Matt
0d9208a052
Knocks out 10 of the 13 known issues from yesterday's Playwright audit. A4 — Client form silently rejected submit when a contact row had an empty value. The F19 filter ran in mutationFn after zod's handleSubmit had already short-circuited on min(1). Now wraps the onSubmit to prune empty rows BEFORE handleSubmit/zod sees them. A16 — File upload to documents hub root 400'd because FormData.get returns null for absent fields and zod's .optional() rejects null. Route handler now coerces null/empty → undefined before parse. A17 — Added /api/v1/me/ports endpoint that any authenticated user can hit; client.ts now uses it as the bootstrap port-slug→port-id resolver. Eliminates the wasteful 400s sales-reps and viewers were firing on every page load against the super-admin-gated /admin/ports. A1 — Filter permission_denied actions from the dashboard activity feed. Still in the audit log; just not noise on the dashboard. A2 — New LEGACY_STAGE_REMAP table + canonicalizeStage / stageLabelFor helpers in lib/constants. Activity-feed maps legacy 9-stage enum values (deposit_10pct, contract_sent, etc.) to their 7-stage labels on the way out, so historical audit rows read as "Deposit Paid" not "Deposit 10Pct". A19 — Same-stage write now returns 204 No Content. Service returns a STAGE_NOOP sentinel; the route handler translates it. A9 — Catch-up wizard now derives stage from berth status (under_offer → EOI, sold → contract) with a stageOverride state for explicit user picks. Avoids the set-state-in-effect rule violation. A20 — OwnerPicker shows a "Client / Company" hint chip on the trigger when no value is set, so users know the trigger opens a two-tab picker instead of just a client list. A8 — Migration 0066 normalizes legacy `statusOverrideMode = 'auto'` to NULL so the column lives at strictly 3 states. A6 — file-preview-dialog gets a screen-reader DialogDescription so the Radix "Missing aria-describedby" warning stops firing on every preview. A18 closed as not-a-bug: /api/v1/users genuinely doesn't exist (Next returns 404); /api/v1/admin/audit exists and 403s. A5 (Socket.IO dev noise) + A3 (react-grab CSP) left for a separate pass — both are dev-only cosmetic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
64 lines
2.0 KiB
TypeScript
64 lines
2.0 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
|
|
import { withAuth, withPermission } from '@/lib/api/helpers';
|
|
import { errorResponse, ValidationError } from '@/lib/errors';
|
|
import { uploadFile } from '@/lib/services/files';
|
|
import { uploadFileSchema } from '@/lib/validators/files';
|
|
|
|
export const POST = withAuth(
|
|
withPermission('files', 'upload', async (req, ctx) => {
|
|
try {
|
|
const formData = await req.formData();
|
|
const file = formData.get('file') as File | null;
|
|
|
|
if (!file) {
|
|
throw new ValidationError('No file provided');
|
|
}
|
|
|
|
const buffer = Buffer.from(await file.arrayBuffer());
|
|
|
|
// A16: FormData.get returns null when the field is absent, not
|
|
// undefined. Zod's .optional() accepts undefined but rejects null,
|
|
// so the previous `as string | undefined` cast lied and uploads at
|
|
// the hub root (no entity selected) 400'd. Coerce absent / empty
|
|
// values to undefined before parse.
|
|
const formStr = (key: string): string | undefined => {
|
|
const v = formData.get(key);
|
|
return typeof v === 'string' && v.length > 0 ? v : undefined;
|
|
};
|
|
const metadata = uploadFileSchema.parse({
|
|
filename: formStr('filename') ?? file.name,
|
|
clientId: formStr('clientId'),
|
|
yachtId: formStr('yachtId'),
|
|
companyId: formStr('companyId'),
|
|
category: formStr('category'),
|
|
entityType: formStr('entityType'),
|
|
entityId: formStr('entityId'),
|
|
folderId: formStr('folderId'),
|
|
});
|
|
|
|
const result = await uploadFile(
|
|
ctx.portId,
|
|
ctx.portSlug,
|
|
{
|
|
buffer,
|
|
originalName: file.name,
|
|
mimeType: file.type,
|
|
size: file.size,
|
|
},
|
|
metadata,
|
|
{
|
|
userId: ctx.userId,
|
|
portId: ctx.portId,
|
|
ipAddress: ctx.ipAddress,
|
|
userAgent: ctx.userAgent,
|
|
},
|
|
);
|
|
|
|
return NextResponse.json({ data: result }, { status: 201 });
|
|
} catch (error) {
|
|
return errorResponse(error);
|
|
}
|
|
}),
|
|
);
|