src/app/%28portal%29/layout.tsx

import type { Metadata } from 'next';

import { getPortalSession } from '@/lib/portal/auth';
import { getPortalDashboard } from '@/lib/services/portal.service';
import { isPortalDisabledGlobally } from '@/lib/services/portal-auth.service';
import { PortalHeader } from '@/components/portal/portal-header';
import { PortalNav } from '@/components/portal/portal-nav';
import { AuthBrandingProvider } from '@/components/shared/auth-branding-provider';
import { resolveAuthShellBranding } from '@/lib/email/auth-shell-branding';
import { getPortBrandingConfig } from '@/lib/services/port-config';

export const metadata: Metadata = {
  title: {
    default: 'Client Portal',
    template: '%s | Client Portal',
  },
};

export default async function PortalLayout({ children }: { children: React.ReactNode }) {
  // Route-level kill switch. When every port has client_portal_enabled=false,
  // surface a clean "Portal not available" notice instead of letting the
  // login form render (it would just reject every submit with a confusing
  // ConflictError). Single-port deployments effectively get a global toggle
  // out of the admin System Settings UI.
  if (await isPortalDisabledGlobally()) {
    return (
      <div className="min-h-screen bg-gray-50 flex items-center justify-center px-4">
        <div className="max-w-md text-center space-y-3">
          <h1 className="text-2xl font-semibold text-gray-900">Client portal unavailable</h1>
          <p className="text-sm text-gray-600">
            The client portal isn&apos;t currently enabled for this site. If you were expecting to
            sign in here, please contact your account manager.
          </p>
        </div>
      </div>
    );
  }

  // This layout wraps all portal routes including login/verify
  // We can't easily check pathname in a server layout, so we attempt
  // to get the session and pass it down - login/verify pages handle their own
  // redirect logic independently.
  const session = await getPortalSession().catch(() => null);

  // For authenticated routes we need client info for the header.
  // If session is absent, children (login/verify pages) handle their own redirect.
  let clientName = '';
  let portName = 'Client Portal';
  let portLogoUrl: string | null = null;

  if (session) {
    const dashboard = await getPortalDashboard(session.clientId, session.portId).catch(() => null);
    if (dashboard) {
      clientName = dashboard.client.fullName;
      portName = dashboard.port.name;
      portLogoUrl = dashboard.port.logoUrl;
    }
  }

  // Branding for the auth-shell pages (login, forgot-password, reset).
  // When the visitor has a session, use that port's branding so they
  // stay inside one tenant's look. Otherwise pick up the first-port
  // default — the same path the CRM auth pages take.
  const branding = session
    ? await getPortBrandingConfig(session.portId)
        .then((cfg) => ({
          logoUrl: cfg.logoUrl,
          backgroundUrl: cfg.emailBackgroundUrl,
          appName: cfg.appName,
        }))
        .catch(() => null)
    : await resolveAuthShellBranding();

  return (
    <AuthBrandingProvider branding={branding}>
      <div className="min-h-screen bg-gray-50">
        {session && (
          <>
            <PortalHeader portName={portName} portLogoUrl={portLogoUrl} clientName={clientName} />
            <PortalNav />
          </>
        )}
        <main className={session ? 'max-w-5xl mx-auto px-4 sm:px-6 py-8' : ''}>{children}</main>
      </div>
    </AuthBrandingProvider>
  );
}
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`import type { Metadata } from 'next';`

			`import { getPortalSession } from '@/lib/portal/auth';`
			`import { getPortalDashboard } from '@/lib/services/portal.service';`
feat(portal): route-level gate when client_portal_enabled is off Adds isPortalDisabledGlobally() helper that returns true when every configured per-port client_portal_enabled row is false. The (portal) layout calls it and renders a "Portal not available" notice instead of the login/activate/reset pages when the kill switch is flipped. Closes the gap where flipping the admin System Settings toggle would leave /portal/login publicly reachable as a form that rejects every submit with a ConflictError. Now a clean notice page appears instead. Single-port deployments get a global toggle out of this — the existing per-port admin UI in System Settings effectively becomes the master switch. Multi-port future will need URL-level port discrimination (subdomain or path prefix) before the all-ports-off heuristic should be replaced with a per-port resolution. API routes (/api/portal/*) stay on the existing service-layer gate (every portal-auth function checks isPortalEnabledForPort). Direct curl gets a per-call ConflictError, which is acceptable for non-human clients; the UI gate is what matters for accidental discovery. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-11 14:47:46 +02:00			`import { isPortalDisabledGlobally } from '@/lib/services/portal-auth.service';`
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`import { PortalHeader } from '@/components/portal/portal-header';`
			`import { PortalNav } from '@/components/portal/portal-nav';`
feat(branding): multi-tenant brand naming + per-port email shell + auth UI continuity Removes the last hardcoded "Port Nimara" references so a tenant cloning the deploy with a fresh slug sees their own brand throughout. Browser + native chrome: - `generateMetadata` reads `branding_app_name` from the first port row so the browser tab title, apple-web-app title, and template literal reflect the tenant (fallback "CRM" until DB is seeded). - Mobile topbar derives the brand-mark initials from the port slug ("port-nimara" → "PN", "marina-alpha" → "MA") — no code edit on clone. - `documenso-payload` default redirect URL is `""` so Documenso falls back to its own post-sign page instead of routing every tenant's signers to portnimara.com; per-port `redirectUrl` setting still wins. - Server-startup log uses generic "CRM server listening". Email + auth shell: - New `auth-shell-branding.ts` resolves logo / background / appName once per request from `system_settings`; used by both the email shell and the auth-pages SSR layout. - `auth-branding-provider` wraps `/login`, `/reset-password`, `/set-password`, portal `/portal/*` so the branded shell hydrates with the same assets the inbox sees. - `me/email` change email uses the branded shell instead of inline HTML with "Port Nimara CRM" baked into copy. - Admin branding page adds an email-preview card (POSTs to `/api/v1/admin/branding/email-preview`) so an admin can spot-check their templates before going live. - `/api/public/files/[id]` exposes branding-category files anonymously so inbox images (no session cookie) can render; any other category still flows through authenticated `/api/v1/files/[id]/preview`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-20 15:54:10 +02:00			`import { AuthBrandingProvider } from '@/components/shared/auth-branding-provider';`
			`import { resolveAuthShellBranding } from '@/lib/email/auth-shell-branding';`
			`import { getPortBrandingConfig } from '@/lib/services/port-config';`
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00
			`export const metadata: Metadata = {`
			`title: {`
			`default: 'Client Portal',`
			`template: '%s \| Client Portal',`
			`},`
			`};`

chore(style): codebase em-dash sweep + minor layout polish Replaces every em-dash and en-dash with regular ASCII hyphens across comments, JSX strings, and dev-facing logs. Mostly cosmetic but stops the inconsistent mix that crept in over the last few months (some files used em-dashes in comments, others didn't, some used both). Bundles two small dashboard-layout tweaks that touch a couple of already-modified files: - (dashboard)/layout.tsx main padding goes from p-6 to pt-3 px-6 pb-6 so page content sits closer to the topbar. - Sidebar now receives the ports list it needs for the footer port switcher. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-04 22:57:01 +02:00			`export default async function PortalLayout({ children }: { children: React.ReactNode }) {`
feat(portal): route-level gate when client_portal_enabled is off Adds isPortalDisabledGlobally() helper that returns true when every configured per-port client_portal_enabled row is false. The (portal) layout calls it and renders a "Portal not available" notice instead of the login/activate/reset pages when the kill switch is flipped. Closes the gap where flipping the admin System Settings toggle would leave /portal/login publicly reachable as a form that rejects every submit with a ConflictError. Now a clean notice page appears instead. Single-port deployments get a global toggle out of this — the existing per-port admin UI in System Settings effectively becomes the master switch. Multi-port future will need URL-level port discrimination (subdomain or path prefix) before the all-ports-off heuristic should be replaced with a per-port resolution. API routes (/api/portal/*) stay on the existing service-layer gate (every portal-auth function checks isPortalEnabledForPort). Direct curl gets a per-call ConflictError, which is acceptable for non-human clients; the UI gate is what matters for accidental discovery. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-11 14:47:46 +02:00			`// Route-level kill switch. When every port has client_portal_enabled=false,`
			`// surface a clean "Portal not available" notice instead of letting the`
			`// login form render (it would just reject every submit with a confusing`
			`// ConflictError). Single-port deployments effectively get a global toggle`
			`// out of the admin System Settings UI.`
			`if (await isPortalDisabledGlobally()) {`
			`return (`
			`<div className="min-h-screen bg-gray-50 flex items-center justify-center px-4">`
			`<div className="max-w-md text-center space-y-3">`
			`<h1 className="text-2xl font-semibold text-gray-900">Client portal unavailable</h1>`
			`<p className="text-sm text-gray-600">`
			`The client portal isn't currently enabled for this site. If you were expecting to`
			`sign in here, please contact your account manager.`
			`</p>`
			`</div>`
			`</div>`
			`);`
			`}`

Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`// This layout wraps all portal routes including login/verify`
			`// We can't easily check pathname in a server layout, so we attempt`
chore(style): codebase em-dash sweep + minor layout polish Replaces every em-dash and en-dash with regular ASCII hyphens across comments, JSX strings, and dev-facing logs. Mostly cosmetic but stops the inconsistent mix that crept in over the last few months (some files used em-dashes in comments, others didn't, some used both). Bundles two small dashboard-layout tweaks that touch a couple of already-modified files: - (dashboard)/layout.tsx main padding goes from p-6 to pt-3 px-6 pb-6 so page content sits closer to the topbar. - Sidebar now receives the ports list it needs for the footer port switcher. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-04 22:57:01 +02:00			`// to get the session and pass it down - login/verify pages handle their own`
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`// redirect logic independently.`
			`const session = await getPortalSession().catch(() => null);`

			`// For authenticated routes we need client info for the header.`
			`// If session is absent, children (login/verify pages) handle their own redirect.`
			`let clientName = '';`
			`let portName = 'Client Portal';`
			`let portLogoUrl: string \| null = null;`

			`if (session) {`
			`const dashboard = await getPortalDashboard(session.clientId, session.portId).catch(() => null);`
			`if (dashboard) {`
			`clientName = dashboard.client.fullName;`
			`portName = dashboard.port.name;`
			`portLogoUrl = dashboard.port.logoUrl;`
			`}`
			`}`

feat(branding): multi-tenant brand naming + per-port email shell + auth UI continuity Removes the last hardcoded "Port Nimara" references so a tenant cloning the deploy with a fresh slug sees their own brand throughout. Browser + native chrome: - `generateMetadata` reads `branding_app_name` from the first port row so the browser tab title, apple-web-app title, and template literal reflect the tenant (fallback "CRM" until DB is seeded). - Mobile topbar derives the brand-mark initials from the port slug ("port-nimara" → "PN", "marina-alpha" → "MA") — no code edit on clone. - `documenso-payload` default redirect URL is `""` so Documenso falls back to its own post-sign page instead of routing every tenant's signers to portnimara.com; per-port `redirectUrl` setting still wins. - Server-startup log uses generic "CRM server listening". Email + auth shell: - New `auth-shell-branding.ts` resolves logo / background / appName once per request from `system_settings`; used by both the email shell and the auth-pages SSR layout. - `auth-branding-provider` wraps `/login`, `/reset-password`, `/set-password`, portal `/portal/*` so the branded shell hydrates with the same assets the inbox sees. - `me/email` change email uses the branded shell instead of inline HTML with "Port Nimara CRM" baked into copy. - Admin branding page adds an email-preview card (POSTs to `/api/v1/admin/branding/email-preview`) so an admin can spot-check their templates before going live. - `/api/public/files/[id]` exposes branding-category files anonymously so inbox images (no session cookie) can render; any other category still flows through authenticated `/api/v1/files/[id]/preview`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-20 15:54:10 +02:00			`// Branding for the auth-shell pages (login, forgot-password, reset).`
			`// When the visitor has a session, use that port's branding so they`
			`// stay inside one tenant's look. Otherwise pick up the first-port`
			`// default — the same path the CRM auth pages take.`
			`const branding = session`
			`? await getPortBrandingConfig(session.portId)`
			`.then((cfg) => ({`
			`logoUrl: cfg.logoUrl,`
			`backgroundUrl: cfg.emailBackgroundUrl,`
			`appName: cfg.appName,`
			`}))`
			`.catch(() => null)`
			`: await resolveAuthShellBranding();`

Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`return (`
feat(branding): multi-tenant brand naming + per-port email shell + auth UI continuity Removes the last hardcoded "Port Nimara" references so a tenant cloning the deploy with a fresh slug sees their own brand throughout. Browser + native chrome: - `generateMetadata` reads `branding_app_name` from the first port row so the browser tab title, apple-web-app title, and template literal reflect the tenant (fallback "CRM" until DB is seeded). - Mobile topbar derives the brand-mark initials from the port slug ("port-nimara" → "PN", "marina-alpha" → "MA") — no code edit on clone. - `documenso-payload` default redirect URL is `""` so Documenso falls back to its own post-sign page instead of routing every tenant's signers to portnimara.com; per-port `redirectUrl` setting still wins. - Server-startup log uses generic "CRM server listening". Email + auth shell: - New `auth-shell-branding.ts` resolves logo / background / appName once per request from `system_settings`; used by both the email shell and the auth-pages SSR layout. - `auth-branding-provider` wraps `/login`, `/reset-password`, `/set-password`, portal `/portal/*` so the branded shell hydrates with the same assets the inbox sees. - `me/email` change email uses the branded shell instead of inline HTML with "Port Nimara CRM" baked into copy. - Admin branding page adds an email-preview card (POSTs to `/api/v1/admin/branding/email-preview`) so an admin can spot-check their templates before going live. - `/api/public/files/[id]` exposes branding-category files anonymously so inbox images (no session cookie) can render; any other category still flows through authenticated `/api/v1/files/[id]/preview`. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-20 15:54:10 +02:00			`<AuthBrandingProvider branding={branding}>`
			`<div className="min-h-screen bg-gray-50">`
			`{session && (`
			`<>`
			`<PortalHeader portName={portName} portLogoUrl={portLogoUrl} clientName={clientName} />`
			`<PortalNav />`
			`</>`
			`)}`
			`<main className={session ? 'max-w-5xl mx-auto px-4 sm:px-6 py-8' : ''}>{children}</main>`
			`</div>`
			`</AuthBrandingProvider>`
Initial commit: Port Nimara CRM (Layers 0-4) Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM, PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source files covering clients, berths, interests/pipeline, documents/EOI, expenses/invoices, email, notifications, dashboard, admin, and client portal. CI/CD via Gitea Actions with Docker builds. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-26 11:52:51 +01:00			`);`
			`}`