@goplusvn/core 0.1.5 → 0.1.7

package/src/errors/server-error.ts

@@ -0,0 +1,316 @@
+import type { NextResponse } from "next/server"
+import { createHash } from "crypto"
+
+import { AppError, toAppError } from "./app-error"
+import { createErrorResponse } from "./error-handler"
+
+/**
+ * Server-side error system for the `error_logs` table.
+ *
+ * Core ships the generic machinery; the consuming app binds it to its own
+ * Prisma client + `ErrorLog` model via `createServerError({ db })` (or just the
+ * logger via `createErrorLogger(db)`). This keeps core database-agnostic while
+ * every app gets the same stack-preserving, deduped, severity-bucketed logging.
+ *
+ *   // app: src/lib/errors/server-error.ts
+ *   import { createServerError } from "@goerp/core/errors"
+ *   import { db } from "@/lib/prisma"
+ *   export const serverError = createServerError({ db })
+ *
+ * The app's `db.errorLog` delegate must satisfy {@link ErrorLogDelegate} (the
+ * columns: errorId, fingerprint, code, message, detail, context, module,
+ * userId, url, userAgent, severity, occurrenceCount, lastSeenAt, resolved,
+ * createdAt).
+ */
+
+export interface ServerErrorContext {
+  /** The request URL (used for module derivation + storage) */
+  url?: string | URL
+  /** HTTP method, prepended to module for better grouping */
+  method?: string
+  /** Authenticated user id, if known */
+  userId?: string
+  /** User agent string from request headers */
+  userAgent?: string
+  /** Free-form extra context — JSON-stringified into `context` column */
+  extra?: Record<string, unknown>
+  /** Override the module name (defaults to derived from url) */
+  module?: string
+  /** "error" | "warn" | "fatal" — defaults to "error" */
+  severity?: string
+}
+
+/** Minimal shape of the Prisma `errorLog` delegate the app must provide. */
+export interface ErrorLogDelegate {
+  findFirst(args: unknown): Promise<{ id: string } | null>
+  update(args: unknown): Promise<unknown>
+  create(args: unknown): Promise<unknown>
+}
+
+export interface ErrorLoggerDb {
+  errorLog: ErrorLogDelegate
+}
+
+/**
+ * Same fingerprint formula the client POST /api/error-logs uses, so a server
+ * error and its client-bubbled toast collapse onto the same row.
+ */
+function buildFingerprint(
+  message: string,
+  code: string | null,
+  moduleTag: string | null,
+  url: string | null
+): string {
+  let path = url || ""
+  try {
+    path = new URL(url || "", "http://x").pathname
+  } catch {
+    /* keep raw */
+  }
+  const raw = [message.slice(0, 200), code || "", moduleTag || "", path].join("|")
+  return createHash("sha256").update(raw).digest("hex").slice(0, 16)
+}
+
+/**
+ * Derive a "module" tag from a URL pathname so admin UI can group errors.
+ *   /api/sales/orders/cml4jn3sl0 → "sales-orders"
+ *   /api/customers/[id]          → "customers"
+ *   /                            → "root"
+ */
+function deriveModule(url?: string | URL): string | null {
+  if (!url) return null
+  let pathname: string
+  try {
+    pathname = typeof url === "string" ? new URL(url, "http://x").pathname : url.pathname
+  } catch {
+    return null
+  }
+  const segs = pathname.split("/").filter(Boolean)
+  // Strip locale + leading "api"
+  const filtered = segs.filter(
+    (s, i) => !(i === 0 && (s === "api" || /^[a-z]{2}$/.test(s)))
+  )
+  if (filtered.length === 0) return "root"
+  const idLike = /^([a-z0-9]{20,}|\d+|[0-9a-f-]{20,})$/i
+  const out: string[] = []
+  for (const s of filtered) {
+    if (idLike.test(s)) break
+    out.push(s)
+    if (out.length === 2) break
+  }
+  return out.join("-") || filtered[0] || null
+}
+
+/**
+ * Pull a Prisma error code (P2002, P2025, …) out of an error if present.
+ * Prisma errors live under different shapes depending on adapter wrapping.
+ */
+function extractErrorCode(err: unknown): string | null {
+  if (!err || typeof err !== "object") return null
+  const e = err as any
+  if (typeof e.code === "string") return e.code
+  if (e.cause && typeof e.cause === "object") {
+    if (typeof e.cause.code === "string") return e.cause.code
+    if (typeof e.cause.originalCode === "string") return e.cause.originalCode
+  }
+  if (e.meta?.driverAdapterError?.cause?.originalCode) {
+    return String(e.meta.driverAdapterError.cause.originalCode)
+  }
+  return null
+}
+
+function buildDetail(err: unknown, ctx: ServerErrorContext | undefined): string {
+  const lines: string[] = []
+  if (err instanceof Error) {
+    lines.push(`Message: ${err.message}`)
+    if (err.stack) lines.push(`\nStack Trace:\n${err.stack}`)
+    if ((err as any).cause) {
+      try {
+        lines.push(`\nCause: ${JSON.stringify((err as any).cause, null, 2)}`)
+      } catch {
+        lines.push(`\nCause: ${String((err as any).cause)}`)
+      }
+    }
+    if ((err as any).meta) {
+      try {
+        lines.push(`\nMeta: ${JSON.stringify((err as any).meta, null, 2)}`)
+      } catch {
+        /* skip */
+      }
+    }
+  } else {
+    lines.push(`Raw: ${String(err)}`)
+    try {
+      lines.push(`JSON: ${JSON.stringify(err)}`)
+    } catch {
+      /* skip */
+    }
+  }
+  if (ctx?.method || ctx?.url) {
+    lines.push(`\nRequest: ${ctx.method || "?"} ${ctx.url || ""}`)
+  }
+  if (ctx?.extra) {
+    try {
+      lines.push(`\nContext: ${JSON.stringify(ctx.extra, null, 2)}`)
+    } catch {
+      /* skip */
+    }
+  }
+  return lines.join("\n")
+}
+
+function extractMessage(err: unknown): string {
+  if (err instanceof Error) return err.message || err.name || "Error"
+  if (typeof err === "string") return err
+  try {
+    return JSON.stringify(err)
+  } catch {
+    return String(err)
+  }
+}
+
+function safeStringify(v: unknown): string {
+  try {
+    return JSON.stringify(v)
+  } catch {
+    return String(v)
+  }
+}
+
+/**
+ * Bind the error logger to an app's Prisma client. Returns `logServerError`,
+ * which is fire-and-forget (never throws, never awaits in the caller's hot
+ * path) and dedupes onto an existing unresolved row by fingerprint.
+ */
+export function createErrorLogger(db: ErrorLoggerDb) {
+  async function persistServerError(
+    err: unknown,
+    ctx?: ServerErrorContext
+  ): Promise<void> {
+    try {
+      const message = extractMessage(err)
+      if (!message) return
+
+      const code = extractErrorCode(err)
+      const urlStr =
+        typeof ctx?.url === "string"
+          ? ctx.url
+          : ctx?.url instanceof URL
+            ? ctx.url.toString()
+            : null
+      const moduleTag = ctx?.module ?? deriveModule(ctx?.url)
+      const fingerprint = buildFingerprint(message, code, moduleTag, urlStr)
+      const detail = buildDetail(err, ctx)
+
+      const existing = await db.errorLog.findFirst({
+        where: { fingerprint, resolved: false },
+        orderBy: { createdAt: "desc" },
+        select: { id: true },
+      })
+
+      if (existing) {
+        await db.errorLog.update({
+          where: { id: existing.id },
+          data: {
+            occurrenceCount: { increment: 1 },
+            lastSeenAt: new Date(),
+            detail,
+            url: urlStr || undefined,
+            userId: ctx?.userId || undefined,
+          },
+        })
+        return
+      }
+
+      await db.errorLog.create({
+        data: {
+          errorId: code || "SERVER",
+          fingerprint,
+          code: code || null,
+          message: message.slice(0, 1000),
+          detail,
+          context: ctx?.extra ? safeStringify(ctx.extra).slice(0, 5000) : null,
+          module: moduleTag || null,
+          userId: ctx?.userId || null,
+          url: urlStr || null,
+          userAgent: ctx?.userAgent || null,
+          severity: ctx?.severity || "error",
+          occurrenceCount: 1,
+          lastSeenAt: new Date(),
+        },
+      })
+    } catch (writeErr) {
+      console.error("[logServerError] DB write failed:", writeErr)
+      console.error("[logServerError] original error was:", err)
+    }
+  }
+
+  function logServerError(err: unknown, ctx?: ServerErrorContext): void {
+    setTimeout(() => {
+      void persistServerError(err, ctx).catch((inner) => {
+        console.error("[logServerError] failed to persist:", inner)
+      })
+    }, 0)
+  }
+
+  return { logServerError }
+}
+
+export type LogServerError = (err: unknown, ctx?: ServerErrorContext) => void
+
+/**
+ * The canonical "catch block" helper for API routes, built around a given
+ * `logServerError`. Maps Prisma codes to friendly messages + stable errorId,
+ * PERSISTS the real stack/Prisma meta (severity = error for 5xx, warn for 4xx),
+ * and returns the structured JSON with an `X-Error-Id` header.
+ *
+ *   } catch (error) {
+ *     return serverError(error, request, { message: "Lỗi xử lý thao tác" })
+ *   }
+ *
+ * Takes the logger as a dependency (rather than a db) so an app can keep its
+ * own `logServerError` export — used directly by api-handler/cron — as the
+ * single seam, and so it stays unit-testable by mocking that one function.
+ */
+export function buildServerError(opts: {
+  logServerError: LogServerError
+  isProd?: boolean
+}) {
+  const { logServerError } = opts
+  const isProd = opts.isProd ?? process.env.NODE_ENV === "production"
+
+  return function serverError(
+    err: unknown,
+    request?: { url?: string; method?: string; headers?: Headers },
+    o?: { message?: string; userId?: string }
+  ): NextResponse {
+    const appError = err instanceof AppError ? err : toAppError(err, o?.message)
+
+    if (!isProd) {
+      console.error("[serverError]", err)
+    }
+
+    logServerError(err, {
+      url: request?.url,
+      method: request?.method,
+      userId: o?.userId,
+      userAgent: request?.headers?.get?.("user-agent") ?? undefined,
+      severity: appError.statusCode >= 500 ? "error" : "warn",
+      extra: { errorId: appError.errorId, code: appError.code },
+    })
+
+    return createErrorResponse(appError)
+  }
+}
+
+/**
+ * Convenience: bind both the logger and the catch-block helper to an app's db
+ * in one call (for apps that don't need a standalone `logServerError` export).
+ */
+export function createServerError(opts: {
+  db: ErrorLoggerDb
+  isProd?: boolean
+}) {
+  const { logServerError } = createErrorLogger(opts.db)
+  return buildServerError({ logServerError, isProd: opts.isProd })
+}

package/src/export/download-file.ts

@@ -0,0 +1,46 @@
+/**
+ * Shared download helpers for the unified export flow. Pure (no React) so they
+ * can be unit-tested and reused outside components.
+ */
+
+/**
+ * Trigger a browser download for an in-memory Blob via a transient anchor.
+ * Revokes the object URL afterwards so it isn't leaked.
+ */
+export function triggerBlobDownload(blob: Blob, filename: string): void {
+  const url = window.URL.createObjectURL(blob)
+  const a = document.createElement("a")
+  a.href = url
+  a.download = filename
+  document.body.appendChild(a)
+  a.click()
+  a.remove()
+  window.URL.revokeObjectURL(url)
+}
+
+/**
+ * Parse the download filename a server sent in `Content-Disposition`, falling
+ * back to `fallback` when the header is missing/unparseable. Handles both the
+ * RFC 5987 `filename*=UTF-8''...` form and the plain `filename="..."` form so
+ * the client doesn't have to hardcode names that the server already knows.
+ */
+export function filenameFromContentDisposition(
+  header: string | null,
+  fallback: string
+): string {
+  if (!header) return fallback
+
+  const encoded = /filename\*=UTF-8''([^;]+)/i.exec(header)
+  if (encoded?.[1]) {
+    try {
+      return decodeURIComponent(encoded[1])
+    } catch {
+      // fall through to the plain form / fallback
+    }
+  }
+
+  const plain = /filename="?([^";]+)"?/i.exec(header)
+  if (plain?.[1]) return plain[1].trim()
+
+  return fallback
+}

package/src/export/index.ts

@@ -0,0 +1,7 @@
+export { useExport } from "./use-export"
+export type { ExportOptions } from "./use-export"
+export {
+  triggerBlobDownload,
+  filenameFromContentDisposition,
+} from "./download-file"
+export { toCsv, escapeCsvField } from "./to-csv"

package/src/export/to-csv.ts

@@ -0,0 +1,35 @@
+/**
+ * CSV building with RFC 4180 escaping.
+ *
+ * The crud `exportToCSV` historically joined fields with a bare comma and
+ * `String(v || "")`, so any value containing a comma / double-quote / newline
+ * (addresses, notes) silently broke column alignment, and falsy values like
+ * `0`/`false` came out empty. This is the corrected, shared implementation —
+ * crud's `exportToCSV` now delegates here.
+ */
+
+/** Escape a single CSV field per RFC 4180 (quote if it holds comma/quote/newline). */
+export function escapeCsvField(value: unknown): string {
+  const str = value === null || value === undefined ? "" : String(value)
+  if (/[",\n\r]/.test(str)) {
+    return `"${str.replace(/"/g, '""')}"`
+  }
+  return str
+}
+
+/**
+ * @param data   rows as plain objects
+ * @param fields optional explicit column order (defaults to keys of the first row)
+ */
+export function toCsv(
+  data: Record<string, unknown>[],
+  fields?: string[]
+): string {
+  if (data.length === 0) return ""
+  const keys = fields ?? Object.keys(data[0])
+  const header = keys.map(escapeCsvField).join(",")
+  const rows = data.map((row) =>
+    keys.map((k) => escapeCsvField(row[k])).join(",")
+  )
+  return [header, ...rows].join("\n")
+}

package/src/export/use-export.ts

@@ -0,0 +1,68 @@
+"use client"
+
+import { useCallback, useState } from "react"
+import { toast } from "sonner"
+
+import {
+  filenameFromContentDisposition,
+  triggerBlobDownload,
+} from "./download-file"
+
+export interface ExportOptions {
+  /** Fallback filename if the server doesn't send a Content-Disposition. */
+  filename?: string
+  loadingMessage?: string
+  successMessage?: string
+  errorMessage?: string
+}
+
+/**
+ * The single client-side export primitive. Every "Xuất Excel" button funnels
+ * through here: GET the server export URL, stream it to a Blob, name the file
+ * from the server's Content-Disposition (or a fallback), trigger the download,
+ * and surface consistent loading/success/error toasts.
+ *
+ * Callers build their own filtered URL (`/api/.../export?filters`) — the part
+ * that genuinely differs per page — and hand it to `exportFile`. This replaces
+ * the previous mix of `window.open` (new tab, no error handling) and bespoke
+ * `fetch → blob → click` copies scattered across ~20 components.
+ */
+export function useExport() {
+  const [isExporting, setIsExporting] = useState(false)
+
+  const exportFile = useCallback(
+    async (url: string, options: ExportOptions = {}) => {
+      setIsExporting(true)
+      const toastId = toast.loading(
+        options.loadingMessage ?? "Đang xuất dữ liệu..."
+      )
+      try {
+        const res = await fetch(url)
+        if (!res.ok) {
+          throw new Error(`Export failed with status ${res.status}`)
+        }
+
+        const blob = await res.blob()
+        const filename = filenameFromContentDisposition(
+          res.headers.get("Content-Disposition"),
+          options.filename ?? "export.xlsx"
+        )
+        triggerBlobDownload(blob, filename)
+
+        toast.success(options.successMessage ?? "Đã xuất file thành công", {
+          id: toastId,
+        })
+      } catch (error) {
+        console.error("[useExport]", error)
+        toast.error(options.errorMessage ?? "Có lỗi xảy ra khi xuất dữ liệu", {
+          id: toastId,
+        })
+      } finally {
+        setIsExporting(false)
+      }
+    },
+    []
+  )
+
+  return { exportFile, isExporting }
+}