npm - create-crm-tmp - Versions diffs - 1.1.3 → 2.0.0 - Mend

create-crm-tmp 1.1.3 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (220) hide show

package/template/src/app/api/users/for-agenda/route.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
 import { checkPermission } from '@/lib/check-permission';
-// GET /api/users/for-agenda - Liste les utilisateurs avec leur eventColor pour le filtre de l'agenda
+// GET /api/users/for-agenda - Liste les utilisateurs pour le filtre de l'agenda
 export async function GET(request: NextRequest) {
   try {
     const session = await auth.api.getSession({
@@ -25,7 +25,6 @@ export async function GET(request: NextRequest) {
         id: true,
         name: true,
         email: true,
-        eventColor: true,
       },
       orderBy: {
         name: 'asc',

package/template/src/app/api/users/route.ts CHANGED Viewed

@@ -1,10 +1,17 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { z } from 'zod';
 import { prisma } from '@/lib/prisma';
 import { checkPermission } from '@/lib/check-permission';
 import { auth } from '@/lib/auth';
 import { logAudit } from '@/lib/audit-log';
 import { resolveRoleFromCustomRoleName } from '@/lib/roles';
+const createUserSchema = z.object({
+  name: z.string().trim().min(1, 'Le nom est requis'),
+  email: z.string().trim().email('Email invalide'),
+  customRoleId: z.string().trim().min(1, 'Le profil est requis'),
+});
 // GET /api/users - Liste tous les utilisateurs (admin seulement)
 export async function GET(request: NextRequest) {
   try {
@@ -30,27 +37,68 @@ export async function GET(request: NextRequest) {
             name: true,
           },
         },
+        accounts: {
+          where: { providerId: 'credential' },
+          select: { id: true },
+        },
       },
       orderBy: {
         createdAt: 'desc',
       },
     });
-    // Mapper les utilisateurs avec le profil
-    const usersWithRole = users.map((user: any) => ({
-      id: user.id,
-      name: user.name,
-      email: user.email,
-      role: user.role || 'USER',
-      customRoleId: user.customRoleId,
-      customRole: user.customRole,
-      emailVerified: user.emailVerified,
-      active: user.active,
-      createdAt: user.createdAt,
-      updatedAt: user.updatedAt,
-      image: user.image,
-      eventColor: user.eventColor,
-    }));
+    const emails: string[] = [];
+    for (const u of users) {
+      if (!u.emailVerified && u.accounts.length === 0) {
+        emails.push(u.email);
+      }
+    }
+    const verifications =
+      emails.length > 0
+        ? await prisma.verification.findMany({
+            where: { identifier: { in: emails } },
+            select: { identifier: true, expiresAt: true },
+            orderBy: { expiresAt: 'desc' },
+          })
+        : [];
+    const latestTokenByEmail = new Map<string, Date>();
+    for (const v of verifications) {
+      if (!latestTokenByEmail.has(v.identifier)) {
+        latestTokenByEmail.set(v.identifier, v.expiresAt);
+      }
+    }
+    const now = new Date();
+    const usersWithRole = users.map((user: any) => {
+      let invitationStatus: 'completed' | 'pending' | 'expired' | null = null;
+      if (user.emailVerified || user.accounts.length > 0) {
+        invitationStatus = 'completed';
+      } else {
+        const expiresAt = latestTokenByEmail.get(user.email);
+        if (!expiresAt) {
+          invitationStatus = 'expired';
+        } else {
+          invitationStatus = expiresAt > now ? 'pending' : 'expired';
+        }
+      }
+      return {
+        id: user.id,
+        name: user.name,
+        email: user.email,
+        role: user.role || 'USER',
+        customRoleId: user.customRoleId,
+        customRole: user.customRole,
+        emailVerified: user.emailVerified,
+        active: user.active,
+        createdAt: user.createdAt,
+        updatedAt: user.updatedAt,
+        image: user.image,
+        invitationStatus,
+      };
+    });
     return NextResponse.json(usersWithRole);
   } catch (error: any) {
@@ -76,17 +124,20 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
     }
-    const body = await request.json();
-    const { name, email, customRoleId } = body;
+    const json = await request.json();
+    const parseResult = createUserSchema.safeParse(json);
-    // Validation
-    if (!name || !email) {
-      return NextResponse.json({ error: 'Nom et email requis' }, { status: 400 });
+    if (!parseResult.success) {
+      return NextResponse.json(
+        {
+          error: 'Données invalides',
+          details: parseResult.error.flatten(),
+        },
+        { status: 400 },
+      );
     }
-    if (!customRoleId) {
-      return NextResponse.json({ error: 'Le profil est requis' }, { status: 400 });
-    }
+    const { name, email, customRoleId } = parseResult.data;
     // Vérifier si l'email existe déjà
     const existingUser = await prisma.user.findUnique({
@@ -106,13 +157,11 @@ export async function POST(request: NextRequest) {
       // Si l'utilisateur existe mais sans compte, on peut régénérer un token
     }
-    // Résoudre le rôle enum à partir du profil attribué
     const customRole = await prisma.customRole.findUnique({
       where: { id: customRoleId },
       select: { name: true },
     });
-    const customRoleName = customRole?.name ?? null;
-    const resolvedRole = resolveRoleFromCustomRoleName(customRoleName);
+    const resolvedRole = resolveRoleFromCustomRoleName(customRole?.name);
     let user;
     if (existingUser && existingUser.accounts.length === 0) {
@@ -126,12 +175,6 @@ export async function POST(request: NextRequest) {
         },
       });
     } else {
-      const colors = [
-        '#EF4444', '#3B82F6', '#10B981', '#F59E0B', '#8B5CF6', '#EC4899',
-        '#06B6D4', '#84CC16', '#F97316', '#6366F1', '#14B8A6', '#A855F7',
-      ];
-      const randomColor = colors[Math.floor(Math.random() * colors.length)];
       user = await prisma.user.create({
         data: {
           id: crypto.randomUUID(),
@@ -141,11 +184,12 @@ export async function POST(request: NextRequest) {
           customRoleId,
           emailVerified: false,
           active: true,
-          eventColor: randomColor,
         },
       });
     }
+    const customRoleName = customRole?.name || null;
     // Log d'audit : création ou réactivation d'utilisateur
     await logAudit({
       actorId: session.user.id,
@@ -213,6 +257,9 @@ export async function POST(request: NextRequest) {
           statusText: emailResponse.statusText,
           error: errorData,
         });
+      } else {
+        const successData = await emailResponse.json().catch(() => ({}));
+        console.log("✅ Email d'invitation envoyé avec succès:", successData);
       }
     } catch (emailError: any) {
       console.error("❌ Erreur lors de l'envoi de l'email:", emailError);
@@ -248,6 +295,14 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ error: 'Cet email est déjà utilisé' }, { status: 400 });
     }
-    return NextResponse.json({ error: error.message || 'Erreur serveur' }, { status: 500 });
+    return NextResponse.json(
+      {
+        error:
+          process.env.NODE_ENV === 'development'
+            ? error.message || 'Erreur serveur'
+            : 'Erreur serveur',
+      },
+      { status: 500 },
+    );
   }
 }

package/template/src/app/api/webhooks/google-ads/route.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server';
+import crypto from 'crypto';
 import { prisma } from '@/lib/prisma';
 import { handleContactDuplicate } from '@/lib/contact-duplicate';
 import { normalizePhoneNumber } from '@/lib/utils';
@@ -18,7 +19,8 @@ interface GoogleAdsLeadNotification {
 // POST /api/webhooks/google-ads - Réception des leads Google Ads (lead form extensions)
 export async function POST(request: NextRequest) {
   try {
-    const body = await request.json();
+    const rawBody = await request.text();
+    const body = JSON.parse(rawBody);
     const notification: GoogleAdsLeadNotification | undefined = body?.leadNotification;
@@ -27,6 +29,23 @@ export async function POST(request: NextRequest) {
       return NextResponse.json({ received: true });
     }
+    // Sécurité HMAC (si configurée)
+    const webhookSecret = process.env.GOOGLE_ADS_WEBHOOK_SECRET;
+    if (webhookSecret) {
+      const signatureHeader = request.headers.get('x-goog-signature');
+      if (signatureHeader) {
+        const expectedSignature = crypto
+          .createHmac('sha256', webhookSecret)
+          .update(rawBody)
+          .digest('base64');
+        if (signatureHeader !== expectedSignature) {
+          console.error('Webhook Google Ads Lead Forms: Signature HMAC invalide');
+          return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });
+        }
+      }
+    }
     const client = prisma as any;
     // Récupérer toutes les configurations actives

package/template/src/app/api/webhooks/meta-leads/route.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server';
+import crypto from 'crypto';
 import { prisma } from '@/lib/prisma';
 import { decrypt } from '@/lib/encryption';
 import { handleContactDuplicate } from '@/lib/contact-duplicate';
@@ -50,12 +51,28 @@ export async function GET(request: NextRequest) {
 // POST /api/webhooks/meta-leads - Réception des leads Meta
 export async function POST(request: NextRequest) {
   try {
-    const body = await request.json();
+    const rawBody = await request.text();
+    const body = JSON.parse(rawBody);
     if (body.object !== 'page' || !Array.isArray(body.entry)) {
       return NextResponse.json({ received: true });
     }
+    // Sécurité HMAC (si configurée)
+    const webhookSecret = process.env.META_LEADS_WEBHOOK_SECRET;
+    if (webhookSecret) {
+      const signatureHeader = request.headers.get('x-hub-signature-256');
+      if (signatureHeader) {
+        const expectedSignature =
+          'sha256=' + crypto.createHmac('sha256', webhookSecret).update(rawBody).digest('hex');
+        if (signatureHeader !== expectedSignature) {
+          console.error('Webhook Meta Lead Ads: Signature HMAC invalide');
+          return NextResponse.json({ error: 'Invalid signature' }, { status: 401 });
+        }
+      }
+    }
     // Récupérer toutes les configurations actives
     const configs = await prisma.metaLeadConfig.findMany({
       where: { active: true },

package/template/src/app/api/workflows/[id]/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { auth } from '@/lib/auth';
 import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
 // GET /api/workflows/[id] - Récupérer un workflow spécifique
 export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
@@ -13,6 +14,11 @@ export async function GET(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canView = await checkPermission('workflows.view');
+    if (!canView) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     const workflow = await prisma.workflow.findFirst({
@@ -56,6 +62,11 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canEdit = await checkPermission('workflows.edit');
+    if (!canEdit) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
     const body = await request.json();
     const {
@@ -67,10 +78,13 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       triggerToStatusId,
       triggerTimeDays,
       triggerTimeHours,
+      triggerTimeReference,
+      triggerTaskType,
+      triggerTransactionFromStatus,
+      triggerTransactionToStatus,
       actions = [],
     } = body;
-    // Vérifier que le workflow appartient à l'utilisateur
     const existingWorkflow = await prisma.workflow.findFirst({
       where: {
         id,
@@ -82,7 +96,6 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       return NextResponse.json({ error: 'Workflow non trouvé' }, { status: 404 });
     }
-    // Validation
     if (!name || !triggerType) {
       return NextResponse.json(
         { error: 'Le nom et le type de déclencheur sont requis' },
@@ -90,12 +103,10 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
       );
     }
-    // Supprimer les anciennes actions
     await prisma.workflowAction.deleteMany({
       where: { workflowId: id },
     });
-    // Mettre à jour le workflow
     const workflow = await prisma.workflow.update({
       where: { id },
       data: {
@@ -107,6 +118,10 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
         triggerToStatusId: triggerToStatusId || null,
         triggerTimeDays: triggerTimeDays || null,
         triggerTimeHours: triggerTimeHours || null,
+        triggerTimeReference: triggerTimeReference || null,
+        triggerTaskType: triggerTaskType || null,
+        triggerTransactionFromStatus: triggerTransactionFromStatus || null,
+        triggerTransactionToStatus: triggerTransactionToStatus || null,
         actions: {
           create: actions.map((action: any, index: number) => ({
             actionType: action.actionType,
@@ -118,8 +133,17 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
             newStatusId: action.newStatusId || null,
             taskTitle: action.taskTitle || null,
             taskDescription: action.taskDescription || null,
+            taskType: action.taskType || null,
+            taskPriority: action.taskPriority || null,
+            taskAssignedUserId: action.taskAssignedUserId || null,
+            assignCommercialId: action.assignCommercialId || null,
+            assignTeleproId: action.assignTeleproId || null,
+            noteContent: action.noteContent || null,
+            notifyUserId: action.notifyUserId || null,
             conditionOperator: action.conditionOperator || null,
             conditionStatusId: action.conditionStatusId || null,
+            conditionOrigin: action.conditionOrigin || null,
+            conditionHasCompany: action.conditionHasCompany ?? null,
           })),
         },
       },
@@ -158,9 +182,13 @@ export async function DELETE(
       return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
     }
+    const canDelete = await checkPermission('workflows.delete');
+    if (!canDelete) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
     const { id } = await params;
-    // Vérifier que le workflow appartient à l'utilisateur
     const workflow = await prisma.workflow.findFirst({
       where: {
         id,
@@ -172,7 +200,6 @@ export async function DELETE(
       return NextResponse.json({ error: 'Workflow non trouvé' }, { status: 404 });
     }
-    // Supprimer le workflow (les actions seront supprimées en cascade)
     await prisma.workflow.delete({
       where: { id },
     });