@stamhoofd/models 2.93.0 → 2.95.0

package/src/helpers/EmailBuilder.ts

@@ -1,5 +1,5 @@
 import { Email, EmailAddress, EmailBuilder, EmailInterfaceRecipient } from '@stamhoofd/email';
-import { BalanceItem as BalanceItemStruct, EmailTemplateType, OrganizationEmail, Platform as PlatformStruct, ReceivableBalanceType, Recipient, replaceEmailHtml, replaceEmailText, Replacement } from '@stamhoofd/structures';
+import { BalanceItem as BalanceItemStruct, EmailRecipient, EmailTemplateType, OrganizationEmail, Platform as PlatformStruct, ReceivableBalanceType, Recipient, replaceEmailHtml, replaceEmailText, Replacement } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 
 import { SimpleError } from '@simonbackx/simple-errors';
@@ -379,58 +379,306 @@ export async function getEmailBuilder(organization: Organization | null, email:
     return builder;
 }
 
+export function mergeReplacement(replacementA: Replacement, replacementB: Replacement): Replacement | false {
+    if (replacementA.token !== replacementB.token) {
+        return false;
+    }
+
+    if (replacementA.token === 'greeting') {
+        // Just take the first one
+        return replacementA;
+    }
+
+    if (replacementA.token === 'unsubscribeUrl') {
+        return replacementA;
+    }
+
+    if (replacementA.token === 'signInUrl') {
+        return replacementA;
+    }
+
+    if (replacementA.token === 'loginDetails') {
+        // loginDetails are always the same for the same user.
+        return replacementA;
+    }
+
+    return false;
+}
+
+/**
+ * Remove duplicates
+ */
+export function cleanReplacements(replacements: Replacement[]) {
+    const foundIds: Set<string> = new Set();
+    const cleaned: Replacement[] = [];
+    for (const r of replacements) {
+        if (foundIds.has(r.token)) {
+            continue;
+        }
+        foundIds.add(r.token);
+        cleaned.push(r);
+    }
+    return cleaned;
+}
+
+export function removeUnusedReplacements(html: string, replacements: Replacement[]) {
+    const cleaned: Replacement[] = [];
+    for (const r of replacements) {
+        if (html.includes(`{{${r.token}}}`)) {
+            cleaned.push(r);
+        }
+    }
+    return cleaned;
+}
+
+export function mergeReplacementsIfEqual(replacementsA: Replacement[], replacementsB: Replacement[]): Replacement[] | false {
+    replacementsA = cleanReplacements(replacementsA);
+    replacementsB = cleanReplacements(replacementsB);
+
+    if (replacementsA.length !== replacementsB.length) {
+        return false;
+    }
+
+    const merged: Replacement[] = [];
+    for (const rA of replacementsA) {
+        const rB = replacementsB.find(r => r.token === rA.token);
+        if (!rB) {
+            return false;
+        }
+
+        if (rA.html === rB.html && rA.value === rB.value) {
+            merged.push(rA);
+            continue;
+        }
+
+        const m = mergeReplacement(rA, rB);
+        if (!m) {
+            return false;
+        }
+        merged.push(m);
+    }
+
+    return merged;
+}
+
+/**
+ * Filter replacements for display in the backend.
+ * @param options.forPreview if true, it will hide sensitive information in the preview that could leak information to admin users
+ */
+export function stripSensitiveRecipientReplacements(recipient: Recipient | EmailRecipient, options: {
+    organization: Organization | null;
+    willFill?: boolean;
+}) {
+    const { organization } = options;
+    // Remove unsubscribeUrl and signInUrl if present
+    recipient.replacements = recipient.replacements.filter(r => r.token !== 'unsubscribeUrl' && r.token !== 'signInUrl');
+
+    if (options.willFill) {
+        // Also strip loginDetails, balanceTable and outstandingBalance
+        recipient.replacements = recipient.replacements.filter(r => r.token !== 'balanceTable' && r.token !== 'outstandingBalance' && r.token !== 'loginDetails');
+        return;
+    }
+
+    // Add dummy unsubscribeUrl
+    const dummyUnsubscribeUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/unsubscribe?token=example';
+    recipient.replacements.push(Replacement.create({
+        token: 'unsubscribeUrl',
+        value: dummyUnsubscribeUrl,
+    }));
+
+    // dummy signInUrl
+    const dummySignInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/login';
+    recipient.replacements.push(Replacement.create({
+        token: 'signInUrl',
+        value: dummySignInUrl,
+    }));
+
+    // Strip security codes (because we list ALL security codes, also from members a viewer might not have access to)
+    recipient.replacements = recipient.replacements.map((r) => {
+        if (r.token !== 'loginDetails') {
+            return r;
+        }
+        return Replacement.create({
+            ...r,
+            // Strip <span class="style-inline-code">(.*)</span> and replace content with XXXX-XXXX-XXXX-XXXX
+            html: r.html ? r.html.replace(/<span class="style-inline-code">.*?<\/span>/g, '<span class="style-inline-code">••••</span>') : r.html,
+        });
+    });
+}
+
+/**
+ * Fill and hide replacements that don't make sense for web display to the user
+ */
+export function stripRecipientReplacementsForWebDisplay(recipient: Recipient | EmailRecipient, options: {
+    organization: Organization | null;
+}) {
+    const { organization } = options;
+    // Remove unsubscribeUrl if present
+    recipient.replacements = recipient.replacements.filter(r => r.token !== 'unsubscribeUrl' && r.token !== 'loginDetails' && r.token !== 'greeting');
+
+    // Add dummy unsubscribeUrl
+    const dummyUnsubscribeUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard);
+    recipient.replacements.push(Replacement.create({
+        token: 'unsubscribeUrl',
+        value: dummyUnsubscribeUrl,
+    }));
+
+    recipient.replacements.push(Replacement.create({
+        token: 'loginDetails',
+        value: '',
+    }));
+
+    recipient.replacements.push(Replacement.create({
+        token: 'greeting',
+        value: $t('Beste,'),
+    }));
+}
+
+/**
+ * @param options.forPreview if true, it will hide sensitive information in the preview that could leak information to admin users
+ */
 export async function fillRecipientReplacements(recipient: Recipient, options: {
     organization: Organization | null;
     platform?: PlatformStruct;
     from: EmailInterfaceRecipient | null;
     replyTo: EmailInterfaceRecipient | null;
+    forPreview?: boolean;
+    forceRefresh?: boolean;
 }) {
     if (!options.platform) {
         options.platform = await Platform.getSharedPrivateStruct();
     }
     const { organization, platform, from, replyTo } = options;
+    let recipientUser: User | null | undefined = null;
     recipient.replacements = recipient.replacements.slice();
+    if (options.forPreview) {
+        stripSensitiveRecipientReplacements(recipient, options);
+    }
 
-    // Default signInUrl
-    let signInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/login?email=' + encodeURIComponent(recipient.email);
+    if (!recipient.email && !recipient.userId) {
+        const signInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/login';
+        recipient.replacements.push(Replacement.create({
+            token: 'signInUrl',
+            value: signInUrl,
+        }));
 
-    const recipientUser = await User.getForAuthentication(organization?.id ?? null, recipient.email, { allowWithoutAccount: true });
-    if (!recipientUser || !recipientUser.hasAccount()) {
-        // We can create a special token
-        signInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/account-aanmaken?email=' + encodeURIComponent(recipient.email);
+        if (!recipient.replacements.find(r => r.token === 'loginDetails')) {
+            recipient.replacements.push(Replacement.create({
+                token: 'loginDetails',
+                value: '',
+            }));
+        }
     }
+    else {
+        // Default signInUrl
+        let signInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/login?email=' + encodeURIComponent(recipient.email);
+
+        recipientUser = recipient.userId ? await User.select().where('id', recipient.userId).first(false) : await User.getForAuthentication(organization?.id ?? null, recipient.email, { allowWithoutAccount: true });
+        if (STAMHOOFD.userMode !== 'platform' && recipientUser && recipientUser.organizationId && recipientUser.organizationId !== (organization?.id ?? null)) {
+            console.warn('User organization does not match current organization, ignoring userId', recipient.userId, recipientUser.organizationId, organization?.id ?? null);
+            recipientUser = null;
+        }
 
-    recipient.replacements.push(Replacement.create({
-        token: 'signInUrl',
-        value: signInUrl,
-    }));
+        if (!recipientUser || !recipientUser.hasAccount()) {
+            // We can create a special token
+            signInUrl = 'https://' + (organization && STAMHOOFD.userMode === 'organization' ? organization.getHost() : STAMHOOFD.domains.dashboard) + '/account-aanmaken?email=' + encodeURIComponent(recipient.email);
+        }
+
+        recipient.replacements.push(Replacement.create({
+            token: 'signInUrl',
+            value: signInUrl,
+        }));
+    }
+
+    if (options.forceRefresh) {
+        // Remove loginDetails to force refresh
+        recipient.replacements = recipient.replacements.filter(r => r.token !== 'loginDetails');
+    }
+
+    if (!recipient.replacements.find(r => r.token === 'loginDetails')) {
+        const emailEscaped = `<strong>${Formatter.escapeHtml(recipient.email)}</strong>`;
+
+        if (recipientUser) {
+            const suffixes: string[] = [];
+            if (STAMHOOFD.userMode === 'platform') {
+                const { Member } = await import('../models/Member');
+                const memberIds = await Member.getMemberIdsForUser(recipientUser);
+                const members = await Member.getByIDs(...memberIds);
+                if (members.length > 0) {
+                    for (const member of members) {
+                        suffixes.push(
+                            $t('De beveiligingscode voor {firstName} is {securityCode}.', {
+                                firstName: Formatter.escapeHtml(member.firstName),
+                                securityCode: `<span class="style-inline-code">${Formatter.escapeHtml(options.forPreview ? '••••' : Formatter.spaceString(member.details.securityCode ?? '', 4, '-'))}</span>`,
+                            }),
+                        );
+                    }
+                }
+                else {
+                    console.log('No member found for user', recipientUser.id);
+                }
+            }
+            const suffix = suffixes.length > 0 ? (' ' + suffixes.join(' ')) : '';
+            recipient.replacements.push(
+                Replacement.create({
+                    token: 'loginDetails',
+                    value: '',
+                    html: recipientUser.hasAccount()
+                        ? `<p class="description"><em>${$t('Je kan op het ledenportaal inloggen op {email}.', { email: emailEscaped })}${suffix}</em></p>`
+                        : `<p class="description"><em>${$t('Je kan op het ledenportaal een nieuw account aanmaken op het e-mailadres {email}.', { email: emailEscaped })}${suffix}</em></p>`,
+                }),
+            );
+        }
+        else {
+            console.log('No user found for email', recipient.email);
+            recipient.replacements.push(
+                Replacement.create({
+                    token: 'loginDetails',
+                    value: '',
+                    html: `<p class="description"><em>${$t('Je kan op het ledenportaal een nieuw account aanmaken op het e-mailadres {email}', { email: emailEscaped })}</em></p>`,
+                }),
+            );
+        }
+    }
 
-    recipient.replacements.push(
-        Replacement.create({
-            token: 'loginDetails',
-            value: '',
-            html: recipientUser && recipientUser.hasAccount() ? `<p class="description"><em>${$t('2fa762f2-c061-4c40-83cb-6ddc3e5f0f7a')} <strong>${Formatter.escapeHtml(recipientUser.email)}</strong></em></p>` : `<p class="description"><em>${$t('c2af5148-15a7-44b1-aa3e-91cfc4c66013')} <strong>${Formatter.escapeHtml(recipient.email)}</strong>${$t('f3aa8253-d88e-41c7-8c98-ed477806c533')}</em></p>`,
-        }),
-    );
+    if (options.forceRefresh) {
+        // Remove loginDetails to force refresh
+        recipient.replacements = recipient.replacements.filter(r => r.token !== 'balanceTable' && r.token !== 'outstandingBalance');
+    }
 
     // Load balance of this user
     // todo: only if detected it is used
-    if (organization && recipientUser && !recipient.replacements.find(r => r.token === 'balanceTable')) {
-        const balanceItemModels = await CachedBalance.balanceForObjects(organization.id, [recipientUser.id], ReceivableBalanceType.user, true);
-        const balanceItems = balanceItemModels.map(i => i.getStructure());
-
-        // Get members
-        recipient.replacements.push(
-            Replacement.create({
-                token: 'outstandingBalance',
-                value: Formatter.price(balanceItems.reduce((sum, i) => sum + i.priceOpen, 0)),
-            }),
-            Replacement.create({
-                token: 'balanceTable',
-                value: '',
-                html: BalanceItemStruct.getDetailsHTMLTable(balanceItems),
-            }),
-        );
+    if (!recipient.replacements.find(r => r.token === 'balanceTable')) {
+        if (organization && recipientUser) {
+            const balanceItemModels = await CachedBalance.balanceForObjects(organization.id, [recipientUser.id], ReceivableBalanceType.user, true);
+            const balanceItems = balanceItemModels.map(i => i.getStructure());
+
+            // Get members
+            recipient.replacements.push(
+                Replacement.create({
+                    token: 'outstandingBalance',
+                    value: Formatter.price(balanceItems.reduce((sum, i) => sum + i.priceOpen, 0)),
+                }),
+                Replacement.create({
+                    token: 'balanceTable',
+                    value: '',
+                    html: BalanceItemStruct.getDetailsHTMLTable(balanceItems),
+                }),
+            );
+        }
+        else {
+            recipient.replacements.push(
+                Replacement.create({
+                    token: 'outstandingBalance',
+                    value: Formatter.price(0),
+                }),
+                Replacement.create({
+                    token: 'balanceTable',
+                    value: '',
+                    html: BalanceItemStruct.getDetailsHTMLTable([]),
+                }),
+            );
+        }
     }
 
     if (from || replyTo) {

package/src/migrations/1756115317-email-deleted-at.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `emails`
+ADD COLUMN `deletedAt` datetime NULL AFTER `updatedAt`;

package/src/migrations/1756293494-registration-period-next-period-id.sql

@@ -0,0 +1,3 @@
+ALTER TABLE `registration_periods`
+ADD COLUMN `nextPeriodId` varchar(36) NULL AFTER `previousPeriodId`,
+ADD FOREIGN KEY (`nextPeriodId`) REFERENCES `registration_periods` (`id`) ON UPDATE CASCADE ON DELETE SET NULL;

package/src/migrations/1756293495-platform-next-period-id.sql

@@ -0,0 +1,3 @@
+ALTER TABLE `platform`
+ADD COLUMN `nextPeriodId` varchar(36) NULL AFTER `previousPeriodId`,
+ADD FOREIGN KEY (`nextPeriodId`) REFERENCES `registration_periods` (`id`) ON UPDATE CASCADE ON DELETE SET NULL;

package/src/migrations/1756387016-registration-period-custom-name.sql

@@ -0,0 +1,2 @@
+ALTER TABLE `registration_periods`
+ADD COLUMN `customName` varchar(200) NULL AFTER `nextPeriodId`;

package/src/migrations/1756391212-email-recipients-duplicate.sql

@@ -0,0 +1,3 @@
+ALTER TABLE `email_recipients`
+ADD COLUMN `duplicateOfRecipientId` varchar(36) NULL,
+ADD FOREIGN KEY (`duplicateOfRecipientId`) REFERENCES `email_recipients` (`id`) ON UPDATE CASCADE ON DELETE SET NULL;