# MerchantsOfHope.org - Recruiting Platform

This is the official repository for MerchantsOfHope.org, the recruiting platform for TSYS Group.

## Overview

MerchantsOfHope.org is designed to handle:
- Multiple independent tenants (TSYS Group has dozens of lines of business, all fully isolated from each other)
- OIDC and social media login
- Job seekers browsing positions and posting resumes/going through the application process
- Job providers managing the lifecycle of positions and applications

## Tech Stack

- Language: Hack (PHP)
- Framework: Slim Framework 4
- Container: Docker
- Deployment: Kubernetes-ready

## Architecture

- Multi-tenant architecture ensuring complete isolation between different business lines
- OIDC and social login integration
- Compliance-ready with USA law, accessibility standards, PCI, GDPR, SOC, and FedRAMP

## Development

1. Clone this repository
2. Install dependencies with `composer install`
3. Set up environment variables in `.env`
4. Run with Docker Compose

## Port Assignment

This service runs on port 18000 as per the project requirements.

## Testing

The project follows Test Driven Development (TDD) methodology. Run tests with:
```bash
composer test
```

## Security & Compliance

This project implements:
- Accessibility features for US Government contracts
- PCI DSS compliance
- GDPR compliance
- SOC compliance
- FedRAMP compliance
- USA law compliance

## API Documentation

### Authentication Endpoints
- `POST /api/auth/login` - Authenticate user
- `POST /api/auth/logout` - Logout user
- `POST /api/auth/register` - Register new user
- `GET /auth/google/callback` - Google OAuth callback
- `GET /auth/github/callback` - GitHub OAuth callback

### Job Endpoints
- `GET /api/jobs` - List all jobs with optional filters
- `GET /api/jobs/{id}` - Get specific job
- `POST /api/jobs` - Create new job (for job providers)
- `PUT /api/jobs/{id}` - Update job (for job providers)
- `DELETE /api/jobs/{id}` - Delete job (for job providers)
- `GET /api/my-jobs` - Get jobs for current tenant (for job providers)

### Application Endpoints
- `POST /api/applications` - Apply for a job
- `GET /api/my-applications` - Get applications for current user
- `GET /api/jobs/{id}/applications` - Get applications for a specific job (for job providers)

## Database Schema

The application uses PostgreSQL with the following main tables:
- `tenants` - Stores tenant information
- `users` - Stores user accounts
- `jobs` - Stores job postings
- `applications` - Stores job applications
- `audit_logs` - Stores compliance audit logs

## Environment Variables

The application expects the following environment variables (defined in `.env`):
- `APP_NAME` - Application name
- `APP_VERSION` - Application version
- `APP_ENV` - Environment (development, production)
- `DEBUG` - Enable debug mode
- `TIMEZONE` - Application timezone
- `DB_HOST` - Database host
- `DB_NAME` - Database name
- `DB_USER` - Database user
- `DB_PASS` - Database password
- `DB_PORT` - Database port
- `JWT_SECRET` - Secret for JWT tokens
- `SESSION_LIFETIME` - Session lifetime in seconds
- `TENANT_ISOLATION_ENABLED` - Enable tenant isolation
- `ACCESSIBILITY_ENABLED` - Enable accessibility features
- `GDPR_COMPLIANCE_ENABLED` - Enable GDPR compliance
- `PCI_DSS_COMPLIANCE_ENABLED` - Enable PCI DSS compliance
- `GOOGLE_CLIENT_ID` - Google OAuth client ID
- `GOOGLE_CLIENT_SECRET` - Google OAuth client secret
- `GITHUB_CLIENT_ID` - GitHub OAuth client ID
- `GITHUB_CLIENT_SECRET` - GitHub OAuth client secret
- `MAIL_HOST` - Mail server host
- `MAIL_PORT` - Mail server port
- `MAIL_USERNAME` - Mail server username
- `MAIL_PASSWORD` - Mail server password
- `MAIL_ENCRYPTION` - Mail server encryption method

## Docker Configuration

The application is configured to run with Docker and Docker Compose, including:
- Application service
- PostgreSQL database
- Redis for caching/session storage
- MailHog for development email testing
- Nginx as a reverse proxy

## Kubernetes Deployment

The application is designed for Kubernetes deployment with:
- Proper resource requests and limits
- Health checks
- Configuration via ConfigMaps and Secrets
- Service definitions for internal and external access
- Ingress configuration for routing