npm - @open-mercato/core - Versions diffs - 0.6.4-develop.4217.1.c9aa050183 → 0.6.4-develop.4239.1.4a264a5828 - Mend

@open-mercato/core 0.6.4-develop.4217.1.c9aa050183 → 0.6.4-develop.4239.1.4a264a5828

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (408) hide show

package/dist/modules/staff/api/timesheets/time-entries/[id]/segments/route.js ADDED Viewed

@@ -0,0 +1,180 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { resolveOrganizationScopeForRequest } from "@open-mercato/core/modules/directory/utils/organizationScope";
+import { CrudHttpError } from "@open-mercato/shared/lib/crud/errors";
+import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
+import { parseScopedCommandInput } from "@open-mercato/shared/lib/api/scoped";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { readJsonSafe } from "@open-mercato/shared/lib/http/readJsonSafe";
+import { StaffTimeEntry, StaffTimeEntrySegment } from "../../../../../data/entities.js";
+import { staffTimeEntrySegmentCreateSchema } from "../../../../../data/validators.js";
+import { getStaffMemberByUserId } from "../../../../../lib/staffMemberResolver.js";
+import {
+  resolveUserFeatures,
+  runStaffMutationGuardAfterSuccess,
+  runStaffMutationGuards
+} from "../../../../guards.js";
+function extractEntryIdFromUrl(request) {
+  if (!request?.url) return null;
+  try {
+    const url = new URL(request.url);
+    const match = url.pathname.match(/\/time-entries\/([^/]+)\/segments/);
+    return match?.[1] ?? null;
+  } catch {
+    return null;
+  }
+}
+const metadata = {
+  POST: { requireAuth: true, requireFeatures: ["staff.timesheets.manage_own"] }
+};
+async function POST(req) {
+  try {
+    const container = await createRequestContainer();
+    const auth = await getAuthFromRequest(req);
+    const { translate } = await resolveTranslations();
+    if (!auth) throw new CrudHttpError(401, { error: translate("staff.errors.unauthorized", "Unauthorized") });
+    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req });
+    const tenantId = scope?.tenantId ?? auth.tenantId ?? null;
+    const organizationId = scope?.selectedId ?? auth.orgId ?? null;
+    if (!tenantId || !organizationId) {
+      throw new CrudHttpError(400, { error: translate("staff.errors.missingScope", "Missing tenant or organization scope.") });
+    }
+    const em = container.resolve("em").fork();
+    const scopeCtx = { tenantId, organizationId };
+    const entryId = extractEntryIdFromUrl(req);
+    if (!entryId) {
+      throw new CrudHttpError(400, { error: translate("staff.timesheets.errors.missingEntryId", "Missing entry ID.") });
+    }
+    const entry = await findOneWithDecryption(
+      em,
+      StaffTimeEntry,
+      { id: entryId, tenantId, organizationId, deletedAt: null },
+      {},
+      scopeCtx
+    );
+    if (!entry) {
+      throw new CrudHttpError(404, { error: translate("staff.timesheets.errors.entryNotFound", "Time entry not found.") });
+    }
+    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId);
+    if (!staffMember || entry.staffMemberId !== staffMember.id) {
+      throw new CrudHttpError(403, { error: translate("staff.timesheets.errors.notOwner", "You can only manage your own time entries.") });
+    }
+    const body = await readJsonSafe(req, {});
+    const input = parseScopedCommandInput(
+      staffTimeEntrySegmentCreateSchema,
+      { ...body, timeEntryId: entryId },
+      {
+        container,
+        auth,
+        organizationScope: scope,
+        selectedOrganizationId: organizationId,
+        organizationIds: scope?.filterIds ?? (auth.orgId ? [auth.orgId] : null),
+        request: req
+      },
+      translate
+    );
+    const guardResult = await runStaffMutationGuards(
+      container,
+      {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry_segment",
+        resourceId: entry.id,
+        operation: "create",
+        requestMethod: req.method,
+        requestHeaders: req.headers,
+        mutationPayload: input
+      },
+      resolveUserFeatures(auth)
+    );
+    if (!guardResult.ok) {
+      return NextResponse.json(
+        guardResult.errorBody ?? { error: "Operation blocked by guard" },
+        { status: guardResult.errorStatus ?? 422 }
+      );
+    }
+    const segmentData = {
+      tenantId: input.tenantId,
+      organizationId: input.organizationId,
+      timeEntryId: input.timeEntryId,
+      startedAt: input.startedAt,
+      endedAt: input.endedAt ?? null,
+      segmentType: input.segmentType
+    };
+    const segment = em.create(StaffTimeEntrySegment, segmentData);
+    await em.flush();
+    if (guardResult.afterSuccessCallbacks.length) {
+      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry_segment",
+        resourceId: segment.id,
+        operation: "create",
+        requestMethod: req.method,
+        requestHeaders: req.headers
+      });
+    }
+    return NextResponse.json(
+      {
+        id: segment.id,
+        timeEntryId: segment.timeEntryId,
+        startedAt: segment.startedAt,
+        endedAt: segment.endedAt ?? null,
+        segmentType: segment.segmentType,
+        createdAt: segment.createdAt
+      },
+      { status: 201 }
+    );
+  } catch (err) {
+    if (err instanceof CrudHttpError) {
+      return NextResponse.json(err.body, { status: err.status });
+    }
+    const { translate } = await resolveTranslations();
+    console.error("staff.timesheets.time-entries.segments.create failed", err);
+    return NextResponse.json(
+      { error: translate("staff.timesheets.errors.segmentCreate", "Failed to create time entry segment.") },
+      { status: 400 }
+    );
+  }
+}
+const openApi = {
+  tag: "Staff",
+  summary: "Add a segment to a time entry",
+  methods: {
+    POST: {
+      summary: "Add a segment to a time entry",
+      description: "Creates a new work or break segment for the specified time entry.",
+      requestBody: {
+        contentType: "application/json",
+        schema: staffTimeEntrySegmentCreateSchema
+      },
+      responses: [
+        {
+          status: 201,
+          description: "Segment created",
+          schema: z.object({
+            id: z.string().uuid(),
+            timeEntryId: z.string().uuid(),
+            startedAt: z.string(),
+            endedAt: z.string().nullable(),
+            segmentType: z.enum(["work", "break"]),
+            createdAt: z.string()
+          })
+        },
+        { status: 404, description: "Time entry not found", schema: z.object({ error: z.string() }) },
+        { status: 400, description: "Invalid payload", schema: z.object({ error: z.string() }) },
+        { status: 401, description: "Unauthorized", schema: z.object({ error: z.string() }) }
+      ]
+    }
+  }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/staff/api/timesheets/time-entries/[id]/segments/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/staff/api/timesheets/time-entries/%5Bid%5D/segments/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { parseScopedCommandInput } from '@open-mercato/shared/lib/api/scoped'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'\nimport { staffTimeEntrySegmentCreateSchema } from '../../../../../data/validators'\nimport { getStaffMemberByUserId } from '../../../../../lib/staffMemberResolver'\nimport {\n  resolveUserFeatures,\n  runStaffMutationGuardAfterSuccess,\n  runStaffMutationGuards,\n} from '../../../../guards'\n\nfunction extractEntryIdFromUrl(request?: Request): string | null {\n  if (!request?.url) return null\n  try {\n    const url = new URL(request.url)\n    const match = url.pathname.match(/\\/time-entries\\/([^/]+)\\/segments/)\n    return match?.[1] ?? null\n  } catch {\n    return null\n  }\n}\n\nexport const metadata = {\n  POST: { requireAuth: true, requireFeatures: ['staff.timesheets.manage_own'] },\n}\n\nexport async function POST(req: Request) {\n  try {\n    const container = await createRequestContainer()\n    const auth = await getAuthFromRequest(req)\n    const { translate } = await resolveTranslations()\n    if (!auth) throw new CrudHttpError(401, { error: translate('staff.errors.unauthorized', 'Unauthorized') })\n\n    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })\n    const tenantId = scope?.tenantId ?? auth.tenantId ?? null\n    const organizationId = scope?.selectedId ?? auth.orgId ?? null\n    if (!tenantId || !organizationId) {\n      throw new CrudHttpError(400, { error: translate('staff.errors.missingScope', 'Missing tenant or organization scope.') })\n    }\n\n    const em = (container.resolve('em') as EntityManager).fork()\n    const scopeCtx = { tenantId, organizationId }\n\n    const entryId = extractEntryIdFromUrl(req)\n    if (!entryId) {\n      throw new CrudHttpError(400, { error: translate('staff.timesheets.errors.missingEntryId', 'Missing entry ID.') })\n    }\n\n    const entry = await findOneWithDecryption(\n      em,\n      StaffTimeEntry,\n      { id: entryId, tenantId, organizationId, deletedAt: null },\n      {},\n      scopeCtx,\n    )\n    if (!entry) {\n      throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })\n    }\n\n    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId)\n    if (!staffMember || entry.staffMemberId !== staffMember.id) {\n      throw new CrudHttpError(403, { error: translate('staff.timesheets.errors.notOwner', 'You can only manage your own time entries.') })\n    }\n\n    const body = await readJsonSafe(req, {})\n    const input = parseScopedCommandInput(\n      staffTimeEntrySegmentCreateSchema,\n      { ...body, timeEntryId: entryId },\n      {\n        container,\n        auth,\n        organizationScope: scope,\n        selectedOrganizationId: organizationId,\n        organizationIds: scope?.filterIds ?? (auth.orgId ? [auth.orgId] : null),\n        request: req,\n      },\n      translate,\n    )\n\n    const guardResult = await runStaffMutationGuards(\n      container,\n      {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry_segment',\n        resourceId: entry.id,\n        operation: 'create',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n        mutationPayload: input as unknown as Record<string, unknown>,\n      },\n      resolveUserFeatures(auth),\n    )\n    if (!guardResult.ok) {\n      return NextResponse.json(\n        guardResult.errorBody ?? { error: 'Operation blocked by guard' },\n        { status: guardResult.errorStatus ?? 422 },\n      )\n    }\n\n    const segmentData = {\n      tenantId: input.tenantId,\n      organizationId: input.organizationId,\n      timeEntryId: input.timeEntryId,\n      startedAt: input.startedAt,\n      endedAt: input.endedAt ?? null,\n      segmentType: input.segmentType,\n    }\n    const segment = em.create(StaffTimeEntrySegment, segmentData as never)\n\n    await em.flush()\n\n    if (guardResult.afterSuccessCallbacks.length) {\n      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry_segment',\n        resourceId: segment.id,\n        operation: 'create',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n      })\n    }\n\n    return NextResponse.json(\n      {\n        id: segment.id,\n        timeEntryId: segment.timeEntryId,\n        startedAt: segment.startedAt,\n        endedAt: segment.endedAt ?? null,\n        segmentType: segment.segmentType,\n        createdAt: segment.createdAt,\n      },\n      { status: 201 },\n    )\n  } catch (err) {\n    if (err instanceof CrudHttpError) {\n      return NextResponse.json(err.body, { status: err.status })\n    }\n    const { translate } = await resolveTranslations()\n    console.error('staff.timesheets.time-entries.segments.create failed', err)\n    return NextResponse.json(\n      { error: translate('staff.timesheets.errors.segmentCreate', 'Failed to create time entry segment.') },\n      { status: 400 },\n    )\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Staff',\n  summary: 'Add a segment to a time entry',\n  methods: {\n    POST: {\n      summary: 'Add a segment to a time entry',\n      description: 'Creates a new work or break segment for the specified time entry.',\n      requestBody: {\n        contentType: 'application/json',\n        schema: staffTimeEntrySegmentCreateSchema,\n      },\n      responses: [\n        {\n          status: 201,\n          description: 'Segment created',\n          schema: z.object({\n            id: z.string().uuid(),\n            timeEntryId: z.string().uuid(),\n            startedAt: z.string(),\n            endedAt: z.string().nullable(),\n            segmentType: z.enum(['work', 'break']),\n            createdAt: z.string(),\n          }),\n        },\n        { status: 404, description: 'Time entry not found', schema: z.object({ error: z.string() }) },\n        { status: 400, description: 'Invalid payload', schema: z.object({ error: z.string() }) },\n        { status: 401, description: 'Unauthorized', schema: z.object({ error: z.string() }) },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AACnD,SAAS,qBAAqB;AAC9B,SAAS,2BAA2B;AACpC,SAAS,+BAA+B;AACxC,SAAS,6BAA6B;AACtC,SAAS,oBAAoB;AAG7B,SAAS,gBAAgB,6BAA6B;AACtD,SAAS,yCAAyC;AAClD,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,sBAAsB,SAAkC;AAC/D,MAAI,CAAC,SAAS,IAAK,QAAO;AAC1B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,UAAM,QAAQ,IAAI,SAAS,MAAM,mCAAmC;AACpE,WAAO,QAAQ,CAAC,KAAK;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,6BAA6B,EAAE;AAC9E;AAEA,eAAsB,KAAK,KAAc;AACvC,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI,CAAC,KAAM,OAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,cAAc,EAAE,CAAC;AAEzG,UAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,SAAS,IAAI,CAAC;AACxF,UAAM,WAAW,OAAO,YAAY,KAAK,YAAY;AACrD,UAAM,iBAAiB,OAAO,cAAc,KAAK,SAAS;AAC1D,QAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,uCAAuC,EAAE,CAAC;AAAA,IACzH;AAEA,UAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,UAAM,WAAW,EAAE,UAAU,eAAe;AAE5C,UAAM,UAAU,sBAAsB,GAAG;AACzC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,0CAA0C,mBAAmB,EAAE,CAAC;AAAA,IAClH;AAEA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,SAAS,UAAU,gBAAgB,WAAW,KAAK;AAAA,MACzD,CAAC;AAAA,MACD;AAAA,IACF;AACA,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,yCAAyC,uBAAuB,EAAE,CAAC;AAAA,IACrH;AAEA,UAAM,cAAc,MAAM,uBAAuB,IAAI,KAAK,KAAK,UAAU,cAAc;AACvF,QAAI,CAAC,eAAe,MAAM,kBAAkB,YAAY,IAAI;AAC1D,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,oCAAoC,4CAA4C,EAAE,CAAC;AAAA,IACrI;AAEA,UAAM,OAAO,MAAM,aAAa,KAAK,CAAC,CAAC;AACvC,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,EAAE,GAAG,MAAM,aAAa,QAAQ;AAAA,MAChC;AAAA,QACE;AAAA,QACA;AAAA,QACA,mBAAmB;AAAA,QACnB,wBAAwB;AAAA,QACxB,iBAAiB,OAAO,cAAc,KAAK,QAAQ,CAAC,KAAK,KAAK,IAAI;AAAA,QAClE,SAAS;AAAA,MACX;AAAA,MACA;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,MAAM;AAAA,QAClB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,QACpB,iBAAiB;AAAA,MACnB;AAAA,MACA,oBAAoB,IAAI;AAAA,IAC1B;AACA,QAAI,CAAC,YAAY,IAAI;AACnB,aAAO,aAAa;AAAA,QAClB,YAAY,aAAa,EAAE,OAAO,6BAA6B;AAAA,QAC/D,EAAE,QAAQ,YAAY,eAAe,IAAI;AAAA,MAC3C;AAAA,IACF;AAEA,UAAM,cAAc;AAAA,MAClB,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,aAAa,MAAM;AAAA,MACnB,WAAW,MAAM;AAAA,MACjB,SAAS,MAAM,WAAW;AAAA,MAC1B,aAAa,MAAM;AAAA,IACrB;AACA,UAAM,UAAU,GAAG,OAAO,uBAAuB,WAAoB;AAErE,UAAM,GAAG,MAAM;AAEf,QAAI,YAAY,sBAAsB,QAAQ;AAC5C,YAAM,kCAAkC,YAAY,uBAAuB;AAAA,QACzE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,QAAQ;AAAA,QACpB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,WAAO,aAAa;AAAA,MAClB;AAAA,QACE,IAAI,QAAQ;AAAA,QACZ,aAAa,QAAQ;AAAA,QACrB,WAAW,QAAQ;AAAA,QACnB,SAAS,QAAQ,WAAW;AAAA,QAC5B,aAAa,QAAQ;AAAA,QACrB,WAAW,QAAQ;AAAA,MACrB;AAAA,MACA,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF,SAAS,KAAK;AACZ,QAAI,eAAe,eAAe;AAChC,aAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IAC3D;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,YAAQ,MAAM,wDAAwD,GAAG;AACzE,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,UAAU,yCAAyC,sCAAsC,EAAE;AAAA,MACpG,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,aAAa;AAAA,QACX,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO;AAAA,YACf,IAAI,EAAE,OAAO,EAAE,KAAK;AAAA,YACpB,aAAa,EAAE,OAAO,EAAE,KAAK;AAAA,YAC7B,WAAW,EAAE,OAAO;AAAA,YACpB,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,YAC7B,aAAa,EAAE,KAAK,CAAC,QAAQ,OAAO,CAAC;AAAA,YACrC,WAAW,EAAE,OAAO;AAAA,UACtB,CAAC;AAAA,QACH;AAAA,QACA,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QAC5F,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QACvF,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,MACtF;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/modules/staff/api/timesheets/time-entries/[id]/timer-start/route.js ADDED Viewed

@@ -0,0 +1,155 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { resolveOrganizationScopeForRequest } from "@open-mercato/core/modules/directory/utils/organizationScope";
+import { CrudHttpError } from "@open-mercato/shared/lib/crud/errors";
+import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
+import { findOneWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { StaffTimeEntry, StaffTimeEntrySegment } from "../../../../../data/entities.js";
+import { getStaffMemberByUserId } from "../../../../../lib/staffMemberResolver.js";
+import {
+  resolveUserFeatures,
+  runStaffMutationGuardAfterSuccess,
+  runStaffMutationGuards
+} from "../../../../guards.js";
+import { emitStaffEvent } from "../../../../../events.js";
+function extractEntryIdFromUrl(request) {
+  if (!request?.url) return null;
+  try {
+    const url = new URL(request.url);
+    const match = url.pathname.match(/\/time-entries\/([^/]+)\/timer-start/);
+    return match?.[1] ?? null;
+  } catch {
+    return null;
+  }
+}
+const metadata = {
+  POST: { requireAuth: true, requireFeatures: ["staff.timesheets.manage_own"] }
+};
+async function POST(req) {
+  try {
+    const container = await createRequestContainer();
+    const auth = await getAuthFromRequest(req);
+    const { translate } = await resolveTranslations();
+    if (!auth) throw new CrudHttpError(401, { error: translate("staff.errors.unauthorized", "Unauthorized") });
+    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req });
+    const tenantId = scope?.tenantId ?? auth.tenantId ?? null;
+    const organizationId = scope?.selectedId ?? auth.orgId ?? null;
+    if (!tenantId || !organizationId) {
+      throw new CrudHttpError(400, { error: translate("staff.errors.missingScope", "Missing tenant or organization scope.") });
+    }
+    const em = container.resolve("em").fork();
+    const scopeCtx = { tenantId, organizationId };
+    const entryId = extractEntryIdFromUrl(req);
+    if (!entryId) {
+      throw new CrudHttpError(400, { error: translate("staff.timesheets.errors.missingEntryId", "Missing entry ID.") });
+    }
+    const entry = await findOneWithDecryption(
+      em,
+      StaffTimeEntry,
+      { id: entryId, tenantId, organizationId, deletedAt: null },
+      {},
+      scopeCtx
+    );
+    if (!entry) {
+      throw new CrudHttpError(404, { error: translate("staff.timesheets.errors.entryNotFound", "Time entry not found.") });
+    }
+    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId);
+    if (!staffMember || entry.staffMemberId !== staffMember.id) {
+      throw new CrudHttpError(403, { error: translate("staff.timesheets.errors.notOwner", "You can only manage your own time entries.") });
+    }
+    if (entry.startedAt) {
+      return NextResponse.json(
+        { error: translate("staff.timesheets.errors.timerAlreadyStarted", "Timer is already started for this entry.") },
+        { status: 409 }
+      );
+    }
+    const guardResult = await runStaffMutationGuards(
+      container,
+      {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry",
+        resourceId: entry.id,
+        operation: "update",
+        requestMethod: req.method,
+        requestHeaders: req.headers
+      },
+      resolveUserFeatures(auth)
+    );
+    if (!guardResult.ok) {
+      return NextResponse.json(
+        guardResult.errorBody ?? { error: "Operation blocked by guard" },
+        { status: guardResult.errorStatus ?? 422 }
+      );
+    }
+    const now = /* @__PURE__ */ new Date();
+    entry.startedAt = now;
+    entry.source = "timer";
+    const segmentData = {
+      tenantId,
+      organizationId,
+      timeEntryId: entry.id,
+      startedAt: now,
+      segmentType: "work"
+    };
+    em.create(StaffTimeEntrySegment, segmentData);
+    await em.flush();
+    void emitStaffEvent("staff.timesheets.time_entry.timer_started", {
+      id: entry.id,
+      staffMemberId: entry.staffMemberId,
+      tenantId: entry.tenantId,
+      organizationId: entry.organizationId,
+      startedAt: now.toISOString()
+    }, { persistent: true }).catch((err) => {
+      console.error("[staff.timesheets] emit timer_started failed", err);
+    });
+    if (guardResult.afterSuccessCallbacks.length) {
+      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry",
+        resourceId: entry.id,
+        operation: "update",
+        requestMethod: req.method,
+        requestHeaders: req.headers
+      });
+    }
+    return NextResponse.json({ ok: true }, { status: 200 });
+  } catch (err) {
+    if (err instanceof CrudHttpError) {
+      return NextResponse.json(err.body, { status: err.status });
+    }
+    const { translate } = await resolveTranslations();
+    console.error("staff.timesheets.time-entries.timer-start failed", err);
+    return NextResponse.json(
+      { error: translate("staff.timesheets.errors.timerStart", "Failed to start timer.") },
+      { status: 400 }
+    );
+  }
+}
+const openApi = {
+  tag: "Staff",
+  summary: "Start timer for a time entry",
+  methods: {
+    POST: {
+      summary: "Start timer for a time entry",
+      description: "Starts the timer on a time entry by setting startedAt and creating an initial work segment.",
+      responses: [
+        { status: 200, description: "Timer started", schema: z.object({ ok: z.literal(true) }) },
+        { status: 404, description: "Time entry not found", schema: z.object({ error: z.string() }) },
+        { status: 409, description: "Timer already started", schema: z.object({ error: z.string() }) },
+        { status: 401, description: "Unauthorized", schema: z.object({ error: z.string() }) }
+      ]
+    }
+  }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/staff/api/timesheets/time-entries/[id]/timer-start/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/staff/api/timesheets/time-entries/%5Bid%5D/timer-start/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'\nimport { getStaffMemberByUserId } from '../../../../../lib/staffMemberResolver'\nimport {\n  resolveUserFeatures,\n  runStaffMutationGuardAfterSuccess,\n  runStaffMutationGuards,\n} from '../../../../guards'\nimport { emitStaffEvent } from '../../../../../events'\n\nfunction extractEntryIdFromUrl(request?: Request): string | null {\n  if (!request?.url) return null\n  try {\n    const url = new URL(request.url)\n    const match = url.pathname.match(/\\/time-entries\\/([^/]+)\\/timer-start/)\n    return match?.[1] ?? null\n  } catch {\n    return null\n  }\n}\n\nexport const metadata = {\n  POST: { requireAuth: true, requireFeatures: ['staff.timesheets.manage_own'] },\n}\n\nexport async function POST(req: Request) {\n  try {\n    const container = await createRequestContainer()\n    const auth = await getAuthFromRequest(req)\n    const { translate } = await resolveTranslations()\n    if (!auth) throw new CrudHttpError(401, { error: translate('staff.errors.unauthorized', 'Unauthorized') })\n\n    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })\n    const tenantId = scope?.tenantId ?? auth.tenantId ?? null\n    const organizationId = scope?.selectedId ?? auth.orgId ?? null\n    if (!tenantId || !organizationId) {\n      throw new CrudHttpError(400, { error: translate('staff.errors.missingScope', 'Missing tenant or organization scope.') })\n    }\n\n    const em = (container.resolve('em') as EntityManager).fork()\n    const scopeCtx = { tenantId, organizationId }\n\n    const entryId = extractEntryIdFromUrl(req)\n    if (!entryId) {\n      throw new CrudHttpError(400, { error: translate('staff.timesheets.errors.missingEntryId', 'Missing entry ID.') })\n    }\n\n    const entry = await findOneWithDecryption(\n      em,\n      StaffTimeEntry,\n      { id: entryId, tenantId, organizationId, deletedAt: null },\n      {},\n      scopeCtx,\n    )\n    if (!entry) {\n      throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })\n    }\n\n    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId)\n    if (!staffMember || entry.staffMemberId !== staffMember.id) {\n      throw new CrudHttpError(403, { error: translate('staff.timesheets.errors.notOwner', 'You can only manage your own time entries.') })\n    }\n\n    if (entry.startedAt) {\n      return NextResponse.json(\n        { error: translate('staff.timesheets.errors.timerAlreadyStarted', 'Timer is already started for this entry.') },\n        { status: 409 },\n      )\n    }\n\n    const guardResult = await runStaffMutationGuards(\n      container,\n      {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry',\n        resourceId: entry.id,\n        operation: 'update',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n      },\n      resolveUserFeatures(auth),\n    )\n    if (!guardResult.ok) {\n      return NextResponse.json(\n        guardResult.errorBody ?? { error: 'Operation blocked by guard' },\n        { status: guardResult.errorStatus ?? 422 },\n      )\n    }\n\n    const now = new Date()\n    entry.startedAt = now\n    entry.source = 'timer'\n\n    const segmentData = {\n      tenantId,\n      organizationId,\n      timeEntryId: entry.id,\n      startedAt: now,\n      segmentType: 'work' as const,\n    }\n    em.create(StaffTimeEntrySegment, segmentData as never)\n\n    await em.flush()\n\n    void emitStaffEvent('staff.timesheets.time_entry.timer_started', {\n      id: entry.id,\n      staffMemberId: entry.staffMemberId,\n      tenantId: entry.tenantId,\n      organizationId: entry.organizationId,\n      startedAt: now.toISOString(),\n    }, { persistent: true }).catch((err) => {\n      console.error('[staff.timesheets] emit timer_started failed', err)\n    })\n\n    if (guardResult.afterSuccessCallbacks.length) {\n      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry',\n        resourceId: entry.id,\n        operation: 'update',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n      })\n    }\n\n    return NextResponse.json({ ok: true }, { status: 200 })\n  } catch (err) {\n    if (err instanceof CrudHttpError) {\n      return NextResponse.json(err.body, { status: err.status })\n    }\n    const { translate } = await resolveTranslations()\n    console.error('staff.timesheets.time-entries.timer-start failed', err)\n    return NextResponse.json(\n      { error: translate('staff.timesheets.errors.timerStart', 'Failed to start timer.') },\n      { status: 400 },\n    )\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Staff',\n  summary: 'Start timer for a time entry',\n  methods: {\n    POST: {\n      summary: 'Start timer for a time entry',\n      description: 'Starts the timer on a time entry by setting startedAt and creating an initial work segment.',\n      responses: [\n        { status: 200, description: 'Timer started', schema: z.object({ ok: z.literal(true) }) },\n        { status: 404, description: 'Time entry not found', schema: z.object({ error: z.string() }) },\n        { status: 409, description: 'Timer already started', schema: z.object({ error: z.string() }) },\n        { status: 401, description: 'Unauthorized', schema: z.object({ error: z.string() }) },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AACnD,SAAS,qBAAqB;AAC9B,SAAS,2BAA2B;AACpC,SAAS,6BAA6B;AAGtC,SAAS,gBAAgB,6BAA6B;AACtD,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,sBAAsB;AAE/B,SAAS,sBAAsB,SAAkC;AAC/D,MAAI,CAAC,SAAS,IAAK,QAAO;AAC1B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,UAAM,QAAQ,IAAI,SAAS,MAAM,sCAAsC;AACvE,WAAO,QAAQ,CAAC,KAAK;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,6BAA6B,EAAE;AAC9E;AAEA,eAAsB,KAAK,KAAc;AACvC,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI,CAAC,KAAM,OAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,cAAc,EAAE,CAAC;AAEzG,UAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,SAAS,IAAI,CAAC;AACxF,UAAM,WAAW,OAAO,YAAY,KAAK,YAAY;AACrD,UAAM,iBAAiB,OAAO,cAAc,KAAK,SAAS;AAC1D,QAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,uCAAuC,EAAE,CAAC;AAAA,IACzH;AAEA,UAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,UAAM,WAAW,EAAE,UAAU,eAAe;AAE5C,UAAM,UAAU,sBAAsB,GAAG;AACzC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,0CAA0C,mBAAmB,EAAE,CAAC;AAAA,IAClH;AAEA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,SAAS,UAAU,gBAAgB,WAAW,KAAK;AAAA,MACzD,CAAC;AAAA,MACD;AAAA,IACF;AACA,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,yCAAyC,uBAAuB,EAAE,CAAC;AAAA,IACrH;AAEA,UAAM,cAAc,MAAM,uBAAuB,IAAI,KAAK,KAAK,UAAU,cAAc;AACvF,QAAI,CAAC,eAAe,MAAM,kBAAkB,YAAY,IAAI;AAC1D,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,oCAAoC,4CAA4C,EAAE,CAAC;AAAA,IACrI;AAEA,QAAI,MAAM,WAAW;AACnB,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,UAAU,+CAA+C,0CAA0C,EAAE;AAAA,QAC9G,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,MAAM;AAAA,QAClB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,MACtB;AAAA,MACA,oBAAoB,IAAI;AAAA,IAC1B;AACA,QAAI,CAAC,YAAY,IAAI;AACnB,aAAO,aAAa;AAAA,QAClB,YAAY,aAAa,EAAE,OAAO,6BAA6B;AAAA,QAC/D,EAAE,QAAQ,YAAY,eAAe,IAAI;AAAA,MAC3C;AAAA,IACF;AAEA,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,YAAY;AAClB,UAAM,SAAS;AAEf,UAAM,cAAc;AAAA,MAClB;AAAA,MACA;AAAA,MACA,aAAa,MAAM;AAAA,MACnB,WAAW;AAAA,MACX,aAAa;AAAA,IACf;AACA,OAAG,OAAO,uBAAuB,WAAoB;AAErD,UAAM,GAAG,MAAM;AAEf,SAAK,eAAe,6CAA6C;AAAA,MAC/D,IAAI,MAAM;AAAA,MACV,eAAe,MAAM;AAAA,MACrB,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW,IAAI,YAAY;AAAA,IAC7B,GAAG,EAAE,YAAY,KAAK,CAAC,EAAE,MAAM,CAAC,QAAQ;AACtC,cAAQ,MAAM,gDAAgD,GAAG;AAAA,IACnE,CAAC;AAED,QAAI,YAAY,sBAAsB,QAAQ;AAC5C,YAAM,kCAAkC,YAAY,uBAAuB;AAAA,QACzE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,MAAM;AAAA,QAClB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,WAAO,aAAa,KAAK,EAAE,IAAI,KAAK,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACxD,SAAS,KAAK;AACZ,QAAI,eAAe,eAAe;AAChC,aAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IAC3D;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,YAAQ,MAAM,oDAAoD,GAAG;AACrE,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,UAAU,sCAAsC,wBAAwB,EAAE;AAAA,MACnF,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iBAAiB,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,EAAE,CAAC,EAAE;AAAA,QACvF,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QAC5F,EAAE,QAAQ,KAAK,aAAa,yBAAyB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QAC7F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,MACtF;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}

package/dist/modules/staff/api/timesheets/time-entries/[id]/timer-stop/route.js ADDED Viewed

@@ -0,0 +1,173 @@
+import { NextResponse } from "next/server";
+import { z } from "zod";
+import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
+import { getAuthFromRequest } from "@open-mercato/shared/lib/auth/server";
+import { resolveOrganizationScopeForRequest } from "@open-mercato/core/modules/directory/utils/organizationScope";
+import { CrudHttpError } from "@open-mercato/shared/lib/crud/errors";
+import { resolveTranslations } from "@open-mercato/shared/lib/i18n/server";
+import { findOneWithDecryption, findWithDecryption } from "@open-mercato/shared/lib/encryption/find";
+import { StaffTimeEntry, StaffTimeEntrySegment } from "../../../../../data/entities.js";
+import { getStaffMemberByUserId } from "../../../../../lib/staffMemberResolver.js";
+import {
+  resolveUserFeatures,
+  runStaffMutationGuardAfterSuccess,
+  runStaffMutationGuards
+} from "../../../../guards.js";
+import { emitStaffEvent } from "../../../../../events.js";
+function extractEntryIdFromUrl(request) {
+  if (!request?.url) return null;
+  try {
+    const url = new URL(request.url);
+    const match = url.pathname.match(/\/time-entries\/([^/]+)\/timer-stop/);
+    return match?.[1] ?? null;
+  } catch {
+    return null;
+  }
+}
+const metadata = {
+  POST: { requireAuth: true, requireFeatures: ["staff.timesheets.manage_own"] }
+};
+async function POST(req) {
+  try {
+    const container = await createRequestContainer();
+    const auth = await getAuthFromRequest(req);
+    const { translate } = await resolveTranslations();
+    if (!auth) throw new CrudHttpError(401, { error: translate("staff.errors.unauthorized", "Unauthorized") });
+    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req });
+    const tenantId = scope?.tenantId ?? auth.tenantId ?? null;
+    const organizationId = scope?.selectedId ?? auth.orgId ?? null;
+    if (!tenantId || !organizationId) {
+      throw new CrudHttpError(400, { error: translate("staff.errors.missingScope", "Missing tenant or organization scope.") });
+    }
+    const em = container.resolve("em").fork();
+    const scopeCtx = { tenantId, organizationId };
+    const entryId = extractEntryIdFromUrl(req);
+    if (!entryId) {
+      throw new CrudHttpError(400, { error: translate("staff.timesheets.errors.missingEntryId", "Missing entry ID.") });
+    }
+    const entry = await findOneWithDecryption(
+      em,
+      StaffTimeEntry,
+      { id: entryId, tenantId, organizationId, deletedAt: null },
+      {},
+      scopeCtx
+    );
+    if (!entry) {
+      throw new CrudHttpError(404, { error: translate("staff.timesheets.errors.entryNotFound", "Time entry not found.") });
+    }
+    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId);
+    if (!staffMember || entry.staffMemberId !== staffMember.id) {
+      throw new CrudHttpError(403, { error: translate("staff.timesheets.errors.notOwner", "You can only manage your own time entries.") });
+    }
+    const segments = await findWithDecryption(
+      em,
+      StaffTimeEntrySegment,
+      { timeEntryId: entry.id, tenantId, organizationId, deletedAt: null },
+      {},
+      scopeCtx
+    );
+    const activeSegment = segments.find((segment) => !segment.endedAt);
+    if (!activeSegment) {
+      return NextResponse.json(
+        { error: translate("staff.timesheets.errors.noActiveSegment", "No active timer segment found for this entry.") },
+        { status: 409 }
+      );
+    }
+    const guardResult = await runStaffMutationGuards(
+      container,
+      {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry",
+        resourceId: entry.id,
+        operation: "update",
+        requestMethod: req.method,
+        requestHeaders: req.headers
+      },
+      resolveUserFeatures(auth)
+    );
+    if (!guardResult.ok) {
+      return NextResponse.json(
+        guardResult.errorBody ?? { error: "Operation blocked by guard" },
+        { status: guardResult.errorStatus ?? 422 }
+      );
+    }
+    const now = /* @__PURE__ */ new Date();
+    activeSegment.endedAt = now;
+    entry.endedAt = now;
+    const allSegments = segments.map((segment) => {
+      if (segment.id === activeSegment.id) {
+        return { ...segment, endedAt: now };
+      }
+      return segment;
+    });
+    const totalWorkMinutes = allSegments.filter((segment) => segment.segmentType === "work" && segment.startedAt && segment.endedAt).reduce((sum, segment) => {
+      const startMs = new Date(segment.startedAt).getTime();
+      const endMs = new Date(segment.endedAt).getTime();
+      return sum + (endMs - startMs);
+    }, 0);
+    const durationMinutes = Math.round(totalWorkMinutes / 6e4);
+    entry.durationMinutes = durationMinutes;
+    await em.flush();
+    void emitStaffEvent("staff.timesheets.time_entry.timer_stopped", {
+      id: entry.id,
+      staffMemberId: entry.staffMemberId,
+      tenantId: entry.tenantId,
+      organizationId: entry.organizationId,
+      stoppedAt: now.toISOString(),
+      durationMinutes
+    }, { persistent: true }).catch((err) => {
+      console.error("[staff.timesheets] emit timer_stopped failed", err);
+    });
+    if (guardResult.afterSuccessCallbacks.length) {
+      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {
+        tenantId,
+        organizationId,
+        userId: auth.sub ?? "",
+        resourceKind: "staff.timesheets.time_entry",
+        resourceId: entry.id,
+        operation: "update",
+        requestMethod: req.method,
+        requestHeaders: req.headers
+      });
+    }
+    return NextResponse.json({ ok: true, durationMinutes }, { status: 200 });
+  } catch (err) {
+    if (err instanceof CrudHttpError) {
+      return NextResponse.json(err.body, { status: err.status });
+    }
+    const { translate } = await resolveTranslations();
+    console.error("staff.timesheets.time-entries.timer-stop failed", err);
+    return NextResponse.json(
+      { error: translate("staff.timesheets.errors.timerStop", "Failed to stop timer.") },
+      { status: 400 }
+    );
+  }
+}
+const openApi = {
+  tag: "Staff",
+  summary: "Stop timer for a time entry",
+  methods: {
+    POST: {
+      summary: "Stop timer for a time entry",
+      description: "Stops the active timer segment, recalculates total work duration in minutes, and updates the time entry.",
+      responses: [
+        {
+          status: 200,
+          description: "Timer stopped",
+          schema: z.object({ ok: z.literal(true), durationMinutes: z.number() })
+        },
+        { status: 404, description: "Time entry not found", schema: z.object({ error: z.string() }) },
+        { status: 409, description: "No active timer segment", schema: z.object({ error: z.string() }) },
+        { status: 401, description: "Unauthorized", schema: z.object({ error: z.string() }) }
+      ]
+    }
+  }
+};
+export {
+  POST,
+  metadata,
+  openApi
+};
+//# sourceMappingURL=route.js.map

package/dist/modules/staff/api/timesheets/time-entries/[id]/timer-stop/route.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../../../src/modules/staff/api/timesheets/time-entries/%5Bid%5D/timer-stop/route.ts"],
+  "sourcesContent": ["import { NextResponse } from 'next/server'\nimport { z } from 'zod'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'\nimport { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'\nimport { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'\nimport { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'\nimport { getStaffMemberByUserId } from '../../../../../lib/staffMemberResolver'\nimport {\n  resolveUserFeatures,\n  runStaffMutationGuardAfterSuccess,\n  runStaffMutationGuards,\n} from '../../../../guards'\nimport { emitStaffEvent } from '../../../../../events'\n\nfunction extractEntryIdFromUrl(request?: Request): string | null {\n  if (!request?.url) return null\n  try {\n    const url = new URL(request.url)\n    const match = url.pathname.match(/\\/time-entries\\/([^/]+)\\/timer-stop/)\n    return match?.[1] ?? null\n  } catch {\n    return null\n  }\n}\n\nexport const metadata = {\n  POST: { requireAuth: true, requireFeatures: ['staff.timesheets.manage_own'] },\n}\n\nexport async function POST(req: Request) {\n  try {\n    const container = await createRequestContainer()\n    const auth = await getAuthFromRequest(req)\n    const { translate } = await resolveTranslations()\n    if (!auth) throw new CrudHttpError(401, { error: translate('staff.errors.unauthorized', 'Unauthorized') })\n\n    const scope = await resolveOrganizationScopeForRequest({ container, auth, request: req })\n    const tenantId = scope?.tenantId ?? auth.tenantId ?? null\n    const organizationId = scope?.selectedId ?? auth.orgId ?? null\n    if (!tenantId || !organizationId) {\n      throw new CrudHttpError(400, { error: translate('staff.errors.missingScope', 'Missing tenant or organization scope.') })\n    }\n\n    const em = (container.resolve('em') as EntityManager).fork()\n    const scopeCtx = { tenantId, organizationId }\n\n    const entryId = extractEntryIdFromUrl(req)\n    if (!entryId) {\n      throw new CrudHttpError(400, { error: translate('staff.timesheets.errors.missingEntryId', 'Missing entry ID.') })\n    }\n\n    const entry = await findOneWithDecryption(\n      em,\n      StaffTimeEntry,\n      { id: entryId, tenantId, organizationId, deletedAt: null },\n      {},\n      scopeCtx,\n    )\n    if (!entry) {\n      throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })\n    }\n\n    const staffMember = await getStaffMemberByUserId(em, auth.sub, tenantId, organizationId)\n    if (!staffMember || entry.staffMemberId !== staffMember.id) {\n      throw new CrudHttpError(403, { error: translate('staff.timesheets.errors.notOwner', 'You can only manage your own time entries.') })\n    }\n\n    const segments = await findWithDecryption(\n      em,\n      StaffTimeEntrySegment,\n      { timeEntryId: entry.id, tenantId, organizationId, deletedAt: null },\n      {},\n      scopeCtx,\n    )\n\n    const activeSegment = segments.find((segment) => !segment.endedAt)\n    if (!activeSegment) {\n      return NextResponse.json(\n        { error: translate('staff.timesheets.errors.noActiveSegment', 'No active timer segment found for this entry.') },\n        { status: 409 },\n      )\n    }\n\n    const guardResult = await runStaffMutationGuards(\n      container,\n      {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry',\n        resourceId: entry.id,\n        operation: 'update',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n      },\n      resolveUserFeatures(auth),\n    )\n    if (!guardResult.ok) {\n      return NextResponse.json(\n        guardResult.errorBody ?? { error: 'Operation blocked by guard' },\n        { status: guardResult.errorStatus ?? 422 },\n      )\n    }\n\n    const now = new Date()\n    activeSegment.endedAt = now\n    entry.endedAt = now\n\n    const allSegments = segments.map((segment) => {\n      if (segment.id === activeSegment.id) {\n        return { ...segment, endedAt: now }\n      }\n      return segment\n    })\n\n    const totalWorkMinutes = allSegments\n      .filter((segment) => segment.segmentType === 'work' && segment.startedAt && segment.endedAt)\n      .reduce((sum, segment) => {\n        const startMs = new Date(segment.startedAt).getTime()\n        const endMs = new Date(segment.endedAt!).getTime()\n        return sum + (endMs - startMs)\n      }, 0)\n\n    const durationMinutes = Math.round(totalWorkMinutes / 60000)\n    entry.durationMinutes = durationMinutes\n\n    await em.flush()\n\n    void emitStaffEvent('staff.timesheets.time_entry.timer_stopped', {\n      id: entry.id,\n      staffMemberId: entry.staffMemberId,\n      tenantId: entry.tenantId,\n      organizationId: entry.organizationId,\n      stoppedAt: now.toISOString(),\n      durationMinutes,\n    }, { persistent: true }).catch((err) => {\n      console.error('[staff.timesheets] emit timer_stopped failed', err)\n    })\n\n    if (guardResult.afterSuccessCallbacks.length) {\n      await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {\n        tenantId,\n        organizationId,\n        userId: auth.sub ?? '',\n        resourceKind: 'staff.timesheets.time_entry',\n        resourceId: entry.id,\n        operation: 'update',\n        requestMethod: req.method,\n        requestHeaders: req.headers,\n      })\n    }\n\n    return NextResponse.json({ ok: true, durationMinutes }, { status: 200 })\n  } catch (err) {\n    if (err instanceof CrudHttpError) {\n      return NextResponse.json(err.body, { status: err.status })\n    }\n    const { translate } = await resolveTranslations()\n    console.error('staff.timesheets.time-entries.timer-stop failed', err)\n    return NextResponse.json(\n      { error: translate('staff.timesheets.errors.timerStop', 'Failed to stop timer.') },\n      { status: 400 },\n    )\n  }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n  tag: 'Staff',\n  summary: 'Stop timer for a time entry',\n  methods: {\n    POST: {\n      summary: 'Stop timer for a time entry',\n      description: 'Stops the active timer segment, recalculates total work duration in minutes, and updates the time entry.',\n      responses: [\n        {\n          status: 200,\n          description: 'Timer stopped',\n          schema: z.object({ ok: z.literal(true), durationMinutes: z.number() }),\n        },\n        { status: 404, description: 'Time entry not found', schema: z.object({ error: z.string() }) },\n        { status: 409, description: 'No active timer segment', schema: z.object({ error: z.string() }) },\n        { status: 401, description: 'Unauthorized', schema: z.object({ error: z.string() }) },\n      ],\n    },\n  },\n}\n"],
+  "mappings": "AAAA,SAAS,oBAAoB;AAC7B,SAAS,SAAS;AAClB,SAAS,8BAA8B;AACvC,SAAS,0BAA0B;AACnC,SAAS,0CAA0C;AACnD,SAAS,qBAAqB;AAC9B,SAAS,2BAA2B;AACpC,SAAS,uBAAuB,0BAA0B;AAG1D,SAAS,gBAAgB,6BAA6B;AACtD,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,sBAAsB;AAE/B,SAAS,sBAAsB,SAAkC;AAC/D,MAAI,CAAC,SAAS,IAAK,QAAO;AAC1B,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,UAAM,QAAQ,IAAI,SAAS,MAAM,qCAAqC;AACtE,WAAO,QAAQ,CAAC,KAAK;AAAA,EACvB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,6BAA6B,EAAE;AAC9E;AAEA,eAAsB,KAAK,KAAc;AACvC,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,QAAI,CAAC,KAAM,OAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,cAAc,EAAE,CAAC;AAEzG,UAAM,QAAQ,MAAM,mCAAmC,EAAE,WAAW,MAAM,SAAS,IAAI,CAAC;AACxF,UAAM,WAAW,OAAO,YAAY,KAAK,YAAY;AACrD,UAAM,iBAAiB,OAAO,cAAc,KAAK,SAAS;AAC1D,QAAI,CAAC,YAAY,CAAC,gBAAgB;AAChC,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,6BAA6B,uCAAuC,EAAE,CAAC;AAAA,IACzH;AAEA,UAAM,KAAM,UAAU,QAAQ,IAAI,EAAoB,KAAK;AAC3D,UAAM,WAAW,EAAE,UAAU,eAAe;AAE5C,UAAM,UAAU,sBAAsB,GAAG;AACzC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,0CAA0C,mBAAmB,EAAE,CAAC;AAAA,IAClH;AAEA,UAAM,QAAQ,MAAM;AAAA,MAClB;AAAA,MACA;AAAA,MACA,EAAE,IAAI,SAAS,UAAU,gBAAgB,WAAW,KAAK;AAAA,MACzD,CAAC;AAAA,MACD;AAAA,IACF;AACA,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,yCAAyC,uBAAuB,EAAE,CAAC;AAAA,IACrH;AAEA,UAAM,cAAc,MAAM,uBAAuB,IAAI,KAAK,KAAK,UAAU,cAAc;AACvF,QAAI,CAAC,eAAe,MAAM,kBAAkB,YAAY,IAAI;AAC1D,YAAM,IAAI,cAAc,KAAK,EAAE,OAAO,UAAU,oCAAoC,4CAA4C,EAAE,CAAC;AAAA,IACrI;AAEA,UAAM,WAAW,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,MACA,EAAE,aAAa,MAAM,IAAI,UAAU,gBAAgB,WAAW,KAAK;AAAA,MACnE,CAAC;AAAA,MACD;AAAA,IACF;AAEA,UAAM,gBAAgB,SAAS,KAAK,CAAC,YAAY,CAAC,QAAQ,OAAO;AACjE,QAAI,CAAC,eAAe;AAClB,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,UAAU,2CAA2C,+CAA+C,EAAE;AAAA,QAC/G,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AAAA,MACxB;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,MAAM;AAAA,QAClB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,MACtB;AAAA,MACA,oBAAoB,IAAI;AAAA,IAC1B;AACA,QAAI,CAAC,YAAY,IAAI;AACnB,aAAO,aAAa;AAAA,QAClB,YAAY,aAAa,EAAE,OAAO,6BAA6B;AAAA,QAC/D,EAAE,QAAQ,YAAY,eAAe,IAAI;AAAA,MAC3C;AAAA,IACF;AAEA,UAAM,MAAM,oBAAI,KAAK;AACrB,kBAAc,UAAU;AACxB,UAAM,UAAU;AAEhB,UAAM,cAAc,SAAS,IAAI,CAAC,YAAY;AAC5C,UAAI,QAAQ,OAAO,cAAc,IAAI;AACnC,eAAO,EAAE,GAAG,SAAS,SAAS,IAAI;AAAA,MACpC;AACA,aAAO;AAAA,IACT,CAAC;AAED,UAAM,mBAAmB,YACtB,OAAO,CAAC,YAAY,QAAQ,gBAAgB,UAAU,QAAQ,aAAa,QAAQ,OAAO,EAC1F,OAAO,CAAC,KAAK,YAAY;AACxB,YAAM,UAAU,IAAI,KAAK,QAAQ,SAAS,EAAE,QAAQ;AACpD,YAAM,QAAQ,IAAI,KAAK,QAAQ,OAAQ,EAAE,QAAQ;AACjD,aAAO,OAAO,QAAQ;AAAA,IACxB,GAAG,CAAC;AAEN,UAAM,kBAAkB,KAAK,MAAM,mBAAmB,GAAK;AAC3D,UAAM,kBAAkB;AAExB,UAAM,GAAG,MAAM;AAEf,SAAK,eAAe,6CAA6C;AAAA,MAC/D,IAAI,MAAM;AAAA,MACV,eAAe,MAAM;AAAA,MACrB,UAAU,MAAM;AAAA,MAChB,gBAAgB,MAAM;AAAA,MACtB,WAAW,IAAI,YAAY;AAAA,MAC3B;AAAA,IACF,GAAG,EAAE,YAAY,KAAK,CAAC,EAAE,MAAM,CAAC,QAAQ;AACtC,cAAQ,MAAM,gDAAgD,GAAG;AAAA,IACnE,CAAC;AAED,QAAI,YAAY,sBAAsB,QAAQ;AAC5C,YAAM,kCAAkC,YAAY,uBAAuB;AAAA,QACzE;AAAA,QACA;AAAA,QACA,QAAQ,KAAK,OAAO;AAAA,QACpB,cAAc;AAAA,QACd,YAAY,MAAM;AAAA,QAClB,WAAW;AAAA,QACX,eAAe,IAAI;AAAA,QACnB,gBAAgB,IAAI;AAAA,MACtB,CAAC;AAAA,IACH;AAEA,WAAO,aAAa,KAAK,EAAE,IAAI,MAAM,gBAAgB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzE,SAAS,KAAK;AACZ,QAAI,eAAe,eAAe;AAChC,aAAO,aAAa,KAAK,IAAI,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC;AAAA,IAC3D;AACA,UAAM,EAAE,UAAU,IAAI,MAAM,oBAAoB;AAChD,YAAQ,MAAM,mDAAmD,GAAG;AACpE,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,UAAU,qCAAqC,uBAAuB,EAAE;AAAA,MACjF,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,IAAI,GAAG,iBAAiB,EAAE,OAAO,EAAE,CAAC;AAAA,QACvE;AAAA,QACA,EAAE,QAAQ,KAAK,aAAa,wBAAwB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QAC5F,EAAE,QAAQ,KAAK,aAAa,2BAA2B,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,QAC/F,EAAE,QAAQ,KAAK,aAAa,gBAAgB,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE;AAAA,MACtF;AAAA,IACF;AAAA,EACF;AACF;",
+  "names": []
+}