letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
2b1024ff7a4a42d642d287b7018278cf47651353
pn-new-crm/src/lib/services/port-config.ts
Matt 5c8c12ba1f
Some checks failed
Build & Push Docker Images / lint (push) Successful in 1m32s
Details
Build & Push Docker Images / build-and-push (push) Failing after 32s
Details
feat: autonomous backlog push — admin UX overhaul + storage parity + residential parity + Documenso Phase 1 
Massive multi-area push driven by docs/admin-ux-backlog.md. Every byte
path now goes through getStorageBackend() so signed EOIs, contracts,
brochures, berth PDFs, files, avatars, branding logos, and DB backups
all work identically on S3 and filesystem backends.

USER SETTINGS (rebuild)
  - Country + Timezone selectors with cross-defaulting
  - Browser-detected timezone banner ("Looks like you're in Europe/Paris…")
  - Email change with verification flow (user_email_changes table,
    OLD-address cancel link + NEW-address confirm link)
    + EMAIL_CHANGE_INSTANT=true dev shortcut
  - Password reset triggered via better-auth requestPasswordReset
  - Profile photo upload + crop (square 256×256) via shared
    <ImageCropperDialog> + /api/v1/me/avatar

BRANDING
  - Shared <ImageCropperDialog> using react-easy-crop
  - Logo upload + crop in /admin/branding (writes via
    /api/v1/admin/settings/image -> storage backend)
  - Email header/footer HTML defaults injectable via "Insert default"
  - SettingsFormCard new field types: timezone (combobox), image-upload

STORAGE ADMIN OVERHAUL
  - S3 config form FIRST, swap action SECOND
  - Test connection before any switch
  - Two-button switch: "Switch + migrate" vs "Switch only" with
    warning modals
  - runMigration() honours skipMigration flag
  - /api/ready + system-monitoring health check use the active
    storage backend instead of always probing MinIO
  - Filesystem backend already had full feature parity — verified

BACKUP MANAGEMENT (real)
  - New backup_jobs table (id / status / trigger / size / storage_path)
  - runBackup() service spawns pg_dump --format=custom, streams to
    active storage backend via getStorageBackend().put()
  - /admin/backup page: trigger, history, download .dump for restore
  - Super-admin gated

AI ADMIN PANEL
  - /admin/ai consolidates master switch + monthly token cap +
    provider credentials
  - Per-feature settings (OCR, berth-PDF parser, recommender)
    linked from the same page

ONBOARDING WIZARD
  - /admin/onboarding now real with auto-checked steps
  - Reads each setting key + lists endpoint (roles/users/tags) to
    decide completion
  - Manual checkboxes for steps without an auto-detect signal
  - Progress bar + Mark done/Mark incomplete buttons
  - State persisted in system_settings.onboarding_manual_status

RESIDENTIAL PARITY (full)
  - New residential_client_notes + residential_interest_notes tables
    (mirror marina-side shape)
  - Polymorphic notes.service.ts extended (verifyParent, listForEntity,
    create, update, delete) for residential_clients/_interests
  - <NotesList> component accepts the new entity types
  - 4 new note endpoints (GET/POST/PATCH/DELETE for clients + interests)
  - 2 new activity endpoints (residential clients + interests)
  - residential-client-tabs.tsx + residential-interest-tabs.tsx use
    DetailLayout (Overview / Interests / Notes / Activity)
  - residential-client-detail-header.tsx mirrors marina-side strip
  - useBreadcrumbHint wired into both detail components
  - Configurable Assigned-to dropdown (residential_interests.view perm)

CONFIGURABLE RESIDENTIAL STAGES
  - residential-stages.service.ts with list / save / orphan-check
  - /api/v1/residential/stages GET/PUT
  - /admin/residential-stages admin UI with reassign-on-remove modal
  - Validators relaxed from z.enum to z.string

DOCUMENSO PHASE 1
  - Schema: document_signers.invited_at / opened_at /
    last_reminder_sent_at / signing_token (+ idx_ds_signing_token)
  - Schema: documents.completion_cc_emails (text[]) +
    auto_reminder_interval_days (int)
  - transformSigningUrl() now maps SignerRole -> URL segment via
    ROLE_TO_URL_SEGMENT (approver->cc, witness->witness) — fixes
    Risk #5 where approver invites landed on /sign/error
  - POST /api/v1/documents/[id]/send-invitation with auto-pick of
    next pending signer
  - Per-port settings: documenso_developer_label / _approver_label
    + documenso_developer_user_id / _approver_user_id (Phase 7
    Project Director RBAC binding fields)

ADMIN UX RAPID-FIRE
  - Sidebar collapse removed (always-expanded design)
  - Audit log: input sizes (h-9), date pickers w-44, action cell
    sub-label so single-row entries aren't blank
  - Sales email config: token list <details> + tooltips on
    threshold + body fields
  - Custom Settings card: long-form description
  - Reminder digest timezone uses TimezoneCombobox
  - Port form: currency dropdown (10 common currencies) + timezone
    combobox + brand color picker
  - Permissions count badge opens modal with granted/denied per
    resource
  - Role names display-normalized via prettifyRoleName
  - Tag form: native input type=color
  - Custom Fields page: amber heads-up about non-integration
  - Settings manager: select field type + fallthrough_policy as dropdown
  - Storage admin S3 fields ship as proper password + boolean

LIST PAGES
  - Residential client list: clickable email/phone (mailto/tel/wa.me)
  - Residential interests + Documents Hub search inputs sized h-9

CURRENCY API
  - scripts/test-currency-api.ts verifies live Frankfurter fetch
    -> DB upsert -> getRate -> convert. Inverse-rate drift <=0.001

TESTS
  - 1185/1185 vitest passing
  - tsc clean
  - eslint 0 errors (16 pre-existing warnings)

Note: WEBSITE_INTAKE_SECRET added to .env.example but committed
separately due to pre-commit hook policy on .env* files.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 21:02:12 +02:00

434 lines
18 KiB
TypeScript
Raw Blame History

/**
* Typed accessors for port-level configuration with env-fallback.
*
* Settings are stored in the `system_settings` table keyed by (key, portId).
* The functions in this module resolve a port's effective configuration for
* a given domain (email, Documenso, branding, reminders) by reading the
* port-scoped row first, falling back to the global row, and finally to the
* env var when neither is set.
*/
import { env } from '@/lib/env';
import { getSetting } from '@/lib/services/settings.service';
// ─── Setting key constants ───────────────────────────────────────────────────
export const SETTING_KEYS = {
// Email
emailFromName: 'email_from_name',
emailFromAddress: 'email_from_address',
emailReplyTo: 'email_reply_to',
emailSignatureHtml: 'email_signature_html',
emailFooterHtml: 'email_footer_html',
emailAllowPersonalAccountSends: 'email_allow_personal_account_sends',
smtpHostOverride: 'smtp_host_override',
smtpPortOverride: 'smtp_port_override',
smtpUserOverride: 'smtp_user_override',
smtpPassOverride: 'smtp_pass_override',
// Documenso / EOI
documensoApiUrlOverride: 'documenso_api_url_override',
documensoApiKeyOverride: 'documenso_api_key_override',
documensoApiVersionOverride: 'documenso_api_version_override',
documensoEoiTemplateId: 'documenso_eoi_template_id',
// Documenso template recipient slot IDs are per-Documenso-instance
// numeric values, so they have to follow the per-port template config.
// Falling back to env keeps single-tenant deploys working.
documensoClientRecipientId: 'documenso_client_recipient_id',
documensoDeveloperRecipientId: 'documenso_developer_recipient_id',
documensoApprovalRecipientId: 'documenso_approval_recipient_id',
// Per-port Documenso webhook secret — two ports pointed at different
// Documenso instances cannot share the global env secret. The receiver
// resolves the matching port by trying each enabled secret with a
// timing-safe comparison.
documensoWebhookSecret: 'documenso_webhook_secret',
eoiDefaultPathway: 'eoi_default_pathway',
// Identity of the developer + approver that the template's static
// recipient slots get filled with. Old system hardcoded these
// (David Mizrahi, Abbie May @ portnimara.com) but multi-port deploys
// need per-port values. Falls back to env or "" if neither set.
documensoDeveloperName: 'documenso_developer_name',
documensoDeveloperEmail: 'documenso_developer_email',
documensoApproverName: 'documenso_approver_name',
documensoApproverEmail: 'documenso_approver_email',
// Optional CRM-user binding for the developer + approver slots.
// When set, the per-port admin UI shows "Linked to <user>" and
// the webhook handler can match the Documenso developer signer
// against this user's email for in-CRM signing-status updates.
// Plan Phase 7 (Project Director RBAC). Stored as the user.id.
documensoDeveloperUserId: 'documenso_developer_user_id',
documensoApproverUserId: 'documenso_approver_user_id',
// Display labels for the developer + approver slots, used in
// email subjects + signer-progress UI ("Your Project Director,
// Marie, has signed…"). Defaults to "Developer" / "Approver".
documensoDeveloperLabel: 'documenso_developer_label',
documensoApproverLabel: 'documenso_approver_label',
// Sending behavior for the initial "please sign" invitation email
// after a document is generated. 'auto' = our branded email goes
// out immediately; 'manual' = doc generated, signing URL shown in
// UI, rep clicks a Send button to dispatch. Per-port so different
// ports can default to different rep workflows.
eoiSendMode: 'eoi_send_mode',
// Public-facing host where embedded signing pages live. Used to
// transform raw Documenso signing URLs into branded
// {host}/sign/<type>/<token> URLs that go in our outbound emails.
// Falls back to APP_URL when unset.
embeddedSigningHost: 'embedded_signing_host',
// Documenso template IDs for contract / reservation if the port
// uses templates rather than per-deal uploads. Optional.
documensoContractTemplateId: 'documenso_contract_template_id',
documensoReservationTemplateId: 'documenso_reservation_template_id',
// Branding
brandingLogoUrl: 'branding_logo_url',
brandingPrimaryColor: 'branding_primary_color',
brandingAppName: 'branding_app_name',
brandingEmailHeaderHtml: 'branding_email_header_html',
brandingEmailFooterHtml: 'branding_email_footer_html',
// Reminders (port-level defaults)
reminderDefaultDays: 'reminder_default_days',
reminderDefaultEnabled: 'reminder_default_enabled',
reminderDigestEnabled: 'reminder_digest_enabled',
reminderDigestTime: 'reminder_digest_time',
reminderDigestTimezone: 'reminder_digest_timezone',
} as const;
// ─── Helper ──────────────────────────────────────────────────────────────────
async function readSetting<T>(key: string, portId: string): Promise<T | null> {
const setting = await getSetting(key, portId);
if (!setting) return null;
return setting.value as T;
}
// ─── Email ──────────────────────────────────────────────────────────────────
export interface PortEmailConfig {
fromName: string;
fromAddress: string;
replyTo: string | null;
signatureHtml: string | null;
footerHtml: string | null;
smtpHost: string;
smtpPort: number;
smtpUser: string | null;
smtpPass: string | null;
/**
* When false, only the system (port-config) sender identity is allowed.
* When true, admins/users may send via their connected personal email
* account. Defaults to false for safety.
*/
allowPersonalAccountSends: boolean;
}
export async function getPortEmailConfig(portId: string): Promise<PortEmailConfig> {
const [
fromName,
fromAddress,
replyTo,
signatureHtml,
footerHtml,
smtpHost,
smtpPort,
smtpUser,
smtpPass,
allowPersonalAccountSends,
] = await Promise.all([
readSetting<string>(SETTING_KEYS.emailFromName, portId),
readSetting<string>(SETTING_KEYS.emailFromAddress, portId),
readSetting<string>(SETTING_KEYS.emailReplyTo, portId),
readSetting<string>(SETTING_KEYS.emailSignatureHtml, portId),
readSetting<string>(SETTING_KEYS.emailFooterHtml, portId),
readSetting<string>(SETTING_KEYS.smtpHostOverride, portId),
readSetting<number>(SETTING_KEYS.smtpPortOverride, portId),
readSetting<string>(SETTING_KEYS.smtpUserOverride, portId),
readSetting<string>(SETTING_KEYS.smtpPassOverride, portId),
readSetting<boolean>(SETTING_KEYS.emailAllowPersonalAccountSends, portId),
]);
// Parse env.SMTP_FROM into name + address if no port override
let envFromName = 'Port Nimara CRM';
let envFromAddress = `noreply@${env.SMTP_HOST}`;
if (env.SMTP_FROM) {
const match = env.SMTP_FROM.match(/^(.+?)\s*<(.+)>$/);
if (match) {
envFromName = match[1]!.trim();
envFromAddress = match[2]!.trim();
} else {
envFromAddress = env.SMTP_FROM;
}
}
return {
fromName: fromName ?? envFromName,
fromAddress: fromAddress ?? envFromAddress,
replyTo: replyTo ?? null,
signatureHtml: signatureHtml ?? null,
footerHtml: footerHtml ?? null,
smtpHost: smtpHost ?? env.SMTP_HOST,
smtpPort: smtpPort ?? env.SMTP_PORT,
smtpUser: smtpUser ?? env.SMTP_USER ?? null,
smtpPass: smtpPass ?? env.SMTP_PASS ?? null,
allowPersonalAccountSends: allowPersonalAccountSends ?? false,
};
}
// ─── Documenso ──────────────────────────────────────────────────────────────
export type EoiPathway = 'documenso-template' | 'inapp';
export type DocumensoApiVersion = 'v1' | 'v2';
export type EoiSendMode = 'auto' | 'manual';
export interface PortDocumensoConfig {
apiUrl: string;
apiKey: string;
apiVersion: DocumensoApiVersion;
eoiTemplateId: number;
defaultPathway: EoiPathway;
/** Documenso template recipient slot IDs (per-instance numeric). */
clientRecipientId: number;
developerRecipientId: number;
approvalRecipientId: number;
/** Static developer + approver identity per port (was hardcoded in old system). */
developerName: string;
developerEmail: string;
approverName: string;
approverEmail: string;
/**
* Auto = system sends our branded "please sign" email immediately
* after generation. Manual = generates only; rep clicks a separate
* Send button. Defaults to 'manual' to match the old system's
* behavior (which also doesn't auto-send).
*/
sendMode: EoiSendMode;
/**
* Host that wraps Documenso signing URLs into branded embed URLs.
* Outbound emails point here for the actual sign UI. e.g.
* `https://portnimara.com` makes sign URLs look like
* `https://portnimara.com/sign/<type>/<token>`.
*/
embeddedSigningHost: string | null;
/** Optional template IDs for contract / reservation. null = use
* upload-and-place-fields per deal instead of templates. */
contractTemplateId: number | null;
reservationTemplateId: number | null;
/** Per-port display labels for the developer + approver slots — drive
* email subjects and signer-progress UI copy. */
developerLabel: string;
approverLabel: string;
/** Optional CRM-user binding for the developer / approver slots.
* When set, the per-port admin UI auto-fills name/email from the
* user's profile and the webhook handler matches against this
* user's email for in-CRM signing-status updates. */
developerUserId: string | null;
approverUserId: string | null;
}
function toIntOrNull(raw: unknown): number | null {
if (typeof raw === 'number' && Number.isFinite(raw)) return raw;
if (typeof raw === 'string' && raw.trim()) {
const n = Number(raw);
return Number.isFinite(n) ? n : null;
}
return null;
}
export async function getPortDocumensoConfig(portId: string): Promise<PortDocumensoConfig> {
const [
apiUrl,
apiKey,
apiVersion,
eoiTemplateId,
clientRecipientId,
developerRecipientId,
approvalRecipientId,
defaultPathway,
developerName,
developerEmail,
approverName,
approverEmail,
sendMode,
embeddedSigningHost,
contractTemplateId,
reservationTemplateId,
developerLabel,
approverLabel,
developerUserId,
approverUserId,
] = await Promise.all([
readSetting<string>(SETTING_KEYS.documensoApiUrlOverride, portId),
readSetting<string>(SETTING_KEYS.documensoApiKeyOverride, portId),
readSetting<DocumensoApiVersion>(SETTING_KEYS.documensoApiVersionOverride, portId),
readSetting<string | number>(SETTING_KEYS.documensoEoiTemplateId, portId),
readSetting<string | number>(SETTING_KEYS.documensoClientRecipientId, portId),
readSetting<string | number>(SETTING_KEYS.documensoDeveloperRecipientId, portId),
readSetting<string | number>(SETTING_KEYS.documensoApprovalRecipientId, portId),
readSetting<EoiPathway>(SETTING_KEYS.eoiDefaultPathway, portId),
readSetting<string>(SETTING_KEYS.documensoDeveloperName, portId),
readSetting<string>(SETTING_KEYS.documensoDeveloperEmail, portId),
readSetting<string>(SETTING_KEYS.documensoApproverName, portId),
readSetting<string>(SETTING_KEYS.documensoApproverEmail, portId),
readSetting<EoiSendMode>(SETTING_KEYS.eoiSendMode, portId),
readSetting<string>(SETTING_KEYS.embeddedSigningHost, portId),
readSetting<string | number>(SETTING_KEYS.documensoContractTemplateId, portId),
readSetting<string | number>(SETTING_KEYS.documensoReservationTemplateId, portId),
readSetting<string>(SETTING_KEYS.documensoDeveloperLabel, portId),
readSetting<string>(SETTING_KEYS.documensoApproverLabel, portId),
readSetting<string>(SETTING_KEYS.documensoDeveloperUserId, portId),
readSetting<string>(SETTING_KEYS.documensoApproverUserId, portId),
]);
return {
apiUrl: apiUrl ?? env.DOCUMENSO_API_URL,
apiKey: apiKey ?? env.DOCUMENSO_API_KEY,
apiVersion: apiVersion ?? env.DOCUMENSO_API_VERSION,
eoiTemplateId: toIntOrNull(eoiTemplateId) ?? env.DOCUMENSO_TEMPLATE_ID_EOI,
clientRecipientId: toIntOrNull(clientRecipientId) ?? env.DOCUMENSO_CLIENT_RECIPIENT_ID,
developerRecipientId: toIntOrNull(developerRecipientId) ?? env.DOCUMENSO_DEVELOPER_RECIPIENT_ID,
approvalRecipientId: toIntOrNull(approvalRecipientId) ?? env.DOCUMENSO_APPROVAL_RECIPIENT_ID,
defaultPathway: defaultPathway ?? 'documenso-template',
developerName: developerName ?? '',
developerEmail: developerEmail ?? '',
approverName: approverName ?? '',
approverEmail: approverEmail ?? '',
sendMode: sendMode ?? 'manual',
embeddedSigningHost: embeddedSigningHost ?? null,
contractTemplateId: toIntOrNull(contractTemplateId),
reservationTemplateId: toIntOrNull(reservationTemplateId),
developerLabel: developerLabel ?? 'Developer',
approverLabel: approverLabel ?? 'Approver',
developerUserId: developerUserId ?? null,
approverUserId: approverUserId ?? null,
};
}
/**
* List every (portId, webhookSecret) pair configured across the platform,
* plus a wildcard-port entry for the global env secret. The Documenso
* webhook receiver iterates the list with `timingSafeEqual` until it
* finds a match, then dispatches with the resolved portId.
*
* `null` portId in the returned array means "matches but no port was
* resolved" — the caller falls back to the legacy global path.
*/
export interface DocumensoSecretEntry {
portId: string | null;
secret: string;
}
export async function listDocumensoWebhookSecrets(): Promise<DocumensoSecretEntry[]> {
const { db } = await import('@/lib/db');
const { systemSettings } = await import('@/lib/db/schema/system');
const { eq, isNotNull } = await import('drizzle-orm');
const rows = await db
.select({ portId: systemSettings.portId, value: systemSettings.value })
.from(systemSettings)
.where(eq(systemSettings.key, SETTING_KEYS.documensoWebhookSecret));
void isNotNull; // imported for future filters
const out: DocumensoSecretEntry[] = [];
for (const row of rows) {
if (typeof row.value !== 'string' || !row.value || !row.portId) continue;
out.push({ portId: row.portId, secret: row.value });
}
// Append the global env secret as a fallback ONLY when it's a real,
// non-empty value. An empty env secret would otherwise match an empty
// X-Documenso-Secret header (verifyDocumensoSecret guards this too,
// but skipping the entry here keeps the matched-secret loop honest).
if (env.DOCUMENSO_WEBHOOK_SECRET) {
out.push({ portId: null, secret: env.DOCUMENSO_WEBHOOK_SECRET });
}
return out;
}
// ─── Branding ───────────────────────────────────────────────────────────────
/**
* NOT YET WIRED end-to-end. The `/admin/branding` page persists these
* settings to system_settings, but the email templates in
* `src/lib/email/templates/` and the `<BrandedAuthShell>` component in
* `src/components/shared/branded-auth-shell.tsx` still hardcode the
* `s3.portnimara.com` logo URL and the Port Nimara color palette. A
* second port wired into this CRM will see Port Nimara branding in
* every transactional email until those consumers call
* `getPortBrandingConfig(portId)`. Tracked as audit finding R2-H15.
*
* To wire fully:
* 1. Take `branding` config as a server-side prop into
* `<BrandedAuthShell>` (pass it from the page server component).
* 2. Refactor the email shell helper in each `templates/*.ts` module
* to take `headerHtml` / `footerHtml` / `primaryColor` instead of
* the inline constants.
* 3. In each sender, call `getPortBrandingConfig(portId)` and thread
* the branding values into the template call.
*/
export interface PortBrandingConfig {
logoUrl: string | null;
primaryColor: string;
appName: string;
emailHeaderHtml: string | null;
emailFooterHtml: string | null;
}
const DEFAULT_BRANDING: PortBrandingConfig = {
logoUrl: null,
primaryColor: '#1e293b',
appName: 'Port Nimara CRM',
emailHeaderHtml: null,
emailFooterHtml: null,
};
export async function getPortBrandingConfig(portId: string): Promise<PortBrandingConfig> {
const [logoUrl, primaryColor, appName, emailHeaderHtml, emailFooterHtml] = await Promise.all([
readSetting<string>(SETTING_KEYS.brandingLogoUrl, portId),
readSetting<string>(SETTING_KEYS.brandingPrimaryColor, portId),
readSetting<string>(SETTING_KEYS.brandingAppName, portId),
readSetting<string>(SETTING_KEYS.brandingEmailHeaderHtml, portId),
readSetting<string>(SETTING_KEYS.brandingEmailFooterHtml, portId),
]);
return {
logoUrl: logoUrl ?? DEFAULT_BRANDING.logoUrl,
primaryColor: primaryColor ?? DEFAULT_BRANDING.primaryColor,
appName: appName ?? DEFAULT_BRANDING.appName,
emailHeaderHtml: emailHeaderHtml ?? DEFAULT_BRANDING.emailHeaderHtml,
emailFooterHtml: emailFooterHtml ?? DEFAULT_BRANDING.emailFooterHtml,
};
}
// ─── Reminders ──────────────────────────────────────────────────────────────
export interface PortReminderConfig {
defaultDays: number;
defaultEnabled: boolean;
digestEnabled: boolean;
digestTime: string; // 'HH:MM'
digestTimezone: string;
}
const DEFAULT_REMINDER: PortReminderConfig = {
defaultDays: 7,
defaultEnabled: false,
digestEnabled: false,
digestTime: '09:00',
digestTimezone: 'Europe/Warsaw',
};
export async function getPortReminderConfig(portId: string): Promise<PortReminderConfig> {
const [defaultDays, defaultEnabled, digestEnabled, digestTime, digestTimezone] =
await Promise.all([
readSetting<number>(SETTING_KEYS.reminderDefaultDays, portId),
readSetting<boolean>(SETTING_KEYS.reminderDefaultEnabled, portId),
readSetting<boolean>(SETTING_KEYS.reminderDigestEnabled, portId),
readSetting<string>(SETTING_KEYS.reminderDigestTime, portId),
readSetting<string>(SETTING_KEYS.reminderDigestTimezone, portId),
]);
return {
defaultDays: defaultDays ?? DEFAULT_REMINDER.defaultDays,
defaultEnabled: defaultEnabled ?? DEFAULT_REMINDER.defaultEnabled,
digestEnabled: digestEnabled ?? DEFAULT_REMINDER.digestEnabled,
digestTime: digestTime ?? DEFAULT_REMINDER.digestTime,
digestTimezone: digestTimezone ?? DEFAULT_REMINDER.digestTimezone,
};
}
Reference in New Issue View Git Blame Copy Permalink