realtimex-crm 0.7.14 → 0.9.1

package/supabase/functions/api-v1-contacts/index.ts

@@ -0,0 +1,171 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { corsHeaders, createErrorResponse } from "../_shared/utils.ts";
+import {
+  validateApiKey,
+  checkRateLimit,
+  hasScope,
+  logApiRequest,
+} from "../_shared/apiKeyAuth.ts";
+
+Deno.serve(async (req: Request) => {
+  const startTime = Date.now();
+
+  // Handle CORS
+  if (req.method === "OPTIONS") {
+    return new Response(null, { status: 204, headers: corsHeaders });
+  }
+
+  // Validate API key
+  const authResult = await validateApiKey(req);
+  if ("status" in authResult) {
+    return authResult; // Error response
+  }
+  const { apiKey } = authResult;
+
+  // Check rate limit
+  const rateLimitError = checkRateLimit(apiKey.id);
+  if (rateLimitError) {
+    await logApiRequest(
+      apiKey.id,
+      "/v1/contacts",
+      req.method,
+      429,
+      Date.now() - startTime,
+      req
+    );
+    return rateLimitError;
+  }
+
+  try {
+    const url = new URL(req.url);
+    const pathParts = url.pathname.split("/").filter(Boolean);
+    // pathParts: ["api-v1-contacts", "{id}"]
+    const contactId = pathParts[1];
+
+    let response: Response;
+
+    if (req.method === "GET" && contactId) {
+      response = await getContact(apiKey, contactId);
+    } else if (req.method === "POST") {
+      response = await createContact(apiKey, req);
+    } else if (req.method === "PATCH" && contactId) {
+      response = await updateContact(apiKey, contactId, req);
+    } else if (req.method === "DELETE" && contactId) {
+      response = await deleteContact(apiKey, contactId);
+    } else {
+      response = createErrorResponse(404, "Not found");
+    }
+
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      url.pathname,
+      req.method,
+      response.status,
+      responseTime,
+      req
+    );
+
+    return response;
+  } catch (error) {
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      new URL(req.url).pathname,
+      req.method,
+      500,
+      responseTime,
+      req,
+      error.message
+    );
+    return createErrorResponse(500, "Internal server error");
+  }
+});
+
+async function getContact(apiKey: any, contactId: string) {
+  if (!hasScope(apiKey, "contacts:read")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const id = parseInt(contactId, 10);
+  const { data, error } = await supabaseAdmin
+    .from("contacts")
+    .select("*")
+    .eq("id", id)
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Contact not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function createContact(apiKey: any, req: Request) {
+  if (!hasScope(apiKey, "contacts:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("contacts")
+    .insert({
+      ...body,
+      sales_id: apiKey.sales_id, // Associate with API key owner
+    })
+    .select()
+    .single();
+
+  if (error) {
+    return createErrorResponse(400, error.message);
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    status: 201,
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function updateContact(apiKey: any, contactId: string, req: Request) {
+  if (!hasScope(apiKey, "contacts:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("contacts")
+    .update(body)
+    .eq("id", parseInt(contactId, 10))
+    .select()
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Contact not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function deleteContact(apiKey: any, contactId: string) {
+  if (!hasScope(apiKey, "contacts:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const { error } = await supabaseAdmin
+    .from("contacts")
+    .delete()
+    .eq("id", parseInt(contactId, 10));
+
+  if (error) {
+    return createErrorResponse(404, "Contact not found");
+  }
+
+  return new Response(null, { status: 204, headers: corsHeaders });
+}

package/supabase/functions/api-v1-deals/index.ts

@@ -0,0 +1,166 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { corsHeaders, createErrorResponse } from "../_shared/utils.ts";
+import {
+  validateApiKey,
+  checkRateLimit,
+  hasScope,
+  logApiRequest,
+} from "../_shared/apiKeyAuth.ts";
+
+Deno.serve(async (req: Request) => {
+  const startTime = Date.now();
+
+  if (req.method === "OPTIONS") {
+    return new Response(null, { status: 204, headers: corsHeaders });
+  }
+
+  const authResult = await validateApiKey(req);
+  if ("status" in authResult) {
+    return authResult;
+  }
+  const { apiKey } = authResult;
+
+  const rateLimitError = checkRateLimit(apiKey.id);
+  if (rateLimitError) {
+    await logApiRequest(
+      apiKey.id,
+      "/v1/deals",
+      req.method,
+      429,
+      Date.now() - startTime,
+      req
+    );
+    return rateLimitError;
+  }
+
+  try {
+    const url = new URL(req.url);
+    const pathParts = url.pathname.split("/").filter(Boolean);
+    const dealId = pathParts[1];
+
+    let response: Response;
+
+    if (req.method === "GET" && dealId) {
+      response = await getDeal(apiKey, dealId);
+    } else if (req.method === "POST") {
+      response = await createDeal(apiKey, req);
+    } else if (req.method === "PATCH" && dealId) {
+      response = await updateDeal(apiKey, dealId, req);
+    } else if (req.method === "DELETE" && dealId) {
+      response = await deleteDeal(apiKey, dealId);
+    } else {
+      response = createErrorResponse(404, "Not found");
+    }
+
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      url.pathname,
+      req.method,
+      response.status,
+      responseTime,
+      req
+    );
+
+    return response;
+  } catch (error) {
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      new URL(req.url).pathname,
+      req.method,
+      500,
+      responseTime,
+      req,
+      error.message
+    );
+    return createErrorResponse(500, "Internal server error");
+  }
+});
+
+async function getDeal(apiKey: any, dealId: string) {
+  if (!hasScope(apiKey, "deals:read")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const { data, error } = await supabaseAdmin
+    .from("deals")
+    .select("*")
+    .eq("id", dealId)
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Deal not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function createDeal(apiKey: any, req: Request) {
+  if (!hasScope(apiKey, "deals:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("deals")
+    .insert({
+      ...body,
+      sales_id: apiKey.sales_id,
+    })
+    .select()
+    .single();
+
+  if (error) {
+    return createErrorResponse(400, error.message);
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    status: 201,
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function updateDeal(apiKey: any, dealId: string, req: Request) {
+  if (!hasScope(apiKey, "deals:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("deals")
+    .update(body)
+    .eq("id", dealId)
+    .select()
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Deal not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function deleteDeal(apiKey: any, dealId: string) {
+  if (!hasScope(apiKey, "deals:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const { error } = await supabaseAdmin
+    .from("deals")
+    .delete()
+    .eq("id", dealId);
+
+  if (error) {
+    return createErrorResponse(404, "Deal not found");
+  }
+
+  return new Response(null, { status: 204, headers: corsHeaders });
+}

package/supabase/functions/webhook-dispatcher/index.ts

@@ -0,0 +1,133 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { generateWebhookSignature } from "../_shared/webhookSignature.ts";
+
+Deno.serve(async () => {
+  console.log("Webhook dispatcher running...");
+
+  // Get pending webhook deliveries
+  const { data: queueItems } = await supabaseAdmin
+    .from("webhook_queue")
+    .select("*, webhooks(*)")
+    .eq("status", "pending")
+    .lte("next_retry_at", new Date().toISOString())
+    .limit(50);
+
+  if (!queueItems || queueItems.length === 0) {
+    return new Response(JSON.stringify({ processed: 0 }), {
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  console.log(`Processing ${queueItems.length} webhook deliveries`);
+
+  const results = await Promise.allSettled(
+    queueItems.map((item) => deliverWebhook(item))
+  );
+
+  const successful = results.filter((r) => r.status === "fulfilled").length;
+  const failed = results.filter((r) => r.status === "rejected").length;
+
+  return new Response(
+    JSON.stringify({ processed: queueItems.length, successful, failed }),
+    { headers: { "Content-Type": "application/json" } }
+  );
+});
+
+async function deliverWebhook(queueItem: any) {
+  const webhook = queueItem.webhooks;
+
+  // Mark as processing
+  await supabaseAdmin
+    .from("webhook_queue")
+    .update({ status: "processing" })
+    .eq("id", queueItem.id);
+
+  try {
+    const payloadString = JSON.stringify(queueItem.payload);
+    const signature = await generateWebhookSignature(
+      webhook.secret,
+      payloadString
+    );
+
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      "X-Webhook-Signature": signature,
+      "X-Webhook-Event": queueItem.event_type,
+      "User-Agent": "AtomicCRM-Webhooks/1.0",
+    };
+
+    // Add custom headers from webhook config
+    if (webhook.headers) {
+      Object.assign(headers, webhook.headers);
+    }
+
+    const response = await fetch(webhook.url, {
+      method: "POST",
+      headers,
+      body: payloadString,
+      signal: AbortSignal.timeout(30000), // 30 second timeout
+    });
+
+    if (response.ok) {
+      // Success
+      await supabaseAdmin
+        .from("webhook_queue")
+        .update({
+          status: "delivered",
+          delivered_at: new Date().toISOString(),
+        })
+        .eq("id", queueItem.id);
+
+      await supabaseAdmin
+        .from("webhooks")
+        .update({
+          last_triggered_at: new Date().toISOString(),
+          failure_count: 0,
+        })
+        .eq("id", webhook.id);
+
+      console.log(`Webhook ${queueItem.id} delivered successfully`);
+    } else {
+      throw new Error(`HTTP ${response.status}: ${await response.text()}`);
+    }
+  } catch (error) {
+    console.error(`Webhook ${queueItem.id} delivery failed:`, error);
+
+    const newAttempts = queueItem.attempts + 1;
+    const shouldRetry = newAttempts < queueItem.max_attempts;
+
+    if (shouldRetry) {
+      // Exponential backoff: 1min, 5min, 15min
+      const retryDelays = [60, 300, 900];
+      const delaySeconds = retryDelays[newAttempts - 1] || 900;
+      const nextRetry = new Date(Date.now() + delaySeconds * 1000)
+        .toISOString();
+
+      await supabaseAdmin
+        .from("webhook_queue")
+        .update({
+          status: "pending",
+          attempts: newAttempts,
+          next_retry_at: nextRetry,
+          error_message: error.message,
+        })
+        .eq("id", queueItem.id);
+    } else {
+      // Max attempts reached
+      await supabaseAdmin
+        .from("webhook_queue")
+        .update({
+          status: "failed",
+          attempts: newAttempts,
+          error_message: error.message,
+        })
+        .eq("id", queueItem.id);
+
+      await supabaseAdmin
+        .from("webhooks")
+        .update({ failure_count: webhook.failure_count + 1 })
+        .eq("id", webhook.id);
+    }
+  }
+}

package/supabase/migrations/20251219120000_api_integrations.sql

@@ -0,0 +1,133 @@
+-- API Keys table
+create table "public"."api_keys" (
+    "id" bigint generated by default as identity not null,
+    "created_at" timestamp with time zone not null default now(),
+    "sales_id" bigint not null,
+    "name" text not null,
+    "key_hash" text not null,
+    "key_prefix" text not null,
+    "scopes" text[] not null default '{}',
+    "is_active" boolean not null default true,
+    "expires_at" timestamp with time zone,
+    "last_used_at" timestamp with time zone,
+    "created_by_sales_id" bigint not null
+);
+
+alter table "public"."api_keys" enable row level security;
+
+CREATE UNIQUE INDEX api_keys_pkey ON public.api_keys USING btree (id);
+CREATE UNIQUE INDEX api_keys_key_hash_unique ON public.api_keys USING btree (key_hash);
+CREATE INDEX api_keys_sales_id_idx ON public.api_keys USING btree (sales_id);
+
+alter table "public"."api_keys" add constraint "api_keys_pkey" PRIMARY KEY using index "api_keys_pkey";
+alter table "public"."api_keys" add constraint "api_keys_sales_id_fkey"
+    FOREIGN KEY (sales_id) REFERENCES sales(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."api_keys" validate constraint "api_keys_sales_id_fkey";
+alter table "public"."api_keys" add constraint "api_keys_created_by_sales_id_fkey"
+    FOREIGN KEY (created_by_sales_id) REFERENCES sales(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."api_keys" validate constraint "api_keys_created_by_sales_id_fkey";
+
+-- Webhooks table
+create table "public"."webhooks" (
+    "id" bigint generated by default as identity not null,
+    "created_at" timestamp with time zone not null default now(),
+    "sales_id" bigint not null,
+    "name" text not null,
+    "url" text not null,
+    "events" text[] not null default '{}',
+    "headers" jsonb,
+    "is_active" boolean not null default true,
+    "secret" text not null,
+    "last_triggered_at" timestamp with time zone,
+    "failure_count" int not null default 0,
+    "created_by_sales_id" bigint not null
+);
+
+alter table "public"."webhooks" enable row level security;
+
+CREATE UNIQUE INDEX webhooks_pkey ON public.webhooks USING btree (id);
+CREATE INDEX webhooks_sales_id_idx ON public.webhooks USING btree (sales_id);
+CREATE INDEX webhooks_events_idx ON public.webhooks USING gin (events);
+
+alter table "public"."webhooks" add constraint "webhooks_pkey" PRIMARY KEY using index "webhooks_pkey";
+alter table "public"."webhooks" add constraint "webhooks_sales_id_fkey"
+    FOREIGN KEY (sales_id) REFERENCES sales(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."webhooks" validate constraint "webhooks_sales_id_fkey";
+alter table "public"."webhooks" add constraint "webhooks_created_by_sales_id_fkey"
+    FOREIGN KEY (created_by_sales_id) REFERENCES sales(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."webhooks" validate constraint "webhooks_created_by_sales_id_fkey";
+
+-- API Request Logs table
+create table "public"."api_logs" (
+    "id" bigint generated by default as identity not null,
+    "created_at" timestamp with time zone not null default now(),
+    "api_key_id" bigint not null,
+    "endpoint" text not null,
+    "method" text not null,
+    "status_code" int not null,
+    "response_time_ms" int,
+    "ip_address" text,
+    "user_agent" text,
+    "error_message" text
+);
+
+alter table "public"."api_logs" enable row level security;
+
+CREATE UNIQUE INDEX api_logs_pkey ON public.api_logs USING btree (id);
+CREATE INDEX api_logs_api_key_id_idx ON public.api_logs USING btree (api_key_id);
+CREATE INDEX api_logs_created_at_idx ON public.api_logs USING btree (created_at DESC);
+
+alter table "public"."api_logs" add constraint "api_logs_pkey" PRIMARY KEY using index "api_logs_pkey";
+alter table "public"."api_logs" add constraint "api_logs_api_key_id_fkey"
+    FOREIGN KEY (api_key_id) REFERENCES api_keys(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."api_logs" validate constraint "api_logs_api_key_id_fkey";
+
+-- Webhook Queue table (for async delivery)
+create table "public"."webhook_queue" (
+    "id" bigint generated by default as identity not null,
+    "created_at" timestamp with time zone not null default now(),
+    "webhook_id" bigint not null,
+    "event_type" text not null,
+    "payload" jsonb not null,
+    "status" text not null default 'pending',
+    "attempts" int not null default 0,
+    "max_attempts" int not null default 3,
+    "next_retry_at" timestamp with time zone,
+    "delivered_at" timestamp with time zone,
+    "error_message" text
+);
+
+alter table "public"."webhook_queue" enable row level security;
+
+CREATE UNIQUE INDEX webhook_queue_pkey ON public.webhook_queue USING btree (id);
+CREATE INDEX webhook_queue_status_idx ON public.webhook_queue USING btree (status, next_retry_at);
+CREATE INDEX webhook_queue_webhook_id_idx ON public.webhook_queue USING btree (webhook_id);
+
+alter table "public"."webhook_queue" add constraint "webhook_queue_pkey" PRIMARY KEY using index "webhook_queue_pkey";
+alter table "public"."webhook_queue" add constraint "webhook_queue_webhook_id_fkey"
+    FOREIGN KEY (webhook_id) REFERENCES webhooks(id) ON UPDATE CASCADE ON DELETE CASCADE not valid;
+alter table "public"."webhook_queue" validate constraint "webhook_queue_webhook_id_fkey";
+
+-- Grant permissions
+grant select, insert, update, delete on table "public"."api_keys" to "authenticated";
+grant select, insert, update, delete on table "public"."webhooks" to "authenticated";
+grant select on table "public"."api_logs" to "authenticated";
+grant select on table "public"."webhook_queue" to "authenticated";
+
+grant all on table "public"."api_keys" to "service_role";
+grant all on table "public"."webhooks" to "service_role";
+grant all on table "public"."api_logs" to "service_role";
+grant all on table "public"."webhook_queue" to "service_role";
+
+-- RLS Policies (permissive for authenticated users)
+create policy "Enable all for authenticated users" on "public"."api_keys"
+    for all to authenticated using (true) with check (true);
+
+create policy "Enable all for authenticated users" on "public"."webhooks"
+    for all to authenticated using (true) with check (true);
+
+create policy "Enable read for authenticated users" on "public"."api_logs"
+    for select to authenticated using (true);
+
+create policy "Enable read for authenticated users" on "public"."webhook_queue"
+    for select to authenticated using (true);