Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
import { z } from 'zod';
|
|
|
|
|
|
|
|
|
|
const envSchema = z.object({
|
|
|
|
|
// Database
|
|
|
|
|
DATABASE_URL: z.string().url().startsWith('postgresql://'),
|
|
|
|
|
|
|
|
|
|
// Redis
|
|
|
|
|
REDIS_URL: z.string().url().startsWith('redis://'),
|
|
|
|
|
|
|
|
|
|
// Auth
|
|
|
|
|
BETTER_AUTH_SECRET: z.string().min(32),
|
|
|
|
|
BETTER_AUTH_URL: z.string().url(),
|
|
|
|
|
CSRF_SECRET: z.string().min(32),
|
|
|
|
|
|
|
|
|
|
// MinIO
|
|
|
|
|
MINIO_ENDPOINT: z.string().min(1),
|
|
|
|
|
MINIO_PORT: z.coerce.number().int().positive(),
|
|
|
|
|
MINIO_ACCESS_KEY: z.string().min(1),
|
|
|
|
|
MINIO_SECRET_KEY: z.string().min(1),
|
|
|
|
|
MINIO_BUCKET: z.string().min(1),
|
|
|
|
|
MINIO_USE_SSL: z.enum(['true', 'false']).transform((v) => v === 'true'),
|
|
|
|
|
|
|
|
|
|
// Documenso
|
|
|
|
|
DOCUMENSO_API_URL: z.string().url(),
|
|
|
|
|
DOCUMENSO_API_KEY: z.string().min(1),
|
2026-04-28 02:22:04 +02:00
|
|
|
DOCUMENSO_API_VERSION: z.enum(['v1', 'v2']).default('v1'),
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
DOCUMENSO_WEBHOOK_SECRET: z.string().min(16),
|
2026-04-24 18:43:41 +02:00
|
|
|
DOCUMENSO_TEMPLATE_ID_EOI: z.coerce.number().int().positive().default(8),
|
|
|
|
|
DOCUMENSO_CLIENT_RECIPIENT_ID: z.coerce.number().int().positive().default(192),
|
|
|
|
|
DOCUMENSO_DEVELOPER_RECIPIENT_ID: z.coerce.number().int().positive().default(193),
|
|
|
|
|
DOCUMENSO_APPROVAL_RECIPIENT_ID: z.coerce.number().int().positive().default(194),
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
|
|
|
|
|
// Email
|
|
|
|
|
SMTP_HOST: z.string().min(1),
|
|
|
|
|
SMTP_PORT: z.coerce.number().int().positive(),
|
feat(portal): replace magic-link with email/password + admin-initiated activation
The client portal no longer uses passwordless / magic-link sign-in. Each
client now has a `portal_users` row with a scrypt-hashed password,
created by an admin from the client detail page; the admin's invite
mails an activation link that the client uses to set their own password.
Forgot-password is wired through the same token mechanism.
Schema (migration `0009_outgoing_rumiko_fujikawa.sql`):
- `portal_users` — one per client account, separate from the CRM
`users` table (better-auth) so the auth realms stay isolated. Email
is globally unique, password is null until activation.
- `portal_auth_tokens` — single-use activation / reset tokens. Stores
only the SHA-256 hash so a DB compromise never leaks live tokens.
Services:
- `src/lib/portal/passwords.ts` — scrypt hash/verify (no new deps;
uses node:crypto), token mint+hash helpers.
- `src/lib/services/portal-auth.service.ts` — createPortalUser,
resendActivation, activateAccount, signIn (timing-safe),
requestPasswordReset, resetPassword. Auth failures throw the new
UnauthorizedError (401); enumeration-safe behaviour everywhere.
Routes:
- POST /api/portal/auth/sign-in — sets the existing portal JWT cookie.
- POST /api/portal/auth/forgot-password — always 200.
- POST /api/portal/auth/reset-password — token + new password.
- POST /api/portal/auth/activate — token + initial password.
- POST /api/v1/clients/:id/portal-user — admin invite (and `?action=resend`).
- Removed: /api/portal/auth/request, /api/portal/auth/verify (magic link).
UI:
- /portal/login — replaced email-only magic-link form with email +
password + "forgot password" link.
- /portal/forgot-password, /portal/reset-password, /portal/activate — new.
- New shared `PasswordSetForm` component used by activate + reset.
- New `PortalInviteButton` rendered on the client detail header.
Email send:
- `createTransporter` now wires SMTP auth when SMTP_USER+SMTP_PASS are
set (gmail app-password or marina-server creds, configured via env).
- `SMTP_FROM` env var lets the sender address be overridden without
pinning it to `noreply@${SMTP_HOST}`.
Tests:
- Smoke spec 17 (client-portal) updated to the new flow: 7/7 green.
- Smoke specs 02-crud-spine, 05-invoices, 20-critical-path updated to
match the post-refactor client + invoice forms (drop companyName,
use OwnerPicker + billingEmail).
- Vitest 652/652 still green; type-check clean.
Drops the dead `requestMagicLink` from portal.service.ts.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 15:34:02 +02:00
|
|
|
SMTP_USER: z.string().optional(),
|
|
|
|
|
SMTP_PASS: z.string().optional(),
|
|
|
|
|
SMTP_FROM: z.string().optional(),
|
2026-04-27 15:04:21 +02:00
|
|
|
// Dev/test safety net: when set, sendEmail redirects every outbound message
|
|
|
|
|
// to this address regardless of the requested recipient. Leave empty in prod.
|
|
|
|
|
EMAIL_REDIRECT_TO: z.string().email().optional(),
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
|
|
|
|
|
// Encryption
|
|
|
|
|
EMAIL_CREDENTIAL_KEY: z
|
|
|
|
|
.string()
|
|
|
|
|
.length(64)
|
|
|
|
|
.regex(/^[0-9a-f]+$/i, 'Must be a 64-character hex string'),
|
|
|
|
|
|
|
|
|
|
// Google OAuth (optional)
|
|
|
|
|
GOOGLE_CLIENT_ID: z.string().optional(),
|
|
|
|
|
GOOGLE_CLIENT_SECRET: z.string().optional(),
|
|
|
|
|
|
2026-05-04 22:52:33 +02:00
|
|
|
// Shared secret used by the marketing website's server-side dual-write
|
|
|
|
|
// helper (POST to /api/public/website-inquiries). Set the SAME value on
|
|
|
|
|
// the website's CRM_INTAKE_SECRET env. Leave unset in dev/staging until
|
|
|
|
|
// the website's CRM_INTAKE_URL is also set — without this, the public
|
|
|
|
|
// intake endpoint refuses every request.
|
|
|
|
|
WEBSITE_INTAKE_SECRET: z.string().min(16).optional(),
|
|
|
|
|
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
// OpenAI (optional)
|
|
|
|
|
OPENAI_API_KEY: z.string().optional(),
|
|
|
|
|
|
|
|
|
|
// App
|
|
|
|
|
APP_URL: z.string().url(),
|
|
|
|
|
PUBLIC_SITE_URL: z.string().url(),
|
|
|
|
|
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
|
|
|
|
LOG_LEVEL: z.enum(['fatal', 'error', 'warn', 'info', 'debug', 'trace']).default('info'),
|
fix(audit-tier-1): timeouts, lifecycle, per-port Documenso, FK constraints
Closes the second wave of HIGH-priority audit findings:
* fetchWithTimeout helper (new src/lib/fetch-with-timeout.ts) wraps
Documenso, OCR, currency, Umami, IMAP, etc. — a hung upstream can
no longer pin a worker concurrency slot indefinitely. OpenAI client
passes timeout: 30_000. ImapFlow gets socket / greeting / connection
timeouts.
* SIGTERM / SIGINT handler in src/server.ts drains in-flight HTTP,
closes Socket.io, and disconnects Redis before exit; compose
stop_grace_period bumped to 30s. Adds closeSocketServer() helper.
* env.ts gains zod-validated PORT and MULTI_NODE_DEPLOYMENT, and
filesystem.ts now reads from env (a typo can no longer silently
disable the multi-node guard).
* Per-port Documenso template + recipient IDs land in system_settings
with env fallback (PortDocumensoConfig now exposes eoiTemplateId,
clientRecipientId, developerRecipientId, approvalRecipientId).
document-templates.ts uses the per-port config and threads portId
into documensoGenerateFromTemplate().
* Migration 0042 wires the eleven HIGH-tier missing FK constraints
(documents/files/interests/reminders/berth_waiting_list/
form_submissions) plus polymorphic CHECK round 2
(yacht_ownership_history.owner_type, document_sends.document_kind),
invoices.billing_entity_id NOT EMPTY, and clients.merged_into self-FK.
Drizzle schema columns updated to .references(...) where possible
so the misleading "FK wired in relations.ts" comments are gone.
Test status: 1168/1168 vitest, tsc clean.
Refs: docs/audit-comprehensive-2026-05-05.md HIGH §§5,6,7,8,9,10 +
MED §§14,15,16,18.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 19:52:58 +02:00
|
|
|
/**
|
|
|
|
|
* HTTP listener port. zod-coerced from PORT so a typo (`PORT=foo`) hard-
|
|
|
|
|
* fails at boot rather than silently listening on an ephemeral port.
|
|
|
|
|
*/
|
|
|
|
|
PORT: z.coerce.number().int().positive().default(3000),
|
|
|
|
|
/**
|
|
|
|
|
* When true, the filesystem storage backend refuses to start (per
|
|
|
|
|
* src/lib/storage/filesystem.ts:192). Reading via the zod schema means
|
|
|
|
|
* a typo on the env var hard-fails at boot rather than silently
|
|
|
|
|
* disabling the multi-node guard. Per CLAUDE.md, multi-node deploys
|
|
|
|
|
* MUST use the s3-compatible backend.
|
|
|
|
|
*/
|
|
|
|
|
MULTI_NODE_DEPLOYMENT: z
|
|
|
|
|
.enum(['true', 'false'])
|
|
|
|
|
.default('false')
|
|
|
|
|
.transform((v) => v === 'true'),
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
export type Env = z.infer<typeof envSchema>;
|
|
|
|
|
|
|
|
|
|
function validateEnv(): Env {
|
2026-04-08 15:31:33 -04:00
|
|
|
if (process.env.SKIP_ENV_VALIDATION === '1') {
|
|
|
|
|
return process.env as unknown as Env;
|
|
|
|
|
}
|
|
|
|
|
|
Initial commit: Port Nimara CRM (Layers 0-4)
Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
|
|
|
const result = envSchema.safeParse(process.env);
|
|
|
|
|
if (!result.success) {
|
|
|
|
|
console.error('Invalid environment variables:');
|
|
|
|
|
for (const issue of result.error.issues) {
|
|
|
|
|
console.error(` ${issue.path.join('.')}: ${issue.message}`);
|
|
|
|
|
}
|
|
|
|
|
process.exit(1);
|
|
|
|
|
}
|
|
|
|
|
return result.data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const env = validateEnv();
|
