- [ ] **Checkout Route**: Generate Stripe Checkout Sessions `POST /billing/checkout`.
+- [ ] **Webhook Handler**: `POST /billing/webhook` to handle `checkout.session.completed` for auto-provisioning.
+
+### 4b. Account Provisioning & Email
+- [ ] **Email Service**: Integrate SMTP/AWS SES/SendGrid for transactional emails.
+- [ ] **Welcome Flow**: Auto-create Org & Admin user upon successful payment.
+- [ ] **Set Password Route**: `POST /auth/set-password` securely handle the one-time setup token.
+
+---
+
+## 🔮 Phase 5: Organization Management
 
 Manage Tenants, Staff, and Patients. Estimated: **3-4 Days**.
 
@@ -63,35 +79,35 @@ Manage Tenants, Staff, and Patients. Estimated: **3-4 Days**.
 
 ---
 
-## 🔮 Phase 5: Clinical Forms & Templates
+## 🔮 Phase 6: Clinical Forms & Templates
 
 Dynamic Form Builder. Estimated: **3 Days**.
 
-### 5a. Templates
+### 6a. Templates
 - [ ] CRUD for `form_templates` (JSON Schema).
 - [ ] Versioning logic (`template_key` + `version`).
 
-### 5b. Document Flows
+### 6b. Document Flows
 - [ ] `document_flows` (Workflow definitions).
 
 ---
 
-## 🔮 Phase 6: Core Product (AI Notes)
+## 🔮 Phase 7: Core Product (AI Notes)
 
 Audio Processing Pipeline. Estimated: **5-7 Days**.
 
-### 6a. Audio Upload
+### 7a. Audio Upload
 - [ ] `POST /audio-notes`: Upload file to S3/MinIO.
 - [ ] Architecture: Signed URLs vs Direct Upload.
 
-### 6b. Transcription & Generation
+### 7b. Transcription & Generation
 - [ ] **Worker**: Background job to process audio.
 - [ ] **LLM**: Integration with Anthropic/OpenAI API.
 - [ ] **Optimistic Locking**: Handle concurrent edits on `generated_notes`.
 
 ---
 
-## 🔮 Phase 7: Advanced Features
+## 🔮 Phase 8: Advanced Features
 - [ ] **WS**: WebSockets for real-time status updates.
 - [ ] **2FA**: TOTP implementation.
 - [ ] **OAuth**: Google Login.