npm - @nextsparkjs/core - Versions diffs - 0.1.0-beta.81 → 0.1.0-beta.83 - Mend

@nextsparkjs/core 0.1.0-beta.81 → 0.1.0-beta.83

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (376) hide show

package/templates/app/api/v1/teams/[teamId]/invitations/route.ts DELETED Viewed

@@ -1,171 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { queryWithRLS, mutateWithRLS } from '@nextsparkjs/core/lib/db'
-import {
-  createApiResponse,
-  createApiError,
-  createPaginationMeta,
-  withApiLogging,
-  handleCorsPreflightRequest,
-  addCorsHeaders,
-} from '@nextsparkjs/core/lib/api/helpers'
-import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
-import { TeamMemberService, MembershipService } from '@nextsparkjs/core/lib/services'
-import type { TeamInvitation } from '@nextsparkjs/core/lib/teams/types'
-// Handle CORS preflight
-export async function OPTIONS() {
-  return handleCorsPreflightRequest()
-}
-// GET /api/v1/teams/:teamId/invitations - List pending invitations for a team
-export const GET = withApiLogging(
-  async (req: NextRequest, { params }: { params: Promise<{ teamId: string }> }): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId } = await params
-      // Validate that teamId is not empty
-      if (!teamId || teamId.trim() === '') {
-        const response = createApiError('Team ID is required', 400, null, 'MISSING_TEAM_ID')
-        return addCorsHeaders(response)
-      }
-      // Check if user is a member of the team
-      const isMember = await TeamMemberService.isMember(teamId, authResult.user!.id)
-      if (!isMember) {
-        const response = createApiError('Team not found or access denied', 404, null, 'TEAM_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      // Parse query parameters
-      const { searchParams } = new URL(req.url)
-      const page = parseInt(searchParams.get('page') || '1', 10)
-      const limit = parseInt(searchParams.get('limit') || '50', 10)
-      const status = searchParams.get('status') || 'pending'
-      const offset = (page - 1) * limit
-      // Fetch team invitations
-      const invitations = await queryWithRLS<
-        TeamInvitation & {
-          inviterName: string | null
-          inviterEmail: string
-        }
-      >(
-        `SELECT
-          ti.*,
-          u.name as "inviterName",
-          u.email as "inviterEmail"
-        FROM "team_invitations" ti
-        INNER JOIN "users" u ON ti."invitedBy" = u.id
-        WHERE ti."teamId" = $1 AND ti.status = $2
-        ORDER BY ti."createdAt" DESC
-        LIMIT $3 OFFSET $4`,
-        [teamId, status, limit, offset],
-        authResult.user!.id
-      )
-      // Get total count for pagination
-      const totalResult = await queryWithRLS<{ count: string }>(
-        `SELECT COUNT(*) as count
-         FROM "team_invitations" ti
-         WHERE ti."teamId" = $1 AND ti.status = $2`,
-        [teamId, status],
-        authResult.user!.id
-      )
-      const total = parseInt(totalResult[0]?.count || '0', 10)
-      const paginationMeta = createPaginationMeta(page, limit, total)
-      const response = createApiResponse(invitations, paginationMeta)
-      return addCorsHeaders(response)
-    } catch (error) {
-      console.error('Error fetching team invitations:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)
-// DELETE /api/v1/teams/:teamId/invitations/:invitationId - Cancel/revoke an invitation
-export const DELETE = withApiLogging(
-  async (req: NextRequest, { params }: { params: Promise<{ teamId: string }> }): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId } = await params
-      // Get invitation ID from URL
-      const url = new URL(req.url)
-      const invitationId = url.searchParams.get('id')
-      if (!invitationId) {
-        const response = createApiError('Invitation ID is required', 400, null, 'MISSING_INVITATION_ID')
-        return addCorsHeaders(response)
-      }
-      // Check if user has permission to manage invitations using MembershipService
-      const membership = await MembershipService.get(authResult.user!.id, teamId)
-      const actionResult = membership.canPerformAction('members.invite')
-      if (!actionResult.allowed) {
-        const response = NextResponse.json(
-          {
-            success: false,
-            error: actionResult.message,
-            reason: actionResult.reason,
-            meta: actionResult.meta,
-          },
-          { status: 403 }
-        )
-        return addCorsHeaders(response)
-      }
-      // Update invitation status to 'cancelled' (or delete it)
-      const result = await mutateWithRLS(
-        `DELETE FROM "team_invitations"
-         WHERE id = $1 AND "teamId" = $2 AND status = 'pending'
-         RETURNING *`,
-        [invitationId, teamId],
-        authResult.user!.id
-      )
-      if (result.rowCount === 0) {
-        const response = createApiError('Invitation not found or already processed', 404, null, 'INVITATION_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      const response = createApiResponse({ deleted: true, id: invitationId })
-      return addCorsHeaders(response)
-    } catch (error) {
-      console.error('Error cancelling invitation:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)

package/templates/app/api/v1/teams/[teamId]/invoices/[invoiceNumber]/route.ts DELETED Viewed

@@ -1,105 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { queryWithRLS } from '@nextsparkjs/core/lib/db'
-import {
-  createApiResponse,
-  createApiError,
-  withApiLogging,
-  handleCorsPreflightRequest,
-  addCorsHeaders,
-} from '@nextsparkjs/core/lib/api/helpers'
-import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
-import { MembershipService } from '@nextsparkjs/core/lib/services'
-import type { InvoiceResponse } from '@nextsparkjs/core/lib/validation/invoices'
-// Handle CORS preflight
-export async function OPTIONS() {
-  return handleCorsPreflightRequest()
-}
-// GET /api/v1/teams/:teamId/invoices/:invoiceNumber - Get single invoice (owner only)
-export const GET = withApiLogging(
-  async (
-    req: NextRequest,
-    { params }: { params: Promise<{ teamId: string; invoiceNumber: string }> }
-  ): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth (API key OR session)
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId, invoiceNumber } = await params
-      // Validate that teamId is not empty
-      if (!teamId || teamId.trim() === '') {
-        const response = createApiError('Team ID is required', 400, null, 'MISSING_TEAM_ID')
-        return addCorsHeaders(response)
-      }
-      // Validate that invoiceNumber is not empty
-      if (!invoiceNumber || invoiceNumber.trim() === '') {
-        const response = createApiError('Invoice number is required', 400, null, 'MISSING_INVOICE_NUMBER')
-        return addCorsHeaders(response)
-      }
-      // Check if user has permission to view invoices using MembershipService
-      const membership = await MembershipService.get(authResult.user!.id, teamId)
-      const actionResult = membership.canPerformAction('billing.invoices')
-      if (!actionResult.allowed) {
-        const response = NextResponse.json(
-          {
-            success: false,
-            error: actionResult.message,
-            reason: actionResult.reason,
-            meta: actionResult.meta,
-          },
-          { status: 403 }
-        )
-        return addCorsHeaders(response)
-      }
-      // Query single invoice by invoiceNumber
-      const invoices = await queryWithRLS<InvoiceResponse>(
-        `SELECT
-          id,
-          "teamId",
-          "invoiceNumber",
-          to_char(date, 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as date,
-          amount::NUMERIC(10,2)::FLOAT as amount,
-          currency,
-          status::TEXT as status,
-          "pdfUrl",
-          description,
-          to_char("createdAt", 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as "createdAt",
-          to_char("updatedAt", 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as "updatedAt"
-        FROM "invoices"
-        WHERE "teamId" = $1 AND "invoiceNumber" = $2
-        LIMIT 1`,
-        [teamId, decodeURIComponent(invoiceNumber)],
-        authResult.user!.id
-      )
-      if (invoices.length === 0) {
-        const response = createApiError('Invoice not found', 404, null, 'INVOICE_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      const response = createApiResponse(invoices[0])
-      return addCorsHeaders(response)
-    } catch (error) {
-      console.error('Error fetching invoice:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)

package/templates/app/api/v1/teams/[teamId]/invoices/route.ts DELETED Viewed

@@ -1,125 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { queryWithRLS } from '@nextsparkjs/core/lib/db'
-import {
-  createApiResponse,
-  createApiError,
-  createPaginationMeta,
-  withApiLogging,
-  handleCorsPreflightRequest,
-  addCorsHeaders,
-} from '@nextsparkjs/core/lib/api/helpers'
-import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
-import { MembershipService } from '@nextsparkjs/core/lib/services'
-import { invoiceQuerySchema } from '@nextsparkjs/core/lib/validation/invoices'
-import type { InvoiceResponse } from '@nextsparkjs/core/lib/validation/invoices'
-// Handle CORS preflight
-export async function OPTIONS() {
-  return handleCorsPreflightRequest()
-}
-// GET /api/v1/teams/:teamId/invoices - List team invoices (owner only)
-export const GET = withApiLogging(
-  async (req: NextRequest, { params }: { params: Promise<{ teamId: string }> }): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth (API key OR session)
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId } = await params
-      // Validate that teamId is not empty
-      if (!teamId || teamId.trim() === '') {
-        const response = createApiError('Team ID is required', 400, null, 'MISSING_TEAM_ID')
-        return addCorsHeaders(response)
-      }
-      // Check if user has permission to view invoices using MembershipService
-      const membership = await MembershipService.get(authResult.user!.id, teamId)
-      const actionResult = membership.canPerformAction('billing.invoices')
-      if (!actionResult.allowed) {
-        const response = NextResponse.json(
-          {
-            success: false,
-            error: actionResult.message,
-            reason: actionResult.reason,
-            meta: actionResult.meta,
-          },
-          { status: 403 }
-        )
-        return addCorsHeaders(response)
-      }
-      // Parse query parameters for pagination
-      const { searchParams } = new URL(req.url)
-      const queryParams = Object.fromEntries(
-        Object.entries({
-          limit: searchParams.get('limit'),
-          offset: searchParams.get('offset'),
-        }).filter(([, value]) => value !== null && value !== '')
-      )
-      const validatedQuery = invoiceQuerySchema.parse(queryParams)
-      const { limit, offset } = validatedQuery
-      // Query invoices with pagination (ordered by date DESC)
-      const invoices = await queryWithRLS<InvoiceResponse>(
-        `SELECT
-          id,
-          "teamId",
-          "invoiceNumber",
-          to_char(date, 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as date,
-          amount::NUMERIC(10,2)::FLOAT as amount,
-          currency,
-          status::TEXT as status,
-          "pdfUrl",
-          description,
-          to_char("createdAt", 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as "createdAt",
-          to_char("updatedAt", 'YYYY-MM-DD"T"HH24:MI:SS"Z"') as "updatedAt"
-        FROM "invoices"
-        WHERE "teamId" = $1
-        ORDER BY date DESC
-        LIMIT $2 OFFSET $3`,
-        [teamId, limit, offset],
-        authResult.user!.id
-      )
-      // Get total count for pagination
-      const totalResult = await queryWithRLS<{ count: string }>(
-        `SELECT COUNT(*) as count FROM "invoices" WHERE "teamId" = $1`,
-        [teamId],
-        authResult.user!.id
-      )
-      const total = parseInt(totalResult[0]?.count || '0', 10)
-      // Calculate pagination metadata
-      const page = Math.floor(offset / limit) + 1
-      const paginationMeta = createPaginationMeta(page, limit, total)
-      const response = createApiResponse(invoices, paginationMeta)
-      return addCorsHeaders(response)
-    } catch (error) {
-      if (error instanceof Error && error.name === 'ZodError') {
-        const zodError = error as { issues?: unknown[] }
-        const response = createApiError('Validation error', 400, zodError.issues, 'VALIDATION_ERROR')
-        return addCorsHeaders(response)
-      }
-      console.error('Error fetching invoices:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)

package/templates/app/api/v1/teams/[teamId]/members/[memberId]/route.ts DELETED Viewed

@@ -1,263 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server'
-import { queryOneWithRLS, mutateWithRLS } from '@nextsparkjs/core/lib/db'
-import {
-  createApiResponse,
-  createApiError,
-  withApiLogging,
-  handleCorsPreflightRequest,
-  addCorsHeaders,
-} from '@nextsparkjs/core/lib/api/helpers'
-import { authenticateRequest } from '@nextsparkjs/core/lib/api/auth/dual-auth'
-import { updateMemberRoleSchema } from '@nextsparkjs/core/lib/teams/schema'
-import { MembershipService } from '@nextsparkjs/core/lib/services'
-import { validateRoleTransition, canManageRole } from '@nextsparkjs/core/lib/teams/permissions'
-import type { TeamMember, TeamRole } from '@nextsparkjs/core/lib/teams/types'
-// Handle CORS preflight
-export async function OPTIONS() {
-  return handleCorsPreflightRequest()
-}
-// PATCH /api/v1/teams/:teamId/members/:memberId - Update member role
-export const PATCH = withApiLogging(
-  async (
-    req: NextRequest,
-    { params }: { params: Promise<{ teamId: string; memberId: string }> }
-  ): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId, memberId } = await params
-      // Validate parameters
-      if (!teamId || teamId.trim() === '') {
-        const response = createApiError('Team ID is required', 400, null, 'MISSING_TEAM_ID')
-        return addCorsHeaders(response)
-      }
-      if (!memberId || memberId.trim() === '') {
-        const response = createApiError('Member ID is required', 400, null, 'MISSING_MEMBER_ID')
-        return addCorsHeaders(response)
-      }
-      // Check if user has permission to update member roles using MembershipService
-      const membership = await MembershipService.get(authResult.user!.id, teamId)
-      const actionResult = membership.canPerformAction('members.update_role')
-      if (!actionResult.allowed) {
-        const response = NextResponse.json(
-          {
-            success: false,
-            error: actionResult.message,
-            reason: actionResult.reason,
-            meta: actionResult.meta,
-          },
-          { status: 403 }
-        )
-        return addCorsHeaders(response)
-      }
-      // Get user's role for role hierarchy validation
-      const userRole = membership.role as TeamRole
-      // Get target member
-      const targetMember = await queryOneWithRLS<TeamMember>(
-        'SELECT * FROM "team_members" WHERE id = $1 AND "teamId" = $2',
-        [memberId, teamId],
-        authResult.user!.id
-      )
-      if (!targetMember) {
-        const response = createApiError('Member not found', 404, null, 'MEMBER_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      const body = await req.json()
-      const validatedData = updateMemberRoleSchema.parse(body)
-      // Validate role transition
-      const transitionValidation = validateRoleTransition(targetMember.role, validatedData.role, userRole)
-      if (!transitionValidation.allowed) {
-        const response = createApiError(transitionValidation.reason || 'Invalid role transition', 403, null, 'INVALID_ROLE_TRANSITION')
-        return addCorsHeaders(response)
-      }
-      // Check if actor can manage the target role
-      if (!canManageRole(userRole, targetMember.role)) {
-        const response = createApiError(
-          'You do not have permission to change this user\'s role.',
-          403,
-          null,
-          'INSUFFICIENT_PERMISSIONS'
-        )
-        return addCorsHeaders(response)
-      }
-      // Update member role
-      const result = await mutateWithRLS(
-        `UPDATE "team_members"
-         SET role = $1, "updatedAt" = CURRENT_TIMESTAMP
-         WHERE id = $2 AND "teamId" = $3
-         RETURNING *`,
-        [validatedData.role, memberId, teamId],
-        authResult.user!.id
-      )
-      if (result.rows.length === 0) {
-        const response = createApiError('Member not found', 404, null, 'MEMBER_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      // Fetch member with user details
-      const memberWithUser = await queryOneWithRLS<
-        TeamMember & {
-          userName: string | null
-          userEmail: string
-          userImage: string | null
-        }
-      >(
-        `SELECT
-          tm.*,
-          u.name as "userName",
-          u.email as "userEmail",
-          u.image as "userImage"
-        FROM "team_members" tm
-        INNER JOIN "users" u ON tm."userId" = u.id
-        WHERE tm.id = $1`,
-        [memberId],
-        authResult.user!.id
-      )
-      const response = createApiResponse(memberWithUser)
-      return addCorsHeaders(response)
-    } catch (error) {
-      if (error instanceof Error && error.name === 'ZodError') {
-        const zodError = error as { issues?: unknown[] }
-        const response = createApiError('Validation error', 400, zodError.issues, 'VALIDATION_ERROR')
-        return addCorsHeaders(response)
-      }
-      console.error('Error updating member role:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)
-// DELETE /api/v1/teams/:teamId/members/:memberId - Remove member from team
-export const DELETE = withApiLogging(
-  async (
-    req: NextRequest,
-    { params }: { params: Promise<{ teamId: string; memberId: string }> }
-  ): Promise<NextResponse> => {
-    try {
-      // Authenticate using dual auth
-      const authResult = await authenticateRequest(req)
-      if (!authResult.success) {
-        return NextResponse.json(
-          { success: false, error: 'Authentication required', code: 'AUTHENTICATION_FAILED' },
-          { status: 401 }
-        )
-      }
-      if (authResult.rateLimitResponse) {
-        return authResult.rateLimitResponse as NextResponse
-      }
-      const { teamId, memberId } = await params
-      // Validate parameters
-      if (!teamId || teamId.trim() === '') {
-        const response = createApiError('Team ID is required', 400, null, 'MISSING_TEAM_ID')
-        return addCorsHeaders(response)
-      }
-      if (!memberId || memberId.trim() === '') {
-        const response = createApiError('Member ID is required', 400, null, 'MISSING_MEMBER_ID')
-        return addCorsHeaders(response)
-      }
-      // Check if user has permission to remove members using MembershipService
-      const membership = await MembershipService.get(authResult.user!.id, teamId)
-      const actionResult = membership.canPerformAction('members.remove')
-      if (!actionResult.allowed) {
-        const response = NextResponse.json(
-          {
-            success: false,
-            error: actionResult.message,
-            reason: actionResult.reason,
-            meta: actionResult.meta,
-          },
-          { status: 403 }
-        )
-        return addCorsHeaders(response)
-      }
-      // Get user's role for role hierarchy validation
-      const userRole = membership.role as TeamRole
-      // Get target member
-      const targetMember = await queryOneWithRLS<TeamMember>(
-        'SELECT * FROM "team_members" WHERE id = $1 AND "teamId" = $2',
-        [memberId, teamId],
-        authResult.user!.id
-      )
-      if (!targetMember) {
-        const response = createApiError('Member not found', 404, null, 'MEMBER_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      // Cannot remove the owner
-      if (targetMember.role === 'owner') {
-        const response = createApiError('Cannot remove the team owner', 403, null, 'CANNOT_REMOVE_OWNER')
-        return addCorsHeaders(response)
-      }
-      // Check if actor can manage the target role
-      if (!canManageRole(userRole, targetMember.role)) {
-        const response = createApiError(
-          'You do not have permission to remove this user.',
-          403,
-          null,
-          'INSUFFICIENT_PERMISSIONS'
-        )
-        return addCorsHeaders(response)
-      }
-      // Remove member
-      const result = await mutateWithRLS(
-        'DELETE FROM "team_members" WHERE id = $1 AND "teamId" = $2 RETURNING id',
-        [memberId, teamId],
-        authResult.user!.id
-      )
-      if (result.rows.length === 0) {
-        const response = createApiError('Member not found', 404, null, 'MEMBER_NOT_FOUND')
-        return addCorsHeaders(response)
-      }
-      const response = createApiResponse({ deleted: true, id: memberId })
-      return addCorsHeaders(response)
-    } catch (error) {
-      console.error('Error removing member:', error)
-      const response = createApiError('Internal server error', 500)
-      return addCorsHeaders(response)
-    }
-  }
-)