@stamhoofd/backend 2.120.3 → 2.120.4

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.120.3",
+    "version": "2.120.4",
     "type": "module",
     "main": "./dist/index.js",
     "exports": {
@@ -62,17 +62,17 @@
         "@bwip-js/node": "^4.5.1",
         "@mollie/api-client": "4.3.3",
         "@simonbackx/simple-database": "1.36.12",
-        "@simonbackx/simple-encoding": "2.26.5",
-        "@simonbackx/simple-endpoints": "1.21.0",
+        "@simonbackx/simple-encoding": "2.26.6",
+        "@simonbackx/simple-endpoints": "1.21.1",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.120.3",
-        "@stamhoofd/backend-middleware": "2.120.3",
-        "@stamhoofd/email": "2.120.3",
-        "@stamhoofd/models": "2.120.3",
-        "@stamhoofd/queues": "2.120.3",
-        "@stamhoofd/sql": "2.120.3",
-        "@stamhoofd/structures": "2.120.3",
-        "@stamhoofd/utility": "2.120.3",
+        "@stamhoofd/backend-i18n": "2.120.4",
+        "@stamhoofd/backend-middleware": "2.120.4",
+        "@stamhoofd/email": "2.120.4",
+        "@stamhoofd/models": "2.120.4",
+        "@stamhoofd/queues": "2.120.4",
+        "@stamhoofd/sql": "2.120.4",
+        "@stamhoofd/structures": "2.120.4",
+        "@stamhoofd/utility": "2.120.4",
         "archiver": "^7.0.1",
         "axios": "^1.13.2",
         "cookie": "^0.7.0",
@@ -90,5 +90,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "640ab6cea8c65bc276d4ca7ec8a1d172a23e9a06"
+    "gitHead": "4f2f25a4c56dae59c26368cf61e314b3f57ba204"
 }

package/src/crons/balance-emails.ts

@@ -1,7 +1,7 @@
 import { registerCron } from '@stamhoofd/crons';
 import { CachedBalance, Email, EmailRecipient, Organization, User } from '@stamhoofd/models';
-import type { IterableSQLSelect} from '@stamhoofd/sql';
-import { readDynamicSQLExpression, SQL, SQLCalculation, SQLPlusSign } from '@stamhoofd/sql';
+import type { IterableSQLSelect } from '@stamhoofd/sql';
+import { readDynamicSQLExpression, SQL } from '@stamhoofd/sql';
 import type { OrganizationEmail, StamhoofdFilter } from '@stamhoofd/structures';
 import { EmailRecipientFilter, EmailRecipientFilterType, EmailRecipientSubfilter, EmailTemplateType, ReceivableBalanceType } from '@stamhoofd/structures';
 import { ContextInstance } from '../helpers/Context.js';
@@ -220,11 +220,8 @@ async function sendTemplate({
                     .set('lastReminderAmountOpen', SQL.column('amountOpen'))
                     .set(
                         'reminderEmailCount',
-                        new SQLCalculation(
-                            SQL.column('reminderEmailCount'),
-                            new SQLPlusSign(),
-                            readDynamicSQLExpression(1),
-                        ),
+                        SQL.calculation(SQL.column('reminderEmailCount'))
+                            .add(readDynamicSQLExpression(1))
                     )
                     .where('id', balanceItemIds)
                     .where('organizationId', organization.id)

package/src/endpoints/admin/organizations/PatchPackagesEndpoint.test.ts

@@ -0,0 +1,124 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { OrganizationFactory, STPackageFactory } from '@stamhoofd/models';
+import { AccessRight, OrganizationPackagesStatus, STPackage, STPackageBundle, STPackageBundleHelper } from '@stamhoofd/structures';
+import { STExpect, TestUtils } from '@stamhoofd/test-utils';
+import { testServer } from '../../../../tests/helpers/TestServer.js';
+import { initAdmin, initPlatformAdmin } from '../../../../tests/init/index.js';
+import { PatchPackagesEndpoint } from './PatchPackagesEndpoint.js';
+import { PatchableArray } from '@simonbackx/simple-encoding';
+
+const baseUrl = `/organization/packages`;
+const endpoint = new PatchPackagesEndpoint();
+
+describe('Endpoint.PatchPackagesEndpoint', () => {
+    beforeEach(async () => {
+        TestUtils.setEnvironment('userMode', 'organization');
+    });
+
+    describe('Permission checking', () => {
+        test('Cannot patch organization packages as finance director', async () => {
+            const organization = await new OrganizationFactory({}).create();
+
+            const package1 = await new STPackageFactory({
+                organization,
+                bundle: STPackageBundle.Members,
+            }).create();
+
+            const package2 = await new STPackageFactory({
+                organization,
+                bundle: STPackageBundle.TrialWebshops,
+            }).create();
+
+            const { adminToken } = await initAdmin({
+                organization,
+                accessRights: [AccessRight.OrganizationFinanceDirector],
+            });
+
+            // Try to request all members at organization
+            const request = Request.patch({
+                path: baseUrl,
+                host: organization.getApiHost(),
+                body: OrganizationPackagesStatus.patch({
+                    
+                }),
+                headers: {
+                    authorization: 'Bearer ' + adminToken.accessToken,
+                },
+            });
+
+            await expect(testServer.test(endpoint, request)).rejects.toThrow(STExpect.errorWithCode('permission_denied'));
+        });
+    });
+
+    test('Can create a new package', async () => {
+        const organization = await new OrganizationFactory({}).create();
+
+        const { adminToken } = await initPlatformAdmin();
+
+        const patch = OrganizationPackagesStatus.patch({});
+        
+        const pack = STPackageBundleHelper.getCurrentPackage(STPackageBundle.Webshops, new Date())
+        pack.validAt = new Date(); // ignored by backend for now
+        patch.packages.addPut(pack);
+
+        // Try to request all members at organization
+        const request = Request.patch({
+            path: baseUrl,
+            host: organization.getApiHost(),
+            body: patch,
+            headers: {
+                authorization: 'Bearer ' + adminToken.accessToken,
+            },
+        });
+
+        const response = await testServer.test(endpoint, request);
+        expect(response.status).toBe(200);
+        expect(response.body.packages).toHaveLength(1);
+
+        const reference = response.body.packages[0];
+
+        // Ignore created at
+        pack.createdAt = reference.createdAt;
+        pack.updatedAt = reference.updatedAt;
+        pack.validAt = reference.validAt;
+        expect(reference).toEqual(pack);
+    });
+
+    test('Can edit a package', async () => {
+        const organization = await new OrganizationFactory({}).create();
+
+        const { adminToken } = await initPlatformAdmin();
+
+        const package1 = await new STPackageFactory({
+            organization,
+            bundle: STPackageBundle.Members,
+        }).create();
+
+        const patch = OrganizationPackagesStatus.patch({});
+        const removeAt = new Date();
+        removeAt.setMilliseconds(0)
+        patch.packages.addPatch(STPackage.patch({
+            id: package1.id,
+            removeAt
+        }));
+
+        // Try to request all members at organization
+        const request = Request.patch({
+            path: baseUrl,
+            host: organization.getApiHost(),
+            body: patch,
+            headers: {
+                authorization: 'Bearer ' + adminToken.accessToken,
+            },
+        });
+
+        const response = await testServer.test(endpoint, request);
+        expect(response.status).toBe(200);
+        expect(response.body.packages).toHaveLength(1);
+
+        const reference = response.body.packages[0];
+
+        // Ignore created at
+        expect(reference.removeAt).toEqual(removeAt);
+    });
+});

package/src/endpoints/admin/organizations/PatchPackagesEndpoint.ts

@@ -0,0 +1,94 @@
+import type { AutoEncoderPatchType, Decoder } from '@simonbackx/simple-encoding';
+import type { DecodedRequest, Request } from '@simonbackx/simple-endpoints';
+import { Endpoint, Response } from '@simonbackx/simple-endpoints';
+import { SimpleError } from '@simonbackx/simple-errors';
+import { STPackage } from '@stamhoofd/models';
+import { OrganizationPackagesStatus, STPackage as STPackageStruct } from '@stamhoofd/structures';
+import { Context } from '../../../helpers/Context.js';
+import { STPackageService } from '../../../services/STPackageService.js';
+
+type Params = Record<string, never>;
+type Query = undefined;
+type ResponseBody = OrganizationPackagesStatus;
+type Body = AutoEncoderPatchType<OrganizationPackagesStatus>;
+
+export class PatchPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseBody> {
+    bodyDecoder = OrganizationPackagesStatus.patchType() as Decoder<AutoEncoderPatchType<OrganizationPackagesStatus>>
+
+    protected doesMatch(request: Request): [true, Params] | [false] {
+        if (request.method !== 'PATCH') {
+            return [false];
+        }
+
+        const params = Endpoint.parseParameters(request.url, '/organization/packages', {});
+
+        if (params) {
+            return [true, params as Params];
+        }
+        return [false];
+    }
+
+    async handle(request: DecodedRequest<Params, Query, Body>) {
+        const organization = await Context.setOrganizationScope();
+        await Context.authenticate();
+
+        // If the user has permission, we'll also search if he has access to the organization's key
+        if (!Context.auth.hasPlatformFullAccess()) {
+            throw Context.auth.error();
+        }
+        let updatePackages = false
+        const packages = await STPackageService.getValidPackagesWithExpired(organization.id);
+
+        // Do patches
+        if (request.body.packages) {
+            for (const patch of request.body.packages.getPatches()) {
+                const pack = packages.find(p => p.id === patch.id)
+                if (!pack) {
+                    throw new SimpleError({
+                        code: 'not_found',
+                        message: 'Package not found with id '+patch.id
+                    })
+                }
+
+                if (patch.meta !== undefined) {
+                    pack.meta.patchOrPut(patch.meta)
+                }
+
+                if (patch.validUntil !== undefined) {
+                    pack.validUntil = patch.validUntil
+                }
+
+                if (patch.removeAt !== undefined) {
+                    pack.removeAt = patch.removeAt
+                }
+
+                await pack.save()
+                updatePackages = true
+            }
+
+            for (const put of request.body.packages.getPuts()) {
+                const pack = new STPackage()
+                pack.id = put.put.id;
+                pack.validAt = new Date()
+                pack.organizationId = organization.id
+
+                pack.meta = put.put.meta
+                pack.validUntil = put.put.validUntil
+                pack.removeAt = put.put.removeAt
+
+                await pack.save()
+                updatePackages = true
+
+                packages.push(pack);
+            }
+        }
+
+        if (updatePackages) {
+            await STPackageService.updateOrganizationPackages(organization.id)
+        }
+
+        return new Response(OrganizationPackagesStatus.create({
+            packages: packages.map(p => STPackageStruct.create(p)),
+        }));
+    }
+}

package/src/endpoints/organization/dashboard/billing/GetPackagesEndpoint.ts

@@ -32,7 +32,7 @@ export class GetPackagesEndpoint extends Endpoint<Params, Query, Body, ResponseB
             throw Context.auth.error();
         }
 
-        const packages = await STPackageService.getActivePackages(organization.id);
+        const packages = Context.auth.hasPlatformFullAccess() ? await STPackageService.getValidPackagesWithExpired(organization.id) : await STPackageService.getActivePackages(organization.id);
 
         return new Response(OrganizationPackagesStatus.create({
             packages: packages.map(p => STPackageStruct.create(p)),

package/src/endpoints/organization/dashboard/webshops/CreateWebshopEndpoint.ts

@@ -5,6 +5,7 @@ import { SimpleError, SimpleErrors } from '@simonbackx/simple-errors';
 import { Webshop } from '@stamhoofd/models';
 import { PermissionLevel, PermissionsResourceType, PrivateWebshop, ResourcePermissions, Version, WebshopPrivateMetaData } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
+import { v4 as uuidv4 } from 'uuid';
 
 import { Context } from '../../../../helpers/Context.js';
 
@@ -46,7 +47,7 @@ export class CreateWebshopEndpoint extends Endpoint<Params, Query, Body, Respons
 
         const webshop = new Webshop();
 
-        webshop.id = request.body.id;
+        webshop.id = uuidv4()
         webshop.meta = request.body.meta;
         webshop.meta.domainActive = false;
         webshop.privateMeta = request.body.privateMeta;

package/src/helpers/outstandingBalanceJoin.ts

@@ -1,6 +1,6 @@
 import { CachedBalance, Registration } from '@stamhoofd/models';
-import type { SQLNamedExpression} from '@stamhoofd/sql';
-import { SQL, SQLAlias, SQLCalculation, SQLPlusSign, SQLSelectAs, SQLSum } from '@stamhoofd/sql';
+import type { SQLNamedExpression } from '@stamhoofd/sql';
+import { SQL, SQLAlias, SQLSelectAs, SQLSum } from '@stamhoofd/sql';
 
 export const memberCachedBalanceForOrganizationJoin = SQL.leftJoin(
     SQL.select('objectId', 'organizationId',
@@ -24,23 +24,16 @@ export const registrationCachedBalanceJoin = SQL.leftJoin(
     SQL.select('objectId', 'organizationId',
         new SQLSelectAs(
             new SQLSum(
-                new SQLCalculation(
-                    SQL.column('amountOpen'),
-                    new SQLPlusSign(),
-                    SQL.column('amountPending'),
-                ),
+                SQL.calculation(SQL.column('amountOpen'))
+                    .add(SQL.column('amountPending'))
             ),
             new SQLAlias('toPay'),
         ),
         new SQLSelectAs(
             new SQLSum(
-                new SQLCalculation(
-                    SQL.column('amountOpen'),
-                    new SQLPlusSign(),
-                    SQL.column('amountPaid'),
-                    new SQLPlusSign(),
-                    SQL.column('amountPending'),
-                ),
+                SQL.calculation(SQL.column('amountOpen'))
+                    .add(SQL.column('amountPaid'))
+                    .add(SQL.column('amountPending'))
             ),
             new SQLAlias('price'),
         ),

package/src/services/STPackageService.ts

@@ -16,6 +16,15 @@ export class STPackageService {
                 SQL.where('removeAt', null)
                     .or('removeAt', '>', new Date()),
             )
+            .orderBy('validAt', 'DESC')
+            .fetch();
+    }
+
+    static async getValidPackagesWithExpired(organizationId: string) {
+        return await STPackage.select()
+            .where('organizationId', organizationId)
+            .andWhere('validAt', '!=', null)
+            .orderBy('validAt', 'DESC')
             .fetch();
     }
 

package/src/sql-filters/orders.ts

@@ -1,5 +1,8 @@
-import type { SQLFilterDefinitions} from '@stamhoofd/sql';
-import { baseSQLFilterCompilers, createColumnFilter, createExistsFilter, createWildcardColumnFilter, SQL, SQLCast, SQLConcat, SQLJsonExtract, SQLJsonUnquote, SQLScalar, SQLValueType } from '@stamhoofd/sql';
+import { Payment } from '@stamhoofd/models';
+import type { SQLExpression, SQLFilterDefinitions } from '@stamhoofd/sql';
+import { baseSQLFilterCompilers, createColumnFilter, createExistsFilter, createWildcardColumnFilter, SQL, SQLCast, SQLConcat, SQLJsonExtract, SQLJsonUnquote, SQLScalar, SQLSum, SQLValueType } from '@stamhoofd/sql';
+import { PaymentStatus } from '@stamhoofd/structures';
+import { paymentFilterCompilers } from './payments.js';
 
 export const orderFilterCompilers: SQLFilterDefinitions = {
     ...baseSQLFilterCompilers,
@@ -56,6 +59,11 @@ export const orderFilterCompilers: SQLFilterDefinitions = {
         type: SQLValueType.JSONString,
         nullable: false,
     }),
+    checkoutMethodId: createColumnFilter({
+        expression: SQL.jsonExtract(SQL.column('data'), '$.value.checkoutMethod.id'),
+        type: SQLValueType.JSONString,
+        nullable: true,
+    }),
     checkoutMethod: createColumnFilter({
         expression: SQL.jsonExtract(SQL.column('data'), '$.value.checkoutMethod.type'),
         type: SQLValueType.JSONString,
@@ -107,7 +115,14 @@ export const orderFilterCompilers: SQLFilterDefinitions = {
         type: SQLValueType.Datetime,
         nullable: true,
     }),
-
+    discountCodes: {
+        ...baseSQLFilterCompilers,
+        code: createColumnFilter({
+            expression: SQL.jsonExtract(SQL.column('data'), '$.value.discountCodes[*].code'),
+            type: SQLValueType.JSONArray,
+            nullable: true,
+        })
+    },
     items: createExistsFilter(
         /**
          * There is a bug in MySQL 8 that is fixed in 9.3
@@ -203,4 +218,60 @@ export const orderFilterCompilers: SQLFilterDefinitions = {
             }),
         }),
     ),
+    payments: createExistsFilter(
+        // should equal payments on structure
+        SQL.select()
+            .from(
+                SQL.table('balance_items'),
+            )
+            .join(
+                SQL.join(
+                    SQL.table('balance_item_payments'),
+                ).where(
+                    SQL.column('balance_items', 'id'),
+                    SQL.column('balance_item_payments', 'balanceItemId'),
+                )
+            )
+            .join(
+                SQL.join(
+                    SQL.table('payments'),
+                ).where(
+                    SQL.column('payments', 'id'),
+                    SQL.column('balance_item_payments', 'paymentId')
+                ),
+            )
+            .where(
+                SQL.column('balance_items', 'orderId'),
+                SQL.column('webshop_orders', 'id'),
+            )
+            // payments on structure filter away failed payments -> also filter out failed payments in backend
+            .whereNot(
+                SQL.column('payments', 'status'),
+                PaymentStatus.Failed
+            ),
+        {
+            ...baseSQLFilterCompilers,
+            paidAt: createColumnFilter({
+                expression: SQL.column(Payment.table, 'paidAt'),
+                type: SQLValueType.Datetime,
+                nullable: false,
+            }),
+            method: paymentFilterCompilers.method,
+            status: paymentFilterCompilers.status,
+            price: paymentFilterCompilers.price,
+            transferDescription: paymentFilterCompilers.transferDescription,
+        },
+    ),
+    // not same as open balance (balance can be negative)
+    amountToPay: createColumnFilter({
+        expression: SQL.calculation(SQL.column('totalPrice')).subtract(getPricePaidSubQuery()),
+        type: SQLValueType.Number,
+        nullable: false,
+    }),
 };
+
+function getPricePaidSubQuery(): SQLExpression {
+    return SQL.subQuery(SQL.select(new SQLSum(SQL.column('balance_items', 'pricePaid')))
+        .from(SQL.table('balance_items'))
+        .where(SQL.column('balance_items', 'orderId'), SQL.column('webshop_orders', 'id')));
+}

package/src/sql-filters/payments.ts

@@ -1,4 +1,5 @@
-import type { SQLFilterDefinitions} from '@stamhoofd/sql';
+import { Payment } from '@stamhoofd/models';
+import type { SQLFilterDefinitions } from '@stamhoofd/sql';
 import { baseSQLFilterCompilers, createColumnFilter, createExistsFilter, SQL, SQLCast, SQLConcat, SQLJsonUnquote, SQLScalar, SQLValueType } from '@stamhoofd/sql';
 import { balanceItemPaymentsCompilers } from './balance-item-payments.js';
 
@@ -13,7 +14,7 @@ export const paymentFilterCompilers: SQLFilterDefinitions = {
         nullable: false,
     }),
     method: createColumnFilter({
-        expression: SQL.column('method'),
+        expression: SQL.column(Payment.table, 'method'),
         type: SQLValueType.String,
         nullable: false,
     }),
@@ -23,7 +24,7 @@ export const paymentFilterCompilers: SQLFilterDefinitions = {
         nullable: false,
     }),
     status: createColumnFilter({
-        expression: SQL.column('status'),
+        expression: SQL.column(Payment.table, 'status'),
         type: SQLValueType.String,
         nullable: false,
     }),
@@ -53,7 +54,7 @@ export const paymentFilterCompilers: SQLFilterDefinitions = {
         nullable: true,
     }),
     price: createColumnFilter({
-        expression: SQL.column('price'),
+        expression: SQL.column(Payment.table, 'price'),
         type: SQLValueType.Number,
         nullable: false,
     }),
@@ -63,7 +64,7 @@ export const paymentFilterCompilers: SQLFilterDefinitions = {
         nullable: true,
     }),
     transferDescription: createColumnFilter({
-        expression: SQL.column('transferDescription'),
+        expression: SQL.column(Payment.table, 'transferDescription'),
         type: SQLValueType.String,
         nullable: true,
     }),