Phase 0: project scaffolding and end-to-end auth

- .NET 8 LTS solution with 7 projects (domain/application/infrastructure/api/shared/pos.core/pos[WPF])
- Central package management (Directory.Packages.props), .editorconfig, global.json pin to 8.0.417
- PostgreSQL 14 dev DB via existing brew service; food_market database created
- ASP.NET Identity + OpenIddict 5 (password + refresh token flows) with ephemeral dev keys
- EF Core 8 + Npgsql; multi-tenant query filter via reflection over ITenantEntity
- Initial migration: 13 tables (Identity + OpenIddict + organizations)
- AuthorizationController implements /connect/token; seeders create demo org + admin
- Protected /api/me endpoint returns current user + org claims
- React 19 + Vite 8 + Tailwind v4 SPA with TanStack Query, React Router 7
- Login flow with dev-admin placeholder, bearer interceptor + refresh token fallback
- docs/architecture.md, CLAUDE.md, README.md

Verified end-to-end: health check, password grant issues JWT with org_id,
web app builds successfully (310 kB gzipped).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.editorconfig

@@ -0,0 +1,41 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{js,jsx,ts,tsx,json,yml,yaml,md,html,css,scss}]
+indent_size = 2
+
+[*.{csproj,props,targets,config,xml}]
+indent_size = 2
+
+[*.cs]
+# C# formatting rules
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_indent_case_contents = true
+csharp_indent_switch_labels = true
+csharp_using_directive_placement = outside_namespace
+csharp_style_namespace_declarations = file_scoped:warning
+csharp_style_var_for_built_in_types = true:suggestion
+csharp_style_var_when_type_is_apparent = true:suggestion
+csharp_prefer_braces = true:warning
+
+# Naming
+dotnet_naming_rule.interfaces_should_be_prefixed.severity = warning
+dotnet_naming_rule.interfaces_should_be_prefixed.symbols = interfaces
+dotnet_naming_rule.interfaces_should_be_prefixed.style = prefix_i
+dotnet_naming_symbols.interfaces.applicable_kinds = interface
+dotnet_naming_style.prefix_i.required_prefix = I
+dotnet_naming_style.prefix_i.capitalization = pascal_case
+
+# Analyzers
+dotnet_diagnostic.CA1707.severity = none   # Underscores in identifiers
+dotnet_diagnostic.CA1822.severity = none   # Mark members as static

.gitattributes

@@ -0,0 +1,13 @@
+* text=auto eol=lf
+
+*.cs text diff=csharp
+*.csproj text merge=union
+*.sln text merge=union
+
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.ico binary
+*.pfx binary
+*.snk binary

.gitignore

@@ -0,0 +1,87 @@
+## .NET
+bin/
+obj/
+out/
+publish/
+*.user
+*.suo
+*.userosscache
+*.sln.docstates
+*.pidb
+*.svclog
+.vs/
+.vscode/
+!.vscode/launch.json
+!.vscode/settings.json
+!.vscode/extensions.json
+*.rsuser
+*.userprefs
+project.lock.json
+project.fragment.lock.json
+artifacts/
+*.pubxml
+*.publishproj
+PublishScripts/
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Ww][Ii][Nn]32/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+.idea/
+*.iml
+.DS_Store
+Thumbs.db
+
+## Node / web
+node_modules/
+dist/
+dist-ssr/
+.vite/
+.turbo/
+.next/
+.nuxt/
+.cache/
+coverage/
+*.local
+.env
+.env.*
+!.env.example
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+## Secrets
+*.pfx
+*.snk
+secrets.json
+appsettings.Development.local.json
+appsettings.Production.local.json
+
+## Docker / local
+.docker-data/
+postgres-data/
+*.sqlite
+*.db
+*.db-journal
+
+## OS / editors
+*.swp
+*.swo
+*~
+.vscode-test/
+
+## Claude Code personal settings
+.claude/settings.local.json

.nvmrc

@@ -0,0 +1 @@
+20.20.2

CLAUDE.md

@@ -0,0 +1,101 @@
+# food-market — project guide for Claude
+
+Аналог системы МойСклад для розничной торговли в Казахстане. Multi-tenant сервер + web-админка + Windows-касса.
+
+## Naming
+
+- **Брендинг lowercase везде:** папки, файлы, csproj, docker-образы, репо → `food-market`, `food-market.api`.
+- **C# namespaces** — `foodmarket.Api`, `foodmarket.Domain`, `foodmarket.Infrastructure` и т.д. (C# не допускает дефис, поэтому `foodmarket` одним словом).
+- **Отображаемое имя в UI** — "Food Market" или "food-market" в техн. контекстах.
+
+## Стек
+
+| Слой | Технология |
+|---|---|
+| Backend | .NET 8 LTS, ASP.NET Core, EF Core 8, PostgreSQL 14+ |
+| Auth | OpenIddict 5 (password + refresh), ASP.NET Identity |
+| Backend libs | MediatR, FluentValidation, Mapster (НЕ AutoMapper — тот стал платным + CVE), Serilog, Hangfire, SignalR |
+| Web | React 19 + Vite + TypeScript 6, Tailwind CSS v4, shadcn/ui, TanStack Query, TanStack Table, AG Grid Community, react-hook-form + Zod |
+| POS | WPF на .NET 8 (Windows 10+), CommunityToolkit.Mvvm, SQLite, Refit + Polly, System.IO.Ports для весов |
+
+**Запрет на платные компоненты:** никаких Kendo UI, DevExpress, Syncfusion commercial, Telerik в новом коде. Если задача требует такой компонент — сначала спросить.
+
+## Структура
+
+```
+food-market/
+├── src/
+│   ├── food-market.domain/          # чистые POCO, enum'ы, доменные события (никакого ASP.NET, EF)
+│   ├── food-market.application/     # MediatR handlers, DTO, FluentValidation, интерфейсы
+│   ├── food-market.infrastructure/  # EF Core, Identity, OpenIddict EF store, внешние сервисы
+│   ├── food-market.api/             # ASP.NET Core, контроллеры, OpenIddict server
+│   ├── food-market.web/             # React + Vite SPA
+│   ├── food-market.shared/          # DTO-контракты сервер ↔ POS
+│   ├── food-market.pos.core/        # логика POS (независима от UI)
+│   └── food-market.pos/             # WPF (net8.0-windows, сборка возможна на macOS)
+├── tests/
+├── deploy/
+│   └── docker-compose.yml           # Postgres 16 для прод/Linux
+├── docs/
+└── food-market.sln
+```
+
+## Мультитенантность (важно)
+
+Каждая доменная сущность реализует `ITenantEntity` (есть `OrganizationId`). `AppDbContext` применяет query filter автоматически через reflection — запросы видят только данные своей организации. `SuperAdmin` роль видит всё.
+
+Tenant определяется из JWT claim `org_id`, который выдаётся при логине. См. `HttpContextTenantContext` в api.
+
+**При создании новой сущности:**
+1. Если данные относятся к магазину — наследовать от `TenantEntity`.
+2. Если общие справочники (единицы измерения, страны) — от `Entity`.
+3. Справочник организаций (`Organization`) — от `Entity` (сама по себе не tenant-scoped).
+
+## БД для dev
+
+Используется существующий **postgres@14** из brew (порт 5432). БД `food_market`, owner `nns`, пароль пустой.
+
+Connection string в `appsettings.Development.json`. Для прода/Linux будет postgres@16 через `deploy/docker-compose.yml` (порт 5433 чтобы не конфликтовать).
+
+**НЕ переключать systemwide postgres версию** — это сломает смежные проекты (calcman, purchase, makesales, food-market-server).
+
+## Миграции EF Core
+
+```bash
+# Создать миграцию
+dotnet ef migrations add <Name> \
+  --project src/food-market.infrastructure \
+  --startup-project src/food-market.api \
+  --output-dir Persistence/Migrations
+
+# Применить
+dotnet ef database update \
+  --project src/food-market.infrastructure \
+  --startup-project src/food-market.api
+```
+
+## Запуск dev
+
+```bash
+# API (http://localhost:5081)
+ASPNETCORE_ENVIRONMENT=Development dotnet run --project src/food-market.api
+
+# Web (http://localhost:5173)
+cd src/food-market.web && pnpm dev
+
+# Проверить здоровье
+curl http://localhost:5081/health
+
+# Получить токен (dev admin)
+curl -X POST http://localhost:5081/connect/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=password&username=admin@food-market.local&password=Admin12345!&client_id=food-market-web&scope=openid profile email roles api"
+```
+
+## Соседние проекты (НЕ ломать)
+
+В `~/Documents/devprojects/` есть: `food-market-server`, `food-market-app`, `calcman`, `purchase`, `makesales`. Любые изменения глобальных инструментов (nvm default, postgres CLI версия, .NET SDK) — только с подтверждения пользователя.
+
+## Источник правды по функциональности
+
+МойСклад API: `https://dev.moysklad.ru/doc/api/remap/1.2/`. Перед моделированием новых сущностей в Phase 1+ — подтягивать актуальные разделы через WebFetch для соответствия их логике.

Directory.Build.props

@@ -0,0 +1,23 @@
+<Project>
+  <PropertyGroup>
+    <LangVersion>latest</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+    <AnalysisLevel>latest</AnalysisLevel>
+    <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
+    <GenerateDocumentationFile>false</GenerateDocumentationFile>
+    <DebugType>portable</DebugType>
+    <Deterministic>true</Deterministic>
+    <InvariantGlobalization>false</InvariantGlobalization>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <Company>food-market</Company>
+    <Product>food-market</Product>
+    <Copyright>© food-market</Copyright>
+    <Version>0.1.0</Version>
+    <AssemblyVersion>0.1.0.0</AssemblyVersion>
+    <FileVersion>0.1.0.0</FileVersion>
+  </PropertyGroup>
+</Project>

Directory.Packages.props

@@ -0,0 +1,62 @@
+<Project>
+  <PropertyGroup>
+    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+    <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <!-- ASP.NET Core 8 -->
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.11" />
+    <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="8.0.11" />
+    <PackageVersion Include="Microsoft.AspNetCore.SignalR" Version="1.2.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.9.0" />
+
+    <!-- EF Core 8 + PostgreSQL -->
+    <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="8.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Relational" Version="8.0.11" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Tools" Version="8.0.11" />
+    <PackageVersion Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.10" />
+
+    <!-- OpenIddict 5 (aligned to .NET 8 LTS) -->
+    <PackageVersion Include="OpenIddict.AspNetCore" Version="5.8.0" />
+    <PackageVersion Include="OpenIddict.EntityFrameworkCore" Version="5.8.0" />
+
+    <!-- Identity -->
+    <PackageVersion Include="Microsoft.AspNetCore.Identity" Version="2.3.1" />
+    <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.11" />
+
+    <!-- App services -->
+    <PackageVersion Include="MediatR" Version="12.4.1" />
+    <PackageVersion Include="FluentValidation" Version="11.11.0" />
+    <PackageVersion Include="FluentValidation.DependencyInjectionExtensions" Version="11.11.0" />
+    <PackageVersion Include="Mapster" Version="7.4.0" />
+    <PackageVersion Include="Mapster.DependencyInjection" Version="1.0.1" />
+    <PackageVersion Include="Serilog.AspNetCore" Version="8.0.3" />
+    <PackageVersion Include="Serilog.Sinks.Console" Version="6.0.0" />
+    <PackageVersion Include="Serilog.Sinks.File" Version="6.0.0" />
+
+    <!-- Background jobs -->
+    <PackageVersion Include="Hangfire.AspNetCore" Version="1.8.17" />
+    <PackageVersion Include="Hangfire.PostgreSql" Version="1.20.10" />
+
+    <!-- POS: local storage + API client -->
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.11" />
+    <PackageVersion Include="Refit" Version="7.2.22" />
+    <PackageVersion Include="Refit.HttpClientFactory" Version="7.2.22" />
+    <PackageVersion Include="Polly" Version="8.5.0" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
+    <PackageVersion Include="CommunityToolkit.Mvvm" Version="8.4.0" />
+    <PackageVersion Include="System.IO.Ports" Version="8.0.0" />
+
+    <!-- Testing -->
+    <PackageVersion Include="xunit" Version="2.9.3" />
+    <PackageVersion Include="xunit.runner.visualstudio" Version="3.0.1" />
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageVersion Include="FluentAssertions" Version="7.0.0" />
+    <PackageVersion Include="NSubstitute" Version="5.3.0" />
+    <PackageVersion Include="coverlet.collector" Version="6.0.3" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.11" />
+    <PackageVersion Include="Testcontainers.PostgreSql" Version="4.1.0" />
+  </ItemGroup>
+</Project>

README.md

@@ -0,0 +1,85 @@
+# food-market
+
+Аналог системы МойСклад для розничной торговли в Казахстане.
+
+## Состав системы
+
+- **Сервер** (ASP.NET Core 8 + PostgreSQL) — мультитенантный API, web-админка на React
+- **Web-админка** (React 18 + Vite + shadcn/ui) — управление магазином, справочниками, документами, отчётами
+- **Кассовая программа** (WPF на .NET 8) — офлайн-работоспособная касса для Windows 10+, синхронизируется с сервером, работает с весами (Масса-К в первую очередь)
+
+## Структура репозитория
+
+```
+food-market/
+├── src/
+│   ├── food-market.domain/          # доменные сущности, enum'ы, события
+│   ├── food-market.application/     # use cases (MediatR), DTO, интерфейсы
+│   ├── food-market.infrastructure/  # EF Core, PostgreSQL, внешние сервисы
+│   ├── food-market.api/             # ASP.NET Core + OpenIddict + SignalR
+│   ├── food-market.web/             # React + Vite + shadcn/ui (SPA)
+│   ├── food-market.shared/          # DTO-контракты сервер ↔ POS
+│   ├── food-market.pos.core/        # логика POS (независима от UI)
+│   └── food-market.pos/             # WPF + .NET 8 кассовая программа
+├── tests/
+├── deploy/
+│   ├── docker-compose.yml           # PostgreSQL для локальной разработки
+│   └── Dockerfile.api
+└── docs/
+```
+
+## Именование
+
+- **Папки, проекты, csproj, docker-образы, URL** — lowercase: `food-market`, `food-market.api`
+- **C# namespace** — `foodmarket.Api`, `foodmarket.Domain` (lowercase root; C# не допускает дефис в идентификаторах)
+- **Отображаемое имя в UI** — "Food Market"
+
+## Стек
+
+### Сервер
+- .NET 8 LTS (до ноября 2026), ASP.NET Core Minimal APIs + Controllers
+- EF Core 8 + Npgsql + PostgreSQL 16
+- OpenIddict 5 (OAuth2/OIDC — password + refresh tokens)
+- MediatR + FluentValidation (CQRS-lite)
+- SignalR (real-time синхронизация)
+- Hangfire (фоновые задачи)
+- Serilog (структурированное логирование)
+
+### Web
+- React 18 + Vite + TypeScript
+- shadcn/ui + Tailwind CSS
+- TanStack Query + TanStack Table
+- AG Grid Community (для тяжёлых grid'ов)
+- Recharts / Tremor (графики)
+- react-hook-form + Zod
+
+### POS
+- .NET 8 WPF, Windows 10+
+- CommunityToolkit.Mvvm (source-generated MVVM)
+- SQLite (локальная БД)
+- Refit + Polly (API-клиент с retry)
+- System.IO.Ports (драйверы весов: Масса-К и др.)
+
+## Мультитенантность
+
+Каждая сущность имеет `OrganizationId`. Пользователь scoped к организации. EF Core query filter автоматически изолирует данные между тенантами.
+
+## Локальная разработка
+
+```bash
+# Поднять PostgreSQL
+cd deploy && docker compose up -d
+
+# Мигрировать БД
+cd src/food-market.api && dotnet ef database update
+
+# Запустить API
+dotnet run --project src/food-market.api
+
+# Запустить Web
+cd src/food-market.web && pnpm install && pnpm dev
+```
+
+## Статус
+
+🚧 Phase 0: фундамент (scaffolding, auth, multi-tenancy)

deploy/docker-compose.yml

@@ -0,0 +1,23 @@
+services:
+  postgres:
+    image: postgres:16-alpine
+    container_name: food-market-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: food_market
+      POSTGRES_USER: food_market
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-food_market_dev}
+      PGDATA: /var/lib/postgresql/data/pgdata
+    ports:
+      - "5433:5432"
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U food_market -d food_market"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  postgres-data:
+    name: food-market-postgres-data

docs/architecture.md

@@ -0,0 +1,87 @@
+# Архитектура food-market
+
+## Общая схема
+
+```
+┌─────────────────────────────────────────────────────────┐
+│                  Internet / LAN магазина                 │
+└─────────┬────────────────────────┬──────────────────────┘
+          │                        │
+          │ HTTPS                   │ HTTPS (+ офлайн-буфер)
+          ▼                        ▼
+┌───────────────────┐     ┌──────────────────────┐
+│  web admin (React) │     │  Windows POS (WPF)   │
+│   — браузер         │     │   — с локальной БД    │
+│                    │     │   — работает с весами │
+└─────────┬──────────┘     └──────────┬───────────┘
+          │                           │
+          └─────────────┬─────────────┘
+                        ▼
+          ┌──────────────────────────────┐
+          │     food-market.api          │
+          │  ASP.NET Core + OpenIddict   │
+          │  SignalR hubs для sync       │
+          └──────────┬───────────────────┘
+                     │
+         ┌───────────┼──────────┐
+         ▼           ▼          ▼
+   ┌─────────┐ ┌──────────┐ ┌──────────┐
+   │Postgres │ │ Hangfire │ │  Logs    │
+   │  16     │ │ (jobs)   │ │ Serilog  │
+   └─────────┘ └──────────┘ └──────────┘
+```
+
+## Слои сервера (Clean Architecture)
+
+1. **Domain** — сущности, value objects, события домена. Не зависит ни от чего.
+2. **Application** — use cases (MediatR handlers), DTO, интерфейсы (репозитории, внешние сервисы). Зависит только от Domain + Shared.
+3. **Infrastructure** — EF Core DbContext, репозитории, Identity, OpenIddict EF store, HTTP-клиенты к внешним сервисам (ОФД, SMS и т.д.). Зависит от Application + Domain.
+4. **Api** — ASP.NET Core host: controllers, middleware, DI wiring, хостинг. Зависит от всех выше.
+
+## Мультитенантность
+
+### Модель данных
+- `Organization` — корневая сущность тенанта. Сама НЕ tenant-scoped.
+- Любая другая доменная сущность реализует `ITenantEntity` (поле `OrganizationId`).
+- `User.OrganizationId` — к какой организации принадлежит пользователь.
+
+### Изоляция
+- При каждом запросе `HttpContextTenantContext` извлекает `org_id` из JWT.
+- `AppDbContext.OnModelCreating` проходит по всем Entity Types и для каждого `ITenantEntity` добавляет `HasQueryFilter` через reflection.
+- В итоге `_db.Products.ToListAsync()` вернёт только товары текущей организации.
+- Роль `SuperAdmin` обходит фильтр (для техподдержки).
+
+### Стамповка
+- При `SaveChanges` если добавляется новая `ITenantEntity` и её `OrganizationId == Empty`, она автоматически получает `OrganizationId` из текущего tenant context.
+- То же с timestamps: `CreatedAt` при add, `UpdatedAt` при modify.
+
+## Аутентификация
+
+- **OpenIddict 5** в роли OAuth2/OIDC сервера.
+- **Password Flow** для первичного логина (логин/пароль → токены).
+- **Refresh Token Flow** для продления сессии.
+- В dev подписи/шифрование — ephemeral ключи; в prod — настоящие X.509 сертификаты.
+- Access token содержит claims: `sub` (user id), `name`, `email`, `role`, `org_id`.
+- Токен валидируется через `AddValidation().UseLocalServer()` (без дополнительного запроса к IdP).
+
+## Синхронизация с POS
+
+### Паттерн: Pull-sync + incremental
+
+1. POS периодически (каждые N сек/мин + по событию) запрашивает у сервера delta: `GET /api/pos/sync?since={lastSyncTs}`.
+2. Сервер возвращает JSON с изменениями справочников (товары, цены, сотрудники, настройки) за период.
+3. POS применяет изменения в локальной SQLite БД в одной транзакции.
+4. Продажи, совершённые на POS, пушатся обратно: `POST /api/pos/sales` с массивом документов.
+5. Если связи нет — POS продолжает работать, копит изменения в локальной очереди, отправляет при восстановлении.
+
+### Conflict resolution
+- Сервер — источник правды для справочников.
+- POS — источник правды для продаж на своей кассе (каждая продажа имеет `posTerminalId` + локальный `externalId`, которые серверу гарантируют идемпотентность).
+
+## Фоновые задачи
+
+Hangfire + PostgreSQL storage:
+- Агрегация дневной выручки для dashboard.
+- Очистка логов старше 90 дней.
+- Ретрай отправки чеков в ОФД (когда появится интеграция).
+- Еженедельная инвентаризация напоминаний.

food-market.sln

@@ -0,0 +1,69 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.0.31903.59
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.domain", "src\food-market.domain\food-market.domain.csproj", "{BB7142C2-94F3-423F-938C-A44FF79133C0}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.shared", "src\food-market.shared\food-market.shared.csproj", "{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.application", "src\food-market.application\food-market.application.csproj", "{8F079664-97A7-49B6-81B8-B2B8171266CA}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.infrastructure", "src\food-market.infrastructure\food-market.infrastructure.csproj", "{12D862F9-87E9-4D82-9BA8-0325E0073013}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.api", "src\food-market.api\food-market.api.csproj", "{9E075C56-081E-4ABB-8DB3-ED649FD696FA}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.pos.core", "src\food-market.pos.core\food-market.pos.core.csproj", "{BF3FBFD2-F40D-4510-8067-37305FFE1D14}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "food-market.pos", "src\food-market.pos\food-market.pos.csproj", "{B178B74E-A739-4722-BFA8-D9AB694024BB}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{BB7142C2-94F3-423F-938C-A44FF79133C0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BB7142C2-94F3-423F-938C-A44FF79133C0}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BB7142C2-94F3-423F-938C-A44FF79133C0}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BB7142C2-94F3-423F-938C-A44FF79133C0}.Release|Any CPU.Build.0 = Release|Any CPU
+		{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8F079664-97A7-49B6-81B8-B2B8171266CA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8F079664-97A7-49B6-81B8-B2B8171266CA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8F079664-97A7-49B6-81B8-B2B8171266CA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8F079664-97A7-49B6-81B8-B2B8171266CA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{12D862F9-87E9-4D82-9BA8-0325E0073013}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{12D862F9-87E9-4D82-9BA8-0325E0073013}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{12D862F9-87E9-4D82-9BA8-0325E0073013}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{12D862F9-87E9-4D82-9BA8-0325E0073013}.Release|Any CPU.Build.0 = Release|Any CPU
+		{9E075C56-081E-4ABB-8DB3-ED649FD696FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{9E075C56-081E-4ABB-8DB3-ED649FD696FA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{9E075C56-081E-4ABB-8DB3-ED649FD696FA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{9E075C56-081E-4ABB-8DB3-ED649FD696FA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{BF3FBFD2-F40D-4510-8067-37305FFE1D14}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{BF3FBFD2-F40D-4510-8067-37305FFE1D14}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{BF3FBFD2-F40D-4510-8067-37305FFE1D14}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{BF3FBFD2-F40D-4510-8067-37305FFE1D14}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B178B74E-A739-4722-BFA8-D9AB694024BB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B178B74E-A739-4722-BFA8-D9AB694024BB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B178B74E-A739-4722-BFA8-D9AB694024BB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B178B74E-A739-4722-BFA8-D9AB694024BB}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(NestedProjects) = preSolution
+		{BB7142C2-94F3-423F-938C-A44FF79133C0} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{E99062FB-83FE-44A8-8B97-4B5FECBDFF6B} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{8F079664-97A7-49B6-81B8-B2B8171266CA} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{12D862F9-87E9-4D82-9BA8-0325E0073013} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{9E075C56-081E-4ABB-8DB3-ED649FD696FA} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{BF3FBFD2-F40D-4510-8067-37305FFE1D14} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+		{B178B74E-A739-4722-BFA8-D9AB694024BB} = {8EAE9F35-BE6B-4B77-A1F4-383EF17D9870}
+	EndGlobalSection
+EndGlobal

global.json

@@ -0,0 +1,7 @@
+{
+  "sdk": {
+    "version": "8.0.417",
+    "rollForward": "latestFeature",
+    "allowPrerelease": false
+  }
+}

src/food-market.api/Controllers/AuthorizationController.cs

@@ -0,0 +1,113 @@
+using System.Collections.Immutable;
+using System.Security.Claims;
+using foodmarket.Api.Infrastructure.Tenancy;
+using foodmarket.Infrastructure.Identity;
+using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using OpenIddict.Abstractions;
+using OpenIddict.Server.AspNetCore;
+using static OpenIddict.Abstractions.OpenIddictConstants;
+
+namespace foodmarket.Api.Controllers;
+
+[ApiController]
+public class AuthorizationController : ControllerBase
+{
+    private readonly SignInManager<User> _signInManager;
+    private readonly UserManager<User> _userManager;
+
+    public AuthorizationController(SignInManager<User> signInManager, UserManager<User> userManager)
+    {
+        _signInManager = signInManager;
+        _userManager = userManager;
+    }
+
+    [HttpPost("~/connect/token"), Produces("application/json")]
+    public async Task<IActionResult> Exchange()
+    {
+        var request = HttpContext.GetOpenIddictServerRequest()
+            ?? throw new InvalidOperationException("OpenIddict server request is missing.");
+
+        if (request.IsPasswordGrantType())
+        {
+            var user = await _userManager.FindByNameAsync(request.Username!);
+            if (user is null || !user.IsActive)
+            {
+                return BadRequestError(Errors.InvalidGrant, "Неверный логин или пароль.");
+            }
+
+            var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password!, true);
+            if (!result.Succeeded)
+            {
+                return BadRequestError(Errors.InvalidGrant, "Неверный логин или пароль.");
+            }
+
+            user.LastLoginAt = DateTime.UtcNow;
+            await _userManager.UpdateAsync(user);
+
+            var principal = await CreatePrincipal(user, request.GetScopes());
+            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+        }
+
+        if (request.IsRefreshTokenGrantType())
+        {
+            var info = await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+            var user = info.Principal is null ? null : await _userManager.GetUserAsync(info.Principal);
+            if (user is null || !user.IsActive)
+            {
+                return BadRequestError(Errors.InvalidGrant, "Аккаунт недоступен.");
+            }
+
+            var principal = await CreatePrincipal(user, request.GetScopes());
+            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+        }
+
+        return BadRequestError(Errors.UnsupportedGrantType, "Этот grant type не поддерживается.");
+    }
+
+    private async Task<ClaimsPrincipal> CreatePrincipal(User user, ImmutableArray<string> scopes)
+    {
+        var identity = new ClaimsIdentity(
+            authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+            nameType: Claims.Name,
+            roleType: Claims.Role);
+
+        identity.SetClaim(Claims.Subject, user.Id.ToString());
+        identity.SetClaim(Claims.Name, user.UserName);
+        identity.SetClaim(Claims.Email, user.Email);
+        identity.SetClaim(Claims.PreferredUsername, user.UserName);
+
+        if (user.OrganizationId.HasValue)
+        {
+            identity.SetClaim(HttpContextTenantContext.OrganizationClaim, user.OrganizationId.Value.ToString());
+        }
+
+        var roles = await _userManager.GetRolesAsync(user);
+        identity.SetClaims(Claims.Role, roles.ToImmutableArray());
+
+        var principal = new ClaimsPrincipal(identity);
+        principal.SetScopes(scopes);
+        principal.SetDestinations(claim => claim.Type switch
+        {
+            Claims.Name or Claims.Email or Claims.PreferredUsername or Claims.Role
+                or HttpContextTenantContext.OrganizationClaim
+                => [Destinations.AccessToken, Destinations.IdentityToken],
+            _ => [Destinations.AccessToken],
+        });
+        return principal;
+    }
+
+    private BadRequestObjectResult BadRequestError(string error, string description) =>
+        BadRequest(new Dictionary<string, string>
+        {
+            [Parameters.Error] = error,
+            [Parameters.ErrorDescription] = description
+        });
+}
+
+internal static class TokenValidationParameters
+{
+    public const string DefaultAuthenticationType = "OpenIddictServer";
+}

src/food-market.api/Infrastructure/Tenancy/HttpContextTenantContext.cs

@@ -0,0 +1,30 @@
+using System.Security.Claims;
+using foodmarket.Application.Common.Tenancy;
+
+namespace foodmarket.Api.Infrastructure.Tenancy;
+
+public class HttpContextTenantContext : ITenantContext
+{
+    public const string OrganizationClaim = "org_id";
+    public const string SuperAdminRole = "SuperAdmin";
+
+    private readonly IHttpContextAccessor _accessor;
+
+    public HttpContextTenantContext(IHttpContextAccessor accessor)
+    {
+        _accessor = accessor;
+    }
+
+    public bool IsAuthenticated => _accessor.HttpContext?.User?.Identity?.IsAuthenticated ?? false;
+
+    public bool IsSuperAdmin => _accessor.HttpContext?.User?.IsInRole(SuperAdminRole) ?? false;
+
+    public Guid? OrganizationId
+    {
+        get
+        {
+            var claim = _accessor.HttpContext?.User?.FindFirst(OrganizationClaim)?.Value;
+            return Guid.TryParse(claim, out var id) ? id : null;
+        }
+    }
+}

src/food-market.api/Program.cs

@@ -0,0 +1,146 @@
+using System.Security.Claims;
+using foodmarket.Api.Infrastructure.Tenancy;
+using foodmarket.Api.Seed;
+using foodmarket.Application.Common.Tenancy;
+using foodmarket.Infrastructure.Identity;
+using foodmarket.Infrastructure.Persistence;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.EntityFrameworkCore;
+using OpenIddict.Validation.AspNetCore;
+using Serilog;
+using static OpenIddict.Abstractions.OpenIddictConstants;
+
+Log.Logger = new LoggerConfiguration()
+    .WriteTo.Console()
+    .CreateBootstrapLogger();
+
+try
+{
+    var builder = WebApplication.CreateBuilder(args);
+
+    builder.Host.UseSerilog((ctx, services, cfg) =>
+        cfg.ReadFrom.Configuration(ctx.Configuration).ReadFrom.Services(services));
+
+    const string CorsPolicy = "food-market-cors";
+    builder.Services.AddCors(opts => opts.AddPolicy(CorsPolicy, p =>
+    {
+        var origins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>()
+                      ?? ["http://localhost:5173"];
+        p.WithOrigins(origins).AllowAnyHeader().AllowAnyMethod().AllowCredentials();
+    }));
+
+    builder.Services.AddHttpContextAccessor();
+    builder.Services.AddScoped<ITenantContext, HttpContextTenantContext>();
+
+    builder.Services.AddDbContext<AppDbContext>(opts =>
+    {
+        opts.UseNpgsql(builder.Configuration.GetConnectionString("Default"),
+            npg => npg.MigrationsAssembly(typeof(AppDbContext).Assembly.GetName().Name));
+        opts.UseOpenIddict();
+    });
+
+    builder.Services.AddIdentity<User, Role>(opts =>
+        {
+            opts.Password.RequireDigit = true;
+            opts.Password.RequiredLength = 8;
+            opts.Password.RequireNonAlphanumeric = false;
+            opts.Password.RequireUppercase = false;
+            opts.User.RequireUniqueEmail = true;
+        })
+        .AddEntityFrameworkStores<AppDbContext>()
+        .AddDefaultTokenProviders();
+
+    builder.Services.Configure<IdentityOptions>(opts =>
+    {
+        opts.ClaimsIdentity.UserNameClaimType = Claims.Name;
+        opts.ClaimsIdentity.UserIdClaimType = Claims.Subject;
+        opts.ClaimsIdentity.RoleClaimType = Claims.Role;
+    });
+
+    builder.Services.AddOpenIddict()
+        .AddCore(opts => opts.UseEntityFrameworkCore().UseDbContext<AppDbContext>())
+        .AddServer(opts =>
+        {
+            opts.SetTokenEndpointUris("/connect/token");
+            opts.AllowPasswordFlow().AllowRefreshTokenFlow();
+            opts.AcceptAnonymousClients();
+            opts.RegisterScopes(Scopes.OpenId, Scopes.Profile, Scopes.Email, Scopes.Roles, "api");
+
+            if (builder.Environment.IsDevelopment())
+            {
+                opts.AddEphemeralEncryptionKey().AddEphemeralSigningKey();
+                opts.DisableAccessTokenEncryption();
+            }
+
+            opts.UseAspNetCore()
+                .EnableTokenEndpointPassthrough()
+                .DisableTransportSecurityRequirement();
+
+            opts.SetAccessTokenLifetime(TimeSpan.Parse(
+                builder.Configuration["OpenIddict:AccessTokenLifetime"] ?? "01:00:00"));
+            opts.SetRefreshTokenLifetime(TimeSpan.Parse(
+                builder.Configuration["OpenIddict:RefreshTokenLifetime"] ?? "30.00:00:00"));
+        })
+        .AddValidation(opts =>
+        {
+            opts.UseLocalServer();
+            opts.UseAspNetCore();
+        });
+
+    builder.Services.AddAuthentication(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme);
+    builder.Services.AddAuthorization();
+
+    builder.Services.AddControllers();
+    builder.Services.AddEndpointsApiExplorer();
+    builder.Services.AddSwaggerGen();
+
+    builder.Services.AddHostedService<OpenIddictClientSeeder>();
+    builder.Services.AddHostedService<DevDataSeeder>();
+
+    var app = builder.Build();
+
+    app.UseSerilogRequestLogging();
+    app.UseCors(CorsPolicy);
+    app.UseAuthentication();
+    app.UseAuthorization();
+
+    if (app.Environment.IsDevelopment())
+    {
+        app.UseSwagger();
+        app.UseSwaggerUI();
+    }
+
+    app.MapControllers();
+
+    app.MapGet("/health", () => Results.Ok(new { status = "ok", time = DateTime.UtcNow }));
+
+    app.MapGet("/api/me", (HttpContext ctx) =>
+    {
+        var user = ctx.User;
+        return Results.Ok(new
+        {
+            sub = user.FindFirst(Claims.Subject)?.Value,
+            name = user.Identity?.Name,
+            email = user.FindFirst(Claims.Email)?.Value,
+            roles = user.FindAll(Claims.Role).Select(c => c.Value),
+            orgId = user.FindFirst(HttpContextTenantContext.OrganizationClaim)?.Value,
+        });
+    }).RequireAuthorization();
+
+    if (app.Environment.IsDevelopment())
+    {
+        using var scope = app.Services.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
+        db.Database.Migrate();
+    }
+
+    app.Run();
+}
+catch (Exception ex)
+{
+    Log.Fatal(ex, "Application terminated unexpectedly");
+}
+finally
+{
+    Log.CloseAndFlush();
+}

src/food-market.api/Properties/launchSettings.json

@@ -0,0 +1,38 @@
+{
+  "$schema": "http://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:30851",
+      "sslPort": 44329
+    }
+  },
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "http://localhost:5039",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "applicationUrl": "https://localhost:7275;http://localhost:5039",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/food-market.api/Seed/DevDataSeeder.cs

@@ -0,0 +1,77 @@
+using foodmarket.Infrastructure.Identity;
+using foodmarket.Domain.Organizations;
+using foodmarket.Infrastructure.Persistence;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.EntityFrameworkCore;
+
+namespace foodmarket.Api.Seed;
+
+public class DevDataSeeder : IHostedService
+{
+    private readonly IServiceProvider _services;
+    private readonly IHostEnvironment _env;
+
+    public DevDataSeeder(IServiceProvider services, IHostEnvironment env)
+    {
+        _services = services;
+        _env = env;
+    }
+
+    public async Task StartAsync(CancellationToken ct)
+    {
+        if (!_env.IsDevelopment())
+        {
+            return;
+        }
+
+        using var scope = _services.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<AppDbContext>();
+        var userMgr = scope.ServiceProvider.GetRequiredService<UserManager<User>>();
+        var roleMgr = scope.ServiceProvider.GetRequiredService<RoleManager<Role>>();
+
+        foreach (var role in new[] { SystemRoles.Admin, SystemRoles.Manager, SystemRoles.Cashier, SystemRoles.Storekeeper })
+        {
+            if (!await roleMgr.RoleExistsAsync(role))
+            {
+                await roleMgr.CreateAsync(new Role { Name = role });
+            }
+        }
+
+        var demoOrg = await db.Organizations.FirstOrDefaultAsync(o => o.Name == "Demo Market", ct);
+        if (demoOrg is null)
+        {
+            demoOrg = new Organization
+            {
+                Name = "Demo Market",
+                CountryCode = "KZ",
+                Bin = "000000000000",
+                Address = "Алматы, ул. Пример 1",
+                Phone = "+7 (777) 000-00-00",
+                Email = "demo@food-market.local"
+            };
+            db.Organizations.Add(demoOrg);
+            await db.SaveChangesAsync(ct);
+        }
+
+        const string adminEmail = "admin@food-market.local";
+        var admin = await userMgr.FindByEmailAsync(adminEmail);
+        if (admin is null)
+        {
+            admin = new User
+            {
+                UserName = adminEmail,
+                Email = adminEmail,
+                EmailConfirmed = true,
+                FullName = "System Admin",
+                OrganizationId = demoOrg.Id,
+            };
+            var result = await userMgr.CreateAsync(admin, "Admin12345!");
+            if (result.Succeeded)
+            {
+                await userMgr.AddToRoleAsync(admin, SystemRoles.Admin);
+            }
+        }
+    }
+
+    public Task StopAsync(CancellationToken ct) => Task.CompletedTask;
+}

src/food-market.api/Seed/OpenIddictClientSeeder.cs

@@ -0,0 +1,65 @@
+using OpenIddict.Abstractions;
+using static OpenIddict.Abstractions.OpenIddictConstants;
+
+namespace foodmarket.Api.Seed;
+
+public class OpenIddictClientSeeder : IHostedService
+{
+    public const string WebClientId = "food-market-web";
+    public const string PosClientId = "food-market-pos";
+
+    private readonly IServiceProvider _services;
+
+    public OpenIddictClientSeeder(IServiceProvider services)
+    {
+        _services = services;
+    }
+
+    public async Task StartAsync(CancellationToken ct)
+    {
+        using var scope = _services.CreateScope();
+        var mgr = scope.ServiceProvider.GetRequiredService<IOpenIddictApplicationManager>();
+
+        if (await mgr.FindByClientIdAsync(WebClientId, ct) is null)
+        {
+            await mgr.CreateAsync(new OpenIddictApplicationDescriptor
+            {
+                ClientId = WebClientId,
+                DisplayName = "food-market web admin",
+                ClientType = ClientTypes.Public,
+                Permissions =
+                {
+                    Permissions.Endpoints.Token,
+                    Permissions.GrantTypes.Password,
+                    Permissions.GrantTypes.RefreshToken,
+                    Permissions.Scopes.Email,
+                    Permissions.Scopes.Profile,
+                    Permissions.Scopes.Roles,
+                    Permissions.Prefixes.Scope + "api",
+                }
+            }, ct);
+        }
+
+        if (await mgr.FindByClientIdAsync(PosClientId, ct) is null)
+        {
+            await mgr.CreateAsync(new OpenIddictApplicationDescriptor
+            {
+                ClientId = PosClientId,
+                DisplayName = "food-market POS client",
+                ClientType = ClientTypes.Public,
+                Permissions =
+                {
+                    Permissions.Endpoints.Token,
+                    Permissions.GrantTypes.Password,
+                    Permissions.GrantTypes.RefreshToken,
+                    Permissions.Scopes.Email,
+                    Permissions.Scopes.Profile,
+                    Permissions.Scopes.Roles,
+                    Permissions.Prefixes.Scope + "api",
+                }
+            }, ct);
+        }
+    }
+
+    public Task StopAsync(CancellationToken ct) => Task.CompletedTask;
+}

src/food-market.api/appsettings.Development.json

@@ -0,0 +1,13 @@
+{
+  "Serilog": {
+    "MinimumLevel": {
+      "Default": "Debug",
+      "Override": {
+        "Microsoft.EntityFrameworkCore.Database.Command": "Information"
+      }
+    }
+  },
+  "ConnectionStrings": {
+    "Default": "Host=localhost;Port=5432;Database=food_market;Username=nns;Password="
+  }
+}

src/food-market.api/appsettings.json

@@ -0,0 +1,37 @@
+{
+  "Serilog": {
+    "MinimumLevel": {
+      "Default": "Information",
+      "Override": {
+        "Microsoft.AspNetCore": "Warning",
+        "Microsoft.EntityFrameworkCore": "Warning"
+      }
+    },
+    "WriteTo": [
+      { "Name": "Console" },
+      {
+        "Name": "File",
+        "Args": {
+          "path": "logs/food-market-.log",
+          "rollingInterval": "Day",
+          "retainedFileCountLimit": 14
+        }
+      }
+    ]
+  },
+  "ConnectionStrings": {
+    "Default": "Host=localhost;Port=5432;Database=food_market;Username=nns;Password="
+  },
+  "OpenIddict": {
+    "Issuer": "https://localhost:5001/",
+    "AccessTokenLifetime": "01:00:00",
+    "RefreshTokenLifetime": "30.00:00:00"
+  },
+  "Cors": {
+    "AllowedOrigins": [
+      "http://localhost:5173",
+      "http://localhost:4173"
+    ]
+  },
+  "AllowedHosts": "*"
+}

src/food-market.api/food-market.api.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Api</RootNamespace>
+    <AssemblyName>foodmarket.Api</AssemblyName>
+    <UserSecretsId>food-market-api</UserSecretsId>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\food-market.domain\food-market.domain.csproj" />
+    <ProjectReference Include="..\food-market.application\food-market.application.csproj" />
+    <ProjectReference Include="..\food-market.infrastructure\food-market.infrastructure.csproj" />
+    <ProjectReference Include="..\food-market.shared\food-market.shared.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" />
+    <PackageReference Include="Swashbuckle.AspNetCore" />
+    <PackageReference Include="OpenIddict.AspNetCore" />
+    <PackageReference Include="Serilog.AspNetCore" />
+    <PackageReference Include="Serilog.Sinks.Console" />
+    <PackageReference Include="Serilog.Sinks.File" />
+    <PackageReference Include="Hangfire.AspNetCore" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" />
+  </ItemGroup>
+</Project>

src/food-market.application/Common/Tenancy/ITenantContext.cs

@@ -0,0 +1,8 @@
+namespace foodmarket.Application.Common.Tenancy;
+
+public interface ITenantContext
+{
+    Guid? OrganizationId { get; }
+    bool IsAuthenticated { get; }
+    bool IsSuperAdmin { get; }
+}

src/food-market.application/food-market.application.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Application</RootNamespace>
+    <AssemblyName>foodmarket.Application</AssemblyName>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\food-market.domain\food-market.domain.csproj" />
+    <ProjectReference Include="..\food-market.shared\food-market.shared.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="MediatR" />
+    <PackageReference Include="FluentValidation" />
+    <PackageReference Include="FluentValidation.DependencyInjectionExtensions" />
+    <PackageReference Include="Mapster" />
+    <PackageReference Include="Mapster.DependencyInjection" />
+  </ItemGroup>
+</Project>

src/food-market.domain/Common/Entity.cs

@@ -0,0 +1,8 @@
+namespace foodmarket.Domain.Common;
+
+public abstract class Entity
+{
+    public Guid Id { get; set; } = Guid.NewGuid();
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime? UpdatedAt { get; set; }
+}

src/food-market.domain/Common/TenantEntity.cs

@@ -0,0 +1,11 @@
+namespace foodmarket.Domain.Common;
+
+public interface ITenantEntity
+{
+    Guid OrganizationId { get; set; }
+}
+
+public abstract class TenantEntity : Entity, ITenantEntity
+{
+    public Guid OrganizationId { get; set; }
+}

src/food-market.domain/Organizations/Organization.cs

@@ -0,0 +1,14 @@
+using foodmarket.Domain.Common;
+
+namespace foodmarket.Domain.Organizations;
+
+public class Organization : Entity
+{
+    public string Name { get; set; } = null!;
+    public string CountryCode { get; set; } = "KZ";
+    public string? Bin { get; set; }
+    public string? Address { get; set; }
+    public string? Phone { get; set; }
+    public string? Email { get; set; }
+    public bool IsActive { get; set; } = true;
+}

src/food-market.domain/food-market.domain.csproj

@@ -0,0 +1,7 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Domain</RootNamespace>
+    <AssemblyName>foodmarket.Domain</AssemblyName>
+  </PropertyGroup>
+</Project>

src/food-market.infrastructure/Identity/Role.cs

@@ -0,0 +1,18 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace foodmarket.Infrastructure.Identity;
+
+public class Role : IdentityRole<Guid>
+{
+    public Guid? OrganizationId { get; set; }
+    public string? Description { get; set; }
+}
+
+public static class SystemRoles
+{
+    public const string Admin = "Admin";
+    public const string Manager = "Manager";
+    public const string Cashier = "Cashier";
+    public const string Storekeeper = "Storekeeper";
+    public const string SuperAdmin = "SuperAdmin";
+}

src/food-market.infrastructure/Identity/User.cs

@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace foodmarket.Infrastructure.Identity;
+
+public class User : IdentityUser<Guid>
+{
+    public Guid? OrganizationId { get; set; }
+    public string FullName { get; set; } = string.Empty;
+    public bool IsActive { get; set; } = true;
+    public DateTime CreatedAt { get; set; } = DateTime.UtcNow;
+    public DateTime? LastLoginAt { get; set; }
+}

src/food-market.infrastructure/Persistence/AppDbContext.cs

@@ -0,0 +1,105 @@
+using foodmarket.Application.Common.Tenancy;
+using foodmarket.Domain.Common;
+using foodmarket.Infrastructure.Identity;
+using foodmarket.Domain.Organizations;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.ChangeTracking;
+
+namespace foodmarket.Infrastructure.Persistence;
+
+public class AppDbContext : IdentityDbContext<User, Role, Guid>
+{
+    private readonly ITenantContext _tenant;
+
+    public AppDbContext(DbContextOptions<AppDbContext> options, ITenantContext tenant)
+        : base(options)
+    {
+        _tenant = tenant;
+    }
+
+    public DbSet<Organization> Organizations => Set<Organization>();
+
+    protected override void OnModelCreating(ModelBuilder builder)
+    {
+        base.OnModelCreating(builder);
+
+        builder.HasDefaultSchema("public");
+
+        // OpenIddict EF Core tables
+        builder.UseOpenIddict();
+
+        // Identity table renaming for clarity
+        builder.Entity<User>(b =>
+        {
+            b.ToTable("users");
+            b.Property(u => u.FullName).HasMaxLength(200);
+        });
+        builder.Entity<Role>(b => b.ToTable("roles"));
+
+        builder.Entity<Organization>(b =>
+        {
+            b.ToTable("organizations");
+            b.Property(o => o.Name).HasMaxLength(200).IsRequired();
+            b.Property(o => o.CountryCode).HasMaxLength(2).IsRequired();
+            b.Property(o => o.Bin).HasMaxLength(20);
+            b.HasIndex(o => o.Name);
+        });
+
+        // Apply multi-tenant query filter to every entity that implements ITenantEntity
+        foreach (var entityType in builder.Model.GetEntityTypes())
+        {
+            if (typeof(ITenantEntity).IsAssignableFrom(entityType.ClrType))
+            {
+                var method = typeof(AppDbContext)
+                    .GetMethod(nameof(ApplyTenantFilter),
+                        System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)!
+                    .MakeGenericMethod(entityType.ClrType);
+                method.Invoke(this, new object[] { builder });
+            }
+        }
+    }
+
+    private void ApplyTenantFilter<T>(ModelBuilder builder) where T : class, ITenantEntity
+    {
+        builder.Entity<T>().HasQueryFilter(e =>
+            _tenant.IsSuperAdmin || e.OrganizationId == _tenant.OrganizationId);
+    }
+
+    public override int SaveChanges()
+    {
+        StampTenant();
+        StampTimestamps();
+        return base.SaveChanges();
+    }
+
+    public override Task<int> SaveChangesAsync(CancellationToken ct = default)
+    {
+        StampTenant();
+        StampTimestamps();
+        return base.SaveChangesAsync(ct);
+    }
+
+    private void StampTenant()
+    {
+        foreach (var entry in ChangeTracker.Entries())
+        {
+            if (entry.State == EntityState.Added && entry.Entity is ITenantEntity tenant && tenant.OrganizationId == Guid.Empty)
+            {
+                if (_tenant.OrganizationId.HasValue)
+                    tenant.OrganizationId = _tenant.OrganizationId.Value;
+            }
+        }
+    }
+
+    private void StampTimestamps()
+    {
+        foreach (var entry in ChangeTracker.Entries<Entity>())
+        {
+            if (entry.State == EntityState.Added)
+                entry.Entity.CreatedAt = DateTime.UtcNow;
+            else if (entry.State == EntityState.Modified)
+                entry.Entity.UpdatedAt = DateTime.UtcNow;
+        }
+    }
+}

src/food-market.infrastructure/Persistence/DesignTimeAppDbContextFactory.cs

@@ -0,0 +1,24 @@
+using foodmarket.Application.Common.Tenancy;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Design;
+
+namespace foodmarket.Infrastructure.Persistence;
+
+internal class DesignTimeAppDbContextFactory : IDesignTimeDbContextFactory<AppDbContext>
+{
+    public AppDbContext CreateDbContext(string[] args)
+    {
+        var opts = new DbContextOptionsBuilder<AppDbContext>()
+            .UseNpgsql("Host=localhost;Port=5432;Database=food_market;Username=nns;Password=")
+            .UseOpenIddict()
+            .Options;
+        return new AppDbContext(opts, new DesignTimeTenantContext());
+    }
+
+    private sealed class DesignTimeTenantContext : ITenantContext
+    {
+        public Guid? OrganizationId => null;
+        public bool IsAuthenticated => false;
+        public bool IsSuperAdmin => true;
+    }
+}

src/food-market.infrastructure/Persistence/Migrations/20260421082113_InitialSchema.Designer.cs

@@ -0,0 +1,589 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+using foodmarket.Infrastructure.Persistence;
+
+#nullable disable
+
+namespace foodmarket.Infrastructure.Persistence.Migrations
+{
+    [DbContext(typeof(AppDbContext))]
+    [Migration("20260421082113_InitialSchema")]
+    partial class InitialSchema
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasDefaultSchema("public")
+                .HasAnnotation("ProductVersion", "8.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("RoleId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
+                {
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("RoleId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
+                {
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("text");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ClientId")
+                        .HasMaxLength(100)
+                        .HasColumnType("character varying(100)");
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClientType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ConsentType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("text");
+
+                    b.Property<string>("JsonWebKeySet")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("text");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Requirements")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Settings")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("character varying(400)");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Descriptions")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<DateTime?>("ExpirationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<DateTime?>("RedemptionDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("ReferenceId")
+                        .HasMaxLength(100)
+                        .HasColumnType("character varying(100)");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("character varying(400)");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique();
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Domain.Organizations.Organization", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Address")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Bin")
+                        .HasMaxLength(20)
+                        .HasColumnType("character varying(20)");
+
+                    b.Property<string>("CountryCode")
+                        .IsRequired()
+                        .HasMaxLength(2)
+                        .HasColumnType("character varying(2)");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<string>("Phone")
+                        .HasColumnType("text");
+
+                    b.Property<DateTime?>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name");
+
+                    b.ToTable("organizations", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Infrastructure.Identity.Role", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("text");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<string>("NormalizedName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<Guid?>("OrganizationId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasDatabaseName("RoleNameIndex");
+
+                    b.ToTable("roles", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Infrastructure.Identity.User", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("text");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Email")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("FullName")
+                        .IsRequired()
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("boolean");
+
+                    b.Property<DateTime?>("LastLoginAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("boolean");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<Guid?>("OrganizationId")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("text");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("UserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasDatabaseName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasDatabaseName("UserNameIndex");
+
+                    b.ToTable("users", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+
+                    b.Navigation("Application");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+
+                    b.Navigation("Application");
+
+                    b.Navigation("Authorization");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Navigation("Authorizations");
+
+                    b.Navigation("Tokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Navigation("Tokens");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

src/food-market.infrastructure/Persistence/Migrations/20260421082113_InitialSchema.cs

@@ -0,0 +1,455 @@
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace foodmarket.Infrastructure.Persistence.Migrations
+{
+    /// <inheritdoc />
+    public partial class InitialSchema : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.EnsureSchema(
+                name: "public");
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictApplications",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "text", nullable: false),
+                    ApplicationType = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    ClientId = table.Column<string>(type: "character varying(100)", maxLength: 100, nullable: true),
+                    ClientSecret = table.Column<string>(type: "text", nullable: true),
+                    ClientType = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    ConcurrencyToken = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    ConsentType = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    DisplayName = table.Column<string>(type: "text", nullable: true),
+                    DisplayNames = table.Column<string>(type: "text", nullable: true),
+                    JsonWebKeySet = table.Column<string>(type: "text", nullable: true),
+                    Permissions = table.Column<string>(type: "text", nullable: true),
+                    PostLogoutRedirectUris = table.Column<string>(type: "text", nullable: true),
+                    Properties = table.Column<string>(type: "text", nullable: true),
+                    RedirectUris = table.Column<string>(type: "text", nullable: true),
+                    Requirements = table.Column<string>(type: "text", nullable: true),
+                    Settings = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictApplications", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictScopes",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "text", nullable: false),
+                    ConcurrencyToken = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    Description = table.Column<string>(type: "text", nullable: true),
+                    Descriptions = table.Column<string>(type: "text", nullable: true),
+                    DisplayName = table.Column<string>(type: "text", nullable: true),
+                    DisplayNames = table.Column<string>(type: "text", nullable: true),
+                    Name = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: true),
+                    Properties = table.Column<string>(type: "text", nullable: true),
+                    Resources = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictScopes", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "organizations",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<Guid>(type: "uuid", nullable: false),
+                    Name = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: false),
+                    CountryCode = table.Column<string>(type: "character varying(2)", maxLength: 2, nullable: false),
+                    Bin = table.Column<string>(type: "character varying(20)", maxLength: 20, nullable: true),
+                    Address = table.Column<string>(type: "text", nullable: true),
+                    Phone = table.Column<string>(type: "text", nullable: true),
+                    Email = table.Column<string>(type: "text", nullable: true),
+                    IsActive = table.Column<bool>(type: "boolean", nullable: false),
+                    CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
+                    UpdatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_organizations", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "roles",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<Guid>(type: "uuid", nullable: false),
+                    OrganizationId = table.Column<Guid>(type: "uuid", nullable: true),
+                    Description = table.Column<string>(type: "text", nullable: true),
+                    Name = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    NormalizedName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    ConcurrencyStamp = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_roles", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "users",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<Guid>(type: "uuid", nullable: false),
+                    OrganizationId = table.Column<Guid>(type: "uuid", nullable: true),
+                    FullName = table.Column<string>(type: "character varying(200)", maxLength: 200, nullable: false),
+                    IsActive = table.Column<bool>(type: "boolean", nullable: false),
+                    CreatedAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: false),
+                    LastLoginAt = table.Column<DateTime>(type: "timestamp with time zone", nullable: true),
+                    UserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    NormalizedUserName = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    Email = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    NormalizedEmail = table.Column<string>(type: "character varying(256)", maxLength: 256, nullable: true),
+                    EmailConfirmed = table.Column<bool>(type: "boolean", nullable: false),
+                    PasswordHash = table.Column<string>(type: "text", nullable: true),
+                    SecurityStamp = table.Column<string>(type: "text", nullable: true),
+                    ConcurrencyStamp = table.Column<string>(type: "text", nullable: true),
+                    PhoneNumber = table.Column<string>(type: "text", nullable: true),
+                    PhoneNumberConfirmed = table.Column<bool>(type: "boolean", nullable: false),
+                    TwoFactorEnabled = table.Column<bool>(type: "boolean", nullable: false),
+                    LockoutEnd = table.Column<DateTimeOffset>(type: "timestamp with time zone", nullable: true),
+                    LockoutEnabled = table.Column<bool>(type: "boolean", nullable: false),
+                    AccessFailedCount = table.Column<int>(type: "integer", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_users", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictAuthorizations",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "text", nullable: false),
+                    ApplicationId = table.Column<string>(type: "text", nullable: true),
+                    ConcurrencyToken = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    CreationDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: true),
+                    Properties = table.Column<string>(type: "text", nullable: true),
+                    Scopes = table.Column<string>(type: "text", nullable: true),
+                    Status = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    Subject = table.Column<string>(type: "character varying(400)", maxLength: 400, nullable: true),
+                    Type = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictAuthorizations", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictAuthorizations_OpenIddictApplications_Application~",
+                        column: x => x.ApplicationId,
+                        principalSchema: "public",
+                        principalTable: "OpenIddictApplications",
+                        principalColumn: "Id");
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetRoleClaims",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "integer", nullable: false)
+                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
+                    RoleId = table.Column<Guid>(type: "uuid", nullable: false),
+                    ClaimType = table.Column<string>(type: "text", nullable: true),
+                    ClaimValue = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetRoleClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetRoleClaims_roles_RoleId",
+                        column: x => x.RoleId,
+                        principalSchema: "public",
+                        principalTable: "roles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserClaims",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "integer", nullable: false)
+                        .Annotation("Npgsql:ValueGenerationStrategy", NpgsqlValueGenerationStrategy.IdentityByDefaultColumn),
+                    UserId = table.Column<Guid>(type: "uuid", nullable: false),
+                    ClaimType = table.Column<string>(type: "text", nullable: true),
+                    ClaimValue = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserClaims", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserClaims_users_UserId",
+                        column: x => x.UserId,
+                        principalSchema: "public",
+                        principalTable: "users",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserLogins",
+                schema: "public",
+                columns: table => new
+                {
+                    LoginProvider = table.Column<string>(type: "text", nullable: false),
+                    ProviderKey = table.Column<string>(type: "text", nullable: false),
+                    ProviderDisplayName = table.Column<string>(type: "text", nullable: true),
+                    UserId = table.Column<Guid>(type: "uuid", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserLogins", x => new { x.LoginProvider, x.ProviderKey });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserLogins_users_UserId",
+                        column: x => x.UserId,
+                        principalSchema: "public",
+                        principalTable: "users",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserRoles",
+                schema: "public",
+                columns: table => new
+                {
+                    UserId = table.Column<Guid>(type: "uuid", nullable: false),
+                    RoleId = table.Column<Guid>(type: "uuid", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserRoles", x => new { x.UserId, x.RoleId });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_roles_RoleId",
+                        column: x => x.RoleId,
+                        principalSchema: "public",
+                        principalTable: "roles",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserRoles_users_UserId",
+                        column: x => x.UserId,
+                        principalSchema: "public",
+                        principalTable: "users",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "AspNetUserTokens",
+                schema: "public",
+                columns: table => new
+                {
+                    UserId = table.Column<Guid>(type: "uuid", nullable: false),
+                    LoginProvider = table.Column<string>(type: "text", nullable: false),
+                    Name = table.Column<string>(type: "text", nullable: false),
+                    Value = table.Column<string>(type: "text", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserTokens", x => new { x.UserId, x.LoginProvider, x.Name });
+                    table.ForeignKey(
+                        name: "FK_AspNetUserTokens_users_UserId",
+                        column: x => x.UserId,
+                        principalSchema: "public",
+                        principalTable: "users",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "OpenIddictTokens",
+                schema: "public",
+                columns: table => new
+                {
+                    Id = table.Column<string>(type: "text", nullable: false),
+                    ApplicationId = table.Column<string>(type: "text", nullable: true),
+                    AuthorizationId = table.Column<string>(type: "text", nullable: true),
+                    ConcurrencyToken = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    CreationDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: true),
+                    ExpirationDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: true),
+                    Payload = table.Column<string>(type: "text", nullable: true),
+                    Properties = table.Column<string>(type: "text", nullable: true),
+                    RedemptionDate = table.Column<DateTime>(type: "timestamp with time zone", nullable: true),
+                    ReferenceId = table.Column<string>(type: "character varying(100)", maxLength: 100, nullable: true),
+                    Status = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true),
+                    Subject = table.Column<string>(type: "character varying(400)", maxLength: 400, nullable: true),
+                    Type = table.Column<string>(type: "character varying(50)", maxLength: 50, nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_OpenIddictTokens", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_OpenIddictTokens_OpenIddictApplications_ApplicationId",
+                        column: x => x.ApplicationId,
+                        principalSchema: "public",
+                        principalTable: "OpenIddictApplications",
+                        principalColumn: "Id");
+                    table.ForeignKey(
+                        name: "FK_OpenIddictTokens_OpenIddictAuthorizations_AuthorizationId",
+                        column: x => x.AuthorizationId,
+                        principalSchema: "public",
+                        principalTable: "OpenIddictAuthorizations",
+                        principalColumn: "Id");
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetRoleClaims_RoleId",
+                schema: "public",
+                table: "AspNetRoleClaims",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserClaims_UserId",
+                schema: "public",
+                table: "AspNetUserClaims",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserLogins_UserId",
+                schema: "public",
+                table: "AspNetUserLogins",
+                column: "UserId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserRoles_RoleId",
+                schema: "public",
+                table: "AspNetUserRoles",
+                column: "RoleId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictApplications_ClientId",
+                schema: "public",
+                table: "OpenIddictApplications",
+                column: "ClientId",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictAuthorizations_ApplicationId_Status_Subject_Type",
+                schema: "public",
+                table: "OpenIddictAuthorizations",
+                columns: new[] { "ApplicationId", "Status", "Subject", "Type" });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictScopes_Name",
+                schema: "public",
+                table: "OpenIddictScopes",
+                column: "Name",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_ApplicationId_Status_Subject_Type",
+                schema: "public",
+                table: "OpenIddictTokens",
+                columns: new[] { "ApplicationId", "Status", "Subject", "Type" });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_AuthorizationId",
+                schema: "public",
+                table: "OpenIddictTokens",
+                column: "AuthorizationId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_OpenIddictTokens_ReferenceId",
+                schema: "public",
+                table: "OpenIddictTokens",
+                column: "ReferenceId",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_organizations_Name",
+                schema: "public",
+                table: "organizations",
+                column: "Name");
+
+            migrationBuilder.CreateIndex(
+                name: "RoleNameIndex",
+                schema: "public",
+                table: "roles",
+                column: "NormalizedName",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "EmailIndex",
+                schema: "public",
+                table: "users",
+                column: "NormalizedEmail");
+
+            migrationBuilder.CreateIndex(
+                name: "UserNameIndex",
+                schema: "public",
+                table: "users",
+                column: "NormalizedUserName",
+                unique: true);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "AspNetRoleClaims",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserClaims",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserLogins",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserRoles",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "AspNetUserTokens",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictScopes",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictTokens",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "organizations",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "roles",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "users",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictAuthorizations",
+                schema: "public");
+
+            migrationBuilder.DropTable(
+                name: "OpenIddictApplications",
+                schema: "public");
+        }
+    }
+}

src/food-market.infrastructure/Persistence/Migrations/AppDbContextModelSnapshot.cs

@@ -0,0 +1,586 @@
+// <auto-generated />
+using System;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+using foodmarket.Infrastructure.Persistence;
+
+#nullable disable
+
+namespace foodmarket.Infrastructure.Persistence.Migrations
+{
+    [DbContext(typeof(AppDbContext))]
+    partial class AppDbContextModelSnapshot : ModelSnapshot
+    {
+        protected override void BuildModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasDefaultSchema("public")
+                .HasAnnotation("ProductVersion", "8.0.11")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("RoleId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ProviderKey")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
+                {
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("RoleId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
+                {
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("LoginProvider")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("text");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ClientId")
+                        .HasMaxLength(100)
+                        .HasColumnType("character varying(100)");
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ClientType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("ConsentType")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("text");
+
+                    b.Property<string>("JsonWebKeySet")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("text");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Requirements")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Settings")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("character varying(400)");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Descriptions")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("text");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes", "public");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("text");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("text");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<DateTime?>("ExpirationDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("text");
+
+                    b.Property<DateTime?>("RedemptionDate")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("ReferenceId")
+                        .HasMaxLength(100)
+                        .HasColumnType("character varying(100)");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("character varying(400)");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(50)
+                        .HasColumnType("character varying(50)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique();
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Domain.Organizations.Organization", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Address")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Bin")
+                        .HasMaxLength(20)
+                        .HasColumnType("character varying(20)");
+
+                    b.Property<string>("CountryCode")
+                        .IsRequired()
+                        .HasMaxLength(2)
+                        .HasColumnType("character varying(2)");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Email")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<string>("Phone")
+                        .HasColumnType("text");
+
+                    b.Property<DateTime?>("UpdatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name");
+
+                    b.ToTable("organizations", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Infrastructure.Identity.Role", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("text");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<string>("NormalizedName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<Guid?>("OrganizationId")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasDatabaseName("RoleNameIndex");
+
+                    b.ToTable("roles", "public");
+                });
+
+            modelBuilder.Entity("foodmarket.Infrastructure.Identity.User", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("text");
+
+                    b.Property<DateTime>("CreatedAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("Email")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("FullName")
+                        .IsRequired()
+                        .HasMaxLength(200)
+                        .HasColumnType("character varying(200)");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("boolean");
+
+                    b.Property<DateTime?>("LastLoginAt")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("boolean");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.Property<Guid?>("OrganizationId")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("text");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("text");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("boolean");
+
+                    b.Property<string>("UserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("character varying(256)");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasDatabaseName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasDatabaseName("UserNameIndex");
+
+                    b.ToTable("users", "public");
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.Role", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<System.Guid>", b =>
+                {
+                    b.HasOne("foodmarket.Infrastructure.Identity.User", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+
+                    b.Navigation("Application");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+
+                    b.Navigation("Application");
+
+                    b.Navigation("Authorization");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Navigation("Authorizations");
+
+                    b.Navigation("Tokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Navigation("Tokens");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

src/food-market.infrastructure/food-market.infrastructure.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Infrastructure</RootNamespace>
+    <AssemblyName>foodmarket.Infrastructure</AssemblyName>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\food-market.domain\food-market.domain.csproj" />
+    <ProjectReference Include="..\food-market.application\food-market.application.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" />
+    <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" />
+    <PackageReference Include="OpenIddict.EntityFrameworkCore" />
+    <PackageReference Include="Hangfire.PostgreSql" />
+  </ItemGroup>
+</Project>

src/food-market.pos.core/food-market.pos.core.csproj

@@ -0,0 +1,21 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Pos.Core</RootNamespace>
+    <AssemblyName>foodmarket.Pos.Core</AssemblyName>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\food-market.shared\food-market.shared.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />
+    <PackageReference Include="CommunityToolkit.Mvvm" />
+    <PackageReference Include="Refit" />
+    <PackageReference Include="Refit.HttpClientFactory" />
+    <PackageReference Include="Polly" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" />
+  </ItemGroup>
+</Project>

src/food-market.pos/App.xaml

@@ -0,0 +1,7 @@
+<Application x:Class="foodmarket.Pos.App"
+             xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+             xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+             StartupUri="MainWindow.xaml">
+    <Application.Resources>
+    </Application.Resources>
+</Application>

src/food-market.pos/App.xaml.cs

@@ -0,0 +1,5 @@
+namespace foodmarket.Pos;
+
+public partial class App : System.Windows.Application
+{
+}

src/food-market.pos/MainWindow.xaml

@@ -0,0 +1,11 @@
+<Window x:Class="foodmarket.Pos.MainWindow"
+        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+        Title="food-market POS" Height="600" Width="900"
+        WindowStartupLocation="CenterScreen">
+    <Grid>
+        <TextBlock Text="food-market POS (каркас)"
+                   HorizontalAlignment="Center" VerticalAlignment="Center"
+                   FontSize="24" />
+    </Grid>
+</Window>

src/food-market.pos/MainWindow.xaml.cs

@@ -0,0 +1,9 @@
+namespace foodmarket.Pos;
+
+public partial class MainWindow : System.Windows.Window
+{
+    public MainWindow()
+    {
+        InitializeComponent();
+    }
+}

src/food-market.pos/food-market.pos.csproj

@@ -0,0 +1,25 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <OutputType>WinExe</OutputType>
+    <TargetFramework>net8.0-windows</TargetFramework>
+    <RootNamespace>foodmarket.Pos</RootNamespace>
+    <AssemblyName>foodmarket.Pos</AssemblyName>
+    <UseWPF>true</UseWPF>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <!-- Allow building on macOS/Linux for CI; running still requires Windows -->
+    <EnableWindowsTargeting>true</EnableWindowsTargeting>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\food-market.pos.core\food-market.pos.core.csproj" />
+    <ProjectReference Include="..\food-market.shared\food-market.shared.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="CommunityToolkit.Mvvm" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" />
+    <PackageReference Include="Refit.HttpClientFactory" />
+    <PackageReference Include="System.IO.Ports" />
+  </ItemGroup>
+</Project>

src/food-market.shared/food-market.shared.csproj

@@ -0,0 +1,7 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <RootNamespace>foodmarket.Shared</RootNamespace>
+    <AssemblyName>foodmarket.Shared</AssemblyName>
+  </PropertyGroup>
+</Project>

src/food-market.web/.gitignore

@@ -0,0 +1,24 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+lerna-debug.log*
+
+node_modules
+dist
+dist-ssr
+*.local
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+.idea
+.DS_Store
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?

src/food-market.web/README.md

@@ -0,0 +1,73 @@
+# React + TypeScript + Vite
+
+This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
+
+Currently, two official plugins are available:
+
+- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react) uses [Oxc](https://oxc.rs)
+- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc) uses [SWC](https://swc.rs/)
+
+## React Compiler
+
+The React Compiler is not enabled on this template because of its impact on dev & build performances. To add it, see [this documentation](https://react.dev/learn/react-compiler/installation).
+
+## Expanding the ESLint configuration
+
+If you are developing a production application, we recommend updating the configuration to enable type-aware lint rules:
+
+```js
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+
+      // Remove tseslint.configs.recommended and replace with this
+      tseslint.configs.recommendedTypeChecked,
+      // Alternatively, use this for stricter rules
+      tseslint.configs.strictTypeChecked,
+      // Optionally, add this for stylistic rules
+      tseslint.configs.stylisticTypeChecked,
+
+      // Other configs...
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```
+
+You can also install [eslint-plugin-react-x](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-x) and [eslint-plugin-react-dom](https://github.com/Rel1cx/eslint-react/tree/main/packages/plugins/eslint-plugin-react-dom) for React-specific lint rules:
+
+```js
+// eslint.config.js
+import reactX from 'eslint-plugin-react-x'
+import reactDom from 'eslint-plugin-react-dom'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      // Other configs...
+      // Enable lint rules for React
+      reactX.configs['recommended-typescript'],
+      // Enable lint rules for React DOM
+      reactDom.configs.recommended,
+    ],
+    languageOptions: {
+      parserOptions: {
+        project: ['./tsconfig.node.json', './tsconfig.app.json'],
+        tsconfigRootDir: import.meta.dirname,
+      },
+      // other options...
+    },
+  },
+])
+```

src/food-market.web/eslint.config.js

@@ -0,0 +1,23 @@
+import js from '@eslint/js'
+import globals from 'globals'
+import reactHooks from 'eslint-plugin-react-hooks'
+import reactRefresh from 'eslint-plugin-react-refresh'
+import tseslint from 'typescript-eslint'
+import { defineConfig, globalIgnores } from 'eslint/config'
+
+export default defineConfig([
+  globalIgnores(['dist']),
+  {
+    files: ['**/*.{ts,tsx}'],
+    extends: [
+      js.configs.recommended,
+      tseslint.configs.recommended,
+      reactHooks.configs.flat.recommended,
+      reactRefresh.configs.vite,
+    ],
+    languageOptions: {
+      ecmaVersion: 2020,
+      globals: globals.browser,
+    },
+  },
+])

src/food-market.web/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>food-market.web</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>

src/food-market.web/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "food-market.web",
+  "private": true,
+  "version": "0.0.0",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "@hookform/resolvers": "^5.2.2",
+    "@tanstack/react-query": "^5.99.2",
+    "@tanstack/react-query-devtools": "^5.99.2",
+    "axios": "^1.15.1",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "lucide-react": "^1.8.0",
+    "react": "^19.2.5",
+    "react-dom": "^19.2.5",
+    "react-hook-form": "^7.73.1",
+    "react-router-dom": "^7.14.1",
+    "tailwind-merge": "^3.5.0",
+    "tailwindcss-animate": "^1.0.7",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.4",
+    "@tailwindcss/vite": "^4.2.3",
+    "@types/node": "^24.12.2",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^6.0.1",
+    "autoprefixer": "^10.5.0",
+    "eslint": "^9.39.4",
+    "eslint-plugin-react-hooks": "^7.1.1",
+    "eslint-plugin-react-refresh": "^0.5.2",
+    "globals": "^17.5.0",
+    "postcss": "^8.5.10",
+    "tailwindcss": "^4.2.3",
+    "typescript": "~6.0.2",
+    "typescript-eslint": "^8.58.2",
+    "vite": "^8.0.9"
+  }
+}

src/food-market.web/public/icons.svg

@@ -0,0 +1,24 @@
+<svg xmlns="http://www.w3.org/2000/svg">
+  <symbol id="bluesky-icon" viewBox="0 0 16 17">
+    <g clip-path="url(#bluesky-clip)"><path fill="#08060d" d="M7.75 7.735c-.693-1.348-2.58-3.86-4.334-5.097-1.68-1.187-2.32-.981-2.74-.79C.188 2.065.1 2.812.1 3.251s.241 3.602.398 4.13c.52 1.744 2.367 2.333 4.07 2.145-2.495.37-4.71 1.278-1.805 4.512 3.196 3.309 4.38-.71 4.987-2.746.608 2.036 1.307 5.91 4.93 2.746 2.72-2.746.747-4.143-1.747-4.512 1.702.189 3.55-.4 4.07-2.145.156-.528.397-3.691.397-4.13s-.088-1.186-.575-1.406c-.42-.19-1.06-.395-2.741.79-1.755 1.24-3.64 3.752-4.334 5.099"/></g>
+    <defs><clipPath id="bluesky-clip"><path fill="#fff" d="M.1.85h15.3v15.3H.1z"/></clipPath></defs>
+  </symbol>
+  <symbol id="discord-icon" viewBox="0 0 20 19">
+    <path fill="#08060d" d="M16.224 3.768a14.5 14.5 0 0 0-3.67-1.153c-.158.286-.343.67-.47.976a13.5 13.5 0 0 0-4.067 0c-.128-.306-.317-.69-.476-.976A14.4 14.4 0 0 0 3.868 3.77C1.546 7.28.916 10.703 1.231 14.077a14.7 14.7 0 0 0 4.5 2.306q.545-.748.965-1.587a9.5 9.5 0 0 1-1.518-.74q.191-.14.372-.293c2.927 1.369 6.107 1.369 8.999 0q.183.152.372.294-.723.437-1.52.74.418.838.963 1.588a14.6 14.6 0 0 0 4.504-2.308c.37-3.911-.63-7.302-2.644-10.309m-9.13 8.234c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.894 0 1.614.82 1.599 1.82.001 1-.705 1.82-1.6 1.82m5.91 0c-.878 0-1.599-.82-1.599-1.82 0-.998.705-1.82 1.6-1.82.893 0 1.614.82 1.599 1.82 0 1-.706 1.82-1.6 1.82"/>
+  </symbol>
+  <symbol id="documentation-icon" viewBox="0 0 21 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="m15.5 13.333 1.533 1.322c.645.555.967.833.967 1.178s-.322.623-.967 1.179L15.5 18.333m-3.333-5-1.534 1.322c-.644.555-.966.833-.966 1.178s.322.623.966 1.179l1.534 1.321"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M17.167 10.836v-4.32c0-1.41 0-2.117-.224-2.68-.359-.906-1.118-1.621-2.08-1.96-.599-.21-1.349-.21-2.848-.21-2.623 0-3.935 0-4.983.369-1.684.591-3.013 1.842-3.641 3.428C3 6.449 3 7.684 3 10.154v2.122c0 2.558 0 3.838.706 4.726q.306.383.713.671c.76.536 1.79.64 3.581.66"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M3 10a2.78 2.78 0 0 1 2.778-2.778c.555 0 1.209.097 1.748-.047.48-.129.854-.503.982-.982.145-.54.048-1.194.048-1.749a2.78 2.78 0 0 1 2.777-2.777"/>
+  </symbol>
+  <symbol id="github-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M9.356 1.85C5.05 1.85 1.57 5.356 1.57 9.694a7.84 7.84 0 0 0 5.324 7.44c.387.079.528-.168.528-.376 0-.182-.013-.805-.013-1.454-2.165.467-2.616-.935-2.616-.935-.349-.91-.864-1.143-.864-1.143-.71-.48.051-.48.051-.48.787.051 1.2.805 1.2.805.695 1.194 1.817.857 2.268.649.064-.507.27-.857.49-1.052-1.728-.182-3.545-.857-3.545-3.87 0-.857.31-1.558.8-2.104-.078-.195-.349-1 .077-2.078 0 0 .657-.208 2.14.805a7.5 7.5 0 0 1 1.946-.26c.657 0 1.328.092 1.946.26 1.483-1.013 2.14-.805 2.14-.805.426 1.078.155 1.883.078 2.078.502.546.799 1.247.799 2.104 0 3.013-1.818 3.675-3.558 3.87.284.247.528.714.528 1.454 0 1.052-.012 1.896-.012 2.156 0 .208.142.455.528.377a7.84 7.84 0 0 0 5.324-7.441c.013-4.338-3.48-7.844-7.773-7.844" clip-rule="evenodd"/>
+  </symbol>
+  <symbol id="social-icon" viewBox="0 0 20 20">
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M12.5 6.667a4.167 4.167 0 1 0-8.334 0 4.167 4.167 0 0 0 8.334 0"/>
+    <path fill="none" stroke="#aa3bff" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.35" d="M2.5 16.667a5.833 5.833 0 0 1 8.75-5.053m3.837.474.513 1.035c.07.144.257.282.414.309l.93.155c.596.1.736.536.307.965l-.723.73a.64.64 0 0 0-.152.531l.207.903c.164.715-.213.991-.84.618l-.872-.52a.63.63 0 0 0-.577 0l-.872.52c-.624.373-1.003.094-.84-.618l.207-.903a.64.64 0 0 0-.152-.532l-.723-.729c-.426-.43-.289-.864.306-.964l.93-.156a.64.64 0 0 0 .412-.31l.513-1.034c.28-.562.735-.562 1.012 0"/>
+  </symbol>
+  <symbol id="x-icon" viewBox="0 0 19 19">
+    <path fill="#08060d" fill-rule="evenodd" d="M1.893 1.98c.052.072 1.245 1.769 2.653 3.77l2.892 4.114c.183.261.333.48.333.486s-.068.089-.152.183l-.522.593-.765.867-3.597 4.087c-.375.426-.734.834-.798.905a1 1 0 0 0-.118.148c0 .01.236.017.664.017h.663l.729-.83c.4-.457.796-.906.879-.999a692 692 0 0 0 1.794-2.038c.034-.037.301-.34.594-.675l.551-.624.345-.392a7 7 0 0 1 .34-.374c.006 0 .93 1.306 2.052 2.903l2.084 2.965.045.063h2.275c1.87 0 2.273-.003 2.266-.021-.008-.02-1.098-1.572-3.894-5.547-2.013-2.862-2.28-3.246-2.273-3.266.008-.019.282-.332 2.085-2.38l2-2.274 1.567-1.782c.022-.028-.016-.03-.65-.03h-.674l-.3.342a871 871 0 0 1-1.782 2.025c-.067.075-.405.458-.75.852a100 100 0 0 1-.803.91c-.148.172-.299.344-.99 1.127-.304.343-.32.358-.345.327-.015-.019-.904-1.282-1.976-2.808L6.365 1.85H1.8zm1.782.91 8.078 11.294c.772 1.08 1.413 1.973 1.425 1.984.016.017.241.02 1.05.017l1.03-.004-2.694-3.766L7.796 5.75 5.722 2.852l-1.039-.004-1.039-.004z" clip-rule="evenodd"/>
+  </symbol>
+</svg>

src/food-market.web/src/App.tsx

@@ -0,0 +1,32 @@
+import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom'
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
+import { ReactQueryDevtools } from '@tanstack/react-query-devtools'
+import { LoginPage } from '@/pages/LoginPage'
+import { DashboardPage } from '@/pages/DashboardPage'
+import { ProtectedRoute } from '@/components/ProtectedRoute'
+
+const queryClient = new QueryClient({
+  defaultOptions: {
+    queries: {
+      refetchOnWindowFocus: false,
+      retry: 1,
+    },
+  },
+})
+
+export default function App() {
+  return (
+    <QueryClientProvider client={queryClient}>
+      <BrowserRouter>
+        <Routes>
+          <Route path="/login" element={<LoginPage />} />
+          <Route element={<ProtectedRoute />}>
+            <Route path="/" element={<DashboardPage />} />
+          </Route>
+          <Route path="*" element={<Navigate to="/" replace />} />
+        </Routes>
+      </BrowserRouter>
+      <ReactQueryDevtools initialIsOpen={false} />
+    </QueryClientProvider>
+  )
+}

src/food-market.web/src/components/ProtectedRoute.tsx

@@ -0,0 +1,10 @@
+import { Navigate, Outlet, useLocation } from 'react-router-dom'
+import { isAuthenticated } from '@/lib/auth'
+
+export function ProtectedRoute() {
+  const location = useLocation()
+  if (!isAuthenticated()) {
+    return <Navigate to="/login" replace state={{ from: location.pathname }} />
+  }
+  return <Outlet />
+}

src/food-market.web/src/index.css

@@ -0,0 +1,30 @@
+@import "tailwindcss";
+
+@theme {
+  --color-brand: #6d28d9;
+  --color-brand-foreground: #ffffff;
+}
+
+:root {
+  color-scheme: light dark;
+  font-family: system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+html, body, #root {
+  height: 100%;
+}
+
+body {
+  margin: 0;
+  background-color: #f8fafc;
+  color: #0f172a;
+}
+
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #0b1120;
+    color: #e2e8f0;
+  }
+}

src/food-market.web/src/lib/api.ts

@@ -0,0 +1,35 @@
+import axios, { AxiosError, type InternalAxiosRequestConfig } from 'axios'
+import { getAccessToken, refreshTokens, clearTokens } from './auth'
+
+export const api = axios.create({
+  baseURL: '',
+  headers: { 'Content-Type': 'application/json' },
+})
+
+api.interceptors.request.use((config: InternalAxiosRequestConfig) => {
+  const token = getAccessToken()
+  if (token) {
+    config.headers.set('Authorization', `Bearer ${token}`)
+  }
+  return config
+})
+
+let refreshing: Promise<string | null> | null = null
+
+api.interceptors.response.use(
+  (res) => res,
+  async (error: AxiosError) => {
+    const original = error.config as InternalAxiosRequestConfig & { __retried?: boolean }
+    if (error.response?.status === 401 && !original.__retried) {
+      original.__retried = true
+      refreshing ??= refreshTokens().finally(() => { refreshing = null })
+      const newToken = await refreshing
+      if (newToken) {
+        original.headers.set('Authorization', `Bearer ${newToken}`)
+        return api(original)
+      }
+      clearTokens()
+    }
+    return Promise.reject(error)
+  },
+)

src/food-market.web/src/lib/auth.ts

@@ -0,0 +1,84 @@
+const ACCESS = 'fm.access_token'
+const REFRESH = 'fm.refresh_token'
+const CLIENT_ID = 'food-market-web'
+
+export interface TokenResponse {
+  access_token: string
+  refresh_token?: string
+  expires_in: number
+  token_type: string
+  id_token?: string
+}
+
+export function getAccessToken(): string | null {
+  return localStorage.getItem(ACCESS)
+}
+
+export function getRefreshToken(): string | null {
+  return localStorage.getItem(REFRESH)
+}
+
+export function storeTokens(tokens: TokenResponse) {
+  localStorage.setItem(ACCESS, tokens.access_token)
+  if (tokens.refresh_token) {
+    localStorage.setItem(REFRESH, tokens.refresh_token)
+  }
+}
+
+export function clearTokens() {
+  localStorage.removeItem(ACCESS)
+  localStorage.removeItem(REFRESH)
+}
+
+export async function login(username: string, password: string): Promise<TokenResponse> {
+  const body = new URLSearchParams({
+    grant_type: 'password',
+    username,
+    password,
+    client_id: CLIENT_ID,
+    scope: 'openid profile email roles api offline_access',
+  })
+  const res = await fetch('/connect/token', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body,
+  })
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}))
+    throw new Error(data.error_description ?? data.error ?? 'Login failed')
+  }
+  const tokens: TokenResponse = await res.json()
+  storeTokens(tokens)
+  return tokens
+}
+
+export async function refreshTokens(): Promise<string | null> {
+  const rt = getRefreshToken()
+  if (!rt) return null
+  const body = new URLSearchParams({
+    grant_type: 'refresh_token',
+    refresh_token: rt,
+    client_id: CLIENT_ID,
+  })
+  const res = await fetch('/connect/token', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body,
+  })
+  if (!res.ok) {
+    clearTokens()
+    return null
+  }
+  const tokens: TokenResponse = await res.json()
+  storeTokens(tokens)
+  return tokens.access_token
+}
+
+export function isAuthenticated(): boolean {
+  return getAccessToken() !== null
+}
+
+export function logout() {
+  clearTokens()
+  window.location.href = '/login'
+}

src/food-market.web/src/lib/utils.ts

@@ -0,0 +1,6 @@
+import { clsx, type ClassValue } from 'clsx'
+import { twMerge } from 'tailwind-merge'
+
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs))
+}

src/food-market.web/src/main.tsx

@@ -0,0 +1,10 @@
+import { StrictMode } from 'react'
+import { createRoot } from 'react-dom/client'
+import './index.css'
+import App from './App.tsx'
+
+createRoot(document.getElementById('root')!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+)

src/food-market.web/src/pages/DashboardPage.tsx

@@ -0,0 +1,83 @@
+import { useQuery } from '@tanstack/react-query'
+import { api } from '@/lib/api'
+import { logout } from '@/lib/auth'
+
+interface MeResponse {
+  sub: string
+  name: string
+  email: string
+  roles: string[]
+  orgId: string
+}
+
+export function DashboardPage() {
+  const { data, isLoading, error } = useQuery({
+    queryKey: ['me'],
+    queryFn: async () => (await api.get<MeResponse>('/api/me')).data,
+  })
+
+  return (
+    <div className="min-h-screen bg-slate-50 dark:bg-slate-900">
+      <header className="bg-white dark:bg-slate-800 border-b border-slate-200 dark:border-slate-700">
+        <div className="max-w-7xl mx-auto px-6 py-4 flex items-center justify-between">
+          <h1 className="text-lg font-semibold text-slate-900 dark:text-slate-100">food-market</h1>
+          <div className="flex items-center gap-4 text-sm">
+            {data && (
+              <span className="text-slate-600 dark:text-slate-300">
+                {data.name} · <span className="text-slate-400">{data.roles.join(', ')}</span>
+              </span>
+            )}
+            <button
+              onClick={logout}
+              className="text-violet-600 hover:text-violet-700 font-medium"
+            >
+              Выход
+            </button>
+          </div>
+        </div>
+      </header>
+
+      <main className="max-w-7xl mx-auto px-6 py-10 space-y-6">
+        <section className="bg-white dark:bg-slate-800 rounded-xl shadow-sm p-8">
+          <h2 className="text-2xl font-semibold text-slate-900 dark:text-slate-100 mb-2">
+            Dashboard
+          </h2>
+          <p className="text-sm text-slate-500">
+            Phase 0 — каркас работает. Справочники и документы появятся в Phase 1.
+          </p>
+
+          <div className="mt-6 grid grid-cols-1 sm:grid-cols-3 gap-4">
+            {['Точки продаж', 'Склады', 'Сегодня продажи'].map((label) => (
+              <div
+                key={label}
+                className="rounded-lg border border-slate-200 dark:border-slate-700 p-4"
+              >
+                <div className="text-xs uppercase tracking-wide text-slate-400">{label}</div>
+                <div className="mt-1 text-2xl font-semibold text-slate-900 dark:text-slate-100">
+                  —
+                </div>
+              </div>
+            ))}
+          </div>
+        </section>
+
+        <section className="bg-white dark:bg-slate-800 rounded-xl shadow-sm p-8">
+          <h3 className="text-base font-semibold text-slate-900 dark:text-slate-100 mb-3">
+            Профиль пользователя (/api/me)
+          </h3>
+          {isLoading && <div className="text-sm text-slate-400">Загрузка…</div>}
+          {error && (
+            <div className="text-sm text-red-600">
+              Ошибка: {error instanceof Error ? error.message : 'unknown'}
+            </div>
+          )}
+          {data && (
+            <pre className="text-xs bg-slate-50 dark:bg-slate-900 rounded-md p-4 overflow-auto border border-slate-200 dark:border-slate-700">
+              {JSON.stringify(data, null, 2)}
+            </pre>
+          )}
+        </section>
+      </main>
+    </div>
+  )
+}

src/food-market.web/src/pages/LoginPage.tsx

@@ -0,0 +1,84 @@
+import { useState, type FormEvent } from 'react'
+import { useNavigate, useLocation } from 'react-router-dom'
+import { login } from '@/lib/auth'
+
+export function LoginPage() {
+  const navigate = useNavigate()
+  const location = useLocation()
+  const from = (location.state as { from?: string })?.from ?? '/'
+
+  const [email, setEmail] = useState('admin@food-market.local')
+  const [password, setPassword] = useState('Admin12345!')
+  const [error, setError] = useState<string | null>(null)
+  const [loading, setLoading] = useState(false)
+
+  async function handleSubmit(e: FormEvent) {
+    e.preventDefault()
+    setLoading(true)
+    setError(null)
+    try {
+      await login(email, password)
+      navigate(from, { replace: true })
+    } catch (err) {
+      setError(err instanceof Error ? err.message : 'Ошибка входа')
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <div className="min-h-screen flex items-center justify-center bg-slate-50 dark:bg-slate-900 p-4">
+      <form
+        onSubmit={handleSubmit}
+        className="w-full max-w-md bg-white dark:bg-slate-800 rounded-xl shadow-lg p-8 space-y-5"
+      >
+        <div>
+          <h1 className="text-2xl font-semibold text-slate-900 dark:text-slate-100">food-market</h1>
+          <p className="text-sm text-slate-500 mt-1">Вход в систему</p>
+        </div>
+
+        <label className="block space-y-1.5">
+          <span className="text-sm font-medium text-slate-700 dark:text-slate-200">Email</span>
+          <input
+            type="email"
+            autoComplete="username"
+            value={email}
+            onChange={(e) => setEmail(e.target.value)}
+            className="w-full rounded-md border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-900 px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-violet-500"
+            required
+          />
+        </label>
+
+        <label className="block space-y-1.5">
+          <span className="text-sm font-medium text-slate-700 dark:text-slate-200">Пароль</span>
+          <input
+            type="password"
+            autoComplete="current-password"
+            value={password}
+            onChange={(e) => setPassword(e.target.value)}
+            className="w-full rounded-md border border-slate-300 dark:border-slate-600 bg-white dark:bg-slate-900 px-3 py-2 text-sm focus:outline-none focus:ring-2 focus:ring-violet-500"
+            required
+          />
+        </label>
+
+        {error && (
+          <div className="text-sm text-red-600 bg-red-50 dark:bg-red-950/30 border border-red-200 dark:border-red-900 rounded-md px-3 py-2">
+            {error}
+          </div>
+        )}
+
+        <button
+          type="submit"
+          disabled={loading}
+          className="w-full rounded-md bg-violet-600 hover:bg-violet-700 disabled:opacity-60 text-white font-medium py-2.5 text-sm transition-colors"
+        >
+          {loading ? 'Выполняется вход…' : 'Войти'}
+        </button>
+
+        <p className="text-xs text-slate-400 text-center">
+          Dev admin: <code>admin@food-market.local</code> / <code>Admin12345!</code>
+        </p>
+      </form>
+    </div>
+  )
+}

src/food-market.web/tsconfig.app.json

@@ -0,0 +1,27 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
+    "target": "es2023",
+    "lib": ["ES2023", "DOM"],
+    "module": "esnext",
+    "types": ["vite/client", "node"],
+    "skipLibCheck": true,
+
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true,
+
+    "paths": {
+      "@/*": ["./src/*"]
+    }
+  },
+  "include": ["src"]
+}

src/food-market.web/tsconfig.json

@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}

src/food-market.web/tsconfig.node.json

@@ -0,0 +1,24 @@
+{
+  "compilerOptions": {
+    "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
+    "target": "es2023",
+    "lib": ["ES2023"],
+    "module": "esnext",
+    "types": ["node"],
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "erasableSyntaxOnly": true,
+    "noFallthroughCasesInSwitch": true
+  },
+  "include": ["vite.config.ts"]
+}

src/food-market.web/vite.config.ts

@@ -0,0 +1,21 @@
+import path from 'node:path'
+import { defineConfig } from 'vite'
+import react from '@vitejs/plugin-react'
+import tailwindcss from '@tailwindcss/vite'
+
+export default defineConfig({
+  plugins: [react(), tailwindcss()],
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, './src'),
+    },
+  },
+  server: {
+    port: 5173,
+    proxy: {
+      '/api': { target: 'http://localhost:5081', changeOrigin: true },
+      '/connect': { target: 'http://localhost:5081', changeOrigin: true },
+      '/health': { target: 'http://localhost:5081', changeOrigin: true },
+    },
+  },
+})