@htlkg/data 0.0.15 → 0.0.16

package/src/client/proxy.ts

@@ -0,0 +1,170 @@
+/**
+ * GraphQL Proxy Client
+ *
+ * Client-side helper for making authenticated GraphQL operations through
+ * the server-side proxy. This allows Vue components to perform mutations
+ * while keeping auth cookies httpOnly for security.
+ *
+ * @module @htlkg/data/proxy
+ */
+
+/**
+ * Valid GraphQL operations
+ */
+export type Operation = "create" | "update" | "delete" | "get" | "list";
+
+/**
+ * Response type from GraphQL operations
+ */
+export interface GraphQLResponse<T = any> {
+	data: T | null;
+	errors?: Array<{ message: string; [key: string]: any }>;
+}
+
+/**
+ * Options for proxy requests
+ */
+export interface ProxyOptions {
+	/** Custom API endpoint (default: /api/graphql) */
+	endpoint?: string;
+	/** Additional fetch options */
+	fetchOptions?: RequestInit;
+}
+
+/**
+ * Default proxy endpoint
+ */
+const DEFAULT_ENDPOINT = "/api/graphql";
+
+/**
+ * Execute a GraphQL mutation through the server proxy
+ *
+ * @param model - The model name (e.g., 'User', 'Brand', 'Account')
+ * @param operation - The operation type ('create', 'update', 'delete')
+ * @param data - The operation data/input
+ * @param options - Optional configuration
+ * @returns Promise with the operation result
+ *
+ * @example Create
+ * ```typescript
+ * const result = await mutate('User', 'create', {
+ *   email: 'user@example.com',
+ *   accountId: '123',
+ * });
+ * ```
+ *
+ * @example Update
+ * ```typescript
+ * const result = await mutate('User', 'update', {
+ *   id: 'user-id',
+ *   status: 'deleted',
+ *   deletedAt: new Date().toISOString(),
+ * });
+ * ```
+ *
+ * @example Delete
+ * ```typescript
+ * const result = await mutate('User', 'delete', { id: 'user-id' });
+ * ```
+ */
+export async function mutate<T = any>(
+	model: string,
+	operation: "create" | "update" | "delete",
+	data: Record<string, any>,
+	options?: ProxyOptions,
+): Promise<GraphQLResponse<T>> {
+	return proxyRequest<T>(model, operation, data, options);
+}
+
+/**
+ * Execute a GraphQL query through the server proxy
+ *
+ * @param model - The model name (e.g., 'User', 'Brand', 'Account')
+ * @param operation - The operation type ('get', 'list')
+ * @param data - The query parameters (id for get, filter/limit for list)
+ * @param options - Optional configuration
+ * @returns Promise with the query result
+ *
+ * @example Get by ID
+ * ```typescript
+ * const result = await query('User', 'get', { id: 'user-id' });
+ * ```
+ *
+ * @example List with filter
+ * ```typescript
+ * const result = await query('User', 'list', {
+ *   filter: { status: { eq: 'active' } },
+ *   limit: 100,
+ * });
+ * ```
+ */
+export async function query<T = any>(
+	model: string,
+	operation: "get" | "list",
+	data?: Record<string, any>,
+	options?: ProxyOptions,
+): Promise<GraphQLResponse<T>> {
+	return proxyRequest<T>(model, operation, data, options);
+}
+
+/**
+ * Internal function to make proxy requests
+ */
+async function proxyRequest<T>(
+	model: string,
+	operation: Operation,
+	data?: Record<string, any>,
+	options?: ProxyOptions,
+): Promise<GraphQLResponse<T>> {
+	const endpoint = options?.endpoint ?? DEFAULT_ENDPOINT;
+
+	try {
+		const response = await fetch(endpoint, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+			},
+			credentials: "include", // Important: include cookies
+			...options?.fetchOptions,
+			body: JSON.stringify({ model, operation, data }),
+		});
+
+		const result: GraphQLResponse<T> = await response.json();
+
+		// Handle auth errors
+		if (response.status === 401) {
+			console.error("[GraphQL Proxy] Unauthorized - session may have expired");
+			// Optionally trigger a redirect to login
+			// window.location.href = '/login';
+		}
+
+		return result;
+	} catch (error) {
+		console.error("[GraphQL Proxy] Request failed:", error);
+		return {
+			data: null,
+			errors: [
+				{
+					message: error instanceof Error ? error.message : "Network error",
+				},
+			],
+		};
+	}
+}
+
+/**
+ * Helper to check if a response has errors
+ */
+export function hasErrors(response: GraphQLResponse): boolean {
+	return !!response.errors && response.errors.length > 0;
+}
+
+/**
+ * Helper to get the first error message from a response
+ */
+export function getErrorMessage(response: GraphQLResponse): string | null {
+	if (!response.errors || response.errors.length === 0) {
+		return null;
+	}
+	return response.errors[0].message;
+}

package/src/index.ts

@@ -16,6 +16,17 @@ export {
 	type AstroAmplifyConfig,
 } from "./client";
 
+// Proxy exports (for authenticated client-side operations)
+export {
+	mutate,
+	query,
+	hasErrors,
+	getErrorMessage,
+	type Operation,
+	type GraphQLResponse,
+	type ProxyOptions,
+} from "./client";
+
 // Query exports
 export * from "./queries";
 

package/src/mutations/accounts.ts

@@ -5,6 +5,10 @@
  */
 
 import type { Account } from "@htlkg/core/types";
+import {
+	checkRestoreEligibility,
+	DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+} from "../queries/systemSettings";
 
 /**
  * Input type for creating an account
@@ -96,7 +100,104 @@ export async function updateAccount<TClient = any>(
 }
 
 /**
- * Delete an account
+ * Soft delete an account (sets status to "deleted" instead of removing)
+ *
+ * @example
+ * ```typescript
+ * import { softDeleteAccount } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await softDeleteAccount(client, 'account-123', 'admin@example.com');
+ * ```
+ */
+export async function softDeleteAccount<TClient = any>(
+	client: TClient,
+	id: string,
+	deletedBy: string,
+): Promise<boolean> {
+	try {
+		const { errors } = await (client as any).models.Account.update({
+			id,
+			status: "deleted",
+			deletedAt: new Date().toISOString(),
+			deletedBy,
+		});
+
+		if (errors) {
+			console.error("[softDeleteAccount] GraphQL errors:", errors);
+			return false;
+		}
+
+		return true;
+	} catch (error) {
+		console.error("[softDeleteAccount] Error soft-deleting account:", error);
+		throw error;
+	}
+}
+
+/**
+ * Restore a soft-deleted account (sets status back to "active")
+ * Checks retention period before allowing restoration
+ *
+ * @example
+ * ```typescript
+ * import { restoreAccount } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await restoreAccount(client, 'account-123');
+ * // Or with custom retention days:
+ * await restoreAccount(client, 'account-123', 60);
+ * ```
+ */
+export async function restoreAccount<TClient = any>(
+	client: TClient,
+	id: string,
+	retentionDays: number = DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+): Promise<{ success: boolean; error?: string }> {
+	try {
+		// First, get the account to check its deletedAt timestamp
+		const { data: account, errors: getErrors } = await (
+			client as any
+		).models.Account.get({ id });
+
+		if (getErrors || !account) {
+			console.error("[restoreAccount] Error fetching account:", getErrors);
+			return { success: false, error: "Account not found" };
+		}
+
+		// Check if restoration is allowed based on retention period
+		const eligibility = checkRestoreEligibility(account.deletedAt, retentionDays);
+
+		if (!eligibility.canRestore) {
+			const errorMsg = `Cannot restore account. Retention period of ${retentionDays} days has expired. Item was deleted ${eligibility.daysExpired} days ago.`;
+			console.error("[restoreAccount]", errorMsg);
+			return { success: false, error: errorMsg };
+		}
+
+		const { errors } = await (client as any).models.Account.update({
+			id,
+			status: "active",
+			deletedAt: null,
+			deletedBy: null,
+		});
+
+		if (errors) {
+			console.error("[restoreAccount] GraphQL errors:", errors);
+			return { success: false, error: "Failed to restore account" };
+		}
+
+		return { success: true };
+	} catch (error) {
+		console.error("[restoreAccount] Error restoring account:", error);
+		throw error;
+	}
+}
+
+/**
+ * Hard delete an account (permanently removes from database)
+ * Use with caution - prefer softDeleteAccount for recoverable deletion
  *
  * @example
  * ```typescript

package/src/mutations/brands.ts

@@ -5,6 +5,10 @@
  */
 
 import type { Brand } from "@htlkg/core/types";
+import {
+	checkRestoreEligibility,
+	DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+} from "../queries/systemSettings";
 
 /**
  * Input type for creating a brand
@@ -102,7 +106,104 @@ export async function updateBrand<TClient = any>(
 }
 
 /**
- * Delete a brand
+ * Soft delete a brand (sets status to "deleted" instead of removing)
+ *
+ * @example
+ * ```typescript
+ * import { softDeleteBrand } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await softDeleteBrand(client, 'brand-123', 'admin@example.com');
+ * ```
+ */
+export async function softDeleteBrand<TClient = any>(
+	client: TClient,
+	id: string,
+	deletedBy: string,
+): Promise<boolean> {
+	try {
+		const { errors } = await (client as any).models.Brand.update({
+			id,
+			status: "deleted",
+			deletedAt: new Date().toISOString(),
+			deletedBy,
+		});
+
+		if (errors) {
+			console.error("[softDeleteBrand] GraphQL errors:", errors);
+			return false;
+		}
+
+		return true;
+	} catch (error) {
+		console.error("[softDeleteBrand] Error soft-deleting brand:", error);
+		throw error;
+	}
+}
+
+/**
+ * Restore a soft-deleted brand (sets status back to "active")
+ * Checks retention period before allowing restoration
+ *
+ * @example
+ * ```typescript
+ * import { restoreBrand } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await restoreBrand(client, 'brand-123');
+ * // Or with custom retention days:
+ * await restoreBrand(client, 'brand-123', 60);
+ * ```
+ */
+export async function restoreBrand<TClient = any>(
+	client: TClient,
+	id: string,
+	retentionDays: number = DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+): Promise<{ success: boolean; error?: string }> {
+	try {
+		// First, get the brand to check its deletedAt timestamp
+		const { data: brand, errors: getErrors } = await (
+			client as any
+		).models.Brand.get({ id });
+
+		if (getErrors || !brand) {
+			console.error("[restoreBrand] Error fetching brand:", getErrors);
+			return { success: false, error: "Brand not found" };
+		}
+
+		// Check if restoration is allowed based on retention period
+		const eligibility = checkRestoreEligibility(brand.deletedAt, retentionDays);
+
+		if (!eligibility.canRestore) {
+			const errorMsg = `Cannot restore brand. Retention period of ${retentionDays} days has expired. Item was deleted ${eligibility.daysExpired} days ago.`;
+			console.error("[restoreBrand]", errorMsg);
+			return { success: false, error: errorMsg };
+		}
+
+		const { errors } = await (client as any).models.Brand.update({
+			id,
+			status: "active",
+			deletedAt: null,
+			deletedBy: null,
+		});
+
+		if (errors) {
+			console.error("[restoreBrand] GraphQL errors:", errors);
+			return { success: false, error: "Failed to restore brand" };
+		}
+
+		return { success: true };
+	} catch (error) {
+		console.error("[restoreBrand] Error restoring brand:", error);
+		throw error;
+	}
+}
+
+/**
+ * Hard delete a brand (permanently removes from database)
+ * Use with caution - prefer softDeleteBrand for recoverable deletion
  *
  * @example
  * ```typescript

package/src/mutations/index.ts

@@ -9,6 +9,8 @@ export {
 	createBrand,
 	updateBrand,
 	deleteBrand,
+	softDeleteBrand,
+	restoreBrand,
 	type CreateBrandInput,
 	type UpdateBrandInput,
 } from "./brands";
@@ -18,6 +20,8 @@ export {
 	createAccount,
 	updateAccount,
 	deleteAccount,
+	softDeleteAccount,
+	restoreAccount,
 	type CreateAccountInput,
 	type UpdateAccountInput,
 } from "./accounts";
@@ -27,6 +31,8 @@ export {
 	createUser,
 	updateUser,
 	deleteUser,
+	softDeleteUser,
+	restoreUser,
 	type CreateUserInput,
 	type UpdateUserInput,
 } from "./users";
@@ -40,3 +46,10 @@ export {
 	type CreateProductInstanceInput,
 	type UpdateProductInstanceInput,
 } from "./productInstances";
+
+// SystemSettings mutations
+export {
+	updateSystemSettings,
+	initializeSystemSettings,
+	type UpdateSystemSettingsInput,
+} from "./systemSettings";

package/src/mutations/systemSettings.ts

@@ -0,0 +1,130 @@
+/**
+ * SystemSettings Mutation Functions
+ *
+ * Provides mutation functions for managing system settings.
+ */
+
+import type { SystemSettings } from "@htlkg/core/types";
+import {
+	SYSTEM_SETTINGS_KEY,
+	DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+} from "../queries/systemSettings";
+
+/**
+ * Input type for updating system settings
+ */
+export interface UpdateSystemSettingsInput {
+	softDeleteRetentionDays: number;
+	updatedBy: string;
+}
+
+/**
+ * Update or create system settings
+ * Only SUPER_ADMINS can update system settings
+ *
+ * @example
+ * ```typescript
+ * import { updateSystemSettings } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * const settings = await updateSystemSettings(client, {
+ *   softDeleteRetentionDays: 60,
+ *   updatedBy: 'admin@example.com'
+ * });
+ * ```
+ */
+export async function updateSystemSettings<TClient = any>(
+	client: TClient,
+	input: UpdateSystemSettingsInput,
+): Promise<SystemSettings | null> {
+	try {
+		// Validate retention days (minimum 1 day, maximum 365 days)
+		if (input.softDeleteRetentionDays < 1 || input.softDeleteRetentionDays > 365) {
+			console.error(
+				"[updateSystemSettings] Invalid retention days. Must be between 1 and 365.",
+			);
+			return null;
+		}
+
+		// First, try to get existing settings
+		const { data: existing } = await (client as any).models.SystemSettings.get({
+			key: SYSTEM_SETTINGS_KEY,
+		});
+
+		const settingsData = {
+			key: SYSTEM_SETTINGS_KEY,
+			softDeleteRetentionDays: input.softDeleteRetentionDays,
+			updatedAt: new Date().toISOString(),
+			updatedBy: input.updatedBy,
+		};
+
+		let result;
+		if (existing) {
+			// Update existing settings
+			result = await (client as any).models.SystemSettings.update(settingsData);
+		} else {
+			// Create new settings
+			result = await (client as any).models.SystemSettings.create(settingsData);
+		}
+
+		if (result.errors) {
+			console.error("[updateSystemSettings] GraphQL errors:", result.errors);
+			return null;
+		}
+
+		return result.data as SystemSettings;
+	} catch (error) {
+		console.error("[updateSystemSettings] Error updating system settings:", error);
+		throw error;
+	}
+}
+
+/**
+ * Initialize system settings with default values if they don't exist
+ *
+ * @example
+ * ```typescript
+ * import { initializeSystemSettings } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * const settings = await initializeSystemSettings(client, 'system@hotelinking.com');
+ * ```
+ */
+export async function initializeSystemSettings<TClient = any>(
+	client: TClient,
+	initializedBy: string,
+): Promise<SystemSettings | null> {
+	try {
+		// Check if settings already exist
+		const { data: existing } = await (client as any).models.SystemSettings.get({
+			key: SYSTEM_SETTINGS_KEY,
+		});
+
+		if (existing) {
+			return existing as SystemSettings;
+		}
+
+		// Create default settings
+		const { data, errors } = await (client as any).models.SystemSettings.create({
+			key: SYSTEM_SETTINGS_KEY,
+			softDeleteRetentionDays: DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+			updatedAt: new Date().toISOString(),
+			updatedBy: initializedBy,
+		});
+
+		if (errors) {
+			console.error("[initializeSystemSettings] GraphQL errors:", errors);
+			return null;
+		}
+
+		return data as SystemSettings;
+	} catch (error) {
+		console.error(
+			"[initializeSystemSettings] Error initializing system settings:",
+			error,
+		);
+		throw error;
+	}
+}

package/src/mutations/users.ts

@@ -5,6 +5,10 @@
  */
 
 import type { User } from "@htlkg/core/types";
+import {
+	checkRestoreEligibility,
+	DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+} from "../queries/systemSettings";
 
 /**
  * Input type for creating a user
@@ -105,7 +109,104 @@ export async function updateUser<TClient = any>(
 }
 
 /**
- * Delete a user
+ * Soft delete a user (sets status to "deleted" instead of removing)
+ *
+ * @example
+ * ```typescript
+ * import { softDeleteUser } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await softDeleteUser(client, 'user-123', 'admin@example.com');
+ * ```
+ */
+export async function softDeleteUser<TClient = any>(
+	client: TClient,
+	id: string,
+	deletedBy: string,
+): Promise<boolean> {
+	try {
+		const { errors } = await (client as any).models.User.update({
+			id,
+			status: "deleted",
+			deletedAt: new Date().toISOString(),
+			deletedBy,
+		});
+
+		if (errors) {
+			console.error("[softDeleteUser] GraphQL errors:", errors);
+			return false;
+		}
+
+		return true;
+	} catch (error) {
+		console.error("[softDeleteUser] Error soft-deleting user:", error);
+		throw error;
+	}
+}
+
+/**
+ * Restore a soft-deleted user (sets status back to "active")
+ * Checks retention period before allowing restoration
+ *
+ * @example
+ * ```typescript
+ * import { restoreUser } from '@htlkg/data/mutations';
+ * import { generateClient } from '@htlkg/data/client';
+ *
+ * const client = generateClient<Schema>();
+ * await restoreUser(client, 'user-123');
+ * // Or with custom retention days:
+ * await restoreUser(client, 'user-123', 60);
+ * ```
+ */
+export async function restoreUser<TClient = any>(
+	client: TClient,
+	id: string,
+	retentionDays: number = DEFAULT_SOFT_DELETE_RETENTION_DAYS,
+): Promise<{ success: boolean; error?: string }> {
+	try {
+		// First, get the user to check its deletedAt timestamp
+		const { data: user, errors: getErrors } = await (
+			client as any
+		).models.User.get({ id });
+
+		if (getErrors || !user) {
+			console.error("[restoreUser] Error fetching user:", getErrors);
+			return { success: false, error: "User not found" };
+		}
+
+		// Check if restoration is allowed based on retention period
+		const eligibility = checkRestoreEligibility(user.deletedAt, retentionDays);
+
+		if (!eligibility.canRestore) {
+			const errorMsg = `Cannot restore user. Retention period of ${retentionDays} days has expired. Item was deleted ${eligibility.daysExpired} days ago.`;
+			console.error("[restoreUser]", errorMsg);
+			return { success: false, error: errorMsg };
+		}
+
+		const { errors } = await (client as any).models.User.update({
+			id,
+			status: "active",
+			deletedAt: null,
+			deletedBy: null,
+		});
+
+		if (errors) {
+			console.error("[restoreUser] GraphQL errors:", errors);
+			return { success: false, error: "Failed to restore user" };
+		}
+
+		return { success: true };
+	} catch (error) {
+		console.error("[restoreUser] Error restoring user:", error);
+		throw error;
+	}
+}
+
+/**
+ * Hard delete a user (permanently removes from database)
+ * Use with caution - prefer softDeleteUser for recoverable deletion
  *
  * @example
  * ```typescript