letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(audit-wave-10): types-auditor fixes — Tx type, BerthDetailData, parseBody, toAuditJson

Browse Source 
Address the CRITICAL + high-leverage HIGH items from the types-auditor:

**C1 — `tx: any` in client-restore.service**
Export a canonical `Tx` type from `lib/db/utils.ts` (derived from
Drizzle's `db.transaction` callback shape) and use it in
`applyReversal` so the 12+ downstream tx writes get full inference.

**C2 — berth-detail page stacked `useQuery<any>` escape hatches**
Export `BerthDetailData` from berth-detail-header and consume it
through useQuery + apiFetch. Removed three `any` escapes in the
highest-traffic detail page. Also collapsed the duplicate `BerthData`
in berth-tabs.tsx to import from berth-detail-header so the two
types can't drift.

**C3 — parseBody migration for portal/public routes**
Replace raw `await req.json() + schema.parse(body)` with the
project-standard `parseBody(req, schema)` helper across 7 routes:
- portal/auth/{change-password, activate, reset-password}
- auth/set-password
- public/{interests, residential-inquiries}
Skipped the three anti-enumeration routes (forgot-password, sign-in,
sign-in-by-identifier) where the manual validation gives opaque
errors on purpose. website-inquiries already wraps the parse in a
custom 400 — left as-is.

**HIGH #5 — `toAuditJson<T>` helper (21 → 0 inline casts)**
Introduce `toAuditJson<T extends object>(row: T): Record<string,
unknown>` in lib/audit.ts (mirrors gdpr-bundle-builder's `toJsonRow`
that already exists for the same reason). Codemod 21 `<row> as unknown
as Record<string, unknown>` sites across:
- invoices.ts × 6
- expenses.ts × 6
- berths.service × 2
- documents.service × 2
- ocr-config.service × 2
- ai-budget.service × 2
- yachts.service, companies.service, company-memberships.service × 1 each

document-templates' `payload as unknown as Record<...>` is a different
shape (Documenso form-values widening, not an audit log) — kept the
manual cast there. Tests stay 1315/1315.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt
2026-05-13 12:27:08 +02:00
parent b397f6049d
commit f183f58b0c
21 changed files with 78 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/lib/services/expenses.ts
View File

@@ -4,7 +4,7 @@ import type { PgColumn } from 'drizzle-orm/pg-core';
import { db } from '@/lib/db';
import { expenses, invoices, invoiceExpenses } from '@/lib/db/schema/financial';
import { buildListQuery } from '@/lib/db/query-builder';
import { createAuditLog, type AuditMeta } from '@/lib/audit';
import { createAuditLog, toAuditJson, type AuditMeta } from '@/lib/audit';
import { diffEntity } from '@/lib/entity-diff';
import { softDelete, restore } from '@/lib/db/utils';
import { CodedError, NotFoundError } from '@/lib/errors';
@@ -171,7 +171,7 @@ export async function createExpense(portId: string, data: CreateExpenseInput, me
action: 'create',
entityType: 'expense',
entityId: expense.id,
newValue: expense as unknown as Record<string, unknown>,
newValue: toAuditJson(expense),
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});
@@ -250,7 +250,7 @@ export async function updateExpense(
if (data.amount !== undefined) updateData.amount = String(data.amount);
const { diff } = diffEntity(existing as unknown as Record<string, unknown>, updateData);
const { diff } = diffEntity(toAuditJson(existing), updateData);
const [updated] = await db
.update(expenses)
@@ -266,8 +266,8 @@ export async function updateExpense(
action: 'update',
entityType: 'expense',
entityId: id,
oldValue: existing as unknown as Record<string, unknown>,
newValue: updated as unknown as Record<string, unknown>,
oldValue: toAuditJson(existing),
newValue: toAuditJson(updated),
metadata: { diff },
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
@@ -304,7 +304,7 @@ export async function archiveExpense(id: string, portId: string, meta: AuditMeta
action: 'archive',
entityType: 'expense',
entityId: id,
oldValue: existing as unknown as Record<string, unknown>,
oldValue: toAuditJson(existing),
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});
@@ -325,7 +325,7 @@ export async function restoreExpense(id: string, portId: string, meta: AuditMeta
action: 'restore',
entityType: 'expense',
entityId: id,
newValue: restored as unknown as Record<string, unknown>,
newValue: toAuditJson(restored),
ipAddress: meta.ipAddress,
userAgent: meta.userAgent,
});