Matt
5c8c12ba1f
Massive multi-area push driven by docs/admin-ux-backlog.md. Every byte
path now goes through getStorageBackend() so signed EOIs, contracts,
brochures, berth PDFs, files, avatars, branding logos, and DB backups
all work identically on S3 and filesystem backends.
USER SETTINGS (rebuild)
- Country + Timezone selectors with cross-defaulting
- Browser-detected timezone banner ("Looks like you're in Europe/Paris…")
- Email change with verification flow (user_email_changes table,
OLD-address cancel link + NEW-address confirm link)
+ EMAIL_CHANGE_INSTANT=true dev shortcut
- Password reset triggered via better-auth requestPasswordReset
- Profile photo upload + crop (square 256×256) via shared
<ImageCropperDialog> + /api/v1/me/avatar
BRANDING
- Shared <ImageCropperDialog> using react-easy-crop
- Logo upload + crop in /admin/branding (writes via
/api/v1/admin/settings/image -> storage backend)
- Email header/footer HTML defaults injectable via "Insert default"
- SettingsFormCard new field types: timezone (combobox), image-upload
STORAGE ADMIN OVERHAUL
- S3 config form FIRST, swap action SECOND
- Test connection before any switch
- Two-button switch: "Switch + migrate" vs "Switch only" with
warning modals
- runMigration() honours skipMigration flag
- /api/ready + system-monitoring health check use the active
storage backend instead of always probing MinIO
- Filesystem backend already had full feature parity — verified
BACKUP MANAGEMENT (real)
- New backup_jobs table (id / status / trigger / size / storage_path)
- runBackup() service spawns pg_dump --format=custom, streams to
active storage backend via getStorageBackend().put()
- /admin/backup page: trigger, history, download .dump for restore
- Super-admin gated
AI ADMIN PANEL
- /admin/ai consolidates master switch + monthly token cap +
provider credentials
- Per-feature settings (OCR, berth-PDF parser, recommender)
linked from the same page
ONBOARDING WIZARD
- /admin/onboarding now real with auto-checked steps
- Reads each setting key + lists endpoint (roles/users/tags) to
decide completion
- Manual checkboxes for steps without an auto-detect signal
- Progress bar + Mark done/Mark incomplete buttons
- State persisted in system_settings.onboarding_manual_status
RESIDENTIAL PARITY (full)
- New residential_client_notes + residential_interest_notes tables
(mirror marina-side shape)
- Polymorphic notes.service.ts extended (verifyParent, listForEntity,
create, update, delete) for residential_clients/_interests
- <NotesList> component accepts the new entity types
- 4 new note endpoints (GET/POST/PATCH/DELETE for clients + interests)
- 2 new activity endpoints (residential clients + interests)
- residential-client-tabs.tsx + residential-interest-tabs.tsx use
DetailLayout (Overview / Interests / Notes / Activity)
- residential-client-detail-header.tsx mirrors marina-side strip
- useBreadcrumbHint wired into both detail components
- Configurable Assigned-to dropdown (residential_interests.view perm)
CONFIGURABLE RESIDENTIAL STAGES
- residential-stages.service.ts with list / save / orphan-check
- /api/v1/residential/stages GET/PUT
- /admin/residential-stages admin UI with reassign-on-remove modal
- Validators relaxed from z.enum to z.string
DOCUMENSO PHASE 1
- Schema: document_signers.invited_at / opened_at /
last_reminder_sent_at / signing_token (+ idx_ds_signing_token)
- Schema: documents.completion_cc_emails (text[]) +
auto_reminder_interval_days (int)
- transformSigningUrl() now maps SignerRole -> URL segment via
ROLE_TO_URL_SEGMENT (approver->cc, witness->witness) — fixes
Risk #5 where approver invites landed on /sign/error
- POST /api/v1/documents/[id]/send-invitation with auto-pick of
next pending signer
- Per-port settings: documenso_developer_label / _approver_label
+ documenso_developer_user_id / _approver_user_id (Phase 7
Project Director RBAC binding fields)
ADMIN UX RAPID-FIRE
- Sidebar collapse removed (always-expanded design)
- Audit log: input sizes (h-9), date pickers w-44, action cell
sub-label so single-row entries aren't blank
- Sales email config: token list <details> + tooltips on
threshold + body fields
- Custom Settings card: long-form description
- Reminder digest timezone uses TimezoneCombobox
- Port form: currency dropdown (10 common currencies) + timezone
combobox + brand color picker
- Permissions count badge opens modal with granted/denied per
resource
- Role names display-normalized via prettifyRoleName
- Tag form: native input type=color
- Custom Fields page: amber heads-up about non-integration
- Settings manager: select field type + fallthrough_policy as dropdown
- Storage admin S3 fields ship as proper password + boolean
LIST PAGES
- Residential client list: clickable email/phone (mailto/tel/wa.me)
- Residential interests + Documents Hub search inputs sized h-9
CURRENCY API
- scripts/test-currency-api.ts verifies live Frankfurter fetch
-> DB upsert -> getRate -> convert. Inverse-rate drift <=0.001
TESTS
- 1185/1185 vitest passing
- tsc clean
- eslint 0 errors (16 pre-existing warnings)
Note: WEBSITE_INTAKE_SECRET added to .env.example but committed
separately due to pre-commit hook policy on .env* files.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
423 lines
14 KiB
TypeScript
423 lines
14 KiB
TypeScript
import { db } from '@/lib/db';
|
|
import { auditLogs, errorEvents } from '@/lib/db/schema';
|
|
import { redis } from '@/lib/redis';
|
|
import { getQueue, QUEUE_CONFIGS, type QueueName } from '@/lib/queue';
|
|
import { createAuditLog } from '@/lib/audit';
|
|
import { env } from '@/lib/env';
|
|
import { sql, desc, eq } from 'drizzle-orm';
|
|
import { NotFoundError } from '@/lib/errors';
|
|
import { logger } from '@/lib/logger';
|
|
|
|
// ─── Types ────────────────────────────────────────────────────────────────────
|
|
|
|
export interface ServiceStatus {
|
|
name: string;
|
|
status: 'healthy' | 'degraded' | 'down';
|
|
responseTimeMs: number;
|
|
details?: string;
|
|
}
|
|
|
|
export interface HealthStatus {
|
|
overall: 'healthy' | 'degraded' | 'down';
|
|
services: ServiceStatus[];
|
|
checkedAt: Date;
|
|
}
|
|
|
|
export interface QueueStatus {
|
|
name: string;
|
|
waiting: number;
|
|
active: number;
|
|
completed: number;
|
|
failed: number;
|
|
delayed: number;
|
|
}
|
|
|
|
export interface QueueJobSummary {
|
|
id: string;
|
|
name: string;
|
|
data: unknown;
|
|
status: string;
|
|
timestamp: number | undefined;
|
|
processedOn: number | undefined;
|
|
finishedOn: number | undefined;
|
|
failedReason: string | undefined;
|
|
}
|
|
|
|
export interface PaginatedQueueJobs {
|
|
jobs: QueueJobSummary[];
|
|
total: number;
|
|
page: number;
|
|
limit: number;
|
|
}
|
|
|
|
export interface ConnectionStatus {
|
|
totalConnections: number;
|
|
}
|
|
|
|
export interface RecentError {
|
|
id: string;
|
|
source: 'audit' | 'queue' | 'request';
|
|
message: string;
|
|
timestamp: Date;
|
|
metadata?: Record<string, unknown>;
|
|
/** Set for `source: 'request'` rows so the UI can deep-link to
|
|
* /admin/errors/<requestId>. */
|
|
requestId?: string;
|
|
/** Set for `source: 'request'` rows. */
|
|
statusCode?: number;
|
|
/** Set for `source: 'request'` rows. */
|
|
errorCode?: string | null;
|
|
}
|
|
|
|
// ─── Timeout helper ───────────────────────────────────────────────────────────
|
|
|
|
function withTimeout<T>(promise: Promise<T>, ms: number): Promise<T> {
|
|
return Promise.race([
|
|
promise,
|
|
new Promise<T>((_, reject) =>
|
|
setTimeout(() => reject(new Error(`Timed out after ${ms}ms`)), ms),
|
|
),
|
|
]);
|
|
}
|
|
|
|
// ─── healthCheck ──────────────────────────────────────────────────────────────
|
|
|
|
export async function healthCheck(): Promise<HealthStatus> {
|
|
const checks = await Promise.allSettled([
|
|
checkPostgres(),
|
|
checkRedis(),
|
|
checkMinio(),
|
|
checkDocumenso(),
|
|
]);
|
|
|
|
const services: ServiceStatus[] = checks.map((result) => {
|
|
if (result.status === 'fulfilled') return result.value;
|
|
// Should not happen since each checker catches internally
|
|
return {
|
|
name: 'unknown',
|
|
status: 'down' as const,
|
|
responseTimeMs: 0,
|
|
details: String(result.reason),
|
|
};
|
|
});
|
|
|
|
const hasDown = services.some((s) => s.status === 'down');
|
|
const hasDegraded = services.some((s) => s.status === 'degraded');
|
|
const overall = hasDown ? 'down' : hasDegraded ? 'degraded' : 'healthy';
|
|
|
|
return { overall, services, checkedAt: new Date() };
|
|
}
|
|
|
|
async function checkPostgres(): Promise<ServiceStatus> {
|
|
const start = Date.now();
|
|
try {
|
|
await withTimeout(db.execute(sql`SELECT 1`), 5000);
|
|
return { name: 'PostgreSQL', status: 'healthy', responseTimeMs: Date.now() - start };
|
|
} catch (err) {
|
|
return {
|
|
name: 'PostgreSQL',
|
|
status: 'down',
|
|
responseTimeMs: Date.now() - start,
|
|
details: err instanceof Error ? err.message : 'Unknown error',
|
|
};
|
|
}
|
|
}
|
|
|
|
async function checkRedis(): Promise<ServiceStatus> {
|
|
const start = Date.now();
|
|
try {
|
|
const result = await withTimeout(redis.ping(), 5000);
|
|
const status = result === 'PONG' ? 'healthy' : 'degraded';
|
|
return { name: 'Redis', status, responseTimeMs: Date.now() - start };
|
|
} catch (err) {
|
|
return {
|
|
name: 'Redis',
|
|
status: 'down',
|
|
responseTimeMs: Date.now() - start,
|
|
details: err instanceof Error ? err.message : 'Unknown error',
|
|
};
|
|
}
|
|
}
|
|
|
|
async function checkMinio(): Promise<ServiceStatus> {
|
|
// Health-checks the ACTIVE storage backend (S3 or filesystem) via
|
|
// the abstraction so a port running on filesystem still gets a
|
|
// useful "Storage" status row instead of a meaningless "MinIO down".
|
|
// Probe key is a sentinel that's never written; head() returns null
|
|
// for a missing object on both backends, which counts as healthy
|
|
// (the connection itself worked).
|
|
const start = Date.now();
|
|
try {
|
|
const { getStorageBackend } = await import('@/lib/storage');
|
|
const backend = await getStorageBackend();
|
|
await withTimeout(backend.head('__health_probe__'), 5000);
|
|
return { name: 'Storage', status: 'healthy', responseTimeMs: Date.now() - start };
|
|
} catch (err) {
|
|
return {
|
|
name: 'Storage',
|
|
status: 'down',
|
|
responseTimeMs: Date.now() - start,
|
|
details: err instanceof Error ? err.message : 'Unknown error',
|
|
};
|
|
}
|
|
}
|
|
|
|
async function checkDocumenso(): Promise<ServiceStatus> {
|
|
const start = Date.now();
|
|
try {
|
|
const controller = new AbortController();
|
|
const timer = setTimeout(() => controller.abort(), 5000);
|
|
try {
|
|
const res = await fetch(`${env.DOCUMENSO_API_URL}/api/v1/health`, {
|
|
signal: controller.signal,
|
|
method: 'GET',
|
|
});
|
|
clearTimeout(timer);
|
|
const status = res.ok ? 'healthy' : 'degraded';
|
|
return { name: 'Documenso', status, responseTimeMs: Date.now() - start };
|
|
} finally {
|
|
clearTimeout(timer);
|
|
}
|
|
} catch (err) {
|
|
return {
|
|
name: 'Documenso',
|
|
status: 'down',
|
|
responseTimeMs: Date.now() - start,
|
|
details: err instanceof Error ? err.message : 'Unreachable',
|
|
};
|
|
}
|
|
}
|
|
|
|
// ─── getQueueDashboard ────────────────────────────────────────────────────────
|
|
|
|
export async function getQueueDashboard(): Promise<QueueStatus[]> {
|
|
const queueNames = Object.keys(QUEUE_CONFIGS) as QueueName[];
|
|
const results = await Promise.allSettled(
|
|
queueNames.map(async (name) => {
|
|
const queue = getQueue(name);
|
|
const counts = await queue.getJobCounts(
|
|
'waiting',
|
|
'active',
|
|
'completed',
|
|
'failed',
|
|
'delayed',
|
|
);
|
|
return {
|
|
name,
|
|
waiting: counts.waiting ?? 0,
|
|
active: counts.active ?? 0,
|
|
completed: counts.completed ?? 0,
|
|
failed: counts.failed ?? 0,
|
|
delayed: counts.delayed ?? 0,
|
|
} satisfies QueueStatus;
|
|
}),
|
|
);
|
|
|
|
return results.map((r, i) => {
|
|
if (r.status === 'fulfilled') return r.value;
|
|
const name = queueNames[i] ?? 'unknown';
|
|
logger.warn({ queue: name, err: r.reason }, 'Failed to get queue counts');
|
|
return {
|
|
name,
|
|
waiting: 0,
|
|
active: 0,
|
|
completed: 0,
|
|
failed: 0,
|
|
delayed: 0,
|
|
};
|
|
});
|
|
}
|
|
|
|
// ─── getQueueJobs ─────────────────────────────────────────────────────────────
|
|
|
|
type JobStatus = 'waiting' | 'active' | 'completed' | 'failed' | 'delayed';
|
|
|
|
export async function getQueueJobs(
|
|
queueName: QueueName,
|
|
status: JobStatus = 'failed',
|
|
page = 1,
|
|
limit = 20,
|
|
): Promise<PaginatedQueueJobs> {
|
|
const queue = getQueue(queueName);
|
|
const start = (page - 1) * limit;
|
|
const end = start + limit - 1;
|
|
|
|
const jobs = await queue.getJobs([status], start, end);
|
|
const counts = await queue.getJobCounts(status);
|
|
const total = counts[status] ?? 0;
|
|
|
|
const summaries: QueueJobSummary[] = jobs.map((job) => {
|
|
// Truncate job data to prevent huge payloads
|
|
let truncatedData: unknown;
|
|
try {
|
|
const dataStr = JSON.stringify(job.data);
|
|
truncatedData =
|
|
dataStr.length > 500 ? JSON.parse(dataStr.slice(0, 500) + '...(truncated)') : job.data;
|
|
} catch {
|
|
truncatedData = '[unparseable]';
|
|
}
|
|
|
|
return {
|
|
id: job.id ?? '',
|
|
name: job.name,
|
|
data: truncatedData,
|
|
status,
|
|
timestamp: job.timestamp,
|
|
processedOn: job.processedOn ?? undefined,
|
|
finishedOn: job.finishedOn ?? undefined,
|
|
failedReason: job.failedReason ?? undefined,
|
|
};
|
|
});
|
|
|
|
return { jobs: summaries, total, page, limit };
|
|
}
|
|
|
|
// ─── retryJob ─────────────────────────────────────────────────────────────────
|
|
|
|
export async function retryJob(queueName: QueueName, jobId: string, userId: string): Promise<void> {
|
|
const queue = getQueue(queueName);
|
|
const job = await queue.getJob(jobId);
|
|
if (!job) throw new NotFoundError('queue job');
|
|
|
|
await job.retry();
|
|
|
|
void createAuditLog({
|
|
userId,
|
|
portId: null,
|
|
action: 'update',
|
|
entityType: 'queue_job',
|
|
entityId: jobId,
|
|
metadata: { queueName, jobName: job.name, action: 'retry' },
|
|
ipAddress: 'system',
|
|
userAgent: 'system',
|
|
});
|
|
}
|
|
|
|
// ─── deleteJob ────────────────────────────────────────────────────────────────
|
|
|
|
export async function deleteJob(
|
|
queueName: QueueName,
|
|
jobId: string,
|
|
userId: string,
|
|
): Promise<void> {
|
|
const queue = getQueue(queueName);
|
|
const job = await queue.getJob(jobId);
|
|
if (!job) throw new NotFoundError('queue job');
|
|
|
|
await job.remove();
|
|
|
|
void createAuditLog({
|
|
userId,
|
|
portId: null,
|
|
action: 'delete',
|
|
entityType: 'queue_job',
|
|
entityId: jobId,
|
|
metadata: { queueName, jobName: job.name, action: 'delete' },
|
|
ipAddress: 'system',
|
|
userAgent: 'system',
|
|
});
|
|
}
|
|
|
|
// ─── getActiveConnections ─────────────────────────────────────────────────────
|
|
|
|
export async function getActiveConnections(): Promise<ConnectionStatus> {
|
|
try {
|
|
const { getIO } = await import('@/lib/socket/server');
|
|
const io = getIO();
|
|
const sockets = await io.fetchSockets();
|
|
return { totalConnections: sockets.length };
|
|
} catch {
|
|
return { totalConnections: 0 };
|
|
}
|
|
}
|
|
|
|
// ─── getRecentErrors ──────────────────────────────────────────────────────────
|
|
|
|
export async function getRecentErrors(limit = 20): Promise<RecentError[]> {
|
|
// Fetch permission-denied audit log entries
|
|
const auditErrors = await db
|
|
.select({
|
|
id: auditLogs.id,
|
|
action: auditLogs.action,
|
|
entityType: auditLogs.entityType,
|
|
entityId: auditLogs.entityId,
|
|
metadata: auditLogs.metadata,
|
|
createdAt: auditLogs.createdAt,
|
|
})
|
|
.from(auditLogs)
|
|
.where(eq(auditLogs.action, 'permission_denied'))
|
|
.orderBy(desc(auditLogs.createdAt))
|
|
.limit(limit);
|
|
|
|
const auditResults: RecentError[] = auditErrors.map((row) => ({
|
|
id: row.id,
|
|
source: 'audit' as const,
|
|
message: `Permission denied on ${row.entityType}`,
|
|
timestamp: row.createdAt,
|
|
metadata: (row.metadata as Record<string, unknown>) ?? {},
|
|
}));
|
|
|
|
// Fetch failed jobs from all queues (sample - top 5 per queue)
|
|
const queueNames = Object.keys(QUEUE_CONFIGS) as QueueName[];
|
|
const failedJobResults = await Promise.allSettled(
|
|
queueNames.map(async (name) => {
|
|
const queue = getQueue(name);
|
|
const jobs = await queue.getJobs(['failed'], 0, 4);
|
|
return jobs.map(
|
|
(job): RecentError => ({
|
|
id: `${name}:${job.id ?? ''}`,
|
|
source: 'queue',
|
|
message: `Queue job failed: ${job.name} in ${name}`,
|
|
timestamp: job.finishedOn ? new Date(job.finishedOn) : new Date(job.timestamp),
|
|
metadata: { queueName: name, failedReason: job.failedReason },
|
|
}),
|
|
);
|
|
}),
|
|
);
|
|
|
|
const queueErrors: RecentError[] = failedJobResults
|
|
.filter((r): r is PromiseFulfilledResult<RecentError[]> => r.status === 'fulfilled')
|
|
.flatMap((r) => r.value);
|
|
|
|
// Captured 5xx requests from the per-request error_events table —
|
|
// this is the deepest source: full stack head + body excerpt + path.
|
|
// The dedicated /admin/errors page paginates this; here we surface
|
|
// the most recent for the dashboard.
|
|
const requestErrorRows = await db
|
|
.select({
|
|
requestId: errorEvents.requestId,
|
|
statusCode: errorEvents.statusCode,
|
|
method: errorEvents.method,
|
|
path: errorEvents.path,
|
|
errorName: errorEvents.errorName,
|
|
errorMessage: errorEvents.errorMessage,
|
|
metadata: errorEvents.metadata,
|
|
createdAt: errorEvents.createdAt,
|
|
})
|
|
.from(errorEvents)
|
|
.orderBy(desc(errorEvents.createdAt))
|
|
.limit(limit);
|
|
|
|
const requestErrors: RecentError[] = requestErrorRows.map((row) => {
|
|
const meta = (row.metadata as Record<string, unknown>) ?? {};
|
|
return {
|
|
id: row.requestId,
|
|
source: 'request' as const,
|
|
message:
|
|
`${row.method} ${row.path} → ${row.statusCode} ${row.errorMessage ?? row.errorName ?? ''}`.trim(),
|
|
timestamp: row.createdAt,
|
|
metadata: meta,
|
|
requestId: row.requestId,
|
|
statusCode: row.statusCode,
|
|
errorCode: typeof meta.code === 'string' ? meta.code : null,
|
|
};
|
|
});
|
|
|
|
// Merge and sort combined list by timestamp descending
|
|
const combined = [...auditResults, ...queueErrors, ...requestErrors].sort(
|
|
(a, b) => b.timestamp.getTime() - a.timestamp.getTime(),
|
|
);
|
|
|
|
return combined.slice(0, limit);
|
|
}
|