create-crm-tmp 2.0.0 → 2.1.0

package/template/src/app/api/dashboard/widgets/[id]/route.ts

@@ -0,0 +1,44 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { headers } from 'next/headers';
+import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
+
+export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  try {
+    const session = await auth.api.getSession({
+      headers: await headers(),
+    });
+
+    if (!session) {
+      return NextResponse.json({ error: 'Non autorisé' }, { status: 401 });
+    }
+
+    const canManage = await checkPermission('dashboard.widgets.manage');
+    if (!canManage) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const { id } = await params;
+
+    const widget = await prisma.dashboardWidget.findFirst({
+      where: {
+        id,
+        userId: session.user.id,
+      },
+    });
+
+    if (!widget) {
+      return NextResponse.json({ error: 'Widget non trouvé' }, { status: 404 });
+    }
+
+    await prisma.dashboardWidget.delete({
+      where: { id },
+    });
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Erreur lors de la suppression du widget:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/dashboard/widgets/route.ts

@@ -0,0 +1,181 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { headers } from 'next/headers';
+import { prisma } from '@/lib/prisma';
+import { DEFAULT_WIDGETS } from '@/lib/default-widgets';
+import { checkPermission } from '@/lib/check-permission';
+
+export async function GET() {
+  try {
+    const session = await auth.api.getSession({
+      headers: await headers(),
+    });
+
+    if (!session) {
+      return NextResponse.json({ error: 'Non autorisé' }, { status: 401 });
+    }
+
+    const canView = await checkPermission('dashboard.view');
+    if (!canView) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    let widgets = await prisma.dashboardWidget.findMany({
+      where: { userId: session.user.id },
+      orderBy: [{ y: 'asc' }, { x: 'asc' }],
+    });
+
+    if (widgets.length === 0) {
+      widgets = await prisma.$transaction(
+        DEFAULT_WIDGETS.map((dw) =>
+          prisma.dashboardWidget.create({
+            data: {
+              userId: session.user.id,
+              type: dw.type,
+              x: dw.x,
+              y: dw.y,
+              w: dw.w,
+              h: dw.h,
+            },
+          }),
+        ),
+      );
+    }
+
+    return NextResponse.json(widgets);
+  } catch (error) {
+    console.error('Erreur lors de la récupération des widgets:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: await headers(),
+    });
+
+    if (!session) {
+      return NextResponse.json({ error: 'Non autorisé' }, { status: 401 });
+    }
+
+    const canManage = await checkPermission('dashboard.widgets.manage');
+    if (!canManage) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const body = await req.json();
+
+    if (body.initDefault) {
+      await prisma.dashboardWidget.deleteMany({
+        where: { userId: session.user.id },
+      });
+
+      const created = await prisma.$transaction(
+        DEFAULT_WIDGETS.map((dw) =>
+          prisma.dashboardWidget.create({
+            data: {
+              userId: session.user.id,
+              type: dw.type,
+              x: dw.x,
+              y: dw.y,
+              w: dw.w,
+              h: dw.h,
+            },
+          }),
+        ),
+      );
+
+      return NextResponse.json(created, { status: 201 });
+    }
+
+    const {
+      type,
+      x,
+      y,
+      w: width,
+      h: height,
+    } = body as {
+      type?: string;
+      x?: number;
+      y?: number;
+      w?: number;
+      h?: number;
+    };
+
+    if (!type) {
+      return NextResponse.json({ error: 'Le type de widget est requis' }, { status: 400 });
+    }
+
+    const lastWidget = await prisma.dashboardWidget.findFirst({
+      where: { userId: session.user.id },
+      orderBy: { y: 'desc' },
+    });
+
+    const newY = lastWidget ? lastWidget.y + lastWidget.h : 0;
+
+    const widget = await prisma.dashboardWidget.create({
+      data: {
+        userId: session.user.id,
+        type,
+        x: x ?? 0,
+        y: y ?? newY,
+        w: width ?? 6,
+        h: height ?? 4,
+      },
+    });
+
+    return NextResponse.json(widget, { status: 201 });
+  } catch (error) {
+    console.error('Erreur lors de la création du widget:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}
+
+export async function PUT(req: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: await headers(),
+    });
+
+    if (!session) {
+      return NextResponse.json({ error: 'Non autorisé' }, { status: 401 });
+    }
+
+    const canManage = await checkPermission('dashboard.widgets.manage');
+    if (!canManage) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const body = await req.json();
+    const { widgets } = body as {
+      widgets: Array<{ id: string; x: number; y: number; w: number; h: number }>;
+    };
+
+    if (!widgets || !Array.isArray(widgets)) {
+      return NextResponse.json({ error: 'Format invalide' }, { status: 400 });
+    }
+
+    await prisma.$transaction(
+      widgets.map((w) =>
+        prisma.dashboardWidget.updateMany({
+          where: {
+            id: w.id,
+            userId: session.user.id,
+          },
+          data: {
+            x: w.x,
+            y: w.y,
+            w: w.w,
+            h: w.h,
+          },
+        }),
+      ),
+    );
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    console.error('Erreur lors de la mise à jour des widgets:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/dev/reminders/test/route.ts

@@ -0,0 +1,114 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+
+type TestReminderBody = {
+  title?: string;
+  description?: string;
+  scheduledAt?: string;
+  reminderMinutesBefore?: number;
+  sendNow?: boolean;
+  contactId?: string;
+};
+
+// WARNING: This endpoint is for local development only.
+// It is protected by NODE_ENV and an optional DEV_API_SECRET.
+// Never expose dev endpoints in production builds.
+export async function POST(request: NextRequest) {
+  if (
+    process.env.NODE_ENV !== 'development' ||
+    (process.env.DEV_API_SECRET &&
+      process.env.DEV_API_SECRET !== request.headers.get('x-dev-secret'))
+  ) {
+    return NextResponse.json({ error: 'Not found' }, { status: 404 });
+  }
+
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const body = (await request.json().catch(() => ({}))) as TestReminderBody;
+    const title = body.title?.trim() || 'Rappel de test';
+    const description = body.description?.trim() || 'Rappel généré en mode développement.';
+    const reminderMinutesBefore =
+      typeof body.reminderMinutesBefore === 'number' &&
+      Number.isInteger(body.reminderMinutesBefore) &&
+      body.reminderMinutesBefore > 0
+        ? body.reminderMinutesBefore
+        : 5;
+
+    const parsedDate = body.scheduledAt ? new Date(body.scheduledAt) : null;
+    const scheduledAt =
+      parsedDate && !Number.isNaN(parsedDate.getTime())
+        ? parsedDate
+        : new Date(Date.now() + (reminderMinutesBefore + 1) * 60 * 1000);
+
+    const normalizedContactId =
+      typeof body.contactId === 'string' && body.contactId.trim() !== '' ? body.contactId.trim() : null;
+    let contact:
+      | {
+          id: string;
+          firstName: string | null;
+          lastName: string | null;
+        }
+      | null = null;
+    if (normalizedContactId) {
+      contact = await prisma.contact.findUnique({
+        where: { id: normalizedContactId },
+        select: { id: true, firstName: true, lastName: true },
+      });
+      if (!contact) {
+        return NextResponse.json({ error: 'Contact introuvable.' }, { status: 404 });
+      }
+    }
+
+    const task = await prisma.task.create({
+      data: {
+        type: 'OTHER',
+        title,
+        description,
+        priority: 'MEDIUM',
+        scheduledAt,
+        reminderMinutesBefore,
+        assignedUserId: session.user.id,
+        createdById: session.user.id,
+        contactId: contact?.id ?? null,
+      },
+      select: {
+        id: true,
+        title: true,
+        scheduledAt: true,
+        reminderMinutesBefore: true,
+        contact: {
+          select: {
+            id: true,
+            firstName: true,
+            lastName: true,
+          },
+        },
+      },
+    });
+
+    const sendNow = body.sendNow === true;
+    const immediateNotification = sendNow
+      ? {
+          tone: 'warning' as const,
+          message: `Test immédiat: ${task.title || 'Rappel'} (${task.reminderMinutesBefore} min avant)`,
+          link: task.contact ? `/contacts/${task.contact.id}` : undefined,
+          actionLabel: task.contact ? 'Ouvrir le contact' : undefined,
+        }
+      : null;
+
+    return NextResponse.json({
+      success: true,
+      task,
+      immediateNotification,
+    });
+  } catch (error: any) {
+    console.error('Erreur lors de la création du rappel de test:', error);
+    return NextResponse.json({ error: error.message || 'Erreur serveur' }, { status: 500 });
+  }
+}
+

package/template/src/app/api/editor/upload-image/route.ts

@@ -0,0 +1,61 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import {
+  BUCKETS,
+  buildEditorImagePath,
+  createSignedUploadUrl,
+} from '@/lib/supabase-storage';
+
+const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB
+
+// POST /api/editor/upload-image - Créer une URL d'upload signée pour une image éditeur
+export async function POST(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({
+      headers: request.headers,
+    });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const body = await request.json();
+    const { fileName, fileSize, mimeType } = body;
+
+    if (!fileName || typeof fileSize !== 'number' || !mimeType) {
+      return NextResponse.json(
+        { error: 'Champs requis: fileName, fileSize (number), mimeType' },
+        { status: 400 },
+      );
+    }
+
+    const ALLOWED_IMAGE_TYPES = ['image/jpeg', 'image/png', 'image/webp', 'image/gif'];
+    if (!ALLOWED_IMAGE_TYPES.includes(mimeType)) {
+      return NextResponse.json(
+        { error: 'Seuls les formats JPEG, PNG, WebP et GIF sont acceptés' },
+        { status: 400 },
+      );
+    }
+
+    if (fileSize > MAX_FILE_SIZE) {
+      return NextResponse.json(
+        { error: 'Image trop volumineuse. Taille maximale: 10MB' },
+        { status: 400 },
+      );
+    }
+
+    const storagePath = buildEditorImagePath(fileName);
+    const result = await createSignedUploadUrl(BUCKETS.EDITOR_IMAGES, storagePath);
+
+    const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+    const publicUrl = `${supabaseUrl}/storage/v1/object/public/${BUCKETS.EDITOR_IMAGES}/${storagePath}`;
+
+    return NextResponse.json({
+      ...result,
+      publicUrl,
+    });
+  } catch (error: unknown) {
+    console.error("Erreur lors de la création de l'URL d'upload image:", error);
+    const message = error instanceof Error ? error.message : 'Erreur serveur';
+    return NextResponse.json({ error: message }, { status: 500 });
+  }
+}

package/template/src/app/api/integrations/google-sheet/jobs/[jobId]/route.ts

@@ -0,0 +1,47 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { checkPermission } from '@/lib/check-permission';
+import { prisma } from '@/lib/prisma';
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ jobId: string }> },
+) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+
+    const { jobId } = await params;
+    const job = await prisma.googleSheetSyncJob.findUnique({
+      where: { id: jobId },
+    });
+
+    if (!job) {
+      return NextResponse.json({ error: 'Job introuvable' }, { status: 404 });
+    }
+    const isOwner = job.requestedByUserId === session.user.id;
+    const isScheduledOrSystem = job.requestedByUserId === null;
+    const canManageIntegrations = await checkPermission('integrations.google_sheets.manage');
+    if (!isOwner && !isScheduledOrSystem && !canManageIntegrations) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    return NextResponse.json({
+      id: job.id,
+      status: job.status,
+      triggerType: job.triggerType,
+      configId: job.configId,
+      startedAt: job.startedAt,
+      finishedAt: job.finishedAt,
+      error: job.error,
+      result: job.result,
+      createdAt: job.createdAt,
+      updatedAt: job.updatedAt,
+    });
+  } catch (error) {
+    console.error('Erreur lecture job Google Sheet:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}

package/template/src/app/api/integrations/google-sheet/jobs/usage/route.ts

@@ -0,0 +1,50 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { auth } from '@/lib/auth';
+import { prisma } from '@/lib/prisma';
+import { checkPermission } from '@/lib/check-permission';
+
+const DAILY_SOFT_LIMIT = 800;
+const DAILY_HARD_TARGET = 950;
+
+export async function GET(request: NextRequest) {
+  try {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session) {
+      return NextResponse.json({ error: 'Non authentifié' }, { status: 401 });
+    }
+    const canManageIntegrations = await checkPermission('integrations.google_sheets.manage');
+    if (!canManageIntegrations) {
+      return NextResponse.json({ error: 'Accès refusé' }, { status: 403 });
+    }
+
+    const since = new Date(Date.now() - 24 * 60 * 60 * 1000);
+    const grouped = await prisma.googleSheetSyncJob.groupBy({
+      by: ['triggerType'],
+      where: { createdAt: { gte: since } },
+      _count: { _all: true },
+    });
+
+    const scheduled = grouped.find((g) => g.triggerType === 'SCHEDULED')?._count._all ?? 0;
+    const manual = grouped.find((g) => g.triggerType === 'MANUAL')?._count._all ?? 0;
+    const total = scheduled + manual;
+
+    if (total > DAILY_SOFT_LIMIT) {
+      console.warn(
+        `[GoogleSheetSync] usage 24h élevé: total=${total}, scheduled=${scheduled}, manual=${manual}, target=${DAILY_HARD_TARGET}`,
+      );
+    }
+
+    return NextResponse.json({
+      windowHours: 24,
+      total,
+      scheduled,
+      manual,
+      softLimit: DAILY_SOFT_LIMIT,
+      hardTarget: DAILY_HARD_TARGET,
+      remainingBeforeHardTarget: Math.max(0, DAILY_HARD_TARGET - total),
+    });
+  } catch (error) {
+    console.error('Erreur usage jobs Google Sheet:', error);
+    return NextResponse.json({ error: 'Erreur serveur' }, { status: 500 });
+  }
+}