@open-mercato/core 0.4.6-develop-9ff1d4a9a2 → 0.4.6-develop-219dae16c5

package/src/modules/customers/api/dashboard/widgets/utils.ts

@@ -1,53 +1 @@
-import type { EntityManager } from '@mikro-orm/postgresql'
-import { createRequestContainer, type AppContainer } from '@open-mercato/shared/lib/di/container'
-import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
-import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
-import { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'
-
-export type WidgetScopeContext = {
-  container: AppContainer
-  em: EntityManager
-  tenantId: string
-  organizationIds: string[] | null
-}
-
-export async function resolveWidgetScope(
-  req: Request,
-  translate: (key: string, fallback?: string) => string,
-  overrides?: { tenantId?: string | null; organizationId?: string | null }
-): Promise<WidgetScopeContext> {
-  const auth = await getAuthFromRequest(req)
-  if (!auth) {
-    throw new CrudHttpError(401, { error: translate('customers.errors.unauthorized', 'Unauthorized') })
-  }
-
-  const container = await createRequestContainer()
-  const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })
-
-  const tenantId = overrides?.tenantId ?? auth.tenantId ?? null
-  if (!tenantId) {
-    throw new CrudHttpError(400, { error: translate('customers.errors.tenant_required', 'Tenant context is required') })
-  }
-
-  const organizationIds = (() => {
-    if (overrides?.organizationId) return [overrides.organizationId]
-    if (scope?.selectedId) return [scope.selectedId]
-    if (Array.isArray(scope?.filterIds) && scope.filterIds.length > 0) return scope.filterIds
-    if (scope?.allowedIds === null) return null
-    if (auth.orgId) return [auth.orgId]
-    return [] as string[]
-  })()
-
-  if (organizationIds !== null && organizationIds.length === 0) {
-    throw new CrudHttpError(400, { error: translate('customers.errors.organization_required', 'Organization context is required') })
-  }
-
-  const em = (container.resolve('em') as EntityManager)
-
-  return {
-    container,
-    em,
-    tenantId,
-    organizationIds,
-  }
-}
+export { resolveWidgetScope, type WidgetScopeContext } from '@open-mercato/core/modules/dashboards/lib/widgetScope'

package/src/modules/customers/commands/activities.ts

@@ -6,6 +6,7 @@ import {
   emitCrudSideEffects,
   emitCrudUndoSideEffects,
   requireId,
+  normalizeAuthorUserId,
 } from '@open-mercato/shared/lib/commands/helpers'
 import type { DataEngine } from '@open-mercato/shared/lib/data/engine'
 import type { EntityManager } from '@mikro-orm/postgresql'
@@ -54,8 +55,6 @@ const activityCrudEvents: CrudEventsConfig = {
   }),
 }
 
-const UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/
-
 type ActivitySnapshot = {
   activity: {
     id: string
@@ -149,12 +148,7 @@ const createActivityCommand: CommandHandler<ActivityCreateInput, { activityId: s
     ensureSameScope(entity, parsed.organizationId, parsed.tenantId)
     const deal = await requireDealInScope(em, parsed.dealId, parsed.tenantId, parsed.organizationId)
 
-    const authSub = ctx.auth?.isApiKey ? null : ctx.auth?.sub ?? null
-    const normalizedAuthor = (() => {
-      if (parsed.authorUserId) return parsed.authorUserId
-      if (!authSub) return null
-      return UUID_REGEX.test(authSub) ? authSub : null
-    })()
+    const normalizedAuthor = normalizeAuthorUserId(parsed.authorUserId, ctx.auth)
 
     const dictionaryEntry = await ensureDictionaryEntry(em, {
       tenantId: parsed.tenantId,

package/src/modules/customers/commands/comments.ts

@@ -1,6 +1,6 @@
 import { registerCommand } from '@open-mercato/shared/lib/commands'
 import type { CommandHandler } from '@open-mercato/shared/lib/commands'
-import { emitCrudSideEffects, emitCrudUndoSideEffects, buildChanges, requireId } from '@open-mercato/shared/lib/commands/helpers'
+import { emitCrudSideEffects, emitCrudUndoSideEffects, buildChanges, requireId, normalizeAuthorUserId } from '@open-mercato/shared/lib/commands/helpers'
 import type { DataEngine } from '@open-mercato/shared/lib/data/engine'
 import type { EntityManager } from '@mikro-orm/postgresql'
 import { CustomerComment } from '../data/entities'
@@ -79,13 +79,7 @@ const createCommentCommand: CommandHandler<CommentCreateInput, { commentId: stri
     const parsed = commentCreateSchema.parse(rawInput)
     ensureTenantScope(ctx, parsed.tenantId)
     ensureOrganizationScope(ctx, parsed.organizationId)
-    const authSub = ctx.auth?.isApiKey ? null : ctx.auth?.sub ?? null
-    const normalizedAuthor = (() => {
-      if (parsed.authorUserId) return parsed.authorUserId
-      if (!authSub) return null
-      const uuidRegex = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/
-      return uuidRegex.test(authSub) ? authSub : null
-    })()
+    const normalizedAuthor = normalizeAuthorUserId(parsed.authorUserId, ctx.auth)
 
     const em = (ctx.container.resolve('em') as EntityManager).fork()
     const entity = await requireCustomerEntity(em, parsed.entityId, undefined, 'Customer not found')

package/src/modules/dashboards/i18n/de.json

@@ -96,6 +96,9 @@
   "dashboards.analytics.widgets.topProducts.empty": "Keine Produktverkaufsdaten für diesen Zeitraum",
   "dashboards.analytics.widgets.topProducts.error": "Produktdaten konnten nicht geladen werden",
   "dashboards.analytics.widgets.topProducts.title": "Top-Produkte nach Umsatz",
+  "dashboards.errors.organization_required": "Organisationskontext ist erforderlich",
+  "dashboards.errors.tenant_required": "Mandantenkontext ist erforderlich",
+  "dashboards.errors.unauthorized": "Nicht autorisiert",
   "dashboards.widgets.effective": "Aktive Widgets:",
   "dashboards.widgets.error.load": "Widget-Konfiguration konnte nicht geladen werden.",
   "dashboards.widgets.error.save": "Dashboard-Widget-Einstellungen konnten nicht gespeichert werden.",

package/src/modules/dashboards/i18n/en.json

@@ -96,6 +96,9 @@
   "dashboards.analytics.widgets.topProducts.empty": "No product sales data for this period",
   "dashboards.analytics.widgets.topProducts.error": "Failed to load top products data",
   "dashboards.analytics.widgets.topProducts.title": "Top Products by Revenue",
+  "dashboards.errors.organization_required": "Organization context is required",
+  "dashboards.errors.tenant_required": "Tenant context is required",
+  "dashboards.errors.unauthorized": "Unauthorized",
   "dashboards.widgets.effective": "Effective widgets:",
   "dashboards.widgets.error.load": "Unable to load widget configuration.",
   "dashboards.widgets.error.save": "Unable to save dashboard widget preferences.",

package/src/modules/dashboards/i18n/es.json

@@ -96,6 +96,9 @@
   "dashboards.analytics.widgets.topProducts.empty": "No hay datos de ventas de productos para este período",
   "dashboards.analytics.widgets.topProducts.error": "No se pudieron cargar los datos de productos",
   "dashboards.analytics.widgets.topProducts.title": "Productos principales por ingresos",
+  "dashboards.errors.organization_required": "Se requiere contexto de organización",
+  "dashboards.errors.tenant_required": "Se requiere contexto de inquilino",
+  "dashboards.errors.unauthorized": "No autorizado",
   "dashboards.widgets.effective": "Widgets efectivos:",
   "dashboards.widgets.error.load": "No se pudo cargar la configuración de widgets.",
   "dashboards.widgets.error.save": "No se pudieron guardar las preferencias de los widgets del panel.",

package/src/modules/dashboards/i18n/pl.json

@@ -96,6 +96,9 @@
   "dashboards.analytics.widgets.topProducts.empty": "Brak danych o sprzedaży produktów dla tego okresu",
   "dashboards.analytics.widgets.topProducts.error": "Nie udało się załadować danych o produktach",
   "dashboards.analytics.widgets.topProducts.title": "Najlepsze produkty wg przychodu",
+  "dashboards.errors.organization_required": "Wymagany kontekst organizacji",
+  "dashboards.errors.tenant_required": "Wymagany kontekst najemcy",
+  "dashboards.errors.unauthorized": "Brak autoryzacji",
   "dashboards.widgets.effective": "Aktywne widżety:",
   "dashboards.widgets.error.load": "Nie udało się wczytać konfiguracji widżetów.",
   "dashboards.widgets.error.save": "Nie udało się zapisać preferencji widżetów pulpitu.",

package/src/modules/dashboards/lib/widgetScope.ts

@@ -0,0 +1,53 @@
+import type { EntityManager } from '@mikro-orm/postgresql'
+import { createRequestContainer, type AppContainer } from '@open-mercato/shared/lib/di/container'
+import { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'
+import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
+import { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'
+
+export type WidgetScopeContext = {
+  container: AppContainer
+  em: EntityManager
+  tenantId: string
+  organizationIds: string[] | null
+}
+
+export async function resolveWidgetScope(
+  req: Request,
+  translate: (key: string, fallback?: string) => string,
+  overrides?: { tenantId?: string | null; organizationId?: string | null }
+): Promise<WidgetScopeContext> {
+  const auth = await getAuthFromRequest(req)
+  if (!auth) {
+    throw new CrudHttpError(401, { error: translate('dashboards.errors.unauthorized', 'Unauthorized') })
+  }
+
+  const container = await createRequestContainer()
+  const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })
+
+  const tenantId = overrides?.tenantId ?? auth.tenantId ?? null
+  if (!tenantId) {
+    throw new CrudHttpError(400, { error: translate('dashboards.errors.tenant_required', 'Tenant context is required') })
+  }
+
+  const organizationIds = (() => {
+    if (overrides?.organizationId) return [overrides.organizationId]
+    if (scope?.selectedId) return [scope.selectedId]
+    if (Array.isArray(scope?.filterIds) && scope.filterIds.length > 0) return scope.filterIds
+    if (scope?.allowedIds === null) return null
+    if (auth.orgId) return [auth.orgId]
+    return [] as string[]
+  })()
+
+  if (organizationIds !== null && organizationIds.length === 0) {
+    throw new CrudHttpError(400, { error: translate('dashboards.errors.organization_required', 'Organization context is required') })
+  }
+
+  const em = (container.resolve('em') as EntityManager)
+
+  return {
+    container,
+    em,
+    tenantId,
+    organizationIds,
+  }
+}

package/src/modules/entities/lib/makeActivityRoute.ts

@@ -0,0 +1,327 @@
+import { z, type ZodTypeAny } from 'zod'
+import type { EntityManager } from '@mikro-orm/postgresql'
+import { makeCrudRoute } from '@open-mercato/shared/lib/crud/factory'
+import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
+import { resolveCrudRecordId, parseScopedCommandInput } from '@open-mercato/shared/lib/api/scoped'
+import { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
+import { User } from '@open-mercato/core/modules/auth/data/entities'
+import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
+import type { CrudOpenApiOptions } from '@open-mercato/shared/lib/openapi/crud'
+import {
+  createPagedListResponseSchema as createSharedPagedListResponseSchema,
+  defaultOkResponseSchema as sharedDefaultOkResponseSchema,
+} from '@open-mercato/shared/lib/openapi/crud'
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any -- MikroORM entity class constructor
+type EntityClass = new (...args: any[]) => unknown
+
+interface ActivityRouteConfig {
+  entity: EntityClass
+  entityId: string
+  parentFkColumn: string
+  parentFkParam: string
+  features: { view: string; manage: string }
+  createSchema: ZodTypeAny
+  updateSchema: ZodTypeAny
+  commandPrefix: string
+  logPrefix: string
+  openApiFactory: (options: CrudOpenApiOptions) => OpenApiRouteDoc
+  openApi: {
+    resourceName: string
+    createDescription: string
+    updateDescription: string
+    deleteDescription: string
+  }
+}
+
+function createPagedListResponseSchema(itemSchema: ZodTypeAny) {
+  return createSharedPagedListResponseSchema(itemSchema, { paginationMetaOptional: true })
+}
+
+const defaultOkResponseSchema = sharedDefaultOkResponseSchema
+
+const rawBodySchema = z.object({}).passthrough()
+
+const listSchema = z
+  .object({
+    page: z.coerce.number().min(1).default(1),
+    pageSize: z.coerce.number().min(1).max(100).default(50),
+    entityId: z.string().uuid().optional(),
+    sortField: z.string().optional(),
+    sortDir: z.enum(['asc', 'desc']).optional(),
+  })
+  .passthrough()
+
+const sortFieldMap = {
+  occurredAt: 'occurred_at',
+  createdAt: 'created_at',
+  updatedAt: 'updated_at',
+}
+
+const activityCreateResponseSchema = z.object({
+  id: z.string().uuid().nullable(),
+  authorUserId: z.string().uuid().nullable(),
+})
+
+export function makeActivityRoute(config: ActivityRouteConfig) {
+  const {
+    entity,
+    entityId,
+    parentFkColumn,
+    parentFkParam,
+    features,
+    createSchema,
+    updateSchema,
+    commandPrefix,
+    logPrefix,
+    openApiFactory,
+    openApi: openApiConfig,
+  } = config
+
+  const routeMetadata = {
+    GET: { requireAuth: true, requireFeatures: [features.view] },
+    POST: { requireAuth: true, requireFeatures: [features.manage] },
+    PUT: { requireAuth: true, requireFeatures: [features.manage] },
+    DELETE: { requireAuth: true, requireFeatures: [features.manage] },
+  }
+
+  const fields = [
+    'id',
+    parentFkColumn,
+    'activity_type',
+    'subject',
+    'body',
+    'occurred_at',
+    'author_user_id',
+    'appearance_icon',
+    'appearance_color',
+    'organization_id',
+    'tenant_id',
+    'created_at',
+    'updated_at',
+  ]
+
+  const crud = makeCrudRoute({
+    metadata: routeMetadata,
+    orm: {
+      entity,
+      idField: 'id',
+      orgField: 'organizationId',
+      tenantField: 'tenantId',
+    },
+    indexer: {
+      entityType: entityId,
+    },
+    list: {
+      schema: listSchema,
+      entityId,
+      fields,
+      decorateCustomFields: {
+        entityIds: entityId,
+      },
+      sortFieldMap,
+      buildFilters: async (query) => {
+        const filters: Record<string, unknown> = {}
+        if (query.entityId) filters[parentFkColumn] = { $eq: query.entityId }
+        return filters
+      },
+      transformItem: (item: Record<string, unknown>) => {
+        const record = (item ?? {}) as Record<string, unknown>
+        const toIsoString = (value: unknown): string | null => {
+          if (value == null) return null
+          if (value instanceof Date) return value.toISOString()
+          if (typeof value === 'string') {
+            const trimmed = value.trim()
+            if (!trimmed.length) return null
+            const date = new Date(trimmed)
+            return Number.isNaN(date.getTime()) ? trimmed : date.toISOString()
+          }
+          return null
+        }
+        const readString = (value: unknown): string | null => (typeof value === 'string' ? value : null)
+        const idValue = readString(record.id) ?? (record.id != null ? String(record.id) : '')
+        const parentId = readString(record[parentFkColumn]) ?? readString(record[parentFkParam]) ?? null
+        const activityType =
+          readString(record['activity_type']) ??
+          readString(record['activityType']) ??
+          ''
+        const subject =
+          readString(record.subject) ??
+          (record.subject == null ? null : String(record.subject))
+        const body =
+          readString(record.body) ??
+          (record.body == null ? null : String(record.body))
+        const authorUserId =
+          readString(record['author_user_id']) ?? readString(record['authorUserId']) ?? null
+        const appearanceIconRaw =
+          readString(record['appearance_icon']) ?? readString(record['appearanceIcon'])
+        const appearanceColorRaw =
+          readString(record['appearance_color']) ?? readString(record['appearanceColor'])
+        const organizationId =
+          readString(record['organization_id']) ?? readString(record['organizationId'])
+        const tenantId =
+          readString(record['tenant_id']) ?? readString(record['tenantId'])
+        const output: Record<string, unknown> = {
+          id: idValue,
+          entityId: parentId,
+          [parentFkParam]: parentId,
+          activityType,
+          subject,
+          body,
+          occurredAt: toIsoString(record['occurred_at'] ?? record['occurredAt']),
+          createdAt: toIsoString(record['created_at'] ?? record['createdAt']),
+          authorUserId,
+          organizationId,
+          tenantId,
+          appearanceIcon: appearanceIconRaw && appearanceIconRaw.trim().length ? appearanceIconRaw : null,
+          appearanceColor: appearanceColorRaw && appearanceColorRaw.trim().length ? appearanceColorRaw : null,
+          customFields: Array.isArray(record.customFields) ? record.customFields : undefined,
+          customValues: record.customValues ?? undefined,
+        }
+        for (const [key, value] of Object.entries(record)) {
+          if (key.startsWith('cf_') || key.startsWith('cf:')) {
+            output[key] = value
+          }
+        }
+        return output
+      },
+    },
+    actions: {
+      create: {
+        commandId: `${commandPrefix}.create`,
+        schema: rawBodySchema,
+        mapInput: async ({ raw, ctx }) => {
+          const { translate } = await resolveTranslations()
+          return parseScopedCommandInput(createSchema, raw ?? {}, ctx, translate)
+        },
+        response: ({ result }) => ({
+          id: result?.activityId ?? result?.id ?? null,
+          authorUserId: result?.authorUserId ?? null,
+        }),
+        status: 201,
+      },
+      update: {
+        commandId: `${commandPrefix}.update`,
+        schema: rawBodySchema,
+        mapInput: async ({ raw, ctx }) => {
+          const { translate } = await resolveTranslations()
+          return parseScopedCommandInput(updateSchema, raw ?? {}, ctx, translate)
+        },
+        response: () => ({ ok: true }),
+      },
+      delete: {
+        commandId: `${commandPrefix}.delete`,
+        schema: rawBodySchema,
+        mapInput: async ({ parsed, ctx }) => {
+          const { translate } = await resolveTranslations()
+          const id = resolveCrudRecordId(parsed, ctx, translate)
+          return { id }
+        },
+        response: () => ({ ok: true }),
+      },
+    },
+    hooks: {
+      afterList: async (payload, ctx) => {
+        const items = Array.isArray(payload.items) ? payload.items : []
+        if (!items.length) return
+        const userIds = new Set<string>()
+        items.forEach((item: unknown) => {
+          if (!item || typeof item !== 'object') return
+          const record = item as Record<string, unknown>
+          const userId =
+            typeof record.author_user_id === 'string'
+              ? record.author_user_id
+              : typeof record.authorUserId === 'string'
+                ? record.authorUserId
+                : null
+          if (userId) userIds.add(userId)
+        })
+        if (!userIds.size) return
+        try {
+          const em = (ctx.container.resolve('em') as EntityManager).fork()
+          const users = await findWithDecryption(
+            em,
+            User,
+            { id: { $in: Array.from(userIds) } },
+            undefined,
+            { tenantId: ctx.auth?.tenantId ?? null, organizationId: ctx.selectedOrganizationId ?? null },
+          )
+          const map = new Map<string, { name: string | null; email: string | null }>()
+          users.forEach((user) => {
+            const name = typeof user.name === 'string' && user.name.trim().length
+              ? user.name.trim()
+              : null
+            map.set(user.id, { name, email: user.email ?? null })
+          })
+          items.forEach((item: unknown) => {
+            if (!item || typeof item !== 'object') return
+            const record = item as Record<string, unknown>
+            const userId =
+              typeof record.author_user_id === 'string'
+                ? record.author_user_id
+                : typeof record.authorUserId === 'string'
+                  ? record.authorUserId
+                  : null
+            if (!userId) return
+            const meta = map.get(userId)
+            if (!meta) return
+            record.authorName = meta.name
+            record.authorEmail = meta.email
+            if (!('author_name' in record)) record.author_name = meta.name
+            if (!('author_email' in record)) record.author_email = meta.email
+          })
+        } catch (err) {
+          console.warn(`${logPrefix} failed to enrich author metadata`, err)
+        }
+      },
+    },
+  })
+
+  const activityListItemSchema = z
+    .object({
+      id: z.string().uuid(),
+      [parentFkColumn]: z.string().uuid().nullable().optional(),
+      activity_type: z.string().nullable().optional(),
+      subject: z.string().nullable().optional(),
+      body: z.string().nullable().optional(),
+      occurred_at: z.string().nullable().optional(),
+      author_user_id: z.string().uuid().nullable(),
+      appearance_icon: z.string().nullable().optional(),
+      appearance_color: z.string().nullable().optional(),
+      organization_id: z.string().uuid().nullable().optional(),
+      tenant_id: z.string().uuid().nullable().optional(),
+      created_at: z.string().nullable(),
+      updated_at: z.string().nullable().optional(),
+    })
+    .passthrough()
+
+  const openApi = openApiFactory({
+    resourceName: openApiConfig.resourceName,
+    querySchema: listSchema,
+    listResponseSchema: createPagedListResponseSchema(activityListItemSchema),
+    create: {
+      schema: createSchema,
+      responseSchema: activityCreateResponseSchema,
+      description: openApiConfig.createDescription,
+    },
+    update: {
+      schema: updateSchema,
+      responseSchema: defaultOkResponseSchema,
+      description: openApiConfig.updateDescription,
+    },
+    del: {
+      schema: z.object({ id: z.string().uuid() }),
+      responseSchema: defaultOkResponseSchema,
+      description: openApiConfig.deleteDescription,
+    },
+  })
+
+  return {
+    metadata: routeMetadata,
+    openApi,
+    GET: crud.GET,
+    POST: crud.POST,
+    PUT: crud.PUT,
+    DELETE: crud.DELETE,
+  }
+}