feat: Initial working api routes.

Sources/App/Controllers/ApiController.swift

@@ -0,0 +1,254 @@
+import Fluent
+import Vapor
+
+struct ApiController: RouteCollection {
+  func boot(routes: RoutesBuilder) throws {
+    let api = routes.grouped("api", "v1")
+    let passwordProtected = api.grouped(User.authenticator(), User.guardMiddleware())
+
+    // Allows basic or token authentication.
+    let tokenProtected = api.grouped(
+      User.authenticator(),
+      UserToken.authenticator(),
+      User.guardMiddleware()
+    )
+
+    let employees = tokenProtected.grouped("employees")
+    let purchaseOrders = tokenProtected.grouped("purchase-orders")
+
+    // TODO: Need to handle the intial creation of users somehow.
+    let users = tokenProtected.grouped("users")
+    let vendors = tokenProtected.grouped("vendors")
+    let vendorBranches = vendors.grouped(":vendorID", "branches")
+
+    employees.get(use: employeesIndex(req:))
+    employees.post(use: createEmployee(req:))
+    employees.group(":employeeID") {
+      $0.delete(use: self.deleteEmployee(req:))
+      $0.put(use: self.updateEmployee(req:))
+    }
+
+    purchaseOrders.get(use: purchaseOrdersIndex(req:))
+    purchaseOrders.post(use: createPurchaseOrder(req:))
+
+    users.post(use: createUser(req:))
+    passwordProtected.group("users", "login") {
+      $0.get(use: self.login(req:))
+    }
+
+    vendors.get(use: vendorsIndex)
+    vendors.post(use: createVendor)
+    vendors.group(":vendorID") {
+      $0.delete(use: self.deleteVendor)
+      $0.put(use: self.updateVendor(req:))
+    }
+
+    vendorBranches.get(use: branchesIndex(req:))
+    vendorBranches.post(use: createBranch(req:))
+
+    vendorBranches.group(":branchID") {
+      $0.delete(use: self.deleteBranch(req:))
+      $0.put(use: self.updateBranch(req:))
+    }
+  }
+
+  // MARK: - Employees
+
+  @Sendable
+  func employeesIndex(req: Request) async throws -> [Employee.DTO] {
+    var dbQuery = Employee.query(on: req.db)
+
+    let params = try req.query.decode(EmployeesIndexQuery.self)
+    if params.active == true {
+      dbQuery = dbQuery.filter(\.$active == true)
+    }
+
+    return try await dbQuery.all().map { $0.toDTO() }
+  }
+
+  @Sendable
+  func createEmployee(req: Request) async throws -> Employee.DTO {
+    try Employee.Create.validate(content: req)
+    let employee = try req.content.decode(Employee.Create.self).toModel()
+    try await employee.save(on: req.db)
+    return employee.toDTO()
+  }
+
+  @Sendable
+  func deleteEmployee(req: Request) async throws -> HTTPStatus {
+    guard let employee = try await Employee.find(req.parameters.get("employeeID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    try await employee.delete(on: req.db)
+    return .noContent
+  }
+
+  @Sendable
+  func updateEmployee(req: Request) async throws -> Employee.DTO {
+    try Employee.Update.validate(content: req)
+    guard let employee = try await Employee.find(req.parameters.get("employeeID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    let updates = try req.content.decode(Employee.Update.self)
+    employee.applyUpdates(updates)
+    try await employee.save(on: req.db)
+    return employee.toDTO()
+  }
+
+  // MARK: - PurchaseOrders
+
+  // TODO: Add pagination and filters.
+  @Sendable
+  func purchaseOrdersIndex(req: Request) async throws -> [PurchaseOrder.DTO] {
+    try await PurchaseOrder.query(on: req.db)
+      .with(\.$createdBy)
+      .with(\.$createdFor)
+      .with(\.$vendorBranch) {
+        $0.with(\.$vendor)
+      }
+      .all()
+      .map { $0.toDTO() }
+  }
+
+  @Sendable
+  func createPurchaseOrder(req: Request) async throws -> PurchaseOrder.DTO {
+    try PurchaseOrder.Create.validate(content: req)
+    let createdById = try req.auth.require(User.self).requireID()
+    let create = try req.content.decode(PurchaseOrder.Create.self)
+    let purchaseOrder = create.toModel(createdByID: createdById)
+    try await purchaseOrder.save(on: req.db)
+
+    guard let loaded = try await PurchaseOrder.query(on: req.db)
+      .filter(\.$id == purchaseOrder.id!)
+      .with(\.$createdBy)
+      .with(\.$createdFor)
+      .with(\.$vendorBranch, { branch in
+        branch.with(\.$vendor)
+      })
+      .first()
+    else {
+      throw Abort(.noContent)
+    }
+    return loaded.toDTO()
+  }
+
+  // MARK: - Users
+
+  @Sendable
+  func createUser(req: Request) async throws -> User.DTO {
+    try User.Create.validate(content: req)
+    let create = try req.content.decode(User.Create.self)
+    guard create.password == create.confirmPassword else {
+      throw Abort(.badRequest, reason: "Passwords did not match.")
+    }
+    let user = try User(
+      username: create.username,
+      email: create.email,
+      passwordHash: Bcrypt.hash(create.password)
+    )
+    try await user.save(on: req.db)
+    return user.toDTO()
+  }
+
+  @Sendable
+  func login(req: Request) async throws -> UserToken {
+    let user = try req.auth.require(User.self)
+    let token = try user.generateToken()
+    try await token.save(on: req.db)
+    return token
+  }
+
+  // MARK: - Vendors
+
+  @Sendable
+  func vendorsIndex(req: Request) async throws -> [Vendor.DTO] {
+    var dbQuery = Vendor.query(on: req.db)
+    let params = try req.query.decode(VendorsIndexQuery.self)
+
+    if params.branches == true {
+      dbQuery = dbQuery.with(\.$branches)
+    }
+
+    return try await dbQuery.all().map { $0.toDTO(includeBranches: params.branches) }
+  }
+
+  @Sendable
+  func createVendor(req: Request) async throws -> Vendor.DTO {
+    try Vendor.Create.validate(content: req)
+    let vendor = try req.content.decode(Vendor.Create.self).toModel()
+    try await vendor.save(on: req.db)
+    return vendor.toDTO()
+  }
+
+  @Sendable
+  func updateVendor(req: Request) async throws -> Vendor.DTO {
+    try Vendor.Update.validate(content: req)
+    let updates = try req.content.decode(Vendor.Update.self)
+    guard let vendor = try await Vendor.find(req.parameters.get("vendorID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    vendor.applyUpdates(updates)
+    try await vendor.save(on: req.db)
+    return vendor.toDTO()
+  }
+
+  @Sendable
+  func deleteVendor(req: Request) async throws -> HTTPStatus {
+    guard let vendor = try await Vendor.find(req.parameters.get("vendorID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+
+    try await vendor.delete(on: req.db)
+    return .noContent
+  }
+
+  // MARK: - VendorBranch
+
+  @Sendable
+  func branchesIndex(req: Request) async throws -> [VendorBranch.DTO] {
+    guard let vendor = try await Vendor.find(req.parameters.get("vendorID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    return try await vendor.$branches.get(on: req.db).map { $0.toDTO() }
+  }
+
+  @Sendable
+  func createBranch(req: Request) async throws -> VendorBranch.DTO {
+    try VendorBranch.Create.validate(content: req)
+    let branch = try req.content.decode(VendorBranch.Create.self).toModel()
+    guard let vendor = try await Vendor.find(req.parameters.get("vendorID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    try await vendor.$branches.create(branch, on: req.db)
+    return branch.toDTO()
+  }
+
+  @Sendable
+  func deleteBranch(req: Request) async throws -> HTTPStatus {
+    guard let branch = try await VendorBranch.find(req.parameters.get("branchID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    try await branch.delete(on: req.db)
+    return .noContent
+  }
+
+  @Sendable
+  func updateBranch(req: Request) async throws -> VendorBranch.DTO {
+    try VendorBranch.Update.validate(content: req)
+    let updates = try req.content.decode(VendorBranch.Update.self)
+    guard let branch = try await VendorBranch.find(req.parameters.get("branchID"), on: req.db) else {
+      throw Abort(.notFound)
+    }
+    branch.applyUpdates(updates)
+    try await branch.save(on: req.db)
+    return branch.toDTO()
+  }
+}
+
+struct VendorsIndexQuery: Content {
+  let branches: Bool?
+}
+
+struct EmployeesIndexQuery: Content {
+  let active: Bool?
+}

Sources/App/Controllers/TodoController.swift

@@ -1,37 +0,0 @@
-import Fluent
-import Vapor
-
-struct TodoController: RouteCollection {
-    func boot(routes: RoutesBuilder) throws {
-        let todos = routes.grouped("todos")
-
-        todos.get(use: self.index)
-        todos.post(use: self.create)
-        todos.group(":todoID") { todo in
-            todo.delete(use: self.delete)
-        }
-    }
-
-    @Sendable
-    func index(req: Request) async throws -> [TodoDTO] {
-        try await Todo.query(on: req.db).all().map { $0.toDTO() }
-    }
-
-    @Sendable
-    func create(req: Request) async throws -> TodoDTO {
-        let todo = try req.content.decode(TodoDTO.self).toModel()
-
-        try await todo.save(on: req.db)
-        return todo.toDTO()
-    }
-
-    @Sendable
-    func delete(req: Request) async throws -> HTTPStatus {
-        guard let todo = try await Todo.find(req.parameters.get("todoID"), on: req.db) else {
-            throw Abort(.notFound)
-        }
-
-        try await todo.delete(on: req.db)
-        return .noContent
-    }
-}

Sources/App/DTOs/TodoDTO.swift

@@ -1,17 +0,0 @@
-import Fluent
-import Vapor
-
-struct TodoDTO: Content {
-    var id: UUID?
-    var title: String?
-    
-    func toModel() -> Todo {
-        let model = Todo()
-        
-        model.id = self.id
-        if let title = self.title {
-            model.title = title
-        }
-        return model
-    }
-}

Sources/App/Migrations/CreateTodo.swift

@@ -1,14 +0,0 @@
-import Fluent
-
-struct CreateTodo: AsyncMigration {
-    func prepare(on database: Database) async throws {
-        try await database.schema("todos")
-            .id()
-            .field("title", .string, .required)
-            .create()
-    }
-
-    func revert(on database: Database) async throws {
-        try await database.schema("todos").delete()
-    }
-}

Sources/App/Models/Employee.swift

@@ -0,0 +1,131 @@
+import Fluent
+import struct Foundation.UUID
+import Vapor
+
+final class Employee: Model, @unchecked Sendable {
+
+  static let schema = "employee"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "first_name")
+  var firstName: String
+
+  @Field(key: "last_name")
+  var lastName: String
+
+  @Field(key: "is_active")
+  var active: Bool
+
+  init() {}
+
+  init(
+    id: UUID? = nil,
+    firstName: String,
+    lastName: String,
+    active: Bool
+  ) {
+    self.id = id
+    self.firstName = firstName
+    self.lastName = lastName
+    self.active = active
+  }
+
+  func toDTO() -> DTO {
+    .init(id: id, firstName: $firstName.value, lastName: $lastName.value, active: $active.value)
+  }
+
+  func applyUpdates(_ updates: Update) {
+    if let firstName = updates.firstName {
+      self.firstName = firstName
+    }
+    if let lastName = updates.lastName {
+      self.lastName = lastName
+    }
+    if let active = updates.active {
+      self.active = active
+    }
+  }
+}
+
+// MARK: - Helpers
+
+extension Employee {
+
+  struct Create: Content {
+    let firstName: String
+    let lastName: String
+    let active: Bool?
+
+    func toModel() -> Employee {
+      .init(firstName: firstName, lastName: lastName, active: active ?? true)
+    }
+  }
+
+  struct DTO: Content {
+
+    var id: UUID?
+    var firstName: String?
+    var lastName: String?
+    var active: Bool?
+
+    func toModel() -> Employee {
+      let model = Employee()
+
+      model.id = id
+      if let firstName {
+        model.firstName = firstName
+      }
+      if let lastName {
+        model.lastName = lastName
+      }
+      if let active {
+        model.active = active
+      }
+      return model
+    }
+  }
+
+  struct Migrate: AsyncMigration {
+
+    let name = "CreateEmployee"
+
+    func prepare(on database: Database) async throws {
+      try await database.schema(Employee.schema)
+        .id()
+        .field("first_name", .string, .required)
+        .field("last_name", .string, .required)
+        .field("is_active", .bool, .required, .sql(.default(true)))
+        .unique(on: "first_name", "last_name")
+        .create()
+    }
+
+    func revert(on database: Database) async throws {
+      try await database.schema(Employee.schema).delete()
+    }
+
+  }
+
+  struct Update: Content {
+    var firstName: String?
+    var lastName: String?
+    var active: Bool?
+  }
+}
+
+// MARK: - Validations
+
+extension Employee.Create: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("firstName", as: String.self, is: !.empty)
+    validations.add("lastName", as: String.self, is: !.empty)
+  }
+}
+
+extension Employee.Update: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("firstName", as: String?.self, is: .nil || !.empty, required: false)
+    validations.add("lastName", as: String?.self, is: .nil || !.empty, required: false)
+  }
+}

Sources/App/Models/PurchaseOrder.swift

@@ -0,0 +1,150 @@
+import Fluent
+import Vapor
+
+final class PurchaseOrder: Model, Content, @unchecked Sendable {
+  static let schema = "purchase_order"
+
+  @ID(custom: "id", generatedBy: .database)
+  var id: Int?
+
+  @Field(key: "work_order")
+  var workOrder: Int?
+
+  @Field(key: "materials")
+  var materials: String
+
+  @Field(key: "customer")
+  var customer: String
+
+  @Field(key: "truck_stock")
+  var truckStock: Bool
+
+  @Parent(key: "created_by_id")
+  var createdBy: User
+
+  @Parent(key: "created_for_id")
+  var createdFor: Employee
+
+  @Parent(key: "vendor_branch_id")
+  var vendorBranch: VendorBranch
+
+  @Timestamp(key: "created_at", on: .create)
+  var createdAt: Date?
+
+  @Timestamp(key: "updated_at", on: .update)
+  var updatedAt: Date?
+
+  init() {}
+
+  init(
+    id: Int? = nil,
+    workOrder: Int? = nil,
+    materials: String,
+    customer: String,
+    truckStock: Bool,
+    createdByID: User.IDValue,
+    createdForID: Employee.IDValue,
+    vendorBranchID: VendorBranch.IDValue,
+    createdAt: Date? = nil,
+    updatedAt: Date? = nil
+  ) {
+    self.id = id
+    self.workOrder = workOrder
+    self.materials = materials
+    self.customer = customer
+    self.truckStock = truckStock
+    $createdBy.id = createdByID
+    $createdFor.id = createdForID
+    $vendorBranch.id = vendorBranchID
+    self.createdAt = createdAt
+    self.updatedAt = updatedAt
+  }
+
+  func toDTO() -> DTO {
+    .init(
+      id: id,
+      workOrder: workOrder,
+      materials: materials,
+      customer: customer,
+      truckStock: truckStock,
+      createdBy: $createdBy.value?.toDTO(),
+      createdFor: $createdFor.value?.toDTO(),
+      vendorBranch: $vendorBranch.value,
+      createdAt: createdAt,
+      updatedAt: updatedAt
+    )
+  }
+
+}
+
+extension PurchaseOrder {
+
+  struct Create: Content {
+    let workOrder: Int?
+    let materials: String
+    let customer: String
+    let truckStock: Bool?
+    let createdForID: Employee.IDValue
+    let vendorBranchID: VendorBranch.IDValue
+
+    func toModel(createdByID: User.IDValue) -> PurchaseOrder {
+      .init(
+        id: nil,
+        workOrder: workOrder,
+        materials: materials,
+        customer: customer,
+        truckStock: truckStock ?? false,
+        createdByID: createdByID,
+        createdForID: createdForID,
+        vendorBranchID: vendorBranchID,
+        createdAt: nil,
+        updatedAt: nil
+      )
+    }
+  }
+
+  struct DTO: Content {
+    let id: Int?
+    let workOrder: Int?
+    let materials: String
+    let customer: String
+    let truckStock: Bool
+    let createdBy: User.DTO?
+    let createdFor: Employee.DTO?
+    let vendorBranch: VendorBranch?
+    let createdAt: Date?
+    let updatedAt: Date?
+  }
+
+  struct Migrate: AsyncMigration {
+
+    let name = "CreatePurchaseOrder"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(PurchaseOrder.schema)
+        .field("id", .int, .identifier(auto: true))
+        .field("work_order", .int)
+        .field("customer", .string, .required)
+        .field("materials", .string, .required)
+        .field("truck_stock", .bool, .required)
+        .field("created_by_id", .uuid, .required, .references(User.schema, "id"))
+        .field("created_for_id", .uuid, .required, .references(Employee.schema, "id"))
+        .field("vendor_branch_id", .uuid, .required, .references(VendorBranch.schema, "id"))
+        .field("created_at", .datetime)
+        .field("updated_at", .datetime)
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(PurchaseOrder.schema).delete()
+    }
+  }
+}
+
+extension PurchaseOrder.Create: Validatable {
+
+  static func validations(_ validations: inout Validations) {
+    validations.add("materials", as: String.self, is: !.empty)
+    validations.add("customer", as: String.self, is: !.empty)
+  }
+}

Sources/App/Models/Todo.swift

@@ -1,29 +0,0 @@
-import Fluent
-import struct Foundation.UUID
-
-/// Property wrappers interact poorly with `Sendable` checking, causing a warning for the `@ID` property
-/// It is recommended you write your model with sendability checking on and then suppress the warning
-/// afterwards with `@unchecked Sendable`.
-final class Todo: Model, @unchecked Sendable {
-    static let schema = "todos"
-    
-    @ID(key: .id)
-    var id: UUID?
-
-    @Field(key: "title")
-    var title: String
-
-    init() { }
-
-    init(id: UUID? = nil, title: String) {
-        self.id = id
-        self.title = title
-    }
-    
-    func toDTO() -> TodoDTO {
-        .init(
-            id: self.id,
-            title: self.$title.value
-        )
-    }
-}

Sources/App/Models/User.swift

@@ -0,0 +1,92 @@
+import Fluent
+import Vapor
+
+final class User: Model, @unchecked Sendable {
+  static let schema = "user"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "username")
+  var username: String
+
+  @Field(key: "email")
+  var email: String
+
+  @Field(key: "password_hash")
+  var passwordHash: String
+
+  init() {}
+
+  init(id: UUID? = nil, username: String, email: String, passwordHash: String) {
+    self.id = id
+    self.username = username
+    self.email = email
+    self.passwordHash = passwordHash
+  }
+
+  func toDTO() -> DTO {
+    .init(id: id, username: $username.value, email: $email.value)
+  }
+
+  func generateToken() throws -> UserToken {
+    try .init(
+      value: [UInt8].random(count: 16).base64,
+      userID: requireID()
+    )
+  }
+
+}
+
+extension User {
+
+  struct Create: Content {
+    var username: String
+    var email: String
+    var password: String
+    var confirmPassword: String
+  }
+
+  struct DTO: Content {
+    let id: UUID?
+    let username: String?
+    let email: String?
+  }
+
+  struct Migrate: AsyncMigration {
+    let name = "CreateUser"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(User.schema)
+        .id()
+        .field("username", .string, .required)
+        .field("email", .string, .required)
+        .field("password_hash", .string, .required)
+        .unique(on: "email", "username")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(User.schema).delete()
+    }
+  }
+}
+
+extension User: ModelAuthenticatable {
+  static let usernameKey = \User.$email
+  static let passwordHashKey = \User.$passwordHash
+
+  func verify(password: String) throws -> Bool {
+    try Bcrypt.verify(password, created: passwordHash)
+  }
+}
+
+extension User: ModelSessionAuthenticatable {}
+
+extension User.Create: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("username", as: String.self, is: !.empty)
+    validations.add("email", as: String.self, is: .email)
+    validations.add("password", as: String.self, is: .count(8...))
+  }
+}

Sources/App/Models/UserToken.swift

@@ -0,0 +1,51 @@
+import Fluent
+import Vapor
+
+final class UserToken: Model, Content, @unchecked Sendable {
+
+  static let schema = "user_token"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "value")
+  var value: String
+
+  @Parent(key: "user_id")
+  var user: User
+
+  init() {}
+
+  init(id: UUID? = nil, value: String, userID: User.IDValue) {
+    self.id = id
+    self.value = value
+    $user.id = userID
+  }
+}
+
+extension UserToken {
+
+  struct Migrate: AsyncMigration {
+    let name = "CreateUserToken"
+
+    func prepare(on database: any Database) async throws {
+      try await database.schema(UserToken.schema)
+        .id()
+        .field("value", .string, .required)
+        .field("user_id", .uuid, .required, .references(User.schema, "id"))
+        .unique(on: "value")
+        .create()
+    }
+
+    func revert(on database: any Database) async throws {
+      try await database.schema(UserToken.schema).delete()
+    }
+  }
+}
+
+extension UserToken: ModelTokenAuthenticatable {
+  static let valueKey = \UserToken.$value
+  static let userKey = \UserToken.$user
+
+  var isValid: Bool { true }
+}

Sources/App/Models/Vendor.swift

@@ -0,0 +1,102 @@
+import Fluent
+import struct Foundation.UUID
+import Vapor
+
+// The primary database model.
+final class Vendor: Model, @unchecked Sendable {
+
+  static let schema = "vendor"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "name")
+  var name: String
+
+  @Children(for: \.$vendor)
+  var branches: [VendorBranch]
+
+  init() {}
+
+  init(id: UUID? = nil, name: String) {
+    self.id = id
+    self.name = name
+  }
+
+  func toDTO(includeBranches: Bool? = nil) -> DTO {
+    .init(
+      id: id,
+      name: $name.value,
+      branches: ($branches.value != nil && $branches.value!.count > 0)
+        ? $branches.value!.map { $0.toDTO() }
+        : (includeBranches == true) ? [] : nil
+    )
+  }
+
+  func applyUpdates(_ updates: Update) {
+    name = updates.name
+  }
+}
+
+// MARK: - Helpers.
+
+extension Vendor {
+  struct Create: Content {
+    var name: String
+
+    func toModel() -> Vendor {
+      .init(name: name)
+    }
+  }
+
+  struct DTO: Content {
+
+    var id: UUID?
+    var name: String?
+    var branches: [VendorBranch.DTO]?
+
+    func toModel() -> Vendor {
+      let model = Vendor()
+      model.id = id
+      if let name {
+        model.name = name
+      }
+      return model
+    }
+  }
+
+  struct Migrate: AsyncMigration {
+    let name = "CreateVendor"
+
+    func prepare(on database: Database) async throws {
+      try await database.schema(Vendor.schema)
+        .id()
+        .field("name", .string, .required)
+        .unique(on: "name")
+        .create()
+    }
+
+    func revert(on database: Database) async throws {
+      try await database.schema(Vendor.schema).delete()
+    }
+
+  }
+
+  struct Update: Content {
+    var name: String
+  }
+}
+
+// MARK: - Validations
+
+extension Vendor.Create: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("name", as: String.self, is: !.empty)
+  }
+}
+
+extension Vendor.Update: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("name", as: String.self, is: !.empty)
+  }
+}

Sources/App/Models/VendorBranch.swift

@@ -0,0 +1,102 @@
+import Fluent
+import struct Foundation.UUID
+import Vapor
+
+final class VendorBranch: Model, @unchecked Sendable {
+
+  static let schema = "vendor_branch"
+
+  @ID(key: .id)
+  var id: UUID?
+
+  @Field(key: "name")
+  var name: String
+
+  @Parent(key: "vendor_id")
+  var vendor: Vendor
+
+  init() {}
+
+  init(id: UUID? = nil, name: String, vendorId: Vendor.IDValue) {
+    self.id = id
+    self.name = name
+    $vendor.id = vendorId
+  }
+
+  func toDTO() -> DTO {
+    .init(id: id, name: $name.value, vendorId: $vendor.id)
+  }
+
+  func applyUpdates(_ updates: Update) {
+    name = updates.name
+  }
+
+}
+
+// MARK: - Helpers
+
+extension VendorBranch {
+  struct Create: Content {
+    var name: String
+
+    func toModel() -> VendorBranch {
+      let model = VendorBranch()
+      model.name = name
+      return model
+    }
+  }
+
+  struct DTO: Content {
+    var id: UUID?
+    var name: String?
+    var vendorId: Vendor.IDValue?
+
+    func toModel() -> VendorBranch {
+      let model = VendorBranch()
+
+      model.id = id
+      if let name {
+        model.name = name
+      }
+      if let vendorId {
+        model.$vendor.id = vendorId
+      }
+      return model
+    }
+
+  }
+
+  struct Migrate: AsyncMigration {
+    let name = "CreateVendorBranch"
+
+    func prepare(on database: Database) async throws {
+      try await database.schema(VendorBranch.schema)
+        .id()
+        .field("name", .string, .required)
+        .field("vendor_id", .uuid, .required, .references("vendor", "id"))
+        .create()
+    }
+
+    func revert(on database: Database) async throws {
+      try await database.schema(VendorBranch.schema).delete()
+    }
+  }
+
+  struct Update: Content {
+    var name: String
+  }
+}
+
+// MARK: - Validations
+
+extension VendorBranch.Create: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("name", as: String.self, is: !.empty)
+  }
+}
+
+extension VendorBranch.Update: Validatable {
+  static func validations(_ validations: inout Validations) {
+    validations.add("name", as: String.self, is: !.empty)
+  }
+}

Sources/App/configure.swift

@@ -1,21 +1,27 @@
-import NIOSSL
 import Fluent
 import FluentSQLiteDriver
 import Leaf
+import NIOSSL
 import Vapor
 
 // configures your application
 public func configure(_ app: Application) async throws {
-    // uncomment to serve files from /Public folder
-    // app.middleware.use(FileMiddleware(publicDirectory: app.directory.publicDirectory))
+  // uncomment to serve files from /Public folder
+  app.middleware.use(FileMiddleware(publicDirectory: app.directory.publicDirectory))
+  app.middleware.use(app.sessions.middleware)
+  app.middleware.use(User.sessionAuthenticator())
 
-    app.databases.use(DatabaseConfigurationFactory.sqlite(.file("db.sqlite")), as: .sqlite)
+  app.databases.use(DatabaseConfigurationFactory.sqlite(.file("db.sqlite")), as: .sqlite)
 
-    app.migrations.add(CreateTodo())
+  app.migrations.add(Vendor.Migrate())
+  app.migrations.add(VendorBranch.Migrate())
+  app.migrations.add(Employee.Migrate())
+  app.migrations.add(User.Migrate())
+  app.migrations.add(UserToken.Migrate())
+  app.migrations.add(PurchaseOrder.Migrate())
 
-    app.views.use(.leaf)
+  app.views.use(.leaf)
 
-
-    // register routes
-    try routes(app)
+  // register routes
+  try routes(app)
 }

Sources/App/routes.swift

@@ -2,13 +2,13 @@ import Fluent
 import Vapor
 
 func routes(_ app: Application) throws {
-    app.get { req async throws in
-        try await req.view.render("index", ["title": "Hello Vapor!"])
-    }
+  app.get { req async throws in
+    try await req.view.render("index", ["title": "Hello Vapor!"])
+  }
 
-    app.get("hello") { req async -> String in
-        "Hello, world!"
-    }
+  app.get("hello") { _ async -> String in
+    "Hello, world!"
+  }
 
-    try app.register(collection: TodoController())
+  try app.register(collection: ApiController())
 }