@soulbatical/tetra-core 0.10.4 → 0.11.0

package/dist/shared/telegram/routes.js

@@ -1,868 +0,0 @@
-/**
- * Telegram Route Factory — addTelegramRoutes()
- *
- * Creates all Telegram integration routes and services:
- * - Webhook receiver (POST /webhook)
- * - Admin CRUD: settings, connect, disconnect, test, rules, presets
- * - Notification service (notifyEvent, editMessage, sendMessage)
- * - Webhook auto-registration
- *
- * Usage:
- * ```typescript
- * import { addTelegramRoutes } from '@soulbatical/tetra-core';
- *
- * const telegram = addTelegramRoutes({
- *   botToken: process.env.MY_TELEGRAM_BOT_TOKEN!,
- *   botUsername: 'myapp_bot',
- *   appName: 'MyApp',
- *   dashboardUrl: 'https://myapp.com/settings/telegram',
- *   presets: [...],
- *   onMessage: async (ctx) => {
- *     // Handle free-text messages — return string to reply
- *     return `You said: ${ctx.text}`;
- *   },
- * });
- *
- * // Mount in createApp routes:
- * { prefix: '/api/public/telegram/webhook', access: 'public', rateLimit: 'none', router: telegram.webhookRouter },
- * { prefix: '/api/admin/telegram', access: 'admin', router: telegram.adminRouter, middleware: [...] },
- *
- * // Register webhook on startup (in services):
- * { name: 'TelegramWebhook', start: () => telegram.registerWebhook(baseUrl) },
- *
- * // Send notifications from anywhere:
- * telegram.notifyEvent(orgId, projectId, 'campaign_published', 'Campaign X is live!');
- * ```
- */
-import { Router } from 'express';
-import crypto from 'crypto';
-import { RFC7807ErrorResponse } from '../rfc7807ErrorResponse.js';
-import { createLogger } from '../../utils/logger.js';
-import { systemDB } from '../../core/systemDb.js';
-import { adminDB } from '../../core/adminDb.js';
-import { splitMessage, containsSecrets, generateIdempotencyHash, isDuplicate, markSent, } from './utils.js';
-const log = createLogger('telegram');
-// ── Telegram API Helpers ────────────────────────────────────
-export class TelegramSecretError extends Error {
-    secrets;
-    constructor(secrets) {
-        super(`Message blocked: contains ${secrets.length} secret(s). Never send keys/tokens to Telegram.`);
-        this.secrets = secrets;
-        this.name = 'TelegramSecretError';
-    }
-}
-async function telegramApi(botToken, method, body) {
-    const res = await fetch(`https://api.telegram.org/bot${botToken}/${method}`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(body),
-    });
-    return res.json();
-}
-async function telegramApiFormData(botToken, method, formData) {
-    const res = await fetch(`https://api.telegram.org/bot${botToken}/${method}`, {
-        method: 'POST',
-        body: formData,
-    });
-    return res.json();
-}
-function getOrgId(req) {
-    const user = req.user;
-    if (!user)
-        return undefined;
-    return user.active_organization_id || user.organizationId || user.activeOrganizationId;
-}
-function getUserId(req) {
-    return req.user?.id;
-}
-// ── Rule Evaluator ──────────────────────────────────────────
-async function evaluateRules(botToken, userId, ctx) {
-    const db = systemDB('telegram-rules');
-    try {
-        const { data: rules } = await db
-            .from('telegram_rules')
-            .select('*')
-            .eq('organization_id', ctx.organizationId)
-            .eq('enabled', true)
-            .or(`user_id.is.null,user_id.eq.${userId}`)
-            .order('user_id', { ascending: true, nullsFirst: true })
-            .order('priority', { ascending: true });
-        if (!rules || rules.length === 0) {
-            return { action: 'notify', matchedRule: null };
-        }
-        for (const rule of rules) {
-            if (matchesConditions(rule.conditions, ctx)) {
-                return { action: rule.action, matchedRule: rule };
-            }
-        }
-        return { action: 'notify', matchedRule: null };
-    }
-    catch (err) {
-        log.error('Rule evaluation failed, defaulting to notify:', err);
-        return { action: 'notify', matchedRule: null };
-    }
-}
-function matchesConditions(conditions, ctx) {
-    if (!conditions || Object.keys(conditions).length === 0)
-        return true;
-    if (conditions.event_types?.length) {
-        if (!conditions.event_types.includes(ctx.eventType))
-            return false;
-    }
-    if (conditions.project_ids?.length) {
-        if (!ctx.projectId || !conditions.project_ids.includes(ctx.projectId))
-            return false;
-    }
-    if (conditions.custom_types?.length) {
-        if (!ctx.customType || !conditions.custom_types.includes(ctx.customType))
-            return false;
-    }
-    if (conditions.keywords?.length) {
-        if (!ctx.message)
-            return false;
-        const msgLower = ctx.message.toLowerCase();
-        if (!conditions.keywords.some(kw => msgLower.includes(kw.toLowerCase())))
-            return false;
-    }
-    return true;
-}
-// ── Factory ─────────────────────────────────────────────────
-export function addTelegramRoutes(config) {
-    const { botToken, botUsername, presets = [], knownEvents } = config;
-    const appName = config.appName || 'App';
-    const dashboardUrl = config.dashboardUrl || '';
-    const blockSecrets = config.blockSecrets !== false; // default: true
-    const VALID_ACTIONS = ['notify', 'silent'];
-    // ── Notification Service ────────────────────────────────
-    async function sendMessage(chatId, text, keyboard) {
-        // Secret blocking
-        if (blockSecrets) {
-            const secrets = containsSecrets(text);
-            if (secrets.length > 0) {
-                throw new TelegramSecretError(secrets);
-            }
-        }
-        // Idempotency check
-        const hash = generateIdempotencyHash(chatId, text);
-        if (isDuplicate(hash)) {
-            log.info(`Duplicate blocked for chat ${chatId}: ${text.slice(0, 50)}...`);
-            return false;
-        }
-        // Split long messages
-        const chunks = splitMessage(text);
-        let lastOk = false;
-        for (const chunk of chunks) {
-            const body = {
-                chat_id: chatId,
-                text: chunk,
-                parse_mode: 'Markdown',
-            };
-            // Only add keyboard to the last chunk
-            if (keyboard && chunk === chunks[chunks.length - 1]) {
-                body.reply_markup = keyboard;
-            }
-            let result = await telegramApi(botToken, 'sendMessage', body);
-            // Markdown fallback: retry without parse_mode on parse errors
-            if (!result.ok && result.description?.includes("can't parse")) {
-                delete body.parse_mode;
-                result = await telegramApi(botToken, 'sendMessage', body);
-            }
-            lastOk = result.ok;
-            // Fire onMessageSent hook
-            if (result.ok && config.onMessageSent) {
-                try {
-                    config.onMessageSent({
-                        chatId,
-                        type: 'message',
-                        text: chunk,
-                        messageId: result.result?.message_id,
-                    });
-                }
-                catch { /* fire and forget */ }
-            }
-        }
-        markSent(hash);
-        return lastOk;
-    }
-    async function editMessage(chatId, messageId, newText, keyboard) {
-        const body = {
-            chat_id: chatId,
-            message_id: messageId,
-            text: newText,
-            parse_mode: 'Markdown',
-        };
-        if (keyboard)
-            body.reply_markup = keyboard;
-        let result = await telegramApi(botToken, 'editMessageText', body);
-        // Markdown fallback
-        if (!result.ok && result.description?.includes("can't parse")) {
-            delete body.parse_mode;
-            result = await telegramApi(botToken, 'editMessageText', body);
-        }
-        return result.ok;
-    }
-    async function sendPhoto(chatId, photo, options) {
-        // Secret blocking on caption
-        if (blockSecrets && options?.caption) {
-            const secrets = containsSecrets(options.caption);
-            if (secrets.length > 0)
-                throw new TelegramSecretError(secrets);
-        }
-        if (typeof photo === 'string') {
-            // URL — send as JSON
-            const body = {
-                chat_id: chatId,
-                photo,
-                parse_mode: 'Markdown',
-            };
-            if (options?.caption)
-                body.caption = options.caption;
-            let result = await telegramApi(botToken, 'sendPhoto', body);
-            // Markdown fallback on caption
-            if (!result.ok && result.description?.includes("can't parse")) {
-                delete body.parse_mode;
-                result = await telegramApi(botToken, 'sendPhoto', body);
-            }
-            if (result.ok && config.onMessageSent) {
-                try {
-                    config.onMessageSent({
-                        chatId,
-                        type: 'photo',
-                        text: options?.caption || '[photo]',
-                        messageId: result.result?.message_id,
-                    });
-                }
-                catch { /* fire and forget */ }
-            }
-            return result.ok;
-        }
-        // Buffer — send as FormData
-        const formData = new FormData();
-        formData.append('chat_id', String(chatId));
-        formData.append('photo', new Blob([new Uint8Array(photo)], { type: 'image/png' }), options?.fileName || 'photo.png');
-        if (options?.caption) {
-            formData.append('caption', options.caption);
-            formData.append('parse_mode', 'Markdown');
-        }
-        let result = await telegramApiFormData(botToken, 'sendPhoto', formData);
-        // Markdown fallback on caption
-        if (!result.ok && result.description?.includes("can't parse") && options?.caption) {
-            const retryForm = new FormData();
-            retryForm.append('chat_id', String(chatId));
-            retryForm.append('photo', new Blob([new Uint8Array(photo)], { type: 'image/png' }), options?.fileName || 'photo.png');
-            retryForm.append('caption', options.caption);
-            // No parse_mode
-            result = await telegramApiFormData(botToken, 'sendPhoto', retryForm);
-        }
-        if (result.ok && config.onMessageSent) {
-            try {
-                config.onMessageSent({
-                    chatId,
-                    type: 'photo',
-                    text: options?.caption || '[photo]',
-                    messageId: result.result?.message_id,
-                });
-            }
-            catch { /* fire and forget */ }
-        }
-        return result.ok;
-    }
-    async function sendDocument(chatId, document, options) {
-        // Secret blocking on caption
-        if (blockSecrets && options?.caption) {
-            const secrets = containsSecrets(options.caption);
-            if (secrets.length > 0)
-                throw new TelegramSecretError(secrets);
-        }
-        if (typeof document === 'string') {
-            // URL — send as JSON
-            const body = {
-                chat_id: chatId,
-                document,
-            };
-            if (options?.caption)
-                body.caption = options.caption;
-            const result = await telegramApi(botToken, 'sendDocument', body);
-            if (result.ok && config.onMessageSent) {
-                try {
-                    config.onMessageSent({
-                        chatId,
-                        type: 'document',
-                        text: options?.caption || '[document]',
-                        messageId: result.result?.message_id,
-                    });
-                }
-                catch { /* fire and forget */ }
-            }
-            return result.ok;
-        }
-        // Buffer — send as FormData
-        const formData = new FormData();
-        formData.append('chat_id', String(chatId));
-        formData.append('document', new Blob([new Uint8Array(document)]), options?.fileName || 'document');
-        if (options?.caption)
-            formData.append('caption', options.caption);
-        const result = await telegramApiFormData(botToken, 'sendDocument', formData);
-        if (result.ok && config.onMessageSent) {
-            try {
-                config.onMessageSent({
-                    chatId,
-                    type: 'document',
-                    text: options?.caption || '[document]',
-                    messageId: result.result?.message_id,
-                });
-            }
-            catch { /* fire and forget */ }
-        }
-        return result.ok;
-    }
-    async function notifyEvent(organizationId, projectId, eventType, message, options) {
-        if (!organizationId)
-            return 0;
-        const db = systemDB('telegram-notify');
-        const { data: settings } = await db
-            .from('user_telegram_settings')
-            .select('user_id, telegram_chat_id, project_ids, notification_events, permissions')
-            .eq('organization_id', organizationId)
-            .eq('enabled', true);
-        if (!settings || settings.length === 0)
-            return 0;
-        let sentCount = 0;
-        for (const setting of settings) {
-            if (!setting.telegram_chat_id)
-                continue;
-            // Filter by project
-            if (setting.project_ids !== null && projectId) {
-                if (!setting.project_ids.includes(projectId))
-                    continue;
-            }
-            if (setting.project_ids !== null && !projectId)
-                continue;
-            // Filter by notification_events
-            if (setting.notification_events !== null) {
-                if (!setting.notification_events.includes(eventType))
-                    continue;
-            }
-            // Filter by required permission
-            if (options?.requiredPermission) {
-                if (!setting.permissions?.includes(options.requiredPermission))
-                    continue;
-            }
-            // Evaluate rules engine
-            const { action } = await evaluateRules(botToken, setting.user_id, {
-                organizationId,
-                projectId,
-                eventType,
-                customType: options?.customType,
-                message,
-            });
-            if (action === 'silent')
-                continue;
-            const ok = await sendMessage(setting.telegram_chat_id, message, options?.keyboard);
-            if (ok)
-                sentCount++;
-        }
-        return sentCount;
-    }
-    // ── Webhook Router (public, no auth) ────────────────────
-    const webhookRouter = Router();
-    webhookRouter.post('/', async (req, res) => {
-        // Always return 200 to Telegram
-        res.sendStatus(200);
-        try {
-            const update = req.body;
-            // Handle callback queries
-            if (update?.callback_query && config.onCallbackQuery) {
-                const cq = update.callback_query;
-                const chatId = cq.message?.chat?.id;
-                const messageId = cq.message?.message_id;
-                // Answer callback to remove loading spinner
-                await telegramApi(botToken, 'answerCallbackQuery', { callback_query_id: cq.id });
-                // Look up user by chat_id
-                const db = systemDB('telegram-webhook');
-                const { data: settings } = await db
-                    .from('user_telegram_settings')
-                    .select('*')
-                    .eq('telegram_chat_id', String(chatId))
-                    .maybeSingle();
-                if (settings) {
-                    const replyText = await config.onCallbackQuery({
-                        chatId,
-                        messageId,
-                        callbackData: cq.data || '',
-                        firstName: cq.from?.first_name || '',
-                        userId: settings.user_id,
-                        organizationId: settings.organization_id,
-                        settings,
-                    });
-                    if (replyText) {
-                        await editMessage(String(chatId), messageId, replyText);
-                    }
-                }
-                return;
-            }
-            const message = update?.message;
-            if (!message?.text)
-                return;
-            const text = message.text.trim();
-            const chatId = message.chat.id;
-            const firstName = message.from?.first_name || 'there';
-            // /start <token> — deep link pairing
-            if (text.startsWith('/start ')) {
-                const linkToken = text.slice(7).trim();
-                if (!linkToken || linkToken.length < 16)
-                    return;
-                const db = systemDB('telegram-webhook');
-                const { data: settings, error } = await db
-                    .from('user_telegram_settings')
-                    .select('id, link_token_expires_at')
-                    .eq('link_token', linkToken)
-                    .maybeSingle();
-                if (error || !settings) {
-                    await sendMessage(chatId, '\u274C This link is invalid or expired. Go back and try again.');
-                    return;
-                }
-                if (settings.link_token_expires_at && new Date(settings.link_token_expires_at) < new Date()) {
-                    await sendMessage(chatId, `\u23F0 This link has expired. Go back to ${appName} and click "Connect Telegram" again.`);
-                    return;
-                }
-                const { error: updateError } = await db
-                    .from('user_telegram_settings')
-                    .update({
-                    telegram_chat_id: String(chatId),
-                    enabled: true,
-                    link_token: null,
-                    link_token_expires_at: null,
-                    updated_at: new Date().toISOString(),
-                })
-                    .eq('id', settings.id);
-                if (updateError) {
-                    log.error('Could not save chat_id:', updateError);
-                    await sendMessage(chatId, '\u274C Something went wrong. Please try again.');
-                    return;
-                }
-                await sendMessage(chatId, `\u2705 *${appName} connected!*\n\nHi ${firstName}! You will now receive Telegram notifications.\n\nYou can customize which notifications you receive in the ${appName} dashboard.`);
-                log.info(`Telegram linked: chat ${chatId}`);
-                return;
-            }
-            // /start — no token
-            if (text === '/start') {
-                const msg = config.welcomeMessage ||
-                    `\u{1F680} *Welcome to ${appName}!*\n\nGo to your ${appName} dashboard and click "Connect Telegram" to enable notifications.${dashboardUrl ? `\n\n${dashboardUrl}` : ''}`;
-                await sendMessage(chatId, msg);
-                return;
-            }
-            // /help
-            if (text === '/help') {
-                const msg = config.helpMessage ||
-                    `\u{1F680} *${appName} Bot*\n\nThis bot sends you notifications from ${appName}.\n\n*Setup:*\n1. Go to your ${appName} dashboard\n2. Click "Connect Telegram"\n3. Done!\n\n*Commands:*\n/start \u2014 Connect your account\n/help \u2014 This message\n/status \u2014 Check your status`;
-                await sendMessage(chatId, msg);
-                return;
-            }
-            // /status
-            if (text === '/status') {
-                const db = systemDB('telegram-webhook');
-                const { data: settings } = await db
-                    .from('user_telegram_settings')
-                    .select('enabled, project_ids')
-                    .eq('telegram_chat_id', String(chatId))
-                    .maybeSingle();
-                if (!settings) {
-                    await sendMessage(chatId, `\u274C Your Telegram is not yet linked to ${appName}.${dashboardUrl ? ` Go to ${dashboardUrl}` : ''}`);
-                    return;
-                }
-                const status = settings.enabled ? '\u2705 Active' : '\u23F8 Paused';
-                const projects = settings.project_ids ? `${settings.project_ids.length} project(s)` : 'All projects';
-                await sendMessage(chatId, `\u{1F680} *${appName} Status*\n\n*Notifications:* ${status}\n*Projects:* ${projects}`);
-                return;
-            }
-            // Free-text messages — forward to onMessage handler if connected
-            if (config.onMessage) {
-                const db = systemDB('telegram-webhook');
-                const { data: settings } = await db
-                    .from('user_telegram_settings')
-                    .select('*')
-                    .eq('telegram_chat_id', String(chatId))
-                    .maybeSingle();
-                if (!settings) {
-                    await sendMessage(chatId, `\u274C Your Telegram is not yet linked to ${appName}. Use /start to connect.`);
-                    return;
-                }
-                if (!settings.enabled) {
-                    await sendMessage(chatId, `\u23F8 Your notifications are paused. Enable them in the ${appName} dashboard.`);
-                    return;
-                }
-                const reply = await config.onMessage({
-                    chatId,
-                    text,
-                    firstName,
-                    userId: settings.user_id,
-                    organizationId: settings.organization_id,
-                    settings,
-                });
-                if (reply) {
-                    await sendMessage(chatId, reply);
-                }
-            }
-        }
-        catch (err) {
-            log.error('Webhook processing error:', err);
-        }
-    });
-    // ── Admin Router (authenticated) ──────────────────────
-    const adminRouter = Router();
-    // GET /settings
-    adminRouter.get('/settings', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            res.json({ success: true, data: null, bot_available: true });
-            return;
-        }
-        const db = await adminDB(req);
-        const { data, error } = await db
-            .from('user_telegram_settings')
-            .select('id, user_id, organization_id, telegram_chat_id, enabled, project_ids, notification_events, permissions, created_at, updated_at')
-            .eq('user_id', userId)
-            .eq('organization_id', orgId)
-            .maybeSingle();
-        if (error) {
-            RFC7807ErrorResponse.internalError(res, 'Could not retrieve Telegram settings.');
-            return;
-        }
-        res.json({
-            success: true,
-            data: data ? { ...data, connected: !!data.telegram_chat_id } : null,
-            bot_available: true,
-        });
-    });
-    // POST /connect
-    adminRouter.post('/connect', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const linkToken = crypto.randomBytes(16).toString('hex');
-        const expiresAt = new Date(Date.now() + 10 * 60 * 1000).toISOString();
-        const db = await adminDB(req);
-        const { error } = await db
-            .from('user_telegram_settings')
-            .upsert({
-            user_id: userId,
-            organization_id: orgId,
-            link_token: linkToken,
-            link_token_expires_at: expiresAt,
-            updated_at: new Date().toISOString(),
-        }, { onConflict: 'user_id,organization_id' });
-        if (error) {
-            log.error('Connect token upsert error:', error);
-            RFC7807ErrorResponse.internalError(res, 'Could not create connection link.');
-            return;
-        }
-        const deepLink = `https://t.me/${botUsername}?start=${linkToken}`;
-        res.json({ success: true, data: { deep_link: deepLink, expires_in: 600 } });
-    });
-    // POST /disconnect
-    adminRouter.post('/disconnect', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const db = await adminDB(req);
-        await db
-            .from('user_telegram_settings')
-            .update({
-            telegram_chat_id: null,
-            enabled: false,
-            link_token: null,
-            link_token_expires_at: null,
-            updated_at: new Date().toISOString(),
-        })
-            .eq('user_id', userId)
-            .eq('organization_id', orgId);
-        res.json({ success: true, data: { message: 'Telegram disconnected.' } });
-    });
-    // PUT /settings
-    adminRouter.put('/settings', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const { enabled, project_ids, notification_events } = req.body;
-        if (project_ids != null && !Array.isArray(project_ids)) {
-            RFC7807ErrorResponse.badRequest(res, 'project_ids must be an array.');
-            return;
-        }
-        if (notification_events != null) {
-            if (!Array.isArray(notification_events)) {
-                RFC7807ErrorResponse.badRequest(res, 'notification_events must be an array or null.');
-                return;
-            }
-            if (knownEvents) {
-                const knownSet = new Set(knownEvents);
-                for (const evt of notification_events) {
-                    if (typeof evt !== 'string' || !knownSet.has(evt)) {
-                        RFC7807ErrorResponse.badRequest(res, `Unknown event type: ${evt}`);
-                        return;
-                    }
-                }
-            }
-        }
-        const db = await adminDB(req);
-        const { data: existing } = await db
-            .from('user_telegram_settings')
-            .select('telegram_chat_id')
-            .eq('user_id', userId)
-            .eq('organization_id', orgId)
-            .maybeSingle();
-        if (enabled && (!existing || !existing.telegram_chat_id)) {
-            RFC7807ErrorResponse.badRequest(res, 'Connect Telegram first before enabling notifications.');
-            return;
-        }
-        const updates = {
-            enabled: enabled ?? false,
-            project_ids: project_ids ?? null,
-            updated_at: new Date().toISOString(),
-        };
-        if (notification_events !== undefined)
-            updates.notification_events = notification_events;
-        const { data, error } = await db
-            .from('user_telegram_settings')
-            .update(updates)
-            .eq('user_id', userId)
-            .eq('organization_id', orgId)
-            .select()
-            .single();
-        if (error) {
-            RFC7807ErrorResponse.internalError(res, 'Could not save settings.');
-            return;
-        }
-        res.json({ success: true, data });
-    });
-    // POST /test
-    adminRouter.post('/test', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const db = await adminDB(req);
-        const { data: settings } = await db
-            .from('user_telegram_settings')
-            .select('telegram_chat_id')
-            .eq('user_id', userId)
-            .eq('organization_id', orgId)
-            .maybeSingle();
-        if (!settings?.telegram_chat_id) {
-            RFC7807ErrorResponse.badRequest(res, 'Telegram is not connected.');
-            return;
-        }
-        const ok = await sendMessage(settings.telegram_chat_id, `\u2705 *${appName} test* \u2014 Telegram works!\n\nYou will receive notifications here.`);
-        if (ok) {
-            res.json({ success: true, data: { message: 'Test message sent!' } });
-        }
-        else {
-            RFC7807ErrorResponse.badRequest(res, 'Could not send test message.');
-        }
-    });
-    // ── Rules CRUD ──────────────────────────────────────────
-    // GET /rules
-    adminRouter.get('/rules', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            res.json({ success: true, data: [] });
-            return;
-        }
-        const db = await adminDB(req);
-        const { data, error } = await db
-            .from('telegram_rules')
-            .select('*')
-            .eq('organization_id', orgId)
-            .or(`user_id.is.null,user_id.eq.${userId}`)
-            .order('priority', { ascending: true });
-        if (error) {
-            RFC7807ErrorResponse.internalError(res, 'Could not retrieve rules.');
-            return;
-        }
-        res.json({ success: true, data: data || [] });
-    });
-    // POST /rules
-    adminRouter.post('/rules', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const { name, conditions, action, priority, enabled } = req.body;
-        if (!name || typeof name !== 'string' || !name.trim()) {
-            RFC7807ErrorResponse.badRequest(res, 'Name is required.');
-            return;
-        }
-        if (action && !VALID_ACTIONS.includes(action)) {
-            RFC7807ErrorResponse.badRequest(res, `Invalid action: ${action}`);
-            return;
-        }
-        const db = await adminDB(req);
-        const { data, error } = await db
-            .from('telegram_rules')
-            .insert({
-            organization_id: orgId,
-            user_id: userId,
-            name: name.trim(),
-            conditions: conditions || {},
-            action: action || 'notify',
-            priority: typeof priority === 'number' ? priority : 100,
-            enabled: enabled !== false,
-        })
-            .select()
-            .single();
-        if (error) {
-            RFC7807ErrorResponse.internalError(res, 'Could not create rule.');
-            return;
-        }
-        res.json({ success: true, data });
-    });
-    // PUT /rules/:id
-    adminRouter.put('/rules/:id', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const { name, conditions, action, priority, enabled } = req.body;
-        if (action && !VALID_ACTIONS.includes(action)) {
-            RFC7807ErrorResponse.badRequest(res, `Invalid action: ${action}`);
-            return;
-        }
-        const updates = { updated_at: new Date().toISOString() };
-        if (name !== undefined)
-            updates.name = name;
-        if (conditions !== undefined)
-            updates.conditions = conditions;
-        if (action !== undefined)
-            updates.action = action;
-        if (priority !== undefined)
-            updates.priority = priority;
-        if (enabled !== undefined)
-            updates.enabled = enabled;
-        const db = await adminDB(req);
-        const { data, error } = await db
-            .from('telegram_rules')
-            .update(updates)
-            .eq('id', req.params.id)
-            .eq('user_id', userId)
-            .eq('organization_id', orgId)
-            .select()
-            .single();
-        if (error || !data) {
-            RFC7807ErrorResponse.notFound(res, 'Rule not found.');
-            return;
-        }
-        res.json({ success: true, data });
-    });
-    // DELETE /rules/:id
-    adminRouter.delete('/rules/:id', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const db = await adminDB(req);
-        await db
-            .from('telegram_rules')
-            .delete()
-            .eq('id', req.params.id)
-            .eq('user_id', userId)
-            .eq('organization_id', orgId);
-        res.json({ success: true, data: { message: 'Rule deleted.' } });
-    });
-    // GET /presets
-    adminRouter.get('/presets', async (_req, res) => {
-        res.json({ success: true, data: presets });
-    });
-    // POST /rules/from-preset
-    adminRouter.post('/rules/from-preset', async (req, res) => {
-        const userId = getUserId(req);
-        const orgId = getOrgId(req);
-        if (!orgId) {
-            RFC7807ErrorResponse.badRequest(res, 'No active organization.');
-            return;
-        }
-        const { preset_key } = req.body;
-        const preset = presets.find(p => p.key === preset_key);
-        if (!preset) {
-            RFC7807ErrorResponse.badRequest(res, `Unknown preset: ${preset_key}`);
-            return;
-        }
-        const db = await adminDB(req);
-        const { data: existing } = await db
-            .from('telegram_rules')
-            .select('id')
-            .eq('organization_id', orgId)
-            .eq('user_id', userId)
-            .eq('preset_key', preset_key)
-            .maybeSingle();
-        if (existing) {
-            RFC7807ErrorResponse.badRequest(res, 'This preset is already active.');
-            return;
-        }
-        const { data, error } = await db
-            .from('telegram_rules')
-            .insert({
-            organization_id: orgId,
-            user_id: userId,
-            name: preset.name_en,
-            conditions: preset.conditions,
-            action: preset.action,
-            priority: preset.priority,
-            preset_key: preset.key,
-            enabled: true,
-        })
-            .select()
-            .single();
-        if (error) {
-            RFC7807ErrorResponse.internalError(res, 'Could not create preset rule.');
-            return;
-        }
-        res.json({ success: true, data });
-    });
-    // ── Webhook Registration ────────────────────────────────
-    async function registerWebhook(baseUrl) {
-        const webhookUrl = `https://${baseUrl.replace(/^https?:\/\//, '')}/api/public/telegram/webhook`;
-        try {
-            const result = await telegramApi(botToken, 'setWebhook', { url: webhookUrl });
-            if (result.ok) {
-                log.info(`Webhook registered: ${webhookUrl}`);
-                return true;
-            }
-            log.error(`Webhook registration failed: ${result.description}`);
-            return false;
-        }
-        catch (err) {
-            log.error('Webhook registration error:', err);
-            return false;
-        }
-    }
-    return {
-        notifyEvent,
-        editMessage,
-        sendMessage,
-        sendPhoto,
-        sendDocument,
-        adminRouter,
-        webhookRouter,
-        registerWebhook,
-    };
-}
-//# sourceMappingURL=routes.js.map