feat(supplemental-info): pre-EOI public form flow
Lets a sales rep send a client a one-shot link to fill out the information we need before drafting the EOI (intent, dimensions, signatory, timeline). Token-keyed: single-use, soft-expiring, scoped to one interest + client. Public POST endpoint accepts the form submission; CRM endpoint mints tokens for rep-initiated requests; portal page renders the form for the recipient. Schema: supplemental_form_tokens table (migration 0061) with port_id + interest_id + client_id refs, unique token, consumed_at marker. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
68
src/app/api/public/supplemental-info/[token]/route.ts
Normal file
68
src/app/api/public/supplemental-info/[token]/route.ts
Normal file
@@ -0,0 +1,68 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { loadByToken, applySubmission } from '@/lib/services/supplemental-forms.service';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
|
||||
/**
|
||||
* Public — no auth. Loads the prefill data for the form. The token in
|
||||
* the URL is the only credential; rejects expired / unknown tokens with
|
||||
* 404 (deliberately conflated to avoid leaking which tokens exist).
|
||||
*/
|
||||
export async function GET(
|
||||
_req: NextRequest,
|
||||
ctx: { params: Promise<{ token: string }> },
|
||||
): Promise<NextResponse> {
|
||||
try {
|
||||
const { token } = await ctx.params;
|
||||
const data = await loadByToken(token);
|
||||
if (!data) {
|
||||
return NextResponse.json({ error: 'Link not found or expired' }, { status: 404 });
|
||||
}
|
||||
return NextResponse.json({ data });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
}
|
||||
|
||||
const submissionSchema = z.object({
|
||||
fullName: z.string().min(1).max(200),
|
||||
address: z.string().max(500).nullable().optional(),
|
||||
country: z.string().length(2).nullable().optional(),
|
||||
email: z.string().email().nullable().optional(),
|
||||
phoneE164: z
|
||||
.string()
|
||||
.regex(/^\+[1-9]\d{1,14}$/)
|
||||
.nullable()
|
||||
.optional(),
|
||||
phoneCountry: z.string().length(2).nullable().optional(),
|
||||
yachtName: z.string().max(200).nullable().optional(),
|
||||
yachtLengthFt: z.number().positive().nullable().optional(),
|
||||
yachtWidthFt: z.number().positive().nullable().optional(),
|
||||
yachtDraftFt: z.number().positive().nullable().optional(),
|
||||
});
|
||||
|
||||
export async function POST(
|
||||
req: NextRequest,
|
||||
ctx: { params: Promise<{ token: string }> },
|
||||
): Promise<NextResponse> {
|
||||
try {
|
||||
const { token } = await ctx.params;
|
||||
const body = submissionSchema.parse(await req.json());
|
||||
await applySubmission(token, {
|
||||
fullName: body.fullName,
|
||||
address: body.address ?? null,
|
||||
country: body.country ?? null,
|
||||
email: body.email ?? null,
|
||||
phoneE164: body.phoneE164 ?? null,
|
||||
phoneCountry: body.phoneCountry ?? null,
|
||||
yachtName: body.yachtName ?? null,
|
||||
yachtLengthFt: body.yachtLengthFt ?? null,
|
||||
yachtWidthFt: body.yachtWidthFt ?? null,
|
||||
yachtDraftFt: body.yachtDraftFt ?? null,
|
||||
});
|
||||
return NextResponse.json({ data: { success: true } });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user