diff --git a/package.json b/package.json index 38dd9a7..a444fba 100644 --- a/package.json +++ b/package.json @@ -87,6 +87,7 @@ "react": "^19.0.0", "react-day-picker": "^9.14.0", "react-dom": "^19.0.0", + "react-easy-crop": "^5.5.7", "react-hook-form": "^7.54.0", "recharts": "^3.8.0", "sharp": "^0.34.5", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 93eefdf..cbfc87c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -188,6 +188,9 @@ importers: react-dom: specifier: ^19.0.0 version: 19.2.4(react@19.2.4) + react-easy-crop: + specifier: ^5.5.7 + version: 5.5.7(react-dom@19.2.4(react@19.2.4))(react@19.2.4) react-hook-form: specifier: ^7.54.0 version: 7.71.2(react@19.2.4) @@ -4736,6 +4739,9 @@ packages: resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} engines: {node: '>=0.10.0'} + normalize-wheel@1.0.1: + resolution: {integrity: sha512-1OnlAPZ3zgrk8B91HyRj+eVv+kS5u+Z0SCsak6Xil/kmgEia50ga7zfkumayonZrImffAxPU/5WcyGhzetHNPA==} + notepack.io@3.0.1: resolution: {integrity: sha512-TKC/8zH5pXIAMVQio2TvVDTtPRX+DJPHDqjRbxogtFiByHyzKmy96RA0JtCQJ+WouyyL4A10xomQzgbUT+1jCg==} @@ -5317,6 +5323,12 @@ packages: peerDependencies: react: ^19.2.4 + react-easy-crop@5.5.7: + resolution: {integrity: sha512-kYo4NtMeXFQB7h1U+h5yhUkE46WQbQdq7if54uDlbMdZHdRgNehfvaFrXnFw5NR1PNoUOJIfTwLnWmEx/MaZnA==} + peerDependencies: + react: '>=16.4.0' + react-dom: '>=16.4.0' + react-fast-compare@3.2.2: resolution: {integrity: sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ==} @@ -10471,6 +10483,8 @@ snapshots: normalize-path@3.0.0: {} + normalize-wheel@1.0.1: {} + notepack.io@3.0.1: {} npm-run-path@5.3.0: @@ -11188,6 +11202,13 @@ snapshots: react: 19.2.4 scheduler: 0.27.0 + react-easy-crop@5.5.7(react-dom@19.2.4(react@19.2.4))(react@19.2.4): + dependencies: + normalize-wheel: 1.0.1 + react: 19.2.4 + react-dom: 19.2.4(react@19.2.4) + tslib: 2.8.1 + react-fast-compare@3.2.2: {} react-grab@0.1.32(react@19.2.4): diff --git a/scripts/test-currency-api.ts b/scripts/test-currency-api.ts new file mode 100644 index 0000000..a829562 --- /dev/null +++ b/scripts/test-currency-api.ts @@ -0,0 +1,42 @@ +/** + * Quick verification: live Frankfurter API → DB upsert → getRate read. + * Run with `pnpm tsx scripts/test-currency-api.ts`. + */ +import { refreshRates, getRate, convert } from '@/lib/services/currency'; + +async function main() { + console.log('1. Fetching live rates from Frankfurter…'); + await refreshRates(); + + console.log('2. Reading round-trip rates from DB:'); + const usdEur = await getRate('USD', 'EUR'); + const eurUsd = await getRate('EUR', 'USD'); + const usdGbp = await getRate('USD', 'GBP'); + const eurGbp = await getRate('EUR', 'GBP'); + const usdUsd = await getRate('USD', 'USD'); + + console.log(` USD→EUR: ${usdEur}`); + console.log(` EUR→USD: ${eurUsd}`); + console.log(` USD→GBP: ${usdGbp}`); + console.log(` EUR→GBP: ${eurGbp ?? '(no direct row, expected)'}`); + console.log(` USD→USD: ${usdUsd}`); + + console.log('3. Convert sample amounts:'); + const c1 = await convert(1000, 'USD', 'EUR'); + console.log(` $1000 → ${c1?.result} EUR @ ${c1?.rate}`); + const c2 = await convert(500, 'EUR', 'USD'); + console.log(` €500 → $${c2?.result} @ ${c2?.rate}`); + + // Sanity: EUR→USD should be ≈ 1 / (USD→EUR), within rounding + if (usdEur && eurUsd) { + const drift = Math.abs(eurUsd - 1 / usdEur); + console.log(`4. Inverse-rate drift: ${drift.toFixed(6)} (≤0.001 = healthy)`); + } + + process.exit(0); +} + +main().catch((err) => { + console.error('Currency test failed:', err); + process.exit(1); +}); diff --git a/src/app/(dashboard)/[portSlug]/admin/ai/page.tsx b/src/app/(dashboard)/[portSlug]/admin/ai/page.tsx new file mode 100644 index 0000000..33fbf67 --- /dev/null +++ b/src/app/(dashboard)/[portSlug]/admin/ai/page.tsx @@ -0,0 +1,135 @@ +import Link from 'next/link'; +import { Bot, Receipt, FileText, Brain, ExternalLink } from 'lucide-react'; + +import { + SettingsFormCard, + type SettingFieldDef, +} from '@/components/admin/shared/settings-form-card'; +import { PageHeader } from '@/components/shared/page-header'; +import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; + +const MASTER_FIELDS: SettingFieldDef[] = [ + { + key: 'ai_enabled', + label: 'AI features enabled', + description: + 'Master switch. When OFF, every AI surface (receipt OCR fallback, berth-PDF AI parse, future embedding-driven recommendations) is bypassed. Provider keys stay configured but unused.', + type: 'boolean', + defaultValue: true, + }, + { + key: 'ai_monthly_token_cap', + label: 'Monthly token cap (this port)', + description: + 'Soft cap on total AI tokens consumed per calendar month across every feature. When exceeded, AI features fall back to non-AI paths and surface a banner. Set 0 for no cap.', + type: 'number', + defaultValue: 0, + }, +]; + +const PROVIDER_FIELDS: SettingFieldDef[] = [ + { + key: 'openai_api_key', + label: 'OpenAI API key', + description: + 'Used by Receipt OCR fallback and (future) berth-PDF AI parse. Stored AES-encrypted at rest; the field shows blank after save.', + type: 'password', + placeholder: 'sk-…', + defaultValue: '', + }, + { + key: 'openai_default_model', + label: 'Default OpenAI model', + description: 'Used when a feature does not specify an explicit model.', + type: 'select', + defaultValue: 'gpt-4o-mini', + options: [ + { value: 'gpt-4o-mini', label: 'gpt-4o-mini — cheap, fast, vision-capable' }, + { value: 'gpt-4o', label: 'gpt-4o — full-strength multimodal' }, + { value: 'gpt-4-turbo', label: 'gpt-4-turbo — legacy text reasoning' }, + ], + }, +]; + +interface FeatureLink { + href: string; + icon: typeof Bot; + title: string; + description: string; +} + +const FEATURE_LINKS: FeatureLink[] = [ + { + href: '../ocr', + icon: Receipt, + title: 'Receipt OCR settings', + description: + 'Provider, model, and confidence thresholds for the receipt scanner. AI fallback only runs when the on-device parser is uncertain.', + }, + { + href: '../berth-pdf-parser', + icon: FileText, + title: 'Berth PDF parser', + description: + 'Three-tier AcroForm → OCR → AI pipeline. The AI pass costs tokens; reps invoke it manually when OCR confidence is low.', + }, + { + href: '../recommender', + icon: Brain, + title: 'Berth recommender', + description: + 'Rule-based today; future versions will optionally use embeddings for soft preference matching. AI use is gated by the master switch above.', + }, +]; + +export default function AiAdminPage() { + return ( +
+ + + + + + + + + + Per-feature settings + + + Feature-specific tuning lives on each feature's admin page. They all read the + master switch + provider credentials configured above. + + + + {FEATURE_LINKS.map((f) => ( + +
+ + {f.title} + +
+

{f.description}

+ + ))} + + +
+ ); +} diff --git a/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx b/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx index 9181433..465cb8b 100644 --- a/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/backup/page.tsx @@ -1,65 +1,15 @@ +import { BackupAdminPanel } from '@/components/admin/backup-admin-panel'; import { PageHeader } from '@/components/shared/page-header'; -import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; export default function BackupManagementPage() { return ( -
+
- -
- - - Current backup posture - - Database snapshots run outside the app — there is no in-app trigger yet. - - - -

- PostgreSQL: snapshotted by the platform’s nightly{' '} - pg_dump job. Retention is set at the infrastructure layer (see{' '} - docs/operations/ if a runbook exists). Restores are manual. -

-

- Object storage: when{' '} - system_settings.storage_backend = ‘s3’, the bucket is - versioned by the provider. When the filesystem backend is in use, the host’s - snapshot policy is the only safety net — switch to s3 before relying on point-in-time - recovery. -

-

- Redis / queue state: ephemeral. Failed jobs sit on the{' '} - removeOnFail retention window (7 days) and then disappear. Anything - durable belongs in PostgreSQL. -

- - - - - - What this page will become - Planned admin surface, prioritised in upcoming work. - - -
    -
  • List recent snapshot files with timestamp, size, and origin (cron vs manual).
    • -
  • “Take backup now” button that enqueues a maintenance job.
    • -
  • - Per-port logical export (“give me everything for port-nimara”) for - compliance. -
    • -
  • Restore preview that shows row-counts that would change before commit.
    • -
  • GDPR per-client export bundled here.
    • -
-

- Until this lands, treat ops/devops as the source of truth for backup state. -

- - -
+
); } diff --git a/src/app/(dashboard)/[portSlug]/admin/branding/page.tsx b/src/app/(dashboard)/[portSlug]/admin/branding/page.tsx index aaca5f0..19bebc6 100644 --- a/src/app/(dashboard)/[portSlug]/admin/branding/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/branding/page.tsx @@ -4,6 +4,28 @@ import { } from '@/components/admin/shared/settings-form-card'; import { PageHeader } from '@/components/shared/page-header'; +const DEFAULT_EMAIL_HEADER_HTML = ` + + + + +
+ + Your brand name + +
`; + +const DEFAULT_EMAIL_FOOTER_HTML = ` + + + + +
+ © ${new Date().getFullYear()} Your Company · + Visit our website · + hello@example.com +
`; + const FIELDS: SettingFieldDef[] = [ { key: 'branding_app_name', @@ -15,11 +37,11 @@ const FIELDS: SettingFieldDef[] = [ }, { key: 'branding_logo_url', - label: 'Logo URL', + label: 'Logo', description: - 'Public HTTPS URL of the logo used in email headers and the branded auth shell. Recommended size: 240×80 PNG with transparent background.', - type: 'string', - placeholder: 'https://example.com/logo.png', + 'Used in email headers and the branded auth shell. Recommended: square PNG with transparent background.', + type: 'image-upload', + imageAspect: 1, defaultValue: '', }, { @@ -32,9 +54,11 @@ const FIELDS: SettingFieldDef[] = [ { key: 'branding_email_header_html', label: 'Email header HTML', - description: 'Optional HTML rendered above each email body. Leave blank to use the default.', + description: + 'Optional HTML rendered above each email body. Leave blank to use the default. Tap "Insert default" to start from the baseline template.', type: 'html', defaultValue: '', + defaultTemplate: DEFAULT_EMAIL_HEADER_HTML, }, { key: 'branding_email_footer_html', @@ -42,6 +66,7 @@ const FIELDS: SettingFieldDef[] = [ description: 'Optional HTML rendered at the very bottom of each email (above the signature).', type: 'html', defaultValue: '', + defaultTemplate: DEFAULT_EMAIL_FOOTER_HTML, }, ]; diff --git a/src/app/(dashboard)/[portSlug]/admin/documenso/page.tsx b/src/app/(dashboard)/[portSlug]/admin/documenso/page.tsx index 6639845..20424d1 100644 --- a/src/app/(dashboard)/[portSlug]/admin/documenso/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/documenso/page.tsx @@ -21,6 +21,55 @@ const API_FIELDS: SettingFieldDef[] = [ type: 'password', defaultValue: '', }, + { + key: 'documenso_api_version_override', + label: 'API version', + description: + 'Which Documenso REST API to call against this port. v1 supports Documenso 1.x (per-field PIXEL placement, /api/v1/templates and /api/v1/documents). v2 unlocks the envelope/embed endpoints introduced in Documenso 2.x. Use the test-connection button below after switching to confirm the chosen version actually works against this port’s instance.', + type: 'select', + options: [ + { value: 'v1', label: 'v1 — Documenso 1.x (legacy stable)' }, + { value: 'v2', label: 'v2 — Documenso 2.x (envelope + embedded signing)' }, + ], + defaultValue: 'v1', + }, +]; + +const SIGNER_FIELDS: SettingFieldDef[] = [ + { + key: 'documenso_developer_name', + label: 'Developer signer — name', + description: + 'The party who signs after the client (typically the marina developer or owner). Used as the static "developer" recipient in templated documents (EOI). Was hardcoded as "David Mizrahi" in the legacy single-tenant system.', + type: 'string', + placeholder: 'David Mizrahi', + defaultValue: '', + }, + { + key: 'documenso_developer_email', + label: 'Developer signer — email', + description: 'Email used to send the developer signing request via Documenso.', + type: 'string', + placeholder: 'dm@portnimara.com', + defaultValue: '', + }, + { + key: 'documenso_approver_name', + label: 'Approver — name', + description: + 'The final approver who signs after the developer (typically a sales/legal lead). Was hardcoded as "Abbie May" in the legacy system.', + type: 'string', + placeholder: 'Abbie May', + defaultValue: '', + }, + { + key: 'documenso_approver_email', + label: 'Approver — email', + description: 'Email used to route the final approval signing request.', + type: 'string', + placeholder: 'sales@portnimara.com', + defaultValue: '', + }, ]; const EOI_FIELDS: SettingFieldDef[] = [ @@ -44,6 +93,51 @@ const EOI_FIELDS: SettingFieldDef[] = [ ], defaultValue: 'documenso-template', }, + { + key: 'eoi_send_mode', + label: 'Initial signing-invitation email behaviour', + description: + 'Auto = the system sends our branded "please sign" email immediately when an EOI/contract/reservation is generated. Manual = the document is generated and the signing URL appears in the UI; a rep clicks "Send invitation" to dispatch. Auto is the lower-friction option for high-volume teams; manual lets reps review before sending. Applies to all document types, not just EOI.', + type: 'select', + options: [ + { value: 'manual', label: 'Manual (rep clicks Send after generation)' }, + { value: 'auto', label: 'Auto (send branded email on generate)' }, + ], + defaultValue: 'manual', + }, +]; + +const CONTRACT_RESERVATION_FIELDS: SettingFieldDef[] = [ + { + key: 'documenso_contract_template_id', + label: 'Contract Documenso template ID (optional)', + description: + 'Numeric template ID for sales contract generation. Leave blank to use the per-deal upload-and-place-fields flow instead (the typical path for contracts, since they are usually drafted custom per client).', + type: 'string', + placeholder: '', + defaultValue: '', + }, + { + key: 'documenso_reservation_template_id', + label: 'Reservation agreement Documenso template ID (optional)', + description: + 'Numeric template ID for reservation agreements. Same logic — leave blank to upload per deal.', + type: 'string', + placeholder: '', + defaultValue: '', + }, +]; + +const EMBED_FIELDS: SettingFieldDef[] = [ + { + key: 'embedded_signing_host', + label: 'Embedded signing host', + description: + "Origin of the public site that hosts the embedded Documenso signing pages. Outbound emails wrap raw Documenso signing URLs into {host}/sign// so clients sign on your branded page rather than Documenso's domain. Leave blank to fall back to the app URL. Marketing-website pattern: https://portnimara.com", + type: 'string', + placeholder: 'https://portnimara.com', + defaultValue: '', + }, ]; export default function DocumensoSettingsPage() { @@ -51,7 +145,7 @@ export default function DocumensoSettingsPage() {
} /> + + + + + +
); } diff --git a/src/app/(dashboard)/[portSlug]/admin/onboarding/page.tsx b/src/app/(dashboard)/[portSlug]/admin/onboarding/page.tsx index 0c1956e..97cde9d 100644 --- a/src/app/(dashboard)/[portSlug]/admin/onboarding/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/onboarding/page.tsx @@ -1,114 +1,14 @@ -import Link from 'next/link'; - +import { OnboardingChecklist } from '@/components/admin/onboarding-checklist'; import { PageHeader } from '@/components/shared/page-header'; -import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; - -interface ChecklistItem { - href: string; - label: string; - description: string; -} - -const CHECKLIST: ChecklistItem[] = [ - { - href: 'branding', - label: 'Set port name, logo, primary colour', - description: 'Branding flows into the navbar, emails, and EOI PDFs.', - }, - { - href: 'email', - label: 'Configure outgoing email', - description: - 'From-address, signature, footer, plus per-port SMTP overrides if you don’t use the global account.', - }, - { - href: 'documenso', - label: 'Connect Documenso for EOIs', - description: - 'API credentials and the EOI template id, plus the in-app vs Documenso pathway choice.', - }, - { - href: 'settings', - label: 'Tune business rules + recommender weights', - description: - 'Pipeline weights, net-10 discount, berth recommender knobs (heat weights, fall-through policy).', - }, - { - href: 'roles', - label: 'Create roles & assign users', - description: 'Per-port roles inherit from the global system roles; override permissions here.', - }, - { - href: 'invitations', - label: 'Invite the rest of the team', - description: - 'Invitations track pending, expired, and accepted state and can be resent or revoked.', - }, - { - href: 'tags', - label: 'Define starter tags', - description: 'Color-coded labels used across clients, yachts, companies, and interests.', - }, - { - href: 'forms', - label: 'Wire the website intake forms', - description: - 'Inquiry forms on the marketing site dual-write into the CRM via /api/public/website-inquiries.', - }, -]; export default function OnboardingPage() { return (
- - - - Setup checklist - - Work through these in order. The future onboarding wizard will track progress per port; - for now this is a guided index. - - - -
    - {CHECKLIST.map((item, idx) => ( -
  1. - - {idx + 1} - -
    - - {item.label} - -

    {item.description}

    -
    -
    2. - ))} -
- - - - - - What this page will become - - A guided wizard that walks per-port admins through the same steps with progress - tracking. - - - - The wizard will record completion per port in system_settings, gate the - public marketing-site cutover until required steps are done, and surface a banner on the - dashboard when onboarding is incomplete. - - +
); } diff --git a/src/app/(dashboard)/[portSlug]/admin/page.tsx b/src/app/(dashboard)/[portSlug]/admin/page.tsx index 71b01f9..f624243 100644 --- a/src/app/(dashboard)/[portSlug]/admin/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/page.tsx @@ -231,10 +231,17 @@ const GROUPS: AdminGroup[] = [ title: 'Integrations', description: 'Third-party providers wired into the app.', sections: [ + { + href: 'ai', + label: 'AI configuration', + description: + 'Master switch + provider credentials shared by every AI surface (OCR, berth-PDF parser, future recommender embeddings).', + icon: ScrollText, + }, { href: 'ocr', - label: 'Receipt OCR', - description: 'Configure the AI provider used by the mobile receipt scanner.', + label: 'Receipt OCR (per-feature)', + description: 'Provider, model, and confidence thresholds for the receipt scanner.', icon: ScrollText, }, { @@ -243,6 +250,13 @@ const GROUPS: AdminGroup[] = [ description: 'Per-port Umami URL, API token, and Website ID.', icon: Globe, }, + { + href: 'residential-stages', + label: 'Residential pipeline stages', + description: + 'Configure stages residential interests flow through. Removing a stage with active interests prompts for reassignment.', + icon: ScrollText, + }, ], }, ]; diff --git a/src/app/(dashboard)/[portSlug]/admin/reminders/page.tsx b/src/app/(dashboard)/[portSlug]/admin/reminders/page.tsx index af70669..d888af5 100644 --- a/src/app/(dashboard)/[portSlug]/admin/reminders/page.tsx +++ b/src/app/(dashboard)/[portSlug]/admin/reminders/page.tsx @@ -44,9 +44,8 @@ const DIGEST_FIELDS: SettingFieldDef[] = [ { key: 'reminder_digest_timezone', label: 'Digest timezone', - description: 'IANA timezone name used to interpret the delivery time (e.g. Europe/Warsaw).', - type: 'string', - placeholder: 'Europe/Warsaw', + description: 'IANA timezone name used to interpret the delivery time.', + type: 'timezone', defaultValue: 'Europe/Warsaw', }, ]; diff --git a/src/app/(dashboard)/[portSlug]/admin/residential-stages/page.tsx b/src/app/(dashboard)/[portSlug]/admin/residential-stages/page.tsx new file mode 100644 index 0000000..063d74e --- /dev/null +++ b/src/app/(dashboard)/[portSlug]/admin/residential-stages/page.tsx @@ -0,0 +1,15 @@ +import { ResidentialStagesAdmin } from '@/components/admin/residential-stages-admin'; +import { PageHeader } from '@/components/shared/page-header'; + +export default function ResidentialStagesPage() { + return ( +
+ + +
+ ); +} diff --git a/src/app/api/ready/route.ts b/src/app/api/ready/route.ts index f193d62..34d826c 100644 --- a/src/app/api/ready/route.ts +++ b/src/app/api/ready/route.ts @@ -3,15 +3,14 @@ import { sql } from 'drizzle-orm'; import { db } from '@/lib/db'; import { redis } from '@/lib/redis'; -import { minioClient } from '@/lib/minio'; -import { env } from '@/lib/env'; +import { getStorageBackend } from '@/lib/storage'; type CheckStatus = 'ok' | 'error'; interface ReadyChecks { postgres: CheckStatus; redis: CheckStatus; - minio: CheckStatus; + storage: CheckStatus; } interface ReadyResponse { @@ -21,7 +20,7 @@ interface ReadyResponse { } /** - * Readiness probe - verifies that every backing service this process + * Readiness probe — verifies that every backing service this process * needs to serve traffic is reachable. A 503 should drop the pod from the * load balancer until the next probe succeeds; it should not trigger a * pod restart (that's what `/api/health` is for). @@ -29,7 +28,9 @@ interface ReadyResponse { * Checks: * - postgres: `SELECT 1` against the primary * - redis: `PING` - * - minio: `bucketExists()` + * - storage: HEAD on a sentinel key via the active storage backend + * (S3 or filesystem). Health-checks whichever backend + * this port is configured for, not always MinIO. * * Documenso + SMTP are intentionally not probed here: they're optional * integrations, and each tenant configures its own credentials. A @@ -40,7 +41,7 @@ export async function GET(): Promise> { const checks: ReadyChecks = { postgres: 'error', redis: 'error', - minio: 'error', + storage: 'error', }; await Promise.allSettled([ @@ -62,14 +63,17 @@ export async function GET(): Promise> { checks.redis = 'error'; }), - minioClient - .bucketExists(env.MINIO_BUCKET) - .then(() => { - checks.minio = 'ok'; - }) - .catch(() => { - checks.minio = 'error'; - }), + (async () => { + try { + const backend = await getStorageBackend(); + // head() returns null for a missing object (both backends); + // the connection itself succeeding is what counts. + await backend.head('__health_probe__'); + checks.storage = 'ok'; + } catch { + checks.storage = 'error'; + } + })(), ]); const allReady = Object.values(checks).every((s) => s === 'ok'); diff --git a/src/app/api/v1/admin/backup/[id]/download/route.ts b/src/app/api/v1/admin/backup/[id]/download/route.ts new file mode 100644 index 0000000..2948e33 --- /dev/null +++ b/src/app/api/v1/admin/backup/[id]/download/route.ts @@ -0,0 +1,18 @@ +import { NextResponse } from 'next/server'; + +import { requireSuperAdmin, withAuth } from '@/lib/api/helpers'; +import { errorResponse, NotFoundError } from '@/lib/errors'; +import { getBackupDownloadUrl } from '@/lib/services/backup.service'; + +export const GET = withAuth(async (_req, ctx, params) => { + try { + requireSuperAdmin(ctx, 'admin.backup.download'); + const id = params.id; + if (!id) throw new NotFoundError('Backup'); + const url = await getBackupDownloadUrl(id); + if (!url) throw new NotFoundError('Backup'); + return NextResponse.json({ data: { url } }); + } catch (error) { + return errorResponse(error); + } +}); diff --git a/src/app/api/v1/admin/backup/route.ts b/src/app/api/v1/admin/backup/route.ts new file mode 100644 index 0000000..3ef8cf0 --- /dev/null +++ b/src/app/api/v1/admin/backup/route.ts @@ -0,0 +1,28 @@ +import { NextResponse } from 'next/server'; + +import { requireSuperAdmin, withAuth } from '@/lib/api/helpers'; +import { errorResponse } from '@/lib/errors'; +import { listBackupJobs, runBackup } from '@/lib/services/backup.service'; + +export const runtime = 'nodejs'; + +export const GET = withAuth(async (_req, ctx) => { + try { + requireSuperAdmin(ctx, 'admin.backup.list'); + const jobs = await listBackupJobs(); + return NextResponse.json({ data: jobs }); + } catch (error) { + return errorResponse(error); + } +}); + +/** Trigger a fresh manual backup. Super-admin only. */ +export const POST = withAuth(async (_req, ctx) => { + try { + requireSuperAdmin(ctx, 'admin.backup.run'); + const result = await runBackup({ trigger: 'manual', triggeredBy: ctx.userId }); + return NextResponse.json({ data: result }); + } catch (error) { + return errorResponse(error); + } +}); diff --git a/src/app/api/v1/admin/settings/image/route.ts b/src/app/api/v1/admin/settings/image/route.ts new file mode 100644 index 0000000..b154edd --- /dev/null +++ b/src/app/api/v1/admin/settings/image/route.ts @@ -0,0 +1,74 @@ +import { NextResponse } from 'next/server'; +import { eq } from 'drizzle-orm'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { db } from '@/lib/db'; +import { ports } from '@/lib/db/schema/ports'; +import { uploadFile } from '@/lib/services/files'; +import { errorResponse, ValidationError } from '@/lib/errors'; +import { env } from '@/lib/env'; + +const MAX_BYTES = 5 * 1024 * 1024; + +/** + * Image upload for branding settings (logo, email banner, etc). + * Accepts a multipart `file` (cropped JPEG/PNG/WebP from the + * ImageCropperDialog) and returns a stable URL that the settings + * form stores as a `string` value on `system_settings`. + * + * The URL points at `/api/v1/files//preview` so swapping the + * storage backend (S3 ↔ filesystem) carries the asset transparently. + */ +export const POST = withAuth( + withPermission('admin', 'manage_settings', async (req, ctx) => { + try { + const formData = await req.formData(); + const fileEntry = formData.get('file'); + if (!(fileEntry instanceof File)) { + throw new ValidationError('Missing `file` part'); + } + if (fileEntry.size === 0) { + throw new ValidationError('Empty file'); + } + if (fileEntry.size > MAX_BYTES) { + throw new ValidationError('Image exceeds 5 MB'); + } + + const port = ctx.portId + ? await db.query.ports.findFirst({ where: eq(ports.id, ctx.portId) }) + : null; + if (!port) throw new ValidationError('No active port'); + + const buffer = Buffer.from(await fileEntry.arrayBuffer()); + const record = await uploadFile( + port.id, + port.slug, + { + buffer, + originalName: fileEntry.name || 'branding.jpg', + mimeType: fileEntry.type || 'image/jpeg', + size: fileEntry.size, + }, + { + filename: `branding-${Date.now()}.jpg`, + category: 'branding', + entityType: 'port', + entityId: port.id, + }, + { + userId: ctx.userId, + portId: port.id, + ipAddress: ctx.ipAddress, + userAgent: ctx.userAgent, + }, + ); + + const baseUrl = env.APP_URL.replace(/\/+$/, ''); + const url = `${baseUrl}/api/v1/files/${record.id}/preview`; + + return NextResponse.json({ data: { fileId: record.id, url } }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/admin/storage/migrate/route.ts b/src/app/api/v1/admin/storage/migrate/route.ts index a315aed..4110da6 100644 --- a/src/app/api/v1/admin/storage/migrate/route.ts +++ b/src/app/api/v1/admin/storage/migrate/route.ts @@ -19,6 +19,7 @@ const schema = z.object({ from: z.enum(['s3', 'filesystem']), to: z.enum(['s3', 'filesystem']), dryRun: z.boolean().default(false), + skipMigration: z.boolean().optional(), }); export const runtime = 'nodejs'; diff --git a/src/app/api/v1/documents/[id]/send-invitation/route.ts b/src/app/api/v1/documents/[id]/send-invitation/route.ts new file mode 100644 index 0000000..eedabd0 --- /dev/null +++ b/src/app/api/v1/documents/[id]/send-invitation/route.ts @@ -0,0 +1,92 @@ +import { NextResponse } from 'next/server'; +import { z } from 'zod'; +import { and, asc, eq } from 'drizzle-orm'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { db } from '@/lib/db'; +import { documents, documentSigners } from '@/lib/db/schema/documents'; +import { ports } from '@/lib/db/schema/ports'; +import { + sendSigningInvitation, + type SignerRole, +} from '@/lib/services/document-signing-emails.service'; +import { getPortDocumensoConfig } from '@/lib/services/port-config'; +import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors'; + +const bodySchema = z.object({ + /** Optional — defaults to the next pending signer in signing-order. */ + recipientId: z.string().optional(), +}); + +const DOC_TYPE_LABEL: Record< + string, + 'Expression of Interest' | 'Sales Contract' | 'Reservation Agreement' +> = { + eoi: 'Expression of Interest', + contract: 'Sales Contract', + reservation_agreement: 'Reservation Agreement', +}; + +/** + * Send a branded signing-invitation email to a specific recipient + * (defaults to the next-pending signer in signing-order). Used by: + * - The auto-send path when port `eoi_send_mode = 'auto'` + * - The "Send invitation" button in the EOI/Contract tab when + * `eoi_send_mode = 'manual'` + * - The cascading-email logic on DOCUMENT_SIGNED webhooks + */ +export const POST = withAuth( + withPermission('documents', 'send_for_signing', async (req, ctx, params) => { + try { + const documentId = params.id; + if (!documentId) throw new NotFoundError('Document'); + const body = await parseBody(req, bodySchema); + + const doc = await db.query.documents.findFirst({ + where: and(eq(documents.id, documentId), eq(documents.portId, ctx.portId)), + }); + if (!doc) throw new NotFoundError('Document'); + + const signers = await db + .select() + .from(documentSigners) + .where(eq(documentSigners.documentId, documentId)) + .orderBy(asc(documentSigners.signingOrder)); + + const target = body.recipientId + ? signers.find((s) => s.id === body.recipientId) + : signers.find((s) => s.status === 'pending'); + if (!target) { + throw new ValidationError('No pending signer found to invite'); + } + if (!target.signingUrl) { + throw new ValidationError( + 'Signer has no Documenso URL yet — generate or send the document first', + ); + } + + const port = await db.query.ports.findFirst({ where: eq(ports.id, ctx.portId) }); + const docCfg = await getPortDocumensoConfig(ctx.portId); + + await sendSigningInvitation({ + portId: ctx.portId, + portName: port?.name ?? 'Port Nimara', + recipient: { name: target.signerName, email: target.signerEmail }, + documensoSigningUrl: target.signingUrl, + documentLabel: DOC_TYPE_LABEL[doc.documentType] ?? 'Expression of Interest', + signerRole: (target.signerRole as SignerRole) ?? 'client', + senderName: docCfg.developerName ?? null, + }); + + await db + .update(documentSigners) + .set({ invitedAt: new Date() }) + .where(eq(documentSigners.id, target.id)); + + return NextResponse.json({ data: { recipientId: target.id, sent: true } }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/me/avatar/route.ts b/src/app/api/v1/me/avatar/route.ts new file mode 100644 index 0000000..b48b40f --- /dev/null +++ b/src/app/api/v1/me/avatar/route.ts @@ -0,0 +1,79 @@ +import { NextResponse } from 'next/server'; +import { eq } from 'drizzle-orm'; + +import { withAuth } from '@/lib/api/helpers'; +import { db } from '@/lib/db'; +import { ports } from '@/lib/db/schema/ports'; +import { userProfiles } from '@/lib/db/schema/users'; +import { uploadFile } from '@/lib/services/files'; +import { errorResponse, ValidationError } from '@/lib/errors'; + +const MAX_AVATAR_BYTES = 2 * 1024 * 1024; + +/** + * Profile-photo upload. Accepts a multipart `file` (cropped JPEG/PNG + * from the ImageCropperDialog), persists it via the polymorphic files + * table (so an S3↔filesystem swap carries it correctly), and writes + * the file id into `user_profiles.avatar_file_id`. + * + * Files are scoped to the user's CURRENT port — the rep can't end up + * with an avatar that's only visible from one port. (Avatars render + * via the GET handler below, which presigns by id regardless of port.) + */ +export const POST = withAuth(async (req, ctx) => { + try { + const formData = await req.formData(); + const fileEntry = formData.get('file'); + if (!(fileEntry instanceof File)) { + throw new ValidationError('Missing `file` part'); + } + if (fileEntry.size === 0) { + throw new ValidationError('Empty file'); + } + if (fileEntry.size > MAX_AVATAR_BYTES) { + throw new ValidationError('Avatar exceeds 2 MB'); + } + + // Resolve the port slug for the storage path. Super-admins without + // an active port fall through to a synthetic 'global' bucket. + const port = ctx.portId + ? await db.query.ports.findFirst({ where: eq(ports.id, ctx.portId) }) + : null; + const portSlug = port?.slug ?? 'global'; + const portId = ctx.portId || port?.id || ''; + if (!portId) throw new ValidationError('No active port'); + + const buffer = Buffer.from(await fileEntry.arrayBuffer()); + const record = await uploadFile( + portId, + portSlug, + { + buffer, + originalName: fileEntry.name || 'avatar.jpg', + mimeType: fileEntry.type || 'image/jpeg', + size: fileEntry.size, + }, + { + filename: `avatar-${ctx.userId}.jpg`, + category: 'avatar', + entityType: 'user', + entityId: ctx.userId, + }, + { + userId: ctx.userId, + portId, + ipAddress: ctx.ipAddress, + userAgent: ctx.userAgent, + }, + ); + + await db + .update(userProfiles) + .set({ avatarFileId: record.id, updatedAt: new Date() }) + .where(eq(userProfiles.userId, ctx.userId)); + + return NextResponse.json({ data: { avatarFileId: record.id } }); + } catch (error) { + return errorResponse(error); + } +}); diff --git a/src/app/api/v1/me/email/cancel/[token]/route.ts b/src/app/api/v1/me/email/cancel/[token]/route.ts new file mode 100644 index 0000000..11f2f59 --- /dev/null +++ b/src/app/api/v1/me/email/cancel/[token]/route.ts @@ -0,0 +1,54 @@ +import { NextResponse } from 'next/server'; +import { and, eq, isNull } from 'drizzle-orm'; +import crypto from 'node:crypto'; + +import { db } from '@/lib/db'; +import { userEmailChanges } from '@/lib/db/schema/users'; +import { createAuditLog } from '@/lib/audit'; +import { errorResponse, ValidationError } from '@/lib/errors'; +import { env } from '@/lib/env'; + +/** + * Cancel a pending email-change. Linked from the email sent to the + * OLD address as a safety net for "I didn't ask for this" reports. + */ +export async function GET( + _req: Request, + context: { params: Promise<{ token: string }> }, +): Promise { + try { + const { token } = await context.params; + if (!token) throw new ValidationError('Missing token'); + const tokenHash = crypto.createHash('sha256').update(token).digest('hex'); + + const pending = await db.query.userEmailChanges.findFirst({ + where: and( + eq(userEmailChanges.confirmTokenHash, tokenHash), + isNull(userEmailChanges.appliedAt), + isNull(userEmailChanges.cancelledAt), + ), + }); + if (!pending) throw new ValidationError('Token is invalid or already used'); + + await db + .update(userEmailChanges) + .set({ cancelledAt: new Date() }) + .where(eq(userEmailChanges.id, pending.id)); + + void createAuditLog({ + userId: pending.userId, + portId: null, + action: 'update', + entityType: 'user_email_change', + entityId: pending.id, + newValue: { newEmail: pending.newEmail }, + metadata: { type: 'email_change_cancelled' }, + severity: 'warning', + }); + + const baseUrl = env.APP_URL.replace(/\/+$/, ''); + return NextResponse.redirect(`${baseUrl}/settings?emailChange=cancelled`); + } catch (error) { + return errorResponse(error); + } +} diff --git a/src/app/api/v1/me/email/confirm/[token]/route.ts b/src/app/api/v1/me/email/confirm/[token]/route.ts new file mode 100644 index 0000000..089324a --- /dev/null +++ b/src/app/api/v1/me/email/confirm/[token]/route.ts @@ -0,0 +1,75 @@ +import { NextResponse } from 'next/server'; +import { and, eq, isNull } from 'drizzle-orm'; +import crypto from 'node:crypto'; + +import { db } from '@/lib/db'; +import { user, userEmailChanges } from '@/lib/db/schema/users'; +import { createAuditLog } from '@/lib/audit'; +import { errorResponse, ValidationError } from '@/lib/errors'; +import { env } from '@/lib/env'; + +/** + * Public confirmation endpoint — clicked from the email sent to the + * NEW address. Applies the email change atomically and redirects the + * user back to /settings with a success flag. + * + * No auth wrapper because the email recipient may not be signed in + * (e.g. they clicked from another device). The token IS the proof. + */ +export async function GET( + _req: Request, + context: { params: Promise<{ token: string }> }, +): Promise { + try { + const { token } = await context.params; + if (!token) throw new ValidationError('Missing token'); + const tokenHash = crypto.createHash('sha256').update(token).digest('hex'); + + const pending = await db.query.userEmailChanges.findFirst({ + where: and( + eq(userEmailChanges.confirmTokenHash, tokenHash), + isNull(userEmailChanges.appliedAt), + isNull(userEmailChanges.cancelledAt), + ), + }); + if (!pending) throw new ValidationError('Token is invalid or already used'); + if (pending.expiresAt.getTime() < Date.now()) { + throw new ValidationError('Token has expired'); + } + + // Re-check uniqueness right before the swap so a race with another + // signup doesn't ship two accounts to the same email. + const conflict = await db.query.user.findFirst({ + where: eq(user.email, pending.newEmail), + }); + if (conflict && conflict.id !== pending.userId) { + throw new ValidationError('That email is already in use by another account'); + } + + await db + .update(user) + .set({ email: pending.newEmail, emailVerified: true, updatedAt: new Date() }) + .where(eq(user.id, pending.userId)); + + await db + .update(userEmailChanges) + .set({ appliedAt: new Date() }) + .where(eq(userEmailChanges.id, pending.id)); + + void createAuditLog({ + userId: pending.userId, + portId: null, + action: 'update', + entityType: 'user', + entityId: pending.userId, + oldValue: { email: pending.oldEmail }, + newValue: { email: pending.newEmail }, + metadata: { type: 'email_change_confirmed', changeId: pending.id }, + }); + + const baseUrl = env.APP_URL.replace(/\/+$/, ''); + return NextResponse.redirect(`${baseUrl}/settings?emailChange=confirmed`); + } catch (error) { + return errorResponse(error); + } +} diff --git a/src/app/api/v1/me/email/route.ts b/src/app/api/v1/me/email/route.ts new file mode 100644 index 0000000..50795f4 --- /dev/null +++ b/src/app/api/v1/me/email/route.ts @@ -0,0 +1,134 @@ +import { NextResponse } from 'next/server'; +import { z } from 'zod'; +import { eq } from 'drizzle-orm'; +import crypto from 'node:crypto'; + +import { withAuth } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { db } from '@/lib/db'; +import { user, userEmailChanges } from '@/lib/db/schema/users'; +import { createAuditLog } from '@/lib/audit'; +import { ConflictError, errorResponse, ValidationError } from '@/lib/errors'; +import { env } from '@/lib/env'; + +const updateEmailSchema = z.object({ + email: z.string().email().toLowerCase(), +}); + +const VERIFY_TOKEN_TTL_MINUTES = 60; +const REQUIRES_VERIFICATION = process.env.EMAIL_CHANGE_INSTANT !== 'true'; + +/** + * Initiate an email-change for the signed-in user. + * + * Production flow (REQUIRES_VERIFICATION=true, default): + * 1. Create a user_email_changes row with sha256(token) + * 2. Email OLD address with a cancel link + * 3. Email NEW address with a confirm link + * 4. Change applies only when /api/v1/me/email/confirm/ is called + * + * Dev shortcut (set EMAIL_CHANGE_INSTANT=true): + * - Updates user.email immediately, skipping the email round-trip. + * - Useful for local testing where SMTP isn't wired. + */ +export const PATCH = withAuth(async (req, ctx) => { + try { + const { email } = await parseBody(req, updateEmailSchema); + if (email === ctx.user.email) { + return NextResponse.json({ ok: true, unchanged: true }); + } + + // Reject if another account already owns this address. + const conflict = await db.query.user.findFirst({ where: eq(user.email, email) }); + if (conflict && conflict.id !== ctx.userId) { + throw new ConflictError('That email is already in use by another account'); + } + + if (!REQUIRES_VERIFICATION) { + // Instant change — dev only. + const [updated] = await db + .update(user) + .set({ email, emailVerified: false, updatedAt: new Date() }) + .where(eq(user.id, ctx.userId)) + .returning({ email: user.email }); + if (!updated) throw new ValidationError('Failed to update email'); + void createAuditLog({ + userId: ctx.userId, + portId: ctx.portId || null, + action: 'update', + entityType: 'user', + entityId: ctx.userId, + oldValue: { email: ctx.user.email }, + newValue: { email: updated.email }, + metadata: { type: 'email_change_instant' }, + ipAddress: ctx.ipAddress, + userAgent: ctx.userAgent, + }); + return NextResponse.json({ data: { email: updated.email, instant: true } }); + } + + // Verification flow — generate a single-use token, hash it, persist. + const rawToken = crypto.randomBytes(32).toString('base64url'); + const tokenHash = crypto.createHash('sha256').update(rawToken).digest('hex'); + const expiresAt = new Date(Date.now() + VERIFY_TOKEN_TTL_MINUTES * 60 * 1000); + + const [pending] = await db + .insert(userEmailChanges) + .values({ + userId: ctx.userId, + oldEmail: ctx.user.email, + newEmail: email, + confirmTokenHash: tokenHash, + expiresAt, + }) + .returning(); + if (!pending) throw new ValidationError('Failed to create pending email-change row'); + + const baseUrl = env.APP_URL.replace(/\/+$/, ''); + const confirmUrl = `${baseUrl}/api/v1/me/email/confirm/${rawToken}`; + const cancelUrl = `${baseUrl}/api/v1/me/email/cancel/${rawToken}`; + + try { + const { sendEmail } = await import('@/lib/email'); + await Promise.allSettled([ + sendEmail( + email, + 'Confirm your new Port Nimara CRM email address', + `

Hi,

You (or someone using your account) requested to change the sign-in email on your Port Nimara CRM account from ${ctx.user.email} to ${email}.

Click here to confirm this change — the link expires in ${VERIFY_TOKEN_TTL_MINUTES} minutes.

If you didn't request this, ignore this email.

`, + undefined, + `Confirm new email: ${confirmUrl}`, + ), + sendEmail( + ctx.user.email, + 'A change to your Port Nimara CRM email was requested', + `

Hi,

A change to your sign-in email was requested. If this wasn't you, click here to cancel the change immediately and consider rotating your password.

`, + undefined, + `Cancel email change: ${cancelUrl}`, + ), + ]); + } catch { + // Email send is best-effort; the row stays so the user can re-request. + } + + void createAuditLog({ + userId: ctx.userId, + portId: ctx.portId || null, + action: 'create', + entityType: 'user_email_change', + entityId: pending.id, + newValue: { newEmail: email }, + metadata: { type: 'email_change_requested' }, + ipAddress: ctx.ipAddress, + userAgent: ctx.userAgent, + }); + + return NextResponse.json({ + data: { + pendingChangeId: pending.id, + verificationSentTo: email, + }, + }); + } catch (error) { + return errorResponse(error); + } +}); diff --git a/src/app/api/v1/me/password-reset/route.ts b/src/app/api/v1/me/password-reset/route.ts new file mode 100644 index 0000000..993ee79 --- /dev/null +++ b/src/app/api/v1/me/password-reset/route.ts @@ -0,0 +1,30 @@ +import { NextResponse } from 'next/server'; + +import { auth } from '@/lib/auth'; +import { withAuth } from '@/lib/api/helpers'; +import { errorResponse } from '@/lib/errors'; + +/** + * Self-service password reset for the signed-in CRM user. Calls + * better-auth's forgetPassword API server-side, which generates a + * one-time reset token and dispatches the email via the + * `sendResetPassword` callback configured in src/lib/auth/index.ts. + * + * The email always goes to the user's CURRENT account email — no way + * to redirect to a different inbox here, so the endpoint is safe even + * if a session is hijacked (the attacker can't move the reset email + * to themselves). + */ +export const POST = withAuth(async (_req, ctx) => { + try { + await auth.api.requestPasswordReset({ + body: { + email: ctx.user.email, + redirectTo: '/reset-password', + }, + }); + return NextResponse.json({ ok: true }); + } catch (error) { + return errorResponse(error); + } +}); diff --git a/src/app/api/v1/residential/assignable-users/route.ts b/src/app/api/v1/residential/assignable-users/route.ts new file mode 100644 index 0000000..ca3a9cb --- /dev/null +++ b/src/app/api/v1/residential/assignable-users/route.ts @@ -0,0 +1,49 @@ +import { NextResponse } from 'next/server'; +import { and, eq, or, sql } from 'drizzle-orm'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { db } from '@/lib/db'; +import { roles, user, userPortRoles } from '@/lib/db/schema/users'; +import { errorResponse } from '@/lib/errors'; + +/** + * Returns the set of users in the current port who can be assigned a + * residential interest. A user qualifies when ANY of their port-role + * grants either: + * - role.permissions.residential_interests.view = true, OR + * - role.permissions.residential_clients.view = true, OR + * - the per-user `residentialAccess` toggle is set on this port + * + * Used by the residential-interest detail page's "Assigned to" picker. + * Returns minimal `{ id, name, email }` rows so the dropdown stays + * fast and the JSON payload doesn't leak more than the picker needs. + */ +export const GET = withAuth( + withPermission('residential_interests', 'view', async (_req, ctx) => { + try { + const rows = await db + .selectDistinct({ + id: user.id, + name: user.name, + email: user.email, + }) + .from(userPortRoles) + .innerJoin(roles, eq(roles.id, userPortRoles.roleId)) + .innerJoin(user, eq(user.id, userPortRoles.userId)) + .where( + and( + eq(userPortRoles.portId, ctx.portId), + or( + eq(userPortRoles.residentialAccess, true), + sql`${roles.permissions}->'residential_interests'->>'view' = 'true'`, + sql`${roles.permissions}->'residential_clients'->>'view' = 'true'`, + )!, + ), + ) + .orderBy(user.name); + return NextResponse.json({ data: rows }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/clients/[id]/activity/route.ts b/src/app/api/v1/residential/clients/[id]/activity/route.ts new file mode 100644 index 0000000..40ce12d --- /dev/null +++ b/src/app/api/v1/residential/clients/[id]/activity/route.ts @@ -0,0 +1,31 @@ +import { NextResponse } from 'next/server'; +import { eq, and } from 'drizzle-orm'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { db } from '@/lib/db'; +import { residentialClients } from '@/lib/db/schema/residential'; +import { loadEntityActivity } from '@/lib/services/entity-activity.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const GET = withAuth( + withPermission('residential_clients', 'view', async (_req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('residential client'); + const exists = await db + .select({ id: residentialClients.id }) + .from(residentialClients) + .where(and(eq(residentialClients.id, id), eq(residentialClients.portId, ctx.portId))) + .limit(1); + if (exists.length === 0) throw new NotFoundError('residential client'); + const data = await loadEntityActivity({ + portId: ctx.portId, + entityType: 'residential_client', + entityId: id, + }); + return NextResponse.json({ data }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/clients/[id]/notes/[noteId]/route.ts b/src/app/api/v1/residential/clients/[id]/notes/[noteId]/route.ts new file mode 100644 index 0000000..647d01a --- /dev/null +++ b/src/app/api/v1/residential/clients/[id]/notes/[noteId]/route.ts @@ -0,0 +1,36 @@ +import { NextResponse } from 'next/server'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { updateNoteSchema } from '@/lib/validators/notes'; +import * as notesService from '@/lib/services/notes.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const PATCH = withAuth( + withPermission('residential_clients', 'edit', async (req, ctx, params) => { + try { + const id = params.id; + const noteId = params.noteId; + if (!id || !noteId) throw new NotFoundError('Residential client note'); + const body = await parseBody(req, updateNoteSchema); + const note = await notesService.update(ctx.portId, 'residential_clients', id, noteId, body); + return NextResponse.json({ data: note }); + } catch (error) { + return errorResponse(error); + } + }), +); + +export const DELETE = withAuth( + withPermission('residential_clients', 'edit', async (_req, ctx, params) => { + try { + const id = params.id; + const noteId = params.noteId; + if (!id || !noteId) throw new NotFoundError('Residential client note'); + await notesService.deleteNote(ctx.portId, 'residential_clients', id, noteId); + return NextResponse.json({ ok: true }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/clients/[id]/notes/route.ts b/src/app/api/v1/residential/clients/[id]/notes/route.ts new file mode 100644 index 0000000..0309611 --- /dev/null +++ b/src/app/api/v1/residential/clients/[id]/notes/route.ts @@ -0,0 +1,40 @@ +import { NextResponse } from 'next/server'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { createNoteSchema } from '@/lib/validators/notes'; +import * as notesService from '@/lib/services/notes.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const GET = withAuth( + withPermission('residential_clients', 'view', async (_req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('Residential client'); + const notes = await notesService.listForEntity(ctx.portId, 'residential_clients', id); + return NextResponse.json({ data: notes }); + } catch (error) { + return errorResponse(error); + } + }), +); + +export const POST = withAuth( + withPermission('residential_clients', 'edit', async (req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('Residential client'); + const body = await parseBody(req, createNoteSchema); + const note = await notesService.create( + ctx.portId, + 'residential_clients', + id, + ctx.userId, + body, + ); + return NextResponse.json({ data: note }, { status: 201 }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/interests/[id]/activity/route.ts b/src/app/api/v1/residential/interests/[id]/activity/route.ts new file mode 100644 index 0000000..ad70ae8 --- /dev/null +++ b/src/app/api/v1/residential/interests/[id]/activity/route.ts @@ -0,0 +1,31 @@ +import { NextResponse } from 'next/server'; +import { eq, and } from 'drizzle-orm'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { db } from '@/lib/db'; +import { residentialInterests } from '@/lib/db/schema/residential'; +import { loadEntityActivity } from '@/lib/services/entity-activity.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const GET = withAuth( + withPermission('residential_interests', 'view', async (_req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('residential interest'); + const exists = await db + .select({ id: residentialInterests.id }) + .from(residentialInterests) + .where(and(eq(residentialInterests.id, id), eq(residentialInterests.portId, ctx.portId))) + .limit(1); + if (exists.length === 0) throw new NotFoundError('residential interest'); + const data = await loadEntityActivity({ + portId: ctx.portId, + entityType: 'residential_interest', + entityId: id, + }); + return NextResponse.json({ data }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/interests/[id]/notes/[noteId]/route.ts b/src/app/api/v1/residential/interests/[id]/notes/[noteId]/route.ts new file mode 100644 index 0000000..ca99ef5 --- /dev/null +++ b/src/app/api/v1/residential/interests/[id]/notes/[noteId]/route.ts @@ -0,0 +1,36 @@ +import { NextResponse } from 'next/server'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { updateNoteSchema } from '@/lib/validators/notes'; +import * as notesService from '@/lib/services/notes.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const PATCH = withAuth( + withPermission('residential_interests', 'edit', async (req, ctx, params) => { + try { + const id = params.id; + const noteId = params.noteId; + if (!id || !noteId) throw new NotFoundError('Residential interest note'); + const body = await parseBody(req, updateNoteSchema); + const note = await notesService.update(ctx.portId, 'residential_interests', id, noteId, body); + return NextResponse.json({ data: note }); + } catch (error) { + return errorResponse(error); + } + }), +); + +export const DELETE = withAuth( + withPermission('residential_interests', 'edit', async (_req, ctx, params) => { + try { + const id = params.id; + const noteId = params.noteId; + if (!id || !noteId) throw new NotFoundError('Residential interest note'); + await notesService.deleteNote(ctx.portId, 'residential_interests', id, noteId); + return NextResponse.json({ ok: true }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/interests/[id]/notes/route.ts b/src/app/api/v1/residential/interests/[id]/notes/route.ts new file mode 100644 index 0000000..d38bbcf --- /dev/null +++ b/src/app/api/v1/residential/interests/[id]/notes/route.ts @@ -0,0 +1,40 @@ +import { NextResponse } from 'next/server'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { createNoteSchema } from '@/lib/validators/notes'; +import * as notesService from '@/lib/services/notes.service'; +import { errorResponse, NotFoundError } from '@/lib/errors'; + +export const GET = withAuth( + withPermission('residential_interests', 'view', async (_req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('Residential interest'); + const notes = await notesService.listForEntity(ctx.portId, 'residential_interests', id); + return NextResponse.json({ data: notes }); + } catch (error) { + return errorResponse(error); + } + }), +); + +export const POST = withAuth( + withPermission('residential_interests', 'edit', async (req, ctx, params) => { + try { + const id = params.id; + if (!id) throw new NotFoundError('Residential interest'); + const body = await parseBody(req, createNoteSchema); + const note = await notesService.create( + ctx.portId, + 'residential_interests', + id, + ctx.userId, + body, + ); + return NextResponse.json({ data: note }, { status: 201 }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/api/v1/residential/stages/route.ts b/src/app/api/v1/residential/stages/route.ts new file mode 100644 index 0000000..f69fb3a --- /dev/null +++ b/src/app/api/v1/residential/stages/route.ts @@ -0,0 +1,68 @@ +import { NextResponse } from 'next/server'; +import { z } from 'zod'; + +import { withAuth, withPermission } from '@/lib/api/helpers'; +import { parseBody } from '@/lib/api/route-helpers'; +import { + findOrphanInterests, + listStages, + saveStages, + type ResidentialStage, +} from '@/lib/services/residential-stages.service'; +import { errorResponse } from '@/lib/errors'; + +export const GET = withAuth( + withPermission('residential_interests', 'view', async (_req, ctx) => { + try { + const stages = await listStages(ctx.portId); + const orphans = await findOrphanInterests( + ctx.portId, + stages.map((s) => s.id), + ); + return NextResponse.json({ data: { stages, orphans } }); + } catch (error) { + return errorResponse(error); + } + }), +); + +const stageSchema: z.ZodType = z.object({ + id: z + .string() + .min(1) + .max(50) + .regex(/^[a-z0-9_]+$/, 'lowercase letters, digits, underscore only'), + label: z.string().min(1).max(80), + terminal: z.enum(['won', 'lost']).nullable(), +}); + +const putSchema = z.object({ + stages: z.array(stageSchema).min(1), + reassignments: z.record(z.string(), z.string()).optional(), + force: z.boolean().optional(), +}); + +export const PUT = withAuth( + withPermission('admin', 'manage_settings', async (req, ctx) => { + try { + const body = await parseBody(req, putSchema); + await saveStages( + { + portId: ctx.portId, + stages: body.stages, + reassignments: body.reassignments, + force: body.force, + }, + { + userId: ctx.userId, + portId: ctx.portId, + ipAddress: ctx.ipAddress, + userAgent: ctx.userAgent, + }, + ); + return NextResponse.json({ ok: true }); + } catch (error) { + return errorResponse(error); + } + }), +); diff --git a/src/app/globals.css b/src/app/globals.css index e0a97a9..27c3064 100644 --- a/src/app/globals.css +++ b/src/app/globals.css @@ -104,10 +104,19 @@ ); } - /* Focus ring */ - *:focus-visible { - @apply outline-none ring-2 ring-ring ring-offset-2; - } + /* + * No global focus ring. shadcn components opt in individually + * (Button uses `focus-visible:ring-1`, DropdownMenuItem uses + * `focus:bg-accent`, etc.) — that gives us a quiet, per-component + * indicator without the chunky `ring-2 + ring-offset-2` artifact + * the global rule was creating on every rounded element. + * + * Components that need a custom focus indicator (e.g. the global + * search bar's wrapper-border swap) provide their own. Bare + * focusable elements without explicit styles fall back to the + * browser's native focus indicator, which keeps keyboard navigation + * accessible without painting blue rings everywhere. + */ /* Scrollbar styling */ ::-webkit-scrollbar { diff --git a/src/components/admin/audit/audit-log-list.tsx b/src/components/admin/audit/audit-log-list.tsx index 72d3058..5a22a16 100644 --- a/src/components/admin/audit/audit-log-list.tsx +++ b/src/components/admin/audit/audit-log-list.tsx @@ -230,23 +230,30 @@ export function AuditLogList() { { accessorKey: 'action', header: 'Action', - cell: ({ row }) => ( -
- - {row.original.action} - - {row.original.severity !== 'info' && ( - - {row.original.severity} - - )} -
- ), + cell: ({ row }) => { + const verbLabel = row.original.action.replace(/_/g, ' '); + const entityLabel = row.original.entityType.replace(/_/g, ' '); + return ( +
+
+ + {verbLabel} + + {row.original.severity !== 'info' && ( + + {row.original.severity} + + )} +
+ {entityLabel} +
+ ); + }, size: 180, }, { @@ -342,7 +349,7 @@ export function AuditLogList() { setSearch(e.target.value)} @@ -440,7 +447,7 @@ export function AuditLogList() { setUserId(e.target.value)} @@ -454,7 +461,7 @@ export function AuditLogList() { setDateFrom(e.target.value)} /> @@ -467,7 +474,7 @@ export function AuditLogList() { setDateTo(e.target.value)} /> diff --git a/src/components/admin/backup-admin-panel.tsx b/src/components/admin/backup-admin-panel.tsx new file mode 100644 index 0000000..8ee44be --- /dev/null +++ b/src/components/admin/backup-admin-panel.tsx @@ -0,0 +1,208 @@ +'use client'; + +import { useEffect, useState } from 'react'; +import { Loader2, Download, Database, RefreshCw, AlertTriangle } from 'lucide-react'; +import { toast } from 'sonner'; + +import { Button } from '@/components/ui/button'; +import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; +import { + Dialog, + DialogContent, + DialogDescription, + DialogFooter, + DialogHeader, + DialogTitle, +} from '@/components/ui/dialog'; +import { apiFetch } from '@/lib/api/client'; +import { toastError } from '@/lib/api/toast-error'; + +interface BackupJob { + id: string; + status: 'pending' | 'running' | 'completed' | 'failed'; + trigger: 'manual' | 'cron'; + triggeredBy: string | null; + sizeBytes: number | null; + storagePath: string | null; + errorMessage: string | null; + startedAt: string; + completedAt: string | null; +} + +const STATUS_TONE: Record = { + pending: 'bg-muted text-muted-foreground', + running: 'bg-amber-100 text-amber-900', + completed: 'bg-emerald-100 text-emerald-900', + failed: 'bg-rose-100 text-rose-900', +}; + +function formatBytes(n: number | null): string { + if (n === null) return '—'; + if (n < 1024) return `${n} B`; + if (n < 1024 * 1024) return `${(n / 1024).toFixed(1)} KB`; + if (n < 1024 * 1024 * 1024) return `${(n / 1024 / 1024).toFixed(1)} MB`; + return `${(n / 1024 / 1024 / 1024).toFixed(2)} GB`; +} + +export function BackupAdminPanel() { + const [jobs, setJobs] = useState([]); + const [loading, setLoading] = useState(true); + const [running, setRunning] = useState(false); + const [confirmOpen, setConfirmOpen] = useState(false); + + useEffect(() => { + void load(); + }, []); + + async function load() { + setLoading(true); + try { + const res = await apiFetch<{ data: BackupJob[] }>('/api/v1/admin/backup'); + setJobs(res.data); + } finally { + setLoading(false); + } + } + + async function trigger() { + setConfirmOpen(false); + setRunning(true); + try { + const res = await apiFetch<{ + data: { id: string; status: 'completed' | 'failed'; error?: string }; + }>('/api/v1/admin/backup', { method: 'POST' }); + if (res.data.status === 'completed') { + toast.success('Backup completed'); + } else { + toast.error(`Backup failed: ${res.data.error ?? 'unknown error'}`); + } + await load(); + } catch (err) { + toastError(err); + } finally { + setRunning(false); + } + } + + async function download(id: string) { + try { + const res = await apiFetch<{ data: { url: string } }>(`/api/v1/admin/backup/${id}/download`); + const a = document.createElement('a'); + a.href = res.data.url; + a.download = `backup-${id}.dump`; + a.click(); + } catch (err) { + toastError(err); + } + } + + return ( +
+ + +
+ + + Run a backup now + + + Triggers pg_dump --format=custom against the live database and uploads + the result to the active storage backend. + +
+
+ + +
+ + + Backups land at backups/<id>.dump via{' '} + getStorageBackend().put(). Restore is intentionally not exposed in the UI — + download the .dump file and run pg_restore manually. + + + + + + History + Last 50 backup jobs. + + + {loading ? ( +
+ Loading… +
+ ) : jobs.length === 0 ? ( +

No backups yet.

+ ) : ( +
    + {jobs.map((j) => ( +
  • +
    +
    + + {j.status} + + + {new Date(j.startedAt).toLocaleString()} + + {j.trigger === 'cron' && ( + cron + )} +
    + {j.errorMessage && ( +

    {j.errorMessage}

    + )} +
    +
    + + {formatBytes(j.sizeBytes)} + + {j.status === 'completed' && ( + + )} +
    +
    • + ))} +
+ )} + + + + + + + + + Run a fresh backup now? + + + This streams the entire database through pg_dump and stores the result in + the active backend. On large databases the operation can take several minutes. The CRM + stays online throughout. + + + + + + + + +
+ ); +} diff --git a/src/components/admin/custom-fields/custom-fields-manager.tsx b/src/components/admin/custom-fields/custom-fields-manager.tsx index 3be3316..d69be89 100644 --- a/src/components/admin/custom-fields/custom-fields-manager.tsx +++ b/src/components/admin/custom-fields/custom-fields-manager.tsx @@ -11,10 +11,7 @@ import { Button } from '@/components/ui/button'; import { Badge } from '@/components/ui/badge'; import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'; import { apiFetch } from '@/lib/api/client'; -import { - CustomFieldForm, - type CustomFieldDefinition, -} from './custom-field-form'; +import { CustomFieldForm, type CustomFieldDefinition } from './custom-field-form'; // ─── Types ──────────────────────────────────────────────────────────────────── @@ -47,9 +44,7 @@ export function CustomFieldsManager() { const fetchFields = useCallback(async () => { setLoading(true); try { - const res = await apiFetch<{ data: CustomFieldDefinition[] }>( - '/api/v1/admin/custom-fields', - ); + const res = await apiFetch<{ data: CustomFieldDefinition[] }>('/api/v1/admin/custom-fields'); setFields(res.data); } finally { setLoading(false); @@ -90,16 +85,12 @@ export function CustomFieldsManager() { { accessorKey: 'fieldName', header: 'Name', - cell: ({ row }) => ( - {row.original.fieldName} - ), + cell: ({ row }) => {row.original.fieldName}, }, { accessorKey: 'fieldLabel', header: 'Label', - cell: ({ row }) => ( - {row.original.fieldLabel} - ), + cell: ({ row }) => {row.original.fieldLabel}, }, { accessorKey: 'fieldType', @@ -126,9 +117,7 @@ export function CustomFieldsManager() { accessorKey: 'sortOrder', header: 'Order', cell: ({ row }) => ( - - {row.original.sortOrder} - + {row.original.sortOrder} ), }, { @@ -136,11 +125,7 @@ export function CustomFieldsManager() { header: '', cell: ({ row }) => (
- @@ -182,6 +167,15 @@ export function CustomFieldsManager() { } /> +
+ Heads up: custom fields render in detail-page sidebars and the entity + export, but they don’t plug into core platform behaviour: search doesn’t index + them, the recommender doesn’t score on them, audit logs don’t diff them, and + merge-tokens won’t expand them in EOI/contract templates. Use them for rep-only + annotations (e.g. “Berth visit notes”, “Referral source”) — anything + load-bearing for the deal flow needs a first-class column. +
+ setActiveTab(v as EntityTab)}> {(Object.keys(TAB_LABELS) as EntityTab[]).map((tab) => ( diff --git a/src/components/admin/onboarding-checklist.tsx b/src/components/admin/onboarding-checklist.tsx new file mode 100644 index 0000000..7110d13 --- /dev/null +++ b/src/components/admin/onboarding-checklist.tsx @@ -0,0 +1,261 @@ +'use client'; + +import { useEffect, useState } from 'react'; +import Link from 'next/link'; +import { useParams } from 'next/navigation'; +import { Check, Circle, Loader2, ExternalLink } from 'lucide-react'; + +import { Button } from '@/components/ui/button'; +import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; +import { Progress } from '@/components/ui/progress'; +import { apiFetch } from '@/lib/api/client'; + +interface OnboardingStep { + id: string; + href: string; + label: string; + description: string; + /** Setting key whose presence proves the step is done. When set, the + * checkmark auto-fills from the settings list. When undefined, the + * step relies on the manual checkbox in `onboarding_status`. */ + autoCheckSettingKey?: string; + /** Override: read this many users / tags / roles from a list endpoint + * and consider the step done when count > 0. */ + autoCheckListEndpoint?: string; +} + +const STEPS: OnboardingStep[] = [ + { + id: 'branding', + href: 'branding', + label: 'Set port name, logo, primary colour', + description: 'Branding flows into the navbar, emails, EOI PDFs, and the public auth shell.', + autoCheckSettingKey: 'branding_logo_url', + }, + { + id: 'email', + href: 'email', + label: 'Configure outgoing email', + description: + 'From-address, signature, footer, plus per-port SMTP overrides if you don’t use the global account.', + autoCheckSettingKey: 'sales_email_smtp_host', + }, + { + id: 'documenso', + href: 'documenso', + label: 'Connect Documenso for EOIs', + description: + 'API credentials and the EOI template id, plus the in-app vs Documenso pathway choice.', + autoCheckSettingKey: 'documenso_api_url', + }, + { + id: 'settings', + href: 'settings', + label: 'Tune business rules + recommender weights', + description: + 'Pipeline weights, net-10 discount, berth recommender knobs (heat weights, fall-through policy).', + autoCheckSettingKey: 'recommender_top_n_default', + }, + { + id: 'roles', + href: 'roles', + label: 'Create roles & assign users', + description: 'Per-port roles inherit from system roles; override permissions here.', + autoCheckListEndpoint: '/api/v1/admin/roles', + }, + { + id: 'users', + href: 'users', + label: 'Invite the rest of the team', + description: + 'Invite users, assign roles, optionally grant residential access. Track pending vs accepted.', + autoCheckListEndpoint: '/api/v1/admin/users', + }, + { + id: 'tags', + href: 'tags', + label: 'Define starter tags', + description: 'Color-coded labels used across clients, yachts, companies, and interests.', + autoCheckListEndpoint: '/api/v1/tags/options', + }, + { + id: 'storage', + href: 'storage', + label: 'Configure storage backend', + description: + 'Verify S3/filesystem and run a test connection before going live so PDFs and avatars persist correctly.', + autoCheckSettingKey: 'storage_backend', + }, + { + id: 'forms', + href: '../', + label: 'Wire the website intake forms', + description: + 'Inquiry forms on the marketing site dual-write into the CRM via /api/public/website-inquiries. Manually mark complete when verified.', + }, +]; + +interface SettingRow { + key: string; + value: unknown; + portId: string | null; +} +interface SettingsResp { + data: { portSettings: SettingRow[]; globalSettings: SettingRow[] }; +} + +export function OnboardingChecklist() { + const params = useParams<{ portSlug: string }>(); + const portSlug = params?.portSlug ?? ''; + const [autoChecks, setAutoChecks] = useState>({}); + const [manualChecks, setManualChecks] = useState>({}); + const [loading, setLoading] = useState(true); + const [saving, setSaving] = useState(null); + + useEffect(() => { + void load(); + }, []); + + async function load() { + setLoading(true); + try { + const settings = await apiFetch('/api/v1/admin/settings'); + const all = [...settings.data.portSettings, ...settings.data.globalSettings]; + const byKey = new Map(all.map((r) => [r.key, r.value])); + + const checks: Record = {}; + const listChecks = await Promise.all( + STEPS.map(async (s) => { + if (s.autoCheckSettingKey) { + const v = byKey.get(s.autoCheckSettingKey); + return [s.id, v !== undefined && v !== null && v !== '' && v !== false] as const; + } + if (s.autoCheckListEndpoint) { + try { + const res = await apiFetch<{ data: unknown[] }>(s.autoCheckListEndpoint); + return [s.id, Array.isArray(res.data) && res.data.length > 0] as const; + } catch { + return [s.id, false] as const; + } + } + return [s.id, false] as const; + }), + ); + for (const [id, done] of listChecks) checks[id] = done; + setAutoChecks(checks); + + // Pull the manual-checkbox state from system_settings. + const manual = (byKey.get('onboarding_manual_status') ?? {}) as Record; + setManualChecks(manual); + } finally { + setLoading(false); + } + } + + async function toggleManual(id: string) { + const next = { ...manualChecks, [id]: !manualChecks[id] }; + setManualChecks(next); + setSaving(id); + try { + await apiFetch('/api/v1/admin/settings', { + method: 'PUT', + body: { key: 'onboarding_manual_status', value: next }, + }); + } finally { + setSaving(null); + } + } + + const stepDone = (id: string) => Boolean(autoChecks[id]) || Boolean(manualChecks[id]); + const completed = STEPS.filter((s) => stepDone(s.id)).length; + const percent = Math.round((completed / STEPS.length) * 100); + + return ( +
+ + + Setup checklist + + {completed} of {STEPS.length} complete. Auto-checked steps update when you save the + underlying setting; manual ones (like website-form integration) need the checkbox. + + + + + +
    + {STEPS.map((step, idx) => { + const auto = Boolean(autoChecks[step.id]); + const manual = Boolean(manualChecks[step.id]); + const done = auto || manual; + return ( +
  1. + + {done ? ( + + ) : loading ? ( + + ) : ( + + )} + +
    +
    +
    + + {idx + 1}. {step.label} + + +

    {step.description}

    + {auto && ( +

    + Auto-detected complete via{' '} + + {step.autoCheckSettingKey ?? step.autoCheckListEndpoint} + +

    + )} +
    + {!auto && ( + + )} +
    +
    +
    2. + ); + })} +
+ + +
+ ); +} diff --git a/src/components/admin/ports/port-form.tsx b/src/components/admin/ports/port-form.tsx index 7795545..9837f16 100644 --- a/src/components/admin/ports/port-form.tsx +++ b/src/components/admin/ports/port-form.tsx @@ -6,9 +6,34 @@ import { Button } from '@/components/ui/button'; import { Input } from '@/components/ui/input'; import { Label } from '@/components/ui/label'; import { Switch } from '@/components/ui/switch'; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue, +} from '@/components/ui/select'; import { Sheet, SheetContent, SheetHeader, SheetTitle, SheetFooter } from '@/components/ui/sheet'; +import { TimezoneCombobox } from '@/components/shared/timezone-combobox'; import { apiFetch } from '@/lib/api/client'; +// ISO-4217 currency shortlist for the port-currency dropdown. +// Marina deals price in a small set; an admin who needs an exotic +// currency can add it here without a schema change. +const CURRENCY_OPTIONS: Array<{ value: string; label: string }> = [ + { value: 'USD', label: 'USD — US Dollar' }, + { value: 'EUR', label: 'EUR — Euro' }, + { value: 'GBP', label: 'GBP — British Pound' }, + { value: 'CHF', label: 'CHF — Swiss Franc' }, + { value: 'AED', label: 'AED — UAE Dirham' }, + { value: 'SAR', label: 'SAR — Saudi Riyal' }, + { value: 'PLN', label: 'PLN — Polish Złoty' }, + { value: 'AUD', label: 'AUD — Australian Dollar' }, + { value: 'CAD', label: 'CAD — Canadian Dollar' }, + { value: 'NZD', label: 'NZD — New Zealand Dollar' }, + { value: 'JPY', label: 'JPY — Japanese Yen' }, +]; + interface PortFormProps { open: boolean; onOpenChange: (open: boolean) => void; @@ -154,25 +179,23 @@ export function PortForm({ open, onOpenChange, port, onSuccess }: PortFormProps)
- setDefaultCurrency(e.target.value.toUpperCase())} - placeholder="USD" - maxLength={3} - required - /> +
- - setTimezone(e.target.value)} - placeholder="America/Anguilla" - required - /> + + setTimezone(tz ?? '')} />
diff --git a/src/components/admin/residential-stages-admin.tsx b/src/components/admin/residential-stages-admin.tsx new file mode 100644 index 0000000..b962a4d --- /dev/null +++ b/src/components/admin/residential-stages-admin.tsx @@ -0,0 +1,329 @@ +'use client'; + +import { useEffect, useState } from 'react'; +import { GripVertical, Plus, Trash2, Loader2, Save, AlertTriangle } from 'lucide-react'; + +import { Button } from '@/components/ui/button'; +import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card'; +import { + Dialog, + DialogContent, + DialogDescription, + DialogFooter, + DialogHeader, + DialogTitle, +} from '@/components/ui/dialog'; +import { Input } from '@/components/ui/input'; +import { Label } from '@/components/ui/label'; +import { + Select, + SelectContent, + SelectItem, + SelectTrigger, + SelectValue, +} from '@/components/ui/select'; +import { apiFetch } from '@/lib/api/client'; +import { toastError } from '@/lib/api/toast-error'; +import { toast } from 'sonner'; + +interface Stage { + id: string; + label: string; + terminal: 'won' | 'lost' | null; +} + +interface Orphan { + id: string; + pipelineStage: string; +} + +interface Resp { + data: { stages: Stage[]; orphans: Orphan[] }; +} + +export function ResidentialStagesAdmin() { + const [stages, setStages] = useState([]); + const [originalIds, setOriginalIds] = useState>(new Set()); + const [orphans, setOrphans] = useState([]); + const [loading, setLoading] = useState(true); + const [saving, setSaving] = useState(false); + const [reassignDialog, setReassignDialog] = useState<{ + affected: Orphan[]; + reassignments: Record; + } | null>(null); + + useEffect(() => { + void load(); + }, []); + + async function load() { + setLoading(true); + try { + const res = await apiFetch('/api/v1/residential/stages'); + setStages(res.data.stages); + setOriginalIds(new Set(res.data.stages.map((s) => s.id))); + setOrphans(res.data.orphans); + } finally { + setLoading(false); + } + } + + function move(idx: number, dir: -1 | 1) { + const next = [...stages]; + const swap = idx + dir; + if (swap < 0 || swap >= next.length) return; + [next[idx], next[swap]] = [next[swap]!, next[idx]!]; + setStages(next); + } + + function update(idx: number, patch: Partial) { + setStages((prev) => prev.map((s, i) => (i === idx ? { ...s, ...patch } : s))); + } + + function add() { + setStages((prev) => [ + ...prev, + { id: `stage_${prev.length + 1}`, label: 'New stage', terminal: null }, + ]); + } + + function remove(idx: number) { + setStages((prev) => prev.filter((_, i) => i !== idx)); + } + + async function attemptSave(force: boolean, reassignments?: Record) { + setSaving(true); + try { + await apiFetch('/api/v1/residential/stages', { + method: 'PUT', + body: { stages, reassignments, force }, + }); + toast.success('Stages saved'); + setReassignDialog(null); + await load(); + } catch (err: unknown) { + // The service throws ConflictError when interests sit on a removed + // stage. Open the reassignment dialog so the admin can fix it + // before retrying. + const msg = err instanceof Error ? err.message : ''; + if (/sit on a stage/.test(msg)) { + // Build the affected list from the current orphan-snapshot + // filtered to stages NOT in the new list. + const newIds = new Set(stages.map((s) => s.id)); + const affected = orphans.filter((o) => !newIds.has(o.pipelineStage)); + setReassignDialog({ affected, reassignments: {} }); + } else { + toastError(err); + } + } finally { + setSaving(false); + } + } + + const stageIds = stages.map((s) => s.id); + + const removedStageIds = Array.from(originalIds).filter((id) => !stageIds.includes(id)); + + if (loading) { + return ( +
+ Loading stages… +
+ ); + } + + return ( +
+ + + Stages + + Drag-style ordering via the up/down handles on the right. Stages with terminal + “won” or “lost” mark the funnel ends and feed reports. + + + + {stages.map((stage, idx) => ( +
+ +
+
+ + update(idx, { id: e.target.value })} + className="font-mono text-xs h-8" + /> +
+
+ + update(idx, { label: e.target.value })} + className="h-8" + /> +
+
+ + +
+
+
+ + +
+ +
+ ))} + + + + + + {removedStageIds.length > 0 && ( +
+ + Removing: {removedStageIds.join(', ')}. Any interests parked on these stages will need to + be reassigned before save. +
+ )} + +
+ +
+ + !o && setReassignDialog(null)}> + + + Reassign interests + + These residential interests sit on a stage you're removing. Pick a new stage for + each before saving. + + + {reassignDialog && ( +
+ {reassignDialog.affected.map((o) => ( +
+
+ {o.id.slice(0, 12)}… +

+ currently: {o.pipelineStage} +

+
+ +
+ ))} +
+ )} + + + + + + +
+ ); +} diff --git a/src/components/admin/roles/role-list.tsx b/src/components/admin/roles/role-list.tsx index 60ebc98..db09232 100644 --- a/src/components/admin/roles/role-list.tsx +++ b/src/components/admin/roles/role-list.tsx @@ -9,9 +9,32 @@ import { PageHeader } from '@/components/shared/page-header'; import { ConfirmationDialog } from '@/components/shared/confirmation-dialog'; import { Button } from '@/components/ui/button'; import { Badge } from '@/components/ui/badge'; +import { + Dialog, + DialogContent, + DialogDescription, + DialogFooter, + DialogHeader, + DialogTitle, +} from '@/components/ui/dialog'; import { apiFetch } from '@/lib/api/client'; import { RoleForm } from './role-form'; +/** + * Display-normalize a stored role name. Roles are stored with whatever + * key the admin entered (snake_case, kebab-case, free text). For UI + * display we titlecase + space-separate so "super_admin" reads as + * "Super Admin" and "Some role!" reads as "Some Role!" Display-only — + * code paths that compare role names use the stored verbatim value. + */ +function prettifyRoleName(name: string): string { + return name + .replace(/[_-]+/g, ' ') + .replace(/\s+/g, ' ') + .trim() + .replace(/\b\w/g, (c) => c.toUpperCase()); +} + interface Role { id: string; name: string; @@ -28,6 +51,7 @@ export function RoleList() { const [formOpen, setFormOpen] = useState(false); const [editingRole, setEditingRole] = useState(null); const [deletingId, setDeletingId] = useState(null); + const [viewingPermissions, setViewingPermissions] = useState(null); const fetchRoles = useCallback(async () => { setLoading(true); @@ -81,7 +105,11 @@ export function RoleList() { header: 'Name', cell: ({ row }) => (
- {row.original.name} + {/* Display-normalize: snake_case → "Snake Case" so admin- + created roles with arbitrary keys still read cleanly. + The underlying name is stored verbatim and is what code + checks against — display is purely cosmetic. */} + {prettifyRoleName(row.original.name)} {row.original.isSystem && ( @@ -102,7 +130,19 @@ export function RoleList() { id: 'permissions', header: 'Permissions', cell: ({ row }) => ( - {countPermissions(row.original.permissions)} + ), }, { @@ -171,6 +211,72 @@ export function RoleList() { role={editingRole} onSuccess={fetchRoles} /> + + {/* Permissions inspector — opens when admin clicks the count + badge in the table. Lists granted vs denied per resource so + they can spot gaps before opening the editor. */} + !o && setViewingPermissions(null)}> + + + + Permissions — {viewingPermissions ? prettifyRoleName(viewingPermissions.name) : ''} + + + Granted vs total per resource. Click Edit to change. + + + {viewingPermissions && ( +
+ {Object.entries(viewingPermissions.permissions).map(([resource, actions]) => { + const granted = Object.values(actions).filter(Boolean).length; + const total = Object.keys(actions).length; + return ( +
+
+ + {resource.replace(/_/g, ' ')} + + + {granted}/{total} + +
+
+ {Object.entries(actions).map(([action, allowed]) => ( + + {action.replace(/_/g, ' ')} + + ))} +
+
+ ); + })} +
+ )} + + + {viewingPermissions && ( + + )} + + +
); } diff --git a/src/components/admin/sales-email-config-card.tsx b/src/components/admin/sales-email-config-card.tsx index b8d63d6..6cfd5b9 100644 --- a/src/components/admin/sales-email-config-card.tsx +++ b/src/components/admin/sales-email-config-card.tsx @@ -23,6 +23,7 @@ import { Label } from '@/components/ui/label'; import { Switch } from '@/components/ui/switch'; import { Textarea } from '@/components/ui/textarea'; import { apiFetch } from '@/lib/api/client'; +import { VALID_MERGE_TOKENS } from '@/lib/templates/merge-fields'; import { toastError } from '@/lib/api/toast-error'; interface SalesConfigResponse { @@ -308,7 +309,23 @@ export function SalesEmailConfigCard() { - +
+ + Available tokens ({Array.from(VALID_MERGE_TOKENS).length}) + +
+ {Array.from(VALID_MERGE_TOKENS) + .sort() + .map((tok) => ( + {tok} + ))} +
+
+