@rpcbase/server 0.538.0 → 0.540.0

package/dist/handler-0rPClEv4.js

@@ -0,0 +1,663 @@
+import { models } from "@rpcbase/db";
+import { buildAbilityFromSession, getAccessibleByQuery } from "@rpcbase/db/acl";
+import { createNotification, sendNotificationsDigestForUser } from "./notifications.js";
+import { o as object, b as boolean, n as number, a as array, s as string, r as record, _ as _enum, u as unknown } from "./schemas-Cjdjgehl.js";
+const getSessionUser = (ctx) => {
+  const rawSessionUser = ctx.req.session?.user;
+  const userId = typeof rawSessionUser?.id === "string" ? rawSessionUser.id.trim() : "";
+  const tenantId = typeof rawSessionUser?.currentTenantId === "string" ? rawSessionUser.currentTenantId.trim() : "";
+  if (!userId) {
+    ctx.res.status(401);
+    return null;
+  }
+  if (!tenantId) {
+    ctx.res.status(400);
+    return null;
+  }
+  return {
+    userId,
+    tenantId
+  };
+};
+const ListRoute = "/api/rb/notifications";
+const CreateRoute = "/api/rb/notifications/create";
+const MarkReadRoute = "/api/rb/notifications/:notificationId/read";
+const ArchiveRoute = "/api/rb/notifications/:notificationId/archive";
+const MarkAllReadRoute = "/api/rb/notifications/mark-all-read";
+const SettingsRoute = "/api/rb/notifications/settings";
+const DigestRunRoute = "/api/rb/notifications/digest/run";
+const listRequestSchema = object({
+  includeArchived: boolean().optional(),
+  unreadOnly: boolean().optional(),
+  limit: number().int().min(1).max(200).optional(),
+  markSeen: boolean().optional()
+});
+const createRequestSchema = object({
+  topic: string().trim().min(1).optional(),
+  title: string().trim().min(1),
+  body: string().trim().optional(),
+  url: string().trim().optional(),
+  metadata: record(string(), unknown()).optional()
+});
+const notificationSchema = object({
+  id: string(),
+  topic: string().optional(),
+  title: string(),
+  body: string().optional(),
+  url: string().optional(),
+  createdAt: string(),
+  seenAt: string().optional(),
+  readAt: string().optional(),
+  archivedAt: string().optional(),
+  metadata: record(string(), unknown()).optional()
+});
+const listResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  notifications: array(notificationSchema).optional(),
+  unreadCount: number().int().min(0).optional(),
+  unseenCount: number().int().min(0).optional()
+});
+const createResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  id: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+const digestFrequencySchema = _enum(["off", "daily", "weekly"]);
+const topicPreferenceSchema = object({
+  topic: string(),
+  inApp: boolean(),
+  emailDigest: boolean(),
+  push: boolean()
+});
+const settingsSchema = object({
+  digestFrequency: digestFrequencySchema,
+  topicPreferences: array(topicPreferenceSchema),
+  lastDigestSentAt: string().optional()
+});
+const settingsResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  settings: settingsSchema.optional()
+});
+const updateSettingsRequestSchema = object({
+  digestFrequency: digestFrequencySchema.optional(),
+  topicPreferences: array(topicPreferenceSchema).optional()
+});
+const updateSettingsResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  settings: settingsSchema.optional()
+});
+const digestRunRequestSchema = object({
+  force: boolean().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional(),
+  sent: boolean().optional(),
+  skippedReason: string().optional()
+});
+const toIso = (value) => value instanceof Date ? value.toISOString() : void 0;
+const buildDisabledTopics = (settings, key) => {
+  const raw = settings?.topicPreferences;
+  if (!Array.isArray(raw) || raw.length === 0) return [];
+  return raw.map((pref) => {
+    if (!pref || typeof pref !== "object") return null;
+    const topic = typeof pref.topic === "string" ? pref.topic.trim() : "";
+    if (!topic) return null;
+    const enabled = pref[key] === true;
+    return enabled ? null : topic;
+  }).filter((topic) => Boolean(topic));
+};
+const listNotifications = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("read", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const parsed = listRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_payload"
+    };
+  }
+  const {
+    userId
+  } = session;
+  const includeArchived = parsed.data.includeArchived === true;
+  const unreadOnly = parsed.data.unreadOnly === true;
+  const limit = parsed.data.limit ?? 50;
+  const markSeen = parsed.data.markSeen === true;
+  const SettingsModel = await models.get("RBNotificationSettings", {
+    req: ctx.req,
+    ability
+  });
+  const settings = await SettingsModel.findOne({
+    userId
+  }).lean();
+  const disabledTopics = buildDisabledTopics(settings, "inApp");
+  const NotificationModel = await models.get("RBNotification", {
+    req: ctx.req,
+    ability
+  });
+  const queryFilters = [{
+    userId
+  }, getAccessibleByQuery(ability, "read", "RBNotification")];
+  if (!includeArchived) queryFilters.push({
+    archivedAt: {
+      $exists: false
+    }
+  });
+  if (unreadOnly) queryFilters.push({
+    readAt: {
+      $exists: false
+    }
+  });
+  if (disabledTopics.length > 0) queryFilters.push({
+    topic: {
+      $nin: disabledTopics
+    }
+  });
+  const query = {
+    $and: queryFilters
+  };
+  const notifications = await NotificationModel.find(query).sort({
+    createdAt: -1
+  }).limit(limit).lean();
+  const unseenQueryFilters = [{
+    userId
+  }, {
+    archivedAt: {
+      $exists: false
+    }
+  }, {
+    seenAt: {
+      $exists: false
+    }
+  }, getAccessibleByQuery(ability, "read", "RBNotification")];
+  if (disabledTopics.length > 0) unseenQueryFilters.push({
+    topic: {
+      $nin: disabledTopics
+    }
+  });
+  const unseenQuery = {
+    $and: unseenQueryFilters
+  };
+  const unreadQueryFilters = [{
+    userId
+  }, {
+    archivedAt: {
+      $exists: false
+    }
+  }, {
+    readAt: {
+      $exists: false
+    }
+  }, getAccessibleByQuery(ability, "read", "RBNotification")];
+  if (disabledTopics.length > 0) unreadQueryFilters.push({
+    topic: {
+      $nin: disabledTopics
+    }
+  });
+  const unreadQuery = {
+    $and: unreadQueryFilters
+  };
+  const [unreadCount, unseenCount] = await Promise.all([NotificationModel.countDocuments(unreadQuery), NotificationModel.countDocuments(unseenQuery)]);
+  const now = markSeen ? /* @__PURE__ */ new Date() : null;
+  if (now && unseenCount > 0) {
+    await NotificationModel.updateMany(unseenQuery, {
+      $set: {
+        seenAt: now
+      }
+    });
+  }
+  return listResponseSchema.parse({
+    ok: true,
+    notifications: notifications.map((n) => ({
+      id: String(n._id),
+      topic: typeof n.topic === "string" ? n.topic : void 0,
+      title: typeof n.title === "string" ? n.title : "",
+      body: typeof n.body === "string" ? n.body : void 0,
+      url: typeof n.url === "string" ? n.url : void 0,
+      createdAt: toIso(n.createdAt) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      seenAt: toIso(n.seenAt) ?? (now && !n.archivedAt && !n.seenAt ? now.toISOString() : void 0),
+      readAt: toIso(n.readAt),
+      archivedAt: toIso(n.archivedAt),
+      metadata: typeof n.metadata === "object" && n.metadata !== null ? n.metadata : void 0
+    })),
+    unreadCount,
+    unseenCount: now ? 0 : unseenCount
+  });
+};
+const createNotificationForCurrentUser = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("create", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const parsed = createRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_payload"
+    };
+  }
+  const created = await createNotification(ctx, {
+    userId: session.userId,
+    topic: parsed.data.topic,
+    title: parsed.data.title,
+    body: parsed.data.body,
+    url: parsed.data.url,
+    metadata: parsed.data.metadata
+  }, ability);
+  return createResponseSchema.parse({
+    ok: true,
+    id: created.id
+  });
+};
+const markRead = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const notificationId = typeof ctx.req.params.notificationId === "string" ? ctx.req.params.notificationId.trim() : "";
+  if (!notificationId) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "missing_notification_id"
+    };
+  }
+  const NotificationModel = await models.get("RBNotification", {
+    req: ctx.req,
+    ability
+  });
+  const now = /* @__PURE__ */ new Date();
+  try {
+    await NotificationModel.updateOne({
+      $and: [{
+        _id: notificationId
+      }, {
+        archivedAt: {
+          $exists: false
+        }
+      }, getAccessibleByQuery(ability, "update", "RBNotification")]
+    }, {
+      $set: {
+        readAt: now,
+        seenAt: now
+      }
+    });
+  } catch {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_notification_id"
+    };
+  }
+  return {
+    ok: true
+  };
+};
+const markAllRead = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const SettingsModel = await models.get("RBNotificationSettings", {
+    req: ctx.req,
+    ability
+  });
+  const settings = await SettingsModel.findOne({
+    userId: session.userId
+  }).lean();
+  const disabledTopics = buildDisabledTopics(settings, "inApp");
+  const NotificationModel = await models.get("RBNotification", {
+    req: ctx.req,
+    ability
+  });
+  const queryFilters = [{
+    userId: session.userId
+  }, {
+    archivedAt: {
+      $exists: false
+    }
+  }, {
+    readAt: {
+      $exists: false
+    }
+  }, getAccessibleByQuery(ability, "update", "RBNotification")];
+  if (disabledTopics.length > 0) queryFilters.push({
+    topic: {
+      $nin: disabledTopics
+    }
+  });
+  const query = {
+    $and: queryFilters
+  };
+  const now = /* @__PURE__ */ new Date();
+  await NotificationModel.updateMany(query, {
+    $set: {
+      readAt: now,
+      seenAt: now
+    }
+  });
+  return {
+    ok: true
+  };
+};
+const archiveNotification = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const notificationId = typeof ctx.req.params.notificationId === "string" ? ctx.req.params.notificationId.trim() : "";
+  if (!notificationId) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "missing_notification_id"
+    };
+  }
+  const NotificationModel = await models.get("RBNotification", {
+    req: ctx.req,
+    ability
+  });
+  try {
+    await NotificationModel.updateOne({
+      $and: [{
+        _id: notificationId
+      }, {
+        archivedAt: {
+          $exists: false
+        }
+      }, getAccessibleByQuery(ability, "update", "RBNotification")]
+    }, {
+      $set: {
+        archivedAt: /* @__PURE__ */ new Date()
+      }
+    });
+  } catch {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_notification_id"
+    };
+  }
+  return {
+    ok: true
+  };
+};
+const getSettings = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("read", "RBNotificationSettings")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const SettingsModel = await models.get("RBNotificationSettings", {
+    req: ctx.req,
+    ability
+  });
+  const settings = await SettingsModel.findOne({
+    $and: [{
+      userId: session.userId
+    }, getAccessibleByQuery(ability, "read", "RBNotificationSettings")]
+  }).lean();
+  const digestFrequencyRaw = typeof settings?.digestFrequency === "string" ? settings.digestFrequency : "weekly";
+  const digestFrequency = digestFrequencyRaw === "off" || digestFrequencyRaw === "daily" || digestFrequencyRaw === "weekly" ? digestFrequencyRaw : "weekly";
+  const topicPreferences = Array.isArray(settings?.topicPreferences) ? settings.topicPreferences.map((pref) => ({
+    topic: typeof pref.topic === "string" ? pref.topic : "",
+    inApp: pref.inApp === true,
+    emailDigest: pref.emailDigest === true,
+    push: pref.push === true
+  })).filter((pref) => pref.topic.length > 0) : [];
+  return settingsResponseSchema.parse({
+    ok: true,
+    settings: {
+      digestFrequency,
+      topicPreferences,
+      lastDigestSentAt: toIso(settings?.lastDigestSentAt)
+    }
+  });
+};
+const updateSettings = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("update", "RBNotificationSettings")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const parsed = updateSettingsRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_payload"
+    };
+  }
+  const SettingsModel = await models.get("RBNotificationSettings", {
+    req: ctx.req,
+    ability
+  });
+  const nextValues = {};
+  if (parsed.data.digestFrequency) {
+    nextValues.digestFrequency = parsed.data.digestFrequency;
+  }
+  if (parsed.data.topicPreferences) {
+    const seen = /* @__PURE__ */ new Set();
+    const next = parsed.data.topicPreferences.map((pref) => ({
+      topic: pref.topic.trim(),
+      inApp: pref.inApp,
+      emailDigest: pref.emailDigest,
+      push: pref.push
+    })).filter((pref) => pref.topic.length > 0).filter((pref) => {
+      if (seen.has(pref.topic)) return false;
+      seen.add(pref.topic);
+      return true;
+    });
+    nextValues.topicPreferences = next;
+  }
+  const ops = {
+    $setOnInsert: {
+      userId: session.userId
+    }
+  };
+  if (Object.keys(nextValues).length > 0) {
+    ops.$set = nextValues;
+  }
+  const settings = await SettingsModel.findOneAndUpdate({
+    $and: [{
+      userId: session.userId
+    }, getAccessibleByQuery(ability, "update", "RBNotificationSettings")]
+  }, ops, {
+    upsert: true,
+    returnDocument: "after",
+    setDefaultsOnInsert: true
+  }).lean();
+  const digestFrequencyRaw = typeof settings?.digestFrequency === "string" ? settings.digestFrequency : "weekly";
+  const digestFrequency = digestFrequencyRaw === "off" || digestFrequencyRaw === "daily" || digestFrequencyRaw === "weekly" ? digestFrequencyRaw : "weekly";
+  const topicPreferences = Array.isArray(settings?.topicPreferences) ? settings.topicPreferences.map((pref) => ({
+    topic: typeof pref.topic === "string" ? pref.topic : "",
+    inApp: pref.inApp === true,
+    emailDigest: pref.emailDigest === true,
+    push: pref.push === true
+  })).filter((pref) => pref.topic.length > 0) : [];
+  return updateSettingsResponseSchema.parse({
+    ok: true,
+    settings: {
+      digestFrequency,
+      topicPreferences,
+      lastDigestSentAt: toIso(settings?.lastDigestSentAt)
+    }
+  });
+};
+const runDigest = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return {
+      ok: false,
+      error: "unauthorized"
+    };
+  }
+  const ability = buildAbilityFromSession({
+    tenantId: session.tenantId,
+    session: ctx.req.session
+  });
+  if (!ability.can("read", "RBNotification")) {
+    ctx.res.status(403);
+    return {
+      ok: false,
+      error: "forbidden"
+    };
+  }
+  const parsed = digestRunRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return {
+      ok: false,
+      error: "invalid_payload"
+    };
+  }
+  const result = await sendNotificationsDigestForUser(ctx, {
+    userId: session.userId,
+    ability,
+    force: parsed.data.force === true
+  });
+  if (!result.ok) {
+    ctx.res.status(500);
+    return {
+      ok: false,
+      error: result.error
+    };
+  }
+  return {
+    ok: true,
+    sent: result.sent,
+    ...result.skippedReason ? {
+      skippedReason: result.skippedReason
+    } : {}
+  };
+};
+const handler = (api) => {
+  api.post(ListRoute, listNotifications);
+  api.post(CreateRoute, createNotificationForCurrentUser);
+  api.post(MarkReadRoute, markRead);
+  api.post(MarkAllReadRoute, markAllRead);
+  api.post(ArchiveRoute, archiveNotification);
+  api.get(SettingsRoute, getSettings);
+  api.put(SettingsRoute, updateSettings);
+  api.post(DigestRunRoute, runDigest);
+};
+export {
+  handler as default
+};
+//# sourceMappingURL=handler-0rPClEv4.js.map