@goscribe/server 1.3.3 → 1.5.0

package/dist/routers/members.js

@@ -1,735 +1,47 @@
 import { z } from 'zod';
-import { TRPCError } from '@trpc/server';
 import { router, publicProcedure, authedProcedure } from '../trpc.js';
-import { logger } from '../lib/logger.js';
-import { sendInvitationEmail } from '../lib/email.js';
-import PusherService from '../lib/pusher.js';
-import { notifyInviteAccepted, notifyInviteRecipient, notifyWorkspaceMembershipRemoved, notifyWorkspaceRoleChanged, } from '../lib/notification-service.js';
-/**
- * Members router for workspace member management
- *
- * Features:
- * - Get workspace members
- * - Invite new members via email
- * - Accept invitations via UUID
- * - Change member roles
- * - Remove members
- * - Get current user's role
- */
+import { MemberService } from '../services/members/member.service.js';
+import { InvitationService } from '../services/members/invitation.service.js';
 export const members = router({
-    /**
-     * Get all members of a workspace
-     */
     getMembers: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-    }))
-        .query(async ({ ctx, input }) => {
-        // Check if user has access to this workspace
-        const workspace = await ctx.db.workspace.findFirst({
-            where: {
-                id: input.workspaceId,
-                OR: [
-                    { ownerId: ctx.session.user.id },
-                    { members: { some: { userId: ctx.session.user.id } } }
-                ]
-            },
-            include: {
-                owner: {
-                    select: {
-                        id: true,
-                        name: true,
-                        email: true,
-                        profilePicture: {
-                            select: {
-                                id: true,
-                                name: true,
-                                url: true,
-                            }
-                        }
-                    }
-                },
-                members: {
-                    include: {
-                        user: {
-                            select: {
-                                id: true,
-                                name: true,
-                                email: true,
-                                profilePicture: {
-                                    select: {
-                                        id: true,
-                                        name: true,
-                                        url: true,
-                                    }
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found or access denied'
-            });
-        }
-        const workspaceMembers = [
-            {
-                id: workspace.owner.id,
-                name: workspace.owner.name || 'Unknown',
-                email: workspace.owner.email || '',
-                role: 'owner',
-                joinedAt: workspace.createdAt,
-            },
-            ...workspace.members.map(membership => ({
-                id: membership.user.id,
-                name: membership.user.name || 'Unknown',
-                email: membership.user.email || '',
-                role: membership.role,
-                joinedAt: membership.joinedAt,
-            }))
-        ];
-        logger.info(`👥 Fetched ${workspaceMembers.length} members for workspace ${input.workspaceId}`, 'WORKSPACE', {
-            memberEmails: workspaceMembers.map(m => m.email)
-        });
-        return workspaceMembers;
-    }),
-    /**
-     * Get current user's role in a workspace
-     */
+        .input(z.object({ workspaceId: z.string() }))
+        .query(({ ctx, input }) => new MemberService(ctx.db).getMembers(ctx.session.user.id, input.workspaceId)),
     getCurrentUserRole: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-    }))
-        .query(async ({ ctx, input }) => {
-        const workspace = await ctx.db.workspace.findFirst({
-            where: { id: input.workspaceId },
-            select: {
-                ownerId: true,
-                members: {
-                    where: { userId: ctx.session.user.id },
-                    select: { role: true }
-                }
-            }
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found'
-            });
-        }
-        if (workspace.ownerId === ctx.session.user.id) {
-            return 'owner';
-        }
-        if (workspace.members.length > 0) {
-            return workspace.members[0].role;
-        }
-        throw new TRPCError({
-            code: 'FORBIDDEN',
-            message: 'Access denied to this workspace'
-        });
-    }),
-    /**
-     * Invite a new member to the workspace
-     */
+        .input(z.object({ workspaceId: z.string() }))
+        .query(({ ctx, input }) => new MemberService(ctx.db).getCurrentUserRole(ctx.session.user.id, input.workspaceId)),
     inviteMember: authedProcedure
         .input(z.object({
         workspaceId: z.string(),
         email: z.string().email(),
         role: z.enum(['admin', 'member']).default('member'),
     }))
-        .mutation(async ({ ctx, input }) => {
-        // Check if user is owner or admin of the workspace
-        const workspace = await ctx.db.workspace.findFirst({
-            where: {
-                id: input.workspaceId,
-                ownerId: ctx.session.user.id // Only owners can invite for now
-            }
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found or insufficient permissions'
-            });
-        }
-        // Check if user is already a member
-        const existingMember = await ctx.db.user.findFirst({
-            where: {
-                email: input.email,
-                OR: [
-                    { id: workspace.ownerId },
-                    { workspaceMemberships: { some: { workspaceId: input.workspaceId } } }
-                ]
-            }
-        });
-        if (existingMember) {
-            throw new TRPCError({
-                code: 'BAD_REQUEST',
-                message: 'User is already a member of this workspace'
-            });
-        }
-        // Check if there's already a pending invitation
-        const existingInvitation = await ctx.db.workspaceInvitation.findFirst({
-            where: {
-                workspaceId: input.workspaceId,
-                email: input.email,
-                acceptedAt: null,
-                expiresAt: { gt: new Date() }
-            }
-        });
-        if (existingInvitation) {
-            throw new TRPCError({
-                code: 'BAD_REQUEST',
-                message: 'Invitation already sent to this email'
-            });
-        }
-        // Create invitation
-        const invitation = await ctx.db.workspaceInvitation.create({
-            data: {
-                workspaceId: input.workspaceId,
-                email: input.email,
-                role: input.role,
-                invitedById: ctx.session.user.id,
-            },
-            include: {
-                workspace: {
-                    select: {
-                        title: true,
-                        owner: {
-                            select: {
-                                name: true,
-                                email: true,
-                            }
-                        }
-                    }
-                }
-            }
-        });
-        const invitedExistingUser = await ctx.db.user.findUnique({
-            where: { email: input.email },
-            select: { id: true, name: true },
-        });
-        if (invitedExistingUser) {
-            await notifyInviteRecipient(ctx.db, {
-                invitedUserId: invitedExistingUser.id,
-                inviterUserId: ctx.session.user.id,
-                workspaceId: input.workspaceId,
-                workspaceTitle: invitation.workspace.title,
-                invitationId: invitation.id,
-                invitationToken: invitation.token,
-                inviterName: invitation.workspace.owner.name || invitation.workspace.owner.email,
-            });
-        }
-        logger.info(`🎫 Invitation created for ${input.email} to workspace ${input.workspaceId} with role ${input.role}`, 'WORKSPACE', {
-            invitationId: invitation.id,
-            workspaceId: input.workspaceId,
-            email: input.email,
-            role: input.role,
-            invitedBy: ctx.session.user.id
-        });
-        // Send email notification
-        await sendInvitationEmail({
-            email: invitation.email,
-            token: invitation.token,
-            role: invitation.role,
-            workspaceTitle: invitation.workspace.title,
-            invitedByName: invitation.workspace.owner.name || invitation.workspace.owner.email || 'Someone',
-        });
-        return {
-            invitationId: invitation.id,
-            token: invitation.token,
-            email: invitation.email,
-            role: invitation.role,
-            expiresAt: invitation.expiresAt,
-            workspaceTitle: invitation.workspace.title,
-            invitedByName: invitation.workspace.owner.name || invitation.workspace.owner.email,
-        };
-    }),
+        .mutation(({ ctx, input }) => new InvitationService(ctx.db).inviteMember(ctx.session.user.id, input)),
     getInvitations: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-    }))
-        .query(async ({ ctx, input }) => {
-        const invitations = await ctx.db.workspaceInvitation.findMany({
-            where: { workspaceId: input.workspaceId },
-        });
-        return invitations;
-    }),
-    /**
-     * Accept an invitation (public endpoint)
-     */
+        .input(z.object({ workspaceId: z.string() }))
+        .query(({ ctx, input }) => new InvitationService(ctx.db).getInvitations(input.workspaceId)),
     acceptInvite: publicProcedure
-        .input(z.object({
-        token: z.string(),
-    }))
-        .mutation(async ({ ctx, input }) => {
-        // Find the invitation
-        const invitation = await ctx.db.workspaceInvitation.findFirst({
-            where: {
-                token: input.token,
-                acceptedAt: null,
-                expiresAt: { gt: new Date() }
-            },
-            include: {
-                workspace: {
-                    select: {
-                        id: true,
-                        title: true,
-                        ownerId: true,
-                        owner: {
-                            select: {
-                                name: true,
-                                email: true,
-                            }
-                        }
-                    }
-                }
-            }
-        });
-        if (!invitation) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Invalid or expired invitation'
-            });
-        }
-        // Check if user is authenticated
-        if (!ctx.session?.user) {
-            throw new TRPCError({
-                code: 'UNAUTHORIZED',
-                message: 'Please log in to accept this invitation'
-            });
-        }
-        const user = await ctx.db.user.findFirst({ where: { id: ctx.session.user.id } });
-        if (!user || !user.email)
-            throw new TRPCError({ code: 'NOT_FOUND' });
-        logger.info(`🔍 Verification check for ${user.email} accepting invite for ${invitation.email}`, 'WORKSPACE');
-        // Check if the email matches the user's email (case-insensitive)
-        if (user.email.toLowerCase() !== invitation.email.toLowerCase()) {
-            logger.warn(`❌ Invitation email mismatch: user ${user.email} vs invite ${invitation.email}`, 'WORKSPACE');
-            throw new TRPCError({
-                code: 'BAD_REQUEST',
-                message: 'This invitation was sent to a different email address'
-            });
-        }
-        // Check if user is already a member
-        const isAlreadyMember = await ctx.db.workspace.findFirst({
-            where: {
-                id: invitation.workspaceId,
-                OR: [
-                    { ownerId: ctx.session.user.id },
-                    { members: { some: { userId: ctx.session.user.id } } }
-                ]
-            }
-        });
-        if (isAlreadyMember) {
-            logger.info(`ℹ️ User ${ctx.session.user.id} is already a member of workspace ${invitation.workspaceId}. Marking invite as accepted.`, 'WORKSPACE');
-            // Mark invitation as accepted even if already a member
-            await ctx.db.workspaceInvitation.update({
-                where: { id: invitation.id },
-                data: { acceptedAt: new Date() }
-            });
-            return {
-                workspaceId: invitation.workspaceId,
-                workspaceTitle: invitation.workspace.title,
-                role: invitation.role,
-                ownerName: invitation.workspace.owner.name || invitation.workspace.owner.email,
-                message: 'You are already a member of this workspace'
-            };
-        }
-        // Add user to workspace with proper role.
-        // This can race if accept is triggered twice (e.g. redirects/retries),
-        // so treat duplicate membership as a successful, idempotent accept.
-        let memberAdded = false;
-        try {
-            await ctx.db.workspaceMember.create({
-                data: {
-                    workspaceId: invitation.workspaceId,
-                    userId: ctx.session.user.id,
-                    role: invitation.role,
-                }
-            });
-            memberAdded = true;
-        }
-        catch (error) {
-            if (error?.code !== 'P2002') {
-                throw error;
-            }
-            logger.info(`ℹ️ Duplicate invite accept handled for user ${ctx.session.user.id} in workspace ${invitation.workspaceId}`, 'WORKSPACE');
-        }
-        // Mark invitation as accepted
-        await ctx.db.workspaceInvitation.update({
-            where: { id: invitation.id },
-            data: { acceptedAt: new Date() }
-        });
-        if (memberAdded) {
-            await notifyInviteAccepted(ctx.db, {
-                recipientUserIds: [invitation.invitedById, invitation.workspace.ownerId],
-                actorUserId: ctx.session.user.id,
-                workspaceId: invitation.workspaceId,
-                workspaceTitle: invitation.workspace.title,
-                memberName: user.name || user.email,
-                invitationId: invitation.id,
-            });
-        }
-        logger.info(`✅ Invitation accepted by ${ctx.session.user.id} (${user.email}) for workspace ${invitation.workspaceId}`, 'WORKSPACE', {
-            invitationId: invitation.id,
-            workspaceId: invitation.workspaceId,
-            userId: ctx.session.user.id,
-            email: invitation.email
-        });
-        // Try to emit a Pusher event if possible
-        try {
-            if (memberAdded) {
-                await PusherService.emitMemberJoined(invitation.workspaceId, {
-                    id: ctx.session.user.id,
-                    name: user.name || 'Member',
-                    email: user.email,
-                    role: invitation.role,
-                });
-            }
-        }
-        catch (e) {
-            logger.error('Failed to emit member joined event', e);
-        }
-        return {
-            workspaceId: invitation.workspaceId,
-            workspaceTitle: invitation.workspace.title,
-            role: invitation.role,
-            ownerName: invitation.workspace.owner.name || invitation.workspace.owner.email,
-            ...(memberAdded ? {} : { message: 'You are already a member of this workspace' }),
-        };
-    }),
-    /**
-     * Change a member's role (owner only)
-     */
+        .input(z.object({ token: z.string() }))
+        .mutation(({ ctx, input }) => new InvitationService(ctx.db).acceptInvite(ctx.session?.user?.id, input.token)),
     changeMemberRole: authedProcedure
         .input(z.object({
         workspaceId: z.string(),
         memberId: z.string(),
         role: z.enum(['admin', 'member']),
     }))
-        .mutation(async ({ ctx, input }) => {
-        // Check if user is owner of the workspace
-        const workspace = await ctx.db.workspace.findFirst({
-            where: {
-                id: input.workspaceId,
-                ownerId: ctx.session.user.id
-            },
-            select: { id: true, title: true, ownerId: true },
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found or insufficient permissions'
-            });
-        }
-        // Check if member exists and is not the owner
-        if (input.memberId === workspace.ownerId) {
-            throw new TRPCError({
-                code: 'BAD_REQUEST',
-                message: 'Cannot change owner role'
-            });
-        }
-        const member = await ctx.db.workspaceMember.findFirst({
-            where: {
-                workspaceId: input.workspaceId,
-                userId: input.memberId
-            }
-        });
-        if (!member) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Member not found in this workspace'
-            });
-        }
-        // Update the member's role
-        const updatedMember = await ctx.db.workspaceMember.update({
-            where: { id: member.id },
-            data: { role: input.role },
-            include: {
-                user: {
-                    select: {
-                        id: true,
-                        name: true,
-                        email: true,
-                    }
-                }
-            }
-        });
-        logger.info(`🔄 Member role changed for ${input.memberId} from ${member.role} to ${input.role} in workspace ${input.workspaceId}`, 'WORKSPACE', {
-            workspaceId: input.workspaceId,
-            memberId: input.memberId,
-            oldRole: member.role,
-            newRole: input.role,
-            changedBy: ctx.session.user.id
-        });
-        const actor = await ctx.db.user.findUnique({
-            where: { id: ctx.session.user.id },
-            select: { name: true, email: true },
-        });
-        await notifyWorkspaceRoleChanged(ctx.db, {
-            memberUserId: input.memberId,
-            workspaceId: input.workspaceId,
-            workspaceTitle: workspace.title,
-            newRole: input.role,
-            oldRole: member.role,
-            actorUserId: ctx.session.user.id,
-            actorName: actor?.name || actor?.email || 'A workspace admin',
-        }).catch(() => { });
-        return {
-            memberId: input.memberId,
-            role: input.role,
-            memberName: updatedMember.user.name || updatedMember.user.email,
-            message: 'Role changed successfully'
-        };
-    }),
-    /**
-     * Remove a member from the workspace (owner only)
-     */
+        .mutation(({ ctx, input }) => new MemberService(ctx.db).changeMemberRole(ctx.session.user.id, input)),
     removeMember: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-        memberId: z.string(),
-    }))
-        .mutation(async ({ ctx, input }) => {
-        // Check if user is owner of the workspace
-        const workspace = await ctx.db.workspace.findFirst({
-            where: {
-                id: input.workspaceId,
-                ownerId: ctx.session.user.id
-            },
-            select: { id: true, title: true, ownerId: true },
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found or insufficient permissions'
-            });
-        }
-        // Check if trying to remove the owner
-        if (input.memberId === workspace.ownerId) {
-            throw new TRPCError({
-                code: 'BAD_REQUEST',
-                message: 'Cannot remove workspace owner'
-            });
-        }
-        // Check if member exists
-        const member = await ctx.db.workspaceMember.findFirst({
-            where: {
-                workspaceId: input.workspaceId,
-                userId: input.memberId
-            },
-            include: {
-                user: {
-                    select: {
-                        name: true,
-                        email: true,
-                    }
-                }
-            }
-        });
-        if (!member) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Member not found in this workspace'
-            });
-        }
-        const actor = await ctx.db.user.findUnique({
-            where: { id: ctx.session.user.id },
-            select: { name: true, email: true },
-        });
-        await notifyWorkspaceMembershipRemoved(ctx.db, {
-            memberUserId: input.memberId,
-            workspaceId: input.workspaceId,
-            workspaceTitle: workspace.title,
-            actorUserId: ctx.session.user.id,
-            actorName: actor?.name || actor?.email || 'A workspace admin',
-        }).catch(() => { });
-        // Remove member from workspace
-        await ctx.db.workspaceMember.delete({
-            where: { id: member.id }
-        });
-        logger.info(`🗑️ Member ${input.memberId} removed from workspace ${input.workspaceId}`, 'WORKSPACE', {
-            workspaceId: input.workspaceId,
-            memberId: input.memberId,
-            removedBy: ctx.session.user.id
-        });
-        return {
-            memberId: input.memberId,
-            message: 'Member removed successfully'
-        };
-    }),
-    /**
-     * Get pending invitations for a workspace (owner only)
-     */
+        .input(z.object({ workspaceId: z.string(), memberId: z.string() }))
+        .mutation(({ ctx, input }) => new MemberService(ctx.db).removeMember(ctx.session.user.id, input)),
     getPendingInvitations: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-    }))
-        .query(async ({ ctx, input }) => {
-        // Check if user is owner of the workspace
-        const workspace = await ctx.db.workspace.findFirst({
-            where: {
-                id: input.workspaceId,
-                ownerId: ctx.session.user.id
-            }
-        });
-        if (!workspace) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Workspace not found or insufficient permissions'
-            });
-        }
-        const invitations = await ctx.db.workspaceInvitation.findMany({
-            where: {
-                workspaceId: input.workspaceId,
-                acceptedAt: null,
-                expiresAt: { gt: new Date() }
-            },
-            include: {
-                invitedBy: {
-                    select: {
-                        name: true,
-                        email: true,
-                    }
-                }
-            },
-            orderBy: { createdAt: 'desc' }
-        });
-        return invitations.map(invitation => ({
-            id: invitation.id,
-            email: invitation.email,
-            role: invitation.role,
-            token: invitation.token,
-            expiresAt: invitation.expiresAt,
-            createdAt: invitation.createdAt,
-            invitedByName: invitation.invitedBy.name || invitation.invitedBy.email,
-        }));
-    }),
-    /**
-     * Cancel a pending invitation (owner only)
-     */
+        .input(z.object({ workspaceId: z.string() }))
+        .query(({ ctx, input }) => new InvitationService(ctx.db).getPendingInvitations(ctx.session.user.id, input.workspaceId)),
     cancelInvitation: authedProcedure
-        .input(z.object({
-        invitationId: z.string(),
-    }))
-        .mutation(async ({ ctx, input }) => {
-        // Check if user is owner of the workspace
-        const invitation = await ctx.db.workspaceInvitation.findFirst({
-            where: {
-                id: input.invitationId,
-                acceptedAt: null,
-                workspace: {
-                    ownerId: ctx.session.user.id
-                }
-            }
-        });
-        if (!invitation) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Invitation not found or insufficient permissions'
-            });
-        }
-        // Delete the invitation
-        await ctx.db.workspaceInvitation.delete({
-            where: { id: input.invitationId }
-        });
-        logger.info(`❌ Invitation cancelled for ${invitation.email} to workspace ${invitation.workspaceId}`, 'WORKSPACE', {
-            invitationId: input.invitationId,
-            workspaceId: invitation.workspaceId,
-            email: invitation.email,
-            cancelledBy: ctx.session.user.id
-        });
-        return {
-            invitationId: input.invitationId,
-            message: 'Invitation cancelled successfully'
-        };
-    }),
-    /**
-     * Resend a pending invitation (owner only)
-     */
+        .input(z.object({ invitationId: z.string() }))
+        .mutation(({ ctx, input }) => new InvitationService(ctx.db).cancelInvitation(ctx.session.user.id, input.invitationId)),
     resendInvitation: authedProcedure
-        .input(z.object({
-        invitationId: z.string(),
-    }))
-        .mutation(async ({ ctx, input }) => {
-        // Check if user is owner of the workspace and invitation is pending
-        const invitation = await ctx.db.workspaceInvitation.findFirst({
-            where: {
-                id: input.invitationId,
-                acceptedAt: null,
-                workspace: {
-                    ownerId: ctx.session.user.id
-                }
-            },
-            include: {
-                workspace: {
-                    select: {
-                        title: true,
-                        owner: {
-                            select: {
-                                name: true,
-                                email: true,
-                            }
-                        }
-                    }
-                }
-            }
-        });
-        if (!invitation) {
-            throw new TRPCError({
-                code: 'NOT_FOUND',
-                message: 'Invitation not found or insufficient permissions'
-            });
-        }
-        // Check if expired and update expiry if needed
-        if (invitation.expiresAt < new Date()) {
-            const newExpiry = new Date();
-            newExpiry.setDate(newExpiry.getDate() + 7);
-            await ctx.db.workspaceInvitation.update({
-                where: { id: invitation.id },
-                data: { expiresAt: newExpiry }
-            });
-            invitation.expiresAt = newExpiry;
-        }
-        // Send email notification
-        await sendInvitationEmail({
-            email: invitation.email,
-            token: invitation.token,
-            role: invitation.role,
-            workspaceTitle: invitation.workspace.title,
-            invitedByName: invitation.workspace.owner.name || invitation.workspace.owner.email || 'Someone',
-        });
-        logger.info(`📧 Invitation resent to ${invitation.email} for workspace ${invitation.workspaceId}`, 'WORKSPACE', {
-            invitationId: invitation.id,
-            workspaceId: invitation.workspaceId,
-            email: invitation.email,
-            resentBy: ctx.session.user.id
-        });
-        return {
-            invitationId: invitation.id,
-            message: 'Invitation email resent successfully'
-        };
-    }),
-    /**
-     * DEBUG ONLY: Get all invitations for a workspace
-     */
+        .input(z.object({ invitationId: z.string() }))
+        .mutation(({ ctx, input }) => new InvitationService(ctx.db).resendInvitation(ctx.session.user.id, input.invitationId)),
     getAllInvitationsDebug: authedProcedure
-        .input(z.object({
-        workspaceId: z.string(),
-    }))
-        .query(async ({ ctx, input }) => {
-        // Check if user is owner
-        const workspace = await ctx.db.workspace.findFirst({
-            where: { id: input.workspaceId, ownerId: ctx.session.user.id }
-        });
-        if (!workspace)
-            throw new TRPCError({ code: 'UNAUTHORIZED' });
-        return ctx.db.workspaceInvitation.findMany({
-            where: { workspaceId: input.workspaceId },
-            orderBy: { createdAt: 'desc' }
-        });
-    }),
+        .input(z.object({ workspaceId: z.string() }))
+        .query(({ ctx, input }) => new InvitationService(ctx.db).getAllInvitationsDebug(ctx.session.user.id, input.workspaceId)),
 });