@open-mercato/core 0.6.4-develop.4326.1.9a8cfb5ccb → 0.6.4-develop.4339.1.fad812f76f

package/src/modules/staff/api/timesheets/time-entries/[id]/segments/[segmentId]/route.ts

@@ -6,7 +6,9 @@ import { createRequestContainer } from '@open-mercato/shared/lib/di/container'
 import { resolveOrganizationScopeForRequest } from '@open-mercato/core/modules/directory/utils/organizationScope'
 import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'
+import { CrudHttpError, isCrudHttpError } from '@open-mercato/shared/lib/crud/errors'
 import type { EntityManager } from '@mikro-orm/postgresql'
+import { LockMode } from '@mikro-orm/core'
 import { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../../data/entities'
 import { staffTimeEntrySegmentUpdateSchema } from '../../../../../../data/validators'
 import { getStaffMemberByUserId } from '../../../../../../lib/staffMemberResolver'
@@ -110,25 +112,62 @@ export async function PATCH(req: Request) {
     )
   }
 
-  if (parsed.data.startedAt !== undefined) {
-    segment.startedAt = parsed.data.startedAt
-  }
-  if (parsed.data.endedAt !== undefined) {
-    segment.endedAt = parsed.data.endedAt ?? null
-  }
-  if (parsed.data.segmentType !== undefined) {
-    segment.segmentType = parsed.data.segmentType
+  // Apply the segment edit inside a single transaction with a PESSIMISTIC_WRITE
+  // lock on the parent time entry row, re-loading the segment under the lock so
+  // concurrent segment edits / timer-stop recomputes on the same entry serialize
+  // instead of racing on a shared in-memory snapshot (issue #2416).
+  let updatedSegment: StaffTimeEntrySegment
+  try {
+    updatedSegment = await em.transactional(async (trx) => {
+      const lockedEntry = await findOneWithDecryption(
+        trx,
+        StaffTimeEntry,
+        { id: ids.entryId, tenantId, organizationId, deletedAt: null },
+        { lockMode: LockMode.PESSIMISTIC_WRITE },
+        scopeCtx,
+      )
+      if (!lockedEntry) {
+        throw new CrudHttpError(404, { error: 'Time entry not found' })
+      }
+
+      const lockedSegment = await findOneWithDecryption(
+        trx,
+        StaffTimeEntrySegment,
+        { id: ids.segmentId, timeEntryId: ids.entryId, tenantId, organizationId, deletedAt: null },
+        {},
+        scopeCtx,
+      )
+      if (!lockedSegment) {
+        throw new CrudHttpError(404, { error: 'Segment not found' })
+      }
+
+      if (parsed.data.startedAt !== undefined) {
+        lockedSegment.startedAt = parsed.data.startedAt
+      }
+      if (parsed.data.endedAt !== undefined) {
+        lockedSegment.endedAt = parsed.data.endedAt ?? null
+      }
+      if (parsed.data.segmentType !== undefined) {
+        lockedSegment.segmentType = parsed.data.segmentType
+      }
+
+      await trx.flush()
+      return lockedSegment
+    })
+  } catch (err) {
+    if (isCrudHttpError(err)) {
+      return NextResponse.json(err.body, { status: err.status })
+    }
+    throw err
   }
 
-  await em.flush()
-
   if (guardResult.afterSuccessCallbacks.length) {
     await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {
       tenantId,
       organizationId,
       userId: auth.sub ?? '',
       resourceKind: 'staff.timesheets.time_entry_segment',
-      resourceId: segment.id,
+      resourceId: updatedSegment.id,
       operation: 'update',
       requestMethod: req.method,
       requestHeaders: req.headers,
@@ -138,13 +177,13 @@ export async function PATCH(req: Request) {
   return NextResponse.json({
     ok: true,
     item: {
-      id: segment.id,
-      timeEntryId: segment.timeEntryId,
-      startedAt: segment.startedAt,
-      endedAt: segment.endedAt,
-      segmentType: segment.segmentType,
-      createdAt: segment.createdAt,
-      updatedAt: segment.updatedAt,
+      id: updatedSegment.id,
+      timeEntryId: updatedSegment.timeEntryId,
+      startedAt: updatedSegment.startedAt,
+      endedAt: updatedSegment.endedAt,
+      segmentType: updatedSegment.segmentType,
+      createdAt: updatedSegment.createdAt,
+      updatedAt: updatedSegment.updatedAt,
     },
   })
 }

package/src/modules/staff/api/timesheets/time-entries/[id]/segments/route.ts

@@ -9,6 +9,7 @@ import { parseScopedCommandInput } from '@open-mercato/shared/lib/api/scoped'
 import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import { readJsonSafe } from '@open-mercato/shared/lib/http/readJsonSafe'
 import type { EntityManager } from '@mikro-orm/postgresql'
+import { LockMode } from '@mikro-orm/core'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'
 import { staffTimeEntrySegmentCreateSchema } from '../../../../../data/validators'
@@ -109,17 +110,35 @@ export async function POST(req: Request) {
       )
     }
 
-    const segmentData = {
-      tenantId: input.tenantId,
-      organizationId: input.organizationId,
-      timeEntryId: input.timeEntryId,
-      startedAt: input.startedAt,
-      endedAt: input.endedAt ?? null,
-      segmentType: input.segmentType,
-    }
-    const segment = em.create(StaffTimeEntrySegment, segmentData as never)
+    // Create the segment inside a single transaction with a PESSIMISTIC_WRITE
+    // lock on the parent time entry row, so segment writes serialize against
+    // concurrent timer-stop / segment mutations that recompute the entry from a
+    // shared snapshot (issue #2416).
+    const segment = await em.transactional(async (trx) => {
+      const lockedEntry = await findOneWithDecryption(
+        trx,
+        StaffTimeEntry,
+        { id: entryId, tenantId, organizationId, deletedAt: null },
+        { lockMode: LockMode.PESSIMISTIC_WRITE },
+        scopeCtx,
+      )
+      if (!lockedEntry) {
+        throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })
+      }
+
+      const segmentData = {
+        tenantId: input.tenantId,
+        organizationId: input.organizationId,
+        timeEntryId: input.timeEntryId,
+        startedAt: input.startedAt,
+        endedAt: input.endedAt ?? null,
+        segmentType: input.segmentType,
+      }
+      const created = trx.create(StaffTimeEntrySegment, segmentData as never)
 
-    await em.flush()
+      await trx.flush()
+      return created
+    })
 
     if (guardResult.afterSuccessCallbacks.length) {
       await runStaffMutationGuardAfterSuccess(guardResult.afterSuccessCallbacks, {

package/src/modules/staff/api/timesheets/time-entries/[id]/timer-start/route.ts

@@ -7,6 +7,7 @@ import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
 import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
 import { findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import type { EntityManager } from '@mikro-orm/postgresql'
+import { LockMode } from '@mikro-orm/core'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'
 import { getStaffMemberByUserId } from '../../../../../lib/staffMemberResolver'
@@ -98,20 +99,43 @@ export async function POST(req: Request) {
       )
     }
 
-    const now = new Date()
-    entry.startedAt = now
-    entry.source = 'timer'
-
-    const segmentData = {
-      tenantId,
-      organizationId,
-      timeEntryId: entry.id,
-      startedAt: now,
-      segmentType: 'work' as const,
-    }
-    em.create(StaffTimeEntrySegment, segmentData as never)
-
-    await em.flush()
+    // Start the timer inside a single transaction with a PESSIMISTIC_WRITE lock
+    // on the time entry row, re-checking startedAt under the lock so two
+    // concurrent timer-start calls on the same entry cannot both create an
+    // initial work segment (issue #2416).
+    const now = await em.transactional(async (trx) => {
+      const lockedEntry = await findOneWithDecryption(
+        trx,
+        StaffTimeEntry,
+        { id: entryId, tenantId, organizationId, deletedAt: null },
+        { lockMode: LockMode.PESSIMISTIC_WRITE },
+        scopeCtx,
+      )
+      if (!lockedEntry) {
+        throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })
+      }
+      if (lockedEntry.startedAt) {
+        throw new CrudHttpError(409, {
+          error: translate('staff.timesheets.errors.timerAlreadyStarted', 'Timer is already started for this entry.'),
+        })
+      }
+
+      const startedAt = new Date()
+      lockedEntry.startedAt = startedAt
+      lockedEntry.source = 'timer'
+
+      const segmentData = {
+        tenantId,
+        organizationId,
+        timeEntryId: lockedEntry.id,
+        startedAt,
+        segmentType: 'work' as const,
+      }
+      trx.create(StaffTimeEntrySegment, segmentData as never)
+
+      await trx.flush()
+      return startedAt
+    })
 
     void emitStaffEvent('staff.timesheets.time_entry.timer_started', {
       id: entry.id,

package/src/modules/staff/api/timesheets/time-entries/[id]/timer-stop/route.ts

@@ -7,6 +7,7 @@ import { CrudHttpError } from '@open-mercato/shared/lib/crud/errors'
 import { resolveTranslations } from '@open-mercato/shared/lib/i18n/server'
 import { findOneWithDecryption, findWithDecryption } from '@open-mercato/shared/lib/encryption/find'
 import type { EntityManager } from '@mikro-orm/postgresql'
+import { LockMode } from '@mikro-orm/core'
 import type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'
 import { StaffTimeEntry, StaffTimeEntrySegment } from '../../../../../data/entities'
 import { getStaffMemberByUserId } from '../../../../../lib/staffMemberResolver'
@@ -70,22 +71,6 @@ export async function POST(req: Request) {
       throw new CrudHttpError(403, { error: translate('staff.timesheets.errors.notOwner', 'You can only manage your own time entries.') })
     }
 
-    const segments = await findWithDecryption(
-      em,
-      StaffTimeEntrySegment,
-      { timeEntryId: entry.id, tenantId, organizationId, deletedAt: null },
-      {},
-      scopeCtx,
-    )
-
-    const activeSegment = segments.find((segment) => !segment.endedAt)
-    if (!activeSegment) {
-      return NextResponse.json(
-        { error: translate('staff.timesheets.errors.noActiveSegment', 'No active timer segment found for this entry.') },
-        { status: 409 },
-      )
-    }
-
     const guardResult = await runStaffMutationGuards(
       container,
       {
@@ -107,29 +92,62 @@ export async function POST(req: Request) {
       )
     }
 
-    const now = new Date()
-    activeSegment.endedAt = now
-    entry.endedAt = now
+    // Recompute and persist the timer state inside a single transaction with a
+    // PESSIMISTIC_WRITE lock on the time entry row, so concurrent timer-stop /
+    // segment writes on the same entry serialize instead of racing on a shared
+    // in-memory snapshot (issue #2416).
+    const { now, durationMinutes } = await em.transactional(async (trx) => {
+      const lockedEntry = await findOneWithDecryption(
+        trx,
+        StaffTimeEntry,
+        { id: entryId, tenantId, organizationId, deletedAt: null },
+        { lockMode: LockMode.PESSIMISTIC_WRITE },
+        scopeCtx,
+      )
+      if (!lockedEntry) {
+        throw new CrudHttpError(404, { error: translate('staff.timesheets.errors.entryNotFound', 'Time entry not found.') })
+      }
 
-    const allSegments = segments.map((segment) => {
-      if (segment.id === activeSegment.id) {
-        return { ...segment, endedAt: now }
+      const segments = await findWithDecryption(
+        trx,
+        StaffTimeEntrySegment,
+        { timeEntryId: lockedEntry.id, tenantId, organizationId, deletedAt: null },
+        {},
+        scopeCtx,
+      )
+
+      const activeSegment = segments.find((segment) => !segment.endedAt)
+      if (!activeSegment) {
+        throw new CrudHttpError(409, {
+          error: translate('staff.timesheets.errors.noActiveSegment', 'No active timer segment found for this entry.'),
+        })
       }
-      return segment
-    })
 
-    const totalWorkMinutes = allSegments
-      .filter((segment) => segment.segmentType === 'work' && segment.startedAt && segment.endedAt)
-      .reduce((sum, segment) => {
-        const startMs = new Date(segment.startedAt).getTime()
-        const endMs = new Date(segment.endedAt!).getTime()
-        return sum + (endMs - startMs)
-      }, 0)
+      const stoppedAt = new Date()
+      activeSegment.endedAt = stoppedAt
+      lockedEntry.endedAt = stoppedAt
 
-    const durationMinutes = Math.round(totalWorkMinutes / 60000)
-    entry.durationMinutes = durationMinutes
+      const allSegments = segments.map((segment) => {
+        if (segment.id === activeSegment.id) {
+          return { ...segment, endedAt: stoppedAt }
+        }
+        return segment
+      })
+
+      const totalWorkMinutes = allSegments
+        .filter((segment) => segment.segmentType === 'work' && segment.startedAt && segment.endedAt)
+        .reduce((sum, segment) => {
+          const startMs = new Date(segment.startedAt).getTime()
+          const endMs = new Date(segment.endedAt!).getTime()
+          return sum + (endMs - startMs)
+        }, 0)
 
-    await em.flush()
+      const computedMinutes = Math.round(totalWorkMinutes / 60000)
+      lockedEntry.durationMinutes = computedMinutes
+
+      await trx.flush()
+      return { now: stoppedAt, durationMinutes: computedMinutes }
+    })
 
     void emitStaffEvent('staff.timesheets.time_entry.timer_stopped', {
       id: entry.id,