letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
3e78c2d4abc92428a8d2ba9c75904c1a3e71ca1c
pn-new-crm/src/lib/queue/scheduler.ts
Matt 2496911dc4 fix(audit-wave-11): asset hygiene + datetime correctness 
**asset-auditor C1+C2+H1+H3 — image normalization**

Add `src/lib/services/image-normalize.ts` and wire it into
`uploadFile()` so every accepted image is re-encoded via sharp before
hitting storage:

- Strips EXIF (GPS coords, device serial, photographer) so uploaded
  photos don't leak per-pixel PII to anyone with a download URL (C1).
- Caps dimensions at 4096px via `resize({fit:'inside',withoutEnlargement:true})`
  so a 30000×30000 palette PNG can't decompression-bomb a downstream
  sharp decode (C2).
- Re-encode drops polyglot trailers (PDF+JPEG sandwiches that beat
  the prefix-only magic-byte check) (H1).
- Freezes animated GIFs to first frame (H3).

Avatar route already funnels through uploadFile so it's covered by
the single change.

**asset-auditor M2 — sanitizeFilename strips RTL/zero-width**

Add Unicode NFC + a strip of bidi-control (U+202A-U+202E, U+2066-U+2069)
+ zero-width chars (U+200B-U+200F, U+FEFF) to `sanitizeFilename`.
Closes the classic Windows-icon-spoof vector
(`invoice_‮fdp.exe` displaying as `invoice_exe.pdf`) plus folder-listing
collision spoofs.

**datetime-auditor C1 — reminder dueAt drift on every save**

The `<input type="datetime-local">` round-trip in reminder-form.tsx
used `iso.slice(0,16)` (load) and `new Date(value).toISOString()`
(submit). The slice drops the `Z` so a UTC instant is mis-interpreted
as local on load, then converted back to UTC on save — every save
of an existing Warsaw reminder drifted backwards by 2h (CEST). After
two saves the reminder appears at 06:00 instead of 10:00.

Add `toLocalDatetimeLocal(d: Date)` helper that builds the local
YYYY-MM-DDTHH:MM string from getter methods so the round-trip is
TZ-safe. snooze-dialog already did this correctly; the contact-log
dialog also uses the correct localIsoString pattern.

**datetime-auditor C2 — BullMQ cron in UTC, not port-local**

`upsertJobScheduler` defaulted `tz` to UTC. Patterns like
`0 8 * * *` were intended as "8 AM Warsaw" but fired at 09:00 winter
/ 10:00 summer. Pass `tz: process.env.SCHEDULER_TZ ?? 'Europe/Warsaw'`.
Sub-hourly / hourly patterns are TZ-invariant and stay UTC.

**datetime-auditor C3 — report-scheduler never advanced next_run_at**

The minutely scheduler selected `nextRunAt <= now()` and enqueued
generate-report — but never bumped nextRunAt. For weekly/monthly
reports this meant the job re-fired every single minute until a
human zeroed the row out, flooding recipients with dupes.

Now uses `cron-parser` (added as a dep) to compute the next fire
from `report.schedule` and UPDATEs the row BEFORE the enqueue.
Malformed cron expressions disable the row instead of re-attempting
every minute.

Tests 1315/1315. Migration 0058 applied via psql.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-13 12:58:58 +02:00

106 lines
4.5 KiB
TypeScript
Raw Blame History

import { getQueue, type QueueName } from './index';
import { logger } from '@/lib/logger';
interface RecurringJobDef {
queue: QueueName;
name: string;
pattern: string;
}
/**
* Register all recurring jobs from 11-REALTIME-AND-BACKGROUND-JOBS.md Section 3.2.
* Called once on server startup.
*/
export async function registerRecurringJobs(): Promise<void> {
const recurring: RecurringJobDef[] = [
// Documenso signature fallback poll - primary is webhooks, this is safety net
{ queue: 'documents', name: 'signature-poll', pattern: '0 */6 * * *' },
// Reminder checks
{ queue: 'notifications', name: 'reminder-check', pattern: '0 * * * *' },
{ queue: 'notifications', name: 'reminder-overdue-check', pattern: '*/15 * * * *' },
// Google Calendar background sync
{ queue: 'maintenance', name: 'calendar-sync', pattern: '*/30 * * * *' },
// Daily checks at 08:00
{ queue: 'notifications', name: 'invoice-overdue-check', pattern: '0 8 * * *' },
{ queue: 'notifications', name: 'tenure-expiry-check', pattern: '0 8 * * *' },
// Exchange rate refresh every 6 hours
{ queue: 'maintenance', name: 'currency-refresh', pattern: '0 */6 * * *' },
// Database backup / cleanup
{ queue: 'maintenance', name: 'database-backup', pattern: '0 2 * * *' },
{ queue: 'maintenance', name: 'backup-cleanup', pattern: '0 3 * * 0' }, // Sunday 03:00
// Session cleanup
{ queue: 'maintenance', name: 'session-cleanup', pattern: '0 4 * * *' },
// Report scheduler - checks every minute for reports due to run
{ queue: 'reports', name: 'report-scheduler', pattern: '* * * * *' },
// Notification digest - configurable per user; placeholder fires hourly
// TODO(L2): make per-user schedule configurable (read from user_settings)
{ queue: 'email', name: 'notification-digest', pattern: '0 * * * *' },
// Cleanup jobs
{ queue: 'maintenance', name: 'temp-file-cleanup', pattern: '0 5 * * *' },
{ queue: 'maintenance', name: 'form-expiry-check', pattern: '0 * * * *' },
// Phase B: alert rule engine sweep
{ queue: 'maintenance', name: 'alerts-evaluate', pattern: '*/5 * * * *' },
// Phase B: analytics snapshot warm
{ queue: 'maintenance', name: 'analytics-refresh', pattern: '*/15 * * * *' },
// Phase 3d: GDPR Article 17 - actually delete expired export bundles
{ queue: 'maintenance', name: 'gdpr-export-cleanup', pattern: '0 4 * * *' },
// Phase 3b: AI usage ledger retention (90-day rolling window)
{ queue: 'maintenance', name: 'ai-usage-retention', pattern: '0 5 * * *' },
// Migration 0040 contract: error_events older than 90 days get pruned.
{ queue: 'maintenance', name: 'error-events-retention', pattern: '0 6 * * *' },
// 90-day retention for audit_logs — mirrors error_events. Metadata
// is masked at insert time but old rows still represent stale PII
// exposure that has no operational value past the window.
{ queue: 'maintenance', name: 'audit-logs-retention', pattern: '15 6 * * *' },
// Raw website inquiry payloads — 180-day retention.
{ queue: 'maintenance', name: 'website-submissions-retention', pattern: '0 7 * * *' },
];
// BullMQ defaults `tz` to UTC. The cron patterns above are spelled
// in port-local time (e.g. "0 8 * * *" = 8 AM local), so without an
// explicit `tz` the jobs fire in UTC and silently drift across DST
// — twice a year the local firing time shifts by an hour and admin
// docs ("daily check at 8 AM") break. datetime-auditor C2.
//
// The CRM is single-port today (Port Nimara, Europe/Warsaw); when
// multi-port admin schedules ship, this should resolve per-job from
// the owning port's `ports.timezone`. SCHEDULER_TZ overrides for
// ops debugging without a redeploy.
const schedulerTz = process.env.SCHEDULER_TZ ?? 'Europe/Warsaw';
for (const job of recurring) {
const queue = getQueue(job.queue);
// Sub-hourly / hourly patterns are TZ-invariant; skip the `tz`
// option for them so a misconfigured SCHEDULER_TZ can't perturb
// them.
const tzInvariant = /^\*|\*\/\d+ \*|^0 \*/.test(job.pattern);
await queue.upsertJobScheduler(
job.name,
{ pattern: job.pattern, ...(tzInvariant ? {} : { tz: schedulerTz }) },
{ data: {}, name: job.name },
);
logger.info(
{
queue: job.queue,
job: job.name,
pattern: job.pattern,
tz: tzInvariant ? 'UTC (invariant)' : schedulerTz,
},
'Registered recurring job',
);
}
logger.info({ count: recurring.length }, 'All recurring jobs registered');
}
Reference in New Issue View Git Blame Copy Permalink