2026-01-31 14:13:16 +01:00
|
|
|
import crypto from 'crypto'
|
2026-01-30 13:41:32 +01:00
|
|
|
import { z } from 'zod'
|
|
|
|
|
import { TRPCError } from '@trpc/server'
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
import type { Prisma } from '@prisma/client'
|
2026-01-30 13:41:32 +01:00
|
|
|
import { router, protectedProcedure, adminProcedure, superAdminProcedure, publicProcedure } from '../trpc'
|
|
|
|
|
import { sendInvitationEmail, sendMagicLinkEmail } from '@/lib/email'
|
|
|
|
|
import { hashPassword, validatePassword } from '@/lib/password'
|
2026-02-02 13:19:28 +01:00
|
|
|
import { attachAvatarUrls } from '@/server/utils/avatar-url'
|
2026-02-05 21:09:06 +01:00
|
|
|
import { logAudit } from '@/server/utils/audit'
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-01-31 14:13:16 +01:00
|
|
|
const INVITE_TOKEN_EXPIRY_MS = 7 * 24 * 60 * 60 * 1000 // 7 days
|
|
|
|
|
|
|
|
|
|
function generateInviteToken(): string {
|
|
|
|
|
return crypto.randomBytes(32).toString('hex')
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
export const userRouter = router({
|
|
|
|
|
/**
|
|
|
|
|
* Get current user profile
|
|
|
|
|
*/
|
|
|
|
|
me: protectedProcedure.query(async ({ ctx }) => {
|
|
|
|
|
return ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: {
|
|
|
|
|
id: true,
|
|
|
|
|
email: true,
|
|
|
|
|
name: true,
|
|
|
|
|
role: true,
|
|
|
|
|
status: true,
|
|
|
|
|
expertiseTags: true,
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
metadataJson: true,
|
|
|
|
|
phoneNumber: true,
|
2026-02-04 14:15:06 +01:00
|
|
|
country: true,
|
2026-02-04 15:27:28 +01:00
|
|
|
bio: true,
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
notificationPreference: true,
|
|
|
|
|
profileImageKey: true,
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
digestFrequency: true,
|
|
|
|
|
availabilityJson: true,
|
|
|
|
|
preferredWorkload: true,
|
2026-01-30 13:41:32 +01:00
|
|
|
createdAt: true,
|
|
|
|
|
lastLoginAt: true,
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}),
|
|
|
|
|
|
2026-01-31 14:13:16 +01:00
|
|
|
/**
|
|
|
|
|
* Validate an invitation token (public, no auth required)
|
|
|
|
|
*/
|
|
|
|
|
validateInviteToken: publicProcedure
|
|
|
|
|
.input(z.object({ token: z.string().min(1) }))
|
|
|
|
|
.query(async ({ ctx, input }) => {
|
|
|
|
|
const user = await ctx.prisma.user.findUnique({
|
|
|
|
|
where: { inviteToken: input.token },
|
|
|
|
|
select: { id: true, name: true, email: true, role: true, status: true, inviteTokenExpiresAt: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
return { valid: false, error: 'INVALID_TOKEN' as const }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.status !== 'INVITED') {
|
|
|
|
|
return { valid: false, error: 'ALREADY_ACCEPTED' as const }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.inviteTokenExpiresAt && user.inviteTokenExpiresAt < new Date()) {
|
|
|
|
|
return { valid: false, error: 'EXPIRED_TOKEN' as const }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
valid: true,
|
|
|
|
|
user: { name: user.name, email: user.email, role: user.role },
|
|
|
|
|
}
|
|
|
|
|
}),
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
/**
|
|
|
|
|
* Update current user profile
|
|
|
|
|
*/
|
|
|
|
|
updateProfile: protectedProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
name: z.string().min(1).max(255).optional(),
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
bio: z.string().max(1000).optional(),
|
|
|
|
|
phoneNumber: z.string().max(20).optional().nullable(),
|
|
|
|
|
notificationPreference: z.enum(['EMAIL', 'WHATSAPP', 'BOTH', 'NONE']).optional(),
|
2026-02-05 13:45:34 +01:00
|
|
|
expertiseTags: z.array(z.string()).max(15).optional(),
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
digestFrequency: z.enum(['none', 'daily', 'weekly']).optional(),
|
|
|
|
|
availabilityJson: z.any().optional(),
|
|
|
|
|
preferredWorkload: z.number().int().min(1).max(100).optional().nullable(),
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
const { bio, expertiseTags, availabilityJson, preferredWorkload, digestFrequency, ...directFields } = input
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
|
|
|
|
|
// If bio is provided, merge it into metadataJson
|
|
|
|
|
let metadataJson: Prisma.InputJsonValue | undefined
|
|
|
|
|
if (bio !== undefined) {
|
|
|
|
|
const currentUser = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { metadataJson: true },
|
|
|
|
|
})
|
|
|
|
|
const currentMeta = (currentUser.metadataJson as Record<string, string>) || {}
|
|
|
|
|
metadataJson = { ...currentMeta, bio } as Prisma.InputJsonValue
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
return ctx.prisma.user.update({
|
|
|
|
|
where: { id: ctx.user.id },
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
data: {
|
|
|
|
|
...directFields,
|
|
|
|
|
...(metadataJson !== undefined && { metadataJson }),
|
2026-02-05 13:45:34 +01:00
|
|
|
...(expertiseTags !== undefined && { expertiseTags }),
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
...(digestFrequency !== undefined && { digestFrequency }),
|
|
|
|
|
...(availabilityJson !== undefined && { availabilityJson: availabilityJson as Prisma.InputJsonValue }),
|
|
|
|
|
...(preferredWorkload !== undefined && { preferredWorkload }),
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete own account (requires password confirmation)
|
|
|
|
|
*/
|
|
|
|
|
deleteAccount: protectedProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
password: z.string().min(1),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Get current user with password hash
|
|
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { id: true, email: true, passwordHash: true, role: true },
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
|
|
|
|
|
// Prevent super admins from self-deleting
|
|
|
|
|
if (user.role === 'SUPER_ADMIN') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'FORBIDDEN',
|
|
|
|
|
message: 'Super admins cannot delete their own account',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!user.passwordHash) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'No password set. Please set a password first.',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify password
|
|
|
|
|
const { verifyPassword } = await import('@/lib/password')
|
|
|
|
|
const isValid = await verifyPassword(input.password, user.passwordHash)
|
|
|
|
|
if (!isValid) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'UNAUTHORIZED',
|
|
|
|
|
message: 'Password is incorrect',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
// Wrap audit + deletion in a transaction
|
|
|
|
|
await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'DELETE_OWN_ACCOUNT',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: ctx.user.id,
|
|
|
|
|
detailsJson: { email: user.email },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await tx.user.delete({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
})
|
Add profile settings page, mentor management, and S3 email logos
- Add universal /settings/profile page accessible to all roles with
avatar upload, bio, phone, password change, and account deletion
- Expand updateProfile endpoint to accept bio (metadataJson), phone,
and notification preference
- Add deleteAccount endpoint with password confirmation
- Add Profile Settings link to all nav components (admin, jury, mentor,
observer)
- Add /admin/mentors list page and /admin/mentors/[id] detail page for
mentor management
- Add Mentors nav item to admin sidebar
- Update email logo URLs to S3 (s3.monaco-opc.com/public/)
- Add ocean.png background image to email wrapper
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 19:57:12 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { success: true }
|
2026-01-30 13:41:32 +01:00
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* List all users (admin only)
|
|
|
|
|
*/
|
|
|
|
|
list: adminProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
role: z.enum(['SUPER_ADMIN', 'PROGRAM_ADMIN', 'JURY_MEMBER', 'MENTOR', 'OBSERVER']).optional(),
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
roles: z.array(z.enum(['SUPER_ADMIN', 'PROGRAM_ADMIN', 'JURY_MEMBER', 'MENTOR', 'OBSERVER'])).optional(),
|
2026-01-30 13:41:32 +01:00
|
|
|
status: z.enum(['INVITED', 'ACTIVE', 'SUSPENDED']).optional(),
|
|
|
|
|
search: z.string().optional(),
|
|
|
|
|
page: z.number().int().min(1).default(1),
|
|
|
|
|
perPage: z.number().int().min(1).max(100).default(20),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.query(async ({ ctx, input }) => {
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
const { role, roles, status, search, page, perPage } = input
|
2026-01-30 13:41:32 +01:00
|
|
|
const skip = (page - 1) * perPage
|
|
|
|
|
|
|
|
|
|
const where: Record<string, unknown> = {}
|
|
|
|
|
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
if (roles && roles.length > 0) {
|
|
|
|
|
where.role = { in: roles }
|
|
|
|
|
} else if (role) {
|
|
|
|
|
where.role = role
|
|
|
|
|
}
|
2026-01-30 13:41:32 +01:00
|
|
|
if (status) where.status = status
|
|
|
|
|
if (search) {
|
|
|
|
|
where.OR = [
|
|
|
|
|
{ email: { contains: search, mode: 'insensitive' } },
|
|
|
|
|
{ name: { contains: search, mode: 'insensitive' } },
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const [users, total] = await Promise.all([
|
|
|
|
|
ctx.prisma.user.findMany({
|
|
|
|
|
where,
|
|
|
|
|
skip,
|
|
|
|
|
take: perPage,
|
|
|
|
|
orderBy: { createdAt: 'desc' },
|
|
|
|
|
select: {
|
|
|
|
|
id: true,
|
|
|
|
|
email: true,
|
|
|
|
|
name: true,
|
|
|
|
|
role: true,
|
|
|
|
|
status: true,
|
|
|
|
|
expertiseTags: true,
|
|
|
|
|
maxAssignments: true,
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
availabilityJson: true,
|
|
|
|
|
preferredWorkload: true,
|
2026-02-02 13:19:28 +01:00
|
|
|
profileImageKey: true,
|
|
|
|
|
profileImageProvider: true,
|
2026-01-30 13:41:32 +01:00
|
|
|
createdAt: true,
|
|
|
|
|
lastLoginAt: true,
|
|
|
|
|
_count: {
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
select: { assignments: true, mentorAssignments: true },
|
2026-01-30 13:41:32 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}),
|
|
|
|
|
ctx.prisma.user.count({ where }),
|
|
|
|
|
])
|
|
|
|
|
|
2026-02-02 13:19:28 +01:00
|
|
|
const usersWithAvatars = await attachAvatarUrls(users)
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
return {
|
2026-02-02 13:19:28 +01:00
|
|
|
users: usersWithAvatars,
|
2026-01-30 13:41:32 +01:00
|
|
|
total,
|
|
|
|
|
page,
|
|
|
|
|
perPage,
|
|
|
|
|
totalPages: Math.ceil(total / perPage),
|
|
|
|
|
}
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a single user (admin only)
|
|
|
|
|
*/
|
|
|
|
|
get: adminProcedure
|
|
|
|
|
.input(z.object({ id: z.string() }))
|
|
|
|
|
.query(async ({ ctx, input }) => {
|
2026-02-05 20:31:08 +01:00
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: input.id },
|
|
|
|
|
include: {
|
|
|
|
|
_count: {
|
|
|
|
|
select: { assignments: true, mentorAssignments: true },
|
2026-01-30 13:41:32 +01:00
|
|
|
},
|
2026-02-05 20:31:08 +01:00
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
return user
|
2026-01-30 13:41:32 +01:00
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create/invite a new user (admin only)
|
|
|
|
|
*/
|
|
|
|
|
create: adminProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
email: z.string().email(),
|
|
|
|
|
name: z.string().optional(),
|
|
|
|
|
role: z.enum(['PROGRAM_ADMIN', 'JURY_MEMBER', 'MENTOR', 'OBSERVER']).default('JURY_MEMBER'),
|
|
|
|
|
expertiseTags: z.array(z.string()).optional(),
|
|
|
|
|
maxAssignments: z.number().int().min(1).max(100).optional(),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Check if user already exists
|
|
|
|
|
const existing = await ctx.prisma.user.findUnique({
|
|
|
|
|
where: { email: input.email },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (existing) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'CONFLICT',
|
|
|
|
|
message: 'A user with this email already exists',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prevent non-super-admins from creating admins
|
|
|
|
|
if (input.role === 'PROGRAM_ADMIN' && ctx.user.role !== 'SUPER_ADMIN') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'FORBIDDEN',
|
|
|
|
|
message: 'Only super admins can create program admins',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
const user = await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
const created = await tx.user.create({
|
|
|
|
|
data: {
|
|
|
|
|
...input,
|
|
|
|
|
status: 'INVITED',
|
|
|
|
|
},
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'CREATE',
|
|
|
|
|
entityType: 'User',
|
2026-02-05 21:09:06 +01:00
|
|
|
entityId: created.id,
|
2026-01-30 13:41:32 +01:00
|
|
|
detailsJson: { email: input.email, role: input.role },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return created
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update a user (admin only)
|
|
|
|
|
*/
|
|
|
|
|
update: adminProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
id: z.string(),
|
|
|
|
|
name: z.string().optional().nullable(),
|
|
|
|
|
role: z.enum(['PROGRAM_ADMIN', 'JURY_MEMBER', 'MENTOR', 'OBSERVER']).optional(),
|
|
|
|
|
status: z.enum(['INVITED', 'ACTIVE', 'SUSPENDED']).optional(),
|
|
|
|
|
expertiseTags: z.array(z.string()).optional(),
|
|
|
|
|
maxAssignments: z.number().int().min(1).max(100).optional().nullable(),
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
availabilityJson: z.any().optional(),
|
|
|
|
|
preferredWorkload: z.number().int().min(1).max(100).optional().nullable(),
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
const { id, ...data } = input
|
|
|
|
|
|
|
|
|
|
// Prevent changing super admin role
|
|
|
|
|
const targetUser = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (targetUser.role === 'SUPER_ADMIN' && ctx.user.role !== 'SUPER_ADMIN') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'FORBIDDEN',
|
|
|
|
|
message: 'Cannot modify super admin',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prevent non-super-admins from assigning admin role
|
|
|
|
|
if (data.role === 'PROGRAM_ADMIN' && ctx.user.role !== 'SUPER_ADMIN') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'FORBIDDEN',
|
|
|
|
|
message: 'Only super admins can assign admin role',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
const user = await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
const updated = await tx.user.update({
|
|
|
|
|
where: { id },
|
|
|
|
|
data,
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'UPDATE',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: id,
|
|
|
|
|
detailsJson: data,
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
// Track role change specifically
|
|
|
|
|
if (data.role && data.role !== targetUser.role) {
|
|
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'ROLE_CHANGED',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: id,
|
|
|
|
|
detailsJson: { previousRole: targetUser.role, newRole: data.role },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return updated
|
|
|
|
|
})
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
return user
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete a user (super admin only)
|
|
|
|
|
*/
|
|
|
|
|
delete: superAdminProcedure
|
|
|
|
|
.input(z.object({ id: z.string() }))
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Prevent self-deletion
|
|
|
|
|
if (input.id === ctx.user.id) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'Cannot delete yourself',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
const user = await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
// Fetch user data before deletion for the audit log
|
|
|
|
|
const target = await tx.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: input.id },
|
|
|
|
|
select: { email: true },
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'DELETE',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: input.id,
|
2026-02-05 21:09:06 +01:00
|
|
|
detailsJson: { email: target.email },
|
2026-01-30 13:41:32 +01:00
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return tx.user.delete({
|
|
|
|
|
where: { id: input.id },
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Bulk import users (admin only)
|
2026-02-04 14:15:06 +01:00
|
|
|
* Optionally pre-assign projects to jury members during invitation
|
2026-01-30 13:41:32 +01:00
|
|
|
*/
|
|
|
|
|
bulkCreate: adminProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
users: z.array(
|
|
|
|
|
z.object({
|
|
|
|
|
email: z.string().email(),
|
|
|
|
|
name: z.string().optional(),
|
Add dynamic apply wizard customization with admin settings UI
- Create wizard config types, utilities, and defaults (wizard-config.ts)
- Add admin apply settings page with drag-and-drop step ordering, dropdown
option management, feature toggles, welcome message customization, and
custom field builder with select/multiselect options editor
- Build dynamic apply wizard component with animated step transitions,
mobile-first responsive design, and config-driven form validation
- Update step components to accept dynamic config (categories, ocean issues,
field visibility, feature flags)
- Replace hardcoded enum validation with string-based validation for
admin-configurable dropdown values, with safe enum casting at storage layer
- Add wizard template system (model, router, admin UI) with built-in
MOPC Classic preset
- Add program wizard config CRUD procedures to program router
- Update application router getConfig to return wizardConfig, submit handler
to store custom field data in metadataJson
- Add edition-based apply page, project pool page, and supporting routers
- Fix CSS (invalid sm:fixed-none), Enter key handler (skip textarea),
safe area insets for notched phones, buildStepsArray field visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 13:18:20 +01:00
|
|
|
role: z.enum(['PROGRAM_ADMIN', 'JURY_MEMBER', 'MENTOR', 'OBSERVER']).default('JURY_MEMBER'),
|
2026-01-30 13:41:32 +01:00
|
|
|
expertiseTags: z.array(z.string()).optional(),
|
2026-02-04 14:15:06 +01:00
|
|
|
// Optional pre-assignments for jury members
|
|
|
|
|
assignments: z
|
|
|
|
|
.array(
|
|
|
|
|
z.object({
|
|
|
|
|
projectId: z.string(),
|
|
|
|
|
roundId: z.string(),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.optional(),
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
Add dynamic apply wizard customization with admin settings UI
- Create wizard config types, utilities, and defaults (wizard-config.ts)
- Add admin apply settings page with drag-and-drop step ordering, dropdown
option management, feature toggles, welcome message customization, and
custom field builder with select/multiselect options editor
- Build dynamic apply wizard component with animated step transitions,
mobile-first responsive design, and config-driven form validation
- Update step components to accept dynamic config (categories, ocean issues,
field visibility, feature flags)
- Replace hardcoded enum validation with string-based validation for
admin-configurable dropdown values, with safe enum casting at storage layer
- Add wizard template system (model, router, admin UI) with built-in
MOPC Classic preset
- Add program wizard config CRUD procedures to program router
- Update application router getConfig to return wizardConfig, submit handler
to store custom field data in metadataJson
- Add edition-based apply page, project pool page, and supporting routers
- Fix CSS (invalid sm:fixed-none), Enter key handler (skip textarea),
safe area insets for notched phones, buildStepsArray field visibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 13:18:20 +01:00
|
|
|
// Prevent non-super-admins from creating program admins
|
|
|
|
|
const hasAdminRole = input.users.some((u) => u.role === 'PROGRAM_ADMIN')
|
|
|
|
|
if (hasAdminRole && ctx.user.role !== 'SUPER_ADMIN') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'FORBIDDEN',
|
|
|
|
|
message: 'Only super admins can create program admins',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
// Deduplicate input by email (keep first occurrence)
|
|
|
|
|
const seenEmails = new Set<string>()
|
|
|
|
|
const uniqueUsers = input.users.filter((u) => {
|
|
|
|
|
const email = u.email.toLowerCase()
|
|
|
|
|
if (seenEmails.has(email)) return false
|
|
|
|
|
seenEmails.add(email)
|
|
|
|
|
return true
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Get existing emails from database
|
|
|
|
|
const existingUsers = await ctx.prisma.user.findMany({
|
|
|
|
|
where: { email: { in: uniqueUsers.map((u) => u.email.toLowerCase()) } },
|
|
|
|
|
select: { email: true },
|
|
|
|
|
})
|
|
|
|
|
const existingEmails = new Set(existingUsers.map((u) => u.email.toLowerCase()))
|
|
|
|
|
|
|
|
|
|
// Filter out existing users
|
|
|
|
|
const newUsers = uniqueUsers.filter((u) => !existingEmails.has(u.email.toLowerCase()))
|
|
|
|
|
|
|
|
|
|
const duplicatesInInput = input.users.length - uniqueUsers.length
|
|
|
|
|
const skipped = existingEmails.size + duplicatesInInput
|
|
|
|
|
|
|
|
|
|
if (newUsers.length === 0) {
|
|
|
|
|
return { created: 0, skipped }
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-04 14:15:06 +01:00
|
|
|
// Build map of email -> assignments before createMany (since createMany removes extra fields)
|
|
|
|
|
const emailToAssignments = new Map<string, Array<{ projectId: string; roundId: string }>>()
|
|
|
|
|
for (const u of newUsers) {
|
|
|
|
|
if (u.assignments && u.assignments.length > 0) {
|
|
|
|
|
emailToAssignments.set(u.email.toLowerCase(), u.assignments)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
const created = await ctx.prisma.user.createMany({
|
|
|
|
|
data: newUsers.map((u) => ({
|
|
|
|
|
email: u.email.toLowerCase(),
|
2026-02-04 14:15:06 +01:00
|
|
|
name: u.name,
|
|
|
|
|
role: u.role,
|
|
|
|
|
expertiseTags: u.expertiseTags,
|
2026-01-30 13:41:32 +01:00
|
|
|
status: 'INVITED',
|
|
|
|
|
})),
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Audit log
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: ctx.prisma,
|
|
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'BULK_CREATE',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
detailsJson: { count: created.count, skipped, duplicatesInInput },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
2026-01-31 14:13:16 +01:00
|
|
|
// Auto-send invitation emails to newly created users
|
|
|
|
|
const baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000'
|
|
|
|
|
const createdUsers = await ctx.prisma.user.findMany({
|
|
|
|
|
where: { email: { in: newUsers.map((u) => u.email.toLowerCase()) } },
|
|
|
|
|
select: { id: true, email: true, name: true, role: true },
|
|
|
|
|
})
|
|
|
|
|
|
2026-02-04 14:15:06 +01:00
|
|
|
// Create pre-assignments for users who have them
|
|
|
|
|
let assignmentsCreated = 0
|
|
|
|
|
for (const user of createdUsers) {
|
|
|
|
|
const assignments = emailToAssignments.get(user.email.toLowerCase())
|
|
|
|
|
if (assignments && assignments.length > 0) {
|
|
|
|
|
for (const assignment of assignments) {
|
|
|
|
|
try {
|
|
|
|
|
await ctx.prisma.assignment.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
projectId: assignment.projectId,
|
|
|
|
|
roundId: assignment.roundId,
|
|
|
|
|
method: 'MANUAL',
|
|
|
|
|
createdBy: ctx.user.id,
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
assignmentsCreated++
|
|
|
|
|
} catch {
|
|
|
|
|
// Skip if assignment already exists (shouldn't happen for new users)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Audit log for assignments if any were created
|
|
|
|
|
if (assignmentsCreated > 0) {
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: ctx.prisma,
|
|
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'BULK_ASSIGN',
|
|
|
|
|
entityType: 'Assignment',
|
|
|
|
|
detailsJson: { count: assignmentsCreated, context: 'invitation_pre_assignment' },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-04 14:15:06 +01:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-31 14:13:16 +01:00
|
|
|
let emailsSent = 0
|
|
|
|
|
const emailErrors: string[] = []
|
|
|
|
|
|
|
|
|
|
for (const user of createdUsers) {
|
|
|
|
|
try {
|
|
|
|
|
const token = generateInviteToken()
|
|
|
|
|
await ctx.prisma.user.update({
|
|
|
|
|
where: { id: user.id },
|
|
|
|
|
data: {
|
|
|
|
|
inviteToken: token,
|
|
|
|
|
inviteTokenExpiresAt: new Date(Date.now() + INVITE_TOKEN_EXPIRY_MS),
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
const inviteUrl = `${baseUrl}/accept-invite?token=${token}`
|
|
|
|
|
await sendInvitationEmail(user.email, user.name, inviteUrl, user.role)
|
|
|
|
|
|
|
|
|
|
await ctx.prisma.notificationLog.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
channel: 'EMAIL',
|
|
|
|
|
provider: 'SMTP',
|
|
|
|
|
type: 'JURY_INVITATION',
|
|
|
|
|
status: 'SENT',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
emailsSent++
|
|
|
|
|
} catch (e) {
|
|
|
|
|
emailErrors.push(user.email)
|
|
|
|
|
await ctx.prisma.notificationLog.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
channel: 'EMAIL',
|
|
|
|
|
provider: 'SMTP',
|
|
|
|
|
type: 'JURY_INVITATION',
|
|
|
|
|
status: 'FAILED',
|
|
|
|
|
errorMsg: e instanceof Error ? e.message : 'Unknown error',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-02-04 14:15:06 +01:00
|
|
|
return { created: created.count, skipped, emailsSent, emailErrors, assignmentsCreated }
|
2026-01-30 13:41:32 +01:00
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get jury members for assignment
|
|
|
|
|
*/
|
|
|
|
|
getJuryMembers: adminProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
roundId: z.string().optional(),
|
|
|
|
|
search: z.string().optional(),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.query(async ({ ctx, input }) => {
|
|
|
|
|
const where: Record<string, unknown> = {
|
|
|
|
|
role: 'JURY_MEMBER',
|
|
|
|
|
status: 'ACTIVE',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (input.search) {
|
|
|
|
|
where.OR = [
|
|
|
|
|
{ email: { contains: input.search, mode: 'insensitive' } },
|
|
|
|
|
{ name: { contains: input.search, mode: 'insensitive' } },
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const users = await ctx.prisma.user.findMany({
|
|
|
|
|
where,
|
|
|
|
|
select: {
|
|
|
|
|
id: true,
|
|
|
|
|
email: true,
|
|
|
|
|
name: true,
|
|
|
|
|
expertiseTags: true,
|
|
|
|
|
maxAssignments: true,
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
availabilityJson: true,
|
|
|
|
|
preferredWorkload: true,
|
2026-02-02 13:19:28 +01:00
|
|
|
profileImageKey: true,
|
|
|
|
|
profileImageProvider: true,
|
2026-01-30 13:41:32 +01:00
|
|
|
_count: {
|
|
|
|
|
select: {
|
|
|
|
|
assignments: input.roundId
|
|
|
|
|
? { where: { roundId: input.roundId } }
|
|
|
|
|
: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
orderBy: { name: 'asc' },
|
|
|
|
|
})
|
|
|
|
|
|
2026-02-02 13:19:28 +01:00
|
|
|
const mapped = users.map((u) => ({
|
2026-01-30 13:41:32 +01:00
|
|
|
...u,
|
|
|
|
|
currentAssignments: u._count.assignments,
|
|
|
|
|
availableSlots:
|
|
|
|
|
u.maxAssignments !== null
|
|
|
|
|
? Math.max(0, u.maxAssignments - u._count.assignments)
|
|
|
|
|
: null,
|
|
|
|
|
}))
|
2026-02-02 13:19:28 +01:00
|
|
|
|
|
|
|
|
return attachAvatarUrls(mapped)
|
2026-01-30 13:41:32 +01:00
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send invitation email to a user
|
|
|
|
|
*/
|
|
|
|
|
sendInvitation: adminProcedure
|
|
|
|
|
.input(z.object({ userId: z.string() }))
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: input.userId },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (user.status !== 'INVITED') {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'User has already accepted their invitation',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-31 14:13:16 +01:00
|
|
|
// Generate invite token and store on user
|
|
|
|
|
const token = generateInviteToken()
|
|
|
|
|
await ctx.prisma.user.update({
|
|
|
|
|
where: { id: user.id },
|
|
|
|
|
data: {
|
|
|
|
|
inviteToken: token,
|
|
|
|
|
inviteTokenExpiresAt: new Date(Date.now() + INVITE_TOKEN_EXPIRY_MS),
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
2026-01-30 13:41:32 +01:00
|
|
|
const baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000'
|
2026-01-31 14:13:16 +01:00
|
|
|
const inviteUrl = `${baseUrl}/accept-invite?token=${token}`
|
2026-01-30 13:41:32 +01:00
|
|
|
|
|
|
|
|
// Send invitation email
|
|
|
|
|
await sendInvitationEmail(user.email, user.name, inviteUrl, user.role)
|
|
|
|
|
|
|
|
|
|
// Log notification
|
|
|
|
|
await ctx.prisma.notificationLog.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
channel: 'EMAIL',
|
|
|
|
|
provider: 'SMTP',
|
|
|
|
|
type: 'JURY_INVITATION',
|
|
|
|
|
status: 'SENT',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Audit log
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: ctx.prisma,
|
|
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'SEND_INVITATION',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: user.id,
|
|
|
|
|
detailsJson: { email: user.email },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { success: true, email: user.email }
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send invitation emails to multiple users
|
|
|
|
|
*/
|
|
|
|
|
bulkSendInvitations: adminProcedure
|
|
|
|
|
.input(z.object({ userIds: z.array(z.string()) }))
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
const users = await ctx.prisma.user.findMany({
|
|
|
|
|
where: {
|
|
|
|
|
id: { in: input.userIds },
|
|
|
|
|
status: 'INVITED',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (users.length === 0) {
|
|
|
|
|
return { sent: 0, skipped: input.userIds.length }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000'
|
|
|
|
|
let sent = 0
|
|
|
|
|
const errors: string[] = []
|
|
|
|
|
|
|
|
|
|
for (const user of users) {
|
|
|
|
|
try {
|
2026-01-31 14:13:16 +01:00
|
|
|
// Generate invite token for each user
|
|
|
|
|
const token = generateInviteToken()
|
|
|
|
|
await ctx.prisma.user.update({
|
|
|
|
|
where: { id: user.id },
|
|
|
|
|
data: {
|
|
|
|
|
inviteToken: token,
|
|
|
|
|
inviteTokenExpiresAt: new Date(Date.now() + INVITE_TOKEN_EXPIRY_MS),
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
const inviteUrl = `${baseUrl}/accept-invite?token=${token}`
|
2026-01-30 13:41:32 +01:00
|
|
|
await sendInvitationEmail(user.email, user.name, inviteUrl, user.role)
|
|
|
|
|
|
|
|
|
|
await ctx.prisma.notificationLog.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
channel: 'EMAIL',
|
|
|
|
|
provider: 'SMTP',
|
|
|
|
|
type: 'JURY_INVITATION',
|
|
|
|
|
status: 'SENT',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
sent++
|
|
|
|
|
} catch (e) {
|
|
|
|
|
errors.push(user.email)
|
|
|
|
|
await ctx.prisma.notificationLog.create({
|
|
|
|
|
data: {
|
|
|
|
|
userId: user.id,
|
|
|
|
|
channel: 'EMAIL',
|
|
|
|
|
provider: 'SMTP',
|
|
|
|
|
type: 'JURY_INVITATION',
|
|
|
|
|
status: 'FAILED',
|
|
|
|
|
errorMsg: e instanceof Error ? e.message : 'Unknown error',
|
|
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Audit log
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: ctx.prisma,
|
|
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'BULK_SEND_INVITATIONS',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
detailsJson: { sent, errors },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { sent, skipped: input.userIds.length - users.length, errors }
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Complete onboarding for current user
|
|
|
|
|
*/
|
|
|
|
|
completeOnboarding: protectedProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
name: z.string().min(1).max(255),
|
|
|
|
|
phoneNumber: z.string().optional(),
|
2026-02-04 14:15:06 +01:00
|
|
|
country: z.string().optional(),
|
2026-02-04 15:27:28 +01:00
|
|
|
bio: z.string().max(500).optional(),
|
2026-01-30 13:41:32 +01:00
|
|
|
expertiseTags: z.array(z.string()).optional(),
|
|
|
|
|
notificationPreference: z.enum(['EMAIL', 'WHATSAPP', 'BOTH', 'NONE']).optional(),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
2026-02-04 01:15:21 +01:00
|
|
|
// Get existing user to preserve admin-set tags
|
|
|
|
|
const existingUser = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { expertiseTags: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Merge admin-set tags with user-selected tags (preserving order: admin first, then user)
|
|
|
|
|
const adminTags = existingUser.expertiseTags || []
|
|
|
|
|
const userTags = input.expertiseTags || []
|
|
|
|
|
const mergedTags = [...new Set([...adminTags, ...userTags])]
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
const user = await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
const updated = await tx.user.update({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
data: {
|
|
|
|
|
name: input.name,
|
|
|
|
|
phoneNumber: input.phoneNumber,
|
|
|
|
|
country: input.country,
|
|
|
|
|
bio: input.bio,
|
|
|
|
|
expertiseTags: mergedTags,
|
|
|
|
|
notificationPreference: input.notificationPreference || 'EMAIL',
|
|
|
|
|
onboardingCompletedAt: new Date(),
|
|
|
|
|
status: 'ACTIVE', // Activate user after onboarding
|
|
|
|
|
},
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
|
|
|
|
action: 'COMPLETE_ONBOARDING',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: ctx.user.id,
|
|
|
|
|
detailsJson: { name: input.name },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return updated
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if current user needs onboarding
|
|
|
|
|
*/
|
|
|
|
|
needsOnboarding: protectedProcedure.query(async ({ ctx }) => {
|
|
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { onboardingCompletedAt: true, role: true },
|
|
|
|
|
})
|
|
|
|
|
|
2026-02-04 14:15:06 +01:00
|
|
|
// Jury members, mentors, and admins need onboarding
|
|
|
|
|
const rolesRequiringOnboarding = ['JURY_MEMBER', 'MENTOR', 'PROGRAM_ADMIN', 'SUPER_ADMIN']
|
2026-02-04 01:15:21 +01:00
|
|
|
if (!rolesRequiringOnboarding.includes(user.role)) {
|
2026-01-30 13:41:32 +01:00
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return user.onboardingCompletedAt === null
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if current user needs to set a password
|
|
|
|
|
*/
|
|
|
|
|
needsPasswordSetup: protectedProcedure.query(async ({ ctx }) => {
|
|
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { mustSetPassword: true, passwordHash: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return user.mustSetPassword || user.passwordHash === null
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Set password for current user
|
|
|
|
|
*/
|
|
|
|
|
setPassword: protectedProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
password: z.string().min(8),
|
|
|
|
|
confirmPassword: z.string().min(8),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Validate passwords match
|
|
|
|
|
if (input.password !== input.confirmPassword) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'Passwords do not match',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate password requirements
|
|
|
|
|
const validation = validatePassword(input.password)
|
|
|
|
|
if (!validation.valid) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: validation.errors.join('. '),
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Hash the password
|
|
|
|
|
const passwordHash = await hashPassword(input.password)
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
// Update user with new password + audit in transaction
|
|
|
|
|
const user = await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
const updated = await tx.user.update({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
data: {
|
|
|
|
|
passwordHash,
|
|
|
|
|
passwordSetAt: new Date(),
|
|
|
|
|
mustSetPassword: false,
|
|
|
|
|
},
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
action: 'PASSWORD_SET',
|
2026-01-30 13:41:32 +01:00
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: ctx.user.id,
|
|
|
|
|
detailsJson: { timestamp: new Date().toISOString() },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return updated
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { success: true, email: user.email }
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Change password for current user (requires current password)
|
|
|
|
|
*/
|
|
|
|
|
changePassword: protectedProcedure
|
|
|
|
|
.input(
|
|
|
|
|
z.object({
|
|
|
|
|
currentPassword: z.string().min(1),
|
|
|
|
|
newPassword: z.string().min(8),
|
|
|
|
|
confirmNewPassword: z.string().min(8),
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Get current user with password hash
|
|
|
|
|
const user = await ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { passwordHash: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if (!user.passwordHash) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'No password set. Please use magic link to sign in.',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify current password
|
|
|
|
|
const { verifyPassword } = await import('@/lib/password')
|
|
|
|
|
const isValid = await verifyPassword(input.currentPassword, user.passwordHash)
|
|
|
|
|
if (!isValid) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'UNAUTHORIZED',
|
|
|
|
|
message: 'Current password is incorrect',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate new passwords match
|
|
|
|
|
if (input.newPassword !== input.confirmNewPassword) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: 'New passwords do not match',
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate new password requirements
|
|
|
|
|
const validation = validatePassword(input.newPassword)
|
|
|
|
|
if (!validation.valid) {
|
|
|
|
|
throw new TRPCError({
|
|
|
|
|
code: 'BAD_REQUEST',
|
|
|
|
|
message: validation.errors.join('. '),
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Hash the new password
|
|
|
|
|
const passwordHash = await hashPassword(input.newPassword)
|
|
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
// Update user with new password + audit in transaction
|
|
|
|
|
await ctx.prisma.$transaction(async (tx) => {
|
|
|
|
|
await tx.user.update({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
data: {
|
|
|
|
|
passwordHash,
|
|
|
|
|
passwordSetAt: new Date(),
|
|
|
|
|
},
|
|
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: tx,
|
2026-01-30 13:41:32 +01:00
|
|
|
userId: ctx.user.id,
|
Implement Prototype 1 improvements: unified members, project filters, audit expansion, filtering rounds, special awards
- Unified Member Management: merge /admin/users and /admin/mentors into /admin/members with role tabs, search, pagination
- Project List Filters: add search, multi-status filter, round/category/country selects, boolean toggles, URL persistence
- Audit Log Expansion: track logins, round state changes, evaluation submissions, file access, role changes via shared logAudit utility
- Founding Date Field: add foundedAt to Project model with CSV import support
- Filtering Round System: configurable rules (field-based, document check, AI screening), execution engine, results review with override/reinstate
- Special Awards System: named awards with eligibility criteria, dedicated jury, PICK_WINNER/RANKED/SCORED voting modes, AI eligibility
- Dashboard resilience: wrap heavy queries in try-catch to prevent error boundary on transient DB failures
- Reusable pagination component extracted to src/components/shared/pagination.tsx
- Old /admin/users and /admin/mentors routes redirect to /admin/members
- Prisma migration for all schema additions (additive, no data loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 16:58:29 +01:00
|
|
|
action: 'PASSWORD_CHANGED',
|
2026-01-30 13:41:32 +01:00
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: ctx.user.id,
|
|
|
|
|
detailsJson: { timestamp: new Date().toISOString() },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-02-05 21:09:06 +01:00
|
|
|
})
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { success: true }
|
|
|
|
|
}),
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Request password reset (public - no auth required)
|
|
|
|
|
* Sends a magic link and marks user for password reset
|
|
|
|
|
*/
|
|
|
|
|
requestPasswordReset: publicProcedure
|
|
|
|
|
.input(z.object({ email: z.string().email() }))
|
|
|
|
|
.mutation(async ({ ctx, input }) => {
|
|
|
|
|
// Find user by email
|
|
|
|
|
const user = await ctx.prisma.user.findUnique({
|
|
|
|
|
where: { email: input.email },
|
|
|
|
|
select: { id: true, email: true, status: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Always return success to prevent email enumeration
|
|
|
|
|
if (!user || user.status === 'SUSPENDED') {
|
|
|
|
|
return { success: true, message: 'If an account exists with this email, a password reset link will be sent.' }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Mark user for password reset
|
|
|
|
|
await ctx.prisma.user.update({
|
|
|
|
|
where: { id: user.id },
|
|
|
|
|
data: { mustSetPassword: true },
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Generate a callback URL for the magic link
|
|
|
|
|
const baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000'
|
|
|
|
|
const callbackUrl = `${baseUrl}/set-password`
|
|
|
|
|
|
|
|
|
|
// We don't send the email here - the user will use the magic link form
|
|
|
|
|
// This just marks them for password reset
|
|
|
|
|
// The actual email is sent through NextAuth's email provider
|
|
|
|
|
|
|
|
|
|
// Audit log (without user ID since this is public)
|
2026-02-05 21:09:06 +01:00
|
|
|
await logAudit({
|
|
|
|
|
prisma: ctx.prisma,
|
|
|
|
|
userId: null, // No authenticated user
|
|
|
|
|
action: 'REQUEST_PASSWORD_RESET',
|
|
|
|
|
entityType: 'User',
|
|
|
|
|
entityId: user.id,
|
|
|
|
|
detailsJson: { email: input.email, timestamp: new Date().toISOString() },
|
|
|
|
|
ipAddress: ctx.ip,
|
|
|
|
|
userAgent: ctx.userAgent,
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return { success: true, message: 'If an account exists with this email, a password reset link will be sent.' }
|
|
|
|
|
}),
|
Implement 15 platform features: digest, availability, templates, comparison, live voting SSE, file versioning, mentorship, messaging, analytics, drafts, webhooks, peer review, audit enhancements, i18n
Features implemented:
- F1: Email digest notifications with cron endpoint and per-user frequency
- F2: Jury availability windows and workload preferences in smart assignment
- F3: Round templates with save-from-round and CRUD management
- F4: Side-by-side project comparison view for jury members
- F5: Real-time voting dashboard with Server-Sent Events (SSE)
- F6: Live voting UX: QR codes, audience voting, tie-breaking, score animations
- F7: File versioning, inline preview, bulk download with presigned URLs
- F8: Mentor dashboard: milestones, private notes, activity tracking
- F9: Communication hub with broadcasts, templates, and recipient targeting
- F10: Advanced analytics: cross-round comparison, juror consistency, diversity metrics, PDF export
- F11: Applicant draft saving with magic link resume and cron cleanup
- F12: Webhook integration layer with HMAC signing, retry, and delivery logs
- F13: Peer review discussions with anonymized scores and threaded comments
- F14: Audit log enhancements: before/after diffs, session grouping, anomaly detection, retention
- F15: i18n foundation with next-intl (EN/FR), cookie-based locale, language switcher
Schema: 12 new models, field additions to User, Project, ProjectFile, LiveVotingSession, LiveVote, MentorAssignment, AuditLog, Program
New routers: roundTemplate, message, webhook (registered in _app.ts)
New services: email-digest, webhook-dispatcher
New cron endpoints: /api/cron/digest, /api/cron/draft-cleanup, /api/cron/audit-cleanup
New API routes: /api/live-voting/stream (SSE), /api/files/bulk-download
All features are admin-configurable via SystemSettings or per-model settingsJson fields.
Docker build verified successfully.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-05 23:31:41 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get current user's digest settings along with global digest config
|
|
|
|
|
*/
|
|
|
|
|
getDigestSettings: protectedProcedure.query(async ({ ctx }) => {
|
|
|
|
|
const [user, digestEnabled, digestSections] = await Promise.all([
|
|
|
|
|
ctx.prisma.user.findUniqueOrThrow({
|
|
|
|
|
where: { id: ctx.user.id },
|
|
|
|
|
select: { digestFrequency: true },
|
|
|
|
|
}),
|
|
|
|
|
ctx.prisma.systemSettings.findUnique({
|
|
|
|
|
where: { key: 'digest_enabled' },
|
|
|
|
|
select: { value: true },
|
|
|
|
|
}),
|
|
|
|
|
ctx.prisma.systemSettings.findUnique({
|
|
|
|
|
where: { key: 'digest_sections' },
|
|
|
|
|
select: { value: true },
|
|
|
|
|
}),
|
|
|
|
|
])
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
digestFrequency: user.digestFrequency,
|
|
|
|
|
globalDigestEnabled: digestEnabled?.value === 'true',
|
|
|
|
|
globalDigestSections: digestSections?.value ? JSON.parse(digestSections.value) : [],
|
|
|
|
|
}
|
|
|
|
|
}),
|
2026-01-30 13:41:32 +01:00
|
|
|
})
|