realtimex-crm 0.7.14 → 0.9.1

package/src/components/ui/alert-dialog.tsx

@@ -0,0 +1,155 @@
+import * as React from "react"
+import * as AlertDialogPrimitive from "@radix-ui/react-alert-dialog"
+
+import { cn } from "@/lib/utils"
+import { buttonVariants } from "@/components/ui/button"
+
+function AlertDialog({
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Root>) {
+  return <AlertDialogPrimitive.Root data-slot="alert-dialog" {...props} />
+}
+
+function AlertDialogTrigger({
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Trigger>) {
+  return (
+    <AlertDialogPrimitive.Trigger data-slot="alert-dialog-trigger" {...props} />
+  )
+}
+
+function AlertDialogPortal({
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Portal>) {
+  return (
+    <AlertDialogPrimitive.Portal data-slot="alert-dialog-portal" {...props} />
+  )
+}
+
+function AlertDialogOverlay({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Overlay>) {
+  return (
+    <AlertDialogPrimitive.Overlay
+      data-slot="alert-dialog-overlay"
+      className={cn(
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogContent({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Content>) {
+  return (
+    <AlertDialogPortal>
+      <AlertDialogOverlay />
+      <AlertDialogPrimitive.Content
+        data-slot="alert-dialog-content"
+        className={cn(
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 sm:max-w-lg",
+          className
+        )}
+        {...props}
+      />
+    </AlertDialogPortal>
+  )
+}
+
+function AlertDialogHeader({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="alert-dialog-header"
+      className={cn("flex flex-col gap-2 text-center sm:text-left", className)}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogFooter({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="alert-dialog-footer"
+      className={cn(
+        "flex flex-col-reverse gap-2 sm:flex-row sm:justify-end",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogTitle({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Title>) {
+  return (
+    <AlertDialogPrimitive.Title
+      data-slot="alert-dialog-title"
+      className={cn("text-lg font-semibold", className)}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogDescription({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Description>) {
+  return (
+    <AlertDialogPrimitive.Description
+      data-slot="alert-dialog-description"
+      className={cn("text-muted-foreground text-sm", className)}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogAction({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Action>) {
+  return (
+    <AlertDialogPrimitive.Action
+      className={cn(buttonVariants(), className)}
+      {...props}
+    />
+  )
+}
+
+function AlertDialogCancel({
+  className,
+  ...props
+}: React.ComponentProps<typeof AlertDialogPrimitive.Cancel>) {
+  return (
+    <AlertDialogPrimitive.Cancel
+      className={cn(buttonVariants({ variant: "outline" }), className)}
+      {...props}
+    />
+  )
+}
+
+export {
+  AlertDialog,
+  AlertDialogPortal,
+  AlertDialogOverlay,
+  AlertDialogTrigger,
+  AlertDialogContent,
+  AlertDialogHeader,
+  AlertDialogFooter,
+  AlertDialogTitle,
+  AlertDialogDescription,
+  AlertDialogAction,
+  AlertDialogCancel,
+}

package/src/lib/api-key-utils.ts

@@ -0,0 +1,22 @@
+/**
+ * Generate a new API key in format: ak_live_<32 hex chars>
+ */
+export function generateApiKey(): string {
+  const array = new Uint8Array(16);
+  crypto.getRandomValues(array);
+  const hex = Array.from(array)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+  return `ak_live_${hex}`;
+}
+
+/**
+ * Hash API key using SHA-256
+ */
+export async function hashApiKey(apiKey: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(apiKey);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+}

package/supabase/functions/_shared/apiKeyAuth.ts

@@ -0,0 +1,171 @@
+import { supabaseAdmin } from "./supabaseAdmin.ts";
+import { createErrorResponse } from "./utils.ts";
+
+// Rate limiting: Simple in-memory store (resets on function restart)
+const rateLimitStore = new Map<string, { count: number; resetAt: number }>();
+
+const RATE_LIMIT_MAX = 100; // requests per window
+const RATE_LIMIT_WINDOW = 60 * 1000; // 60 seconds
+
+interface ApiKey {
+  id: number;
+  sales_id: number;
+  name: string;
+  scopes: string[];
+  is_active: boolean;
+  expires_at: string | null;
+}
+
+/**
+ * Extract and validate API key from request
+ * Returns api key record or error response
+ */
+export async function validateApiKey(
+  req: Request
+): Promise<{ apiKey: ApiKey } | Response> {
+  const authHeader = req.headers.get("Authorization");
+
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return createErrorResponse(401, "Missing or invalid Authorization header");
+  }
+
+  const apiKeyValue = authHeader.replace("Bearer ", "");
+
+  if (!apiKeyValue.startsWith("ak_live_")) {
+    return createErrorResponse(401, "Invalid API key format");
+  }
+
+  // Hash the API key for lookup
+  const encoder = new TextEncoder();
+  const data = encoder.encode(apiKeyValue);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const keyHash = hashArray.map((b) => b.toString(16).padStart(2, "0")).join(
+    ""
+  );
+
+  // Lookup API key in database
+  const { data: apiKey, error } = await supabaseAdmin
+    .from("api_keys")
+    .select("id, sales_id, name, scopes, is_active, expires_at")
+    .eq("key_hash", keyHash)
+    .single();
+
+  if (error || !apiKey) {
+    return createErrorResponse(401, "Invalid API key");
+  }
+
+  // Check if active
+  if (!apiKey.is_active) {
+    return createErrorResponse(401, "API key is disabled");
+  }
+
+  // Check expiration
+  if (apiKey.expires_at && new Date(apiKey.expires_at) < new Date()) {
+    return createErrorResponse(401, "API key has expired");
+  }
+
+  // Update last_used_at (fire and forget)
+  supabaseAdmin
+    .from("api_keys")
+    .update({ last_used_at: new Date().toISOString() })
+    .eq("id", apiKey.id)
+    .then(() => {});
+
+  return { apiKey };
+}
+
+/**
+ * Check rate limit for API key
+ */
+export function checkRateLimit(apiKeyId: number): Response | null {
+  const now = Date.now();
+  const key = `ratelimit:${apiKeyId}`;
+
+  let bucket = rateLimitStore.get(key);
+
+  if (!bucket || now > bucket.resetAt) {
+    // Create new bucket
+    bucket = {
+      count: 1,
+      resetAt: now + RATE_LIMIT_WINDOW,
+    };
+    rateLimitStore.set(key, bucket);
+    return null;
+  }
+
+  if (bucket.count >= RATE_LIMIT_MAX) {
+    const retryAfter = Math.ceil((bucket.resetAt - now) / 1000);
+    return new Response(
+      JSON.stringify({
+        status: 429,
+        message: "Rate limit exceeded",
+        retry_after: retryAfter,
+      }),
+      {
+        status: 429,
+        headers: {
+          "Content-Type": "application/json",
+          "Retry-After": retryAfter.toString(),
+          "X-RateLimit-Limit": RATE_LIMIT_MAX.toString(),
+          "X-RateLimit-Remaining": "0",
+          "X-RateLimit-Reset": bucket.resetAt.toString(),
+        },
+      }
+    );
+  }
+
+  bucket.count++;
+
+  return null;
+}
+
+/**
+ * Check if API key has required scope
+ */
+export function hasScope(apiKey: ApiKey, requiredScope: string): boolean {
+  // Check for wildcard scope
+  if (apiKey.scopes.includes("*")) {
+    return true;
+  }
+
+  // Check for exact scope match
+  if (apiKey.scopes.includes(requiredScope)) {
+    return true;
+  }
+
+  // Check for resource wildcard (e.g., "contacts:*" matches "contacts:read")
+  const [resource] = requiredScope.split(":");
+  if (apiKey.scopes.includes(`${resource}:*`)) {
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Log API request
+ */
+export async function logApiRequest(
+  apiKeyId: number,
+  endpoint: string,
+  method: string,
+  statusCode: number,
+  responseTimeMs: number,
+  req: Request,
+  errorMessage?: string
+) {
+  const ip = req.headers.get("x-forwarded-for")?.split(",")[0]?.trim();
+  const userAgent = req.headers.get("user-agent");
+
+  await supabaseAdmin.from("api_logs").insert({
+    api_key_id: apiKeyId,
+    endpoint,
+    method,
+    status_code: statusCode,
+    response_time_ms: responseTimeMs,
+    ip_address: ip,
+    user_agent: userAgent,
+    error_message: errorMessage,
+  });
+}

package/supabase/functions/_shared/webhookSignature.ts

@@ -0,0 +1,23 @@
+/**
+ * Generate HMAC-SHA256 signature for webhook payload
+ */
+export async function generateWebhookSignature(
+  secret: string,
+  payload: string
+): Promise<string> {
+  const encoder = new TextEncoder();
+  const keyData = encoder.encode(secret);
+  const messageData = encoder.encode(payload);
+
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    keyData,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+
+  const signature = await crypto.subtle.sign("HMAC", cryptoKey, messageData);
+  const hashArray = Array.from(new Uint8Array(signature));
+  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+}

package/supabase/functions/api-v1-activities/index.ts

@@ -0,0 +1,137 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { corsHeaders, createErrorResponse } from "../_shared/utils.ts";
+import {
+  validateApiKey,
+  checkRateLimit,
+  hasScope,
+  logApiRequest,
+} from "../_shared/apiKeyAuth.ts";
+
+Deno.serve(async (req: Request) => {
+  const startTime = Date.now();
+
+  if (req.method === "OPTIONS") {
+    return new Response(null, { status: 204, headers: corsHeaders });
+  }
+
+  const authResult = await validateApiKey(req);
+  if ("status" in authResult) {
+    return authResult;
+  }
+  const { apiKey } = authResult;
+
+  const rateLimitError = checkRateLimit(apiKey.id);
+  if (rateLimitError) {
+    await logApiRequest(
+      apiKey.id,
+      "/v1/activities",
+      req.method,
+      429,
+      Date.now() - startTime,
+      req
+    );
+    return rateLimitError;
+  }
+
+  try {
+    if (req.method === "POST") {
+      const response = await createActivity(apiKey, req);
+      const responseTime = Date.now() - startTime;
+      await logApiRequest(
+        apiKey.id,
+        "/v1/activities",
+        req.method,
+        response.status,
+        responseTime,
+        req
+      );
+      return response;
+    } else {
+      return createErrorResponse(404, "Not found");
+    }
+  } catch (error) {
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      "/v1/activities",
+      req.method,
+      500,
+      responseTime,
+      req,
+      error.message
+    );
+    return createErrorResponse(500, "Internal server error");
+  }
+});
+
+async function createActivity(apiKey: any, req: Request) {
+  if (!hasScope(apiKey, "activities:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+  const { type, ...activityData } = body;
+
+  // Activities can be notes or tasks
+  if (type === "note" || type === "contact_note") {
+    const { data, error } = await supabaseAdmin
+      .from("contactNotes")
+      .insert({
+        ...activityData,
+        sales_id: apiKey.sales_id,
+      })
+      .select()
+      .single();
+
+    if (error) {
+      return createErrorResponse(400, error.message);
+    }
+
+    return new Response(JSON.stringify({ data, type: "note" }), {
+      status: 201,
+      headers: { "Content-Type": "application/json", ...corsHeaders },
+    });
+  } else if (type === "task") {
+    const { data, error } = await supabaseAdmin
+      .from("tasks")
+      .insert({
+        ...activityData,
+        sales_id: apiKey.sales_id,
+      })
+      .select()
+      .single();
+
+    if (error) {
+      return createErrorResponse(400, error.message);
+    }
+
+    return new Response(JSON.stringify({ data, type: "task" }), {
+      status: 201,
+      headers: { "Content-Type": "application/json", ...corsHeaders },
+    });
+  } else if (type === "deal_note") {
+    const { data, error } = await supabaseAdmin
+      .from("dealNotes")
+      .insert({
+        ...activityData,
+        sales_id: apiKey.sales_id,
+      })
+      .select()
+      .single();
+
+    if (error) {
+      return createErrorResponse(400, error.message);
+    }
+
+    return new Response(JSON.stringify({ data, type: "deal_note" }), {
+      status: 201,
+      headers: { "Content-Type": "application/json", ...corsHeaders },
+    });
+  } else {
+    return createErrorResponse(
+      400,
+      "Invalid activity type. Must be 'note', 'contact_note', 'task', or 'deal_note'"
+    );
+  }
+}

package/supabase/functions/api-v1-companies/index.ts

@@ -0,0 +1,166 @@
+import "jsr:@supabase/functions-js/edge-runtime.d.ts";
+import { supabaseAdmin } from "../_shared/supabaseAdmin.ts";
+import { corsHeaders, createErrorResponse } from "../_shared/utils.ts";
+import {
+  validateApiKey,
+  checkRateLimit,
+  hasScope,
+  logApiRequest,
+} from "../_shared/apiKeyAuth.ts";
+
+Deno.serve(async (req: Request) => {
+  const startTime = Date.now();
+
+  if (req.method === "OPTIONS") {
+    return new Response(null, { status: 204, headers: corsHeaders });
+  }
+
+  const authResult = await validateApiKey(req);
+  if ("status" in authResult) {
+    return authResult;
+  }
+  const { apiKey } = authResult;
+
+  const rateLimitError = checkRateLimit(apiKey.id);
+  if (rateLimitError) {
+    await logApiRequest(
+      apiKey.id,
+      "/v1/companies",
+      req.method,
+      429,
+      Date.now() - startTime,
+      req
+    );
+    return rateLimitError;
+  }
+
+  try {
+    const url = new URL(req.url);
+    const pathParts = url.pathname.split("/").filter(Boolean);
+    const companyId = pathParts[1];
+
+    let response: Response;
+
+    if (req.method === "GET" && companyId) {
+      response = await getCompany(apiKey, companyId);
+    } else if (req.method === "POST") {
+      response = await createCompany(apiKey, req);
+    } else if (req.method === "PATCH" && companyId) {
+      response = await updateCompany(apiKey, companyId, req);
+    } else if (req.method === "DELETE" && companyId) {
+      response = await deleteCompany(apiKey, companyId);
+    } else {
+      response = createErrorResponse(404, "Not found");
+    }
+
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      url.pathname,
+      req.method,
+      response.status,
+      responseTime,
+      req
+    );
+
+    return response;
+  } catch (error) {
+    const responseTime = Date.now() - startTime;
+    await logApiRequest(
+      apiKey.id,
+      new URL(req.url).pathname,
+      req.method,
+      500,
+      responseTime,
+      req,
+      error.message
+    );
+    return createErrorResponse(500, "Internal server error");
+  }
+});
+
+async function getCompany(apiKey: any, companyId: string) {
+  if (!hasScope(apiKey, "companies:read")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const { data, error } = await supabaseAdmin
+    .from("companies")
+    .select("*")
+    .eq("id", companyId)
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Company not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function createCompany(apiKey: any, req: Request) {
+  if (!hasScope(apiKey, "companies:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("companies")
+    .insert({
+      ...body,
+      sales_id: apiKey.sales_id,
+    })
+    .select()
+    .single();
+
+  if (error) {
+    return createErrorResponse(400, error.message);
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    status: 201,
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function updateCompany(apiKey: any, companyId: string, req: Request) {
+  if (!hasScope(apiKey, "companies:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const body = await req.json();
+
+  const { data, error } = await supabaseAdmin
+    .from("companies")
+    .update(body)
+    .eq("id", companyId)
+    .select()
+    .single();
+
+  if (error || !data) {
+    return createErrorResponse(404, "Company not found");
+  }
+
+  return new Response(JSON.stringify({ data }), {
+    headers: { "Content-Type": "application/json", ...corsHeaders },
+  });
+}
+
+async function deleteCompany(apiKey: any, companyId: string) {
+  if (!hasScope(apiKey, "companies:write")) {
+    return createErrorResponse(403, "Insufficient permissions");
+  }
+
+  const { error } = await supabaseAdmin
+    .from("companies")
+    .delete()
+    .eq("id", companyId);
+
+  if (error) {
+    return createErrorResponse(404, "Company not found");
+  }
+
+  return new Response(null, { status: 204, headers: corsHeaders });
+}