letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(audit): non-Documenso backlog sweep — port-binding, NULLS NOT DISTINCT, custom merge tokens, company docs
Some checks failed
Build & Push Docker Images / lint (push) Successful in 1m36s
Details
Build & Push Docker Images / build-and-push (push) Failing after 4m27s
Details

Browse Source 
Wave through the remaining audit-final-deferred items that aren't blocked
on the back-burnered Documenso work.

Multi-tenant isolation:
- Storage proxy ProxyTokenPayload gains optional `p` (port slug) claim;
  verifier asserts `key.startsWith(${p}/)`. Defense-in-depth against a
  buggy issuer in some future code path that mixes port scopes — every
  storage key generated by generateStorageKey() already prefixes the
  slug. document-sends opts in for 24h emailed download links; other
  callers continue working unchanged via the optional field.

DB schema reconciliation:
- Migration 0047 rebuilds system_settings unique index with NULLS NOT
  DISTINCT (Postgres 15+) so global settings (port_id IS NULL) are
  uniquely keyed by `key` alone. Surfaced + dedupe'd 65 duplicate
  (storage_backend, NULL) rows that had accumulated from race-prone
  delete-then-insert patterns in ocr-config / settings / residential-
  stages / ai-budget services. All four services converted to true
  onConflictDoUpdate upserts so the race window is closed.

API uniformity:
- Response shape standardization: 16 routes converted from
  `{ success: true }` to 204 No Content. CLAUDE.md documents the
  convention (`{ data: <T> }` for content, 204 for empty mutations,
  portal-auth retains `{ success: true }` for the frontend's auth chain).
- req.json() → parseBody() migration across 9 admin/CRM routes
  (custom-fields, expenses/export ×3, currency convert,
  search/recently-viewed, admin/duplicates, berths/pdf-{upload-url,
  versions, parse-results}). Uniform 400 error shapes for
  ZodError-flagged bodies.

Custom-fields merge tokens (shipped end-to-end):
- merge-fields.ts gains CUSTOM_MERGE_TOKEN_RE + helpers for the
  `{{custom.<fieldName>}}` shape.
- document-templates validator accepts the dynamic shape alongside
  the static catalog tokens.
- document-sends.service mergeCustomFieldValues resolver fetches
  per-port custom_field_definitions for client/interest/berth contexts
  and substitutes stored values keyed by `{{custom.fieldName}}`.
- custom-fields-manager amber banner updated to reflect that merge
  tokens now expand (search index + entity-diff remain documented
  design limitations).

/api/v1/files cross-entity filtering:
- Validator + listFiles + uploadFile accept companyId AND yachtId
  alongside clientId. file-upload-zone propagates both.
- New CompanyFilesTab component mirrors ClientFilesTab; restored as a
  visible Documents tab in company-tabs.tsx (was a hidden stub).

Inline TODOs:
- Reviewed remaining two TODOs (per-user reminder schedule, import
  worker handlers). Both are placeholders for future feature surfaces,
  not bugs — per-port digest works for every customer; nothing
  currently enqueues import jobs (verified). Annotated in BACKLOG.

BACKLOG.md updated to reflect what landed and what's still pending
(Documenso-related items still bundled with the back-burnered phases).

Tests: 1185/1185 vitest, tsc clean.
This commit is contained in:
Matt
2026-05-08 02:20:27 +02:00
parent 60365dc3de
commit 8dc16dcd2e
49 changed files with 578 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/app/api/v1/admin/brochures/[id]/route.ts
View File

@@ -36,7 +36,7 @@ export const DELETE = withAuth(
try {
const id = params.id!;
await archiveBrochure(ctx.portId, id);
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}

99
src/app/api/v1/admin/custom-fields/[fieldId]/route.ts
View File

@@ -3,67 +3,58 @@ import { NextRequest, NextResponse } from 'next/server';
import { withAuth, withPermission } from '@/lib/api/helpers';
import { errorResponse, NotFoundError } from '@/lib/errors';
import { updateFieldSchema } from '@/lib/validators/custom-fields';
import {
updateDefinition,
deleteDefinition,
} from '@/lib/services/custom-fields.service';
import { updateDefinition, deleteDefinition } from '@/lib/services/custom-fields.service';
export const PATCH = withAuth(
withPermission(
'admin',
'manage_custom_fields',
async (req: NextRequest, ctx, params) => {
try {
const { fieldId } = params;
if (!fieldId) throw new NotFoundError('Custom field');
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx, params) => {
try {
const { fieldId } = params;
if (!fieldId) throw new NotFoundError('Custom field');
const body = await req.json();
// Read raw body before parsing so we can inspect `fieldType`
// (the schema strips it; the service rejects any change). Using
// req.json() directly here is intentional — parseBody would lose
// the raw view we need for the mutation-attempt detection below.
const body = (await req.json()) as Record<string, unknown>;
const data = updateFieldSchema.parse(body);
// Parse only allowed fields; if fieldType sneaks in, the service will catch it
const data = updateFieldSchema.parse(body);
// Pass raw body too so service can detect fieldType mutation attempts
const updated = await updateDefinition(
ctx.portId,
fieldId,
ctx.userId,
{ ...data, ...(body.fieldType !== undefined && { fieldType: body.fieldType }) },
{
userId: ctx.userId,
portId: ctx.portId,
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
},
);
return NextResponse.json({ data: updated });
} catch (error) {
return errorResponse(error);
}
},
),
);
export const DELETE = withAuth(
withPermission(
'admin',
'manage_custom_fields',
async (_req: NextRequest, ctx, params) => {
try {
const { fieldId } = params;
if (!fieldId) throw new NotFoundError('Custom field');
const result = await deleteDefinition(ctx.portId, fieldId, ctx.userId, {
// Pass raw body too so service can detect fieldType mutation attempts
const updated = await updateDefinition(
ctx.portId,
fieldId,
ctx.userId,
{ ...data, ...(body.fieldType !== undefined && { fieldType: body.fieldType }) },
{
userId: ctx.userId,
portId: ctx.portId,
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
},
);
return NextResponse.json({ data: result });
} catch (error) {
return errorResponse(error);
}
},
),
return NextResponse.json({ data: updated });
} catch (error) {
return errorResponse(error);
}
}),
);
export const DELETE = withAuth(
withPermission('admin', 'manage_custom_fields', async (_req: NextRequest, ctx, params) => {
try {
const { fieldId } = params;
if (!fieldId) throw new NotFoundError('Custom field');
const result = await deleteDefinition(ctx.portId, fieldId, ctx.userId, {
userId: ctx.userId,
portId: ctx.portId,
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ data: result });
} catch (error) {
return errorResponse(error);
}
}),
);

9
src/app/api/v1/admin/custom-fields/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from 'next/server';
import { withAuth, withPermission } from '@/lib/api/helpers';
import { parseBody } from '@/lib/api/route-helpers';
import { errorResponse } from '@/lib/errors';
import { createFieldSchema } from '@/lib/validators/custom-fields';
import {
listDefinitions,
createDefinition,
} from '@/lib/services/custom-fields.service';
import { listDefinitions, createDefinition } from '@/lib/services/custom-fields.service';
export const GET = withAuth(
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx) => {
@@ -25,8 +23,7 @@ export const GET = withAuth(
export const POST = withAuth(
withPermission('admin', 'manage_custom_fields', async (req: NextRequest, ctx) => {
try {
const body = await req.json();
const data = createFieldSchema.parse(body);
const data = await parseBody(req, createFieldSchema);
const definition = await createDefinition(ctx.portId, ctx.userId, data, {
userId: ctx.userId,

21
src/app/api/v1/admin/duplicates/handlers.ts
View File

@@ -1,7 +1,9 @@
import { NextResponse } from 'next/server';
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { and, eq, inArray } from 'drizzle-orm';
import type { AuthContext } from '@/lib/api/helpers';
import { parseBody } from '@/lib/api/route-helpers';
import { db } from '@/lib/db';
import { clients, clientMergeCandidates } from '@/lib/db/schema/clients';
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
@@ -11,6 +13,11 @@ import {
type MergeFieldChoices,
} from '@/lib/services/client-merge.service';
const confirmMergeSchema = z.object({
winnerId: z.string().min(1),
fieldChoices: z.record(z.string(), z.string()).optional(),
});
/**
* GET /api/v1/admin/duplicates
*
@@ -70,19 +77,13 @@ export async function listHandler(_req: Request, ctx: AuthContext): Promise<Next
* service which is the only path that touches client_merge_log.
*/
export async function confirmMergeHandler(
req: Request,
req: NextRequest,
ctx: AuthContext,
params: { id?: string },
): Promise<NextResponse> {
try {
const id = params.id ?? '';
const body = (await req.json().catch(() => ({}))) as {
winnerId?: string;
fieldChoices?: MergeFieldChoices;
};
if (!body.winnerId) {
throw new ValidationError('winnerId is required');
}
const body = await parseBody(req, confirmMergeSchema);
const [candidate] = await db
.select()
@@ -111,7 +112,7 @@ export async function confirmMergeHandler(
loserId,
mergedBy: ctx.userId,
callerPortId: ctx.portId,
fieldChoices: body.fieldChoices,
fieldChoices: body.fieldChoices as MergeFieldChoices | undefined,
});
return NextResponse.json({ data: result });

2
src/app/api/v1/admin/invitations/[id]/route.ts
View File

@@ -18,7 +18,7 @@ export const DELETE = withAuth(
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}

2
src/app/api/v1/admin/roles/[id]/route.ts
View File

@@ -43,7 +43,7 @@ export const DELETE = withAuth(async (_req, ctx, params) => {
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}

2
src/app/api/v1/admin/settings/route.ts
View File

@@ -44,7 +44,7 @@ export const DELETE = withAuth(
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}

2
src/app/api/v1/admin/users/[id]/route.ts
View File

@@ -43,7 +43,7 @@ export const DELETE = withAuth(
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}

8
src/app/api/v1/admin/webhooks/[webhookId]/route.ts
View File

@@ -4,11 +4,7 @@ import { withAuth, withPermission } from '@/lib/api/helpers';
import { parseBody } from '@/lib/api/route-helpers';
import { errorResponse } from '@/lib/errors';
import { updateWebhookSchema } from '@/lib/validators/webhooks';
import {
getWebhook,
updateWebhook,
deleteWebhook,
} from '@/lib/services/webhooks.service';
import { getWebhook, updateWebhook, deleteWebhook } from '@/lib/services/webhooks.service';
// ─── GET /api/v1/admin/webhooks/[webhookId] ───────────────────────────────────
@@ -56,7 +52,7 @@ export const DELETE = withAuth(
ipAddress: ctx.ipAddress,
userAgent: ctx.userAgent,
});
return NextResponse.json({ success: true });
return new NextResponse(null, { status: 204 });
} catch (error) {
return errorResponse(error);
}