init equipment & change-status

server/src/app.controller.spec.ts

@@ -0,0 +1,22 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AppController } from './app.controller';
+import { AppService } from './app.service';
+
+describe('AppController', () => {
+  let appController: AppController;
+
+  beforeEach(async () => {
+    const app: TestingModule = await Test.createTestingModule({
+      controllers: [AppController],
+      providers: [AppService],
+    }).compile();
+
+    appController = app.get<AppController>(AppController);
+  });
+
+  describe('root', () => {
+    it('should return "Hello World!"', () => {
+      expect(appController.getHello()).toBe('Hello World!');
+    });
+  });
+});

server/src/app.controller.ts

@@ -0,0 +1,12 @@
+import { Controller, Get } from '@nestjs/common';
+import { AppService } from './app.service';
+
+@Controller()
+export class AppController {
+  constructor(private readonly appService: AppService) {}
+
+  @Get()
+  getHello(): string {
+    return this.appService.getHello();
+  }
+}

server/src/app.module.ts

@@ -0,0 +1,19 @@
+import { Module } from '@nestjs/common';
+import { ConfigModule } from '@nestjs/config';
+import { AuthModule } from './auth/auth.module';
+import { HealthModule } from './health/health.module';
+import { EquipmentModule } from './modules/equipment/equipment.module';
+import { EquipmentStatusChangeModule } from './modules/equipment-status-change/equipment-status-change.module';
+import { PrismaModule } from './prisma/prisma.module';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot({ isGlobal: true }),
+    PrismaModule,
+    AuthModule,
+    HealthModule,
+    EquipmentModule,
+    EquipmentStatusChangeModule,
+  ],
+})
+export class AppModule {}

server/src/app.service.ts

@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class AppService {
+  getHello(): string {
+    return 'Hello World!';
+  }
+}

server/src/auth/auth.module.ts

@@ -0,0 +1,23 @@
+import { Module } from '@nestjs/common';
+import { APP_GUARD } from '@nestjs/core';
+import { AuthService } from './auth.service';
+import { JwtAuthGuard } from './guards/jwt-auth.guard';
+import { RolesGuard } from './guards/roles.guard';
+
+@Module({
+  providers: [
+    AuthService,
+    JwtAuthGuard,
+    RolesGuard,
+    {
+      provide: APP_GUARD,
+      useClass: JwtAuthGuard,
+    },
+    {
+      provide: APP_GUARD,
+      useClass: RolesGuard,
+    },
+  ],
+  exports: [AuthService, JwtAuthGuard, RolesGuard],
+})
+export class AuthModule {}

server/src/auth/auth.service.ts

@@ -0,0 +1,102 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { createRemoteJWKSet, jwtVerify, JWTPayload } from 'jose';
+
+export type AuthenticatedUser = {
+  sub: string;
+  roles: string[];
+  token: JWTPayload;
+};
+
+@Injectable()
+export class AuthService {
+  private jwksCache = new Map<string, ReturnType<typeof createRemoteJWKSet>>();
+
+  async verifyBearerToken(authorizationHeader?: string): Promise<AuthenticatedUser> {
+    const token = this.extractBearerToken(authorizationHeader);
+    if (!token) {
+      throw new UnauthorizedException('Missing bearer token');
+    }
+
+    const issuer = process.env.KEYCLOAK_ISSUER_URL;
+    const audience = process.env.KEYCLOAK_AUDIENCE;
+
+    if (!issuer || !audience) {
+      throw new UnauthorizedException('Keycloak issuer or audience is not configured');
+    }
+
+    const jwks = await this.resolveJwks(issuer);
+    const { payload } = await jwtVerify(token, jwks, {
+      issuer,
+      audience,
+    });
+
+    const realmAccess = payload.realm_access as { roles?: string[] } | undefined;
+
+    return {
+      sub: String(payload.sub ?? ''),
+      roles: Array.isArray(realmAccess?.roles) ? realmAccess.roles : [],
+      token: payload,
+    };
+  }
+
+  private extractBearerToken(authorizationHeader?: string) {
+    if (!authorizationHeader) {
+      return null;
+    }
+
+    const [scheme, token] = authorizationHeader.split(' ');
+    if (scheme !== 'Bearer' || !token) {
+      return null;
+    }
+
+    return token;
+  }
+
+  private async resolveJwks(issuer: string) {
+    const candidates = await this.buildJwksCandidates(issuer);
+
+    let lastError: unknown;
+    for (const candidate of candidates) {
+      try {
+        if (!this.jwksCache.has(candidate)) {
+          this.jwksCache.set(candidate, createRemoteJWKSet(new URL(candidate)));
+        }
+
+        return this.jwksCache.get(candidate)!;
+      } catch (error) {
+        lastError = error;
+      }
+    }
+
+    throw new UnauthorizedException(
+      `Unable to resolve JWKS for issuer ${issuer}: ${lastError instanceof Error ? lastError.message : 'unknown error'}`,
+    );
+  }
+
+  private async buildJwksCandidates(issuer: string) {
+    const urls: string[] = [];
+
+    if (process.env.KEYCLOAK_JWKS_URL) {
+      urls.push(process.env.KEYCLOAK_JWKS_URL);
+    }
+
+    const normalizedIssuer = issuer.replace(/\/$/, '');
+    const discoveryUrl = `${normalizedIssuer}/.well-known/openid-configuration`;
+
+    try {
+      const response = await fetch(discoveryUrl);
+      if (response.ok) {
+        const document = (await response.json()) as { jwks_uri?: string };
+        if (document.jwks_uri) {
+          urls.push(document.jwks_uri);
+        }
+      }
+    } catch {
+      // Try the Keycloak certs endpoint below if discovery fails.
+    }
+
+    urls.push(`${normalizedIssuer}/protocol/openid-connect/certs`);
+
+    return [...new Set(urls)];
+  }
+}

server/src/auth/decorators/public.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const IS_PUBLIC_KEY = 'isPublic';
+export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

server/src/auth/decorators/roles.decorator.ts

@@ -0,0 +1,4 @@
+import { SetMetadata } from '@nestjs/common';
+
+export const ROLES_KEY = 'roles';
+export const Roles = (...roles: string[]) => SetMetadata(ROLES_KEY, roles);

server/src/auth/guards/jwt-auth.guard.ts

@@ -0,0 +1,39 @@
+import {
+  CanActivate,
+  ExecutionContext,
+  Injectable,
+  UnauthorizedException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Request } from 'express';
+import { AuthService } from '../auth.service';
+import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
+
+@Injectable()
+export class JwtAuthGuard implements CanActivate {
+  constructor(
+    private readonly reflector: Reflector,
+    private readonly authService: AuthService,
+  ) {}
+
+  async canActivate(context: ExecutionContext) {
+    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (isPublic) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<Request & { user?: unknown }>();
+    const user = await this.authService.verifyBearerToken(request.headers.authorization);
+
+    if (!user.sub) {
+      throw new UnauthorizedException('Token subject is missing');
+    }
+
+    request.user = user;
+    return true;
+  }
+}

server/src/auth/guards/roles.guard.ts

@@ -0,0 +1,29 @@
+import { CanActivate, ExecutionContext, ForbiddenException, Injectable } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { Request } from 'express';
+import { ROLES_KEY } from '../decorators/roles.decorator';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private readonly reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext) {
+    const requiredRoles = this.reflector.getAllAndOverride<string[]>(ROLES_KEY, [
+      context.getHandler(),
+      context.getClass(),
+    ]);
+
+    if (!requiredRoles || requiredRoles.length === 0) {
+      return true;
+    }
+
+    const request = context.switchToHttp().getRequest<Request & { user?: { roles?: string[] } }>();
+    const userRoles = request.user?.roles ?? [];
+
+    if (requiredRoles.some((role) => userRoles.includes(role))) {
+      return true;
+    }
+
+    throw new ForbiddenException('Insufficient role');
+  }
+}

server/src/common/http.ts

@@ -0,0 +1,7 @@
+import { Response } from 'express';
+
+export function setListHeaders(response: Response, total: number, start: number, end: number) {
+  const safeEnd = total === 0 ? start : Math.max(start, end - 1);
+  response.setHeader('Content-Range', `items ${start}-${safeEnd}/${total}`);
+  response.setHeader('Access-Control-Expose-Headers', 'Content-Range');
+}

server/src/health/health.controller.ts

@@ -0,0 +1,14 @@
+import { Controller, Get } from '@nestjs/common';
+import { Public } from '../auth/decorators/public.decorator';
+
+@Controller('health')
+export class HealthController {
+  @Public()
+  @Get()
+  getHealth() {
+    return {
+      status: 'ok',
+      timestamp: new Date().toISOString(),
+    };
+  }
+}

server/src/health/health.module.ts

@@ -0,0 +1,7 @@
+import { Module } from '@nestjs/common';
+import { HealthController } from './health.controller';
+
+@Module({
+  controllers: [HealthController],
+})
+export class HealthModule {}

server/src/main.ts

@@ -0,0 +1,27 @@
+import { ValidationPipe } from '@nestjs/common';
+import { NestFactory } from '@nestjs/core';
+import { AppModule } from './app.module';
+
+async function bootstrap() {
+  const app = await NestFactory.create(AppModule);
+  const origins = (process.env.CORS_ALLOWED_ORIGINS ?? '')
+    .split(',')
+    .map((origin) => origin.trim())
+    .filter(Boolean);
+
+  app.enableCors({
+    origin: origins.length > 0 ? origins : true,
+    exposedHeaders: ['Content-Range'],
+    credentials: true,
+  });
+  app.useGlobalPipes(
+    new ValidationPipe({
+      whitelist: true,
+      transform: true,
+    }),
+  );
+
+  await app.listen(process.env.PORT ?? 3000);
+}
+
+void bootstrap();

server/src/modules/change-equipment-status/change-equipment-status.controller.ts

@@ -0,0 +1,55 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { ChangeEquipmentStatusService } from './change-equipment-status.service';
+import { CreateChangeEquipmentStatusDto } from './dto/create-change-equipment-status.dto';
+import { UpdateChangeEquipmentStatusDto } from './dto/update-change-equipment-status.dto';
+
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Controller('change-equipment-statuses')
+export class ChangeEquipmentStatusController {
+  constructor(private readonly changeEquipmentStatusService: ChangeEquipmentStatusService) {}
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get()
+  findAll(@Query() query: Record<string, unknown>, @Res({ passthrough: true }) response: Response) {
+    return this.changeEquipmentStatusService.findAll(query, response);
+  }
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get(':id')
+  findOne(@Param('id') id: string) {
+    return this.changeEquipmentStatusService.findOne(id);
+  }
+
+  @Roles('editor', 'admin')
+  @Post()
+  create(@Body() dto: CreateChangeEquipmentStatusDto) {
+    return this.changeEquipmentStatusService.create(dto);
+  }
+
+  @Roles('editor', 'admin')
+  @Patch(':id')
+  update(@Param('id') id: string, @Body() dto: UpdateChangeEquipmentStatusDto) {
+    return this.changeEquipmentStatusService.update(id, dto);
+  }
+
+  @Roles('admin')
+  @Delete(':id')
+  remove(@Param('id') id: string) {
+    return this.changeEquipmentStatusService.remove(id);
+  }
+}

server/src/modules/change-equipment-status/change-equipment-status.module.ts

@@ -0,0 +1,9 @@
+import { Module } from '@nestjs/common';
+import { ChangeEquipmentStatusController } from './change-equipment-status.controller';
+import { ChangeEquipmentStatusService } from './change-equipment-status.service';
+
+@Module({
+  controllers: [ChangeEquipmentStatusController],
+  providers: [ChangeEquipmentStatusService],
+})
+export class ChangeEquipmentStatusModule {}

server/src/modules/change-equipment-status/change-equipment-status.service.ts

@@ -0,0 +1,162 @@
+import { Injectable, NotFoundException } from '@nestjs/common';
+import { EquipmentStatus, Prisma } from '@prisma/client';
+import { Response } from 'express';
+import { setListHeaders } from '../../common/http';
+import { PrismaService } from '../../prisma/prisma.service';
+import { CreateChangeEquipmentStatusDto } from './dto/create-change-equipment-status.dto';
+import { UpdateChangeEquipmentStatusDto } from './dto/update-change-equipment-status.dto';
+
+@Injectable()
+export class ChangeEquipmentStatusService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async findAll(query: Record<string, unknown>, response: Response) {
+    const start = Number(query._start ?? 0);
+    const end = Number(query._end ?? start + 25);
+    const take = Math.max(end - start, 0);
+    const sortField = typeof query._sort === 'string' ? query._sort : 'date';
+    const sortOrder = query._order === 'ASC' ? 'asc' : 'desc';
+    const q = typeof query.q === 'string' ? query.q.trim() : '';
+    const equipmentId = typeof query.equipmentId === 'string' ? query.equipmentId : undefined;
+    const rawStatus = query.newStatus;
+    const statuses = Array.isArray(rawStatus)
+      ? rawStatus.filter((value): value is EquipmentStatus => typeof value === 'string')
+      : typeof rawStatus === 'string'
+        ? [rawStatus as EquipmentStatus]
+        : [];
+
+    const where: Prisma.ChangeEquipmentStatusWhereInput = {};
+
+    if (q) {
+      where.OR = [
+        { number: { contains: q, mode: 'insensitive' } },
+        { responsible: { contains: q, mode: 'insensitive' } },
+      ];
+    }
+
+    if (equipmentId) {
+      where.equipmentId = equipmentId;
+    }
+
+    if (statuses.length === 1) {
+      where.newStatus = statuses[0];
+    } else if (statuses.length > 1) {
+      where.newStatus = { in: statuses };
+    }
+
+    const [total, items] = await this.prisma.$transaction([
+      this.prisma.changeEquipmentStatus.count({ where }),
+      this.prisma.changeEquipmentStatus.findMany({
+        where,
+        include: { equipment: true },
+        skip: start,
+        take,
+        orderBy: { [sortField === 'id' ? 'id' : sortField]: sortOrder },
+      }),
+    ]);
+
+    setListHeaders(response, total, start, end);
+    return items.map((item) => this.toRecord(item));
+  }
+
+  async findOne(id: string) {
+    const item = await this.prisma.changeEquipmentStatus.findUnique({
+      where: { id },
+      include: { equipment: true },
+    });
+
+    if (!item) {
+      throw new NotFoundException(`ChangeEquipmentStatus ${id} not found`);
+    }
+
+    return this.toRecord(item);
+  }
+
+  async create(dto: CreateChangeEquipmentStatusDto) {
+    const created = await this.prisma.$transaction(async (tx) => {
+      const record = await tx.changeEquipmentStatus.create({
+        data: {
+          equipmentId: dto.equipmentId,
+          newStatus: dto.newStatus,
+          number: dto.number,
+          date: new Date(dto.date),
+          responsible: dto.responsible,
+        },
+        include: { equipment: true },
+      });
+
+      if (dto.equipmentId) {
+        await tx.equipment.update({
+          where: { id: dto.equipmentId },
+          data: { status: dto.newStatus },
+        });
+      }
+
+      return record;
+    });
+
+    return this.toRecord(created);
+  }
+
+  async update(id: string, dto: UpdateChangeEquipmentStatusDto) {
+    await this.findOne(id);
+
+    const { id: _id, ...payload } = dto as UpdateChangeEquipmentStatusDto & { id?: string };
+    const updated = await this.prisma.$transaction(async (tx) => {
+      const record = await tx.changeEquipmentStatus.update({
+        where: { id },
+        data: {
+          ...payload,
+          date: dto.date ? new Date(dto.date) : undefined,
+        },
+        include: { equipment: true },
+      });
+
+      if (record.equipmentId && dto.newStatus) {
+        await tx.equipment.update({
+          where: { id: record.equipmentId },
+          data: { status: dto.newStatus },
+        });
+      }
+
+      return record;
+    });
+
+    return this.toRecord(updated);
+  }
+
+  async remove(id: string) {
+    await this.findOne(id);
+    const deleted = await this.prisma.changeEquipmentStatus.delete({
+      where: { id },
+      include: { equipment: true },
+    });
+
+    return this.toRecord(deleted);
+  }
+
+  private toRecord(item: {
+    id: string;
+    equipmentId: string | null;
+    newStatus: EquipmentStatus;
+    number: string | null;
+    date: Date;
+    responsible: string | null;
+    equipment?: { id: string; name: string } | null;
+  }) {
+    return {
+      id: item.id,
+      equipmentId: item.equipmentId,
+      newStatus: item.newStatus,
+      number: item.number,
+      date: item.date.toISOString(),
+      responsible: item.responsible,
+      equipment: item.equipment
+        ? {
+            id: item.equipment.id,
+            name: item.equipment.name,
+          }
+        : null,
+    };
+  }
+}

server/src/modules/change-equipment-status/dto/create-change-equipment-status.dto.ts

@@ -0,0 +1,22 @@
+import { EquipmentStatus } from '@prisma/client';
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+
+export class CreateChangeEquipmentStatusDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId?: string;
+
+  @IsEnum(EquipmentStatus)
+  newStatus!: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsString()
+  date!: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

server/src/modules/change-equipment-status/dto/update-change-equipment-status.dto.ts

@@ -0,0 +1,24 @@
+import { EquipmentStatus } from '@prisma/client';
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
+
+export class UpdateChangeEquipmentStatusDto {
+  @IsOptional()
+  @IsUUID()
+  equipmentId?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  newStatus?: EquipmentStatus;
+
+  @IsOptional()
+  @IsString()
+  number?: string;
+
+  @IsOptional()
+  @IsString()
+  date?: string;
+
+  @IsOptional()
+  @IsString()
+  responsible?: string;
+}

server/src/modules/equipment-status-change/dto/create-equipment-status-change.dto.ts

@@ -0,0 +1 @@
+export { CreateChangeEquipmentStatusDto as CreateEquipmentStatusChangeDto } from '../../change-equipment-status/dto/create-change-equipment-status.dto';

server/src/modules/equipment-status-change/dto/update-equipment-status-change.dto.ts

@@ -0,0 +1 @@
+export { UpdateChangeEquipmentStatusDto as UpdateEquipmentStatusChangeDto } from '../../change-equipment-status/dto/update-change-equipment-status.dto';

server/src/modules/equipment-status-change/equipment-status-change.controller.ts

@@ -0,0 +1,55 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { ChangeEquipmentStatusService } from '../change-equipment-status/change-equipment-status.service';
+import { CreateChangeEquipmentStatusDto } from '../change-equipment-status/dto/create-change-equipment-status.dto';
+import { UpdateChangeEquipmentStatusDto } from '../change-equipment-status/dto/update-change-equipment-status.dto';
+
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Controller('status-changes')
+export class EquipmentStatusChangeController {
+  constructor(private readonly equipmentStatusChangeService: ChangeEquipmentStatusService) {}
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get()
+  findAll(@Query() query: Record<string, unknown>, @Res({ passthrough: true }) response: Response) {
+    return this.equipmentStatusChangeService.findAll(query, response);
+  }
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get(':id')
+  findOne(@Param('id') id: string) {
+    return this.equipmentStatusChangeService.findOne(id);
+  }
+
+  @Roles('editor', 'admin')
+  @Post()
+  create(@Body() dto: CreateChangeEquipmentStatusDto) {
+    return this.equipmentStatusChangeService.create(dto);
+  }
+
+  @Roles('editor', 'admin')
+  @Patch(':id')
+  update(@Param('id') id: string, @Body() dto: UpdateChangeEquipmentStatusDto) {
+    return this.equipmentStatusChangeService.update(id, dto);
+  }
+
+  @Roles('admin')
+  @Delete(':id')
+  remove(@Param('id') id: string) {
+    return this.equipmentStatusChangeService.remove(id);
+  }
+}

server/src/modules/equipment-status-change/equipment-status-change.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { AuthModule } from '../../auth/auth.module';
+import { ChangeEquipmentStatusService } from '../change-equipment-status/change-equipment-status.service';
+import { EquipmentStatusChangeController } from './equipment-status-change.controller';
+
+@Module({
+  imports: [AuthModule],
+  controllers: [EquipmentStatusChangeController],
+  providers: [ChangeEquipmentStatusService],
+})
+export class EquipmentStatusChangeModule {}

server/src/modules/equipment-status-change/equipment-status-change.service.ts

@@ -0,0 +1 @@
+export { ChangeEquipmentStatusService as EquipmentStatusChangeService } from '../change-equipment-status/change-equipment-status.service';

server/src/modules/equipment/dto/create-equipment.dto.ts

@@ -0,0 +1,21 @@
+import { EquipmentStatus } from '@prisma/client';
+import { IsEnum, IsOptional, IsString } from 'class-validator';
+
+export class CreateEquipmentDto {
+  @IsString()
+  name!: string;
+
+  @IsString()
+  serialNumber!: string;
+
+  @IsOptional()
+  @IsString()
+  dateOfInspection?: string;
+
+  @IsOptional()
+  @IsString()
+  commissionedAt?: string;
+
+  @IsEnum(EquipmentStatus)
+  status!: EquipmentStatus;
+}

server/src/modules/equipment/dto/update-equipment.dto.ts

@@ -0,0 +1,24 @@
+import { EquipmentStatus } from '@prisma/client';
+import { IsEnum, IsOptional, IsString } from 'class-validator';
+
+export class UpdateEquipmentDto {
+  @IsOptional()
+  @IsString()
+  name?: string;
+
+  @IsOptional()
+  @IsString()
+  serialNumber?: string;
+
+  @IsOptional()
+  @IsString()
+  dateOfInspection?: string;
+
+  @IsOptional()
+  @IsString()
+  commissionedAt?: string;
+
+  @IsOptional()
+  @IsEnum(EquipmentStatus)
+  status?: EquipmentStatus;
+}

server/src/modules/equipment/equipment.controller.ts

@@ -0,0 +1,55 @@
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Param,
+  Patch,
+  Post,
+  Query,
+  Res,
+  UseGuards,
+} from '@nestjs/common';
+import type { Response } from 'express';
+import { Roles } from '../../auth/decorators/roles.decorator';
+import { JwtAuthGuard } from '../../auth/guards/jwt-auth.guard';
+import { RolesGuard } from '../../auth/guards/roles.guard';
+import { CreateEquipmentDto } from './dto/create-equipment.dto';
+import { UpdateEquipmentDto } from './dto/update-equipment.dto';
+import { EquipmentService } from './equipment.service';
+
+@UseGuards(JwtAuthGuard, RolesGuard)
+@Controller('equipment')
+export class EquipmentController {
+  constructor(private readonly equipmentService: EquipmentService) {}
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get()
+  findAll(@Query() query: Record<string, unknown>, @Res({ passthrough: true }) response: Response) {
+    return this.equipmentService.findAll(query, response);
+  }
+
+  @Roles('viewer', 'editor', 'admin')
+  @Get(':id')
+  findOne(@Param('id') id: string) {
+    return this.equipmentService.findOne(id);
+  }
+
+  @Roles('editor', 'admin')
+  @Post()
+  create(@Body() dto: CreateEquipmentDto) {
+    return this.equipmentService.create(dto);
+  }
+
+  @Roles('editor', 'admin')
+  @Patch(':id')
+  update(@Param('id') id: string, @Body() dto: UpdateEquipmentDto) {
+    return this.equipmentService.update(id, dto);
+  }
+
+  @Roles('admin')
+  @Delete(':id')
+  remove(@Param('id') id: string) {
+    return this.equipmentService.remove(id);
+  }
+}

server/src/modules/equipment/equipment.module.ts

@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { AuthModule } from '../../auth/auth.module';
+import { EquipmentController } from './equipment.controller';
+import { EquipmentService } from './equipment.service';
+
+@Module({
+  imports: [AuthModule],
+  controllers: [EquipmentController],
+  providers: [EquipmentService],
+})
+export class EquipmentModule {}

server/src/modules/equipment/equipment.service.ts

@@ -0,0 +1,119 @@
+import { Injectable, NotFoundException } from '@nestjs/common';
+import { EquipmentStatus, Prisma } from '@prisma/client';
+import { Response } from 'express';
+import { setListHeaders } from '../../common/http';
+import { PrismaService } from '../../prisma/prisma.service';
+import { CreateEquipmentDto } from './dto/create-equipment.dto';
+import { UpdateEquipmentDto } from './dto/update-equipment.dto';
+
+@Injectable()
+export class EquipmentService {
+  constructor(private readonly prisma: PrismaService) {}
+
+  async findAll(query: Record<string, unknown>, response: Response) {
+    const start = Number(query._start ?? 0);
+    const end = Number(query._end ?? start + 25);
+    const take = Math.max(end - start, 0);
+    const sortField = typeof query._sort === 'string' ? query._sort : 'id';
+    const sortOrder = query._order === 'DESC' ? 'desc' : 'asc';
+    const q = typeof query.q === 'string' ? query.q.trim() : '';
+    const rawStatus = query.status;
+    const statuses = Array.isArray(rawStatus)
+      ? rawStatus.filter((value): value is EquipmentStatus => typeof value === 'string')
+      : typeof rawStatus === 'string'
+        ? [rawStatus as EquipmentStatus]
+        : [];
+
+    const where: Prisma.EquipmentWhereInput = {};
+
+    if (q) {
+      where.OR = [
+        { name: { contains: q, mode: 'insensitive' } },
+        { serialNumber: { contains: q, mode: 'insensitive' } },
+      ];
+    }
+
+    if (statuses.length === 1) {
+      where.status = statuses[0];
+    } else if (statuses.length > 1) {
+      where.status = { in: statuses };
+    }
+
+    const orderByField = sortField === 'id' ? 'id' : sortField;
+    const [total, items] = await this.prisma.$transaction([
+      this.prisma.equipment.count({ where }),
+      this.prisma.equipment.findMany({
+        where,
+        skip: start,
+        take,
+        orderBy: { [orderByField]: sortOrder },
+      }),
+    ]);
+
+    setListHeaders(response, total, start, end);
+    return items.map((item) => this.toRecord(item));
+  }
+
+  async findOne(id: string) {
+    const item = await this.prisma.equipment.findUnique({ where: { id } });
+    if (!item) {
+      throw new NotFoundException(`Equipment ${id} not found`);
+    }
+
+    return this.toRecord(item);
+  }
+
+  async create(dto: CreateEquipmentDto) {
+    const created = await this.prisma.equipment.create({
+      data: {
+        name: dto.name,
+        serialNumber: dto.serialNumber,
+        dateOfInspection: dto.dateOfInspection ? new Date(dto.dateOfInspection) : undefined,
+        commissionedAt: dto.commissionedAt ? new Date(dto.commissionedAt) : undefined,
+        status: dto.status,
+      },
+    });
+
+    return this.toRecord(created);
+  }
+
+  async update(id: string, dto: UpdateEquipmentDto) {
+    await this.findOne(id);
+
+    const { id: _id, ...payload } = dto as UpdateEquipmentDto & { id?: string };
+    const updated = await this.prisma.equipment.update({
+      where: { id },
+      data: {
+        ...payload,
+        dateOfInspection: dto.dateOfInspection ? new Date(dto.dateOfInspection) : undefined,
+        commissionedAt: dto.commissionedAt ? new Date(dto.commissionedAt) : undefined,
+      },
+    });
+
+    return this.toRecord(updated);
+  }
+
+  async remove(id: string) {
+    await this.findOne(id);
+    const deleted = await this.prisma.equipment.delete({ where: { id } });
+    return this.toRecord(deleted);
+  }
+
+  private toRecord(item: {
+    id: string;
+    name: string;
+    serialNumber: string;
+    dateOfInspection: Date | null;
+    commissionedAt: Date | null;
+    status: EquipmentStatus;
+  }) {
+    return {
+      id: item.id,
+      name: item.name,
+      serialNumber: item.serialNumber,
+      dateOfInspection: item.dateOfInspection?.toISOString() ?? null,
+      commissionedAt: item.commissionedAt?.toISOString() ?? null,
+      status: item.status,
+    };
+  }
+}

server/src/prisma/prisma.module.ts

@@ -0,0 +1,9 @@
+import { Global, Module } from '@nestjs/common';
+import { PrismaService } from './prisma.service';
+
+@Global()
+@Module({
+  providers: [PrismaService],
+  exports: [PrismaService],
+})
+export class PrismaModule {}

server/src/prisma/prisma.service.ts

@@ -0,0 +1,24 @@
+import { Injectable, OnModuleInit } from '@nestjs/common';
+import { PrismaPg } from '@prisma/adapter-pg';
+import { PrismaClient } from '@prisma/client';
+import { Pool } from 'pg';
+
+@Injectable()
+export class PrismaService extends PrismaClient implements OnModuleInit {
+  constructor() {
+    const connectionString = process.env.DATABASE_URL;
+
+    if (!connectionString) {
+      throw new Error('DATABASE_URL is not set');
+    }
+
+    const pool = new Pool({ connectionString });
+    const adapter = new PrismaPg(pool);
+
+    super({ adapter });
+  }
+
+  async onModuleInit() {
+    await this.$connect();
+  }
+}