npm - @open-mercato/core - Versions diffs - 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b - Mend

@open-mercato/core 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/dist/modules/customer_accounts/services/customerUserService.js ADDED Viewed

@@ -0,0 +1,92 @@
+import { hash, compare } from "bcryptjs";
+import { CustomerUser } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { hashForLookup } from "@open-mercato/shared/lib/encryption/aes";
+const BCRYPT_COST = 10;
+const MAX_FAILED_ATTEMPTS = 5;
+const LOCKOUT_DURATION_MS = 15 * 60 * 1e3;
+class CustomerUserService {
+  constructor(em) {
+    this.em = em;
+  }
+  async createUser(email, password, displayName, scope) {
+    const passwordHash = await hash(password, BCRYPT_COST);
+    const emailHash = hashForLookup(email);
+    const user = this.em.create(CustomerUser, {
+      email: email.toLowerCase().trim(),
+      emailHash,
+      passwordHash,
+      displayName,
+      tenantId: scope.tenantId,
+      organizationId: scope.organizationId,
+      isActive: true,
+      failedLoginAttempts: 0,
+      createdAt: /* @__PURE__ */ new Date()
+    });
+    return user;
+  }
+  async findByEmail(email, tenantId) {
+    const emailHash = hashForLookup(email);
+    return this.em.findOne(CustomerUser, {
+      emailHash,
+      tenantId,
+      deletedAt: null
+    });
+  }
+  async findById(id, tenantId) {
+    return this.em.findOne(CustomerUser, { id, tenantId, deletedAt: null });
+  }
+  async verifyPassword(user, password) {
+    if (!user.passwordHash) return false;
+    return compare(password, user.passwordHash);
+  }
+  async updateLastLoginAt(user) {
+    const now = /* @__PURE__ */ new Date();
+    await this.em.nativeUpdate(CustomerUser, { id: user.id }, { lastLoginAt: now });
+    user.lastLoginAt = now;
+  }
+  checkLockout(user) {
+    if (!user.lockedUntil) return false;
+    if (user.lockedUntil.getTime() > Date.now()) return true;
+    return false;
+  }
+  async incrementFailedAttempts(user) {
+    const newCount = (user.failedLoginAttempts || 0) + 1;
+    const updates = { failedLoginAttempts: newCount };
+    if (newCount >= MAX_FAILED_ATTEMPTS) {
+      updates.lockedUntil = new Date(Date.now() + LOCKOUT_DURATION_MS);
+    }
+    await this.em.nativeUpdate(CustomerUser, { id: user.id }, updates);
+    user.failedLoginAttempts = newCount;
+    if (updates.lockedUntil) user.lockedUntil = updates.lockedUntil;
+  }
+  async resetFailedAttempts(user) {
+    await this.em.nativeUpdate(CustomerUser, { id: user.id }, {
+      failedLoginAttempts: 0,
+      lockedUntil: null
+    });
+    user.failedLoginAttempts = 0;
+    user.lockedUntil = null;
+  }
+  async updatePassword(user, newPassword) {
+    const passwordHash = await hash(newPassword, BCRYPT_COST);
+    await this.em.nativeUpdate(CustomerUser, { id: user.id }, { passwordHash });
+    user.passwordHash = passwordHash;
+  }
+  async updateProfile(user, data) {
+    const updates = {};
+    if (data.displayName !== void 0) updates.displayName = data.displayName;
+    if (Object.keys(updates).length === 0) return;
+    await this.em.nativeUpdate(CustomerUser, { id: user.id }, updates);
+    if (data.displayName !== void 0) user.displayName = data.displayName;
+  }
+  async softDelete(userId) {
+    await this.em.nativeUpdate(CustomerUser, { id: userId }, {
+      deletedAt: /* @__PURE__ */ new Date(),
+      isActive: false
+    });
+  }
+}
+export {
+  CustomerUserService
+};
+//# sourceMappingURL=customerUserService.js.map

package/dist/modules/customer_accounts/services/customerUserService.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/services/customerUserService.ts"],
+  "sourcesContent": ["import { EntityManager } from '@mikro-orm/postgresql'\nimport { hash, compare } from 'bcryptjs'\nimport { CustomerUser } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { hashForLookup } from '@open-mercato/shared/lib/encryption/aes'\n\nconst BCRYPT_COST = 10\nconst MAX_FAILED_ATTEMPTS = 5\nconst LOCKOUT_DURATION_MS = 15 * 60 * 1000 // 15 minutes\n\nexport class CustomerUserService {\n  constructor(private em: EntityManager) {}\n\n  async createUser(\n    email: string,\n    password: string,\n    displayName: string,\n    scope: { tenantId: string; organizationId: string },\n  ): Promise<CustomerUser> {\n    const passwordHash = await hash(password, BCRYPT_COST)\n    const emailHash = hashForLookup(email)\n    const user = this.em.create(CustomerUser, {\n      email: email.toLowerCase().trim(),\n      emailHash,\n      passwordHash,\n      displayName,\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n      isActive: true,\n      failedLoginAttempts: 0,\n      createdAt: new Date(),\n    } as any)\n    return user as CustomerUser\n  }\n\n  async findByEmail(email: string, tenantId: string): Promise<CustomerUser | null> {\n    const emailHash = hashForLookup(email)\n    return this.em.findOne(CustomerUser, {\n      emailHash,\n      tenantId,\n      deletedAt: null,\n    })\n  }\n\n  async findById(id: string, tenantId: string): Promise<CustomerUser | null> {\n    return this.em.findOne(CustomerUser, { id, tenantId, deletedAt: null })\n  }\n\n  async verifyPassword(user: CustomerUser, password: string): Promise<boolean> {\n    if (!user.passwordHash) return false\n    return compare(password, user.passwordHash)\n  }\n\n  async updateLastLoginAt(user: CustomerUser): Promise<void> {\n    const now = new Date()\n    await this.em.nativeUpdate(CustomerUser, { id: user.id }, { lastLoginAt: now })\n    user.lastLoginAt = now\n  }\n\n  checkLockout(user: CustomerUser): boolean {\n    if (!user.lockedUntil) return false\n    if (user.lockedUntil.getTime() > Date.now()) return true\n    return false\n  }\n\n  async incrementFailedAttempts(user: CustomerUser): Promise<void> {\n    const newCount = (user.failedLoginAttempts || 0) + 1\n    const updates: Record<string, unknown> = { failedLoginAttempts: newCount }\n    if (newCount >= MAX_FAILED_ATTEMPTS) {\n      updates.lockedUntil = new Date(Date.now() + LOCKOUT_DURATION_MS)\n    }\n    await this.em.nativeUpdate(CustomerUser, { id: user.id }, updates)\n    user.failedLoginAttempts = newCount\n    if (updates.lockedUntil) user.lockedUntil = updates.lockedUntil as Date\n  }\n\n  async resetFailedAttempts(user: CustomerUser): Promise<void> {\n    await this.em.nativeUpdate(CustomerUser, { id: user.id }, {\n      failedLoginAttempts: 0,\n      lockedUntil: null,\n    })\n    user.failedLoginAttempts = 0\n    user.lockedUntil = null\n  }\n\n  async updatePassword(user: CustomerUser, newPassword: string): Promise<void> {\n    const passwordHash = await hash(newPassword, BCRYPT_COST)\n    await this.em.nativeUpdate(CustomerUser, { id: user.id }, { passwordHash })\n    user.passwordHash = passwordHash\n  }\n\n  async updateProfile(user: CustomerUser, data: { displayName?: string }): Promise<void> {\n    const updates: Record<string, unknown> = {}\n    if (data.displayName !== undefined) updates.displayName = data.displayName\n    if (Object.keys(updates).length === 0) return\n    await this.em.nativeUpdate(CustomerUser, { id: user.id }, updates)\n    if (data.displayName !== undefined) user.displayName = data.displayName\n  }\n\n  async softDelete(userId: string): Promise<void> {\n    await this.em.nativeUpdate(CustomerUser, { id: userId }, {\n      deletedAt: new Date(),\n      isActive: false,\n    })\n  }\n}\n"],
+  "mappings": "AACA,SAAS,MAAM,eAAe;AAC9B,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAE9B,MAAM,cAAc;AACpB,MAAM,sBAAsB;AAC5B,MAAM,sBAAsB,KAAK,KAAK;AAE/B,MAAM,oBAAoB;AAAA,EAC/B,YAAoB,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAExC,MAAM,WACJ,OACA,UACA,aACA,OACuB;AACvB,UAAM,eAAe,MAAM,KAAK,UAAU,WAAW;AACrD,UAAM,YAAY,cAAc,KAAK;AACrC,UAAM,OAAO,KAAK,GAAG,OAAO,cAAc;AAAA,MACxC,OAAO,MAAM,YAAY,EAAE,KAAK;AAAA,MAChC;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,UAAU;AAAA,MACV,qBAAqB;AAAA,MACrB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAQ;AACR,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,YAAY,OAAe,UAAgD;AAC/E,UAAM,YAAY,cAAc,KAAK;AACrC,WAAO,KAAK,GAAG,QAAQ,cAAc;AAAA,MACnC;AAAA,MACA;AAAA,MACA,WAAW;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,SAAS,IAAY,UAAgD;AACzE,WAAO,KAAK,GAAG,QAAQ,cAAc,EAAE,IAAI,UAAU,WAAW,KAAK,CAAC;AAAA,EACxE;AAAA,EAEA,MAAM,eAAe,MAAoB,UAAoC;AAC3E,QAAI,CAAC,KAAK,aAAc,QAAO;AAC/B,WAAO,QAAQ,UAAU,KAAK,YAAY;AAAA,EAC5C;AAAA,EAEA,MAAM,kBAAkB,MAAmC;AACzD,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,IAAI,CAAC;AAC9E,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,aAAa,MAA6B;AACxC,QAAI,CAAC,KAAK,YAAa,QAAO;AAC9B,QAAI,KAAK,YAAY,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AACpD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,wBAAwB,MAAmC;AAC/D,UAAM,YAAY,KAAK,uBAAuB,KAAK;AACnD,UAAM,UAAmC,EAAE,qBAAqB,SAAS;AACzE,QAAI,YAAY,qBAAqB;AACnC,cAAQ,cAAc,IAAI,KAAK,KAAK,IAAI,IAAI,mBAAmB;AAAA,IACjE;AACA,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AACjE,SAAK,sBAAsB;AAC3B,QAAI,QAAQ,YAAa,MAAK,cAAc,QAAQ;AAAA,EACtD;AAAA,EAEA,MAAM,oBAAoB,MAAmC;AAC3D,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG;AAAA,MACxD,qBAAqB;AAAA,MACrB,aAAa;AAAA,IACf,CAAC;AACD,SAAK,sBAAsB;AAC3B,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,MAAM,eAAe,MAAoB,aAAoC;AAC3E,UAAM,eAAe,MAAM,KAAK,aAAa,WAAW;AACxD,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,CAAC;AAC1E,SAAK,eAAe;AAAA,EACtB;AAAA,EAEA,MAAM,cAAc,MAAoB,MAA+C;AACrF,UAAM,UAAmC,CAAC;AAC1C,QAAI,KAAK,gBAAgB,OAAW,SAAQ,cAAc,KAAK;AAC/D,QAAI,OAAO,KAAK,OAAO,EAAE,WAAW,EAAG;AACvC,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AACjE,QAAI,KAAK,gBAAgB,OAAW,MAAK,cAAc,KAAK;AAAA,EAC9D;AAAA,EAEA,MAAM,WAAW,QAA+B;AAC9C,UAAM,KAAK,GAAG,aAAa,cAAc,EAAE,IAAI,OAAO,GAAG;AAAA,MACvD,WAAW,oBAAI,KAAK;AAAA,MACpB,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/setup.js ADDED Viewed

@@ -0,0 +1,179 @@
+import { hash } from "bcryptjs";
+import { hashForLookup } from "@open-mercato/shared/lib/encryption/aes";
+import {
+  CustomerRole,
+  CustomerRoleAcl,
+  CustomerUser,
+  CustomerUserRole
+} from "@open-mercato/core/modules/customer_accounts/data/entities";
+const DEFAULT_ROLES = [
+  {
+    name: "Portal Admin",
+    slug: "portal_admin",
+    description: "Full portal administration access",
+    isSystem: true,
+    customerAssignable: false,
+    isDefault: false,
+    acl: {
+      isPortalAdmin: true,
+      features: ["portal.*"]
+    }
+  },
+  {
+    name: "Buyer",
+    slug: "buyer",
+    description: "Standard buyer access with ordering capabilities",
+    isSystem: true,
+    customerAssignable: true,
+    isDefault: true,
+    acl: {
+      isPortalAdmin: false,
+      features: [
+        "portal.account.manage",
+        "portal.orders.view",
+        "portal.orders.create",
+        "portal.quotes.view",
+        "portal.quotes.request",
+        "portal.invoices.view",
+        "portal.catalog.view"
+      ]
+    }
+  },
+  {
+    name: "Viewer",
+    slug: "viewer",
+    description: "Read-only portal access",
+    isSystem: true,
+    customerAssignable: true,
+    isDefault: false,
+    acl: {
+      isPortalAdmin: false,
+      features: [
+        "portal.account.manage",
+        "portal.orders.view",
+        "portal.invoices.view",
+        "portal.catalog.view"
+      ]
+    }
+  }
+];
+async function ensureDefaultCustomerRoleAcls(em, tenantId, modules) {
+  const featuresByRole = {};
+  for (const mod of modules) {
+    const customerRoleFeatures = mod.setup?.defaultCustomerRoleFeatures;
+    if (!customerRoleFeatures) continue;
+    for (const [roleSlug, features] of Object.entries(customerRoleFeatures)) {
+      if (!features || !features.length) continue;
+      if (!featuresByRole[roleSlug]) featuresByRole[roleSlug] = [];
+      featuresByRole[roleSlug].push(...features);
+    }
+  }
+  const roleSlugs = Object.keys(featuresByRole);
+  if (!roleSlugs.length) return;
+  for (const roleSlug of roleSlugs) {
+    const role = await em.findOne(CustomerRole, { tenantId, slug: roleSlug, deletedAt: null });
+    if (!role) continue;
+    const acl = await em.findOne(CustomerRoleAcl, { role: role.id, tenantId });
+    if (!acl) continue;
+    const currentFeatures = Array.isArray(acl.featuresJson) ? acl.featuresJson : [];
+    const merged = Array.from(/* @__PURE__ */ new Set([...currentFeatures, ...featuresByRole[roleSlug]]));
+    const changed = merged.length !== currentFeatures.length || merged.some((value, index) => value !== currentFeatures[index]);
+    if (changed) {
+      acl.featuresJson = merged;
+      em.persist(acl);
+    }
+  }
+  await em.flush();
+}
+async function seedDefaultRoles(em, scope) {
+  for (const roleDef of DEFAULT_ROLES) {
+    const existing = await em.findOne(CustomerRole, {
+      tenantId: scope.tenantId,
+      slug: roleDef.slug,
+      deletedAt: null
+    });
+    if (existing) continue;
+    const role = em.create(CustomerRole, {
+      tenantId: scope.tenantId,
+      organizationId: scope.organizationId,
+      name: roleDef.name,
+      slug: roleDef.slug,
+      description: roleDef.description,
+      isSystem: roleDef.isSystem,
+      customerAssignable: roleDef.customerAssignable,
+      isDefault: roleDef.isDefault,
+      createdAt: /* @__PURE__ */ new Date()
+    });
+    em.persist(role);
+    const acl = em.create(CustomerRoleAcl, {
+      role,
+      tenantId: scope.tenantId,
+      featuresJson: roleDef.acl.features,
+      isPortalAdmin: roleDef.acl.isPortalAdmin,
+      createdAt: /* @__PURE__ */ new Date()
+    });
+    em.persist(acl);
+  }
+  await em.flush();
+}
+const setup = {
+  defaultRoleFeatures: {
+    superadmin: ["customer_accounts.*"],
+    admin: ["customer_accounts.*"]
+  },
+  async onTenantCreated({ em, tenantId, organizationId }) {
+    await seedDefaultRoles(em, { tenantId, organizationId });
+  },
+  async seedDefaults({ em, tenantId, organizationId }) {
+    await seedDefaultRoles(em, { tenantId, organizationId });
+    try {
+      const { getModules } = await import("@open-mercato/shared/lib/modules/registry");
+      const allModules = getModules();
+      await ensureDefaultCustomerRoleAcls(em, tenantId, allModules);
+    } catch {
+    }
+  },
+  async seedExamples({ em, tenantId, organizationId }) {
+    const BCRYPT_COST = 10;
+    const exampleUsers = [
+      { email: "alice.johnson@example.com", displayName: "Alice Johnson", password: "Password123!", roleSlug: "portal_admin" },
+      { email: "bob.smith@example.com", displayName: "Bob Smith", password: "Password123!", roleSlug: "buyer" },
+      { email: "carol.white@example.com", displayName: "Carol White", password: "Password123!", roleSlug: "viewer" }
+    ];
+    for (const entry of exampleUsers) {
+      const emailHash = hashForLookup(entry.email);
+      const existing = await em.findOne(CustomerUser, { emailHash, tenantId, deletedAt: null });
+      if (existing) continue;
+      const passwordHash = await hash(entry.password, BCRYPT_COST);
+      const user = em.create(CustomerUser, {
+        email: entry.email,
+        emailHash,
+        passwordHash,
+        displayName: entry.displayName,
+        tenantId,
+        organizationId,
+        isActive: true,
+        failedLoginAttempts: 0,
+        emailVerifiedAt: /* @__PURE__ */ new Date(),
+        createdAt: /* @__PURE__ */ new Date()
+      });
+      em.persist(user);
+      const role = await em.findOne(CustomerRole, { tenantId, slug: entry.roleSlug, deletedAt: null });
+      if (role) {
+        const userRole = em.create(CustomerUserRole, {
+          user,
+          role,
+          createdAt: /* @__PURE__ */ new Date()
+        });
+        em.persist(userRole);
+      }
+    }
+    await em.flush();
+  }
+};
+var setup_default = setup;
+export {
+  setup_default as default,
+  setup
+};
+//# sourceMappingURL=setup.js.map

package/dist/modules/customer_accounts/setup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/customer_accounts/setup.ts"],
+  "sourcesContent": ["import type { ModuleSetupConfig, DefaultCustomerRoleFeatures } from '@open-mercato/shared/modules/setup'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { Module } from '@open-mercato/shared/modules/registry'\nimport { hash } from 'bcryptjs'\nimport { hashForLookup } from '@open-mercato/shared/lib/encryption/aes'\nimport {\n  CustomerRole,\n  CustomerRoleAcl,\n  CustomerUser,\n  CustomerUserRole,\n} from '@open-mercato/core/modules/customer_accounts/data/entities'\n\ninterface SeedScope {\n  tenantId: string\n  organizationId: string\n}\n\nconst DEFAULT_ROLES = [\n  {\n    name: 'Portal Admin',\n    slug: 'portal_admin',\n    description: 'Full portal administration access',\n    isSystem: true,\n    customerAssignable: false,\n    isDefault: false,\n    acl: {\n      isPortalAdmin: true,\n      features: ['portal.*'],\n    },\n  },\n  {\n    name: 'Buyer',\n    slug: 'buyer',\n    description: 'Standard buyer access with ordering capabilities',\n    isSystem: true,\n    customerAssignable: true,\n    isDefault: true,\n    acl: {\n      isPortalAdmin: false,\n      features: [\n        'portal.account.manage',\n        'portal.orders.view',\n        'portal.orders.create',\n        'portal.quotes.view',\n        'portal.quotes.request',\n        'portal.invoices.view',\n        'portal.catalog.view',\n      ],\n    },\n  },\n  {\n    name: 'Viewer',\n    slug: 'viewer',\n    description: 'Read-only portal access',\n    isSystem: true,\n    customerAssignable: true,\n    isDefault: false,\n    acl: {\n      isPortalAdmin: false,\n      features: [\n        'portal.account.manage',\n        'portal.orders.view',\n        'portal.invoices.view',\n        'portal.catalog.view',\n      ],\n    },\n  },\n]\n\n/**\n * Collect defaultCustomerRoleFeatures from all enabled modules and merge\n * them into the corresponding CustomerRoleAcl records.\n */\nasync function ensureDefaultCustomerRoleAcls(\n  em: EntityManager,\n  tenantId: string,\n  modules: Module[],\n): Promise<void> {\n  const featuresByRole: Record<string, string[]> = {}\n\n  for (const mod of modules) {\n    const customerRoleFeatures = mod.setup?.defaultCustomerRoleFeatures\n    if (!customerRoleFeatures) continue\n    for (const [roleSlug, features] of Object.entries(customerRoleFeatures)) {\n      if (!features || !features.length) continue\n      if (!featuresByRole[roleSlug]) featuresByRole[roleSlug] = []\n      featuresByRole[roleSlug].push(...features)\n    }\n  }\n\n  const roleSlugs = Object.keys(featuresByRole)\n  if (!roleSlugs.length) return\n\n  for (const roleSlug of roleSlugs) {\n    const role = await em.findOne(CustomerRole, { tenantId, slug: roleSlug, deletedAt: null })\n    if (!role) continue\n\n    const acl = await em.findOne(CustomerRoleAcl, { role: role.id as any, tenantId })\n    if (!acl) continue\n\n    const currentFeatures = Array.isArray(acl.featuresJson) ? acl.featuresJson : []\n    const merged = Array.from(new Set([...currentFeatures, ...featuresByRole[roleSlug]]))\n    const changed =\n      merged.length !== currentFeatures.length ||\n      merged.some((value, index) => value !== currentFeatures[index])\n    if (changed) {\n      acl.featuresJson = merged\n      em.persist(acl)\n    }\n  }\n  await em.flush()\n}\n\nasync function seedDefaultRoles(em: EntityManager, scope: SeedScope): Promise<void> {\n  for (const roleDef of DEFAULT_ROLES) {\n    const existing = await em.findOne(CustomerRole, {\n      tenantId: scope.tenantId,\n      slug: roleDef.slug,\n      deletedAt: null,\n    })\n    if (existing) continue\n\n    const role = em.create(CustomerRole, {\n      tenantId: scope.tenantId,\n      organizationId: scope.organizationId,\n      name: roleDef.name,\n      slug: roleDef.slug,\n      description: roleDef.description,\n      isSystem: roleDef.isSystem,\n      customerAssignable: roleDef.customerAssignable,\n      isDefault: roleDef.isDefault,\n      createdAt: new Date(),\n    } as any)\n    em.persist(role)\n\n    const acl = em.create(CustomerRoleAcl, {\n      role,\n      tenantId: scope.tenantId,\n      featuresJson: roleDef.acl.features,\n      isPortalAdmin: roleDef.acl.isPortalAdmin,\n      createdAt: new Date(),\n    } as any)\n    em.persist(acl)\n  }\n  await em.flush()\n}\n\nexport const setup: ModuleSetupConfig = {\n  defaultRoleFeatures: {\n    superadmin: ['customer_accounts.*'],\n    admin: ['customer_accounts.*'],\n  },\n\n  async onTenantCreated({ em, tenantId, organizationId }) {\n    await seedDefaultRoles(em, { tenantId, organizationId })\n  },\n\n  async seedDefaults({ em, tenantId, organizationId }) {\n    await seedDefaultRoles(em, { tenantId, organizationId })\n    // Merge defaultCustomerRoleFeatures from all enabled modules\n    try {\n      const { getModules } = await import('@open-mercato/shared/lib/modules/registry')\n      const allModules = getModules()\n      await ensureDefaultCustomerRoleAcls(em, tenantId, allModules)\n    } catch {\n      // Modules may not be registered yet during initial setup\n    }\n  },\n\n  async seedExamples({ em, tenantId, organizationId }) {\n    const BCRYPT_COST = 10\n    const exampleUsers = [\n      { email: 'alice.johnson@example.com', displayName: 'Alice Johnson', password: 'Password123!', roleSlug: 'portal_admin' },\n      { email: 'bob.smith@example.com', displayName: 'Bob Smith', password: 'Password123!', roleSlug: 'buyer' },\n      { email: 'carol.white@example.com', displayName: 'Carol White', password: 'Password123!', roleSlug: 'viewer' },\n    ]\n\n    for (const entry of exampleUsers) {\n      const emailHash = hashForLookup(entry.email)\n      const existing = await em.findOne(CustomerUser, { emailHash, tenantId, deletedAt: null })\n      if (existing) continue\n\n      const passwordHash = await hash(entry.password, BCRYPT_COST)\n      const user = em.create(CustomerUser, {\n        email: entry.email,\n        emailHash,\n        passwordHash,\n        displayName: entry.displayName,\n        tenantId,\n        organizationId,\n        isActive: true,\n        failedLoginAttempts: 0,\n        emailVerifiedAt: new Date(),\n        createdAt: new Date(),\n      } as any)\n      em.persist(user)\n\n      const role = await em.findOne(CustomerRole, { tenantId, slug: entry.roleSlug, deletedAt: null })\n      if (role) {\n        const userRole = em.create(CustomerUserRole, {\n          user,\n          role,\n          createdAt: new Date(),\n        } as any)\n        em.persist(userRole)\n      }\n    }\n    await em.flush()\n  },\n}\n\nexport default setup\n"],
+  "mappings": "AAGA,SAAS,YAAY;AACrB,SAAS,qBAAqB;AAC9B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAOP,MAAM,gBAAgB;AAAA,EACpB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,oBAAoB;AAAA,IACpB,WAAW;AAAA,IACX,KAAK;AAAA,MACH,eAAe;AAAA,MACf,UAAU,CAAC,UAAU;AAAA,IACvB;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,oBAAoB;AAAA,IACpB,WAAW;AAAA,IACX,KAAK;AAAA,MACH,eAAe;AAAA,MACf,UAAU;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EACA;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,aAAa;AAAA,IACb,UAAU;AAAA,IACV,oBAAoB;AAAA,IACpB,WAAW;AAAA,IACX,KAAK;AAAA,MACH,eAAe;AAAA,MACf,UAAU;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAMA,eAAe,8BACb,IACA,UACA,SACe;AACf,QAAM,iBAA2C,CAAC;AAElD,aAAW,OAAO,SAAS;AACzB,UAAM,uBAAuB,IAAI,OAAO;AACxC,QAAI,CAAC,qBAAsB;AAC3B,eAAW,CAAC,UAAU,QAAQ,KAAK,OAAO,QAAQ,oBAAoB,GAAG;AACvE,UAAI,CAAC,YAAY,CAAC,SAAS,OAAQ;AACnC,UAAI,CAAC,eAAe,QAAQ,EAAG,gBAAe,QAAQ,IAAI,CAAC;AAC3D,qBAAe,QAAQ,EAAE,KAAK,GAAG,QAAQ;AAAA,IAC3C;AAAA,EACF;AAEA,QAAM,YAAY,OAAO,KAAK,cAAc;AAC5C,MAAI,CAAC,UAAU,OAAQ;AAEvB,aAAW,YAAY,WAAW;AAChC,UAAM,OAAO,MAAM,GAAG,QAAQ,cAAc,EAAE,UAAU,MAAM,UAAU,WAAW,KAAK,CAAC;AACzF,QAAI,CAAC,KAAM;AAEX,UAAM,MAAM,MAAM,GAAG,QAAQ,iBAAiB,EAAE,MAAM,KAAK,IAAW,SAAS,CAAC;AAChF,QAAI,CAAC,IAAK;AAEV,UAAM,kBAAkB,MAAM,QAAQ,IAAI,YAAY,IAAI,IAAI,eAAe,CAAC;AAC9E,UAAM,SAAS,MAAM,KAAK,oBAAI,IAAI,CAAC,GAAG,iBAAiB,GAAG,eAAe,QAAQ,CAAC,CAAC,CAAC;AACpF,UAAM,UACJ,OAAO,WAAW,gBAAgB,UAClC,OAAO,KAAK,CAAC,OAAO,UAAU,UAAU,gBAAgB,KAAK,CAAC;AAChE,QAAI,SAAS;AACX,UAAI,eAAe;AACnB,SAAG,QAAQ,GAAG;AAAA,IAChB;AAAA,EACF;AACA,QAAM,GAAG,MAAM;AACjB;AAEA,eAAe,iBAAiB,IAAmB,OAAiC;AAClF,aAAW,WAAW,eAAe;AACnC,UAAM,WAAW,MAAM,GAAG,QAAQ,cAAc;AAAA,MAC9C,UAAU,MAAM;AAAA,MAChB,MAAM,QAAQ;AAAA,MACd,WAAW;AAAA,IACb,CAAC;AACD,QAAI,SAAU;AAEd,UAAM,OAAO,GAAG,OAAO,cAAc;AAAA,MACnC,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,MAAM,QAAQ;AAAA,MACd,MAAM,QAAQ;AAAA,MACd,aAAa,QAAQ;AAAA,MACrB,UAAU,QAAQ;AAAA,MAClB,oBAAoB,QAAQ;AAAA,MAC5B,WAAW,QAAQ;AAAA,MACnB,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAQ;AACR,OAAG,QAAQ,IAAI;AAEf,UAAM,MAAM,GAAG,OAAO,iBAAiB;AAAA,MACrC;AAAA,MACA,UAAU,MAAM;AAAA,MAChB,cAAc,QAAQ,IAAI;AAAA,MAC1B,eAAe,QAAQ,IAAI;AAAA,MAC3B,WAAW,oBAAI,KAAK;AAAA,IACtB,CAAQ;AACR,OAAG,QAAQ,GAAG;AAAA,EAChB;AACA,QAAM,GAAG,MAAM;AACjB;AAEO,MAAM,QAA2B;AAAA,EACtC,qBAAqB;AAAA,IACnB,YAAY,CAAC,qBAAqB;AAAA,IAClC,OAAO,CAAC,qBAAqB;AAAA,EAC/B;AAAA,EAEA,MAAM,gBAAgB,EAAE,IAAI,UAAU,eAAe,GAAG;AACtD,UAAM,iBAAiB,IAAI,EAAE,UAAU,eAAe,CAAC;AAAA,EACzD;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,UAAU,eAAe,GAAG;AACnD,UAAM,iBAAiB,IAAI,EAAE,UAAU,eAAe,CAAC;AAEvD,QAAI;AACF,YAAM,EAAE,WAAW,IAAI,MAAM,OAAO,2CAA2C;AAC/E,YAAM,aAAa,WAAW;AAC9B,YAAM,8BAA8B,IAAI,UAAU,UAAU;AAAA,IAC9D,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,EAAE,IAAI,UAAU,eAAe,GAAG;AACnD,UAAM,cAAc;AACpB,UAAM,eAAe;AAAA,MACnB,EAAE,OAAO,6BAA6B,aAAa,iBAAiB,UAAU,gBAAgB,UAAU,eAAe;AAAA,MACvH,EAAE,OAAO,yBAAyB,aAAa,aAAa,UAAU,gBAAgB,UAAU,QAAQ;AAAA,MACxG,EAAE,OAAO,2BAA2B,aAAa,eAAe,UAAU,gBAAgB,UAAU,SAAS;AAAA,IAC/G;AAEA,eAAW,SAAS,cAAc;AAChC,YAAM,YAAY,cAAc,MAAM,KAAK;AAC3C,YAAM,WAAW,MAAM,GAAG,QAAQ,cAAc,EAAE,WAAW,UAAU,WAAW,KAAK,CAAC;AACxF,UAAI,SAAU;AAEd,YAAM,eAAe,MAAM,KAAK,MAAM,UAAU,WAAW;AAC3D,YAAM,OAAO,GAAG,OAAO,cAAc;AAAA,QACnC,OAAO,MAAM;AAAA,QACb;AAAA,QACA;AAAA,QACA,aAAa,MAAM;AAAA,QACnB;AAAA,QACA;AAAA,QACA,UAAU;AAAA,QACV,qBAAqB;AAAA,QACrB,iBAAiB,oBAAI,KAAK;AAAA,QAC1B,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,IAAI;AAEf,YAAM,OAAO,MAAM,GAAG,QAAQ,cAAc,EAAE,UAAU,MAAM,MAAM,UAAU,WAAW,KAAK,CAAC;AAC/F,UAAI,MAAM;AACR,cAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,UAC3C;AAAA,UACA;AAAA,UACA,WAAW,oBAAI,KAAK;AAAA,QACtB,CAAQ;AACR,WAAG,QAAQ,QAAQ;AAAA,MACrB;AAAA,IACF;AACA,UAAM,GAAG,MAAM;AAAA,EACjB;AACF;AAEA,IAAO,gBAAQ;",
+  "names": []
+}

package/dist/modules/customer_accounts/subscribers/autoLinkCrm.js ADDED Viewed

@@ -0,0 +1,54 @@
+import { CustomerUser } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+const metadata = {
+  event: "customer_accounts.user.created",
+  persistent: true,
+  id: "customer_accounts:auto-link-crm"
+};
+async function handle(payload, ctx) {
+  const data = payload;
+  const userId = data?.id;
+  const tenantId = data?.tenantId;
+  const organizationId = data?.organizationId;
+  if (!userId || !tenantId) return;
+  const em = ctx.resolve("em");
+  try {
+    let email;
+    if (data?.email) {
+      email = data.email.toLowerCase().trim();
+    } else {
+      const user = await em.findOne(CustomerUser, { id: userId, tenantId, deletedAt: null });
+      if (user) email = user.email?.toLowerCase().trim();
+    }
+    if (!email) return;
+    const { CustomerEntity } = await import("@open-mercato/core/modules/customers/data/entities");
+    const personEntities = await findWithDecryption(
+      em,
+      CustomerEntity,
+      { tenantId, kind: "person", deletedAt: null },
+      { limit: 500 },
+      { tenantId, organizationId }
+    );
+    const matchingEntity = personEntities.find(
+      (e) => e.primaryEmail && e.primaryEmail.toLowerCase().trim() === email
+    );
+    if (!matchingEntity) return;
+    const profileRows = await em.getConnection().execute(
+      `SELECT company_entity_id FROM customer_people WHERE entity_id = ? LIMIT 1`,
+      [matchingEntity.id]
+    );
+    const companyEntityId = profileRows?.[0]?.company_entity_id;
+    const updates = { personEntityId: matchingEntity.id };
+    if (companyEntityId) {
+      updates.customerEntityId = companyEntityId;
+    }
+    await em.nativeUpdate(CustomerUser, { id: userId }, updates);
+  } catch (err) {
+    console.error("[customer_accounts:auto-link-crm] Failed to link customer user to CRM person:", err);
+  }
+}
+export {
+  handle as default,
+  metadata
+};
+//# sourceMappingURL=autoLinkCrm.js.map

package/dist/modules/customer_accounts/subscribers/autoLinkCrm.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/subscribers/autoLinkCrm.ts"],
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { CustomerUser } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { hashForLookup } from '@open-mercato/shared/lib/encryption/aes'\nimport { findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {\n  event: 'customer_accounts.user.created',\n  persistent: true,\n  id: 'customer_accounts:auto-link-crm',\n}\n\nexport default async function handle(\n  payload: unknown,\n  ctx: { resolve: <T = unknown>(name: string) => T; eventName?: string },\n): Promise<void> {\n  const data = payload as Record<string, unknown>\n  const userId = data?.id as string\n  const tenantId = data?.tenantId as string\n  const organizationId = data?.organizationId as string | undefined\n  if (!userId || !tenantId) return\n\n  const em = ctx.resolve<EntityManager>('em')\n\n  try {\n    let email: string | undefined\n    if (data?.email) {\n      email = (data.email as string).toLowerCase().trim()\n    } else {\n      const user = await em.findOne(CustomerUser, { id: userId, tenantId, deletedAt: null })\n      if (user) email = user.email?.toLowerCase().trim()\n    }\n    if (!email) return\n\n    const { CustomerEntity } = await import('@open-mercato/core/modules/customers/data/entities')\n\n    const personEntities = await findWithDecryption(\n      em,\n      CustomerEntity,\n      { tenantId, kind: 'person', deletedAt: null } as any,\n      { limit: 500 } as any,\n      { tenantId, organizationId },\n    )\n\n    const matchingEntity = personEntities.find(\n      (e: any) => e.primaryEmail && e.primaryEmail.toLowerCase().trim() === email,\n    ) as any\n\n    if (!matchingEntity) return\n\n    const profileRows = await em.getConnection().execute(\n      `SELECT company_entity_id FROM customer_people WHERE entity_id = ? LIMIT 1`,\n      [matchingEntity.id],\n    )\n    const companyEntityId = profileRows?.[0]?.company_entity_id as string | undefined\n\n    const updates: Record<string, unknown> = { personEntityId: matchingEntity.id }\n    if (companyEntityId) {\n      updates.customerEntityId = companyEntityId\n    }\n\n    await em.nativeUpdate(CustomerUser, { id: userId }, updates)\n  } catch (err) {\n    console.error('[customer_accounts:auto-link-crm] Failed to link customer user to CRM person:', err)\n  }\n}\n"],
+  "mappings": "AACA,SAAS,oBAAoB;AAE7B,SAAS,0BAA0B;AAE5B,MAAM,WAAW;AAAA,EACtB,OAAO;AAAA,EACP,YAAY;AAAA,EACZ,IAAI;AACN;AAEA,eAAO,OACL,SACA,KACe;AACf,QAAM,OAAO;AACb,QAAM,SAAS,MAAM;AACrB,QAAM,WAAW,MAAM;AACvB,QAAM,iBAAiB,MAAM;AAC7B,MAAI,CAAC,UAAU,CAAC,SAAU;AAE1B,QAAM,KAAK,IAAI,QAAuB,IAAI;AAE1C,MAAI;AACF,QAAI;AACJ,QAAI,MAAM,OAAO;AACf,cAAS,KAAK,MAAiB,YAAY,EAAE,KAAK;AAAA,IACpD,OAAO;AACL,YAAM,OAAO,MAAM,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,UAAU,WAAW,KAAK,CAAC;AACrF,UAAI,KAAM,SAAQ,KAAK,OAAO,YAAY,EAAE,KAAK;AAAA,IACnD;AACA,QAAI,CAAC,MAAO;AAEZ,UAAM,EAAE,eAAe,IAAI,MAAM,OAAO,oDAAoD;AAE5F,UAAM,iBAAiB,MAAM;AAAA,MAC3B;AAAA,MACA;AAAA,MACA,EAAE,UAAU,MAAM,UAAU,WAAW,KAAK;AAAA,MAC5C,EAAE,OAAO,IAAI;AAAA,MACb,EAAE,UAAU,eAAe;AAAA,IAC7B;AAEA,UAAM,iBAAiB,eAAe;AAAA,MACpC,CAAC,MAAW,EAAE,gBAAgB,EAAE,aAAa,YAAY,EAAE,KAAK,MAAM;AAAA,IACxE;AAEA,QAAI,CAAC,eAAgB;AAErB,UAAM,cAAc,MAAM,GAAG,cAAc,EAAE;AAAA,MAC3C;AAAA,MACA,CAAC,eAAe,EAAE;AAAA,IACpB;AACA,UAAM,kBAAkB,cAAc,CAAC,GAAG;AAE1C,UAAM,UAAmC,EAAE,gBAAgB,eAAe,GAAG;AAC7E,QAAI,iBAAiB;AACnB,cAAQ,mBAAmB;AAAA,IAC7B;AAEA,UAAM,GAAG,aAAa,cAAc,EAAE,IAAI,OAAO,GAAG,OAAO;AAAA,EAC7D,SAAS,KAAK;AACZ,YAAQ,MAAM,iFAAiF,GAAG;AAAA,EACpG;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/subscribers/autoLinkCrmReverse.js ADDED Viewed

@@ -0,0 +1,68 @@
+import { CustomerUser } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { hashForLookup } from "@open-mercato/shared/lib/encryption/aes";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+const metadata = {
+  event: "customers.person.created",
+  persistent: true,
+  id: "customer_accounts:auto-link-crm-reverse"
+};
+async function handle(payload, ctx) {
+  const data = payload;
+  const eventId = data?.id;
+  const tenantId = data?.tenantId;
+  const organizationId = data?.organizationId;
+  if (!eventId || !tenantId) return;
+  const em = ctx.resolve("em");
+  try {
+    const { CustomerEntity } = await import("@open-mercato/core/modules/customers/data/entities");
+    let entity = await findOneWithDecryption(
+      em,
+      CustomerEntity,
+      { id: eventId, tenantId, kind: "person", deletedAt: null },
+      void 0,
+      { tenantId, organizationId }
+    );
+    if (!entity) {
+      const { CustomerPersonProfile } = await import("@open-mercato/core/modules/customers/data/entities");
+      const profile = await em.findOne(CustomerPersonProfile, { id: eventId }, { populate: ["entity"] });
+      if (profile?.entity) {
+        entity = await findOneWithDecryption(
+          em,
+          CustomerEntity,
+          { id: profile.entity.id ?? profile.entity, tenantId, deletedAt: null },
+          void 0,
+          { tenantId, organizationId }
+        );
+      }
+    }
+    if (!entity) return;
+    const email = entity.primaryEmail;
+    if (!email) return;
+    const emailHash = hashForLookup(email.toLowerCase().trim());
+    const personProfile = await em.getConnection().execute(
+      `SELECT company_entity_id FROM customer_people WHERE entity_id = ? LIMIT 1`,
+      [entity.id]
+    );
+    const companyEntityId = personProfile?.[0]?.company_entity_id;
+    const customerUser = await em.findOne(CustomerUser, {
+      emailHash,
+      tenantId,
+      deletedAt: null,
+      personEntityId: null
+    });
+    if (customerUser) {
+      const updates = { personEntityId: entity.id };
+      if (companyEntityId && !customerUser.customerEntityId) {
+        updates.customerEntityId = companyEntityId;
+      }
+      await em.nativeUpdate(CustomerUser, { id: customerUser.id }, updates);
+    }
+  } catch (err) {
+    console.error("[customer_accounts:auto-link-crm-reverse] Failed to link CRM person to customer user:", err);
+  }
+}
+export {
+  handle as default,
+  metadata
+};
+//# sourceMappingURL=autoLinkCrmReverse.js.map

package/dist/modules/customer_accounts/subscribers/autoLinkCrmReverse.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/subscribers/autoLinkCrmReverse.ts"],
+  "sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport { CustomerUser } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { hashForLookup } from '@open-mercato/shared/lib/encryption/aes'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport const metadata = {\n  event: 'customers.person.created',\n  persistent: true,\n  id: 'customer_accounts:auto-link-crm-reverse',\n}\n\nexport default async function handle(\n  payload: unknown,\n  ctx: { resolve: <T = unknown>(name: string) => T; eventName?: string },\n): Promise<void> {\n  const data = payload as Record<string, unknown>\n  const eventId = data?.id as string\n  const tenantId = data?.tenantId as string\n  const organizationId = data?.organizationId as string | undefined\n  if (!eventId || !tenantId) return\n\n  const em = ctx.resolve<EntityManager>('em')\n\n  try {\n    const { CustomerEntity } = await import('@open-mercato/core/modules/customers/data/entities')\n\n    let entity = await findOneWithDecryption(\n      em,\n      CustomerEntity,\n      { id: eventId, tenantId, kind: 'person', deletedAt: null } as any,\n      undefined,\n      { tenantId, organizationId },\n    )\n\n    if (!entity) {\n      const { CustomerPersonProfile } = await import('@open-mercato/core/modules/customers/data/entities')\n      const profile = await em.findOne(CustomerPersonProfile as any, { id: eventId } as any, { populate: ['entity'] }) as any\n      if (profile?.entity) {\n        entity = await findOneWithDecryption(\n          em,\n          CustomerEntity,\n          { id: profile.entity.id ?? profile.entity, tenantId, deletedAt: null } as any,\n          undefined,\n          { tenantId, organizationId },\n        )\n      }\n    }\n\n    if (!entity) return\n    const email = (entity as any).primaryEmail as string | null\n    if (!email) return\n\n    const emailHash = hashForLookup(email.toLowerCase().trim())\n\n    const personProfile = await em.getConnection().execute(\n      `SELECT company_entity_id FROM customer_people WHERE entity_id = ? LIMIT 1`,\n      [(entity as any).id],\n    )\n    const companyEntityId = personProfile?.[0]?.company_entity_id as string | undefined\n\n    const customerUser = await em.findOne(CustomerUser, {\n      emailHash,\n      tenantId,\n      deletedAt: null,\n      personEntityId: null,\n    })\n\n    if (customerUser) {\n      const updates: Record<string, unknown> = { personEntityId: (entity as any).id }\n      if (companyEntityId && !customerUser.customerEntityId) {\n        updates.customerEntityId = companyEntityId\n      }\n      await em.nativeUpdate(CustomerUser, { id: customerUser.id }, updates)\n    }\n  } catch (err) {\n    console.error('[customer_accounts:auto-link-crm-reverse] Failed to link CRM person to customer user:', err)\n  }\n}\n"],
+  "mappings": "AACA,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,6BAA6B;AAE/B,MAAM,WAAW;AAAA,EACtB,OAAO;AAAA,EACP,YAAY;AAAA,EACZ,IAAI;AACN;AAEA,eAAO,OACL,SACA,KACe;AACf,QAAM,OAAO;AACb,QAAM,UAAU,MAAM;AACtB,QAAM,WAAW,MAAM;AACvB,QAAM,iBAAiB,MAAM;AAC7B,MAAI,CAAC,WAAW,CAAC,SAAU;AAE3B,QAAM,KAAK,IAAI,QAAuB,IAAI;AAE1C,MAAI;AACF,UAAM,EAAE,eAAe,IAAI,MAAM,OAAO,oDAAoD;AAE5F,QAAI,SAAS,MAAM;AAAA,MACjB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,SAAS,UAAU,MAAM,UAAU,WAAW,KAAK;AAAA,MACzD;AAAA,MACA,EAAE,UAAU,eAAe;AAAA,IAC7B;AAEA,QAAI,CAAC,QAAQ;AACX,YAAM,EAAE,sBAAsB,IAAI,MAAM,OAAO,oDAAoD;AACnG,YAAM,UAAU,MAAM,GAAG,QAAQ,uBAA8B,EAAE,IAAI,QAAQ,GAAU,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/G,UAAI,SAAS,QAAQ;AACnB,iBAAS,MAAM;AAAA,UACb;AAAA,UACA;AAAA,UACA,EAAE,IAAI,QAAQ,OAAO,MAAM,QAAQ,QAAQ,UAAU,WAAW,KAAK;AAAA,UACrE;AAAA,UACA,EAAE,UAAU,eAAe;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,OAAQ;AACb,UAAM,QAAS,OAAe;AAC9B,QAAI,CAAC,MAAO;AAEZ,UAAM,YAAY,cAAc,MAAM,YAAY,EAAE,KAAK,CAAC;AAE1D,UAAM,gBAAgB,MAAM,GAAG,cAAc,EAAE;AAAA,MAC7C;AAAA,MACA,CAAE,OAAe,EAAE;AAAA,IACrB;AACA,UAAM,kBAAkB,gBAAgB,CAAC,GAAG;AAE5C,UAAM,eAAe,MAAM,GAAG,QAAQ,cAAc;AAAA,MAClD;AAAA,MACA;AAAA,MACA,WAAW;AAAA,MACX,gBAAgB;AAAA,IAClB,CAAC;AAED,QAAI,cAAc;AAChB,YAAM,UAAmC,EAAE,gBAAiB,OAAe,GAAG;AAC9E,UAAI,mBAAmB,CAAC,aAAa,kBAAkB;AACrD,gBAAQ,mBAAmB;AAAA,MAC7B;AACA,YAAM,GAAG,aAAa,cAAc,EAAE,IAAI,aAAa,GAAG,GAAG,OAAO;AAAA,IACtE;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,yFAAyF,GAAG;AAAA,EAC5G;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/subscribers/notifyStaffOnSignup.js ADDED Viewed

@@ -0,0 +1,29 @@
+const metadata = {
+  event: "customer_accounts.user.created",
+  persistent: true,
+  id: "customer_accounts:notify-staff-on-signup"
+};
+async function handle(payload, ctx) {
+  const data = payload;
+  const userId = data?.id;
+  const email = data?.email;
+  const tenantId = data?.tenantId;
+  const organizationId = data?.organizationId;
+  if (!userId || !email || !tenantId || !organizationId) return;
+  try {
+    const eventBus = ctx.resolve("eventBus");
+    await eventBus.emitEvent("notifications.create", {
+      type: "customer_accounts.user.signup",
+      tenantId,
+      organizationId,
+      sourceEntityId: userId,
+      data: { userId, email }
+    });
+  } catch {
+  }
+}
+export {
+  handle as default,
+  metadata
+};
+//# sourceMappingURL=notifyStaffOnSignup.js.map

package/dist/modules/customer_accounts/subscribers/notifyStaffOnSignup.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/modules/customer_accounts/subscribers/notifyStaffOnSignup.ts"],
+  "sourcesContent": ["import type { EventBus } from '@open-mercato/events/types'\n\nexport const metadata = {\n  event: 'customer_accounts.user.created',\n  persistent: true,\n  id: 'customer_accounts:notify-staff-on-signup',\n}\n\nexport default async function handle(\n  payload: unknown,\n  ctx: { resolve: <T = unknown>(name: string) => T; eventName?: string },\n): Promise<void> {\n  const data = payload as Record<string, unknown>\n  const userId = data?.id as string\n  const email = data?.email as string\n  const tenantId = data?.tenantId as string\n  const organizationId = data?.organizationId as string\n  if (!userId || !email || !tenantId || !organizationId) return\n\n  try {\n    const eventBus = ctx.resolve<EventBus>('eventBus')\n    await eventBus.emitEvent('notifications.create', {\n      type: 'customer_accounts.user.signup',\n      tenantId,\n      organizationId,\n      sourceEntityId: userId,\n      data: { userId, email },\n    })\n  } catch {\n    // Notifications module may not be available\n  }\n}\n"],
+  "mappings": "AAEO,MAAM,WAAW;AAAA,EACtB,OAAO;AAAA,EACP,YAAY;AAAA,EACZ,IAAI;AACN;AAEA,eAAO,OACL,SACA,KACe;AACf,QAAM,OAAO;AACb,QAAM,SAAS,MAAM;AACrB,QAAM,QAAQ,MAAM;AACpB,QAAM,WAAW,MAAM;AACvB,QAAM,iBAAiB,MAAM;AAC7B,MAAI,CAAC,UAAU,CAAC,SAAS,CAAC,YAAY,CAAC,eAAgB;AAEvD,MAAI;AACF,UAAM,WAAW,IAAI,QAAkB,UAAU;AACjD,UAAM,SAAS,UAAU,wBAAwB;AAAA,MAC/C,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB,MAAM,EAAE,QAAQ,MAAM;AAAA,IACxB,CAAC;AAAA,EACH,QAAQ;AAAA,EAER;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/translations.js ADDED Viewed

@@ -0,0 +1,9 @@
+const translatableFields = {
+  "customer_accounts:customer_role": ["name", "description"]
+};
+var translations_default = translatableFields;
+export {
+  translations_default as default,
+  translatableFields
+};
+//# sourceMappingURL=translations.js.map

package/dist/modules/customer_accounts/translations.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/modules/customer_accounts/translations.ts"],
+  "sourcesContent": ["export const translatableFields: Record<string, string[]> = {\n  'customer_accounts:customer_role': ['name', 'description'],\n}\n\nexport default translatableFields\n"],
+  "mappings": "AAAO,MAAM,qBAA+C;AAAA,EAC1D,mCAAmC,CAAC,QAAQ,aAAa;AAC3D;AAEA,IAAO,uBAAQ;",
+  "names": []
+}

package/dist/modules/customer_accounts/widgets/injection/account-status/widget.client.js ADDED Viewed

@@ -0,0 +1,63 @@
+"use client";
+import { jsx, jsxs } from "react/jsx-runtime";
+import { useQuery } from "@tanstack/react-query";
+import { apiCall } from "@open-mercato/ui/backend/utils/apiCall";
+import { useT } from "@open-mercato/shared/lib/i18n/context";
+function AccountStatusWidget({ context }) {
+  const t = useT();
+  const personEntityId = context?.recordId;
+  const { data, isLoading } = useQuery({
+    queryKey: ["customer-account-status", personEntityId],
+    queryFn: async () => {
+      if (!personEntityId) return null;
+      const result = await apiCall(`/api/customer_accounts/admin/users?personEntityId=${personEntityId}&pageSize=1`);
+      if (!result.ok) return null;
+      const json = result.result;
+      const items = json?.items;
+      return items?.[0] || null;
+    },
+    enabled: !!personEntityId
+  });
+  if (isLoading) {
+    return /* @__PURE__ */ jsx("div", { className: "text-sm text-muted-foreground", children: t("common.loading", "Loading...") });
+  }
+  if (!data) {
+    return /* @__PURE__ */ jsxs("div", { className: "rounded-md border p-3", children: [
+      /* @__PURE__ */ jsx("div", { className: "text-sm font-medium mb-1", children: t("customer_accounts.widgets.accountStatus", "Portal Account") }),
+      /* @__PURE__ */ jsx("div", { className: "text-sm text-muted-foreground", children: t("customer_accounts.widgets.noAccount", "No portal account linked") })
+    ] });
+  }
+  return /* @__PURE__ */ jsxs("div", { className: "rounded-md border p-3", children: [
+    /* @__PURE__ */ jsx("div", { className: "text-sm font-medium mb-2", children: t("customer_accounts.widgets.accountStatus", "Portal Account") }),
+    /* @__PURE__ */ jsxs("div", { className: "space-y-1 text-sm", children: [
+      /* @__PURE__ */ jsxs("div", { className: "flex justify-between", children: [
+        /* @__PURE__ */ jsx("span", { className: "text-muted-foreground", children: t("common.status", "Status") }),
+        /* @__PURE__ */ jsx("span", { className: data.isActive ? "text-green-600" : "text-red-600", children: data.isActive ? t("common.active", "Active") : t("common.inactive", "Inactive") })
+      ] }),
+      /* @__PURE__ */ jsxs("div", { className: "flex justify-between", children: [
+        /* @__PURE__ */ jsx("span", { className: "text-muted-foreground", children: t("common.email", "Email") }),
+        /* @__PURE__ */ jsx("span", { children: data.email })
+      ] }),
+      data.emailVerified !== void 0 && /* @__PURE__ */ jsxs("div", { className: "flex justify-between", children: [
+        /* @__PURE__ */ jsx("span", { className: "text-muted-foreground", children: t("customer_accounts.widgets.emailVerified", "Email Verified") }),
+        /* @__PURE__ */ jsx("span", { children: data.emailVerified ? "\u2713" : "\u2717" })
+      ] }),
+      data.lastLoginAt && /* @__PURE__ */ jsxs("div", { className: "flex justify-between", children: [
+        /* @__PURE__ */ jsx("span", { className: "text-muted-foreground", children: t("customer_accounts.widgets.lastLogin", "Last Login") }),
+        /* @__PURE__ */ jsx("span", { children: new Date(data.lastLoginAt).toLocaleDateString() })
+      ] })
+    ] }),
+    /* @__PURE__ */ jsx("div", { className: "mt-2", children: /* @__PURE__ */ jsx(
+      "a",
+      {
+        href: `/backend/customer_accounts/${data.id}`,
+        className: "text-xs text-primary hover:underline",
+        children: t("customer_accounts.widgets.viewAccount", "View account details \u2192")
+      }
+    ) })
+  ] });
+}
+export {
+  AccountStatusWidget as default
+};
+//# sourceMappingURL=widget.client.js.map

package/dist/modules/customer_accounts/widgets/injection/account-status/widget.client.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/customer_accounts/widgets/injection/account-status/widget.client.tsx"],
+  "sourcesContent": ["\"use client\"\n\nimport { useQuery } from '@tanstack/react-query'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\n\ninterface AccountStatusData {\n  id: string\n  email: string\n  isActive: boolean\n  emailVerified: boolean\n  lastLoginAt: string | null\n}\n\ninterface AccountStatusProps {\n  context?: {\n    entityId?: string\n    recordId?: string\n  }\n}\n\nexport default function AccountStatusWidget({ context }: AccountStatusProps) {\n  const t = useT()\n  const personEntityId = context?.recordId\n\n  const { data, isLoading } = useQuery({\n    queryKey: ['customer-account-status', personEntityId],\n    queryFn: async (): Promise<AccountStatusData | null> => {\n      if (!personEntityId) return null\n      const result = await apiCall(`/api/customer_accounts/admin/users?personEntityId=${personEntityId}&pageSize=1`)\n      if (!result.ok) return null\n      const json = result.result as Record<string, unknown> | null\n      const items = json?.items as AccountStatusData[] | undefined\n      return items?.[0] || null\n    },\n    enabled: !!personEntityId,\n  })\n\n  if (isLoading) {\n    return <div className=\"text-sm text-muted-foreground\">{t('common.loading', 'Loading...')}</div>\n  }\n\n  if (!data) {\n    return (\n      <div className=\"rounded-md border p-3\">\n        <div className=\"text-sm font-medium mb-1\">{t('customer_accounts.widgets.accountStatus', 'Portal Account')}</div>\n        <div className=\"text-sm text-muted-foreground\">{t('customer_accounts.widgets.noAccount', 'No portal account linked')}</div>\n      </div>\n    )\n  }\n\n  return (\n    <div className=\"rounded-md border p-3\">\n      <div className=\"text-sm font-medium mb-2\">{t('customer_accounts.widgets.accountStatus', 'Portal Account')}</div>\n      <div className=\"space-y-1 text-sm\">\n        <div className=\"flex justify-between\">\n          <span className=\"text-muted-foreground\">{t('common.status', 'Status')}</span>\n          <span className={data.isActive ? 'text-green-600' : 'text-red-600'}>\n            {data.isActive ? t('common.active', 'Active') : t('common.inactive', 'Inactive')}\n          </span>\n        </div>\n        <div className=\"flex justify-between\">\n          <span className=\"text-muted-foreground\">{t('common.email', 'Email')}</span>\n          <span>{data.email}</span>\n        </div>\n        {data.emailVerified !== undefined && (\n          <div className=\"flex justify-between\">\n            <span className=\"text-muted-foreground\">{t('customer_accounts.widgets.emailVerified', 'Email Verified')}</span>\n            <span>{data.emailVerified ? '\u2713' : '\u2717'}</span>\n          </div>\n        )}\n        {data.lastLoginAt && (\n          <div className=\"flex justify-between\">\n            <span className=\"text-muted-foreground\">{t('customer_accounts.widgets.lastLogin', 'Last Login')}</span>\n            <span>{new Date(data.lastLoginAt).toLocaleDateString()}</span>\n          </div>\n        )}\n      </div>\n      <div className=\"mt-2\">\n        <a\n          href={`/backend/customer_accounts/${data.id}`}\n          className=\"text-xs text-primary hover:underline\"\n        >\n          {t('customer_accounts.widgets.viewAccount', 'View account details \u2192')}\n        </a>\n      </div>\n    </div>\n  )\n}\n"],
+  "mappings": ";AAuCW,cAKL,YALK;AArCX,SAAS,gBAAgB;AACzB,SAAS,eAAe;AACxB,SAAS,YAAY;AAiBN,SAAR,oBAAqC,EAAE,QAAQ,GAAuB;AAC3E,QAAM,IAAI,KAAK;AACf,QAAM,iBAAiB,SAAS;AAEhC,QAAM,EAAE,MAAM,UAAU,IAAI,SAAS;AAAA,IACnC,UAAU,CAAC,2BAA2B,cAAc;AAAA,IACpD,SAAS,YAA+C;AACtD,UAAI,CAAC,eAAgB,QAAO;AAC5B,YAAM,SAAS,MAAM,QAAQ,qDAAqD,cAAc,aAAa;AAC7G,UAAI,CAAC,OAAO,GAAI,QAAO;AACvB,YAAM,OAAO,OAAO;AACpB,YAAM,QAAQ,MAAM;AACpB,aAAO,QAAQ,CAAC,KAAK;AAAA,IACvB;AAAA,IACA,SAAS,CAAC,CAAC;AAAA,EACb,CAAC;AAED,MAAI,WAAW;AACb,WAAO,oBAAC,SAAI,WAAU,iCAAiC,YAAE,kBAAkB,YAAY,GAAE;AAAA,EAC3F;AAEA,MAAI,CAAC,MAAM;AACT,WACE,qBAAC,SAAI,WAAU,yBACb;AAAA,0BAAC,SAAI,WAAU,4BAA4B,YAAE,2CAA2C,gBAAgB,GAAE;AAAA,MAC1G,oBAAC,SAAI,WAAU,iCAAiC,YAAE,uCAAuC,0BAA0B,GAAE;AAAA,OACvH;AAAA,EAEJ;AAEA,SACE,qBAAC,SAAI,WAAU,yBACb;AAAA,wBAAC,SAAI,WAAU,4BAA4B,YAAE,2CAA2C,gBAAgB,GAAE;AAAA,IAC1G,qBAAC,SAAI,WAAU,qBACb;AAAA,2BAAC,SAAI,WAAU,wBACb;AAAA,4BAAC,UAAK,WAAU,yBAAyB,YAAE,iBAAiB,QAAQ,GAAE;AAAA,QACtE,oBAAC,UAAK,WAAW,KAAK,WAAW,mBAAmB,gBACjD,eAAK,WAAW,EAAE,iBAAiB,QAAQ,IAAI,EAAE,mBAAmB,UAAU,GACjF;AAAA,SACF;AAAA,MACA,qBAAC,SAAI,WAAU,wBACb;AAAA,4BAAC,UAAK,WAAU,yBAAyB,YAAE,gBAAgB,OAAO,GAAE;AAAA,QACpE,oBAAC,UAAM,eAAK,OAAM;AAAA,SACpB;AAAA,MACC,KAAK,kBAAkB,UACtB,qBAAC,SAAI,WAAU,wBACb;AAAA,4BAAC,UAAK,WAAU,yBAAyB,YAAE,2CAA2C,gBAAgB,GAAE;AAAA,QACxG,oBAAC,UAAM,eAAK,gBAAgB,WAAM,UAAI;AAAA,SACxC;AAAA,MAED,KAAK,eACJ,qBAAC,SAAI,WAAU,wBACb;AAAA,4BAAC,UAAK,WAAU,yBAAyB,YAAE,uCAAuC,YAAY,GAAE;AAAA,QAChG,oBAAC,UAAM,cAAI,KAAK,KAAK,WAAW,EAAE,mBAAmB,GAAE;AAAA,SACzD;AAAA,OAEJ;AAAA,IACA,oBAAC,SAAI,WAAU,QACb;AAAA,MAAC;AAAA;AAAA,QACC,MAAM,8BAA8B,KAAK,EAAE;AAAA,QAC3C,WAAU;AAAA,QAET,YAAE,yCAAyC,6BAAwB;AAAA;AAAA,IACtE,GACF;AAAA,KACF;AAEJ;",
+  "names": []
+}

package/dist/modules/customer_accounts/widgets/injection/account-status/widget.js ADDED Viewed

@@ -0,0 +1,17 @@
+import AccountStatusWidget from "./widget.client.js";
+const widget = {
+  metadata: {
+    id: "customer_accounts.injection.account-status",
+    title: "Customer Account Status",
+    description: "Shows customer portal account status on CRM person detail",
+    features: ["customer_accounts.view"],
+    priority: 100,
+    enabled: true
+  },
+  Widget: AccountStatusWidget
+};
+var widget_default = widget;
+export {
+  widget_default as default
+};
+//# sourceMappingURL=widget.js.map

package/dist/modules/customer_accounts/widgets/injection/account-status/widget.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/customer_accounts/widgets/injection/account-status/widget.ts"],
+  "sourcesContent": ["import type { InjectionWidgetModule } from '@open-mercato/shared/modules/widgets/injection'\nimport AccountStatusWidget from './widget.client'\n\nconst widget: InjectionWidgetModule<Record<string, unknown>, Record<string, unknown>> = {\n  metadata: {\n    id: 'customer_accounts.injection.account-status',\n    title: 'Customer Account Status',\n    description: 'Shows customer portal account status on CRM person detail',\n    features: ['customer_accounts.view'],\n    priority: 100,\n    enabled: true,\n  },\n  Widget: AccountStatusWidget,\n}\n\nexport default widget\n"],
+  "mappings": "AACA,OAAO,yBAAyB;AAEhC,MAAM,SAAkF;AAAA,EACtF,UAAU;AAAA,IACR,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,aAAa;AAAA,IACb,UAAU,CAAC,wBAAwB;AAAA,IACnC,UAAU;AAAA,IACV,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AACV;AAEA,IAAO,iBAAQ;",
+  "names": []
+}