src/app/api/v1/admin/documenso/sync-template/%5BtemplateId%5D/route.ts

import { NextResponse } from 'next/server';

import { withAuth, withPermission } from '@/lib/api/helpers';
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
import { findTemplateIdByEnvelopeId } from '@/lib/services/documenso-client';
import { syncDocumensoTemplate } from '@/lib/services/documenso-template-sync.service';

/**
 * POST /api/v1/admin/documenso/sync-template/:templateId
 *
 * Calls Documenso's GET /template/{id} via the configured per-port creds,
 * pre-fills the matching documenso_*_recipient_id settings, and caches the
 * field name→ID map at documenso_eoi_field_map for v2 prefillFields usage.
 *
 * Accepts either a numeric template ID (`123`) or a Documenso 2.x envelope
 * ID (`envelope_xxxxxxxx`) — the latter is what the Documenso UI URL shows,
 * so paste-from-URL works out of the box on v2 instances. Envelope IDs get
 * resolved to their numeric template id via `findTemplateIdByEnvelopeId`
 * before the sync runs.
 *
 * Admin-only via `admin.manage_settings`. Audit-logged through the per-field
 * writeSetting calls inside the service.
 */
export const POST = withAuth(
  withPermission('admin', 'manage_settings', async (_req, ctx, params) => {
    try {
      const raw = params.templateId ?? '';
      let templateId: number;

      if (/^envelope_/.test(raw)) {
        const resolved = await findTemplateIdByEnvelopeId(raw, ctx.portId);
        if (!resolved) {
          throw new NotFoundError(`Template "${raw}" — no matching envelopeId found`);
        }
        templateId = resolved;
      } else {
        templateId = Number(raw);
        if (!Number.isInteger(templateId) || templateId <= 0) {
          throw new ValidationError(
            'templateId must be a positive integer or a Documenso envelopeId (envelope_…)',
          );
        }
      }

      const result = await syncDocumensoTemplate(templateId, ctx.portId, {
        userId: ctx.userId,
        portId: ctx.portId,
        ipAddress: ctx.ipAddress,
        userAgent: ctx.userAgent,
      });
      return NextResponse.json({ data: result });
    } catch (error) {
      return errorResponse(error);
    }
  }),
);
fix(audit): comprehensive 2026-05-15 audit fix wave + Documenso v2 polish Bundles the prior session's 50-task fix sweep (Documenso v2 + EOI/signing- progress redesign + env-to-admin migration + dev-mode banner) with the 2026-05-18 audit fix wave (3 CRITICAL, 14 HIGH, 28 MEDIUM, 6 LOW). CRITICAL (3): - C-01 interest-berths INNER JOIN -> LEFT JOIN so hard-deleted berths no longer silently drop interest links - C-02 /setup added to PUBLIC_PATHS; fresh-deploy bootstrap loop fixed - C-03 generic PATCH /interests/[id] no longer accepts pipelineStage — callers must go through /stage with the override-guard chain HIGH (14/15): - H-01 explicit ON DELETE on previously-implicit NO ACTION FKs across interests/documents/reservations/reminders/invoices (migration 0070) - H-02 login page reads ?redirect= param with same-origin guard - H-03 CRM invite token moves to URL fragment so it never lands in nginx access logs / Referer headers - H-04 Retry-After header on sign-in-by-identifier 429 (RFC 6585 §4) - H-05 toggleAccount writes an audit row - H-06 upsertSetting masks any value whose key ends with _encrypted - H-07 archiveClient cascade fires per-interest audit rows - H-08 createSalesTransporter applies SMTP_TIMEOUTS - H-09 AppShell stable children — viewport flip across breakpoint no longer destroys in-progress form drafts - H-10 portal documents page swaps Unicode glyph status icons for Lucide CheckCircle2/XCircle/Circle + aria-labels - H-12 list components swap alert(...) for toast.warning(...) - H-13 5 icon-only buttons gain aria-label - H-14 parseBody treats empty bodies as {} - H-15 admin layout renders a 403 panel instead of silent bounce - H-11 not applicable — mobile-search-overlay IS a mobile bottom-sheet MEDIUM (28+): - M-MT01-05 defense-in-depth port_id/parent-id filters on UPDATE/DELETE WHEREs across custom-fields, notes (all 6 entity types x update + delete), client-contacts, yacht ownerClient lookup, webhook reads - M-D01 documents-hub realtime event-name typo (file:created -> uploaded) - M-EM01 portal-auth emails thread through portId - M-EM02 sendEmail accepts cc/bcc params - M-EM04 notification_digest catalog key - M-IN01 portal presigned download URLs use 4h TTL - M-IN02 OpenAI client lazy-instantiated - M-IN04 stale pdfme refs updated to pdf-lib AcroForm - M-IN05 umami.testConnection returns tagged union - M-L01 reservations tenure_type unified with berths - M-L02 report-generators canonicalize stage values - M-AU01 audit log placeholder copy fixed - M-AU04 outcome_set / outcome_cleared distinct audit verbs - M-NEW-2 activity feed entity name+type separator - M-R01 portal allowlist narrowed + portal_session backstop in proxy - M-SC02 companies archived partial index - M-SC04 audit_logs.searchText documented as DB-managed - M-S01 storage_s3_access_key_encrypted admin field - M-U01 audit log empty state uses <EmptyState> - M-U09 invoice delete dialog -> <AlertDialog> - M-U10 toast.success on ClientForm + InterestForm create/edit - M-U11 settings-form-card logo preview alt text - M-U14 mobile topbar title on clients/yachts/interests/berths - M-U15 Invoices in mobile More-sheet LOW (6/8): - L-AU01 severity defaults for security-relevant verbs - L-AU02 +13 missing actions in admin audit filter - L-AU03 +7 missing entity types in admin audit filter - L-AU04 dead listAuditLogs stubbed - L-D02 CLAUDE.md Owner-wins chain tightened Bonus — Document detail polish (#67 partial, 3/6 deliverables): - state-aware action button per signer - watcher Add UI with display-name resolution - cleanSignerName cleanup Prior session work bundled in: - Documenso v2 webhook + envelope-ID normalization + sequential signing - SigningProgress UI redesign (avatars, per-signer state, timestamps) - env->admin settings registry + RegistryDrivenForm + encrypted creds - Embedded-signing card + Test connection + setup help - Dev-mode EMAIL_REDIRECT_TO banner - Pipeline rules admin page - Sales email config card - Audit log details Sheet - EOI tab: Finalising badge, absolute timestamps, sequential indicator - Notes pipeline_stage_at_creation (migration 0069) - Documenso numeric ID dual-key webhook (migration 0068) - Dimensions criterion copy (migration 0067) Tests: 1374/1374 vitest pass. tsc clean. lint clean. See docs/AUDIT-FIX-WAVE-2026-05-18.md for the full progress report and the user-input items still pending. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-18 13:28:50 +02:00			`import { NextResponse } from 'next/server';`

			`import { withAuth, withPermission } from '@/lib/api/helpers';`
			`import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';`
			`import { findTemplateIdByEnvelopeId } from '@/lib/services/documenso-client';`
			`import { syncDocumensoTemplate } from '@/lib/services/documenso-template-sync.service';`

			`/**`
			`* POST /api/v1/admin/documenso/sync-template/:templateId`
			`*`
			`* Calls Documenso's GET /template/{id} via the configured per-port creds,`
			`* pre-fills the matching documenso_*_recipient_id settings, and caches the`
			`* field name→ID map at documenso_eoi_field_map for v2 prefillFields usage.`
			`*`
			* Accepts either a numeric template ID (`123`) or a Documenso 2.x envelope
			* ID (`envelope_xxxxxxxx`) — the latter is what the Documenso UI URL shows,
			`* so paste-from-URL works out of the box on v2 instances. Envelope IDs get`
			* resolved to their numeric template id via `findTemplateIdByEnvelopeId`
			`* before the sync runs.`
			`*`
			* Admin-only via `admin.manage_settings`. Audit-logged through the per-field
			`* writeSetting calls inside the service.`
			`*/`
			`export const POST = withAuth(`
			`withPermission('admin', 'manage_settings', async (_req, ctx, params) => {`
			`try {`
			`const raw = params.templateId ?? '';`
			`let templateId: number;`

			`if (/^envelope_/.test(raw)) {`
			`const resolved = await findTemplateIdByEnvelopeId(raw, ctx.portId);`
			`if (!resolved) {`
			throw new NotFoundError(`Template "${raw}" — no matching envelopeId found`);
			`}`
			`templateId = resolved;`
			`} else {`
			`templateId = Number(raw);`
			`if (!Number.isInteger(templateId) \|\| templateId <= 0) {`
			`throw new ValidationError(`
			`'templateId must be a positive integer or a Documenso envelopeId (envelope_…)',`
			`);`
			`}`
			`}`

			`const result = await syncDocumensoTemplate(templateId, ctx.portId, {`
			`userId: ctx.userId,`
			`portId: ctx.portId,`
			`ipAddress: ctx.ipAddress,`
			`userAgent: ctx.userAgent,`
			`});`
			`return NextResponse.json({ data: result });`
			`} catch (error) {`
			`return errorResponse(error);`
			`}`
			`}),`
			`);`