letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
397dbd1490dd031a7a524f00f894f6ff19f0d6c3
pn-new-crm/src/lib/services/email-accounts.service.ts

171 lines
5.6 KiB
TypeScript
Raw Normal View History

Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
import { and, eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { emailAccounts } from '@/lib/db/schema/email';
import { encrypt, decrypt } from '@/lib/utils/encryption';
refactor(services): centralize AuditMeta + transactional setEntityTags helper The same `interface AuditMeta { userId; portId; ipAddress; userAgent }` was duplicated in 26 service files. Move the canonical definition into `@/lib/audit` next to the related types and update every service to import it. `ServiceAuditMeta` (the alias used in invoices.ts and expenses.ts) collapses into the same name. Tag CRUD across clients/companies/yachts/interests/berths followed an identical wipe-then-rewrite recipe with two latent issues: the delete and insert weren't wrapped in a transaction (a partial failure left the entity with zero tags) and the audit-log payload shape diverged (`newValue: { tagIds }` for clients/yachts/companies but `metadata: { type: 'tags_updated', tagIds }` for interests/berths). Extract `setEntityTags` in `entity-tags.helper.ts` that performs the delete+insert inside a single transaction, normalizes the audit payload to `newValue: { tagIds }`, and dispatches the per-entity socket event through a switch so `ServerToClientEvents` typing stays intact. The five `setXTags(...)` service functions now do parent-row tenant verification and delegate the join-table work + side effects. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 01:58:42 +02:00
import { createAuditLog, type AuditMeta } from '@/lib/audit';
fix(audit-tier-2): error-surface hygiene — toastError + CodedError sweep Two mechanical sweeps closing the audit's HIGH §16 + MED §11 findings: * 38 client components / 56 toast.error sites converted to toastError(err) so the new admin error inspector becomes usable from user-reported issues — every failed inline-edit, save, send, archive, upload, etc. now carries the request-id + error-code (Copy ID action). * 26 service files / 62 bare-Error throws converted to CodedError or the existing AppError subclasses. Adds new error codes: DOCUMENSO_UPSTREAM_ERROR (502), DOCUMENSO_AUTH_FAILURE (502), DOCUMENSO_TIMEOUT (504), OCR_UPSTREAM_ERROR (502), IMAP_UPSTREAM_ERROR (502), UMAMI_UPSTREAM_ERROR (502), UMAMI_NOT_CONFIGURED (409), and INSERT_RETURNING_EMPTY (500) for post-insert returning-empty guards. * Five vitest assertions updated to match the new user-facing wording (client-merge "already been merged", expense/interest "couldn't find that …", documenso "signing service didn't respond"). Test status: 1168/1168 vitest, tsc clean. Refs: docs/audit-comprehensive-2026-05-05.md HIGH §16 (auditor-H Issue 1) + MED §11 (auditor-G Issue 1). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:18:05 +02:00
import { CodedError, NotFoundError, ForbiddenError } from '@/lib/errors';
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
import type { ConnectAccountInput, ToggleAccountInput } from '@/lib/validators/email';
// ─── Types ────────────────────────────────────────────────────────────────────
type AccountWithoutCredentials = Omit<typeof emailAccounts.$inferSelect, 'credentialsEnc'>;
// ─── Helpers ──────────────────────────────────────────────────────────────────
refactor(services): centralize AuditMeta + transactional setEntityTags helper The same `interface AuditMeta { userId; portId; ipAddress; userAgent }` was duplicated in 26 service files. Move the canonical definition into `@/lib/audit` next to the related types and update every service to import it. `ServiceAuditMeta` (the alias used in invoices.ts and expenses.ts) collapses into the same name. Tag CRUD across clients/companies/yachts/interests/berths followed an identical wipe-then-rewrite recipe with two latent issues: the delete and insert weren't wrapped in a transaction (a partial failure left the entity with zero tags) and the audit-log payload shape diverged (`newValue: { tagIds }` for clients/yachts/companies but `metadata: { type: 'tags_updated', tagIds }` for interests/berths). Extract `setEntityTags` in `entity-tags.helper.ts` that performs the delete+insert inside a single transaction, normalizes the audit payload to `newValue: { tagIds }`, and dispatches the per-entity socket event through a switch so `ServerToClientEvents` typing stays intact. The five `setXTags(...)` service functions now do parent-row tenant verification and delegate the join-table work + side effects. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 01:58:42 +02:00
function stripCredentials(account: typeof emailAccounts.$inferSelect): AccountWithoutCredentials {
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { credentialsEnc: _, ...safe } = account;
return safe;
}
// ─── List ─────────────────────────────────────────────────────────────────────
export async function listAccounts(
userId: string,
portId: string,
): Promise<AccountWithoutCredentials[]> {
const accounts = await db
.select()
.from(emailAccounts)
.where(and(eq(emailAccounts.userId, userId), eq(emailAccounts.portId, portId)));
return accounts.map(stripCredentials);
}
// ─── Connect ──────────────────────────────────────────────────────────────────
export async function connectAccount(
userId: string,
portId: string,
data: ConnectAccountInput,
audit: AuditMeta,
): Promise<AccountWithoutCredentials> {
const credentialsEnc = encrypt(
JSON.stringify({ username: data.username, password: data.password }),
);
const inserted = await db
.insert(emailAccounts)
.values({
userId,
portId,
provider: data.provider,
emailAddress: data.emailAddress,
smtpHost: data.smtpHost,
smtpPort: data.smtpPort,
imapHost: data.imapHost,
imapPort: data.imapPort,
credentialsEnc,
isActive: true,
})
.returning();
const account = inserted[0];
fix(audit-tier-2): error-surface hygiene — toastError + CodedError sweep Two mechanical sweeps closing the audit's HIGH §16 + MED §11 findings: * 38 client components / 56 toast.error sites converted to toastError(err) so the new admin error inspector becomes usable from user-reported issues — every failed inline-edit, save, send, archive, upload, etc. now carries the request-id + error-code (Copy ID action). * 26 service files / 62 bare-Error throws converted to CodedError or the existing AppError subclasses. Adds new error codes: DOCUMENSO_UPSTREAM_ERROR (502), DOCUMENSO_AUTH_FAILURE (502), DOCUMENSO_TIMEOUT (504), OCR_UPSTREAM_ERROR (502), IMAP_UPSTREAM_ERROR (502), UMAMI_UPSTREAM_ERROR (502), UMAMI_NOT_CONFIGURED (409), and INSERT_RETURNING_EMPTY (500) for post-insert returning-empty guards. * Five vitest assertions updated to match the new user-facing wording (client-merge "already been merged", expense/interest "couldn't find that …", documenso "signing service didn't respond"). Test status: 1168/1168 vitest, tsc clean. Refs: docs/audit-comprehensive-2026-05-05.md HIGH §16 (auditor-H Issue 1) + MED §11 (auditor-G Issue 1). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:18:05 +02:00
if (!account)
throw new CodedError('INSERT_RETURNING_EMPTY', {
internalMessage: 'Failed to insert email account',
});
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
void createAuditLog({
userId: audit.userId,
portId: audit.portId,
action: 'create',
entityType: 'email_account',
entityId: account.id,
metadata: { emailAddress: data.emailAddress, provider: data.provider },
ipAddress: audit.ipAddress,
userAgent: audit.userAgent,
});
return stripCredentials(account);
}
// ─── Toggle ───────────────────────────────────────────────────────────────────
export async function toggleAccount(
accountId: string,
userId: string,
data: ToggleAccountInput,
): Promise<AccountWithoutCredentials> {
const existing = await db.query.emailAccounts.findFirst({
where: eq(emailAccounts.id, accountId),
});
if (!existing) {
throw new NotFoundError('Email account');
}
if (existing.userId !== userId) {
throw new ForbiddenError('You do not own this email account');
}
const updatedRows = await db
.update(emailAccounts)
.set({ isActive: data.isActive, updatedAt: new Date() })
.where(eq(emailAccounts.id, accountId))
.returning();
const updated = updatedRows[0];
fix(audit-tier-2): error-surface hygiene — toastError + CodedError sweep Two mechanical sweeps closing the audit's HIGH §16 + MED §11 findings: * 38 client components / 56 toast.error sites converted to toastError(err) so the new admin error inspector becomes usable from user-reported issues — every failed inline-edit, save, send, archive, upload, etc. now carries the request-id + error-code (Copy ID action). * 26 service files / 62 bare-Error throws converted to CodedError or the existing AppError subclasses. Adds new error codes: DOCUMENSO_UPSTREAM_ERROR (502), DOCUMENSO_AUTH_FAILURE (502), DOCUMENSO_TIMEOUT (504), OCR_UPSTREAM_ERROR (502), IMAP_UPSTREAM_ERROR (502), UMAMI_UPSTREAM_ERROR (502), UMAMI_NOT_CONFIGURED (409), and INSERT_RETURNING_EMPTY (500) for post-insert returning-empty guards. * Five vitest assertions updated to match the new user-facing wording (client-merge "already been merged", expense/interest "couldn't find that …", documenso "signing service didn't respond"). Test status: 1168/1168 vitest, tsc clean. Refs: docs/audit-comprehensive-2026-05-05.md HIGH §16 (auditor-H Issue 1) + MED §11 (auditor-G Issue 1). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 20:18:05 +02:00
if (!updated)
throw new CodedError('INSERT_RETURNING_EMPTY', {
internalMessage: 'Failed to update email account',
});
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 11:52:51 +01:00
return stripCredentials(updated);
}
// ─── Disconnect ───────────────────────────────────────────────────────────────
export async function disconnectAccount(
accountId: string,
userId: string,
audit: AuditMeta,
): Promise<void> {
const existing = await db.query.emailAccounts.findFirst({
where: eq(emailAccounts.id, accountId),
});
if (!existing) {
throw new NotFoundError('Email account');
}
if (existing.userId !== userId) {
throw new ForbiddenError('You do not own this email account');
}
await db.delete(emailAccounts).where(eq(emailAccounts.id, accountId));
void createAuditLog({
userId: audit.userId,
portId: audit.portId,
action: 'delete',
entityType: 'email_account',
entityId: accountId,
metadata: { emailAddress: existing.emailAddress },
ipAddress: audit.ipAddress,
userAgent: audit.userAgent,
});
}
// ─── Get Decrypted Credentials (INTERNAL ONLY) ────────────────────────────────
export async function getDecryptedCredentials(
accountId: string,
): Promise<{ username: string; password: string }> {
const account = await db.query.emailAccounts.findFirst({
where: eq(emailAccounts.id, accountId),
});
if (!account) {
throw new NotFoundError('Email account');
}
const { username, password } = JSON.parse(decrypt(account.credentialsEnc)) as {
username: string;
password: string;
};
return { username, password };
}
Reference in New Issue Copy Permalink