@consilioweb/payload-support 0.5.1

package/src/endpoints/sla-check.ts

@@ -0,0 +1,124 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { requireAdmin, handleAuthError } from '../utils/auth'
+
+/**
+ * GET /api/support/sla-check
+ * Returns tickets currently breaching or at risk of breaching SLA. Admin-only.
+ */
+export function createSlaCheckEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/sla-check',
+    method: 'get',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const now = new Date()
+        const nowISO = now.toISOString()
+
+        const { docs: tickets } = await payload.find({
+          collection: slugs.tickets as any,
+          where: {
+            and: [
+              { status: { in: ['open', 'waiting_client'] } },
+              {
+                or: [
+                  { slaFirstResponseDue: { exists: true } },
+                  { slaResolutionDue: { exists: true } },
+                ],
+              },
+            ],
+          },
+          limit: 500,
+          depth: 1,
+          overrideAccess: true,
+          select: {
+            ticketNumber: true,
+            subject: true,
+            status: true,
+            priority: true,
+            client: true,
+            assignedTo: true,
+            slaPolicy: true,
+            slaFirstResponseDue: true,
+            slaResolutionDue: true,
+            slaFirstResponseBreached: true,
+            slaResolutionBreached: true,
+            firstResponseAt: true,
+            createdAt: true,
+          },
+        })
+
+        const breached: Array<Record<string, unknown>> = []
+        const atRisk: Array<Record<string, unknown>> = []
+
+        for (const ticket of tickets) {
+          const t = ticket as any
+          const ticketData = {
+            id: t.id,
+            ticketNumber: t.ticketNumber,
+            subject: t.subject,
+            status: t.status,
+            priority: t.priority,
+            client: t.client,
+            assignedTo: t.assignedTo,
+            createdAt: t.createdAt,
+            breachTypes: [] as string[],
+            riskTypes: [] as string[],
+          }
+
+          // Check first response SLA
+          if (t.slaFirstResponseDue && !t.firstResponseAt) {
+            const deadline = new Date(t.slaFirstResponseDue)
+            if (now > deadline) {
+              ticketData.breachTypes.push('first_response')
+            } else {
+              const created = new Date(t.createdAt)
+              const totalWindow = deadline.getTime() - created.getTime()
+              const elapsed = now.getTime() - created.getTime()
+              if (totalWindow > 0 && elapsed / totalWindow >= 0.8) {
+                ticketData.riskTypes.push('first_response')
+              }
+            }
+          }
+
+          // Check resolution SLA
+          if (t.slaResolutionDue) {
+            const deadline = new Date(t.slaResolutionDue)
+            if (now > deadline) {
+              ticketData.breachTypes.push('resolution')
+            } else {
+              const created = new Date(t.createdAt)
+              const totalWindow = deadline.getTime() - created.getTime()
+              const elapsed = now.getTime() - created.getTime()
+              if (totalWindow > 0 && elapsed / totalWindow >= 0.8) {
+                ticketData.riskTypes.push('resolution')
+              }
+            }
+          }
+
+          if (ticketData.breachTypes.length > 0) {
+            breached.push(ticketData)
+          } else if (ticketData.riskTypes.length > 0) {
+            atRisk.push(ticketData)
+          }
+        }
+
+        return new Response(JSON.stringify({ breached, atRisk, checkedAt: nowISO, totalChecked: tickets.length }), {
+          headers: {
+            'Content-Type': 'application/json',
+            'Cache-Control': 'private, max-age=60, stale-while-revalidate=120',
+          },
+        })
+      } catch (error) {
+        const authResponse = handleAuthError(error)
+        if (authResponse) return authResponse
+        console.error('[sla-check] Error:', error)
+        return Response.json({ error: 'Internal error' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/split-ticket.ts

@@ -0,0 +1,131 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { requireAdmin, handleAuthError } from '../utils/auth'
+
+/**
+ * POST /api/support/split-ticket
+ * Extract a message into a new ticket. Admin-only.
+ */
+export function createSplitTicketEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/split-ticket',
+    method: 'post',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const { messageId, subject } = (await req.json!()) as { messageId: number; subject?: string }
+        if (!messageId) {
+          return Response.json({ error: 'messageId required' }, { status: 400 })
+        }
+
+        const message = await payload.findByID({
+          collection: slugs.ticketMessages as any,
+          id: messageId,
+          depth: 1,
+          overrideAccess: true,
+        }) as any
+
+        if (!message) {
+          return Response.json({ error: 'Message not found' }, { status: 404 })
+        }
+
+        const sourceTicket = typeof message.ticket === 'object' ? message.ticket : null
+        if (!sourceTicket) {
+          return Response.json({ error: 'Cannot resolve source ticket' }, { status: 400 })
+        }
+
+        const clientId = typeof sourceTicket.client === 'object'
+          ? sourceTicket.client.id
+          : sourceTicket.client
+
+        // Create new ticket
+        const newTicket = await payload.create({
+          collection: slugs.tickets as any,
+          data: {
+            subject: subject || `Split: ${sourceTicket.subject}`,
+            client: clientId,
+            status: 'open',
+            priority: sourceTicket.priority || 'normal',
+            category: sourceTicket.category || 'question',
+            source: sourceTicket.source || 'portal',
+            relatedTickets: [sourceTicket.id],
+          },
+          overrideAccess: true,
+        }) as any
+
+        // Copy message to new ticket
+        const attachments = (message.attachments as Array<{ file: { id: number } | number }> | undefined)?.map((a: any) => ({
+          file: typeof a.file === 'object' ? a.file.id : a.file,
+        })) || []
+
+        await payload.create({
+          collection: slugs.ticketMessages as any,
+          data: {
+            ticket: newTicket.id,
+            body: message.body,
+            bodyHtml: message.bodyHtml || undefined,
+            authorType: message.authorType,
+            authorClient: typeof message.authorClient === 'object' ? message.authorClient?.id : message.authorClient,
+            isInternal: false,
+            skipNotification: true,
+            ...(attachments.length > 0 && { attachments }),
+          },
+          overrideAccess: true,
+        })
+
+        // Add system note on source ticket
+        await payload.create({
+          collection: slugs.ticketMessages as any,
+          data: {
+            ticket: sourceTicket.id,
+            body: `Message extrait vers le ticket ${newTicket.ticketNumber}`,
+            authorType: 'admin',
+            isInternal: true,
+            skipNotification: true,
+          },
+          overrideAccess: true,
+        })
+
+        // Link source ticket to new ticket (bidirectional)
+        const existingRelated = Array.isArray(sourceTicket.relatedTickets)
+          ? sourceTicket.relatedTickets.map((t: any) => typeof t === 'object' ? t.id : t)
+          : []
+
+        if (!existingRelated.includes(newTicket.id)) {
+          await payload.update({
+            collection: slugs.tickets as any,
+            id: sourceTicket.id,
+            data: { relatedTickets: [...existingRelated, newTicket.id] },
+            overrideAccess: true,
+          })
+        }
+
+        // Log activity
+        await payload.create({
+          collection: slugs.ticketActivityLog as any,
+          data: {
+            ticket: sourceTicket.id,
+            action: 'split',
+            detail: `Message extrait vers ${newTicket.ticketNumber}`,
+            actorType: 'admin',
+            actorEmail: req.user.email,
+          },
+          overrideAccess: true,
+        })
+
+        return Response.json({
+          ticketId: newTicket.id,
+          ticketNumber: newTicket.ticketNumber,
+        })
+      } catch (error) {
+        const authResponse = handleAuthError(error)
+        if (authResponse) return authResponse
+        console.error('[split-ticket] Error:', error)
+        return Response.json({ error: 'Internal server error' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/statuses.ts

@@ -0,0 +1,45 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+
+/**
+ * GET /api/support/statuses
+ * Returns all ticket statuses sorted by sortOrder.
+ */
+export function createStatusesEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/statuses',
+    method: 'get',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        if (!req.user) {
+          return Response.json({ error: 'Unauthorized' }, { status: 401 })
+        }
+
+        const { docs } = await payload.find({
+          collection: slugs.ticketStatuses as any,
+          sort: 'sortOrder',
+          limit: 100,
+          depth: 0,
+          overrideAccess: true,
+        })
+
+        return Response.json({
+          statuses: docs.map((s: any) => ({
+            id: s.id,
+            name: s.name,
+            slug: s.slug,
+            color: s.color,
+            type: s.type,
+            isDefault: s.isDefault,
+            sortOrder: s.sortOrder,
+          })),
+        })
+      } catch (error) {
+        console.error('[statuses] Error:', error)
+        return Response.json({ error: 'Internal server error' }, { status: 500 })
+      }
+    },
+  }
+}

package/src/endpoints/track-open.ts

@@ -0,0 +1,154 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { createHmac } from 'crypto'
+
+// 1x1 transparent GIF (43 bytes)
+const TRANSPARENT_GIF = Buffer.from(
+  'R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7',
+  'base64',
+)
+
+/**
+ * Generate an HMAC signature for tracking pixel URLs.
+ * Use this when building tracking URLs in email templates.
+ */
+export function generateTrackingToken(ticketId: string, messageId: string, secret: string): string {
+  return createHmac('sha256', secret).update(`${ticketId}:${messageId}`).digest('hex').substring(0, 16)
+}
+
+/**
+ * GET /api/support/track-open?t=<ticketId>&m=<messageId>&sig=<hmac>
+ * Tracking pixel for email open detection. No auth required.
+ * Validates HMAC signature to prevent enumeration attacks.
+ */
+export function createTrackOpenEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/track-open',
+    method: 'get',
+    handler: async (req) => {
+      const url = new URL(req.url!)
+      const ticketId = url.searchParams.get('t')
+      const messageId = url.searchParams.get('m')
+      const sig = url.searchParams.get('sig')
+
+      const parsedId = ticketId ? Number(ticketId) : NaN
+      const parsedMsgId = messageId ? Number(messageId) : NaN
+
+      // Validate HMAC signature
+      const secret = process.env.PAYLOAD_SECRET || ''
+      if (secret && ticketId && messageId && sig) {
+        const expected = generateTrackingToken(ticketId, messageId, secret)
+        if (sig !== expected) {
+          // Return transparent GIF silently (don't leak information)
+          return new Response(TRANSPARENT_GIF, {
+            status: 200,
+            headers: {
+              'Content-Type': 'image/gif',
+              'Content-Length': String(TRANSPARENT_GIF.length),
+              'Cache-Control': 'no-store, no-cache, must-revalidate, max-age=0',
+            },
+          })
+        }
+      } else if (secret && (!sig || !ticketId || !messageId)) {
+        // Missing signature param: return GIF but don't process
+        return new Response(TRANSPARENT_GIF, {
+          status: 200,
+          headers: {
+            'Content-Type': 'image/gif',
+            'Content-Length': String(TRANSPARENT_GIF.length),
+            'Cache-Control': 'no-store, no-cache, must-revalidate, max-age=0',
+          },
+        })
+      }
+
+      if (ticketId && Number.isInteger(parsedId) && parsedId > 0) {
+        try {
+          const payload = req.payload
+
+          const ticket = await payload.findByID({
+            collection: slugs.tickets as any,
+            id: parsedId,
+            depth: 0,
+            overrideAccess: true,
+            select: { lastClientReadAt: true },
+          }) as any
+
+          if (ticket) {
+            const lastRead = ticket.lastClientReadAt ? new Date(ticket.lastClientReadAt).getTime() : 0
+            const fiveMinAgo = Date.now() - 5 * 60 * 1000
+
+            if (lastRead < fiveMinAgo) {
+              await payload.update({
+                collection: slugs.tickets as any,
+                id: parsedId,
+                data: { lastClientReadAt: new Date().toISOString() },
+                overrideAccess: true,
+              })
+            }
+          }
+
+          // Track at message level
+          if (Number.isInteger(parsedMsgId) && parsedMsgId > 0) {
+            const msg = await payload.findByID({
+              collection: slugs.ticketMessages as any,
+              id: parsedMsgId,
+              depth: 0,
+              overrideAccess: true,
+              select: { emailOpenedAt: true },
+            }) as any
+
+            if (msg && !msg.emailOpenedAt) {
+              await payload.update({
+                collection: slugs.ticketMessages as any,
+                id: parsedMsgId,
+                data: { emailOpenedAt: new Date().toISOString() },
+                overrideAccess: true,
+              })
+
+              const ticketInfo = await payload.findByID({
+                collection: slugs.tickets as any,
+                id: parsedId,
+                depth: 1,
+                overrideAccess: true,
+                select: { ticketNumber: true, subject: true, client: true },
+              }) as any
+
+              const clientName = typeof ticketInfo?.client === 'object'
+                ? ticketInfo.client?.firstName || 'Client'
+                : 'Client'
+
+              // Try to create admin notification (collection may not exist)
+              try {
+                await payload.create({
+                  collection: 'admin-notifications' as any,
+                  data: {
+                    title: `Email ouvert — ${ticketInfo?.ticketNumber || 'TK-????'}`,
+                    message: `${clientName} a ouvert votre email pour "${ticketInfo?.subject || 'ticket'}"`,
+                    type: 'email_opened',
+                    link: `/admin/ticket?id=${parsedId}`,
+                  },
+                  overrideAccess: true,
+                })
+              } catch {
+                // admin-notifications collection may not exist in the plugin
+              }
+            }
+          }
+        } catch (err) {
+          console.error('[track-open] Error:', err)
+        }
+      }
+
+      return new Response(TRANSPARENT_GIF, {
+        status: 200,
+        headers: {
+          'Content-Type': 'image/gif',
+          'Content-Length': String(TRANSPARENT_GIF.length),
+          'Cache-Control': 'no-store, no-cache, must-revalidate, max-age=0',
+          'Pragma': 'no-cache',
+          'Expires': '0',
+        },
+      })
+    },
+  }
+}

package/src/endpoints/typing.ts

@@ -0,0 +1,101 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+
+// In-memory typing state (ticketId -> { admin?: timestamp, client?: timestamp })
+const typingState = new Map<string, { admin?: number; client?: number; adminName?: string; clientName?: string }>()
+
+const TYPING_TTL = 5000 // 5 seconds
+
+function cleanExpired(ticketId: string) {
+  const state = typingState.get(ticketId)
+  if (!state) return
+  const now = Date.now()
+  if (state.admin && now - state.admin > TYPING_TTL) {
+    state.admin = undefined
+    state.adminName = undefined
+  }
+  if (state.client && now - state.client > TYPING_TTL) {
+    state.client = undefined
+    state.clientName = undefined
+  }
+  if (!state.admin && !state.client) typingState.delete(ticketId)
+}
+
+/**
+ * POST /api/support/typing — Signal that user is typing
+ */
+export function createTypingPostEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/typing',
+    method: 'post',
+    handler: async (req) => {
+      try {
+        if (!req.user) {
+          return Response.json({ error: 'Unauthorized' }, { status: 401 })
+        }
+
+        const { ticketId } = (await req.json!()) as { ticketId: number }
+        if (!ticketId) {
+          return Response.json({ error: 'ticketId required' }, { status: 400 })
+        }
+
+        const key = String(ticketId)
+        const state = typingState.get(key) || {}
+
+        if (req.user.collection === slugs.users) {
+          state.admin = Date.now()
+          state.adminName = (req.user as any).firstName || 'Support'
+        } else {
+          state.client = Date.now()
+          state.clientName = (req.user as any).firstName || 'Client'
+        }
+
+        typingState.set(key, state)
+        return Response.json({ ok: true })
+      } catch {
+        return Response.json({ error: 'Error' }, { status: 500 })
+      }
+    },
+  }
+}
+
+/**
+ * GET /api/support/typing?ticketId=123 — Check who is typing
+ */
+export function createTypingGetEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/typing',
+    method: 'get',
+    handler: async (req) => {
+      try {
+        if (!req.user) {
+          return Response.json({ error: 'Unauthorized' }, { status: 401 })
+        }
+
+        const url = new URL(req.url!)
+        const ticketId = url.searchParams.get('ticketId')
+        if (!ticketId) {
+          return Response.json({ error: 'ticketId required' }, { status: 400 })
+        }
+
+        cleanExpired(ticketId)
+        const state = typingState.get(ticketId)
+
+        // Admin sees client typing, client sees admin typing
+        if (req.user.collection === slugs.users) {
+          return Response.json({
+            typing: !!state?.client,
+            name: state?.clientName || null,
+          })
+        } else {
+          return Response.json({
+            typing: !!state?.admin,
+            name: state?.adminName || null,
+          })
+        }
+      } catch {
+        return Response.json({ typing: false, name: null })
+      }
+    },
+  }
+}

package/src/endpoints/user-prefs.ts

@@ -0,0 +1,125 @@
+import type { Endpoint } from 'payload'
+import type { CollectionSlugs } from '../utils/slugs'
+import { requireAdmin, handleAuthError } from '../utils/auth'
+
+const PREF_KEY_PREFIX = 'support-user-prefs'
+
+export interface UserPrefs {
+  locale: 'fr' | 'en'
+  signature: string
+}
+
+const DEFAULT_USER_PREFS: UserPrefs = {
+  locale: 'fr',
+  signature: '',
+}
+
+/**
+ * GET /api/support/user-prefs — Read current user's preferences
+ */
+export function createUserPrefsGetEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/user-prefs',
+    method: 'get',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const key = `${PREF_KEY_PREFIX}-${req.user!.id}`
+
+        const prefs = await payload.find({
+          collection: 'payload-preferences' as any,
+          where: { key: { equals: key } },
+          limit: 1,
+          depth: 0,
+          overrideAccess: true,
+        })
+
+        let userPrefs = { ...DEFAULT_USER_PREFS }
+        if (prefs.docs.length > 0) {
+          const stored = prefs.docs[0].value as Partial<UserPrefs>
+          userPrefs = {
+            locale: stored.locale || DEFAULT_USER_PREFS.locale,
+            signature: stored.signature ?? DEFAULT_USER_PREFS.signature,
+          }
+        }
+
+        return Response.json(userPrefs)
+      } catch (error) {
+        const authResponse = handleAuthError(error)
+        if (authResponse) return authResponse
+        console.warn('[support/user-prefs] GET error:', error)
+        return Response.json({ error: 'Error' }, { status: 500 })
+      }
+    },
+  }
+}
+
+/**
+ * POST /api/support/user-prefs — Save current user's preferences
+ */
+export function createUserPrefsPostEndpoint(slugs: CollectionSlugs): Endpoint {
+  return {
+    path: '/support/user-prefs',
+    method: 'post',
+    handler: async (req) => {
+      try {
+        const payload = req.payload
+
+        requireAdmin(req, slugs)
+
+        const body = (await req.json!()) as Partial<UserPrefs>
+        const key = `${PREF_KEY_PREFIX}-${req.user!.id}`
+
+        // Read existing prefs to merge
+        const existing = await payload.find({
+          collection: 'payload-preferences' as any,
+          where: { key: { equals: key } },
+          limit: 1,
+          depth: 0,
+          overrideAccess: true,
+        })
+
+        let current = { ...DEFAULT_USER_PREFS }
+        if (existing.docs.length > 0) {
+          const stored = existing.docs[0].value as Partial<UserPrefs>
+          current = {
+            locale: stored.locale || DEFAULT_USER_PREFS.locale,
+            signature: stored.signature ?? DEFAULT_USER_PREFS.signature,
+          }
+        }
+
+        const merged: UserPrefs = {
+          locale: body.locale || current.locale,
+          signature: body.signature ?? current.signature,
+        }
+
+        await payload.db.upsert({
+          collection: 'payload-preferences',
+          data: {
+            key,
+            user: { relationTo: req.user!.collection, value: req.user!.id },
+            value: merged as unknown as Record<string, unknown>,
+          },
+          req: { payload, user: req.user } as any,
+          where: {
+            and: [
+              { key: { equals: key } },
+              { 'user.value': { equals: req.user!.id } },
+              { 'user.relationTo': { equals: req.user!.collection } },
+            ],
+          },
+        })
+
+        return Response.json(merged)
+      } catch (error) {
+        const authResponse = handleAuthError(error)
+        if (authResponse) return authResponse
+        console.error('[support/user-prefs] POST error:', error)
+        return Response.json({ error: 'Error saving user preferences' }, { status: 500 })
+      }
+    },
+  }
+}