System Overview
Auth & Tenant Flow
Sample Management
Equipment Calibration
Quality Walkabout
Pest Control
Request Lifecycle
Frontend Layer
π
Web Browser
index.html / login.html
Vanilla JS
β
β‘
Express Server
server.js Β· port 3456
Node.js
β
ποΈ
MariaDB
qcsample database
10 conn pool
β
π΄
Redis
Session storage
Prod only
Middleware Stack
ποΈ
Compression
gzip responses
β
π
Session MW
Redis / memory
β
π’
Tenant Detection
domain β company_id
β
π‘οΈ
Auth Check
requireAuth()
β
π
Module Access
view / edit / none
β
π
Access Filter
getAccessControlFilter()
Feature Modules
π§ͺ
Sample Management
Batch, storage, transactions
Module
βοΈ
Equipment Calibration
Certificates, scheduling
Module
πΆ
Quality Walkabout
Observations, CAPA, closure
Module
π
Pest Control
Devices, readings, meetings
Module
System Services
π§
Email (Nodemailer)
OTP, password reset
π
File Uploads (Multer)
PDF, image, Excel
π
QCPdfEngine
A4 PDF exports
π¨οΈ
Label Printer
ESC/POS Β· Zebra ZD230
πΎ
Auto Backup
mysqldump Β· rotate 10
Login Entry Point
π€
User Enters Email
login.html form
β
π
Tenant Domain Check
/api/tenant/check
β
β
OIDC Configured?
tenant_auth_config lookup
Local Authentication Path
π
Password Entry
auth_type = local
β
π
bcrypt Verify
POST /api/login
β
π
Load User + Modules
user_module_access
β
β
Session Created
β index.html
OIDC SSO Path (Okta / Azure AD / Google)
π
Initiate OIDC Login
GET /auth/login
β
π‘
Discovery Fetch
1h TTL cache
β
π²
State + Nonce
CSRF protection
β
ποΈ
Identity Provider
Okta / Azure / Google
β
β©οΈ
OIDC Callback
GET /auth/callback
β
π€
User Lookup / Create
external_identities
β
β
Session Created
β index.html
Access Control Levels
π
Master Admin
Level 1 β all data
π’
Company / Country Admin
Level 2β3
π
State / Plant Admin
Level 4β5
π·
Regular User / Coord
Level 7β9
Password Reset Flow
π§
Forgot Password
POST /api/forgot-password
β
π’
Generate OTP
5-min expiry, email sent
β
βοΈ
Verify OTP
POST /api/verify-otp
β
π
Reset Password
bcrypt hash stored
Storage Hierarchy
π
Plant
plants table
β
ποΈ
Rack
racks table
β
π¦
Bin
bins table
β
π§ͺ
Sample (Batch)
samples table
Sample Lifecycle
Create
β
New Sample Form
batchID + dates + bin
β
βοΈ
Validate Bin + Scope
Access control check
β
πΎ
Store in DB
samples table
Check-Out
π€
Take Out Sample
/api/transactions/takeout
β
π
Log Transaction
transactions table
β
π
Sample Out
Status updated
Return
π₯
Return Sample
/api/transactions/return
β
π
Log Return
transactions table
β
π
Sample Returned
Bin restored
Transfer
βοΈ
Transfer Request
/api/samples/transfer
β
βοΈ
Validate Destination
Capacity check
β
πΎ
Update Location
samples.bin_id updated
Expiry
π
Update Expiry
/api/samples/update-expiry
β
π
Audit Trail
expiry_updates table
β
β
Expiry Updated
Audit logged
Equipment Registration
β
Add Equipment
Manual or Excel bulk
β
π
Calculate Next Date
calibrationDate + intervalDays
β
ποΈ
equipment_calibrations
Full equipment record
Certificate Upload
π
Upload PDF Certificate
PDF only Β· 10MB max
β
βοΈ
Multer Validates
Type + size check
β
π
1-per-equipment Rule
Replace old doc
β
πΎ
calibration_documents
Path + metadata stored
Calibration Update Tracking
π
Log Calibration Update
Before/after values
β
π
Store Update
calibration_updates table
β
π
Next Date Recalculated
History preserved
Export & Reporting
π
Export Request
GET /api/.../export
β
π
Filter + Query
Access-scoped
β
π₯
Excel / PDF Export
XLSX or A4 PDF
Observation Lifecycle
Report
ποΈ
Raise Observation
Draft created
β
π
Save as Draft
status = Draft
β
π
Attach Evidence
PDF/Image Β· 5MB
Submit
π€
Submit Observation
Draft β Open
β
π·
Assign Action Person
Responsibility set
β
π
History Entry
quality_walkabout_history
Action
π§
CAPA Details
Corrective + Preventive
β
π¬
Add Comments
Discussion thread
β
π
Action Evidence
Separate attachment set
Close
π
Closure Request
Authority check required
β
β
Authorized?
closure_authority table
β
β
Closed
status = Closed
Reopen
π
Reopen Observation
reopenCount++
β
π
Status β Open Again
repeatFlag tracked
Device Registry
πͺ€
Pest Devices
4 types Β· 2 placements
β
πΊοΈ
Layout Maps
pest_layout_images
β
π§΄
Chemical Master
Dosage defaults
Monitoring Readings
π¦
Insect Readings
Count + species breakdown
Fortnightly
π
Rodent Checks
Status codes B/R/O/D/NA
Monthly
π·οΈ
Spider Checks
Status B/R/NA
Monthly
Pest Control Activities
π¨
Spray Tracking
Chemical + dosage log
π¦
Lizard Service
Quarterly IPM
π
Annual Control Plan
Monthly activity matrix
Meetings & Action Items
Meeting
π
Schedule Meeting
Monthly / Quarterly / Special
β
π₯
Record Attendees + MOM
Minutes of Meeting
β
πΎ
pest_meetings
Full meeting record
Actions
β‘
Raise Action Items
From meeting discussion
β
π
Track Status
open β progress β closed
β
πΎ
pest_action_items
Full action record + MOM
Documents & Audit
π
Version-Controlled Docs
1-per-category PDFs
π·
Control Team
pest_control_team
π
Activity Audit Log
pest_activity_log
π
Reports + Heatmaps
Trends Β· Export
Every API Request β Step by Step
π
Browser Request
fetch /api/* + cookies
β
ποΈ
Compress + Parse
gzip Β· JSON body
β
π
Session Load
req.session attached
β
π’
Tenant Detect
domain β company_id
β
π‘οΈ
Authenticated?
requireAuth()
π
Module Access?
samples/calib/pest/walk
β
π
Build Access Filter
SQL WHERE clause
β
ποΈ
Parameterized Query
MariaDB pool Β· no injection
β
π
Transform Result
Format + nulls handled
β
π€
JSON Response
Compressed + sent
Write Operation (Create / Update / Delete)
βοΈ
Write Request
POST / PUT / DELETE
β
βοΈ
Edit Permission
view β edit
β
π
Inject Tenant Scope
company_id from session
β
ποΈ
Execute SQL
Pool connection + release
β
π
Audit Log
History table write
β
β
Success Response
200 / 201 / 204
Session User Object (req.session.user)
π€
Identity
id, email, role, auth_type
π’
Hierarchy
company β plant β dept
π
Module Access
edit / view / none per module
Trigger / Entry
Processing Step
Tool / Service
Output / Result
Data Store
Decision Point