npm - @open-mercato/core - Versions diffs - 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b - Mend

@open-mercato/core 0.4.8-develop-28cee031d6 → 0.4.8-develop-15259be22b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (333) hide show

package/dist/modules/customer_accounts/api/admin/users/[id].js ADDED Viewed

@@ -0,0 +1,253 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerUser, CustomerUserRole, CustomerRole, CustomerUserSession } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { adminUpdateUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+async function GET(req, { params }) {
+  if (!UUID_RE.test(params.id)) {
+    return NextResponse.json({ ok: false, error: "Invalid user ID" }, { status: 400 });
+  }
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.view"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const user = await em.findOne(CustomerUser, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "User not found" }, { status: 404 });
+  }
+  const userRoles = await em.find(CustomerUserRole, {
+    user: user.id,
+    deletedAt: null
+  }, { populate: ["role"] });
+  const roles = userRoles.map((ur) => ({
+    id: ur.role.id,
+    name: ur.role.name,
+    slug: ur.role.slug
+  }));
+  const activeSessions = await em.find(CustomerUserSession, {
+    user: user.id,
+    deletedAt: null,
+    expiresAt: { $gt: /* @__PURE__ */ new Date() }
+  }, { orderBy: { lastUsedAt: "DESC" } });
+  const sessions = activeSessions.map((session) => ({
+    id: session.id,
+    ipAddress: session.ipAddress || null,
+    userAgent: session.userAgent || null,
+    lastUsedAt: session.lastUsedAt || null,
+    createdAt: session.createdAt,
+    expiresAt: session.expiresAt
+  }));
+  return NextResponse.json({
+    ok: true,
+    id: user.id,
+    email: user.email,
+    displayName: user.displayName,
+    emailVerifiedAt: user.emailVerifiedAt || null,
+    isActive: user.isActive,
+    lockedUntil: user.lockedUntil || null,
+    lastLoginAt: user.lastLoginAt || null,
+    customerEntityId: user.customerEntityId || null,
+    personEntityId: user.personEntityId || null,
+    createdAt: user.createdAt,
+    updatedAt: user.updatedAt || null,
+    roles,
+    sessions
+  });
+}
+async function PUT(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = adminUpdateUserSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const em = container.resolve("em");
+  const user = await em.findOne(CustomerUser, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "User not found" }, { status: 404 });
+  }
+  const updates = {};
+  if (parsed.data.displayName !== void 0) updates.displayName = parsed.data.displayName;
+  if (parsed.data.isActive !== void 0) updates.isActive = parsed.data.isActive;
+  if (parsed.data.lockedUntil !== void 0) updates.lockedUntil = parsed.data.lockedUntil ? new Date(parsed.data.lockedUntil) : null;
+  if (parsed.data.personEntityId !== void 0) updates.personEntityId = parsed.data.personEntityId;
+  if (parsed.data.customerEntityId !== void 0) updates.customerEntityId = parsed.data.customerEntityId;
+  if (Object.keys(updates).length > 0) {
+    await em.nativeUpdate(CustomerUser, { id: user.id }, updates);
+  }
+  let rolesChanged = false;
+  if (parsed.data.roleIds !== void 0) {
+    const validRoles = [];
+    for (const roleId of parsed.data.roleIds) {
+      const role = await em.findOne(CustomerRole, { id: roleId, tenantId: auth.tenantId, deletedAt: null });
+      if (!role) {
+        return NextResponse.json({ ok: false, error: `Role ${roleId} not found` }, { status: 400 });
+      }
+      validRoles.push(role);
+    }
+    await em.nativeDelete(CustomerUserRole, { user: user.id });
+    for (const role of validRoles) {
+      const userRole = em.create(CustomerUserRole, {
+        user,
+        role,
+        createdAt: /* @__PURE__ */ new Date()
+      });
+      em.persist(userRole);
+    }
+    await em.flush();
+    rolesChanged = true;
+  }
+  if (rolesChanged) {
+    const customerRbacService = container.resolve("customerRbacService");
+    await customerRbacService.invalidateUserCache(user.id);
+  }
+  void emitCustomerAccountsEvent("customer_accounts.user.updated", {
+    id: user.id,
+    email: user.email,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    updatedBy: auth.sub
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+async function DELETE(req, { params }) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const user = await em.findOne(CustomerUser, {
+    id: params.id,
+    tenantId: auth.tenantId,
+    deletedAt: null
+  });
+  if (!user) {
+    return NextResponse.json({ ok: false, error: "User not found" }, { status: 404 });
+  }
+  const customerUserService = container.resolve("customerUserService");
+  const customerSessionService = container.resolve("customerSessionService");
+  await customerUserService.softDelete(user.id);
+  await customerSessionService.revokeAllUserSessions(user.id);
+  void emitCustomerAccountsEvent("customer_accounts.user.deleted", {
+    id: user.id,
+    email: user.email,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    deletedBy: auth.sub
+  }).catch(() => void 0);
+  return NextResponse.json({ ok: true });
+}
+const roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() });
+const userDetailSchema = z.object({
+  id: z.string().uuid(),
+  email: z.string(),
+  displayName: z.string(),
+  emailVerified: z.boolean(),
+  isActive: z.boolean(),
+  lockedUntil: z.string().datetime().nullable(),
+  lastLoginAt: z.string().datetime().nullable(),
+  failedLoginAttempts: z.number(),
+  customerEntityId: z.string().uuid().nullable(),
+  personEntityId: z.string().uuid().nullable(),
+  createdAt: z.string().datetime(),
+  updatedAt: z.string().datetime().nullable(),
+  roles: z.array(roleSchema),
+  activeSessionCount: z.number()
+});
+const successSchema = z.object({ ok: z.literal(true) });
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const getMethodDoc = {
+  summary: "Get customer user detail (admin)",
+  description: "Returns full customer user details including CRM links, roles, and active session count.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{
+    status: 200,
+    description: "User detail",
+    schema: z.object({ ok: z.literal(true), user: userDetailSchema })
+  }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "User not found", schema: errorSchema }
+  ]
+};
+const putMethodDoc = {
+  summary: "Update customer user (admin)",
+  description: "Updates a customer user. Staff can update status, lock, CRM links, and roles. Role assignment bypasses customer_assignable check.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: adminUpdateUserSchema },
+  responses: [{ status: 200, description: "User updated", schema: successSchema }],
+  errors: [
+    { status: 400, description: "Validation failed or role not found", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "User not found", schema: errorSchema }
+  ]
+};
+const deleteMethodDoc = {
+  summary: "Delete customer user (admin)",
+  description: "Soft deletes a customer user and revokes all their active sessions.",
+  tags: ["Customer Accounts Admin"],
+  responses: [{ status: 200, description: "User deleted", schema: successSchema }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 404, description: "User not found", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Customer user detail management (admin)",
+  pathParams: z.object({ id: z.string().uuid() }),
+  methods: {
+    GET: getMethodDoc,
+    PUT: putMethodDoc,
+    DELETE: deleteMethodDoc
+  }
+};
+export {
+  DELETE,
+  GET,
+  PUT,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=%5Bid%5D.js.map

package/dist/modules/customer_accounts/api/admin/users/[id].js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/modules/customer_accounts/api/admin/users/%5Bid%5D.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerUser, CustomerUserRole, CustomerRole, CustomerUserSession } from '@open-mercato/core/modules/customer_accounts/data/entities'\nimport { CustomerUserService } from '@open-mercato/core/modules/customer_accounts/services/customerUserService'\nimport { CustomerSessionService } from '@open-mercato/core/modules/customer_accounts/services/customerSessionService'\nimport { CustomerRbacService } from '@open-mercato/core/modules/customer_accounts/services/customerRbacService'\nimport { adminUpdateUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\nimport { emitCustomerAccountsEvent } from '@open-mercato/core/modules/customer_accounts/events'\n\nexport const metadata = {}\n\nconst UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i\n\nexport async function GET(req: Request, { params }: { params: { id: string } }) {\n  if (!UUID_RE.test(params.id)) {\n    return NextResponse.json({ ok: false, error: 'Invalid user ID' }, { status: 400 })\n  }\n\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.view'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await em.findOne(CustomerUser, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const userRoles = await em.find(CustomerUserRole, {\n    user: user.id as any,\n    deletedAt: null,\n  }, { populate: ['role'] })\n  const roles = userRoles.map((ur) => ({\n    id: (ur.role as any).id,\n    name: (ur.role as any).name,\n    slug: (ur.role as any).slug,\n  }))\n\n  const activeSessions = await em.find(CustomerUserSession, {\n    user: user.id as any,\n    deletedAt: null,\n    expiresAt: { $gt: new Date() },\n  }, { orderBy: { lastUsedAt: 'DESC' } })\n\n  const sessions = activeSessions.map((session) => ({\n    id: session.id,\n    ipAddress: (session as any).ipAddress || null,\n    userAgent: (session as any).userAgent || null,\n    lastUsedAt: (session as any).lastUsedAt || null,\n    createdAt: session.createdAt,\n    expiresAt: session.expiresAt,\n  }))\n\n  return NextResponse.json({\n    ok: true,\n    id: user.id,\n    email: user.email,\n    displayName: user.displayName,\n    emailVerifiedAt: user.emailVerifiedAt || null,\n    isActive: user.isActive,\n    lockedUntil: user.lockedUntil || null,\n    lastLoginAt: user.lastLoginAt || null,\n    customerEntityId: user.customerEntityId || null,\n    personEntityId: user.personEntityId || null,\n    createdAt: user.createdAt,\n    updatedAt: user.updatedAt || null,\n    roles,\n    sessions,\n  })\n}\n\nexport async function PUT(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = adminUpdateUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await em.findOne(CustomerUser, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const updates: Record<string, unknown> = {}\n  if (parsed.data.displayName !== undefined) updates.displayName = parsed.data.displayName\n  if (parsed.data.isActive !== undefined) updates.isActive = parsed.data.isActive\n  if (parsed.data.lockedUntil !== undefined) updates.lockedUntil = parsed.data.lockedUntil ? new Date(parsed.data.lockedUntil) : null\n  if (parsed.data.personEntityId !== undefined) updates.personEntityId = parsed.data.personEntityId\n  if (parsed.data.customerEntityId !== undefined) updates.customerEntityId = parsed.data.customerEntityId\n\n  if (Object.keys(updates).length > 0) {\n    await em.nativeUpdate(CustomerUser, { id: user.id }, updates)\n  }\n\n  let rolesChanged = false\n  if (parsed.data.roleIds !== undefined) {\n    const validRoles: InstanceType<typeof CustomerRole>[] = []\n    for (const roleId of parsed.data.roleIds) {\n      const role = await em.findOne(CustomerRole, { id: roleId, tenantId: auth.tenantId, deletedAt: null })\n      if (!role) {\n        return NextResponse.json({ ok: false, error: `Role ${roleId} not found` }, { status: 400 })\n      }\n      validRoles.push(role)\n    }\n\n    await em.nativeDelete(CustomerUserRole, { user: user.id } as Record<string, unknown>)\n\n    for (const role of validRoles) {\n      const userRole = em.create(CustomerUserRole, {\n        user,\n        role,\n        createdAt: new Date(),\n      } as any)\n      em.persist(userRole)\n    }\n    await em.flush()\n    rolesChanged = true\n  }\n\n  if (rolesChanged) {\n    const customerRbacService = container.resolve('customerRbacService') as CustomerRbacService\n    await customerRbacService.invalidateUserCache(user.id)\n  }\n\n  void emitCustomerAccountsEvent('customer_accounts.user.updated', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    updatedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nexport async function DELETE(req: Request, { params }: { params: { id: string } }) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.manage'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  const em = container.resolve('em') as import('@mikro-orm/postgresql').EntityManager\n\n  const user = await em.findOne(CustomerUser, {\n    id: params.id,\n    tenantId: auth.tenantId,\n    deletedAt: null,\n  })\n  if (!user) {\n    return NextResponse.json({ ok: false, error: 'User not found' }, { status: 404 })\n  }\n\n  const customerUserService = container.resolve('customerUserService') as CustomerUserService\n  const customerSessionService = container.resolve('customerSessionService') as CustomerSessionService\n\n  await customerUserService.softDelete(user.id)\n  await customerSessionService.revokeAllUserSessions(user.id)\n\n  void emitCustomerAccountsEvent('customer_accounts.user.deleted', {\n    id: user.id,\n    email: user.email,\n    tenantId: auth.tenantId,\n    organizationId: auth.orgId,\n    deletedBy: auth.sub,\n  }).catch(() => undefined)\n\n  return NextResponse.json({ ok: true })\n}\n\nconst roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() })\nconst userDetailSchema = z.object({\n  id: z.string().uuid(),\n  email: z.string(),\n  displayName: z.string(),\n  emailVerified: z.boolean(),\n  isActive: z.boolean(),\n  lockedUntil: z.string().datetime().nullable(),\n  lastLoginAt: z.string().datetime().nullable(),\n  failedLoginAttempts: z.number(),\n  customerEntityId: z.string().uuid().nullable(),\n  personEntityId: z.string().uuid().nullable(),\n  createdAt: z.string().datetime(),\n  updatedAt: z.string().datetime().nullable(),\n  roles: z.array(roleSchema),\n  activeSessionCount: z.number(),\n})\n\nconst successSchema = z.object({ ok: z.literal(true) })\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst getMethodDoc: OpenApiMethodDoc = {\n  summary: 'Get customer user detail (admin)',\n  description: 'Returns full customer user details including CRM links, roles, and active session count.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{\n    status: 200,\n    description: 'User detail',\n    schema: z.object({ ok: z.literal(true), user: userDetailSchema }),\n  }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst putMethodDoc: OpenApiMethodDoc = {\n  summary: 'Update customer user (admin)',\n  description: 'Updates a customer user. Staff can update status, lock, CRM links, and roles. Role assignment bypasses customer_assignable check.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: adminUpdateUserSchema },\n  responses: [{ status: 200, description: 'User updated', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed or role not found', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nconst deleteMethodDoc: OpenApiMethodDoc = {\n  summary: 'Delete customer user (admin)',\n  description: 'Soft deletes a customer user and revokes all their active sessions.',\n  tags: ['Customer Accounts Admin'],\n  responses: [{ status: 200, description: 'User deleted', schema: successSchema }],\n  errors: [\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n    { status: 404, description: 'User not found', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Customer user detail management (admin)',\n  pathParams: z.object({ id: z.string().uuid() }),\n  methods: {\n    GET: getMethodDoc,\n    PUT: putMethodDoc,\n    DELETE: deleteMethodDoc,\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,cAAc,kBAAkB,cAAc,2BAA2B;AAIlF,SAAS,6BAA6B;AACtC,SAAS,iCAAiC;AAEnC,MAAM,WAAW,CAAC;AAEzB,MAAM,UAAU;AAEhB,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,MAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,GAAG;AAC5B,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,kBAAkB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnF;AAEA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,wBAAwB,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACpJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,YAAY,MAAM,GAAG,KAAK,kBAAkB;AAAA,IAChD,MAAM,KAAK;AAAA,IACX,WAAW;AAAA,EACb,GAAG,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC;AACzB,QAAM,QAAQ,UAAU,IAAI,CAAC,QAAQ;AAAA,IACnC,IAAK,GAAG,KAAa;AAAA,IACrB,MAAO,GAAG,KAAa;AAAA,IACvB,MAAO,GAAG,KAAa;AAAA,EACzB,EAAE;AAEF,QAAM,iBAAiB,MAAM,GAAG,KAAK,qBAAqB;AAAA,IACxD,MAAM,KAAK;AAAA,IACX,WAAW;AAAA,IACX,WAAW,EAAE,KAAK,oBAAI,KAAK,EAAE;AAAA,EAC/B,GAAG,EAAE,SAAS,EAAE,YAAY,OAAO,EAAE,CAAC;AAEtC,QAAM,WAAW,eAAe,IAAI,CAAC,aAAa;AAAA,IAChD,IAAI,QAAQ;AAAA,IACZ,WAAY,QAAgB,aAAa;AAAA,IACzC,WAAY,QAAgB,aAAa;AAAA,IACzC,YAAa,QAAgB,cAAc;AAAA,IAC3C,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,EACrB,EAAE;AAEF,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,aAAa,KAAK;AAAA,IAClB,iBAAiB,KAAK,mBAAmB;AAAA,IACzC,UAAU,KAAK;AAAA,IACf,aAAa,KAAK,eAAe;AAAA,IACjC,aAAa,KAAK,eAAe;AAAA,IACjC,kBAAkB,KAAK,oBAAoB;AAAA,IAC3C,gBAAgB,KAAK,kBAAkB;AAAA,IACvC,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK,aAAa;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEA,eAAsB,IAAI,KAAc,EAAE,OAAO,GAA+B;AAC9E,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,sBAAsB,UAAU,IAAI;AACnD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,UAAmC,CAAC;AAC1C,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK;AAC7E,MAAI,OAAO,KAAK,aAAa,OAAW,SAAQ,WAAW,OAAO,KAAK;AACvE,MAAI,OAAO,KAAK,gBAAgB,OAAW,SAAQ,cAAc,OAAO,KAAK,cAAc,IAAI,KAAK,OAAO,KAAK,WAAW,IAAI;AAC/H,MAAI,OAAO,KAAK,mBAAmB,OAAW,SAAQ,iBAAiB,OAAO,KAAK;AACnF,MAAI,OAAO,KAAK,qBAAqB,OAAW,SAAQ,mBAAmB,OAAO,KAAK;AAEvF,MAAI,OAAO,KAAK,OAAO,EAAE,SAAS,GAAG;AACnC,UAAM,GAAG,aAAa,cAAc,EAAE,IAAI,KAAK,GAAG,GAAG,OAAO;AAAA,EAC9D;AAEA,MAAI,eAAe;AACnB,MAAI,OAAO,KAAK,YAAY,QAAW;AACrC,UAAM,aAAkD,CAAC;AACzD,eAAW,UAAU,OAAO,KAAK,SAAS;AACxC,YAAM,OAAO,MAAM,GAAG,QAAQ,cAAc,EAAE,IAAI,QAAQ,UAAU,KAAK,UAAU,WAAW,KAAK,CAAC;AACpG,UAAI,CAAC,MAAM;AACT,eAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,QAAQ,MAAM,aAAa,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC5F;AACA,iBAAW,KAAK,IAAI;AAAA,IACtB;AAEA,UAAM,GAAG,aAAa,kBAAkB,EAAE,MAAM,KAAK,GAAG,CAA4B;AAEpF,eAAW,QAAQ,YAAY;AAC7B,YAAM,WAAW,GAAG,OAAO,kBAAkB;AAAA,QAC3C;AAAA,QACA;AAAA,QACA,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAQ;AACR,SAAG,QAAQ,QAAQ;AAAA,IACrB;AACA,UAAM,GAAG,MAAM;AACf,mBAAe;AAAA,EACjB;AAEA,MAAI,cAAc;AAChB,UAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,UAAM,oBAAoB,oBAAoB,KAAK,EAAE;AAAA,EACvD;AAEA,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,eAAsB,OAAO,KAAc,EAAE,OAAO,GAA+B;AACjF,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,QAAM,KAAK,UAAU,QAAQ,IAAI;AAEjC,QAAM,OAAO,MAAM,GAAG,QAAQ,cAAc;AAAA,IAC1C,IAAI,OAAO;AAAA,IACX,UAAU,KAAK;AAAA,IACf,WAAW;AAAA,EACb,CAAC;AACD,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,iBAAiB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AAEA,QAAM,sBAAsB,UAAU,QAAQ,qBAAqB;AACnE,QAAM,yBAAyB,UAAU,QAAQ,wBAAwB;AAEzE,QAAM,oBAAoB,WAAW,KAAK,EAAE;AAC5C,QAAM,uBAAuB,sBAAsB,KAAK,EAAE;AAE1D,OAAK,0BAA0B,kCAAkC;AAAA,IAC/D,IAAI,KAAK;AAAA,IACT,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,EAClB,CAAC,EAAE,MAAM,MAAM,MAAS;AAExB,SAAO,aAAa,KAAK,EAAE,IAAI,KAAK,CAAC;AACvC;AAEA,MAAM,aAAa,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,OAAO,EAAE,CAAC;AACzF,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,EACpB,OAAO,EAAE,OAAO;AAAA,EAChB,aAAa,EAAE,OAAO;AAAA,EACtB,eAAe,EAAE,QAAQ;AAAA,EACzB,UAAU,EAAE,QAAQ;AAAA,EACpB,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,aAAa,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,qBAAqB,EAAE,OAAO;AAAA,EAC9B,kBAAkB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC7C,gBAAgB,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA,EAC3C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,OAAO,EAAE,MAAM,UAAU;AAAA,EACzB,oBAAoB,EAAE,OAAO;AAC/B,CAAC;AAED,MAAM,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC;AACtD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC;AAAA,IACV,QAAQ;AAAA,IACR,aAAa;AAAA,IACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,MAAM,iBAAiB,CAAC;AAAA,EAClE,CAAC;AAAA,EACD,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,eAAiC;AAAA,EACrC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,sBAAsB;AAAA,EAC7C,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,uCAAuC,QAAQ,YAAY;AAAA,IACvF,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEA,MAAM,kBAAoC;AAAA,EACxC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,cAAc,CAAC;AAAA,EAC/E,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,IAC5E,EAAE,QAAQ,KAAK,aAAa,kBAAkB,QAAQ,YAAY;AAAA,EACpE;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,EAC9C,SAAS;AAAA,IACP,KAAK;AAAA,IACL,KAAK;AAAA,IACL,QAAQ;AAAA,EACV;AACF;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/admin/users-invite.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { inviteUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+const metadata = {};
+async function POST(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.invite"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = inviteUserSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const customerInvitationService = container.resolve("customerInvitationService");
+  const { invitation } = await customerInvitationService.createInvitation(
+    parsed.data.email,
+    { tenantId: auth.tenantId, organizationId: auth.orgId },
+    {
+      customerEntityId: parsed.data.customerEntityId || null,
+      roleIds: parsed.data.roleIds,
+      invitedByUserId: auth.sub,
+      displayName: parsed.data.displayName || null
+    }
+  );
+  return NextResponse.json({
+    ok: true,
+    invitation: {
+      id: invitation.id,
+      email: invitation.email,
+      expiresAt: invitation.expiresAt
+    }
+  }, { status: 201 });
+}
+const successSchema = z.object({
+  ok: z.literal(true),
+  invitation: z.object({
+    id: z.string().uuid(),
+    email: z.string(),
+    expiresAt: z.string().datetime()
+  })
+});
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const methodDoc = {
+  summary: "Invite customer user (admin)",
+  description: "Creates a staff-initiated invitation for a new customer user. The invitedByUserId is set from the staff auth context.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: inviteUserSchema },
+  responses: [{ status: 201, description: "Invitation created", schema: successSchema }],
+  errors: [
+    { status: 400, description: "Validation failed", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Invite customer user (admin)",
+  methods: { POST: methodDoc }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=users-invite.js.map

package/dist/modules/customer_accounts/api/admin/users-invite.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../src/modules/customer_accounts/api/admin/users-invite.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc, OpenApiMethodDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { CustomerInvitationService } from '@open-mercato/core/modules/customer_accounts/services/customerInvitationService'\nimport { inviteUserSchema } from '@open-mercato/core/modules/customer_accounts/data/validators'\n\nexport const metadata = {}\n\nexport async function POST(req: Request) {\n  const auth = await getAuthFromRequest(req)\n  if (!auth) {\n    return NextResponse.json({ ok: false, error: 'Authentication required' }, { status: 401 })\n  }\n\n  const container = await createRequestContainer()\n  const rbacService = container.resolve('rbacService') as RbacService\n  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ['customer_accounts.invite'], { tenantId: auth.tenantId, organizationId: auth.orgId })\n  if (!hasAccess) {\n    return NextResponse.json({ ok: false, error: 'Insufficient permissions' }, { status: 403 })\n  }\n\n  let body: unknown\n  try {\n    body = await req.json()\n  } catch {\n    return NextResponse.json({ ok: false, error: 'Invalid request body' }, { status: 400 })\n  }\n\n  const parsed = inviteUserSchema.safeParse(body)\n  if (!parsed.success) {\n    return NextResponse.json({ ok: false, error: 'Validation failed', details: parsed.error.flatten().fieldErrors }, { status: 400 })\n  }\n\n  const customerInvitationService = container.resolve('customerInvitationService') as CustomerInvitationService\n\n  const { invitation } = await customerInvitationService.createInvitation(\n    parsed.data.email,\n    { tenantId: auth.tenantId!, organizationId: auth.orgId! },\n    {\n      customerEntityId: parsed.data.customerEntityId || null,\n      roleIds: parsed.data.roleIds,\n      invitedByUserId: auth.sub,\n      displayName: parsed.data.displayName || null,\n    },\n  )\n\n  return NextResponse.json({\n    ok: true,\n    invitation: {\n      id: invitation.id,\n      email: invitation.email,\n      expiresAt: invitation.expiresAt,\n    },\n  }, { status: 201 })\n}\n\nconst successSchema = z.object({\n  ok: z.literal(true),\n  invitation: z.object({\n    id: z.string().uuid(),\n    email: z.string(),\n    expiresAt: z.string().datetime(),\n  }),\n})\nconst errorSchema = z.object({ ok: z.literal(false), error: z.string() })\n\nconst methodDoc: OpenApiMethodDoc = {\n  summary: 'Invite customer user (admin)',\n  description: 'Creates a staff-initiated invitation for a new customer user. The invitedByUserId is set from the staff auth context.',\n  tags: ['Customer Accounts Admin'],\n  requestBody: { schema: inviteUserSchema },\n  responses: [{ status: 201, description: 'Invitation created', schema: successSchema }],\n  errors: [\n    { status: 400, description: 'Validation failed', schema: errorSchema },\n    { status: 401, description: 'Not authenticated', schema: errorSchema },\n    { status: 403, description: 'Insufficient permissions', schema: errorSchema },\n  ],\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  summary: 'Invite customer user (admin)',\n  methods: { POST: methodDoc },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,wBAAwB;AAE1B,MAAM,WAAW,CAAC;AAEzB,eAAsB,KAAK,KAAc;AACvC,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3F;AAEA,QAAM,YAAY,MAAM,uBAAuB;AAC/C,QAAM,cAAc,UAAU,QAAQ,aAAa;AACnD,QAAM,YAAY,MAAM,YAAY,mBAAmB,KAAK,KAAK,CAAC,0BAA0B,GAAG,EAAE,UAAU,KAAK,UAAU,gBAAgB,KAAK,MAAM,CAAC;AACtJ,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC5F;AAEA,MAAI;AACJ,MAAI;AACF,WAAO,MAAM,IAAI,KAAK;AAAA,EACxB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,uBAAuB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxF;AAEA,QAAM,SAAS,iBAAiB,UAAU,IAAI;AAC9C,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,aAAa,KAAK,EAAE,IAAI,OAAO,OAAO,qBAAqB,SAAS,OAAO,MAAM,QAAQ,EAAE,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClI;AAEA,QAAM,4BAA4B,UAAU,QAAQ,2BAA2B;AAE/E,QAAM,EAAE,WAAW,IAAI,MAAM,0BAA0B;AAAA,IACrD,OAAO,KAAK;AAAA,IACZ,EAAE,UAAU,KAAK,UAAW,gBAAgB,KAAK,MAAO;AAAA,IACxD;AAAA,MACE,kBAAkB,OAAO,KAAK,oBAAoB;AAAA,MAClD,SAAS,OAAO,KAAK;AAAA,MACrB,iBAAiB,KAAK;AAAA,MACtB,aAAa,OAAO,KAAK,eAAe;AAAA,IAC1C;AAAA,EACF;AAEA,SAAO,aAAa,KAAK;AAAA,IACvB,IAAI;AAAA,IACJ,YAAY;AAAA,MACV,IAAI,WAAW;AAAA,MACf,OAAO,WAAW;AAAA,MAClB,WAAW,WAAW;AAAA,IACxB;AAAA,EACF,GAAG,EAAE,QAAQ,IAAI,CAAC;AACpB;AAEA,MAAM,gBAAgB,EAAE,OAAO;AAAA,EAC7B,IAAI,EAAE,QAAQ,IAAI;AAAA,EAClB,YAAY,EAAE,OAAO;AAAA,IACnB,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,IACpB,OAAO,EAAE,OAAO;AAAA,IAChB,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EACjC,CAAC;AACH,CAAC;AACD,MAAM,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,KAAK,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;AAExE,MAAM,YAA8B;AAAA,EAClC,SAAS;AAAA,EACT,aAAa;AAAA,EACb,MAAM,CAAC,yBAAyB;AAAA,EAChC,aAAa,EAAE,QAAQ,iBAAiB;AAAA,EACxC,WAAW,CAAC,EAAE,QAAQ,KAAK,aAAa,sBAAsB,QAAQ,cAAc,CAAC;AAAA,EACrF,QAAQ;AAAA,IACN,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,qBAAqB,QAAQ,YAAY;AAAA,IACrE,EAAE,QAAQ,KAAK,aAAa,4BAA4B,QAAQ,YAAY;AAAA,EAC9E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,SAAS;AAAA,EACT,SAAS,EAAE,MAAM,UAAU;AAC7B;",
+  "names": []
+}

package/dist/modules/customer_accounts/api/admin/users.js ADDED Viewed

@@ -0,0 +1,251 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { CustomerUser, CustomerUserRole, CustomerRole } from "@open-mercato/core/modules/customer_accounts/data/entities";
+import { adminCreateUserSchema } from "@open-mercato/core/modules/customer_accounts/data/validators";
+import { emitCustomerAccountsEvent } from "@open-mercato/core/modules/customer_accounts/events";
+const metadata = {};
+async function GET(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.view"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  const em = container.resolve("em");
+  const url = new URL(req.url);
+  const page = Math.max(1, parseInt(url.searchParams.get("page") || "1"));
+  const pageSize = Math.min(100, Math.max(1, parseInt(url.searchParams.get("pageSize") || "25")));
+  const status = url.searchParams.get("status");
+  const customerEntityId = url.searchParams.get("customerEntityId");
+  const personEntityId = url.searchParams.get("personEntityId");
+  const roleId = url.searchParams.get("roleId");
+  const search = url.searchParams.get("search");
+  const where = {
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    deletedAt: null
+  };
+  if (status === "active") {
+    where.isActive = true;
+    where.$or = [{ lockedUntil: null }, { lockedUntil: { $lt: /* @__PURE__ */ new Date() } }];
+  } else if (status === "inactive") {
+    where.isActive = false;
+  } else if (status === "locked") {
+    where.lockedUntil = { $gt: /* @__PURE__ */ new Date() };
+  }
+  if (customerEntityId) {
+    where.customerEntityId = customerEntityId;
+  }
+  if (personEntityId) {
+    where.personEntityId = personEntityId;
+  }
+  if (search) {
+    const escapedSearch = search.replace(/[%_\\]/g, "\\$&");
+    const searchFilter = [
+      { email: { $ilike: `%${escapedSearch}%` } },
+      { displayName: { $ilike: `%${escapedSearch}%` } }
+    ];
+    if (where.$or) {
+      where.$and = [{ $or: where.$or }, { $or: searchFilter }];
+      delete where.$or;
+    } else {
+      where.$or = searchFilter;
+    }
+  }
+  let userIds = null;
+  if (roleId) {
+    const roleLinks = await em.find(CustomerUserRole, {
+      role: roleId,
+      deletedAt: null
+    });
+    userIds = roleLinks.map((link) => link.user?.id || link.user);
+    if (userIds.length === 0) {
+      return NextResponse.json({
+        ok: true,
+        items: [],
+        total: 0,
+        totalPages: 1,
+        page
+      });
+    }
+    where.id = { $in: userIds };
+  }
+  const offset = (page - 1) * pageSize;
+  const [users, total] = await em.findAndCount(CustomerUser, where, {
+    orderBy: { createdAt: "DESC" },
+    limit: pageSize,
+    offset
+  });
+  const items = await Promise.all(users.map(async (user) => {
+    const userRoles = await em.find(CustomerUserRole, {
+      user: user.id,
+      deletedAt: null
+    }, { populate: ["role"] });
+    const roles = userRoles.map((ur) => ({
+      id: ur.role.id,
+      name: ur.role.name,
+      slug: ur.role.slug
+    }));
+    return {
+      id: user.id,
+      email: user.email,
+      displayName: user.displayName,
+      emailVerified: !!user.emailVerifiedAt,
+      isActive: user.isActive,
+      lockedUntil: user.lockedUntil || null,
+      lastLoginAt: user.lastLoginAt || null,
+      customerEntityId: user.customerEntityId || null,
+      personEntityId: user.personEntityId || null,
+      createdAt: user.createdAt,
+      roles
+    };
+  }));
+  const totalPages = Math.max(1, Math.ceil(total / pageSize));
+  return NextResponse.json({
+    ok: true,
+    items,
+    total,
+    totalPages,
+    page
+  });
+}
+async function POST(req) {
+  const auth = await getAuthFromRequest(req);
+  if (!auth) {
+    return NextResponse.json({ ok: false, error: "Authentication required" }, { status: 401 });
+  }
+  const container = await createRequestContainer();
+  const rbacService = container.resolve("rbacService");
+  const hasAccess = await rbacService.userHasAllFeatures(auth.sub, ["customer_accounts.manage"], { tenantId: auth.tenantId, organizationId: auth.orgId });
+  if (!hasAccess) {
+    return NextResponse.json({ ok: false, error: "Insufficient permissions" }, { status: 403 });
+  }
+  let body;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ ok: false, error: "Invalid request body" }, { status: 400 });
+  }
+  const parsed = adminCreateUserSchema.safeParse(body);
+  if (!parsed.success) {
+    return NextResponse.json({ ok: false, error: "Validation failed", details: parsed.error.flatten().fieldErrors }, { status: 400 });
+  }
+  const em = container.resolve("em");
+  const customerUserService = container.resolve("customerUserService");
+  const existing = await customerUserService.findByEmail(parsed.data.email, auth.tenantId);
+  if (existing) {
+    return NextResponse.json({ ok: false, error: "A user with this email already exists" }, { status: 409 });
+  }
+  const user = await customerUserService.createUser(
+    parsed.data.email,
+    parsed.data.password,
+    parsed.data.displayName,
+    { tenantId: auth.tenantId, organizationId: auth.orgId }
+  );
+  em.persist(user);
+  await em.flush();
+  if (parsed.data.customerEntityId) {
+    await em.nativeUpdate(CustomerUser, { id: user.id }, { customerEntityId: parsed.data.customerEntityId });
+  }
+  if (parsed.data.roleIds && parsed.data.roleIds.length > 0) {
+    const validRoles = [];
+    for (const roleId of parsed.data.roleIds) {
+      const role = await em.findOne(CustomerRole, { id: roleId, tenantId: auth.tenantId, deletedAt: null });
+      if (role) validRoles.push(role);
+    }
+    for (const role of validRoles) {
+      const userRole = em.create(CustomerUserRole, {
+        user,
+        role,
+        createdAt: /* @__PURE__ */ new Date()
+      });
+      em.persist(userRole);
+    }
+    await em.flush();
+  }
+  void emitCustomerAccountsEvent("customer_accounts.user.created", {
+    id: user.id,
+    email: user.email,
+    tenantId: auth.tenantId,
+    organizationId: auth.orgId,
+    createdBy: auth.sub
+  }).catch(() => void 0);
+  return NextResponse.json({
+    ok: true,
+    user: { id: user.id, email: user.email, displayName: user.displayName }
+  }, { status: 201 });
+}
+const roleSchema = z.object({ id: z.string().uuid(), name: z.string(), slug: z.string() });
+const userSchema = z.object({
+  id: z.string().uuid(),
+  email: z.string(),
+  displayName: z.string(),
+  emailVerified: z.boolean(),
+  isActive: z.boolean(),
+  lockedUntil: z.string().datetime().nullable(),
+  lastLoginAt: z.string().datetime().nullable(),
+  customerEntityId: z.string().uuid().nullable(),
+  personEntityId: z.string().uuid().nullable(),
+  createdAt: z.string().datetime(),
+  roles: z.array(roleSchema)
+});
+const successSchema = z.object({
+  ok: z.literal(true),
+  user: z.object({ id: z.string().uuid(), email: z.string(), displayName: z.string() })
+});
+const errorSchema = z.object({ ok: z.literal(false), error: z.string() });
+const getMethodDoc = {
+  summary: "List customer users (admin)",
+  description: "Returns a paginated list of customer users with roles. Supports filtering by status, company, role, and search.",
+  tags: ["Customer Accounts Admin"],
+  query: z.object({
+    page: z.number().int().positive().optional(),
+    pageSize: z.number().int().positive().max(100).optional(),
+    status: z.enum(["active", "inactive", "locked"]).optional(),
+    customerEntityId: z.string().uuid().optional(),
+    roleId: z.string().uuid().optional(),
+    search: z.string().optional()
+  }),
+  responses: [{
+    status: 200,
+    description: "Paginated user list",
+    schema: z.object({ ok: z.literal(true), items: z.array(userSchema), total: z.number(), totalPages: z.number(), page: z.number() })
+  }],
+  errors: [
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema }
+  ]
+};
+const postMethodDoc = {
+  summary: "Create customer user (admin)",
+  description: "Creates a new customer user directly. Staff-initiated, bypasses signup flow.",
+  tags: ["Customer Accounts Admin"],
+  requestBody: { schema: adminCreateUserSchema },
+  responses: [{ status: 201, description: "User created", schema: successSchema }],
+  errors: [
+    { status: 400, description: "Validation failed", schema: errorSchema },
+    { status: 401, description: "Not authenticated", schema: errorSchema },
+    { status: 403, description: "Insufficient permissions", schema: errorSchema },
+    { status: 409, description: "Email already exists", schema: errorSchema }
+  ]
+};
+const openApi = {
+  summary: "Customer user management (admin)",
+  methods: {
+    GET: getMethodDoc,
+    POST: postMethodDoc
+  }
+};
+export {
+  GET,
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=users.js.map