letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
54554a0928be1541c5a637b76158a13dc5de975c
pn-new-crm/src/lib/services/expense-dedup.service.ts
Matt Ciaccio 1b78eadd36 feat(audit): extend AuditAction enum + audit logging on alerts + expense dedup 
- AuditAction gains password_change, portal_invite/activate/reset
  variants, send, view. AuditLogParams.ipAddress/userAgent now optional
  so background jobs and internal helpers can log without faking values.
- alerts.service.dismissAlert/acknowledgeAlert now write
  action='update' rows with metadata.kind so the audit log differentiates
  the two state changes.
- expense-dedup.service.clearDuplicate/mergeDuplicate accept userId
  and write action='update'/'merge' rows respectively. Routes pass
  ctx.userId.

Audit gaps surfaced by audit-pass-#2: 6 services bypassed audit_logs
entirely. This commit closes 2 of them; portal-auth lands in a later
commit alongside the email-template-override work that already touches
the same file.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 14:57:24 +02:00

152 lines
4.5 KiB
TypeScript
Raw Blame History

/**
* Expense duplicate detection - heuristic match on
* (port + vendor + amount + date ± 3d). PR1 ships the function shape;
* PR8 wires the BullMQ trigger and the merge service.
*/
import { and, between, eq, ne, sql } from 'drizzle-orm';
import { db } from '@/lib/db';
import { expenses } from '@/lib/db/schema/financial';
import { NotFoundError, ValidationError } from '@/lib/errors';
import { createAuditLog } from '@/lib/audit';
const DEDUP_WINDOW_DAYS = 3;
export interface DedupCandidate {
/** Existing expense that the new one likely duplicates. */
candidateId: string;
/** 0..1 confidence; 1.0 = exact vendor + amount + same day. */
confidence: number;
}
export async function scanForDuplicates(expenseId: string): Promise<DedupCandidate[]> {
const target = await db.query.expenses.findFirst({ where: eq(expenses.id, expenseId) });
if (!target) return [];
const { portId, establishmentName, amount, expenseDate } = target;
if (!establishmentName || !amount || !expenseDate) return [];
const lo = new Date(expenseDate);
lo.setDate(lo.getDate() - DEDUP_WINDOW_DAYS);
const hi = new Date(expenseDate);
hi.setDate(hi.getDate() + DEDUP_WINDOW_DAYS);
const matches = await db.query.expenses.findMany({
where: and(
eq(expenses.portId, portId),
sql`lower(${expenses.establishmentName}) = lower(${establishmentName})`,
eq(expenses.amount, amount),
between(expenses.expenseDate, lo, hi),
ne(expenses.id, expenseId),
),
limit: 5,
});
return matches.map((m) => ({
candidateId: m.id,
confidence: dayDiff(m.expenseDate, expenseDate) === 0 ? 1.0 : 0.85,
}));
}
function dayDiff(a: Date, b: Date): number {
const ms = Math.abs(a.getTime() - b.getTime());
return Math.round(ms / 86_400_000);
}
/** Mark an expense as a duplicate of the candidate with the highest score. */
export async function markBestDuplicate(expenseId: string): Promise<string | null> {
const candidates = await scanForDuplicates(expenseId);
if (candidates.length === 0) {
await db
.update(expenses)
.set({ dedupScannedAt: sql`now()` })
.where(eq(expenses.id, expenseId));
return null;
}
const best = candidates.reduce((a, b) => (a.confidence >= b.confidence ? a : b));
await db
.update(expenses)
.set({ duplicateOf: best.candidateId, dedupScannedAt: sql`now()` })
.where(eq(expenses.id, expenseId));
return best.candidateId;
}
/**
* Clear the duplicate flag - operator confirmed this is a real expense.
* Leaves `dedupScannedAt` populated so the engine doesn't re-flag it.
*/
export async function clearDuplicate(
expenseId: string,
portId: string,
userId: string | null = null,
): Promise<void> {
await db
.update(expenses)
.set({ duplicateOf: null, dedupScannedAt: sql`now()` })
.where(and(eq(expenses.id, expenseId), eq(expenses.portId, portId)));
void createAuditLog({
portId,
userId,
action: 'update',
entityType: 'expense',
entityId: expenseId,
metadata: { kind: 'duplicate_cleared' },
});
}
/**
* Merge `sourceId` into `targetId`: combine receipt files, archive the
* source, and clear the duplicate-of pointer. Both rows must belong to
* the same port; runs inside a single transaction so a partial failure
* leaves both rows untouched.
*/
export async function mergeDuplicate(
sourceId: string,
targetId: string,
portId: string,
userId: string | null = null,
): Promise<void> {
if (sourceId === targetId) {
throw new ValidationError('Cannot merge an expense into itself');
}
await db.transaction(async (tx) => {
const [source] = await tx
.select()
.from(expenses)
.where(and(eq(expenses.id, sourceId), eq(expenses.portId, portId)));
const [target] = await tx
.select()
.from(expenses)
.where(and(eq(expenses.id, targetId), eq(expenses.portId, portId)));
if (!source || !target) {
throw new NotFoundError('expense');
}
const mergedReceipts = Array.from(
new Set([...(target.receiptFileIds ?? []), ...(source.receiptFileIds ?? [])]),
);
await tx
.update(expenses)
.set({ receiptFileIds: mergedReceipts })
.where(eq(expenses.id, targetId));
// Archive the source - preserves audit history, keeps any FKs alive.
await tx
.update(expenses)
.set({ archivedAt: sql`now()`, duplicateOf: null })
.where(eq(expenses.id, sourceId));
});
void createAuditLog({
portId,
userId,
action: 'merge',
entityType: 'expense',
entityId: targetId,
metadata: { mergedFromExpenseId: sourceId },
});
}
Reference in New Issue View Git Blame Copy Permalink