@devdash/bofrid-api-types 0.1.5

package/dist/lib/schemas.d.ts

@@ -0,0 +1,21 @@
+import { z } from "@hono/zod-openapi";
+/**
+ * Shared OpenAPI response schemas used across all route files.
+ * NOTE: Do NOT create shared response definition objects (e.g. `{ 401: { ... } }`)
+ * for spreading into `createRoute({ responses })`. Hono's strict type inference
+ * requires literal status code keys — spreading `as const` objects loses them.
+ */
+export declare const errorSchema: z.ZodObject<{
+    error: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    error: string;
+}, {
+    error: string;
+}>;
+export declare const successSchema: z.ZodObject<{
+    success: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    success: boolean;
+}, {
+    success: boolean;
+}>;

package/dist/lib/sentry.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Sentry integration for the Hono API.
+ *
+ * Initializes @sentry/node and exports helpers used by app.ts and entry points.
+ * Self-hosted instance at sentry.bofrid.dev — same project as the web app.
+ *
+ * Env vars (all optional — Sentry is silently disabled when DSN is missing):
+ *   SENTRY_DSN          — Data source name (e.g. https://xxx@sentry.bofrid.dev/2)
+ *   SENTRY_ENVIRONMENT  — Falls back to NODE_ENV
+ *   RAILWAY_GIT_COMMIT_SHA — Automatic release tracking on Railway
+ */
+import * as Sentry from "@sentry/node";
+declare const IS_ENABLED: boolean;
+/**
+ * Capture an exception in Sentry with optional context.
+ * No-op when Sentry is disabled.
+ */
+export declare function captureException(err: unknown, context?: {
+    tags?: Record<string, string>;
+    extra?: Record<string, unknown>;
+    level?: Sentry.SeverityLevel;
+}): void;
+/**
+ * Capture a plain message in Sentry.
+ */
+export declare function captureMessage(message: string, level?: Sentry.SeverityLevel): void;
+/**
+ * Flush pending events (call before process.exit).
+ */
+export declare function flush(timeoutMs?: number): Promise<void>;
+export { IS_ENABLED as isSentryEnabled };

package/dist/lib/slug.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Re-export slug utilities from @bofrid/db.
+ * Kept for backward compatibility with existing imports.
+ */
+export { generateSlug, generateUniqueSlug, generateRandomSlug } from "@bofrid/db/slug";

package/dist/lib/sms.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Generates a cryptographically secure 6-digit verification code.
+ */
+export declare function generateVerificationCode(): string;
+export declare function isValidPhone(phoneNumber: string): boolean;
+/**
+ * Strip spaces/hyphens and produce an E.164 candidate.
+ *
+ * `countryCode` (ISO 3166-1 alpha-2) controls how local-format inputs are
+ * interpreted. Default "SE" preserves legacy behavior: leading-zero numbers
+ * are rewritten with +46. For other countries (e.g. "DK"), the leading-zero
+ * rewrite is skipped — callers must pass a `+`-prefixed E.164 number, or a
+ * bare digit string that gets the country's dial prefix prepended.
+ *
+ * Pass the user's country (derived from `profiles.signupMarket` via
+ * `getCountryByMarket` in i18n/markets.ts) when serving non-SE users.
+ */
+export declare function normalizePhone(raw: string, countryCode?: string): string;
+/**
+ * Sends a verification code SMS via mejl.to.
+ */
+export declare function sendVerificationSMS(phoneNumber: string, code: string): Promise<void>;

package/dist/lib/system-log.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Writes to `bofrid_system_logs` via a dedicated 1-connection pool so syslog
+ * traffic can never starve the main `db` pool (max: 2, see packages/db/src/index.ts).
+ *
+ * Fire-and-forget: callers should NOT `await` this — we schedule the write via
+ * `queueMicrotask` and attach `.catch` so a slow insert cannot extend request
+ * latency or hold the Lambda open past response.
+ *
+ * Why this exists: the previous version ran `db.insert(...)` on the shared
+ * pool with a 2s `Promise.race` timeout. When a slow route (e.g. a 60s
+ * `/conversations/:id/messages`) held a connection, every syslog insert
+ * raced against the 2s timer and dropped. The timeout didn't cancel the
+ * underlying insert either — the pending promise kept the connection,
+ * worsening starvation.
+ */
+type SyslogOptions = {
+    status?: "info" | "success" | "warning" | "error";
+    message?: string;
+    metadata?: unknown;
+    durationMs?: number;
+    correlationId?: string;
+};
+/**
+ * Schedule a system-log insert. Returns immediately — does not block the
+ * caller and never throws. Callers may optionally `await` to match the old
+ * signature; awaiting only waits for the microtask to be scheduled, not for
+ * the DB round-trip to complete.
+ */
+export declare function syslog(source: string, event: string, options?: SyslogOptions): Promise<void>;
+export declare function correlationId(): string;
+export {};

package/dist/lib/webhook-events.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Webhook event registry.
+ *
+ * Adding a new event = 2 steps:
+ * 1. Add the key + description here
+ * 2. Call `dispatchWebhooks("event.key", payload)` at the trigger point
+ */
+export declare const WEBHOOK_EVENTS: {
+    readonly "listing.submitted": "En annons skickades in för granskning";
+    readonly "listing.approved": "En annons godkändes och publicerades";
+    readonly "listing.rejected": "En annons nekades av admin";
+    readonly "listing.archived": "En annons arkiverades";
+    readonly "listing.unpublished": "En annons avpublicerades";
+    readonly "listing.withdrawn": "En annons drogs tillbaka från granskning";
+    readonly "listing.resubmitted": "En publicerad annons skickades in igen efter redigering";
+    readonly "listing.published": "En arkiverad annons publicerades igen";
+    readonly "application.created": "En ny ansökan skickades in";
+    readonly "application.withdrawn": "En ansökan drogs tillbaka";
+    readonly "application.accepted": "En ansökan godkändes";
+    readonly "application.rejected": "En ansökan nekades";
+    readonly "application.revealed": "En kandidats kontaktinfo avslöjades";
+    readonly "lead.created": "En ny lead genererades";
+    readonly "lead.revealed": "En leads kontaktinfo avslöjades (köptes)";
+};
+export type WebhookEventKey = keyof typeof WEBHOOK_EVENTS;
+export declare const WEBHOOK_EVENT_KEYS: WebhookEventKey[];

package/dist/lib/webhooks.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Outgoing webhook dispatcher — DB-backed.
+ *
+ * Queries active subscriptions from `bofrid_webhook_subscriptions`,
+ * filters by event key (exact, wildcard `listing.*`, or global `*`),
+ * and delivers payloads. Must be awaited in serverless environments.
+ *
+ * HMAC-SHA256 signing when `signingSecret` is set → `X-Bofrid-Signature` header.
+ */
+import type { WebhookEventKey } from "../lib/webhook-events";
+interface DispatchOptions {
+    resourceType?: string;
+    resourceId?: string;
+}
+/**
+ * Compute HMAC-SHA256 signature for a payload string.
+ * Uses the Web Crypto API (available in Node 18+/Bun).
+ */
+export declare function computeSignature(secret: string, body: string): Promise<string>;
+/**
+ * Dispatch a webhook event to all matching active subscriptions.
+ *
+ * Must be awaited in serverless environments (Vercel) to prevent the
+ * runtime from terminating before delivery completes.
+ * Errors are logged, never thrown.
+ */
+export declare function dispatchWebhooks(event: WebhookEventKey, data: Record<string, unknown>, options?: DispatchOptions): Promise<void>;
+export {};

package/dist/middleware/auth-debug.d.ts

@@ -0,0 +1,17 @@
+/**
+ * 🔍 AUTH FLOW DEBUG MIDDLEWARE
+ *
+ * Temporary middleware that logs every auth-related event in real-time.
+ * Attach to the Hono app to see exactly what happens during login,
+ * account creation, BankID verification, and session validation.
+ *
+ * REMOVE BEFORE DEPLOYING TO PRODUCTION.
+ *
+ * Usage: import { authDebugMiddleware } from "../middleware/auth-debug"
+ *        app.use("*", authDebugMiddleware);
+ */
+import type { AppBindings } from "../app";
+/**
+ * The debug middleware — logs request/response details for auth flows.
+ */
+export declare const authDebugMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;

package/dist/middleware/auth.d.ts

@@ -0,0 +1,19 @@
+import type { AppBindings } from "../app";
+/**
+ * Auth middleware — tries session cookie first, falls back to API key.
+ * Sets c.var.authUserId and c.var.profileId.
+ */
+export declare const authMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;
+/** @deprecated Use authMiddleware — it now supports both session and API key. */
+export declare const combinedAuthMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;
+/**
+ * Optional auth middleware — tries to resolve a session and profile.
+ * If no session, continues without setting context variables.
+ * Useful for endpoints that behave differently for authenticated users.
+ */
+export declare const optionalAuthMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;
+/**
+ * Admin middleware — must be used AFTER authMiddleware.
+ * Checks the Better Auth user.role column (single source of truth for admin).
+ */
+export declare const adminMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;

package/dist/middleware/bibi-logger.d.ts

@@ -0,0 +1,6 @@
+import type { AppBindings } from "../app";
+/**
+ * Logs every API request to the Bibi activity feed after it completes.
+ * Fire-and-forget — never blocks the response.
+ */
+export declare const bibiLoggerMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;

package/dist/middleware/cors.d.ts

@@ -0,0 +1 @@
+export declare const corsMiddleware: import("hono").MiddlewareHandler;

package/dist/middleware/request-id.d.ts

@@ -0,0 +1,10 @@
+import type { AppBindings } from "../app";
+/**
+ * Request ID middleware — generates or propagates a unique ID per request.
+ *
+ * - Reads `X-Request-Id` from incoming headers (e.g. from load balancer or upstream proxy).
+ * - Falls back to a new `crypto.randomUUID()`.
+ * - Sets `c.var.requestId` for downstream handlers.
+ * - Echoes the ID back via the `X-Request-Id` response header.
+ */
+export declare const requestIdMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;

package/dist/middleware/sentry-context.d.ts

@@ -0,0 +1,8 @@
+import type { AppBindings } from "../app";
+/**
+ * Sentry context middleware — enriches every request with tracing and user info.
+ *
+ * Must run AFTER requestIdMiddleware (needs `c.var.requestId`).
+ * User context is set lazily after downstream middleware (auth) runs.
+ */
+export declare const sentryContextMiddleware: import("hono").MiddlewareHandler<AppBindings, string, {}, Response>;

package/dist/routes/activity-feed.d.ts

@@ -0,0 +1,64 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import type { AppBindings } from "../app";
+export declare const activityFeedApp: OpenAPIHono<AppBindings, {
+    "/activity-feed": {
+        $get: {
+            input: {
+                query: {
+                    locale?: "sv" | "en" | undefined;
+                    view?: "company" | "tenant" | "landlord" | undefined;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 401;
+        } | {
+            input: {
+                query: {
+                    locale?: "sv" | "en" | undefined;
+                    view?: "company" | "tenant" | "landlord" | undefined;
+                };
+            };
+            output: {
+                items: {
+                    title: string;
+                    id: string;
+                    createdAt: string;
+                    category: "identity" | "document" | "invoice" | "listing_upgraded" | "application" | "reference" | "listing_review" | "listing_rejected" | "incoming_application" | "company_invite";
+                    severity: "info" | "completed" | "action_required" | "waiting";
+                    href: string;
+                    description?: string | undefined;
+                    completedAt?: string | undefined;
+                    resourceId?: string | undefined;
+                    imageUrl?: string | undefined;
+                    subtitle?: string | undefined;
+                    avatarUrl?: string | undefined;
+                    avatarFallback?: string | undefined;
+                }[];
+                total: number;
+                historyItems: {
+                    title: string;
+                    id: string;
+                    createdAt: string;
+                    category: "identity" | "document" | "invoice" | "listing_upgraded" | "application" | "reference" | "listing_review" | "listing_rejected" | "incoming_application" | "company_invite";
+                    severity: "info" | "completed" | "action_required" | "waiting";
+                    href: string;
+                    description?: string | undefined;
+                    completedAt?: string | undefined;
+                    resourceId?: string | undefined;
+                    imageUrl?: string | undefined;
+                    subtitle?: string | undefined;
+                    avatarUrl?: string | undefined;
+                    avatarFallback?: string | undefined;
+                }[];
+                counts: {
+                    [x: string]: number;
+                };
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/">;

package/dist/routes/admin-bevakningar.d.ts

@@ -0,0 +1,200 @@
+/**
+ * Admin bevakningar routes.
+ *
+ * Listing-centric view: for each published listing, shows how many active
+ * bevakningar match geographically, how many already received email,
+ * and lets admin trigger the send.
+ *
+ * Also keeps the bevakning-list + stats endpoints for general overview.
+ *
+ * All routes are protected by authMiddleware + adminMiddleware.
+ */
+import { OpenAPIHono } from "@hono/zod-openapi";
+import type { AppBindings } from "../app";
+export declare const adminBevakningarApp: OpenAPIHono<AppBindings, {
+    "/admin/bevakningar/listings": {
+        $get: {
+            input: {
+                query: {
+                    limit?: string | undefined;
+                    offset?: string | undefined;
+                    q?: string | undefined;
+                };
+            };
+            output: {
+                items: {
+                    status: string;
+                    shortId: string | null;
+                    address: string;
+                    city: string;
+                    geoLan: string | null;
+                    geoKommun: string | null;
+                    propertyType: string;
+                    publishedAt: string | null;
+                    listingId: string;
+                    pending: number;
+                    matchingBevakningar: number;
+                    rent: number | null;
+                    alreadySent: number;
+                }[];
+                total: number;
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {
+                query: {
+                    limit?: string | undefined;
+                    offset?: string | undefined;
+                    q?: string | undefined;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 401;
+        } | {
+            input: {
+                query: {
+                    limit?: string | undefined;
+                    offset?: string | undefined;
+                    q?: string | undefined;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 403;
+        };
+    };
+} & {
+    "/admin/bevakningar/listings/:id/preview": {
+        $get: {
+            input: {
+                param: {
+                    id: string;
+                };
+            };
+            output: {
+                address: string;
+                listingId: string;
+                recipients: {
+                    email: string | null;
+                    displayName: string;
+                    userId: string;
+                    locationName: string | null;
+                    bevakningId: string;
+                    bevakningName: string;
+                }[];
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {
+                param: {
+                    id: string;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 404;
+        };
+    };
+} & {
+    "/admin/bevakningar/listings/:id/send": {
+        $post: {
+            input: {
+                param: {
+                    id: string;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 404;
+        } | {
+            input: {
+                param: {
+                    id: string;
+                };
+            };
+            output: {
+                status: string;
+                jobId: string;
+                total: number;
+            };
+            outputFormat: "json";
+            status: 200;
+        } | {
+            input: {
+                param: {
+                    id: string;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 409;
+        };
+    };
+} & {
+    "/admin/bevakningar": {
+        $get: {
+            input: {
+                query: {
+                    limit?: string | undefined;
+                    active?: "all" | "true" | "false" | undefined;
+                    offset?: string | undefined;
+                    q?: string | undefined;
+                };
+            };
+            output: {
+                items: {
+                    name: string;
+                    id: string;
+                    active: boolean;
+                    createdAt: string;
+                    updatedAt: string;
+                    userId: string;
+                    emailNotifications: boolean;
+                    numberOfPeople: number | null;
+                    locationName: string | null;
+                    locationType: string | null;
+                    regionSlug: string | null;
+                    municipalitySlug: string | null;
+                    isNationwide: boolean;
+                    maxRent: number | null;
+                    propertyTypes: string[] | null;
+                    userEmail: string | null;
+                    userDisplayName: string;
+                    notificationCount: number;
+                }[];
+                total: number;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+} & {
+    "/admin/bevakningar/stats": {
+        $get: {
+            input: {};
+            output: {
+                totalBevakningar: number;
+                activeBevakningar: number;
+                withEmailNotifications: number;
+                totalNotificationsSent: number;
+                failedNotifications: number;
+                uniqueListingsNotified: number;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/">;