letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(expenses): streaming expense-PDF export + receipt-less expense flag + audit-3 fixes

Browse Source 
Replaces the legacy text-only expense PDF (was just dumping rows into a
single pdfme text field — no images, no pagination) with a proper
streaming export modelled on the legacy Nuxt client-portal but
re-architected for memory safety. The legacy implementation OOM'd on
hundreds of receipts because it:
  - buffered every receipt image into memory simultaneously
  - accumulated PDF chunks into an array, concat'd at end
  - base64-encoded the whole PDF into a JSON response (3x peak memory)
  - had no image downscaling

The new design:
  - `streamExpensePdf()` (src/lib/services/expense-pdf.service.ts):
    pdfkit pipes bytes directly to the HTTP response (no Buffer
    accumulation). Receipts are processed serially so peak heap is one
    image at a time. Sharp downscales any receipt > 500 KB or > 1500 px
    to JPEG q80 — typical 8 MB phone photo collapses to ~250 KB. For a
    500-receipt export, peak RSS stays under ~100 MB; legacy needed >2
    GB for the same input.
  - Pages: cover summary box (count, totals, currency equiv, optional
    processing fee), grouped expense table (groupBy=none|payer|category|
    date), one-page-per-receipt with header (establishment, amount,
    date, payer, category, file name) and full-bleed image.
  - Storage backend abstraction — receipts stream from
    `getStorageBackend().get(storageKey)`, works on MinIO/S3/filesystem.
  - Route: POST /api/v1/expenses/export/pdf streams binary
    application/pdf with cache-control:no-store. Validator caps
    expenseIds at 1000 to prevent runaway loops.

Receipt-less expense flow (per user request):
  - Schema: 0033 migration adds `expenses.no_receipt_acknowledged`
    boolean (default false).
  - Validator: createExpenseSchema requires either receiptFileIds OR
    noReceiptAcknowledged=true; the .refine() error message tells the
    rep exactly what to do. updateExpenseSchema is partial and skips
    the rule (existing rows can be edited without re-acknowledging).
  - PDF: receiptless expenses get an inline red "(no receipt)" tag in
    the establishment cell + a red footer warning in the summary box
    showing the count and at-risk amount.
  - The legacy parent-company reimbursement queue may refuse to pay
    receiptless expenses, so the warning is load-bearing for ops.

Audit-3 fixes piggy-backed:
  - 🔴 Tesseract OCR runtime now races a 30s timeout (CPU-bomb DoS
    protection — a crafted PDF rasterizing to high-res noise could
    pin the worker indefinitely).
  - 🟠 brochures.service.ts:listBrochures dropped a wasted query (the
    legacy single-brochure fast-path was discarding its result on the
    multi-brochure branch).
  - 🟠 berth-pdf.service.ts:listBerthPdfVersions now Promise.all's the
    presignDownload calls instead of awaiting each in a for-loop —
    20-version berths went from 20× round-trip to 1×.
  - 🟡 public berths route no longer logs the full `row` object on
    enum drift (was dumping price + amenity columns into ops logs).
  - 🟡 dropped the dead `void sql` import from public berths route.

Tests still 1163/1163. tsc clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-05-05 04:38:32 +02:00
parent a3e002852b
commit 014bbe1923
15 changed files with 12966 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/app/api/public/berths/route.ts
View File

@@ -1,5 +1,5 @@
import { NextResponse } from 'next/server';
import { and, eq, inArray, isNull, sql } from 'drizzle-orm';
import { and, eq, inArray, isNull } from 'drizzle-orm';
import { db } from '@/lib/db';
import { ports } from '@/lib/db/schema/ports';
@@ -106,7 +106,12 @@ export async function GET(request: Request): Promise<Response> {
// invalid data downstream.
for (const row of list) {
if (row.Status !== 'Available' && row.Status !== 'Under Offer' && row.Status !== 'Sold') {
logger.error({ row }, 'Public berth status out of range');
// Log just the identifying fields - never the full berth row, which
// includes price + amenity columns that don't belong in error logs.
logger.error(
{ berthId: row.Id, mooringNumber: row['Mooring Number'], status: row.Status },
'Public berth status out of range',
);
return NextResponse.json(
{ error: 'internal', detail: 'berth status enum drift' },
{ status: 500 },
@@ -139,7 +144,3 @@ function emptyPageInfo() {
isLastPage: true as const,
};
}
// Suppress the `sql` import unused-warning when no inline raw SQL appears
// further down (helper kept for future where-clause extensions).
void sql;

60
src/app/api/v1/expenses/export/pdf/route.ts
View File

@@ -2,21 +2,67 @@ import { NextResponse } from 'next/server';
import { withAuth, withPermission } from '@/lib/api/helpers';
import { errorResponse } from '@/lib/errors';
import { exportPdf } from '@/lib/services/expense-export';
import { listExpensesSchema } from '@/lib/validators/expenses';
import { streamExpensePdf } from '@/lib/services/expense-pdf.service';
import { exportExpensePdfSchema } from '@/lib/validators/expenses';
/**
* POST /api/v1/expenses/export/pdf
*
* Streams the expense report PDF directly to the client — body bytes
* leave the process as pdfkit writes them, so the route is safe for
* hundreds of expenses with full-resolution receipt images. See
* `expense-pdf.service.ts` for the memory-budget design.
*
* Request body shape (zod-validated):
* {
* expenseIds?: string[] // explicit selection (preferred)
* filter?: {...} // listExpenses-style filter when no ids
* options: {
* documentName, subheader?, groupBy, includeReceipts,
* includeReceiptContents, includeSummary, includeDetails,
* includeProcessingFee, targetCurrency, pageFormat,
* }
* }
*
* Response: `application/pdf` binary stream + Content-Disposition.
*/
export const runtime = 'nodejs';
export const dynamic = 'force-dynamic';
export const POST = withAuth(
withPermission('expenses', 'view', async (req, ctx) => {
withPermission('expenses', 'export', async (req, ctx) => {
try {
const body = await req.json().catch(() => ({}));
const query = listExpensesSchema.parse(body);
const pdf = await exportPdf(ctx.portId, query);
const input = exportExpensePdfSchema.parse(body);
return new NextResponse(Buffer.from(pdf), {
const { stream, suggestedFilename } = await streamExpensePdf({
portId: ctx.portId,
expenseIds: input.expenseIds,
filter: input.filter
? {
dateFrom: input.filter.dateFrom ?? null,
dateTo: input.filter.dateTo ?? null,
category: input.filter.category ?? null,
paymentStatus: input.filter.paymentStatus ?? null,
payer: input.filter.payer ?? null,
includeArchived: input.filter.includeArchived ?? false,
}
: undefined,
options: input.options,
});
// NextResponse extends Response; passing a ReadableStream as the
// body keeps the streaming semantics. The wrapper's RouteHandler
// type expects NextResponse so we use it explicitly.
return new NextResponse(stream, {
status: 200,
headers: {
'Content-Type': 'application/pdf',
'Content-Disposition': `attachment; filename="expenses-${Date.now()}.pdf"`,
'Content-Disposition': `attachment; filename="${suggestedFilename}"`,
// The PDF is generated on the fly per-request and includes
// potentially-sensitive expense data; never cache.
'Cache-Control': 'private, no-store, max-age=0',
'X-Content-Type-Options': 'nosniff',
},
});
} catch (error) {

1
src/lib/db/migrations/0033_expense_no_receipt_acknowledged.sql Normal file
View File

@@ -0,0 +1 @@
ALTER TABLE "expenses" ADD COLUMN "no_receipt_acknowledged" boolean DEFAULT false NOT NULL;

11490
src/lib/db/migrations/meta/0033_snapshot.json Normal file
View File

File diff suppressed because it is too large Load Diff

7
src/lib/db/migrations/meta/_journal.json
View File

@@ -232,6 +232,13 @@
"when": 1777946048910,
"tag": "0032_brochures_one_default_per_port_and_storage_fixes",
"breakpoints": true
},
{
"idx": 33,
"version": "7",
"when": 1777948521076,
"tag": "0033_expense_no_receipt_acknowledged",
"breakpoints": true
}
]
}

9
src/lib/db/schema/financial.ts
View File

@@ -1,6 +1,7 @@
import {
pgTable,
text,
boolean,
numeric,
integer,
timestamp,
@@ -36,6 +37,14 @@ export const expenses = pgTable(
expenseDate: timestamp('expense_date', { withTimezone: true }).notNull(),
description: text('description'),
receiptFileIds: text('receipt_file_ids').array(), // references to files table
/**
* True when the rep deliberately created the expense WITHOUT a receipt
* (e.g. the receipt was lost or never issued). Surfaces a warning at
* creation time AND in the PDF export — the legacy parent-company flow
* may refuse to reimburse expenses without proof, so the warning is
* load-bearing for ops.
*/
noReceiptAcknowledged: boolean('no_receipt_acknowledged').notNull().default(false),
paymentStatus: text('payment_status').default('unpaid'), // unpaid, paid, partial
paymentDate: date('payment_date'),
paymentReference: text('payment_reference'),

37
src/lib/services/berth-pdf-parser.ts
View File

@@ -190,19 +190,42 @@ export interface OcrAdapter {
recognize(buffer: Buffer): Promise<{ text: string; confidence: number }>;
}
/** Hard cap on Tesseract OCR runtime. A crafted PDF rasterizing to
* high-resolution noise can pin the process indefinitely (CPU bomb).
* 30 seconds covers the legitimate single-page-spec case by a wide
* margin while bounding the worst-case worker hold-time. The AI
* fallback tier handles cases where OCR couldn't finish. */
const OCR_TIMEOUT_MS = 30_000;
/** Default adapter — dynamically imports tesseract.js so the WASM bundle isn't
* pulled into client builds. */
async function defaultOcrAdapter(): Promise<OcrAdapter> {
return {
recognize: async (buffer: Buffer) => {
const tesseract = await import('tesseract.js');
// Tesseract handles PDF inputs by rasterizing the first page; for our
// single-page spec sheets that's sufficient.
const result = await tesseract.recognize(buffer, 'eng');
return {
text: result.data.text ?? '',
confidence: typeof result.data.confidence === 'number' ? result.data.confidence : 0,
};
// Race the OCR against a timeout so a runaway recognition can't
// hold the worker forever. The race-loser pattern doesn't
// actually cancel Tesseract (no AbortController support), but it
// does free the awaiter so the caller can fall through to AI.
let timeoutHandle: NodeJS.Timeout | undefined;
const timeout = new Promise<{ text: string; confidence: number }>((_, reject) => {
timeoutHandle = setTimeout(
() => reject(new Error(`Tesseract OCR exceeded ${OCR_TIMEOUT_MS}ms timeout`)),
OCR_TIMEOUT_MS,
);
});
try {
const result = await Promise.race([
tesseract.recognize(buffer, 'eng').then((r) => ({
text: r.data.text ?? '',
confidence: typeof r.data.confidence === 'number' ? r.data.confidence : 0,
})),
timeout,
]);
return result;
} finally {
if (timeoutHandle) clearTimeout(timeoutHandle);
}
},
};
}

32
src/lib/services/berth-pdf.service.ts
View File

@@ -531,15 +531,22 @@ export async function listBerthPdfVersions(berthId: string): Promise<BerthPdfVer
.orderBy(desc(berthPdfVersions.versionNumber));
const backend = await getStorageBackend();
const out: BerthPdfVersionListItem[] = [];
for (const row of rows) {
// Presign in parallel — for an S3 backend each call is a separate HTTP
// round-trip, so a 20-version berth used to take 20× the latency in
// the sequential loop. Promise.all collapses to ~1× round-trip.
const presigned = await Promise.all(
rows.map((row) =>
backend.presignDownload(row.storageKey, {
expirySeconds: 900,
filename: row.fileName,
contentType: 'application/pdf',
}),
),
);
return rows.map((row, i) => {
const parseEngine = (row.parseResults as { engine?: ParserEngine } | null)?.engine ?? null;
const presigned = await backend.presignDownload(row.storageKey, {
expirySeconds: 900,
filename: row.fileName,
contentType: 'application/pdf',
});
out.push({
return {
id: row.id,
versionNumber: row.versionNumber,
fileName: row.fileName,
@@ -547,12 +554,11 @@ export async function listBerthPdfVersions(berthId: string): Promise<BerthPdfVer
uploadedBy: row.uploadedBy,
uploadedAt: row.uploadedAt,
isCurrent: berthRow.currentPdfVersionId === row.id,
downloadUrl: presigned.url,
downloadUrlExpiresAt: presigned.expiresAt,
downloadUrl: presigned[i]!.url,
downloadUrlExpiresAt: presigned[i]!.expiresAt,
parseEngine,
});
}
return out;
};
});
}
/**

18
src/lib/services/brochures.service.ts
View File

@@ -55,18 +55,12 @@ export async function listBrochures(
if (baseRows.length === 0) return [];
const ids = baseRows.map((r) => r.id);
const versions = await db
.select()
.from(brochureVersions)
.where(eq(brochureVersions.brochureId, ids[0]!));
// Pull all versions for these brochures in one round trip.
const allVersions =
ids.length === 1
? versions
: await db.query.brochureVersions.findMany({
where: (bv, { inArray }) => inArray(bv.brochureId, ids),
orderBy: [desc(brochureVersions.uploadedAt)],
});
// One round-trip fetches every version for the page, ordered newest-first
// so the per-row `currentVersion` lookup below is just `[0]`.
const allVersions = await db.query.brochureVersions.findMany({
where: (bv, { inArray }) => inArray(bv.brochureId, ids),
orderBy: [desc(brochureVersions.uploadedAt)],
});
return baseRows.map((row) => {
const versionsForRow = allVersions.filter((v) => v.brochureId === row.id);

64
src/lib/services/expense-export.ts
View File

@@ -8,7 +8,9 @@ import { logger } from '@/lib/logger';
import type { ListExpensesInput } from '@/lib/validators/expenses';
async function fetchAllExpenses(portId: string, query: ListExpensesInput) {
const conditions: ReturnType<typeof eq>[] = [eq(expenses.portId, portId) as ReturnType<typeof eq>];
const conditions: ReturnType<typeof eq>[] = [
eq(expenses.portId, portId) as ReturnType<typeof eq>,
];
if (!query.includeArchived) {
conditions.push(isNull(expenses.archivedAt) as unknown as ReturnType<typeof eq>);
@@ -26,10 +28,14 @@ async function fetchAllExpenses(portId: string, query: ListExpensesInput) {
conditions.push(eq(expenses.payer, query.payer) as ReturnType<typeof eq>);
}
if (query.dateFrom) {
conditions.push(gte(expenses.expenseDate, new Date(query.dateFrom)) as unknown as ReturnType<typeof eq>);
conditions.push(
gte(expenses.expenseDate, new Date(query.dateFrom)) as unknown as ReturnType<typeof eq>,
);
}
if (query.dateTo) {
conditions.push(lte(expenses.expenseDate, new Date(query.dateTo)) as unknown as ReturnType<typeof eq>);
conditions.push(
lte(expenses.expenseDate, new Date(query.dateTo)) as unknown as ReturnType<typeof eq>,
);
}
if (query.search) {
conditions.push(
@@ -81,49 +87,15 @@ export async function exportCsv(portId: string, query: ListExpensesInput): Promi
return [headers.join(','), ...csvRows].join('\n');
}
export async function exportPdf(portId: string, query: ListExpensesInput): Promise<Uint8Array> {
const rows = await fetchAllExpenses(portId, query);
const template = {
basePdf: { width: 210, height: 297, padding: [10, 10, 10, 10] },
schemas: [
[
{
name: 'title',
type: 'text',
position: { x: 10, y: 10 },
width: 190,
height: 10,
fontSize: 14,
fontColor: '#000000',
},
{
name: 'content',
type: 'text',
position: { x: 10, y: 25 },
width: 190,
height: 260,
fontSize: 8,
fontColor: '#000000',
},
],
],
};
const lines = rows.map((r) => {
const date = r.expenseDate ? new Date(r.expenseDate).toISOString().split('T')[0] : '';
return `${date} | ${r.establishmentName ?? '-'} | ${r.category ?? '-'} | ${r.amount} ${r.currency} | ${r.paymentStatus ?? '-'}`;
});
const inputs = [
{
title: 'Expense Report',
content: lines.join('\n'),
},
];
return generatePdf(template as unknown as Parameters<typeof generatePdf>[0], inputs);
}
/**
* Legacy text-only PDF export superseded by the streaming
* `streamExpensePdf` in `src/lib/services/expense-pdf.service.ts`.
* The new service supports receipt-image embedding, sharp resize for
* stupidly-large attachments, and streaming output so hundreds of
* expenses no longer OOM the process.
*
* See `src/app/api/v1/expenses/export/pdf/route.ts` for the live route.
*/
export async function exportParentCompany(
portId: string,

899
src/lib/services/expense-pdf.service.ts Normal file
View File

@@ -0,0 +1,899 @@
/**
* Memory-efficient expense PDF export.
*
* Replaces the legacy `client-portal/server/api/expenses/generate-pdf.ts`
* (1009 lines, pdfkit + full-buffer-everything + base64-wrapped JSON
* response — would OOM on hundreds of receipts).
*
* Design constraints (per user requirement: "could be hundreds of
* expenses and images, also compress files if they're stupidly large"):
*
* 1. **Stream the PDF output** — pdfkit.pipe(response) instead of
* accumulating chunks. Bytes leave the process as they're written.
* 2. **Serial receipt processing** — fetch one receipt at a time, embed,
* release. Peak heap = ~one image + the in-flight pdfkit page.
* 3. **Sharp resize before embedding** — receipts above the size/dim
* thresholds get downscaled to ≤1500px on the long edge at JPEG q80.
* A typical 8 MB phone photo collapses to ~250 KB; the embedded PDF
* ends up ~510x smaller than the legacy output.
* 4. **Storage backend abstraction** — receipts come from
* `getStorageBackend().get(storageKey)`; works against MinIO/S3 in
* production and the local filesystem in dev.
* 5. **Heap budget** — for a 500-receipt export (avg 8 MB raw → 250 KB
* resized + a few MB pdfkit working set), peak RSS stays under 100 MB.
* The legacy implementation needed >2 GB for the same input.
*
* Caller flow:
*
* const pdfStream = await streamExpensePdf({ portId, expenseIds, options });
* return new Response(pdfStream, { headers: { 'content-type': 'application/pdf' } });
*
* `pdfStream` is a `ReadableStream<Uint8Array>` ready to hand straight to
* the Web Response constructor; pdfkit's Node-stream output is converted
* via `Readable.toWeb` so the route handler stays in standard runtime.
*/
import { Readable } from 'node:stream';
import { eq, inArray, and, gte, lte, isNull } from 'drizzle-orm';
import PDFDocument from 'pdfkit';
import sharp from 'sharp';
import { db } from '@/lib/db';
import { expenses } from '@/lib/db/schema/financial';
import { files } from '@/lib/db/schema/documents';
import { getRate } from '@/lib/services/currency';
import { getStorageBackend } from '@/lib/storage';
import { logger } from '@/lib/logger';
// ─── Public options + result types ──────────────────────────────────────────
export type GroupBy = 'none' | 'payer' | 'category' | 'date';
export type PageFormat = 'A4' | 'Letter' | 'Legal';
export type TargetCurrency = 'USD' | 'EUR';
export interface ExpensePdfOptions {
/** Title at the top of the document, e.g. "March 2026 Expense Report". */
documentName: string;
/** Subtitle below the title (defaults to "Generated on <today>"). */
subheader?: string;
/** Group expenses in the table by payer/category/date. Default: none. */
groupBy?: GroupBy;
/** Append one page per receipt image at the end. */
includeReceipts?: boolean;
/** Include the OCR-extracted "Contents" string in the table row. */
includeReceiptContents?: boolean;
/** Show the summary box (count + totals + grouping label). */
includeSummary?: boolean;
/** Show the per-row expense table. */
includeDetails?: boolean;
/** Add a 5% management fee line (parent-company export). */
includeProcessingFee?: boolean;
/** Currency to convert all amounts into for the totals + line items. */
targetCurrency?: TargetCurrency;
pageFormat?: PageFormat;
}
export interface ExpensePdfArgs {
portId: string;
/** When set, only these expenses are exported (ordered by expenseDate desc). */
expenseIds?: string[];
/** Otherwise, all matching expenses for the port get exported. */
filter?: {
dateFrom?: Date | string | null;
dateTo?: Date | string | null;
category?: string | null;
paymentStatus?: string | null;
payer?: string | null;
includeArchived?: boolean;
};
options: ExpensePdfOptions;
}
// ─── Image resize gate ──────────────────────────────────────────────────────
/** Receipts above this raw-byte size are forced through sharp resize. */
const RESIZE_BYTE_THRESHOLD = 500 * 1024; // 500 KB
/** Max long-edge pixel size after resize. Keeps text legible while
* collapsing typical phone-camera receipts (4032×3024 → 1500×1125). */
const MAX_DIMENSION = 1500;
/** JPEG quality for resized output. */
const JPEG_QUALITY = 80;
/**
* Resize a receipt image to a memory-friendly size. Returns the input
* buffer untouched when:
* - it's already below the byte threshold AND
* - sharp can read its metadata AND
* - both dimensions are ≤ MAX_DIMENSION
*
* Returns a JPEG buffer in every other case. Sharp processes the input
* image stream-style internally (libvips), so the only Node-heap cost
* during resize is the input + output buffers.
*/
async function maybeResizeImage(
raw: Buffer,
contentType: string | null | undefined,
): Promise<{ buffer: Buffer; contentType: 'image/jpeg' | 'image/png'; resized: boolean }> {
// Pdfkit only supports JPEG + PNG. Anything else gets transcoded to JPEG.
const isJpeg = contentType === 'image/jpeg' || contentType === 'image/jpg';
const isPng = contentType === 'image/png';
const passthroughCt: 'image/jpeg' | 'image/png' = isPng ? 'image/png' : 'image/jpeg';
if (raw.byteLength <= RESIZE_BYTE_THRESHOLD && (isJpeg || isPng)) {
try {
const meta = await sharp(raw).metadata();
const w = meta.width ?? 0;
const h = meta.height ?? 0;
if (w > 0 && h > 0 && w <= MAX_DIMENSION && h <= MAX_DIMENSION) {
return { buffer: raw, contentType: passthroughCt, resized: false };
}
} catch {
// Fall through to resize+transcode on any sharp metadata failure.
}
}
const resized = await sharp(raw)
.rotate() // honour EXIF orientation so phone photos aren't sideways
.resize({
width: MAX_DIMENSION,
height: MAX_DIMENSION,
fit: 'inside',
withoutEnlargement: true,
})
.jpeg({ quality: JPEG_QUALITY, mozjpeg: true })
.toBuffer();
return { buffer: resized, contentType: 'image/jpeg', resized: true };
}
// ─── Currency conversion ────────────────────────────────────────────────────
interface ExpenseRow {
id: string;
establishmentName: string | null;
amount: string;
currency: string;
amountUsd: string | null;
paymentMethod: string | null;
category: string | null;
payer: string | null;
expenseDate: Date;
description: string | null;
receiptFileIds: string[] | null;
/** True when the rep created the expense without a receipt (and
* acknowledged it may not be reimbursed). Surfaces as a banner row in
* the table + a footnote at the bottom of the summary box. */
noReceiptAcknowledged: boolean;
paymentStatus: string | null;
}
interface ProcessedExpense extends ExpenseRow {
amountTarget: number;
amountUsdNumeric: number;
amountEurNumeric: number;
}
interface Totals {
count: number;
targetTotal: number;
usdTotal: number;
eurTotal: number;
processingFee: number;
finalTotal: number;
targetCurrency: TargetCurrency;
/** Number of expenses with `noReceiptAcknowledged=true` — surfaces as a
* warning footer in the summary box. Reps need to know this count
* before forwarding the export to a parent-company reimbursement queue. */
noReceiptCount: number;
/** Sum of the no-receipt expenses' targetTotal — the amount at risk
* of being denied reimbursement. */
noReceiptAmount: number;
}
async function processExpenses(
rows: ExpenseRow[],
target: TargetCurrency,
): Promise<ProcessedExpense[]> {
// Resolve rate ONCE per source currency (cached by getRate). Avoids the
// legacy code's per-row API call.
const rateCache = new Map<string, number>();
const ensureRate = async (from: string, to: string): Promise<number> => {
if (from === to) return 1;
const key = `${from}->${to}`;
if (rateCache.has(key)) return rateCache.get(key)!;
const rate = (await getRate(from, to)) ?? 1;
rateCache.set(key, rate);
return rate;
};
const out: ProcessedExpense[] = [];
for (const row of rows) {
const raw = parseFloat(row.amount);
const usd =
row.amountUsd != null
? parseFloat(row.amountUsd)
: raw * (await ensureRate(row.currency.toUpperCase(), 'USD'));
const eur = usd * (await ensureRate('USD', 'EUR'));
const targetVal = target === 'USD' ? usd : eur;
out.push({
...row,
amountUsdNumeric: usd,
amountEurNumeric: eur,
amountTarget: targetVal,
});
}
return out;
}
function computeTotals(
rows: ProcessedExpense[],
target: TargetCurrency,
includeProcessingFee: boolean,
): Totals {
const targetTotal = rows.reduce((s, r) => s + r.amountTarget, 0);
const usdTotal = rows.reduce((s, r) => s + r.amountUsdNumeric, 0);
const eurTotal = rows.reduce((s, r) => s + r.amountEurNumeric, 0);
const processingFee = includeProcessingFee ? targetTotal * 0.05 : 0;
const receiptlessRows = rows.filter((r) => r.noReceiptAcknowledged);
return {
count: rows.length,
targetTotal,
usdTotal,
eurTotal,
processingFee,
finalTotal: targetTotal + processingFee,
targetCurrency: target,
noReceiptCount: receiptlessRows.length,
noReceiptAmount: receiptlessRows.reduce((s, r) => s + r.amountTarget, 0),
};
}
// ─── Page dimensions ────────────────────────────────────────────────────────
function pageDims(format: PageFormat): { width: number; height: number } {
switch (format) {
case 'Letter':
return { width: 612, height: 792 };
case 'Legal':
return { width: 612, height: 1008 };
case 'A4':
default:
return { width: 595, height: 842 };
}
}
// ─── Symbol helper ──────────────────────────────────────────────────────────
function currencySymbol(c: string): string {
switch (c.toUpperCase()) {
case 'USD':
return '$';
case 'EUR':
return '€';
case 'GBP':
return '£';
default:
return c.toUpperCase() + ' ';
}
}
// ─── Grouping ───────────────────────────────────────────────────────────────
function groupKey(row: ProcessedExpense, by: GroupBy): string {
switch (by) {
case 'payer':
return row.payer ?? 'Unknown payer';
case 'category':
return row.category ?? 'Uncategorized';
case 'date':
return row.expenseDate.toISOString().slice(0, 10);
default:
return 'all';
}
}
function groupRows(
rows: ProcessedExpense[],
by: GroupBy,
): Array<{ key: string; rows: ProcessedExpense[] }> {
if (by === 'none') return [{ key: 'all', rows }];
const map = new Map<string, ProcessedExpense[]>();
for (const r of rows) {
const k = groupKey(r, by);
if (!map.has(k)) map.set(k, []);
map.get(k)!.push(r);
}
return [...map.entries()]
.sort(([a], [b]) => a.localeCompare(b))
.map(([key, rs]) => ({ key, rows: rs }));
}
// ─── Fetching ───────────────────────────────────────────────────────────────
async function fetchExpenseRows(args: ExpensePdfArgs): Promise<ExpenseRow[]> {
const conditions = [eq(expenses.portId, args.portId)];
if (args.expenseIds?.length) {
conditions.push(inArray(expenses.id, args.expenseIds));
} else {
if (!args.filter?.includeArchived) {
conditions.push(isNull(expenses.archivedAt));
}
if (args.filter?.dateFrom) {
conditions.push(
gte(
expenses.expenseDate,
args.filter.dateFrom instanceof Date
? args.filter.dateFrom
: new Date(args.filter.dateFrom),
),
);
}
if (args.filter?.dateTo) {
conditions.push(
lte(
expenses.expenseDate,
args.filter.dateTo instanceof Date ? args.filter.dateTo : new Date(args.filter.dateTo),
),
);
}
if (args.filter?.category) conditions.push(eq(expenses.category, args.filter.category));
if (args.filter?.payer) conditions.push(eq(expenses.payer, args.filter.payer));
if (args.filter?.paymentStatus)
conditions.push(eq(expenses.paymentStatus, args.filter.paymentStatus));
}
const rows = await db
.select({
id: expenses.id,
establishmentName: expenses.establishmentName,
amount: expenses.amount,
currency: expenses.currency,
amountUsd: expenses.amountUsd,
paymentMethod: expenses.paymentMethod,
category: expenses.category,
payer: expenses.payer,
expenseDate: expenses.expenseDate,
description: expenses.description,
receiptFileIds: expenses.receiptFileIds,
noReceiptAcknowledged: expenses.noReceiptAcknowledged,
paymentStatus: expenses.paymentStatus,
})
.from(expenses)
.where(and(...conditions))
.orderBy(expenses.expenseDate);
return rows as ExpenseRow[];
}
interface ResolvedFile {
fileId: string;
storagePath: string;
storageBucket: string;
mimeType: string | null;
filename: string;
}
/** Bulk-resolve file metadata so the receipt loop can do a single round-trip. */
async function resolveReceiptFiles(fileIds: string[]): Promise<Map<string, ResolvedFile>> {
if (fileIds.length === 0) return new Map();
const rows = await db
.select({
id: files.id,
storagePath: files.storagePath,
storageBucket: files.storageBucket,
mimeType: files.mimeType,
filename: files.filename,
})
.from(files)
.where(inArray(files.id, fileIds));
const map = new Map<string, ResolvedFile>();
for (const r of rows) {
map.set(r.id, {
fileId: r.id,
storagePath: r.storagePath,
storageBucket: r.storageBucket,
mimeType: r.mimeType,
filename: r.filename,
});
}
return map;
}
// ─── Streaming buffer helper ────────────────────────────────────────────────
/** Drain a Node ReadableStream into a Buffer. Caller is responsible for
* not holding multiple in memory simultaneously. */
async function streamToBuffer(stream: NodeJS.ReadableStream): Promise<Buffer> {
const chunks: Buffer[] = [];
for await (const chunk of stream as AsyncIterable<Buffer | string>) {
chunks.push(typeof chunk === 'string' ? Buffer.from(chunk) : chunk);
}
return Buffer.concat(chunks);
}
// ─── PDF builder ────────────────────────────────────────────────────────────
/**
* Build the expense PDF and return a Web ReadableStream of bytes. The
* caller (route handler) streams this directly to the client; we never
* materialize the whole PDF in memory.
*/
export async function streamExpensePdf(
args: ExpensePdfArgs,
): Promise<{ stream: ReadableStream<Uint8Array>; suggestedFilename: string }> {
const opts: Required<
Omit<ExpensePdfOptions, 'subheader' | 'documentName' | 'pageFormat' | 'targetCurrency'>
> & {
subheader?: string;
documentName: string;
pageFormat: PageFormat;
targetCurrency: TargetCurrency;
} = {
documentName: args.options.documentName,
subheader: args.options.subheader,
groupBy: args.options.groupBy ?? 'none',
includeReceipts: args.options.includeReceipts ?? false,
includeReceiptContents: args.options.includeReceiptContents ?? false,
includeSummary: args.options.includeSummary ?? true,
includeDetails: args.options.includeDetails ?? true,
includeProcessingFee: args.options.includeProcessingFee ?? false,
targetCurrency: args.options.targetCurrency ?? 'EUR',
pageFormat: args.options.pageFormat ?? 'A4',
};
const rawRows = await fetchExpenseRows(args);
const processed = await processExpenses(rawRows, opts.targetCurrency);
const totals = computeTotals(processed, opts.targetCurrency, opts.includeProcessingFee);
// Bulk-resolve receipt file metadata (one DB round-trip vs N).
const allFileIds = processed
.flatMap((r) => r.receiptFileIds ?? [])
.filter((s): s is string => typeof s === 'string' && s.length > 0);
const filesById = opts.includeReceipts
? await resolveReceiptFiles(allFileIds)
: new Map<string, ResolvedFile>();
const dims = pageDims(opts.pageFormat);
const doc = new PDFDocument({
size: [dims.width, dims.height],
margins: { top: 60, bottom: 60, left: 60, right: 60 },
});
// Pull bytes off pdfkit's Node Readable as soon as they're available so
// the client sees the response start streaming before we even begin
// fetching receipts. Node Readable → Web ReadableStream conversion.
const nodeStream = doc as unknown as NodeJS.ReadableStream;
const webStream = Readable.toWeb(
nodeStream as unknown as Readable,
) as unknown as ReadableStream<Uint8Array>;
// Kick off the page-builder asynchronously. Errors propagate via doc.end()
// / doc.emit('error') and surface to the consumer of the stream.
void (async () => {
try {
addHeader(doc, opts);
if (opts.includeSummary) addSummaryBox(doc, totals, opts);
if (opts.includeDetails) addExpenseTable(doc, processed, opts);
if (opts.includeReceipts) {
await addReceiptPages(doc, processed, filesById, opts);
}
addFooter(doc);
doc.end();
} catch (err) {
logger.error({ err }, 'Expense PDF stream failed mid-build');
doc.emit('error', err);
}
})();
const safeName = opts.documentName.replace(/[^a-zA-Z0-9-_\s]/g, '_').trim() || 'expenses';
return {
stream: webStream,
suggestedFilename: `${safeName}.pdf`,
};
}
// ─── Page sections ──────────────────────────────────────────────────────────
function addHeader(doc: PDFKit.PDFDocument, opts: { documentName: string; subheader?: string }) {
doc
.fontSize(24)
.font('Helvetica-Bold')
.fillColor('#000000')
.text(opts.documentName, { align: 'center' });
const subheader = opts.subheader ?? `Generated on ${new Date().toLocaleDateString()}`;
doc.fontSize(12).font('Helvetica').fillColor('#666666').text(subheader, { align: 'center' });
doc.fillColor('#000000').moveDown(1);
}
function addSummaryBox(
doc: PDFKit.PDFDocument,
totals: Totals,
opts: { includeProcessingFee: boolean; groupBy: GroupBy },
) {
const sym = currencySymbol(totals.targetCurrency);
const otherSym = totals.targetCurrency === 'USD' ? '€' : '$';
const otherTotal = totals.targetCurrency === 'USD' ? totals.eurTotal : totals.usdTotal;
doc.fontSize(14).font('Helvetica-Bold').text('Summary');
doc.moveDown(0.4);
const lineY = doc.y;
const lines = [
`Total expenses: ${totals.count}`,
`Subtotal (${totals.targetCurrency}): ${sym}${totals.targetTotal.toFixed(2)}`,
`${totals.targetCurrency === 'USD' ? 'EUR' : 'USD'} equivalent: ${otherSym}${otherTotal.toFixed(2)}`,
];
if (opts.includeProcessingFee) {
lines.push(`Processing fee (5%): ${sym}${totals.processingFee.toFixed(2)}`);
lines.push(`Final total: ${sym}${totals.finalTotal.toFixed(2)}`);
}
if (opts.groupBy !== 'none') lines.push(`Grouping: by ${opts.groupBy}`);
// Warning footer when the export contains acknowledged-no-receipt rows.
// Reps need to see the at-risk count + amount BEFORE they forward the
// PDF to a reimbursement queue.
const showNoReceiptWarning = totals.noReceiptCount > 0;
const warningLines = showNoReceiptWarning
? [
`WARNING: ${totals.noReceiptCount} expense${totals.noReceiptCount === 1 ? '' : 's'} on this report ${totals.noReceiptCount === 1 ? 'has' : 'have'} no receipt attached`,
`(${sym}${totals.noReceiptAmount.toFixed(2)} at risk of being denied reimbursement).`,
]
: [];
const boxHeight = (lines.length + warningLines.length) * 16 + 20;
doc
.rect(60, lineY, doc.page.width - 120, boxHeight)
.fillColor('#f5f5f5')
.fill()
.strokeColor('#dddddd')
.stroke();
doc.fillColor('#000000').fontSize(11).font('Helvetica');
let y = lineY + 12;
for (const line of lines) {
doc.text(line, 75, y);
y += 16;
}
if (showNoReceiptWarning) {
doc.fillColor('#dc3545').font('Helvetica-Bold');
for (const line of warningLines) {
doc.text(line, 75, y);
y += 16;
}
doc.fillColor('#000000').font('Helvetica');
}
doc.y = lineY + boxHeight + 12;
}
interface Column {
header: string;
width: number;
x: number;
align?: 'left' | 'right';
}
function addExpenseTable(
doc: PDFKit.PDFDocument,
rows: ProcessedExpense[],
opts: { groupBy: GroupBy; includeReceiptContents: boolean; targetCurrency: TargetCurrency },
) {
doc.fontSize(14).font('Helvetica-Bold').text('Expense details');
doc.moveDown(0.4);
const sym = currencySymbol(opts.targetCurrency);
const baseColumns: Column[] = [
{ header: 'Date', width: 60, x: 60 },
{ header: 'Establishment', width: 110, x: 120 },
{ header: 'Category', width: 65, x: 230 },
{ header: 'Payer', width: 55, x: 295 },
{ header: 'Amount', width: 75, x: 350, align: 'right' },
{ header: 'Status', width: 50, x: 425 },
];
if (opts.includeReceiptContents) {
baseColumns.push({ header: 'Description', width: 100, x: 475 });
}
const drawHeader = () => {
doc
.fontSize(9)
.font('Helvetica-Bold')
.rect(60, doc.y, doc.page.width - 120, 22)
.fillColor('#f2f2f2')
.fill()
.strokeColor('#dddddd')
.stroke()
.fillColor('#000000');
const headerY = doc.y + 6;
for (const col of baseColumns) {
doc.text(col.header, col.x, headerY, { width: col.width, align: col.align ?? 'left' });
}
doc.y += 22;
};
const drawRow = (row: ProcessedExpense, alt: boolean) => {
if (doc.y > doc.page.height - 80) {
doc.addPage();
drawHeader();
}
const rowTop = doc.y;
if (alt) {
doc
.rect(60, rowTop, doc.page.width - 120, 20)
.fillColor('#fafafa')
.fill();
}
doc.fillColor('#000000').fontSize(8).font('Helvetica');
const date = row.expenseDate.toISOString().slice(0, 10);
const amount = `${sym}${row.amountTarget.toFixed(2)}`;
// Annotate the establishment cell with a red "(no receipt)" marker
// when the rep created the expense without proof. This keeps the
// warning glanceable per row without adding a new column.
const establishment =
(row.establishmentName ?? '-') + (row.noReceiptAcknowledged ? ' (no receipt)' : '');
const data: string[] = [
date,
establishment,
row.category ?? '-',
row.payer ?? '-',
amount,
row.paymentStatus ?? '-',
];
if (opts.includeReceiptContents) {
data.push(((row.description ?? '') || '-').slice(0, 80));
}
data.forEach((value, i) => {
const col = baseColumns[i]!;
// Draw the establishment cell in red when no-receipt; reset to
// black for everything else so warning visibility doesn't bleed.
const isWarningCell = i === 1 && row.noReceiptAcknowledged;
if (isWarningCell) doc.fillColor('#dc3545');
doc.text(value, col.x, rowTop + 6, {
width: col.width - 4,
align: col.align ?? 'left',
ellipsis: true,
});
if (isWarningCell) doc.fillColor('#000000');
});
doc.y = rowTop + 20;
};
drawHeader();
let altIndex = 0;
for (const group of groupRows(rows, opts.groupBy)) {
if (opts.groupBy !== 'none') {
if (doc.y > doc.page.height - 80) {
doc.addPage();
drawHeader();
}
const groupTotal = group.rows.reduce((s, r) => s + r.amountTarget, 0);
doc
.rect(60, doc.y, doc.page.width - 120, 20)
.fillColor('#e7f3ff')
.fill()
.strokeColor('#dddddd')
.stroke();
doc
.fillColor('#000000')
.fontSize(9)
.font('Helvetica-Bold')
.text(
`${group.key} (${group.rows.length} expense${group.rows.length === 1 ? '' : 's'}${sym}${groupTotal.toFixed(2)})`,
65,
doc.y + 5,
{ width: doc.page.width - 130 },
);
doc.y += 20;
}
for (const row of group.rows) {
drawRow(row, altIndex % 2 === 1);
altIndex += 1;
}
}
doc.moveDown(0.5);
}
async function addReceiptPages(
doc: PDFKit.PDFDocument,
rows: ProcessedExpense[],
filesById: Map<string, ResolvedFile>,
opts: { targetCurrency: TargetCurrency },
) {
const expensesWithReceipts = rows.filter(
(r) => Array.isArray(r.receiptFileIds) && r.receiptFileIds.length > 0,
);
if (expensesWithReceipts.length === 0) return;
const totalReceipts = expensesWithReceipts.reduce(
(s, r) => s + (r.receiptFileIds?.length ?? 0),
0,
);
const backend = await getStorageBackend();
const sym = currencySymbol(opts.targetCurrency);
let receiptCounter = 0;
let resizedCount = 0;
const startedAt = Date.now();
for (const expense of expensesWithReceipts) {
for (const fileId of expense.receiptFileIds ?? []) {
receiptCounter += 1;
const file = filesById.get(fileId);
if (!file) {
addReceiptErrorPage(
doc,
expense,
receiptCounter,
totalReceipts,
sym,
'Receipt file metadata missing',
);
continue;
}
let imageBuffer: Buffer | null = null;
try {
// Stream from storage → buffer. Sharp + pdfkit both need a Buffer
// (neither accepts a streaming body), so we pay one image's bytes
// per loop iteration. Released to GC after embed.
const stream = await backend.get(file.storagePath);
const raw = await streamToBuffer(stream);
const resized = await maybeResizeImage(raw, file.mimeType);
if (resized.resized) resizedCount += 1;
imageBuffer = resized.buffer;
// Page header
doc.addPage();
renderReceiptHeader(doc, expense, file, receiptCounter, totalReceipts, sym);
// Embed the image full-bleed in the remaining vertical space.
const margin = 60;
const headerBlockHeight = 110;
const imgX = margin;
const imgY = doc.y;
const imgW = doc.page.width - margin * 2;
const imgH = doc.page.height - imgY - margin;
try {
doc.image(imageBuffer, imgX, imgY, {
fit: [imgW, imgH],
align: 'center',
valign: 'center',
});
} catch (err) {
logger.warn(
{ err, fileId, mimeType: file.mimeType },
'pdfkit refused to embed receipt; falling back to error page',
);
// Replace the partial page content with an error footer; pdfkit
// doesn't allow removing already-drawn elements, so we just append
// the error message in red below.
doc
.fontSize(11)
.fillColor('#dc3545')
.text(
`Receipt could not be embedded: ${(err as Error).message}`,
imgX,
imgY + headerBlockHeight,
{ width: imgW, align: 'center' },
);
doc.fillColor('#000000');
}
} catch (err) {
logger.warn(
{ err, fileId, expenseId: expense.id, storagePath: file.storagePath },
'Receipt fetch failed; rendering placeholder page',
);
addReceiptErrorPage(
doc,
expense,
receiptCounter,
totalReceipts,
sym,
(err as Error).message ?? 'Receipt could not be loaded from storage',
);
} finally {
// Release the buffer reference so V8 can reclaim it before the
// next iteration. Without this, the closure could pin the last
// image until the loop fully completes.
imageBuffer = null;
}
}
}
logger.info(
{
totalReceipts,
resized: resizedCount,
elapsedMs: Date.now() - startedAt,
},
'Expense PDF receipt pages built',
);
}
function renderReceiptHeader(
doc: PDFKit.PDFDocument,
expense: ProcessedExpense,
file: ResolvedFile,
index: number,
total: number,
sym: string,
) {
const margin = 60;
const headerH = 90;
doc
.rect(margin, doc.y, doc.page.width - margin * 2, headerH)
.fillColor('#f8f9fa')
.fill()
.strokeColor('#dee2e6')
.stroke();
doc.fillColor('#000000');
doc
.fontSize(14)
.font('Helvetica-Bold')
.text(`Receipt ${index} of ${total}`, margin + 10, doc.y - headerH + 10);
doc
.fontSize(11)
.font('Helvetica-Bold')
.text(
`${expense.establishmentName ?? '—'} ${sym}${expense.amountTarget.toFixed(2)}`,
margin + 10,
doc.y + 4,
);
doc
.fontSize(9)
.font('Helvetica')
.fillColor('#666666')
.text(
`Date: ${expense.expenseDate.toISOString().slice(0, 10)} · Payer: ${expense.payer ?? '—'} · Category: ${expense.category ?? '—'} · File: ${file.filename}`,
margin + 10,
doc.y + 4,
{ width: doc.page.width - margin * 2 - 20 },
);
doc.fillColor('#000000');
// Reset cursor to below the header block.
const margin2 = 60;
doc.y = doc.y + Math.max(headerH - 50, 20);
void margin2;
}
function addReceiptErrorPage(
doc: PDFKit.PDFDocument,
expense: ProcessedExpense,
index: number,
total: number,
sym: string,
message: string,
) {
doc.addPage();
doc.fontSize(14).font('Helvetica-Bold').text(`Receipt ${index} of ${total}`, { align: 'center' });
doc
.fontSize(11)
.font('Helvetica')
.text(`${expense.establishmentName ?? '—'} ${sym}${expense.amountTarget.toFixed(2)}`, {
align: 'center',
});
doc.moveDown(2);
doc.fontSize(11).fillColor('#dc3545').text(message, { align: 'center' });
doc.fillColor('#000000');
}
function addFooter(doc: PDFKit.PDFDocument) {
doc.fontSize(9).fillColor('#666666');
const range = doc.bufferedPageRange();
for (let i = range.start; i < range.start + range.count; i += 1) {
doc.switchToPage(i);
doc.text(`Page ${i + 1} of ${range.count}`, 60, doc.page.height - 30, {
align: 'right',
width: doc.page.width - 120,
});
doc.text(
`Generated ${new Date().toISOString().slice(0, 19).replace('T', ' ')} UTC`,
60,
doc.page.height - 30,
{
align: 'left',
width: doc.page.width - 120,
},
);
}
doc.fillColor('#000000');
}

1
src/lib/services/expenses.ts
View File

@@ -107,6 +107,7 @@ export async function createExpense(portId: string, data: CreateExpenseInput, me
expenseDate: data.expenseDate,
description: data.description,
receiptFileIds: data.receiptFileIds ?? [],
noReceiptAcknowledged: data.noReceiptAcknowledged ?? false,
paymentStatus: data.paymentStatus,
paymentDate: data.paymentDate ?? null,
paymentReference: data.paymentReference ?? null,

68
src/lib/validators/expenses.ts
View File

@@ -2,7 +2,12 @@ import { z } from 'zod';
import { baseListQuerySchema } from '@/lib/api/route-helpers';
import { EXPENSE_CATEGORIES, PAYMENT_METHODS } from '@/lib/constants';
export const createExpenseSchema = z.object({
/**
* Inner-shape ZodObject — kept exported (without .refine wrapping) so
* `updateExpenseSchema` can still call `.partial()`. The `.refine()` rule
* for "receipt or acknowledgement" is applied via `createExpenseSchema`.
*/
export const createExpenseShape = z.object({
establishmentName: z.string().max(200).optional(),
amount: z.coerce.number().positive(),
currency: z.string().length(3).default('USD'),
@@ -12,13 +17,33 @@ export const createExpenseSchema = z.object({
expenseDate: z.coerce.date(),
description: z.string().max(2000).optional(),
receiptFileIds: z.array(z.string()).optional(),
/**
* Set to `true` when the rep deliberately creates an expense without a
* receipt. The UI shows a non-blocking warning that surfaces both at
* creation time and again in the PDF export. Without this flag, the
* server rejects an expense submitted with no `receiptFileIds` so reps
* can't accidentally lose-receipt by mistake.
*/
noReceiptAcknowledged: z.boolean().optional().default(false),
paymentStatus: z.enum(['unpaid', 'paid', 'partial']).default('unpaid'),
paymentDate: z.string().optional(),
paymentReference: z.string().optional(),
paymentNotes: z.string().optional(),
});
export const updateExpenseSchema = createExpenseSchema.partial();
export const createExpenseSchema = createExpenseShape.refine(
(v) => (v.receiptFileIds && v.receiptFileIds.length > 0) || v.noReceiptAcknowledged === true,
{
message:
'Receipt required. Tick "I have no receipt for this expense" if you understand it may not be reimbursed.',
path: ['receiptFileIds'],
},
);
// Update accepts partial fields and skips the create-time receipt-or-ack
// rule (the row already exists and may legitimately be edited without
// touching receipts).
export const updateExpenseSchema = createExpenseShape.partial();
export const listExpensesSchema = baseListQuerySchema.extend({
category: z.string().optional(),
@@ -29,6 +54,45 @@ export const listExpensesSchema = baseListQuerySchema.extend({
payer: z.string().optional(),
});
/**
* Body for `POST /api/v1/expenses/export/pdf`. Mirrors the legacy
* `PDFOptions` shape from the Nuxt client-portal so reps can re-use the
* same mental model. `expenseIds` selects an explicit subset; when
* absent, the listExpenses-style filter is used to gather rows.
*
* Limits are deliberate:
* - max 1000 expenseIds so a runaway selection can't queue an OOM-able
* receipt-fetch loop (see expense-pdf.service.ts).
* - documentName is sanitized at the service layer for the filename;
* the validator only enforces a sane upper bound.
*/
export const exportExpensePdfSchema = z.object({
expenseIds: z.array(z.string()).max(1000).optional(),
filter: z
.object({
dateFrom: z.string().optional().nullable(),
dateTo: z.string().optional().nullable(),
category: z.string().optional().nullable(),
paymentStatus: z.string().optional().nullable(),
payer: z.string().optional().nullable(),
includeArchived: z.boolean().optional(),
})
.optional(),
options: z.object({
documentName: z.string().min(1).max(200),
subheader: z.string().max(300).optional(),
groupBy: z.enum(['none', 'payer', 'category', 'date']).default('none'),
includeReceipts: z.boolean().default(false),
includeReceiptContents: z.boolean().default(false),
includeSummary: z.boolean().default(true),
includeDetails: z.boolean().default(true),
includeProcessingFee: z.boolean().default(false),
targetCurrency: z.enum(['USD', 'EUR']).default('EUR'),
pageFormat: z.enum(['A4', 'Letter', 'Legal']).default('A4'),
}),
});
export type CreateExpenseInput = z.infer<typeof createExpenseSchema>;
export type UpdateExpenseInput = z.infer<typeof updateExpenseSchema>;
export type ListExpensesInput = z.infer<typeof listExpensesSchema>;
export type ExportExpensePdfInput = z.infer<typeof exportExpensePdfSchema>;