backend-manager 5.0.163 → 5.0.165

package/CHANGELOG.md

@@ -14,6 +14,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+# [5.0.165] - 2026-03-20
+### Changed
+- Serve command now reads hosting port from `firebase.json` emulator config before falling back to default 5000
+- Notification test fixtures migrated from flat `createdAt`/`updatedAt` to nested `metadata.created`/`metadata.updated` objects matching standard BEM metadata format
+
+# [5.0.164] - 2026-03-18
+### Added
+- Default field backfill in campaign seed setup — missing fields are restored from seed defaults without overwriting user edits
+
 # [5.0.163] - 2026-03-18
 ### Changed
 - Refactored campaign POST/PUT routes to generic field passthrough — schema-validated fields flow through automatically via shared `buildCampaignDoc()` utility, no manual field assignments needed

package/TODO-2.md

@@ -13,6 +13,31 @@ payments/upgrade
 TEST NEWSLETTER
 POST /admin/cron { id: 'daily/marketing-newsletter-generate' }
 
+
+SIGNUP HANDLER
+Here are the instructions for BEM:
+
+Update updateReferral() in sign-up.js to resolve all legacy affiliate code formats:
+
+The affiliateCode value coming from the client could be in 3 formats:
+
+Format	Example	How to resolve
+Affiliate code (7-14 alphanumeric)	rmUKlC4z1	Query users where affiliate.code == value (current behavior)
+UID (28 chars)	6sNjQFxTsObA73D8lkF01gcWdP92	Direct doc lookup: users/{value}
+Base64 email (e.g. cG9ldH...Lm_2)	cG9ldHJ5aW5hY3Rpb24yMDE4QGdtYWlsLmNvbQ_2	Strip _\d+ suffix, base64-decode, query users where auth.email == decoded
+Any other format → ignore (resolve with no referrer).
+
+The resolution logic should go at the top of updateReferral(), before the current where('affiliate.code', '==', affiliateCode) query. Try each format in order:
+
+If affiliateCode matches /^[0-9a-zA-Z_-]{7,14}$/ → query by affiliate.code (current path)
+Else if affiliateCode.length === 28 → direct doc get users/{affiliateCode}, use that as the referrer
+Else try base64 decode: strip trailing _\d+, decode, if result contains @ → query by auth.email
+Else → log and return (unrecognized format)
+Once the referrer doc is found (by any method), the rest stays the same: push to affiliate.referrals.
+
+* if the usage was used and the user is actuall authenticated (uid, not just an admin or unauthed user),
+  * set the user's context (ip, location, etc)
+
 Payment attribution
 * can you ensure the the user's attribution (utm etc) is assocaited with the purchase
 * mostly i am referring to the payent events sent to GA4, tiktok, meta

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "5.0.163",
+  "version": "5.0.165",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {

package/src/cli/commands/serve.js

@@ -8,8 +8,9 @@ const WatchCommand = require('./watch');
 class ServeCommand extends BaseCommand {
   async execute() {
     const self = this.main;
-    const port = self.argv.port || self.argv?._?.[1] || '5000';
     const projectDir = self.firebaseProjectPath;
+    const firebaseConfig = JSON.parse(fs.readFileSync(path.join(projectDir, 'firebase.json'), 'utf8'));
+    const port = self.argv.port || self.argv?._?.[1] || firebaseConfig?.emulators?.hosting?.port || '5000';
 
     // Check for port conflicts before starting server
     const canProceed = await this.checkAndKillBlockingProcesses({ serving: parseInt(port, 10) });

package/src/cli/commands/setup-tests/marketing-campaigns-seeded.js

@@ -25,7 +25,7 @@ class MarketingCampaignsSeededTest extends BaseTest {
         return false;
       }
 
-      // Check enforced fields
+      // Check enforced fields + missing defaults
       const data = doc.data();
 
       for (const [path, expected] of Object.entries(seed.enforced)) {
@@ -35,6 +35,11 @@ class MarketingCampaignsSeededTest extends BaseTest {
           return false;
         }
       }
+
+      // Check for missing fields that should exist from seed
+      if (hasMissingFields(data, seed.doc)) {
+        return false;
+      }
     }
 
     return true;
@@ -62,10 +67,14 @@ class MarketingCampaignsSeededTest extends BaseTest {
         continue;
       }
 
-      // Doc exists → check and fix enforced fields
+      // Doc exists → fill missing defaults + enforce required fields
       const data = doc.data();
       const updates = {};
 
+      // Fill missing fields from seed defaults (never overwrite existing values)
+      fillMissing(data, seed.doc, updates, '');
+
+      // Enforce required fields (always overwrite to match seed)
       for (const [path, expected] of Object.entries(seed.enforced)) {
         const actual = _.get(data, path);
 
@@ -106,4 +115,58 @@ class MarketingCampaignsSeededTest extends BaseTest {
   }
 }
 
+/**
+ * Check if the live doc is missing any fields defined in the seed.
+ */
+function hasMissingFields(live, seed, prefix) {
+  for (const [key, seedValue] of Object.entries(seed)) {
+    if (key === 'metadata') {
+      continue;
+    }
+
+    const path = prefix ? `${prefix}.${key}` : key;
+    const liveValue = _.get(live, path);
+
+    if (liveValue === undefined) {
+      return true;
+    }
+
+    if (_.isPlainObject(seedValue) && _.isPlainObject(liveValue)) {
+      if (hasMissingFields(live, seedValue, path)) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Recursively fill missing fields from seed into updates.
+ * Only sets fields that don't exist in the live doc — never overwrites.
+ * Skips metadata (managed separately).
+ */
+function fillMissing(live, seed, updates, prefix) {
+  for (const [key, seedValue] of Object.entries(seed)) {
+    if (key === 'metadata') {
+      continue;
+    }
+
+    const path = prefix ? `${prefix}.${key}` : key;
+    const liveValue = _.get(live, path);
+
+    // If live doc is missing this field entirely, set it from seed
+    if (liveValue === undefined) {
+      _.set(updates, path, seedValue);
+      console.log(chalk.blue(`  + ${path}: ${chalk.dim('(missing)')} → ${chalk.bold(JSON.stringify(seedValue).slice(0, 80))}`));
+      continue;
+    }
+
+    // If both are plain objects, recurse to check nested fields
+    if (_.isPlainObject(seedValue) && _.isPlainObject(liveValue)) {
+      fillMissing(live, seedValue, updates, path);
+    }
+  }
+}
+
 module.exports = MarketingCampaignsSeededTest;

package/test/rules/notifications.js

@@ -31,7 +31,7 @@ module.exports = {
           db.doc(`notifications/${token}`).set({
             token: token,
             owner: 'anonymous',
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
       },
@@ -52,7 +52,7 @@ module.exports = {
           db.doc(`notifications/${token}`).set({
             token: token,
             owner: uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
       },
@@ -74,7 +74,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -101,7 +101,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: otherUid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -144,14 +144,14 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: otherUid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
         // Should succeed - user can update if token matches
         await rules.expectSuccess(
           db.doc(`notifications/${token}`).update({
-            updatedAt: new Date(),
+            'metadata.updated': { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) },
           })
         );
       },
@@ -173,7 +173,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -203,7 +203,7 @@ module.exports = {
           adminDb.doc(`notifications/${realToken}`).set({
             token: realToken,
             owner: otherUid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -237,7 +237,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -269,7 +269,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: accounts.basic.uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
       },
@@ -290,7 +290,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: basicUid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -315,14 +315,14 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: accounts.basic.uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
         // Should succeed - admin can update any doc
         await rules.expectSuccess(
           adminDb.doc(`notifications/${token}`).update({
-            updatedAt: new Date(),
+            'metadata.updated': { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) },
             adminModified: true,
           })
         );
@@ -343,7 +343,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: 'someone',
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -370,7 +370,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: uid,
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );
 
@@ -396,7 +396,7 @@ module.exports = {
           adminDb.doc(`notifications/${token}`).set({
             token: token,
             owner: 'someone',
-            createdAt: new Date(),
+            metadata: { created: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } },
           })
         );