Initial commit: Port Nimara CRM (Layers 0-4)

Full CRM rebuild with Next.js 15, TypeScript, Tailwind, Drizzle ORM,
PostgreSQL, Redis, BullMQ, MinIO, and Socket.io. Includes 461 source
files covering clients, berths, interests/pipeline, documents/EOI,
expenses/invoices, email, notifications, dashboard, admin, and
client portal. CI/CD via Gitea Actions with Docker builds.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/app/api/v1/expenses/[id]/route.ts

@@ -0,0 +1,55 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth, withPermission } from '@/lib/api/helpers';
+import { parseBody } from '@/lib/api/route-helpers';
+import { errorResponse } from '@/lib/errors';
+import {
+  getExpenseById,
+  updateExpense,
+  archiveExpense,
+} from '@/lib/services/expenses';
+import { updateExpenseSchema } from '@/lib/validators/expenses';
+
+export const GET = withAuth(
+  withPermission('expenses', 'view', async (_req, ctx, params) => {
+    try {
+      const expense = await getExpenseById(params.id!, ctx.portId);
+      return NextResponse.json({ data: expense });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);
+
+export const PATCH = withAuth(
+  withPermission('expenses', 'edit', async (req, ctx, params) => {
+    try {
+      const body = await parseBody(req, updateExpenseSchema);
+      const expense = await updateExpense(params.id!, ctx.portId, body, {
+        userId: ctx.userId,
+        portId: ctx.portId,
+        ipAddress: ctx.ipAddress,
+        userAgent: ctx.userAgent,
+      });
+      return NextResponse.json({ data: expense });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);
+
+export const DELETE = withAuth(
+  withPermission('expenses', 'delete', async (_req, ctx, params) => {
+    try {
+      await archiveExpense(params.id!, ctx.portId, {
+        userId: ctx.userId,
+        portId: ctx.portId,
+        ipAddress: ctx.ipAddress,
+        userAgent: ctx.userAgent,
+      });
+      return new NextResponse(null, { status: 204 });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);

src/app/api/v1/expenses/export/csv/route.ts

@@ -0,0 +1,27 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth, withPermission } from '@/lib/api/helpers';
+import { parseBody } from '@/lib/api/route-helpers';
+import { errorResponse } from '@/lib/errors';
+import { exportCsv } from '@/lib/services/expense-export';
+import { listExpensesSchema } from '@/lib/validators/expenses';
+
+export const POST = withAuth(
+  withPermission('expenses', 'view', async (req, ctx) => {
+    try {
+      const body = await req.json().catch(() => ({}));
+      const query = listExpensesSchema.parse(body);
+      const csv = await exportCsv(ctx.portId, query);
+
+      return new NextResponse(csv, {
+        status: 200,
+        headers: {
+          'Content-Type': 'text/csv',
+          'Content-Disposition': `attachment; filename="expenses-${Date.now()}.csv"`,
+        },
+      });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);

src/app/api/v1/expenses/export/parent-company/route.ts

@@ -0,0 +1,28 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth } from '@/lib/api/helpers';
+import { errorResponse } from '@/lib/errors';
+import { exportParentCompany } from '@/lib/services/expense-export';
+import { listExpensesSchema } from '@/lib/validators/expenses';
+
+export const POST = withAuth(async (req, ctx) => {
+  try {
+    if (!ctx.isSuperAdmin) {
+      return NextResponse.json({ error: 'Insufficient permissions' }, { status: 403 });
+    }
+
+    const body = await req.json().catch(() => ({}));
+    const query = listExpensesSchema.parse(body);
+    const pdf = await exportParentCompany(ctx.portId, query);
+
+    return new NextResponse(Buffer.from(pdf), {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/pdf',
+        'Content-Disposition': `attachment; filename="expenses-parent-company-${Date.now()}.pdf"`,
+      },
+    });
+  } catch (error) {
+    return errorResponse(error);
+  }
+});

src/app/api/v1/expenses/export/pdf/route.ts

@@ -0,0 +1,26 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth, withPermission } from '@/lib/api/helpers';
+import { errorResponse } from '@/lib/errors';
+import { exportPdf } from '@/lib/services/expense-export';
+import { listExpensesSchema } from '@/lib/validators/expenses';
+
+export const POST = withAuth(
+  withPermission('expenses', 'view', async (req, ctx) => {
+    try {
+      const body = await req.json().catch(() => ({}));
+      const query = listExpensesSchema.parse(body);
+      const pdf = await exportPdf(ctx.portId, query);
+
+      return new NextResponse(Buffer.from(pdf), {
+        status: 200,
+        headers: {
+          'Content-Type': 'application/pdf',
+          'Content-Disposition': `attachment; filename="expenses-${Date.now()}.pdf"`,
+        },
+      });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);

src/app/api/v1/expenses/route.ts

@@ -0,0 +1,50 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth, withPermission } from '@/lib/api/helpers';
+import { parseQuery, parseBody } from '@/lib/api/route-helpers';
+import { errorResponse } from '@/lib/errors';
+import { listExpenses, createExpense } from '@/lib/services/expenses';
+import { listExpensesSchema, createExpenseSchema } from '@/lib/validators/expenses';
+
+export const GET = withAuth(
+  withPermission('expenses', 'view', async (req, ctx) => {
+    try {
+      const query = parseQuery(req, listExpensesSchema);
+      const result = await listExpenses(ctx.portId, query);
+
+      const { page, limit } = query;
+      const totalPages = Math.ceil(result.total / limit);
+
+      return NextResponse.json({
+        data: result.data,
+        pagination: {
+          page,
+          pageSize: limit,
+          total: result.total,
+          totalPages,
+          hasNextPage: page < totalPages,
+          hasPreviousPage: page > 1,
+        },
+      });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);
+
+export const POST = withAuth(
+  withPermission('expenses', 'create', async (req, ctx) => {
+    try {
+      const body = await parseBody(req, createExpenseSchema);
+      const expense = await createExpense(ctx.portId, body, {
+        userId: ctx.userId,
+        portId: ctx.portId,
+        ipAddress: ctx.ipAddress,
+        userAgent: ctx.userAgent,
+      });
+      return NextResponse.json({ data: expense }, { status: 201 });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);

src/app/api/v1/expenses/scan-receipt/route.ts

@@ -0,0 +1,27 @@
+import { NextResponse } from 'next/server';
+
+import { withAuth, withPermission } from '@/lib/api/helpers';
+import { errorResponse } from '@/lib/errors';
+import { scanReceipt } from '@/lib/services/receipt-scanner';
+
+export const POST = withAuth(
+  withPermission('expenses', 'create', async (req, _ctx) => {
+    try {
+      const formData = await req.formData();
+      const file = formData.get('file') as File | null;
+
+      if (!file) {
+        return NextResponse.json({ error: 'No file provided' }, { status: 400 });
+      }
+
+      const buffer = Buffer.from(await file.arrayBuffer());
+      const mimeType = file.type || 'image/jpeg';
+
+      const result = await scanReceipt(buffer, mimeType);
+
+      return NextResponse.json({ data: result });
+    } catch (error) {
+      return errorResponse(error);
+    }
+  }),
+);