# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Build & Run Commands

```bash
# Build (from yubb-saas-master directory)
mvn clean package -Dmaven.test.skip=true

# Run a single test
mvn test -Dtest=TestClassName -pl yubb-module

# Run (from yubb-saas-master/yubb-admin/target)
java -jar -Xms256m -Xmx1024m yubb-admin.jar

# Linux startup script (from yubb-saas-master)
./yb.sh {start|stop|restart|status}
```

- Profile is controlled via `application-{dev,test,prod}.yml` (activated by Maven profile `-Pdev`, `-Ptest`, `-Pprod`)
- Main application class: `com.yubb.YuBbApplication`
- Swagger UI: `http://host/swagger-ui.html`

## Architecture

### Multi-Module Structure
- **yubb-admin** — Web entry point. Controllers, Swagger config, MinIO, WeChat MP, MQTT integrations
- **yubb-framework** — Shiro security (ShiroConfig, realms, session management, filters), multi-tenancy filter (YubbTenantLineHandler), data-source routing, exception handling, async manager
- **yubb-system** — Domain/mapper/service for platform (multi-tenant) and saas (per-tenant) entities. Each has DTO, VO, Entity, Mapper, Service layers
- **yubb-quartz** — Scheduled job support
- **yubb-generator** — Code generation from database tables
- **yubb-common** — Annotations (@Log, @DataScope, @PlatformDataScope, @Excel, @RepeatSubmit), exceptions, page utilities (TableDataInfo), JSON helpers

### Multi-Tenancy
Tenancy is implemented via a `tenant_id` column. The `tenantFilter` in `application.yml` lists tables that must be filtered. `YubbTenantLineHandler` (MyBatis-plus interceptor) automatically injects tenant condition into queries. Two realms exist: `UserRealm` (saas per-tenant) and `PlatformUserRealm` (platform-level).

### Data Model Conventions
- `domain/` — Entity classes
- `domain/dto/` — Data transfer objects
- `domain/vo/` — View objects
- `mapper/` — MyBatis-plus mappers
- `service/` + `service/impl/` — Service interface + implementation

### Key Technologies
- Java 8 / Spring Boot 2.5.6
- Shiro 1.7.1 for authentication/authorization
- MyBatis-plus 3.5.3 for data access
- Druid for connection pooling
- Redis for caching/sessions
- EhCache for Shiro session caching (`ehcache-shiro.xml`)
- MinIO for file storage
- TDengine for time-series data
- MQTT (Eclipse Paho) for messaging
- WeChat MP (wx-java) for official account integration
- Dozer for object mapping

### Security
- Shiro realms handle login (`SysLoginService`) and permission (`PermissionService`)
- `KickoutSessionFilter` prevents duplicate sessions
- `PlatformLogoutFilter` / `LogoutFilter` handle logout
- XSS filtering via `xss.enabled` config (currently false — IMPROVEMENTS.md documents this as P1 issue)

### Web Layer
Controllers live under `com.yubb.web.controller` with sub-packages: `platform/` (tenant-aware), `system/` (saas), `monitor/`, `tool/`, `demo/`.

## Known Issues (see IMPROVEMENTS.md for full details)

- **P0 Security**: Multi-tenant isolation gaps, SQL injection risk in DynamicSqlProvider, hardcoded secrets
- **P1**: Admin bypass, XSS protection disabled, HttpOnly cookie not set
- No unit tests currently exist

## SQL Scripts
SQL migration files are in `sql/` directory.