@consilioweb/payload-support 0.5.1

package/src/endpoints/auth-2fa.ts

@@ -0,0 +1,163 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import crypto, { createHmac } from 'crypto'
+import { RateLimiter } from '../utils/rateLimiter'
+import { escapeHtml } from '../utils/emailTemplate'
+
+const sendLimiter = new RateLimiter(60 * 60 * 1000, 3) // 3 per hour
+const verifyLimiter = new RateLimiter(15 * 60 * 1000, 5) // 5 per 15 min
+
+function generateSecureCode(): string {
+  const buf = crypto.randomBytes(4)
+  const num = buf.readUInt32BE(0) % 900000 + 100000
+  return String(num)
+}
+
+function hashCode(code: string): string {
+  const secret = process.env.PAYLOAD_SECRET || 'payload-support-2fa'
+  return createHmac('sha256', secret).update(code).digest('hex')
+}
+
+/**
+ * POST /api/support/2fa
+ * Send or verify a 2FA code.
+ */
+export function createAuth2faEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/2fa',
+    method: 'post',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+        let body: { action?: string; email?: string; code?: string }
+        try {
+          body = await req.json!()
+        } catch {
+          return Response.json({ error: 'Invalid JSON body' }, { status: 400 })
+        }
+        const { action, email, code } = body
+
+        if (!action || !email) {
+          return Response.json({ error: 'Paramètres manquants' }, { status: 400 })
+        }
+
+        const genericSendResponse = { success: true, message: 'Si un compte existe, un code a été envoyé.' }
+
+        if (action === 'send') {
+          if (sendLimiter.check(email)) {
+            return Response.json(genericSendResponse)
+          }
+
+          const clients = await payload.find({
+            collection: slugs.supportClients as any,
+            where: { email: { equals: email } },
+            limit: 1,
+            depth: 0,
+            overrideAccess: true,
+          })
+
+          if (clients.docs.length === 0) {
+            return Response.json(genericSendResponse)
+          }
+
+          const client = clients.docs[0] as any
+          const plainCode = generateSecureCode()
+          const twoFactorCode = hashCode(plainCode)
+          const twoFactorExpiry = new Date(Date.now() + 10 * 60 * 1000).toISOString()
+
+          await payload.update({
+            collection: slugs.supportClients as any,
+            id: client.id,
+            data: { twoFactorCode, twoFactorExpiry },
+            overrideAccess: true,
+          })
+
+          await payload.sendEmail({
+            to: email,
+            subject: 'Code de vérification — Support',
+            html: `<div style="font-family: system-ui, sans-serif; max-width: 600px; margin: 0 auto;">
+              <p>Bonjour <strong>${escapeHtml(client.firstName || '')}</strong>,</p>
+              <p>Votre code de vérification :</p>
+              <div style="text-align: center; margin: 24px 0;">
+                <span style="display: inline-block; font-size: 32px; font-weight: 900; letter-spacing: 8px; padding: 16px 32px; border: 3px solid #000; border-radius: 16px; background: #FFD600;">
+                  ${plainCode}
+                </span>
+              </div>
+              <p style="font-size: 13px; color: #6b7280;">Ce code est valable 10 minutes.</p>
+            </div>`,
+          })
+
+          return Response.json(genericSendResponse)
+        }
+
+        if (action === 'verify') {
+          if (!code) {
+            return Response.json({ error: 'Code manquant' }, { status: 400 })
+          }
+
+          if (verifyLimiter.check(email)) {
+            return Response.json(
+              { error: 'Trop de tentatives. Réessayez dans 15 minutes.' },
+              { status: 429 },
+            )
+          }
+
+          const clients = await payload.find({
+            collection: slugs.supportClients as any,
+            where: { email: { equals: email } },
+            limit: 1,
+            depth: 0,
+            overrideAccess: true,
+          })
+
+          if (clients.docs.length === 0) {
+            return Response.json({ error: 'Code incorrect' }, { status: 400 })
+          }
+
+          const client = clients.docs[0] as any
+          const storedCode = client.twoFactorCode
+          const storedExpiry = client.twoFactorExpiry
+
+          if (!storedCode || !storedExpiry) {
+            return Response.json({ error: 'Aucun code en attente' }, { status: 400 })
+          }
+
+          if (new Date() > new Date(storedExpiry)) {
+            await payload.update({
+              collection: slugs.supportClients as any,
+              id: client.id,
+              data: { twoFactorCode: '', twoFactorExpiry: '' },
+              overrideAccess: true,
+            })
+            return Response.json({ error: 'Code expiré. Veuillez en demander un nouveau.' }, { status: 400 })
+          }
+
+          // Hash the submitted code and compare with stored hash (constant-time)
+          const submittedHash = hashCode(String(code).padStart(6, '0'))
+          const enc = new TextEncoder()
+          const submittedBuffer = enc.encode(submittedHash)
+          const storedBuffer = enc.encode(storedCode)
+          if (submittedBuffer.length !== storedBuffer.length || !crypto.timingSafeEqual(submittedBuffer, storedBuffer)) {
+            return Response.json({ error: 'Code incorrect' }, { status: 400 })
+          }
+
+          await payload.update({
+            collection: slugs.supportClients as any,
+            id: client.id,
+            data: { twoFactorCode: '', twoFactorExpiry: '' },
+            overrideAccess: true,
+          })
+
+          verifyLimiter.reset(email)
+
+          return Response.json({ success: true, verified: true })
+        }
+
+        return Response.json({ error: 'Action invalide' }, { status: 400 })
+      } catch (err) {
+        console.error('[2fa] Error:', err)
+        return Response.json({ error: 'Erreur interne' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/auto-close.ts

@@ -0,0 +1,175 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { escapeHtml } from '../utils/emailTemplate'
+import { readSupportSettings } from '../utils/readSettings'
+
+/**
+ * GET /api/support/auto-close
+ * Auto-close inactive tickets. Protected by x-cron-secret header.
+ */
+export function createAutoCloseEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/auto-close',
+    method: 'get',
+    handler: async (req) => {
+      const secret = req.headers.get('x-cron-secret')
+      const expectedSecret = process.env.CRON_SECRET
+
+      if (!expectedSecret || secret !== expectedSecret) {
+        return Response.json({ error: 'Non autorisé' }, { status: 401 })
+      }
+
+      try {
+        const payload = req.payload
+        const now = new Date()
+        const baseUrl = process.env.NEXT_PUBLIC_SERVER_URL || ''
+        const settings = await readSupportSettings(payload)
+
+        if (!settings.autoClose.enabled) {
+          return Response.json({ success: true, skipped: true, reason: 'auto-close disabled in settings' })
+        }
+
+        const url = new URL(req.url!)
+        const totalDaysParam = url.searchParams.get('days')
+        const totalDays = totalDaysParam ? parseInt(totalDaysParam, 10) : settings.autoClose.daysBeforeClose
+        const REMIND_AFTER_DAYS = Math.max(1, totalDays - settings.autoClose.reminderDaysBefore)
+        const CLOSE_AFTER_REMIND_DAYS = settings.autoClose.reminderDaysBefore
+
+        const results = { reminded: 0, closed: 0, errors: 0 }
+
+        // Step 1: Find tickets needing a reminder
+        const remindCutoff = new Date(now.getTime() - REMIND_AFTER_DAYS * 24 * 60 * 60 * 1000)
+
+        const ticketsToRemind = await payload.find({
+          collection: slugs.tickets as any,
+          where: {
+            and: [
+              { status: { equals: 'waiting_client' } },
+              { autoCloseRemindedAt: { exists: false } },
+              { updatedAt: { less_than: remindCutoff.toISOString() } },
+            ],
+          },
+          limit: 50,
+          depth: 1,
+          overrideAccess: true,
+        })
+
+        for (const ticket of ticketsToRemind.docs) {
+          try {
+            const t = ticket as any
+            const client = typeof t.client === 'object' ? t.client : null
+            if (!client?.email) continue
+
+            const ticketNumber = t.ticketNumber || 'TK-????'
+            const subject = t.subject || 'Support'
+            const portalUrl = `${baseUrl}/support/tickets/${t.id}`
+
+            await payload.sendEmail({
+              to: client.email,
+              replyTo: settings.email.replyToAddress || process.env.SUPPORT_REPLY_TO || '',
+              subject: `Rappel : [${ticketNumber}] ${subject} — En attente de votre réponse`,
+              html: `<div style="font-family: system-ui, sans-serif; max-width: 600px; margin: 0 auto;">
+                <p>Bonjour <strong>${escapeHtml(client.firstName || '')}</strong>,</p>
+                <p>Votre ticket <strong>${escapeHtml(ticketNumber)}</strong> — <em>${escapeHtml(subject)}</em> — est en attente de votre réponse depuis ${REMIND_AFTER_DAYS} jours.</p>
+                <p>Si le problème est résolu ou si vous n'avez plus besoin d'assistance, ce ticket sera automatiquement marqué comme résolu dans 2 jours.</p>
+                <p><a href="${portalUrl}">Répondre au ticket</a></p>
+              </div>`,
+            })
+
+            await payload.update({
+              collection: slugs.tickets as any,
+              id: t.id,
+              data: { autoCloseRemindedAt: now.toISOString() },
+              overrideAccess: true,
+            })
+
+            results.reminded++
+          } catch (err) {
+            console.error(`[auto-close] Error reminding ticket ${(ticket as any).id}:`, err)
+            results.errors++
+          }
+        }
+
+        // Step 2: Close tickets that were reminded > CLOSE_AFTER_REMIND_DAYS ago
+        const closeCutoff = new Date(now.getTime() - CLOSE_AFTER_REMIND_DAYS * 24 * 60 * 60 * 1000)
+
+        const ticketsToClose = await payload.find({
+          collection: slugs.tickets as any,
+          where: {
+            and: [
+              { status: { equals: 'waiting_client' } },
+              { autoCloseRemindedAt: { less_than: closeCutoff.toISOString() } },
+              {
+                or: [
+                  { lastClientMessageAt: { exists: false } },
+                  { lastClientMessageAt: { less_than_equal: closeCutoff.toISOString() } },
+                ],
+              },
+            ],
+          },
+          limit: 50,
+          depth: 1,
+          overrideAccess: true,
+        })
+
+        for (const ticket of ticketsToClose.docs) {
+          try {
+            const t = ticket as any
+            const client = typeof t.client === 'object' ? t.client : null
+            const ticketNumber = t.ticketNumber || 'TK-????'
+            const subject = t.subject || 'Support'
+            const closeTotalDays = REMIND_AFTER_DAYS + CLOSE_AFTER_REMIND_DAYS
+
+            await payload.create({
+              collection: slugs.ticketMessages as any,
+              data: {
+                ticket: t.id,
+                body: `Ticket résolu automatiquement — sans réponse client depuis ${closeTotalDays} jours`,
+                authorType: 'admin',
+                isInternal: true,
+                skipNotification: true,
+              },
+              overrideAccess: true,
+            })
+
+            await payload.update({
+              collection: slugs.tickets as any,
+              id: t.id,
+              data: { status: 'resolved' },
+              overrideAccess: true,
+            })
+
+            if (client?.email) {
+              const portalUrl = `${baseUrl}/support/tickets/${t.id}`
+              await payload.sendEmail({
+                to: client.email,
+                replyTo: settings.email.replyToAddress || process.env.SUPPORT_REPLY_TO || '',
+                subject: `[${ticketNumber}] Ticket résolu — ${subject}`,
+                html: `<div style="font-family: system-ui, sans-serif; max-width: 600px; margin: 0 auto;">
+                  <p>Bonjour <strong>${escapeHtml(client.firstName || '')}</strong>,</p>
+                  <p>Votre ticket <strong>${escapeHtml(ticketNumber)}</strong> — <em>${escapeHtml(subject)}</em> — a été résolu automatiquement après ${closeTotalDays} jours sans réponse.</p>
+                  <p>Si vous avez encore besoin d'aide, n'hésitez pas à rouvrir ce ticket ou à en créer un nouveau.</p>
+                  <p><a href="${portalUrl}">Consulter le ticket</a></p>
+                </div>`,
+              })
+            }
+
+            results.closed++
+          } catch (err) {
+            console.error(`[auto-close] Error closing ticket ${(ticket as any).id}:`, err)
+            results.errors++
+          }
+        }
+
+        return Response.json({
+          success: true,
+          ...results,
+          timestamp: now.toISOString(),
+        })
+      } catch (error) {
+        console.error('[auto-close] Error:', error)
+        return Response.json({ error: 'Erreur interne' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/billing.ts

@@ -0,0 +1,167 @@
+import type { Endpoint, Where } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { requireAdmin, handleAuthError } from '../utils/auth'
+
+const PAGE_SIZE = 500
+const MAX_PAGES = 50
+
+/**
+ * GET /api/support/billing?from=...&to=...&projectId=...
+ * Admin-only endpoint returning billing data.
+ */
+export function createBillingEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/billing',
+    method: 'get',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const url = new URL(req.url!)
+        const from = url.searchParams.get('from')
+        const to = url.searchParams.get('to')
+
+        if (!from || !to) {
+          return Response.json({ error: 'Missing from/to params' }, { status: 400 })
+        }
+
+        const projectId = url.searchParams.get('projectId')
+
+        const ticketWhere: Where = {
+          billable: { equals: true },
+          ...(projectId ? { project: { equals: Number(projectId) } } : {}),
+        }
+
+        // Paginate tickets instead of limit:0
+        const allTickets: Array<Record<string, unknown>> = []
+        let ticketPage = 1
+        let ticketHasMore = true
+
+        while (ticketHasMore && ticketPage <= MAX_PAGES) {
+          const batch = await payload.find({
+            collection: slugs.tickets as any,
+            where: ticketWhere,
+            limit: PAGE_SIZE,
+            page: ticketPage,
+            depth: 2,
+            overrideAccess: true,
+          })
+          allTickets.push(...batch.docs as any[])
+          ticketHasMore = batch.hasNextPage ?? false
+          ticketPage++
+        }
+
+        // Paginate time entries instead of limit:0
+        const allEntries: Array<Record<string, unknown>> = []
+        let entryPage = 1
+        let entryHasMore = true
+
+        while (entryHasMore && entryPage <= MAX_PAGES) {
+          const batch = await payload.find({
+            collection: slugs.timeEntries as any,
+            where: {
+              and: [
+                { date: { greater_than_equal: from } },
+                { date: { less_than_equal: to } },
+              ],
+            },
+            limit: PAGE_SIZE,
+            page: entryPage,
+            depth: 0,
+            overrideAccess: true,
+          })
+          allEntries.push(...batch.docs as any[])
+          entryHasMore = batch.hasNextPage ?? false
+          entryPage++
+        }
+
+        // Index entries by ticket ID
+        const entriesByTicket = new Map<number, Array<{ duration: number; description: string; date: string }>>()
+        for (const entry of allEntries) {
+          const e = entry as any
+          const ticketId = typeof e.ticket === 'object' ? e.ticket.id : e.ticket
+          if (!entriesByTicket.has(ticketId)) entriesByTicket.set(ticketId, [])
+          entriesByTicket.get(ticketId)!.push({
+            duration: e.duration || 0,
+            description: e.description || '',
+            date: e.date || '',
+          })
+        }
+
+        // Group by project
+        const projectGroups = new Map<string, {
+          project: { id: number; name: string } | null
+          client: { company: string } | null
+          tickets: Array<{ id: number; ticketNumber: string; subject: string; entries: any[]; totalMinutes: number; billedAmount: number | null }>
+          totalMinutes: number
+          totalBilledAmount: number
+        }>()
+
+        for (const ticket of allTickets) {
+          const t = ticket as any
+          const ticketEntries = entriesByTicket.get(t.id)
+          if (!ticketEntries || ticketEntries.length === 0) continue
+
+          const project = typeof t.project === 'object' && t.project
+            ? { id: t.project.id, name: t.project.name || 'Sans nom' }
+            : null
+
+          const projectKey = project ? String(project.id) : 'no-project'
+
+          if (!projectGroups.has(projectKey)) {
+            let clientInfo: { company: string } | null = null
+            if (project && typeof t.project === 'object' && t.project) {
+              const proj = t.project as any
+              if (typeof proj.client === 'object' && proj.client) {
+                clientInfo = { company: proj.client.company || '' }
+              }
+            }
+            if (!clientInfo && typeof t.client === 'object' && t.client) {
+              clientInfo = { company: t.client.company || '' }
+            }
+
+            projectGroups.set(projectKey, {
+              project,
+              client: clientInfo,
+              tickets: [],
+              totalMinutes: 0,
+              totalBilledAmount: 0,
+            })
+          }
+
+          const ticketTotalMinutes = ticketEntries.reduce((sum, e) => sum + e.duration, 0)
+          const billedAmount = t.billedAmount || null
+
+          projectGroups.get(projectKey)!.tickets.push({
+            id: t.id,
+            ticketNumber: t.ticketNumber || '',
+            subject: t.subject || '',
+            entries: ticketEntries,
+            totalMinutes: ticketTotalMinutes,
+            billedAmount,
+          })
+          projectGroups.get(projectKey)!.totalMinutes += ticketTotalMinutes
+          if (billedAmount) projectGroups.get(projectKey)!.totalBilledAmount += billedAmount
+        }
+
+        const groups = Array.from(projectGroups.values())
+        const grandTotalMinutes = groups.reduce((sum, g) => sum + g.totalMinutes, 0)
+        const grandTotalBilledAmount = groups.reduce((sum, g) => sum + g.totalBilledAmount, 0)
+
+        return new Response(JSON.stringify({ groups, grandTotalMinutes, grandTotalBilledAmount }), {
+          headers: {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'private, max-age=300, stale-while-revalidate=600',
+          },
+        })
+      } catch (err) {
+        const authResponse = handleAuthError(err)
+        if (authResponse) return authResponse
+        console.error('[billing] Error:', err)
+        return Response.json({ error: 'Internal server error' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/bulk-action.ts

@@ -0,0 +1,103 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { requireAdmin, handleAuthError } from '../utils/auth'
+
+/**
+ * POST /api/support/bulk-action
+ * Apply an action to multiple tickets at once. Admin-only.
+ */
+export function createBulkActionEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/bulk-action',
+    method: 'post',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const { ticketIds, action, value } = (await req.json!()) as {
+          ticketIds: number[]
+          action: 'close' | 'reopen' | 'assign' | 'tag' | 'delete' | 'set_priority' | 'set_category'
+          value?: string | number
+        }
+
+        if (!ticketIds?.length || !action) {
+          return Response.json({ error: 'ticketIds and action required' }, { status: 400 })
+        }
+
+        let processed = 0
+
+        for (const ticketId of ticketIds) {
+          try {
+            switch (action) {
+              case 'close':
+                await payload.update({
+                  collection: slugs.tickets as any,
+                  id: ticketId,
+                  data: { status: 'resolved', resolvedAt: new Date().toISOString() },
+                  overrideAccess: true,
+                })
+                break
+              case 'reopen':
+                await payload.update({
+                  collection: slugs.tickets as any,
+                  id: ticketId,
+                  data: { status: 'open' },
+                  overrideAccess: true,
+                })
+                break
+              case 'assign':
+                if (value) {
+                  await payload.update({
+                    collection: slugs.tickets as any,
+                    id: ticketId,
+                    data: { assignedTo: Number(value) },
+                    overrideAccess: true,
+                  })
+                }
+                break
+              case 'set_priority':
+                if (value) {
+                  await payload.update({
+                    collection: slugs.tickets as any,
+                    id: ticketId,
+                    data: { priority: String(value) },
+                    overrideAccess: true,
+                  })
+                }
+                break
+              case 'set_category':
+                if (value) {
+                  await payload.update({
+                    collection: slugs.tickets as any,
+                    id: ticketId,
+                    data: { category: String(value) },
+                    overrideAccess: true,
+                  })
+                }
+                break
+              case 'delete':
+                await payload.delete({
+                  collection: slugs.tickets as any,
+                  id: ticketId,
+                  overrideAccess: true,
+                })
+                break
+            }
+            processed++
+          } catch (err) {
+            console.error(`[bulk-action] Failed for ticket ${ticketId}:`, err)
+          }
+        }
+
+        return Response.json({ processed, total: ticketIds.length })
+      } catch (error) {
+        const authResponse = handleAuthError(error)
+        if (authResponse) return authResponse
+        console.error('[bulk-action] Error:', error)
+        return Response.json({ error: 'Internal server error' }, { status: 500 })
+      }
+    },
+  }
+}