fix(audit): non-Documenso backlog sweep — port-binding, NULLS NOT DISTINCT, custom merge tokens, company docs
Wave through the remaining audit-final-deferred items that aren't blocked
on the back-burnered Documenso work.
Multi-tenant isolation:
- Storage proxy ProxyTokenPayload gains optional `p` (port slug) claim;
verifier asserts `key.startsWith(${p}/)`. Defense-in-depth against a
buggy issuer in some future code path that mixes port scopes — every
storage key generated by generateStorageKey() already prefixes the
slug. document-sends opts in for 24h emailed download links; other
callers continue working unchanged via the optional field.
DB schema reconciliation:
- Migration 0047 rebuilds system_settings unique index with NULLS NOT
DISTINCT (Postgres 15+) so global settings (port_id IS NULL) are
uniquely keyed by `key` alone. Surfaced + dedupe'd 65 duplicate
(storage_backend, NULL) rows that had accumulated from race-prone
delete-then-insert patterns in ocr-config / settings / residential-
stages / ai-budget services. All four services converted to true
onConflictDoUpdate upserts so the race window is closed.
API uniformity:
- Response shape standardization: 16 routes converted from
`{ success: true }` to 204 No Content. CLAUDE.md documents the
convention (`{ data: <T> }` for content, 204 for empty mutations,
portal-auth retains `{ success: true }` for the frontend's auth chain).
- req.json() → parseBody() migration across 9 admin/CRM routes
(custom-fields, expenses/export ×3, currency convert,
search/recently-viewed, admin/duplicates, berths/pdf-{upload-url,
versions, parse-results}). Uniform 400 error shapes for
ZodError-flagged bodies.
Custom-fields merge tokens (shipped end-to-end):
- merge-fields.ts gains CUSTOM_MERGE_TOKEN_RE + helpers for the
`{{custom.<fieldName>}}` shape.
- document-templates validator accepts the dynamic shape alongside
the static catalog tokens.
- document-sends.service mergeCustomFieldValues resolver fetches
per-port custom_field_definitions for client/interest/berth contexts
and substitutes stored values keyed by `{{custom.fieldName}}`.
- custom-fields-manager amber banner updated to reflect that merge
tokens now expand (search index + entity-diff remain documented
design limitations).
/api/v1/files cross-entity filtering:
- Validator + listFiles + uploadFile accept companyId AND yachtId
alongside clientId. file-upload-zone propagates both.
- New CompanyFilesTab component mirrors ClientFilesTab; restored as a
visible Documents tab in company-tabs.tsx (was a hidden stub).
Inline TODOs:
- Reviewed remaining two TODOs (per-user reminder schedule, import
worker handlers). Both are placeholders for future feature surfaces,
not bugs — per-port digest works for every customer; nothing
currently enqueues import jobs (verified). Annotated in BACKLOG.
BACKLOG.md updated to reflect what landed and what's still pending
(Documenso-related items still bundled with the back-burnered phases).
Tests: 1185/1185 vitest, tsc clean.
This commit is contained in:
@@ -36,7 +36,7 @@ export const DELETE = withAuth(
|
||||
try {
|
||||
const id = params.id!;
|
||||
await archiveBrochure(ctx.portId, id);
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -3,67 +3,58 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { errorResponse, NotFoundError } from '@/lib/errors';
|
||||
import { updateFieldSchema } from '@/lib/validators/custom-fields';
|
||||
import {
|
||||
updateDefinition,
|
||||
deleteDefinition,
|
||||
} from '@/lib/services/custom-fields.service';
|
||||
import { updateDefinition, deleteDefinition } from '@/lib/services/custom-fields.service';
|
||||
|
||||
export const PATCH = withAuth(
|
||||
withPermission(
|
||||
'admin',
|
||||
'manage_custom_fields',
|
||||
async (req: NextRequest, ctx, params) => {
|
||||
try {
|
||||
const { fieldId } = params;
|
||||
if (!fieldId) throw new NotFoundError('Custom field');
|
||||
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx, params) => {
|
||||
try {
|
||||
const { fieldId } = params;
|
||||
if (!fieldId) throw new NotFoundError('Custom field');
|
||||
|
||||
const body = await req.json();
|
||||
// Read raw body before parsing so we can inspect `fieldType`
|
||||
// (the schema strips it; the service rejects any change). Using
|
||||
// req.json() directly here is intentional — parseBody would lose
|
||||
// the raw view we need for the mutation-attempt detection below.
|
||||
const body = (await req.json()) as Record<string, unknown>;
|
||||
const data = updateFieldSchema.parse(body);
|
||||
|
||||
// Parse only allowed fields; if fieldType sneaks in, the service will catch it
|
||||
const data = updateFieldSchema.parse(body);
|
||||
|
||||
// Pass raw body too so service can detect fieldType mutation attempts
|
||||
const updated = await updateDefinition(
|
||||
ctx.portId,
|
||||
fieldId,
|
||||
ctx.userId,
|
||||
{ ...data, ...(body.fieldType !== undefined && { fieldType: body.fieldType }) },
|
||||
{
|
||||
userId: ctx.userId,
|
||||
portId: ctx.portId,
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
},
|
||||
);
|
||||
|
||||
return NextResponse.json({ data: updated });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
},
|
||||
),
|
||||
);
|
||||
|
||||
export const DELETE = withAuth(
|
||||
withPermission(
|
||||
'admin',
|
||||
'manage_custom_fields',
|
||||
async (_req: NextRequest, ctx, params) => {
|
||||
try {
|
||||
const { fieldId } = params;
|
||||
if (!fieldId) throw new NotFoundError('Custom field');
|
||||
|
||||
const result = await deleteDefinition(ctx.portId, fieldId, ctx.userId, {
|
||||
// Pass raw body too so service can detect fieldType mutation attempts
|
||||
const updated = await updateDefinition(
|
||||
ctx.portId,
|
||||
fieldId,
|
||||
ctx.userId,
|
||||
{ ...data, ...(body.fieldType !== undefined && { fieldType: body.fieldType }) },
|
||||
{
|
||||
userId: ctx.userId,
|
||||
portId: ctx.portId,
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
},
|
||||
);
|
||||
|
||||
return NextResponse.json({ data: result });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
},
|
||||
),
|
||||
return NextResponse.json({ data: updated });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
}),
|
||||
);
|
||||
|
||||
export const DELETE = withAuth(
|
||||
withPermission('admin', 'manage_custom_fields', async (_req: NextRequest, ctx, params) => {
|
||||
try {
|
||||
const { fieldId } = params;
|
||||
if (!fieldId) throw new NotFoundError('Custom field');
|
||||
|
||||
const result = await deleteDefinition(ctx.portId, fieldId, ctx.userId, {
|
||||
userId: ctx.userId,
|
||||
portId: ctx.portId,
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
|
||||
return NextResponse.json({ data: result });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
}),
|
||||
);
|
||||
|
||||
@@ -1,12 +1,10 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { createFieldSchema } from '@/lib/validators/custom-fields';
|
||||
import {
|
||||
listDefinitions,
|
||||
createDefinition,
|
||||
} from '@/lib/services/custom-fields.service';
|
||||
import { listDefinitions, createDefinition } from '@/lib/services/custom-fields.service';
|
||||
|
||||
export const GET = withAuth(
|
||||
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx) => {
|
||||
@@ -25,8 +23,7 @@ export const GET = withAuth(
|
||||
export const POST = withAuth(
|
||||
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx) => {
|
||||
try {
|
||||
const body = await req.json();
|
||||
const data = createFieldSchema.parse(body);
|
||||
const data = await parseBody(req, createFieldSchema);
|
||||
|
||||
const definition = await createDefinition(ctx.portId, ctx.userId, data, {
|
||||
userId: ctx.userId,
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
import { and, eq, inArray } from 'drizzle-orm';
|
||||
|
||||
import type { AuthContext } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { db } from '@/lib/db';
|
||||
import { clients, clientMergeCandidates } from '@/lib/db/schema/clients';
|
||||
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
|
||||
@@ -11,6 +13,11 @@ import {
|
||||
type MergeFieldChoices,
|
||||
} from '@/lib/services/client-merge.service';
|
||||
|
||||
const confirmMergeSchema = z.object({
|
||||
winnerId: z.string().min(1),
|
||||
fieldChoices: z.record(z.string(), z.string()).optional(),
|
||||
});
|
||||
|
||||
/**
|
||||
* GET /api/v1/admin/duplicates
|
||||
*
|
||||
@@ -70,19 +77,13 @@ export async function listHandler(_req: Request, ctx: AuthContext): Promise<Next
|
||||
* service which is the only path that touches client_merge_log.
|
||||
*/
|
||||
export async function confirmMergeHandler(
|
||||
req: Request,
|
||||
req: NextRequest,
|
||||
ctx: AuthContext,
|
||||
params: { id?: string },
|
||||
): Promise<NextResponse> {
|
||||
try {
|
||||
const id = params.id ?? '';
|
||||
const body = (await req.json().catch(() => ({}))) as {
|
||||
winnerId?: string;
|
||||
fieldChoices?: MergeFieldChoices;
|
||||
};
|
||||
if (!body.winnerId) {
|
||||
throw new ValidationError('winnerId is required');
|
||||
}
|
||||
const body = await parseBody(req, confirmMergeSchema);
|
||||
|
||||
const [candidate] = await db
|
||||
.select()
|
||||
@@ -111,7 +112,7 @@ export async function confirmMergeHandler(
|
||||
loserId,
|
||||
mergedBy: ctx.userId,
|
||||
callerPortId: ctx.portId,
|
||||
fieldChoices: body.fieldChoices,
|
||||
fieldChoices: body.fieldChoices as MergeFieldChoices | undefined,
|
||||
});
|
||||
|
||||
return NextResponse.json({ data: result });
|
||||
|
||||
@@ -18,7 +18,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ export const DELETE = withAuth(async (_req, ctx, params) => {
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -4,11 +4,7 @@ import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { updateWebhookSchema } from '@/lib/validators/webhooks';
|
||||
import {
|
||||
getWebhook,
|
||||
updateWebhook,
|
||||
deleteWebhook,
|
||||
} from '@/lib/services/webhooks.service';
|
||||
import { getWebhook, updateWebhook, deleteWebhook } from '@/lib/services/webhooks.service';
|
||||
|
||||
// ─── GET /api/v1/admin/webhooks/[webhookId] ───────────────────────────────────
|
||||
|
||||
@@ -56,7 +52,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -8,8 +8,10 @@
|
||||
*/
|
||||
|
||||
import { NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { type RouteHandler } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { db } from '@/lib/db';
|
||||
import { berths } from '@/lib/db/schema/berths';
|
||||
import { and, eq } from 'drizzle-orm';
|
||||
@@ -17,17 +19,17 @@ import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
|
||||
import { getMaxUploadMb } from '@/lib/services/berth-pdf.service';
|
||||
import { getStorageBackend } from '@/lib/storage';
|
||||
|
||||
interface PostBody {
|
||||
fileName: string;
|
||||
const postBodySchema = z.object({
|
||||
fileName: z.string().min(1).max(255),
|
||||
/** Size hint in bytes — used to early-reject oversized uploads before we
|
||||
* burn a presigned URL. */
|
||||
sizeBytes?: number;
|
||||
}
|
||||
sizeBytes: z.number().int().nonnegative().optional(),
|
||||
});
|
||||
|
||||
export const postHandler: RouteHandler = async (req, ctx, params) => {
|
||||
try {
|
||||
const body = (await req.json()) as Partial<PostBody>;
|
||||
const fileName = (body.fileName ?? '').trim();
|
||||
const body = await parseBody(req, postBodySchema);
|
||||
const fileName = body.fileName.trim();
|
||||
if (!fileName) throw new ValidationError('fileName is required');
|
||||
|
||||
// Tenant-scoped berth lookup. Without `eq(berths.portId, ctx.portId)` a
|
||||
|
||||
@@ -7,23 +7,27 @@
|
||||
*/
|
||||
|
||||
import { NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { type RouteHandler } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse, ValidationError } from '@/lib/errors';
|
||||
import { listBerthPdfVersions, uploadBerthPdf } from '@/lib/services/berth-pdf.service';
|
||||
|
||||
interface PostBody {
|
||||
storageKey: string;
|
||||
fileName: string;
|
||||
fileSizeBytes: number;
|
||||
sha256: string;
|
||||
parseResults?: {
|
||||
engine: 'acroform' | 'ocr' | 'ai';
|
||||
extracted?: Record<string, unknown>;
|
||||
meanConfidence?: number;
|
||||
warnings?: string[];
|
||||
};
|
||||
}
|
||||
const postBodySchema = z.object({
|
||||
storageKey: z.string().min(1),
|
||||
fileName: z.string().min(1).max(255),
|
||||
fileSizeBytes: z.number().int().positive(),
|
||||
sha256: z.string().min(1),
|
||||
parseResults: z
|
||||
.object({
|
||||
engine: z.enum(['acroform', 'ocr', 'ai']),
|
||||
extracted: z.record(z.string(), z.unknown()).optional(),
|
||||
meanConfidence: z.number().optional(),
|
||||
warnings: z.array(z.string()).optional(),
|
||||
})
|
||||
.optional(),
|
||||
});
|
||||
|
||||
export const getHandler: RouteHandler = async (_req, ctx, params) => {
|
||||
try {
|
||||
@@ -47,16 +51,7 @@ const STORAGE_KEY_RE =
|
||||
|
||||
export const postHandler: RouteHandler = async (req, ctx, params) => {
|
||||
try {
|
||||
const body = (await req.json()) as Partial<PostBody>;
|
||||
if (!body.storageKey || !body.fileName) {
|
||||
throw new ValidationError('storageKey and fileName are required');
|
||||
}
|
||||
if (typeof body.fileSizeBytes !== 'number' || body.fileSizeBytes <= 0) {
|
||||
throw new ValidationError('fileSizeBytes must be a positive integer');
|
||||
}
|
||||
if (!body.sha256 || typeof body.sha256 !== 'string') {
|
||||
throw new ValidationError('sha256 is required');
|
||||
}
|
||||
const body = await parseBody(req, postBodySchema);
|
||||
const expectedPrefix = `berths/${params.id!}/uploads/`;
|
||||
if (!body.storageKey.startsWith(expectedPrefix) || !STORAGE_KEY_RE.test(body.storageKey)) {
|
||||
throw new ValidationError(
|
||||
|
||||
@@ -1,25 +1,23 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { type RouteHandler } from '@/lib/api/helpers';
|
||||
import { errorResponse, ValidationError } from '@/lib/errors';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { applyParseResults, type ExtractedBerthFields } from '@/lib/services/berth-pdf.service';
|
||||
|
||||
interface PostBody {
|
||||
versionId: string;
|
||||
fieldsToApply: Partial<ExtractedBerthFields>;
|
||||
}
|
||||
const postBodySchema = z.object({
|
||||
versionId: z.string().min(1),
|
||||
fieldsToApply: z.record(z.string(), z.unknown()),
|
||||
});
|
||||
|
||||
export const postHandler: RouteHandler = async (req, ctx, params) => {
|
||||
try {
|
||||
const body = (await req.json()) as Partial<PostBody>;
|
||||
if (!body.versionId) throw new ValidationError('versionId is required');
|
||||
if (!body.fieldsToApply || typeof body.fieldsToApply !== 'object') {
|
||||
throw new ValidationError('fieldsToApply must be an object');
|
||||
}
|
||||
const body = await parseBody(req, postBodySchema);
|
||||
const result = await applyParseResults(
|
||||
params.id!,
|
||||
body.versionId,
|
||||
body.fieldsToApply,
|
||||
body.fieldsToApply as Partial<ExtractedBerthFields>,
|
||||
ctx.portId,
|
||||
);
|
||||
return NextResponse.json({ data: result });
|
||||
|
||||
@@ -46,7 +46,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ export const POST = withAuth(
|
||||
});
|
||||
if (!existing) throw new NotFoundError('portal user');
|
||||
await resendActivation(existing.id, ctx.portId);
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
}
|
||||
|
||||
const body = await parseBody(req, inviteSchema);
|
||||
|
||||
@@ -20,7 +20,7 @@ export const PUT = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ export const PUT = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ import { NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { withAuth } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { convert } from '@/lib/services/currency';
|
||||
|
||||
@@ -13,8 +14,7 @@ const convertSchema = z.object({
|
||||
|
||||
export const POST = withAuth(async (req, _ctx) => {
|
||||
try {
|
||||
const body = await req.json();
|
||||
const { amount, from, to } = convertSchema.parse(body);
|
||||
const { amount, from, to } = await parseBody(req, convertSchema);
|
||||
|
||||
const result = await convert(amount, from, to);
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import { z } from 'zod';
|
||||
|
||||
import { withAuth } from '@/lib/api/helpers';
|
||||
import { parseQuery } from '@/lib/api/route-helpers';
|
||||
import { parseBody, parseQuery } from '@/lib/api/route-helpers';
|
||||
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
|
||||
import { requirePermission } from '@/lib/auth/permissions';
|
||||
import { setValuesSchema } from '@/lib/validators/custom-fields';
|
||||
@@ -91,8 +91,7 @@ export const PUT = withAuth(async (req: NextRequest, ctx, params) => {
|
||||
const { entityType } = parseQuery(req, querySchema);
|
||||
gateForEdit(entityType, ctx);
|
||||
|
||||
const body = await req.json();
|
||||
const { values } = setValuesSchema.parse(body);
|
||||
const { values } = await parseBody(req, setValuesSchema);
|
||||
|
||||
const result = await setValues(
|
||||
entityId,
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { exportCsv } from '@/lib/services/expense-export';
|
||||
import { listExpensesSchema } from '@/lib/validators/expenses';
|
||||
@@ -9,8 +10,7 @@ import { createAuditLog } from '@/lib/audit';
|
||||
export const POST = withAuth(
|
||||
withPermission('expenses', 'view', async (req, ctx) => {
|
||||
try {
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const query = listExpensesSchema.parse(body);
|
||||
const query = await parseBody(req, listExpensesSchema);
|
||||
const csv = await exportCsv(ctx.portId, query);
|
||||
|
||||
void createAuditLog({
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { exportParentCompany } from '@/lib/services/expense-export';
|
||||
import { listExpensesSchema } from '@/lib/validators/expenses';
|
||||
@@ -11,8 +12,7 @@ import { listExpensesSchema } from '@/lib/validators/expenses';
|
||||
export const POST = withAuth(
|
||||
withPermission('expenses', 'export', async (req, ctx) => {
|
||||
try {
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const query = listExpensesSchema.parse(body);
|
||||
const query = await parseBody(req, listExpensesSchema);
|
||||
const pdf = await exportParentCompany(ctx.portId, query);
|
||||
|
||||
return new NextResponse(Buffer.from(pdf), {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { NextResponse } from 'next/server';
|
||||
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { streamExpensePdf } from '@/lib/services/expense-pdf.service';
|
||||
import { exportExpensePdfSchema } from '@/lib/validators/expenses';
|
||||
@@ -32,8 +33,7 @@ export const dynamic = 'force-dynamic';
|
||||
export const POST = withAuth(
|
||||
withPermission('expenses', 'export', async (req, ctx) => {
|
||||
try {
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const input = exportExpensePdfSchema.parse(body);
|
||||
const input = await parseBody(req, exportExpensePdfSchema);
|
||||
|
||||
const { stream, suggestedFilename } = await streamExpensePdf({
|
||||
portId: ctx.portId,
|
||||
|
||||
@@ -20,6 +20,8 @@ export const POST = withAuth(
|
||||
const metadata = uploadFileSchema.parse({
|
||||
filename: (formData.get('filename') as string | null) ?? file.name,
|
||||
clientId: formData.get('clientId') as string | undefined,
|
||||
yachtId: formData.get('yachtId') as string | undefined,
|
||||
companyId: formData.get('companyId') as string | undefined,
|
||||
category: formData.get('category') as string | undefined,
|
||||
entityType: formData.get('entityType') as string | undefined,
|
||||
entityId: formData.get('entityId') as string | undefined,
|
||||
|
||||
@@ -13,7 +13,7 @@ export const POST = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -3,11 +3,7 @@ import { NextResponse } from 'next/server';
|
||||
import { withAuth, withPermission } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import {
|
||||
getInterestById,
|
||||
updateInterest,
|
||||
archiveInterest,
|
||||
} from '@/lib/services/interests.service';
|
||||
import { getInterestById, updateInterest, archiveInterest } from '@/lib/services/interests.service';
|
||||
import { updateInterestSchema } from '@/lib/validators/interests';
|
||||
|
||||
export const GET = withAuth(
|
||||
@@ -47,7 +43,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ export const PATCH = withAuth(async (_req, ctx, params) => {
|
||||
const { notificationId } = params;
|
||||
if (!notificationId) throw new NotFoundError('Notification');
|
||||
await notificationsService.markRead(notificationId, ctx.userId);
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ import * as notificationsService from '@/lib/services/notifications.service';
|
||||
export const POST = withAuth(async (_req, ctx) => {
|
||||
try {
|
||||
await notificationsService.markAllRead(ctx.userId, ctx.portId);
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -43,7 +43,7 @@ export const DELETE = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import { sql } from 'drizzle-orm';
|
||||
|
||||
import { withAuth } from '@/lib/api/helpers';
|
||||
import { parseBody } from '@/lib/api/route-helpers';
|
||||
import { db } from '@/lib/db';
|
||||
import { errorResponse } from '@/lib/errors';
|
||||
import { getRecentlyViewed, trackView } from '@/lib/services/recently-viewed.service';
|
||||
@@ -255,7 +256,7 @@ export const GET = withAuth(async (req: NextRequest, ctx) => {
|
||||
const pairs = await getRecentlyViewed(ctx.userId, ctx.portId, limit);
|
||||
const items = await hydrate(ctx.portSlug, ctx.portId, pairs);
|
||||
|
||||
return NextResponse.json({ items });
|
||||
return NextResponse.json({ data: items });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
@@ -263,12 +264,9 @@ export const GET = withAuth(async (req: NextRequest, ctx) => {
|
||||
|
||||
export const POST = withAuth(async (req: NextRequest, ctx) => {
|
||||
try {
|
||||
const body = await req.json();
|
||||
const parsed = trackViewSchema.parse(body);
|
||||
|
||||
const parsed = await parseBody(req, trackViewSchema);
|
||||
trackView(ctx.userId, ctx.portId, parsed.type, parsed.id);
|
||||
|
||||
return NextResponse.json({ ok: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ export const PUT = withAuth(
|
||||
ipAddress: ctx.ipAddress,
|
||||
userAgent: ctx.userAgent,
|
||||
});
|
||||
return NextResponse.json({ success: true });
|
||||
return new NextResponse(null, { status: 204 });
|
||||
} catch (error) {
|
||||
return errorResponse(error);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user