feat(tenant): add tenant support

- Add instance_metadata table with unique UUID per instance
- Add tenant_id column to all business tables (documents, signatures, expected_signers, webhooks, reminder_logs, email_queue, checksum_verifications, webhook_deliveries)
- Backfill existing data with instance tenant UUID
- Create TenantProvider interface and SingleTenantProvider implementation
- Update all repositories to filter by tenant_id
- Add immutability triggers to prevent tenant_id modification after creation

Migration 0015 includes:
- Schema changes with indexes for tenant_id columns
- SQL backfill for existing data
- Trigger functions for data integrity

Author: btouchard

backend/internal/application/services/reminder.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/btouchard/ackify-ce/backend/internal/domain/models"
 	"github.com/btouchard/ackify-ce/backend/internal/infrastructure/email"
+	"github.com/btouchard/ackify-ce/backend/internal/infrastructure/i18n"
 	"github.com/btouchard/ackify-ce/backend/pkg/logger"
 )
 
@@ -34,6 +35,7 @@ type ReminderService struct {
 	reminderRepo       reminderRepository
 	emailSender        email.Sender
 	magicLinkService   magicLinkService
+	i18n               *i18n.I18n
 	baseURL            string
 }
 
@@ -43,13 +45,15 @@ func NewReminderService(
 	reminderRepo reminderRepository,
 	emailSender email.Sender,
 	magicLinkService magicLinkService,
+	i18nService *i18n.I18n,
 	baseURL string,
 ) *ReminderService {
 	return &ReminderService{
 		expectedSignerRepo: expectedSignerRepo,
 		reminderRepo:       reminderRepo,
 		emailSender:        emailSender,
 		magicLinkService:   magicLinkService,
+		i18n:               i18nService,
 		baseURL:            baseURL,
 	}
 }
@@ -177,7 +181,7 @@ func (s *ReminderService) sendSingleReminder(
 		Status:         "sent",
 	}
 
-	err = email.SendSignatureReminderEmail(ctx, s.emailSender, []string{recipientEmail}, locale, docID, docURL, authSignURL, recipientName)
+	err = email.SendSignatureReminderEmail(ctx, s.emailSender, s.i18n, []string{recipientEmail}, locale, docID, docURL, authSignURL, recipientName)
 	if err != nil {
 		log.Status = "failed"
 		errMsg := err.Error()

backend/internal/application/services/reminder_async.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/btouchard/ackify-ce/backend/internal/domain/models"
+	"github.com/btouchard/ackify-ce/backend/internal/infrastructure/i18n"
 	"github.com/btouchard/ackify-ce/backend/pkg/logger"
 )
 
@@ -22,6 +23,7 @@ type ReminderAsyncService struct {
 	reminderRepo       reminderRepository
 	queueRepo          emailQueueRepository
 	magicLinkService   magicLinkService
+	i18n               *i18n.I18n
 	baseURL            string
 	useAsyncQueue      bool // Feature flag to enable/disable async queue
 }
@@ -32,13 +34,15 @@ func NewReminderAsyncService(
 	reminderRepo reminderRepository,
 	queueRepo emailQueueRepository,
 	magicLinkService magicLinkService,
+	i18nService *i18n.I18n,
 	baseURL string,
 ) *ReminderAsyncService {
 	return &ReminderAsyncService{
 		expectedSignerRepo: expectedSignerRepo,
 		reminderRepo:       reminderRepo,
 		queueRepo:          queueRepo,
 		magicLinkService:   magicLinkService,
+		i18n:               i18nService,
 		baseURL:            baseURL,
 		useAsyncQueue:      true, // Enable async by default
 	}
@@ -169,11 +173,17 @@ func (s *ReminderAsyncService) queueSingleReminder(
 		"Locale":        locale,
 	}
 
+	// Get translated subject using i18n
+	subject := "Document Reading Confirmation Reminder" // Fallback
+	if s.i18n != nil {
+		subject = s.i18n.T(locale, "email.reminder.subject")
+	}
+
 	// Create email queue input
 	refType := "signature_reminder"
 	input := models.EmailQueueInput{
 		ToAddresses:   []string{recipientEmail},
-		Subject:       "Reminder: Document signature required",
+		Subject:       subject,
 		Template:      "signature_reminder",
 		Locale:        locale,
 		Data:          data,

backend/internal/application/services/reminder_test.go

@@ -136,7 +136,7 @@ func TestReminderService_SendReminders_NoPendingSigners(t *testing.T) {
 	mockEmailSender := &mockEmailSender{}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 
@@ -189,7 +189,7 @@ func TestReminderService_SendReminders_Success(t *testing.T) {
 	}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 
@@ -252,7 +252,7 @@ func TestReminderService_SendReminders_EmailFailure(t *testing.T) {
 	}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 
@@ -311,7 +311,7 @@ func TestReminderService_SendReminders_SpecificEmails(t *testing.T) {
 	}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	specificEmails := []string{"pending2@example.com"}
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", specificEmails, "https://example.com/doc.pdf", "en")
@@ -344,7 +344,7 @@ func TestReminderService_SendReminders_RepositoryError(t *testing.T) {
 	mockEmailSender := &mockEmailSender{}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 
@@ -381,7 +381,7 @@ func TestReminderService_GetReminderHistory(t *testing.T) {
 		},
 	}
 
-	service := NewReminderService(&mockExpectedSignerRepository{}, mockReminderRepo, &mockEmailSender{}, &mockMagicLinkService{}, "https://example.com")
+	service := NewReminderService(&mockExpectedSignerRepository{}, mockReminderRepo, &mockEmailSender{}, &mockMagicLinkService{}, nil, "https://example.com")
 
 	logs, err := service.GetReminderHistory(ctx, "doc1")
 
@@ -419,7 +419,7 @@ func TestReminderService_GetReminderStats(t *testing.T) {
 		},
 	}
 
-	service := NewReminderService(&mockExpectedSignerRepository{}, mockReminderRepo, &mockEmailSender{}, &mockMagicLinkService{}, "https://example.com")
+	service := NewReminderService(&mockExpectedSignerRepository{}, mockReminderRepo, &mockEmailSender{}, &mockMagicLinkService{}, nil, "https://example.com")
 
 	stats, err := service.GetReminderStats(ctx, "doc1")
 
@@ -470,7 +470,7 @@ func TestReminderService_SendReminders_MultiplePending(t *testing.T) {
 	}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 
@@ -517,7 +517,7 @@ func TestReminderService_SendReminders_LogFailure(t *testing.T) {
 	}
 	mockMagicLink := &mockMagicLinkService{}
 
-	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, "https://example.com")
+	service := NewReminderService(mockExpectedRepo, mockReminderRepo, mockEmailSender, mockMagicLink, nil, "https://example.com")
 
 	result, err := service.SendReminders(ctx, "doc1", "admin@example.com", nil, "https://example.com/doc.pdf", "en")
 

backend/internal/domain/models/magic_link.go

@@ -1,11 +1,16 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 package models
 
-import "time"
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
 
 // MagicLinkToken représente un token de connexion Magic Link
 type MagicLinkToken struct {
 	ID                 int64      `json:"id" db:"id"`
+	TenantID           *uuid.UUID `json:"tenant_id,omitempty" db:"tenant_id"` // NULL for login requests, set for admin reminders
 	Token              string     `json:"token" db:"token"`
 	Email              string     `json:"email" db:"email"`
 	CreatedAt          time.Time  `json:"created_at" db:"created_at"`
@@ -33,11 +38,12 @@ func (t *MagicLinkToken) IsValid() bool {
 
 // MagicLinkAuthAttempt représente une tentative d'authentification
 type MagicLinkAuthAttempt struct {
-	ID            int64     `json:"id" db:"id"`
-	Email         string    `json:"email" db:"email"`
-	Success       bool      `json:"success" db:"success"`
-	FailureReason string    `json:"failure_reason,omitempty" db:"failure_reason"`
-	IPAddress     string    `json:"ip_address" db:"ip_address"`
-	UserAgent     string    `json:"user_agent,omitempty" db:"user_agent"`
-	AttemptedAt   time.Time `json:"attempted_at" db:"attempted_at"`
+	ID            int64      `json:"id" db:"id"`
+	TenantID      *uuid.UUID `json:"tenant_id,omitempty" db:"tenant_id"` // May be NULL before authentication
+	Email         string     `json:"email" db:"email"`
+	Success       bool       `json:"success" db:"success"`
+	FailureReason string     `json:"failure_reason,omitempty" db:"failure_reason"`
+	IPAddress     string     `json:"ip_address" db:"ip_address"`
+	UserAgent     string     `json:"user_agent,omitempty" db:"user_agent"`
+	AttemptedAt   time.Time  `json:"attempted_at" db:"attempted_at"`
 }

backend/internal/domain/models/oauth_session.go

@@ -1,11 +1,16 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 package models
 
-import "time"
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
 
 // OAuthSession represents an OAuth session with encrypted refresh token
 type OAuthSession struct {
 	ID                    int64
+	TenantID              uuid.UUID
 	SessionID             string
 	UserSub               string
 	RefreshTokenEncrypted []byte

backend/internal/infrastructure/database/document_repository_test.go

@@ -25,7 +25,7 @@ func TestDocumentRepository_Create(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	input := models.DocumentInput{
 		Title:             "Test Document",
@@ -81,7 +81,7 @@ func TestDocumentRepository_GetByDocID(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	input := models.DocumentInput{
 		Title:             "Get Test Document",
@@ -128,7 +128,7 @@ func TestDocumentRepository_Update(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	input := models.DocumentInput{
 		Title:             "Original Title",
@@ -191,7 +191,7 @@ func TestDocumentRepository_CreateOrUpdate(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	input := models.DocumentInput{
 		Title:             "CreateOrUpdate Test",
@@ -248,7 +248,7 @@ func TestDocumentRepository_Delete(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	input := models.DocumentInput{
 		Title:             "Delete Test",
@@ -289,7 +289,7 @@ func TestDocumentRepository_List(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	// Create multiple documents
 	for i := 1; i <= 5; i++ {
@@ -348,7 +348,7 @@ func TestDocumentRepository_FindByReference_Integration(t *testing.T) {
 	testDB := SetupTestDB(t)
 
 	ctx := context.Background()
-	repo := NewDocumentRepository(testDB.DB)
+	repo := NewDocumentRepository(testDB.DB, testDB.TenantProvider)
 
 	// Create a document first
 	input := models.DocumentInput{

backend/internal/infrastructure/database/expected_signer_repository_test.go

@@ -12,8 +12,7 @@ import (
 
 func TestExpectedSignerRepository_AddExpected(t *testing.T) {
 	testDB := SetupTestDB(t)
-	setupExpectedSignersTable(t, testDB)
-	repo := NewExpectedSignerRepository(testDB.DB)
+	repo := NewExpectedSignerRepository(testDB.DB, testDB.TenantProvider)
 	ctx := context.Background()
 
 	tests := []struct {
@@ -98,9 +97,8 @@ func TestExpectedSignerRepository_AddExpected(t *testing.T) {
 
 func TestExpectedSignerRepository_ListWithStatusByDocID(t *testing.T) {
 	testDB := SetupTestDB(t)
-	setupExpectedSignersTable(t, testDB)
-	sigRepo := NewSignatureRepository(testDB.DB)
-	expectedRepo := NewExpectedSignerRepository(testDB.DB)
+	sigRepo := NewSignatureRepository(testDB.DB, testDB.TenantProvider)
+	expectedRepo := NewExpectedSignerRepository(testDB.DB, testDB.TenantProvider)
 	factory := NewSignatureFactory()
 	ctx := context.Background()
 
@@ -161,9 +159,8 @@ func TestExpectedSignerRepository_ListWithStatusByDocID(t *testing.T) {
 
 func TestExpectedSignerRepository_GetStats(t *testing.T) {
 	testDB := SetupTestDB(t)
-	setupExpectedSignersTable(t, testDB)
-	sigRepo := NewSignatureRepository(testDB.DB)
-	expectedRepo := NewExpectedSignerRepository(testDB.DB)
+	sigRepo := NewSignatureRepository(testDB.DB, testDB.TenantProvider)
+	expectedRepo := NewExpectedSignerRepository(testDB.DB, testDB.TenantProvider)
 	factory := NewSignatureFactory()
 	ctx := context.Background()
 
@@ -223,8 +220,7 @@ func TestExpectedSignerRepository_GetStats(t *testing.T) {
 
 func TestExpectedSignerRepository_Remove(t *testing.T) {
 	testDB := SetupTestDB(t)
-	setupExpectedSignersTable(t, testDB)
-	repo := NewExpectedSignerRepository(testDB.DB)
+	repo := NewExpectedSignerRepository(testDB.DB, testDB.TenantProvider)
 	ctx := context.Background()
 
 	// Setup
@@ -264,49 +260,6 @@ func TestExpectedSignerRepository_Remove(t *testing.T) {
 
 // Helper functions
 
-func setupExpectedSignersTable(t *testing.T, testDB *TestDB) {
-	t.Helper()
-
-	schema := `
-		DROP TABLE IF EXISTS reminder_logs;
-		DROP TABLE IF EXISTS expected_signers;
-
-		CREATE TABLE expected_signers (
-			id BIGSERIAL PRIMARY KEY,
-			doc_id TEXT NOT NULL,
-			email TEXT NOT NULL,
-			name TEXT NOT NULL DEFAULT '',
-			added_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-			added_by TEXT NOT NULL,
-			notes TEXT,
-			UNIQUE (doc_id, email)
-		);
-
-		CREATE INDEX idx_expected_signers_doc_id ON expected_signers(doc_id);
-		CREATE INDEX idx_expected_signers_email ON expected_signers(email);
-
-		CREATE TABLE reminder_logs (
-			id BIGSERIAL PRIMARY KEY,
-			doc_id TEXT NOT NULL,
-			recipient_email TEXT NOT NULL,
-			sent_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-			sent_by TEXT NOT NULL,
-			template_used TEXT NOT NULL,
-			status TEXT NOT NULL CHECK (status IN ('sent', 'failed', 'bounced')),
-			error_message TEXT,
-			FOREIGN KEY (doc_id, recipient_email) REFERENCES expected_signers(doc_id, email) ON DELETE CASCADE
-		);
-
-		CREATE INDEX idx_reminder_logs_doc_id ON reminder_logs(doc_id);
-		CREATE INDEX idx_reminder_logs_recipient_email ON reminder_logs(recipient_email);
-	`
-
-	_, err := testDB.DB.Exec(schema)
-	if err != nil {
-		t.Fatalf("failed to setup expected_signers table: %v", err)
-	}
-}
-
 func clearExpectedSignersTable(t *testing.T, testDB *TestDB) {
 	t.Helper()
 	_, err := testDB.DB.Exec("TRUNCATE TABLE reminder_logs, expected_signers RESTART IDENTITY CASCADE")