letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bac253b36012bdb507f0ddecb2a592bf061dc033
pn-new-crm/src/app/api/v1/me/email/route.ts

135 lines
5.0 KiB
TypeScript
Raw Normal View History

feat: autonomous backlog push — admin UX overhaul + storage parity + residential parity + Documenso Phase 1 Massive multi-area push driven by docs/admin-ux-backlog.md. Every byte path now goes through getStorageBackend() so signed EOIs, contracts, brochures, berth PDFs, files, avatars, branding logos, and DB backups all work identically on S3 and filesystem backends. USER SETTINGS (rebuild) - Country + Timezone selectors with cross-defaulting - Browser-detected timezone banner ("Looks like you're in Europe/Paris…") - Email change with verification flow (user_email_changes table, OLD-address cancel link + NEW-address confirm link) + EMAIL_CHANGE_INSTANT=true dev shortcut - Password reset triggered via better-auth requestPasswordReset - Profile photo upload + crop (square 256×256) via shared <ImageCropperDialog> + /api/v1/me/avatar BRANDING - Shared <ImageCropperDialog> using react-easy-crop - Logo upload + crop in /admin/branding (writes via /api/v1/admin/settings/image -> storage backend) - Email header/footer HTML defaults injectable via "Insert default" - SettingsFormCard new field types: timezone (combobox), image-upload STORAGE ADMIN OVERHAUL - S3 config form FIRST, swap action SECOND - Test connection before any switch - Two-button switch: "Switch + migrate" vs "Switch only" with warning modals - runMigration() honours skipMigration flag - /api/ready + system-monitoring health check use the active storage backend instead of always probing MinIO - Filesystem backend already had full feature parity — verified BACKUP MANAGEMENT (real) - New backup_jobs table (id / status / trigger / size / storage_path) - runBackup() service spawns pg_dump --format=custom, streams to active storage backend via getStorageBackend().put() - /admin/backup page: trigger, history, download .dump for restore - Super-admin gated AI ADMIN PANEL - /admin/ai consolidates master switch + monthly token cap + provider credentials - Per-feature settings (OCR, berth-PDF parser, recommender) linked from the same page ONBOARDING WIZARD - /admin/onboarding now real with auto-checked steps - Reads each setting key + lists endpoint (roles/users/tags) to decide completion - Manual checkboxes for steps without an auto-detect signal - Progress bar + Mark done/Mark incomplete buttons - State persisted in system_settings.onboarding_manual_status RESIDENTIAL PARITY (full) - New residential_client_notes + residential_interest_notes tables (mirror marina-side shape) - Polymorphic notes.service.ts extended (verifyParent, listForEntity, create, update, delete) for residential_clients/_interests - <NotesList> component accepts the new entity types - 4 new note endpoints (GET/POST/PATCH/DELETE for clients + interests) - 2 new activity endpoints (residential clients + interests) - residential-client-tabs.tsx + residential-interest-tabs.tsx use DetailLayout (Overview / Interests / Notes / Activity) - residential-client-detail-header.tsx mirrors marina-side strip - useBreadcrumbHint wired into both detail components - Configurable Assigned-to dropdown (residential_interests.view perm) CONFIGURABLE RESIDENTIAL STAGES - residential-stages.service.ts with list / save / orphan-check - /api/v1/residential/stages GET/PUT - /admin/residential-stages admin UI with reassign-on-remove modal - Validators relaxed from z.enum to z.string DOCUMENSO PHASE 1 - Schema: document_signers.invited_at / opened_at / last_reminder_sent_at / signing_token (+ idx_ds_signing_token) - Schema: documents.completion_cc_emails (text[]) + auto_reminder_interval_days (int) - transformSigningUrl() now maps SignerRole -> URL segment via ROLE_TO_URL_SEGMENT (approver->cc, witness->witness) — fixes Risk #5 where approver invites landed on /sign/error - POST /api/v1/documents/[id]/send-invitation with auto-pick of next pending signer - Per-port settings: documenso_developer_label / _approver_label + documenso_developer_user_id / _approver_user_id (Phase 7 Project Director RBAC binding fields) ADMIN UX RAPID-FIRE - Sidebar collapse removed (always-expanded design) - Audit log: input sizes (h-9), date pickers w-44, action cell sub-label so single-row entries aren't blank - Sales email config: token list <details> + tooltips on threshold + body fields - Custom Settings card: long-form description - Reminder digest timezone uses TimezoneCombobox - Port form: currency dropdown (10 common currencies) + timezone combobox + brand color picker - Permissions count badge opens modal with granted/denied per resource - Role names display-normalized via prettifyRoleName - Tag form: native input type=color - Custom Fields page: amber heads-up about non-integration - Settings manager: select field type + fallthrough_policy as dropdown - Storage admin S3 fields ship as proper password + boolean LIST PAGES - Residential client list: clickable email/phone (mailto/tel/wa.me) - Residential interests + Documents Hub search inputs sized h-9 CURRENCY API - scripts/test-currency-api.ts verifies live Frankfurter fetch -> DB upsert -> getRate -> convert. Inverse-rate drift <=0.001 TESTS - 1185/1185 vitest passing - tsc clean - eslint 0 errors (16 pre-existing warnings) Note: WEBSITE_INTAKE_SECRET added to .env.example but committed separately due to pre-commit hook policy on .env* files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 21:02:12 +02:00
import { NextResponse } from 'next/server';
import { z } from 'zod';
import { eq } from 'drizzle-orm';
import crypto from 'node:crypto';
import { withAuth } from '@/lib/api/helpers';
import { parseBody } from '@/lib/api/route-helpers';
import { db } from '@/lib/db';
import { user, userEmailChanges } from '@/lib/db/schema/users';
import { createAuditLog } from '@/lib/audit';
import { ConflictError, errorResponse, ValidationError } from '@/lib/errors';
import { env } from '@/lib/env';
const updateEmailSchema = z.object({
email: z.string().email().toLowerCase(),
});
const VERIFY_TOKEN_TTL_MINUTES = 60;
const REQUIRES_VERIFICATION = process.env.EMAIL_CHANGE_INSTANT !== 'true';
/**
* Initiate an email-change for the signed-in user.
*
* Production flow (REQUIRES_VERIFICATION=true, default):
* 1. Create a user_email_changes row with sha256(token)
* 2. Email OLD address with a cancel link
* 3. Email NEW address with a confirm link
* 4. Change applies only when /api/v1/me/email/confirm/<token> is called
*
* Dev shortcut (set EMAIL_CHANGE_INSTANT=true):
* - Updates user.email immediately, skipping the email round-trip.
* - Useful for local testing where SMTP isn't wired.
*/
export const PATCH = withAuth(async (req, ctx) => {
try {
const { email } = await parseBody(req, updateEmailSchema);
if (email === ctx.user.email) {
return NextResponse.json({ ok: true, unchanged: true });
}
// Reject if another account already owns this address.
const conflict = await db.query.user.findFirst({ where: eq(user.email, email) });
if (conflict && conflict.id !== ctx.userId) {
throw new ConflictError('That email is already in use by another account');
}
if (!REQUIRES_VERIFICATION) {
// Instant change — dev only.
const [updated] = await db
.update(user)
.set({ email, emailVerified: false, updatedAt: new Date() })
.where(eq(user.id, ctx.userId))
.returning({ email: user.email });
if (!updated) throw new ValidationError('Failed to update email');
void createAuditLog({
userId: ctx.userId,
portId: ctx.portId || null,
action: 'update',
entityType: 'user',
entityId: ctx.userId,
oldValue: { email: ctx.user.email },
newValue: { email: updated.email },
metadata: { type: 'email_change_instant' },
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ data: { email: updated.email, instant: true } });
}
// Verification flow — generate a single-use token, hash it, persist.
const rawToken = crypto.randomBytes(32).toString('base64url');
const tokenHash = crypto.createHash('sha256').update(rawToken).digest('hex');
const expiresAt = new Date(Date.now() + VERIFY_TOKEN_TTL_MINUTES * 60 * 1000);
const [pending] = await db
.insert(userEmailChanges)
.values({
userId: ctx.userId,
oldEmail: ctx.user.email,
newEmail: email,
confirmTokenHash: tokenHash,
expiresAt,
})
.returning();
if (!pending) throw new ValidationError('Failed to create pending email-change row');
const baseUrl = env.APP_URL.replace(/\/+$/, '');
const confirmUrl = `${baseUrl}/api/v1/me/email/confirm/${rawToken}`;
const cancelUrl = `${baseUrl}/api/v1/me/email/cancel/${rawToken}`;
try {
const { sendEmail } = await import('@/lib/email');
await Promise.allSettled([
sendEmail(
email,
'Confirm your new Port Nimara CRM email address',
`<p>Hi,</p><p>You (or someone using your account) requested to change the sign-in email on your Port Nimara CRM account from <strong>${ctx.user.email}</strong> to <strong>${email}</strong>.</p><p><a href="${confirmUrl}">Click here to confirm this change</a> — the link expires in ${VERIFY_TOKEN_TTL_MINUTES} minutes.</p><p>If you didn't request this, ignore this email.</p>`,
undefined,
`Confirm new email: ${confirmUrl}`,
),
sendEmail(
ctx.user.email,
'A change to your Port Nimara CRM email was requested',
`<p>Hi,</p><p>A change to your sign-in email was requested. If this wasn't you, <a href="${cancelUrl}">click here to cancel the change</a> immediately and consider rotating your password.</p>`,
undefined,
`Cancel email change: ${cancelUrl}`,
),
]);
} catch {
// Email send is best-effort; the row stays so the user can re-request.
}
void createAuditLog({
userId: ctx.userId,
portId: ctx.portId || null,
action: 'create',
entityType: 'user_email_change',
entityId: pending.id,
newValue: { newEmail: email },
metadata: { type: 'email_change_requested' },
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({
data: {
pendingChangeId: pending.id,
verificationSentTo: email,
},
});
} catch (error) {
return errorResponse(error);
}
});
Reference in New Issue Copy Permalink