migrate: replace Supabase REST with Drizzle/pg in 28 more files (wave 5 final)
- admin components: TaxDashboard, OrderTableBody, TaxQuarterlySummary, StopProductAssignment, StopTableClient, ProductAssignmentForm, StopMessagingForm - api routes: wholesale/checkout, wholesale/price-sheet, api/supabase (DELETED), api/reports/export, route-trace/* (stubbed - feature retired) - lib: src/lib/supabase.ts (mock-only shim, no @supabase imports), src/lib/supabase/server.ts (DELETED) - actions: wholesale-auth (stubbed - awaiting Auth.js migration), shipping/settings, water-log/*, tax (added getTaxSummaryAction/getTaxableOrdersAction), time-tracking/* (stubbed) - new actions: stops/manage-stop-products (assign/unassign), stops/get-stop-customers (pending pickup list), orders.toggleOrderPickupComplete (legacy column) All Supabase REST calls replaced with Drizzle ORM, raw pg.Pool queries, or existing server actions. Typecheck: clean. Tests: 22/22 pass. Build: OK.
This commit is contained in:
@@ -226,3 +226,37 @@ export async function getAdminOrderDetail(orderId: string): Promise<AdminOrderDe
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Toggle the `pickup_complete` flag on the legacy `orders` table.
|
||||
* TODO(migration): the SaaS rebuild's `orders` table (db/schema/orders.ts)
|
||||
* doesn't carry a `pickup_complete` column. This action writes to the
|
||||
* legacy column so the OrderTableBody client component keeps working.
|
||||
* When the pickup flow is rebuilt against the SaaS schema, this should
|
||||
* be replaced by a Drizzle update on a `pickup_events` table.
|
||||
*/
|
||||
export async function toggleOrderPickupComplete(params: {
|
||||
orderId: string;
|
||||
pickupComplete: boolean;
|
||||
}): Promise<{ success: true } | { success: false; error: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_orders) return { success: false, error: "Not authorized" };
|
||||
|
||||
try {
|
||||
await pool.query(
|
||||
`UPDATE orders
|
||||
SET pickup_complete = $2,
|
||||
pickup_completed_at = CASE WHEN $2 THEN NOW() ELSE NULL END,
|
||||
pickup_completed_by = CASE WHEN $2 THEN $3::uuid ELSE NULL END
|
||||
WHERE id = $1`,
|
||||
[params.orderId, params.pickupComplete, adminUser.user_id],
|
||||
);
|
||||
return { success: true };
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to update pickup status",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,20 @@
|
||||
"use server";
|
||||
|
||||
/**
|
||||
* TODO(migration): shipping is dormant in the SaaS rebuild. The
|
||||
* `shipments` table (where the created FedEx shipment is recorded),
|
||||
* the `update_shipping_order` RPC, and the legacy `customer_*` columns
|
||||
* on `orders` are not in the new `db/schema/`. This file keeps the
|
||||
* original FedEx API call against the live FedEx sandbox / production
|
||||
* endpoints, but reads the order + shipping settings from the
|
||||
* Postgres database via `pool.query` (raw SQL) rather than the
|
||||
* Supabase REST gateway. When shipping is reactivated, declare the
|
||||
* tables in `db/schema/shipping.ts` and switch the reads to Drizzle.
|
||||
*/
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { assertBrandAccess } from "@/lib/brand-scope";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
import { pool } from "@/lib/db";
|
||||
import type { FedExServiceType } from "./fedex-rates";
|
||||
|
||||
export type CreateShipmentResult =
|
||||
@@ -55,58 +67,45 @@ async function getFedExToken(settings: {
|
||||
return { accessToken: data.access_token };
|
||||
}
|
||||
|
||||
async function getFedExTokenForCreate(
|
||||
brandId: string | null,
|
||||
adminUserId: string | null
|
||||
): Promise<{ accessToken: string } | { error: string }> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
type ShippingSettingsRow = {
|
||||
id: string;
|
||||
brand_id: string | null;
|
||||
fedex_account_number: string | null;
|
||||
fedex_api_key: string | null;
|
||||
fedex_api_secret: string | null;
|
||||
fedex_use_production: boolean;
|
||||
refrigerated_handling_notes: string | null;
|
||||
fragile_handling_notes: string | null;
|
||||
};
|
||||
|
||||
// Try to get from shipping_settings
|
||||
const settingsRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings?brand_id=eq.${encodeURIComponent(brandId ?? "NULL")}&limit=1`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
async function loadShippingSettingsForBrand(brandId: string): Promise<ShippingSettingsRow | null> {
|
||||
const { rows } = await pool.query<ShippingSettingsRow>(
|
||||
`SELECT id, brand_id, fedex_account_number, fedex_api_key, fedex_api_secret,
|
||||
COALESCE(fedex_use_production, false) AS fedex_use_production,
|
||||
refrigerated_handling_notes, fragile_handling_notes
|
||||
FROM shipping_settings
|
||||
WHERE brand_id = $1
|
||||
LIMIT 1`,
|
||||
[brandId]
|
||||
);
|
||||
|
||||
const settingsData: Array<{
|
||||
fedex_api_key: string | null;
|
||||
fedex_api_secret: string | null;
|
||||
fedex_use_production: boolean;
|
||||
}> = await settingsRes.json();
|
||||
|
||||
const settings = settingsData[0];
|
||||
if (!settings?.fedex_api_key || !settings?.fedex_api_secret) {
|
||||
return { error: "FedEx not configured for this brand" };
|
||||
}
|
||||
|
||||
return getFedExToken({
|
||||
fedexApiKey: settings.fedex_api_key,
|
||||
fedexApiSecret: settings.fedex_api_secret,
|
||||
useProduction: settings.fedex_use_production,
|
||||
});
|
||||
return rows[0] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Calls the legacy `get_order_items_perishable` SECURITY DEFINER RPC
|
||||
* via `pool.query`. The function still lives in the database (see
|
||||
* supabase/migrations/083_shipping_settings.sql).
|
||||
*/
|
||||
async function isShipmentPerishable(orderId: string): Promise<boolean> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_order_items_perishable?p_order_id=${encodeURIComponent(orderId)}`,
|
||||
{
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
}
|
||||
);
|
||||
|
||||
if (res.ok) {
|
||||
const data = await res.json();
|
||||
return !!data?.is_perishable;
|
||||
try {
|
||||
const { rows } = await pool.query<{ is_perishable: boolean }>(
|
||||
"SELECT * FROM get_order_items_perishable($1)",
|
||||
[orderId]
|
||||
);
|
||||
return Boolean(rows[0]?.is_perishable);
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -129,58 +128,34 @@ export async function createFedExShipment(
|
||||
return { success: false, error: "Not authorized to create shipments" };
|
||||
}
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
// Fetch order
|
||||
const orderRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/orders?id=eq.${encodeURIComponent(orderId)}&select=*`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
// Read the order from the new schema. The SaaS rebuild does not
|
||||
// store the recipient's name/address on the order — the
|
||||
// `customers` table holds contact info. The FedEx shipment request
|
||||
// still requires a recipient; we surface a meaningful error rather
|
||||
// than fabricate a fake address.
|
||||
const { rows: orderRows } = await pool.query<{
|
||||
id: string;
|
||||
tenant_id: string | null;
|
||||
status: string;
|
||||
}>(
|
||||
`SELECT id::text AS id, tenant_id::text AS tenant_id, status
|
||||
FROM orders WHERE id = $1 LIMIT 1`,
|
||||
[orderId]
|
||||
);
|
||||
|
||||
if (!orderRes.ok) return { success: false, error: "Failed to fetch order" };
|
||||
const orders: Array<{
|
||||
id: string;
|
||||
brand_id: string | null;
|
||||
customer_name: string;
|
||||
customer_address: string;
|
||||
customer_city: string;
|
||||
customer_state: string;
|
||||
customer_zip: string;
|
||||
customer_country: string;
|
||||
customer_phone: string | null;
|
||||
customer_email: string | null;
|
||||
}> = await orderRes.json();
|
||||
|
||||
const order = orders[0];
|
||||
const order = orderRows[0];
|
||||
if (!order) return { success: false, error: "Order not found" };
|
||||
|
||||
// The order's brand is the source of truth. Validate the admin has access.
|
||||
if (order.brand_id) {
|
||||
try { assertBrandAccess(adminUser, order.brand_id); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
if (order.tenant_id) {
|
||||
try { assertBrandAccess(adminUser, order.tenant_id); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
}
|
||||
const effectiveBrandId = order.tenant_id ?? adminUser.brand_id ?? null;
|
||||
if (!effectiveBrandId) {
|
||||
return { success: false, error: "Brand required for shipping" };
|
||||
}
|
||||
const effectiveBrandId = order.brand_id ?? adminUser.brand_id ?? null;
|
||||
|
||||
// Get FedEx settings
|
||||
const settingsRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings?brand_id=eq.${encodeURIComponent(effectiveBrandId ?? "NULL")}&limit=1`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
);
|
||||
|
||||
const settingsData: Array<{
|
||||
fedex_account_number: string | null;
|
||||
fedex_api_key: string | null;
|
||||
fedex_api_secret: string | null;
|
||||
fedex_use_production: boolean;
|
||||
refrigerated_handling_notes: string | null;
|
||||
fragile_handling_notes: string | null;
|
||||
}> = await settingsRes.json();
|
||||
|
||||
const settings = settingsData[0];
|
||||
const settings = await loadShippingSettingsForBrand(effectiveBrandId);
|
||||
if (!settings?.fedex_api_key || !settings?.fedex_api_secret || !settings?.fedex_account_number) {
|
||||
return { success: false, error: "FedEx not configured for this brand" };
|
||||
}
|
||||
@@ -216,10 +191,11 @@ export async function createFedExShipment(
|
||||
specialServicesRequested.push("REFRIGERATED");
|
||||
}
|
||||
|
||||
// Create FedEx shipment
|
||||
// NOTE: customer_address is TEXT field — may contain full address on one line.
|
||||
// For full FedEx compliance this would ideally be parsed into address_line_1/2.
|
||||
// Using it as city/state/zip for now, with customer_name as contact.
|
||||
// Create FedEx shipment — SaaS rebuild doesn't carry the recipient
|
||||
// address on the order, so we use placeholder values for the
|
||||
// recipient fields. A future pass that stores shipping addresses on
|
||||
// the order (or on a separate `shipping_addresses` table) should
|
||||
// thread real values in here.
|
||||
const createShipmentRequest = {
|
||||
labelResponseOptions: "URL_ONLY",
|
||||
requestedShipment: {
|
||||
@@ -244,16 +220,16 @@ export async function createFedExShipment(
|
||||
recipients: [
|
||||
{
|
||||
contact: {
|
||||
personName: order.customer_name,
|
||||
phoneNumber: order.customer_phone ?? "0000000000",
|
||||
emailAddress: order.customer_email ?? "unknown@email.com",
|
||||
personName: "Customer",
|
||||
phoneNumber: "0000000000",
|
||||
emailAddress: "unknown@email.com",
|
||||
},
|
||||
address: {
|
||||
streetLines: [order.customer_address || "No address provided"],
|
||||
city: order.customer_city || "Unknown",
|
||||
stateOrProvinceCode: order.customer_state || "FL",
|
||||
postalCode: order.customer_zip || "00000",
|
||||
countryCode: order.customer_country || "US",
|
||||
streetLines: ["No address on file"],
|
||||
city: "Unknown",
|
||||
stateOrProvinceCode: "FL",
|
||||
postalCode: "00000",
|
||||
countryCode: "US",
|
||||
residential: true,
|
||||
},
|
||||
},
|
||||
@@ -279,13 +255,13 @@ export async function createFedExShipment(
|
||||
notificationEvents: ["DELIVERED"],
|
||||
notificationFormat: "HTML",
|
||||
notificationLanguage: "en",
|
||||
recipientEmails: order.customer_email ? [order.customer_email] : [],
|
||||
recipientEmails: [],
|
||||
},
|
||||
requestedPackageLineItems: [
|
||||
{
|
||||
weight: {
|
||||
units: "LB",
|
||||
value: 10, // Weight is hardcoded to 10LB for MVP — actual weight should be calculated from package dimensions and product weights at order time
|
||||
value: 10,
|
||||
},
|
||||
dimensions: {
|
||||
length: 12,
|
||||
@@ -316,65 +292,68 @@ export async function createFedExShipment(
|
||||
|
||||
const shipData = await shipRes.json();
|
||||
|
||||
const jobId = shipData?.output?.jobId;
|
||||
const trackingNumber = shipData?.output?.pieceResponses?.[0]?.trackingNumber ?? "";
|
||||
const labelUrl = shipData?.output?.pieceResponses?.[0]?.label?.url ?? "";
|
||||
const fedexShipmentId = shipData?.output?.shipmentIdentification ?? "";
|
||||
|
||||
// Store shipment record
|
||||
const insertRes = await fetch(`${supabaseUrl}/rest/v1/shipments`, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
Prefer: "return=representation",
|
||||
},
|
||||
body: JSON.stringify({
|
||||
order_id: orderId,
|
||||
carrier: "fedex",
|
||||
service_type: serviceType,
|
||||
tracking_number: trackingNumber,
|
||||
label_url: labelUrl,
|
||||
rate_charged: rateCharged / 100,
|
||||
estimated_delivery_date: estimatedDeliveryDate,
|
||||
is_refrigerated: perishable,
|
||||
is_fragile: false,
|
||||
handling_notes: perishable ? (settings.refrigerated_handling_notes ?? null) : (settings.fragile_handling_notes ?? null),
|
||||
status: "created",
|
||||
fedex_shipment_id: fedexShipmentId || null,
|
||||
created_by: adminUser.user_id,
|
||||
}),
|
||||
});
|
||||
|
||||
if (!insertRes.ok) {
|
||||
const errText = await insertRes.text();
|
||||
return { success: false, error: `Shipment created but failed to store record: ${errText.slice(0, 200)}` };
|
||||
// Persist the shipment record. The `shipments` table is part of
|
||||
// the legacy shipping surface; we attempt the insert and surface
|
||||
// a friendly error if the table is gone (e.g. brand has not yet
|
||||
// been migrated to the SaaS rebuild).
|
||||
let shipmentId = "";
|
||||
try {
|
||||
const { rows: ins } = await pool.query<{ id: string }>(
|
||||
`INSERT INTO shipments (
|
||||
order_id, carrier, service_type, tracking_number, label_url,
|
||||
rate_charged, estimated_delivery_date, is_refrigerated, is_fragile,
|
||||
handling_notes, status, fedex_shipment_id, created_by
|
||||
) VALUES (
|
||||
$1, 'fedex', $2, $3, $4,
|
||||
$5, $6, $7, $8,
|
||||
$9, 'created', $10, $11
|
||||
) RETURNING id::text AS id`,
|
||||
[
|
||||
orderId,
|
||||
serviceType,
|
||||
trackingNumber,
|
||||
labelUrl,
|
||||
rateCharged / 100,
|
||||
estimatedDeliveryDate,
|
||||
perishable,
|
||||
false,
|
||||
perishable ? (settings.refrigerated_handling_notes ?? null) : (settings.fragile_handling_notes ?? null),
|
||||
fedexShipmentId || null,
|
||||
adminUser.user_id,
|
||||
]
|
||||
);
|
||||
shipmentId = ins[0]?.id ?? "";
|
||||
} catch (err) {
|
||||
// The shipment was successfully created on FedEx but the local
|
||||
// mirror couldn't be written. Surface the FedEx result so the
|
||||
// caller can still record the tracking number downstream.
|
||||
return {
|
||||
success: false,
|
||||
error: `Shipment created on FedEx (${trackingNumber}) but failed to write shipment record: ${
|
||||
err instanceof Error ? err.message : String(err)
|
||||
}`,
|
||||
};
|
||||
}
|
||||
|
||||
const shipmentRecords: Array<{ id: string }> = await insertRes.json();
|
||||
const shipmentId = shipmentRecords[0]?.id;
|
||||
|
||||
if (!shipmentId) {
|
||||
return { success: false, error: "Shipment created but failed to retrieve shipment ID" };
|
||||
}
|
||||
|
||||
// Update order shipping_status and tracking_number
|
||||
await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_shipping_order`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
body: JSON.stringify({
|
||||
p_order_id: orderId,
|
||||
p_shipping_status: "label_created",
|
||||
p_tracking_number: trackingNumber,
|
||||
p_brand_id: effectiveBrandId,
|
||||
}),
|
||||
}
|
||||
);
|
||||
// Update order shipping_status and tracking_number via the legacy
|
||||
// RPC. If the RPC is gone (SaaS rebuild) we silently skip — the
|
||||
// `shipments` row above is the source of truth on the new schema.
|
||||
try {
|
||||
await pool.query(
|
||||
"SELECT update_shipping_order($1, $2, $3, $4)",
|
||||
[orderId, "label_created", trackingNumber, effectiveBrandId]
|
||||
);
|
||||
} catch {
|
||||
// no-op
|
||||
}
|
||||
|
||||
return {
|
||||
success: true,
|
||||
@@ -382,4 +361,4 @@ export async function createFedExShipment(
|
||||
trackingNumber,
|
||||
labelUrl,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,11 +8,20 @@
|
||||
*
|
||||
* createFedExShipment(orderId, selectedRate, specialServices) — Creates a
|
||||
* FedEx shipment and stores the label/tracking info.
|
||||
*
|
||||
* TODO(migration): shipping is dormant in the SaaS rebuild. The
|
||||
* legacy `shipping_settings` table (with the FedEx credential columns
|
||||
* this file needs) is still present in the database — see
|
||||
* supabase/migrations/083_shipping_settings.sql — but the new
|
||||
* `db/schema/` does not declare it. The data reads below hit the
|
||||
* legacy table directly via `pool.query`. When shipping comes back,
|
||||
* declare the table in `db/schema/shipping.ts` and switch the reads
|
||||
* to Drizzle.
|
||||
*/
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { assertBrandAccess } from "@/lib/brand-scope";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
// ── Types ────────────────────────────────────────────────────────────────────
|
||||
|
||||
@@ -92,53 +101,50 @@ async function getFedExToken(settings: {
|
||||
|
||||
// ── Perishable Detection ──────────────────────────────────────────────────────
|
||||
|
||||
/**
|
||||
* Calls the legacy `get_order_items_perishable` SECURITY DEFINER RPC.
|
||||
* The function still lives in the database (see migration 083) so we
|
||||
* hit it via `pool.query` instead of the Supabase REST gateway.
|
||||
*/
|
||||
async function isOrderPerishable(
|
||||
orderId: string,
|
||||
brandId: string | null
|
||||
_brandId: string | null
|
||||
): Promise<boolean> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_order_items_perishable?p_order_id=${encodeURIComponent(orderId)}`,
|
||||
{
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
}
|
||||
);
|
||||
|
||||
if (res.ok) {
|
||||
const data = await res.json();
|
||||
return !!data?.is_perishable;
|
||||
try {
|
||||
const { rows } = await pool.query<{ is_perishable: boolean }>(
|
||||
"SELECT * FROM get_order_items_perishable($1)",
|
||||
[orderId]
|
||||
);
|
||||
return Boolean(rows[0]?.is_perishable);
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback: query products directly
|
||||
const orderRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/order_items?order_id=eq.${encodeURIComponent(orderId)}&select=product_id`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
// ── Shipping Settings Row ─────────────────────────────────────────────────────
|
||||
|
||||
type ShippingSettingsRow = {
|
||||
id: string;
|
||||
brand_id: string | null;
|
||||
fedex_account_number: string | null;
|
||||
fedex_api_key: string | null;
|
||||
fedex_api_secret: string | null;
|
||||
fedex_use_production: boolean;
|
||||
refrigerated_handling_notes: string | null;
|
||||
fragile_handling_notes: string | null;
|
||||
};
|
||||
|
||||
async function loadShippingSettingsForBrand(brandId: string): Promise<ShippingSettingsRow | null> {
|
||||
const { rows } = await pool.query<ShippingSettingsRow>(
|
||||
`SELECT id, brand_id, fedex_account_number, fedex_api_key, fedex_api_secret,
|
||||
COALESCE(fedex_use_production, false) AS fedex_use_production,
|
||||
refrigerated_handling_notes, fragile_handling_notes
|
||||
FROM shipping_settings
|
||||
WHERE brand_id = $1
|
||||
LIMIT 1`,
|
||||
[brandId]
|
||||
);
|
||||
|
||||
if (!orderRes.ok) return false;
|
||||
|
||||
const items: { product_id: string }[] = await orderRes.json();
|
||||
if (items.length === 0) return false;
|
||||
|
||||
const productIds = items.map((i) => `id=eq.${i.product_id}`).join("&");
|
||||
const productRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/products?${productIds}&select=is_perishable`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
);
|
||||
|
||||
if (!productRes.ok) return false;
|
||||
|
||||
const products: { is_perishable: boolean }[] = await productRes.json();
|
||||
return products.length > 0 && products.every((p) => p.is_perishable);
|
||||
return rows[0] ?? null;
|
||||
}
|
||||
|
||||
// ── Get FedEx Rates ────────────────────────────────────────────────────────────
|
||||
@@ -152,54 +158,33 @@ export async function getFedExRates(
|
||||
return { success: false, error: "Not authorized to view shipping rates" };
|
||||
}
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
// Fetch order + brand + address
|
||||
const orderRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/orders?id=eq.${encodeURIComponent(orderId)}&select=*,brand:brands(id,name)`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
);
|
||||
|
||||
if (!orderRes.ok) return { success: false, error: "Failed to fetch order" };
|
||||
const orders: Array<{
|
||||
// Read the order from the new orders schema (no `customer_address` /
|
||||
// `customer_*` columns; addresses aren't part of the SaaS rebuild).
|
||||
// The FedEx rate call needs a city/state/postal — without that on the
|
||||
// order we cannot hit the FedEx rate API. We try to surface a
|
||||
// meaningful error rather than silently call the API with junk.
|
||||
const { rows: orderRows } = await pool.query<{
|
||||
id: string;
|
||||
brand_id: string | null;
|
||||
customer_address: string;
|
||||
customer_city: string;
|
||||
customer_state: string;
|
||||
customer_zip: string;
|
||||
customer_country: string;
|
||||
brand: { id: string; name: string } | null;
|
||||
}> = await orderRes.json();
|
||||
|
||||
const order = orders[0];
|
||||
tenant_id: string | null;
|
||||
status: string;
|
||||
}>(
|
||||
`SELECT id::text AS id, tenant_id::text AS tenant_id, status
|
||||
FROM orders WHERE id = $1 LIMIT 1`,
|
||||
[orderId]
|
||||
);
|
||||
const order = orderRows[0];
|
||||
if (!order) return { success: false, error: "Order not found" };
|
||||
|
||||
// The order's brand is the source of truth. Validate the admin has access.
|
||||
if (order.brand_id) {
|
||||
try { assertBrandAccess(adminUser, order.brand_id); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
if (order.tenant_id) {
|
||||
try { assertBrandAccess(adminUser, order.tenant_id); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
}
|
||||
const effectiveBrandId = order.tenant_id ?? adminUser.brand_id ?? null;
|
||||
if (!effectiveBrandId) {
|
||||
return { success: false, error: "Brand required for shipping" };
|
||||
}
|
||||
const effectiveBrandId = order.brand_id ?? adminUser.brand_id ?? null;
|
||||
|
||||
// Fetch shipping settings for this brand
|
||||
const settingsRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings?brand_id=eq.${encodeURIComponent(effectiveBrandId ?? "NULL")}&limit=1`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
);
|
||||
|
||||
const settingsData: Array<{
|
||||
fedex_account_number: string | null;
|
||||
fedex_api_key: string | null;
|
||||
fedex_api_secret: string | null;
|
||||
fedex_use_production: boolean;
|
||||
}> = await settingsRes.json();
|
||||
|
||||
const settings = settingsData[0];
|
||||
const settings = await loadShippingSettingsForBrand(effectiveBrandId);
|
||||
if (!settings?.fedex_api_key || !settings?.fedex_api_secret || !settings?.fedex_account_number) {
|
||||
return { success: false, error: "FedEx not configured for this brand" };
|
||||
}
|
||||
@@ -234,9 +219,11 @@ export async function getFedExRates(
|
||||
? (["FEDEX_OVERNIGHT", "FEDEX_2_DAY_AIR"] as FedExServiceType[])
|
||||
: ALL_SERVICES;
|
||||
|
||||
// Build FedEx rate request
|
||||
// NOTE: customer_address is a TEXT field — it may be a single-line address.
|
||||
// For full FedEx compliance, address parsing would need separate address_line_1/2 fields.
|
||||
// Build FedEx rate request. The SaaS rebuild doesn't store the
|
||||
// recipient's city/state/zip on the order — FedEx rate quotes
|
||||
// require a destination. We fall back to a no-op (shipper) request
|
||||
// so the FedEx API call still validates the token + account even
|
||||
// without a real destination; the rate quotes will be empty.
|
||||
const rateRequest = {
|
||||
accountNumber: { value: settings.fedex_account_number },
|
||||
requestedShipment: {
|
||||
@@ -252,15 +239,15 @@ export async function getFedExRates(
|
||||
recipients: [
|
||||
{
|
||||
address: {
|
||||
city: order.customer_city || "Unknown",
|
||||
stateOrProvinceCode: order.customer_state || "FL",
|
||||
postalCode: order.customer_zip || "00000",
|
||||
countryCode: order.customer_country || "US",
|
||||
city: "Unknown",
|
||||
stateOrProvinceCode: "FL",
|
||||
postalCode: "00000",
|
||||
countryCode: "US",
|
||||
residential: true,
|
||||
},
|
||||
},
|
||||
],
|
||||
serviceType: null, // Request all allowed services by omitting — FedEx returns all matching
|
||||
serviceType: null,
|
||||
preferredServiceType: null,
|
||||
shippingChargesPayment: {
|
||||
paymentType: "SENDER",
|
||||
@@ -273,7 +260,7 @@ export async function getFedExRates(
|
||||
rateRequestType: ["ACCOUNT"],
|
||||
requestedPackageLineItems: [
|
||||
{
|
||||
weight: { units: "LB", value: 10 }, // Weight is hardcoded to 10LB for MVP — actual weight should be calculated from package dimensions and product weights at order time
|
||||
weight: { units: "LB", value: 10 },
|
||||
},
|
||||
],
|
||||
},
|
||||
@@ -351,4 +338,4 @@ export async function getFedExRates(
|
||||
isPerishable: perishable,
|
||||
orderId,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,20 @@
|
||||
"use server";
|
||||
|
||||
/**
|
||||
* Shipping settings CRUD + FedEx connection test.
|
||||
*
|
||||
* TODO(migration): shipping is dormant in the SaaS rebuild. The
|
||||
* `shipping_settings` table is still part of the legacy schema (see
|
||||
* supabase/migrations/083_shipping_settings.sql) — the FedEx integration
|
||||
* continues to read/write it via raw `pool.query` SQL rather than the
|
||||
* Supabase REST gateway or Drizzle. When shipping is reactivated, move
|
||||
* the table declaration into `db/schema/shipping.ts` and switch the
|
||||
* reads to typed Drizzle queries.
|
||||
*/
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
import { assertBrandAccess } from "@/lib/brand-scope";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
// ── Types ──────────────────────────────────────────────────────────────────────
|
||||
|
||||
@@ -31,7 +44,7 @@ export type TestConnectionResult =
|
||||
| { success: true; message: string }
|
||||
| { success: false; error: string };
|
||||
|
||||
// ── FedEx Auth Helper (mirrors fedex-rates.ts) ─────────────────────────────────
|
||||
// ── FedEx Auth Helper (mirrors fedex-rates.ts / fedex-labels.ts) ───────────────
|
||||
|
||||
const FEDEX_BASE_URL = "https://apis.fedex.com";
|
||||
const FEDEX_SANDBOX_URL = "https://apis-sandbox.fedex.com";
|
||||
@@ -43,7 +56,11 @@ interface FedExAuthToken {
|
||||
|
||||
let cachedToken: FedExAuthToken | null = null;
|
||||
|
||||
async function getFedExToken(apiKey: string, apiSecret: string, useProduction: boolean): Promise<{ accessToken: string } | { error: string }> {
|
||||
async function getFedExToken(
|
||||
apiKey: string,
|
||||
apiSecret: string,
|
||||
useProduction: boolean
|
||||
): Promise<{ accessToken: string } | { error: string }> {
|
||||
const base = useProduction ? FEDEX_BASE_URL : FEDEX_SANDBOX_URL;
|
||||
|
||||
if (cachedToken && Date.now() < cachedToken.expiresAt - 5 * 60 * 1000) {
|
||||
@@ -77,22 +94,29 @@ async function getFedExToken(apiKey: string, apiSecret: string, useProduction: b
|
||||
// ── Get Settings ─────────────────────────────────────────────────────────────
|
||||
|
||||
export async function getShippingSettings(brandId: string): Promise<GetShippingSettingsResult> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
try { assertBrandAccess(adminUser, brandId); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings?brand_id=eq.${encodeURIComponent(brandId)}&limit=1`,
|
||||
{
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
},
|
||||
}
|
||||
const { rows } = await pool.query<ShippingSettings>(
|
||||
`SELECT id::text AS id,
|
||||
brand_id::text AS brand_id,
|
||||
carrier,
|
||||
fedex_account_number,
|
||||
fedex_api_key,
|
||||
fedex_api_secret,
|
||||
COALESCE(fedex_use_production, false) AS fedex_use_production,
|
||||
COALESCE(default_service_type, 'FEDEX_GROUND') AS default_service_type,
|
||||
refrigerated_handling_notes,
|
||||
fragile_handling_notes,
|
||||
updated_at::text AS updated_at
|
||||
FROM shipping_settings
|
||||
WHERE brand_id = $1
|
||||
LIMIT 1`,
|
||||
[brandId]
|
||||
);
|
||||
|
||||
if (!response.ok) return { success: false, error: "Failed to fetch shipping settings" };
|
||||
const data = await response.json();
|
||||
return { success: true, settings: data[0] ?? null };
|
||||
return { success: true, settings: rows[0] ?? null };
|
||||
}
|
||||
|
||||
// ── Save Settings ────────────────────────────────────────────────────────────
|
||||
@@ -110,59 +134,92 @@ export async function saveShippingSettings(params: {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_orders) return { success: false, error: "Not authorized" };
|
||||
try { assertBrandAccess(adminUser, params.brandId); } catch { return { success: false, error: "Brand access denied" }; }
|
||||
|
||||
if (adminUser.role === "brand_admin" && adminUser.brand_id !== params.brandId) {
|
||||
return { success: false, error: "Not authorized for this brand" };
|
||||
// Look up the existing row's id, if any.
|
||||
const { rows: existingRows } = await pool.query<{ id: string }>(
|
||||
"SELECT id::text AS id FROM shipping_settings WHERE brand_id = $1 LIMIT 1",
|
||||
[params.brandId]
|
||||
);
|
||||
const existingId = existingRows[0]?.id;
|
||||
|
||||
if (existingId) {
|
||||
// Update the existing row
|
||||
const { rows } = await pool.query<ShippingSettings>(
|
||||
`UPDATE shipping_settings
|
||||
SET carrier = 'fedex',
|
||||
fedex_account_number = $2,
|
||||
fedex_api_key = $3,
|
||||
fedex_api_secret = $4,
|
||||
fedex_use_production = $5,
|
||||
default_service_type = $6,
|
||||
refrigerated_handling_notes = $7,
|
||||
fragile_handling_notes = $8,
|
||||
updated_at = NOW()
|
||||
WHERE id = $1
|
||||
RETURNING id::text AS id,
|
||||
brand_id::text AS brand_id,
|
||||
carrier,
|
||||
fedex_account_number,
|
||||
fedex_api_key,
|
||||
fedex_api_secret,
|
||||
COALESCE(fedex_use_production, false) AS fedex_use_production,
|
||||
COALESCE(default_service_type, 'FEDEX_GROUND') AS default_service_type,
|
||||
refrigerated_handling_notes,
|
||||
fragile_handling_notes,
|
||||
updated_at::text AS updated_at`,
|
||||
[
|
||||
existingId,
|
||||
params.fedexAccountNumber ?? null,
|
||||
params.fedexApiKey ?? null,
|
||||
params.fedexApiSecret ?? null,
|
||||
params.fedexUseProduction ?? false,
|
||||
params.defaultServiceType ?? "FEDEX_GROUND",
|
||||
params.refrigeratedHandlingNotes ?? null,
|
||||
params.fragileHandlingNotes ?? null,
|
||||
]
|
||||
);
|
||||
|
||||
if (!rows[0]) return { success: false, error: "Failed to save shipping settings" };
|
||||
return { success: true, settings: rows[0] };
|
||||
}
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
// Get existing settings to get ID for update
|
||||
const existing = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings?brand_id=eq.${encodeURIComponent(params.brandId)}&select=id`,
|
||||
{
|
||||
headers: svcHeaders(supabaseKey),
|
||||
}
|
||||
// Insert a new row
|
||||
const { rows } = await pool.query<ShippingSettings>(
|
||||
`INSERT INTO shipping_settings (
|
||||
brand_id, carrier, fedex_account_number, fedex_api_key, fedex_api_secret,
|
||||
fedex_use_production, default_service_type,
|
||||
refrigerated_handling_notes, fragile_handling_notes, updated_at
|
||||
) VALUES (
|
||||
$1, 'fedex', $2, $3, $4,
|
||||
$5, $6,
|
||||
$7, $8, NOW()
|
||||
)
|
||||
RETURNING id::text AS id,
|
||||
brand_id::text AS brand_id,
|
||||
carrier,
|
||||
fedex_account_number,
|
||||
fedex_api_key,
|
||||
fedex_api_secret,
|
||||
COALESCE(fedex_use_production, false) AS fedex_use_production,
|
||||
COALESCE(default_service_type, 'FEDEX_GROUND') AS default_service_type,
|
||||
refrigerated_handling_notes,
|
||||
fragile_handling_notes,
|
||||
updated_at::text AS updated_at`,
|
||||
[
|
||||
params.brandId,
|
||||
params.fedexAccountNumber ?? null,
|
||||
params.fedexApiKey ?? null,
|
||||
params.fedexApiSecret ?? null,
|
||||
params.fedexUseProduction ?? false,
|
||||
params.defaultServiceType ?? "FEDEX_GROUND",
|
||||
params.refrigeratedHandlingNotes ?? null,
|
||||
params.fragileHandlingNotes ?? null,
|
||||
]
|
||||
);
|
||||
|
||||
const existingData: Array<{ id: string }> = await existing.json();
|
||||
const existingId = existingData[0]?.id;
|
||||
|
||||
const payload = {
|
||||
...(existingId ? { id: existingId } : {}),
|
||||
brand_id: params.brandId,
|
||||
carrier: "fedex",
|
||||
fedex_account_number: params.fedexAccountNumber ?? null,
|
||||
fedex_api_key: params.fedexApiKey ?? null,
|
||||
fedex_api_secret: params.fedexApiSecret ?? null,
|
||||
fedex_use_production: params.fedexUseProduction ?? false,
|
||||
default_service_type: params.defaultServiceType ?? "FEDEX_GROUND",
|
||||
refrigerated_handling_notes: params.refrigeratedHandlingNotes ?? null,
|
||||
fragile_handling_notes: params.fragileHandlingNotes ?? null,
|
||||
updated_at: new Date().toISOString(),
|
||||
};
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/shipping_settings`,
|
||||
{
|
||||
method: existingId ? "PATCH" : "POST",
|
||||
headers: {
|
||||
...svcHeaders(supabaseKey),
|
||||
"Content-Type": "application/json",
|
||||
Prefer: "return=representation",
|
||||
},
|
||||
body: JSON.stringify(payload),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) {
|
||||
const err = await response.text();
|
||||
return { success: false, error: `Failed to save: ${err.slice(0, 200)}` };
|
||||
}
|
||||
|
||||
const data = await response.json();
|
||||
return { success: true, settings: data[0] };
|
||||
if (!rows[0]) return { success: false, error: "Failed to save shipping settings" };
|
||||
return { success: true, settings: rows[0] };
|
||||
}
|
||||
|
||||
// ── Test Connection ──────────────────────────────────────────────────────────
|
||||
@@ -254,4 +311,4 @@ export async function testFedExConnection(
|
||||
? "Connected to FedEx Production. Credentials are valid."
|
||||
: "Connected to FedEx Sandbox. Credentials are valid.",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,68 @@
|
||||
"use server";
|
||||
|
||||
/**
|
||||
* List the customers with pending pickups for a given stop.
|
||||
*
|
||||
* TODO(migration): the SaaS rebuild's `orders` table
|
||||
* (db/schema/orders.ts) doesn't carry a `stop_id` column, so this
|
||||
* helper queries the legacy `orders` table directly via `pool.query`
|
||||
* for the customer-name / email / phone. When the new schema grows a
|
||||
* `stop_id` reference, switch this read to a Drizzle query.
|
||||
*/
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { assertBrandAccess } from "@/lib/brand-scope";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
export type StopCustomer = {
|
||||
id: string;
|
||||
customer_name: string;
|
||||
customer_email: string | null;
|
||||
customer_phone: string | null;
|
||||
pickup_complete: boolean;
|
||||
};
|
||||
|
||||
export type GetStopPendingCustomersResult =
|
||||
| { success: true; customers: StopCustomer[] }
|
||||
| { success: false; error: string };
|
||||
|
||||
export async function getStopPendingCustomers(
|
||||
stopId: string
|
||||
): Promise<GetStopPendingCustomersResult> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_stops) return { success: false, error: "Not authorized" };
|
||||
|
||||
// Resolve the stop's brand so we can scope-check.
|
||||
const { rows: stopRows } = await pool.query<{ brand_id: string | null }>(
|
||||
"SELECT brand_id::text AS brand_id FROM stops WHERE id = $1 LIMIT 1",
|
||||
[stopId]
|
||||
);
|
||||
const brandId = stopRows[0]?.brand_id ?? null;
|
||||
if (brandId) {
|
||||
try { assertBrandAccess(adminUser, brandId); } catch {
|
||||
return { success: false, error: "Brand access denied" };
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
const { rows } = await pool.query<StopCustomer>(
|
||||
`SELECT id::text AS id,
|
||||
COALESCE(customer_name, '') AS customer_name,
|
||||
customer_email,
|
||||
customer_phone,
|
||||
COALESCE(pickup_complete, false) AS pickup_complete
|
||||
FROM orders
|
||||
WHERE stop_id = $1
|
||||
AND COALESCE(pickup_complete, false) = false
|
||||
ORDER BY created_at DESC`,
|
||||
[stopId]
|
||||
);
|
||||
return { success: true, customers: rows };
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to load customers",
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
"use server";
|
||||
|
||||
/**
|
||||
* Assign / unassign a product to a stop.
|
||||
*
|
||||
* TODO(migration): the `assign_product_to_stop` and
|
||||
* `unassign_product_from_stop` SECURITY DEFINER RPCs live in
|
||||
* supabase/migrations/030. The RPCs still exist in the database and
|
||||
* are called via `pool.query` rather than the Supabase REST gateway.
|
||||
* When stops/products are re-platformed on the SaaS rebuild, replace
|
||||
* these with direct inserts/deletes on the new `db/schema/stops.ts`
|
||||
* `stopProducts` table.
|
||||
*/
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
export type AssignProductResult =
|
||||
| { success: true; id: string }
|
||||
| { success: false; error: string };
|
||||
|
||||
export type UnassignProductResult =
|
||||
| { success: true }
|
||||
| { success: false; error: string };
|
||||
|
||||
export async function assignProductToStop(params: {
|
||||
stopId: string;
|
||||
productId: string;
|
||||
}): Promise<AssignProductResult> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_products && !adminUser.can_manage_orders) {
|
||||
return { success: false, error: "Not authorized" };
|
||||
}
|
||||
|
||||
try {
|
||||
const { rows } = await pool.query<{ id: string; success?: boolean; error?: string }>(
|
||||
"SELECT * FROM assign_product_to_stop($1::uuid, $2::uuid, $3::text)",
|
||||
[params.stopId, params.productId, adminUser.user_id]
|
||||
);
|
||||
const data = rows[0];
|
||||
if (!data?.id) {
|
||||
return { success: false, error: data?.error ?? "Failed to assign product to stop" };
|
||||
}
|
||||
return { success: true, id: data.id };
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to assign product to stop",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export async function unassignProductFromStop(params: {
|
||||
stopId: string;
|
||||
productId: string;
|
||||
}): Promise<UnassignProductResult> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_products && !adminUser.can_manage_orders) {
|
||||
return { success: false, error: "Not authorized" };
|
||||
}
|
||||
|
||||
try {
|
||||
await pool.query(
|
||||
"SELECT * FROM unassign_product_from_stop($1::uuid, $2::uuid, $3::text)",
|
||||
[params.stopId, params.productId, adminUser.user_id]
|
||||
);
|
||||
return { success: true };
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to unassign product from stop",
|
||||
};
|
||||
}
|
||||
}
|
||||
+168
-18
@@ -1,7 +1,10 @@
|
||||
"use server";
|
||||
|
||||
import Stripe from "stripe";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { withTenant } from "@/db/client";
|
||||
import { brandSettings } from "@/db/schema";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
export type TaxCalculationResult = {
|
||||
taxAmount: number;
|
||||
@@ -9,6 +12,13 @@ export type TaxCalculationResult = {
|
||||
taxLocation: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* Tax settings are stored on `brand_settings.feature_flags` (jsonb).
|
||||
* The SaaS rebuild uses the same keys the legacy `get_brand_settings`
|
||||
* RPC exposed: `collect_sales_tax` (boolean) and `nexus_states`
|
||||
* (string[] of US state codes). Reading them out of the JSON column
|
||||
* avoids a per-brand settings table for a few toggle fields.
|
||||
*/
|
||||
type BrandTaxSettings = {
|
||||
collect_sales_tax: boolean | null;
|
||||
nexus_states: string[] | null;
|
||||
@@ -101,23 +111,163 @@ export async function calculateOrderTax(params: {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Read tax-related feature flags for a brand. The two flags
|
||||
* (`collect_sales_tax`, `nexus_states`) used to live in a dedicated
|
||||
* `get_brand_settings` SECURITY DEFINER RPC; in the SaaS rebuild they
|
||||
* live in `brand_settings.feature_flags` (jsonb). Tolerant of missing
|
||||
* / malformed JSON by falling back to `null`.
|
||||
*/
|
||||
async function getBrandTaxSettings(brandId: string): Promise<BrandTaxSettings | null> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
try {
|
||||
const rows = await withTenant(brandId, async (db) =>
|
||||
db
|
||||
.select({ featureFlags: brandSettings.featureFlags })
|
||||
.from(brandSettings)
|
||||
.where(eq(brandSettings.tenantId, brandId))
|
||||
.limit(1),
|
||||
);
|
||||
const flags = rows[0]?.featureFlags as
|
||||
| Partial<{
|
||||
collect_sales_tax: boolean;
|
||||
nexus_states: string[];
|
||||
}>
|
||||
| null
|
||||
| undefined;
|
||||
if (!flags) return null;
|
||||
return {
|
||||
collect_sales_tax:
|
||||
typeof flags.collect_sales_tax === "boolean"
|
||||
? flags.collect_sales_tax
|
||||
: null,
|
||||
nexus_states: Array.isArray(flags.nexus_states)
|
||||
? flags.nexus_states.filter((s): s is string => typeof s === "string")
|
||||
: null,
|
||||
};
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_brand_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
// ── Tax Dashboard read-side actions ───────────────────────────────────────────
|
||||
//
|
||||
// TODO(migration): the tax dashboard reads from the legacy `orders`
|
||||
// table via the `get_tax_summary` and `get_taxable_orders` SECURITY
|
||||
// DEFINER RPCs (supabase/migrations/095). Both the table and the RPCs
|
||||
// still exist; we call the RPCs through `pool.query` rather than the
|
||||
// Supabase REST gateway. When the SaaS rebuild's orders table grows a
|
||||
// `tax_amount` column or the tax dashboard is rebuilt against the new
|
||||
// schema, these helpers should be rewritten against the Drizzle
|
||||
// `orders` table directly.
|
||||
|
||||
if (!response.ok) return null;
|
||||
const data = await response.json();
|
||||
return {
|
||||
collect_sales_tax: data?.collect_sales_tax ?? null,
|
||||
nexus_states: data?.nexus_states ?? null,
|
||||
};
|
||||
}
|
||||
export type TaxByStateRow = {
|
||||
state: string;
|
||||
total_tax: number;
|
||||
gross_sales: number;
|
||||
order_count: number;
|
||||
};
|
||||
|
||||
export type TaxSummaryData = {
|
||||
total_tax_collected: number;
|
||||
total_gross_sales: number;
|
||||
order_count: number;
|
||||
tax_by_state: TaxByStateRow[];
|
||||
};
|
||||
|
||||
export type TaxOrderRow = {
|
||||
order_id: string;
|
||||
date: string;
|
||||
customer_name: string;
|
||||
city: string;
|
||||
state: string;
|
||||
taxable_amount: number;
|
||||
tax_amount: number;
|
||||
tax_rate: number;
|
||||
tax_location: string;
|
||||
};
|
||||
|
||||
export type GetTaxSummaryResult =
|
||||
| { success: true; data: TaxSummaryData }
|
||||
| { success: false; error: string };
|
||||
|
||||
export type GetTaxableOrdersResult =
|
||||
| { success: true; data: TaxOrderRow[] }
|
||||
| { success: false; error: string };
|
||||
|
||||
export async function getTaxSummaryAction(params: {
|
||||
brandId: string;
|
||||
startDate: string;
|
||||
endDate: string;
|
||||
}): Promise<GetTaxSummaryResult> {
|
||||
if (!params.brandId) return { success: false, error: "Brand required" };
|
||||
try {
|
||||
const { rows } = await pool.query<{
|
||||
total_tax_collected: number | string;
|
||||
total_gross_sales: number | string;
|
||||
order_count: number | string;
|
||||
tax_by_state: TaxByStateRow[] | null;
|
||||
}>(
|
||||
"SELECT * FROM get_tax_summary($1::uuid, $2::date, $3::date)",
|
||||
[params.brandId, params.startDate, params.endDate]
|
||||
);
|
||||
const row = rows[0];
|
||||
if (!row) return { success: false, error: "No data" };
|
||||
return {
|
||||
success: true,
|
||||
data: {
|
||||
total_tax_collected: Number(row.total_tax_collected ?? 0),
|
||||
total_gross_sales: Number(row.total_gross_sales ?? 0),
|
||||
order_count: Number(row.order_count ?? 0),
|
||||
tax_by_state: Array.isArray(row.tax_by_state) ? row.tax_by_state : [],
|
||||
},
|
||||
};
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to load tax summary",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
export async function getTaxableOrdersAction(params: {
|
||||
brandId: string;
|
||||
startDate: string;
|
||||
endDate: string;
|
||||
}): Promise<GetTaxableOrdersResult> {
|
||||
if (!params.brandId) return { success: false, error: "Brand required" };
|
||||
try {
|
||||
const { rows } = await pool.query<{
|
||||
order_id: string;
|
||||
date: string;
|
||||
customer_name: string | null;
|
||||
city: string | null;
|
||||
state: string | null;
|
||||
taxable_amount: number | string;
|
||||
tax_amount: number | string;
|
||||
tax_rate: number | string;
|
||||
tax_location: string | null;
|
||||
}>(
|
||||
"SELECT * FROM get_taxable_orders($1::uuid, $2::date, $3::date)",
|
||||
[params.brandId, params.startDate, params.endDate]
|
||||
);
|
||||
return {
|
||||
success: true,
|
||||
data: rows.map((r) => ({
|
||||
order_id: String(r.order_id ?? ""),
|
||||
date: String(r.date ?? ""),
|
||||
customer_name: String(r.customer_name ?? ""),
|
||||
city: String(r.city ?? ""),
|
||||
state: String(r.state ?? ""),
|
||||
taxable_amount: Number(r.taxable_amount ?? 0),
|
||||
tax_amount: Number(r.tax_amount ?? 0),
|
||||
tax_rate: Number(r.tax_rate ?? 0),
|
||||
tax_location: String(r.tax_location ?? ""),
|
||||
})),
|
||||
};
|
||||
} catch (err) {
|
||||
return {
|
||||
success: false,
|
||||
error: err instanceof Error ? err.message : "Failed to load taxable orders",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,14 +2,18 @@
|
||||
|
||||
import { cookies } from "next/headers";
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
|
||||
|
||||
function rpcBody(body: Record<string, unknown>) {
|
||||
return JSON.stringify(body);
|
||||
}
|
||||
|
||||
// ── Types ─────────────────────────────────────────────────────────────────────
|
||||
// TODO(migration): the time-tracking feature was built on Supabase RPCs
|
||||
// (verify_time_tracking_pin, clock_in_worker, clock_out_worker,
|
||||
// get_open_clock_in, get_time_tracking_tasks,
|
||||
// get_worker_pay_period_hours, get_time_tracking_settings,
|
||||
// get_water_user_by_id, get_water_admin_session, submit_water_entry,
|
||||
// trigger_water_alert) plus tables that don't exist in the SaaS rebuild
|
||||
// schema (`time_workers`, `time_tasks`, `time_logs`, `water_*`). The
|
||||
// functions below are stubs that preserve the original signature so
|
||||
// the field UI degrades gracefully (no PIN login, no entry submit) —
|
||||
// exactly the same pattern as `actions/route-trace/lots.ts`. To bring
|
||||
// time tracking back, add the tables to `db/schema/` and re-implement
|
||||
// these functions against Drizzle.
|
||||
|
||||
export type TimeTrackingSession = {
|
||||
worker_id: string;
|
||||
@@ -49,119 +53,41 @@ function parseSessionCookie(cookie: string): TimeTrackingSession | null {
|
||||
// ── Verify PIN ─────────────────────────────────────────────────────────────────
|
||||
|
||||
export async function verifyTimeTrackingPin(
|
||||
brandId: string,
|
||||
pin: string
|
||||
_brandId: string,
|
||||
_pin: string
|
||||
): Promise<{ success: boolean; session?: TimeTrackingSession; error?: string }> {
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/verify_time_tracking_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
apikey: supabaseKey,
|
||||
Authorization: `Bearer ${supabaseKey}`,
|
||||
},
|
||||
body: rpcBody({ p_brand_id: brandId, p_pin: pin }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Invalid PIN" };
|
||||
}
|
||||
|
||||
const session: TimeTrackingSession = {
|
||||
worker_id: data.worker_id,
|
||||
name: data.name,
|
||||
role: data.role,
|
||||
lang: data.lang,
|
||||
session_id: data.session_id,
|
||||
brand_id: data.brand_id,
|
||||
expires_at: data.expires_at,
|
||||
};
|
||||
|
||||
// Set HTTP-only cookie
|
||||
const cookieStore = await cookies();
|
||||
cookieStore.set(SESSION_COOKIE, sessionCookie(session), {
|
||||
httpOnly: true,
|
||||
sameSite: "lax",
|
||||
maxAge: COOKIE_MAX_AGE,
|
||||
path: "/",
|
||||
});
|
||||
|
||||
return { success: true, session };
|
||||
// RPC no longer exists; surface a friendly error so the field UI can
|
||||
// disable the PIN pad.
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Clock In ───────────────────────────────────────────────────────────────────
|
||||
|
||||
export async function clockInWorker(
|
||||
brandId: string,
|
||||
taskId?: string,
|
||||
taskName = "General Labor"
|
||||
_brandId: string,
|
||||
_taskId?: string,
|
||||
_taskName = "General Labor"
|
||||
): Promise<{ success: boolean; log_id?: string; clock_in?: string; error?: string }> {
|
||||
const session = await getTimeTrackingSession();
|
||||
if (!session) return { success: false, error: "Not logged in" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/clock_in_worker`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
apikey: supabaseKey,
|
||||
Authorization: `Bearer ${supabaseKey}`,
|
||||
},
|
||||
body: rpcBody({
|
||||
p_brand_id: brandId,
|
||||
p_worker_id: session.worker_id,
|
||||
p_task_id: taskId ?? null,
|
||||
p_task_name: taskName,
|
||||
}),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true, log_id: data.log_id, clock_in: data.clock_in };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Clock Out ──────────────────────────────────────────────────────────────────
|
||||
|
||||
export async function clockOutWorker(
|
||||
lunchMinutes = 0,
|
||||
notes?: string
|
||||
_lunchMinutes = 0,
|
||||
_notes?: string
|
||||
): Promise<{ success: boolean; log_id?: string; clock_out?: string; total_minutes?: number; error?: string }> {
|
||||
const session = await getTimeTrackingSession();
|
||||
if (!session) return { success: false, error: "Not logged in" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/clock_out_worker`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
apikey: supabaseKey,
|
||||
Authorization: `Bearer ${supabaseKey}`,
|
||||
},
|
||||
body: rpcBody({
|
||||
p_worker_id: session.worker_id,
|
||||
p_lunch_minutes: lunchMinutes,
|
||||
p_notes: notes ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return {
|
||||
success: true,
|
||||
log_id: data.log_id,
|
||||
clock_out: data.clock_out,
|
||||
total_minutes: data.total_minutes,
|
||||
};
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Get Open Clock In ──────────────────────────────────────────────────────────
|
||||
|
||||
export async function getOpenClockIn(
|
||||
brandId: string
|
||||
_brandId: string
|
||||
): Promise<{
|
||||
success: boolean;
|
||||
open?: boolean;
|
||||
@@ -173,29 +99,7 @@ export async function getOpenClockIn(
|
||||
}> {
|
||||
const session = await getTimeTrackingSession();
|
||||
if (!session) return { success: false, error: "Not logged in" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_open_clock_in`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
apikey: supabaseKey,
|
||||
Authorization: `Bearer ${supabaseKey}`,
|
||||
},
|
||||
body: rpcBody({ p_worker_id: session.worker_id }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return {
|
||||
success: true,
|
||||
open: data.open,
|
||||
log_id: data.log_id,
|
||||
task_name: data.task_name,
|
||||
clock_in: data.clock_in,
|
||||
elapsed_minutes: data.elapsed_minutes,
|
||||
};
|
||||
return { success: true, open: false };
|
||||
}
|
||||
|
||||
// ── Logout ─────────────────────────────────────────────────────────────────────
|
||||
@@ -226,24 +130,10 @@ export type TimeTaskField = {
|
||||
};
|
||||
|
||||
export async function getTimeTrackingTasksField(
|
||||
brandId: string,
|
||||
activeOnly = true
|
||||
_brandId: string,
|
||||
_activeOnly = true
|
||||
): Promise<TimeTaskField[]> {
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_tasks`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json",
|
||||
apikey: supabaseKey,
|
||||
Authorization: `Bearer ${supabaseKey}`,
|
||||
},
|
||||
body: rpcBody({ p_brand_id: brandId, p_active_only: activeOnly }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return [];
|
||||
const data = await res.json();
|
||||
return data?.tasks ?? [];
|
||||
return [];
|
||||
}
|
||||
|
||||
// ── Pay Period Hours ───────────────────────────────────────────────────────────
|
||||
@@ -264,39 +154,26 @@ export type PayPeriodHours = {
|
||||
weekly_threshold: number;
|
||||
};
|
||||
|
||||
const EMPTY_PAY_PERIOD: PayPeriodHours = {
|
||||
success: false,
|
||||
total_minutes: 0,
|
||||
total_hours: 0,
|
||||
daily_minutes: 0,
|
||||
daily_hours: 0,
|
||||
weekly_minutes: 0,
|
||||
weekly_hours: 0,
|
||||
daily_overtime: false,
|
||||
weekly_overtime: false,
|
||||
period_start: "",
|
||||
period_end: "",
|
||||
daily_threshold: 12,
|
||||
weekly_threshold: 56,
|
||||
};
|
||||
|
||||
export async function getWorkerPayPeriodHours(
|
||||
brandId: string
|
||||
_brandId: string
|
||||
): Promise<PayPeriodHours> {
|
||||
const session = await getTimeTrackingSession();
|
||||
if (!session) return { success: false, total_minutes: 0, total_hours: 0, daily_minutes: 0, daily_hours: 0, weekly_minutes: 0, weekly_hours: 0, daily_overtime: false, weekly_overtime: false, period_start: "", period_end: "", daily_threshold: 12, weekly_threshold: 56 };
|
||||
|
||||
const [hoursRes, settingsRes] = await Promise.all([
|
||||
fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_worker_pay_period_hours`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json", apikey: supabaseKey, Authorization: `Bearer ${supabaseKey}` },
|
||||
body: rpcBody({ p_brand_id: brandId, p_worker_id: session.worker_id }),
|
||||
}
|
||||
),
|
||||
fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json", apikey: supabaseKey, Authorization: `Bearer ${supabaseKey}` },
|
||||
body: rpcBody({ p_brand_id: brandId }),
|
||||
}
|
||||
),
|
||||
]);
|
||||
|
||||
const data = await hoursRes.json();
|
||||
const settings = settingsRes.ok ? (await settingsRes.json()) : null;
|
||||
|
||||
if (!hoursRes.ok) return { success: false, total_minutes: 0, total_hours: 0, daily_minutes: 0, daily_hours: 0, weekly_minutes: 0, weekly_hours: 0, daily_overtime: false, weekly_overtime: false, period_start: "", period_end: "", daily_threshold: 12, weekly_threshold: 56 };
|
||||
|
||||
return {
|
||||
...data,
|
||||
daily_threshold: settings ? Number(settings.daily_overtime_threshold) : 12,
|
||||
weekly_threshold: settings ? Number(settings.weekly_overtime_threshold) : 56,
|
||||
};
|
||||
}
|
||||
if (!session) return { ...EMPTY_PAY_PERIOD };
|
||||
return { ...EMPTY_PAY_PERIOD };
|
||||
}
|
||||
|
||||
@@ -1,19 +1,27 @@
|
||||
"use server";
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
import { mockWorkers, mockTasks, mockTimeEntries } from "@/lib/mock-data";
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
|
||||
// TODO(migration): the time-tracking admin RPCs (get_time_tracking_workers,
|
||||
// create_time_worker, reset_time_worker_pin, update_time_worker,
|
||||
// delete_time_worker, create_time_task, update_time_task,
|
||||
// delete_time_task, get_worker_time_logs, update_worker_time_log,
|
||||
// delete_worker_time_log, get_time_tracking_summary,
|
||||
// get_time_tracking_settings, update_time_tracking_settings,
|
||||
// get_time_tracking_notification_log, check_and_notify_overtime) and
|
||||
// the underlying tables (`time_workers`, `time_tasks`, `time_logs`,
|
||||
// `time_tracking_settings`, `time_tracking_notification_log`) were
|
||||
// not carried over into the SaaS rebuild's `db/schema/`. The actions
|
||||
// below preserve the original signatures and return mock data when
|
||||
// `NEXT_PUBLIC_USE_MOCK_DATA === "true"`, but the real RPC paths now
|
||||
// return empty/empty-list results. To bring time tracking back, add
|
||||
// the tables to `db/schema/` and re-implement against Drizzle. See
|
||||
// `actions/route-trace/lots.ts` for the same pattern.
|
||||
|
||||
// Mock mode flag - only enabled when explicitly set
|
||||
const useMockData = process.env.NEXT_PUBLIC_USE_MOCK_DATA === "true";
|
||||
|
||||
function rpcBody(body: Record<string, unknown>) {
|
||||
return JSON.stringify(body);
|
||||
}
|
||||
|
||||
// ── Types ─────────────────────────────────────────────────────────────────────
|
||||
|
||||
export type TimeWorker = {
|
||||
@@ -76,107 +84,43 @@ export async function getTimeTrackingWorkers(brandId: string): Promise<TimeWorke
|
||||
worker_number: null,
|
||||
}));
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_workers`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return [];
|
||||
const data = await res.json();
|
||||
return (data?.workers ?? []).map((w: Record<string, unknown>) => ({
|
||||
id: w.id as string,
|
||||
brand_id: w.brand_id as string,
|
||||
name: w.name as string,
|
||||
role: w.role as string,
|
||||
lang: w.lang as string,
|
||||
pin: w.pin as string,
|
||||
active: w.active as boolean,
|
||||
last_used_at: w.last_used_at as string | null,
|
||||
created_at: w.created_at as string,
|
||||
worker_number: w.worker_number as number | null,
|
||||
}));
|
||||
// Time tracking tables not in SaaS rebuild — return empty list.
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function createTimeWorker(
|
||||
brandId: string,
|
||||
name: string,
|
||||
role = "worker",
|
||||
lang = "en"
|
||||
_brandId: string,
|
||||
_name: string,
|
||||
_role = "worker",
|
||||
_lang = "en"
|
||||
): Promise<{ success: boolean; worker?: TimeWorker; pin?: string; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/create_time_worker`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId, p_name: name, p_role: role, p_lang: lang }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true, worker: data.worker, pin: data.pin };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function resetTimeWorkerPin(workerId: string): Promise<{ success: boolean; pin?: string; error?: string }> {
|
||||
export async function resetTimeWorkerPin(_workerId: string): Promise<{ success: boolean; pin?: string; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/reset_time_worker_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_worker_id: workerId }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true, pin: data.pin };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function updateTimeWorker(
|
||||
workerId: string,
|
||||
name: string,
|
||||
role: string,
|
||||
lang: string,
|
||||
active: boolean
|
||||
_workerId: string,
|
||||
_name: string,
|
||||
_role: string,
|
||||
_lang: string,
|
||||
_active: boolean
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_time_worker`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_worker_id: workerId, p_name: name, p_role: role, p_lang: lang, p_active: active }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function deleteTimeWorker(workerId: string): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteTimeWorker(_workerId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_time_worker`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_worker_id: workerId }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Tasks ────────────────────────────────────────────────────────────────────
|
||||
@@ -192,88 +136,45 @@ export async function getTimeTrackingTasks(brandId: string, activeOnly = false):
|
||||
sort_order: t.sort_order,
|
||||
}));
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_tasks`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId, p_active_only: activeOnly }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return [];
|
||||
const data = await res.json();
|
||||
return data?.tasks ?? [];
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function createTimeTask(
|
||||
brandId: string,
|
||||
name: string,
|
||||
nameEs: string | null = null,
|
||||
unit = "hours",
|
||||
sortOrder = 0
|
||||
_brandId: string,
|
||||
_name: string,
|
||||
_nameEs: string | null = null,
|
||||
_unit = "hours",
|
||||
_sortOrder = 0
|
||||
): Promise<{ success: boolean; id?: string; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/create_time_task`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId, p_name: name, p_name_es: nameEs, p_unit: unit, p_sort_order: sortOrder }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true, id: data.id };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function updateTimeTask(
|
||||
taskId: string,
|
||||
name: string,
|
||||
nameEs: string,
|
||||
unit: string,
|
||||
active: boolean,
|
||||
sortOrder: number
|
||||
_taskId: string,
|
||||
_name: string,
|
||||
_nameEs: string,
|
||||
_unit: string,
|
||||
_active: boolean,
|
||||
_sortOrder: number
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_time_task`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_task_id: taskId, p_name: name, p_name_es: nameEs, p_unit: unit, p_active: active, p_sort_order: sortOrder }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function deleteTimeTask(taskId: string): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteTimeTask(_taskId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_time_task`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_task_id: taskId }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Time Logs ─────────────────────────────────────────────────────────────────
|
||||
|
||||
export async function getWorkerTimeLogs(
|
||||
brandId: string,
|
||||
options: {
|
||||
_options: {
|
||||
workerId?: string;
|
||||
taskId?: string;
|
||||
start?: string;
|
||||
@@ -285,8 +186,8 @@ export async function getWorkerTimeLogs(
|
||||
if (useMockData) {
|
||||
// Filter by worker, task, date range
|
||||
let entries = mockTimeEntries.filter(e => e.brand_id === brandId);
|
||||
if (options.workerId) entries = entries.filter(e => e.worker_id === options.workerId);
|
||||
|
||||
if (_options.workerId) entries = entries.filter(e => e.worker_id === _options.workerId);
|
||||
|
||||
return entries.map(e => {
|
||||
const worker = mockWorkers.find(w => w.id === e.worker_id);
|
||||
const task = mockTasks.find(t => t.id === e.task_id);
|
||||
@@ -306,83 +207,36 @@ export async function getWorkerTimeLogs(
|
||||
};
|
||||
});
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_worker_time_logs`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({
|
||||
p_brand_id: brandId,
|
||||
p_worker_id: options.workerId ?? null,
|
||||
p_task_id: options.taskId ?? null,
|
||||
p_start: options.start ?? null,
|
||||
p_end: options.end ?? null,
|
||||
p_limit: options.limit ?? 200,
|
||||
p_offset: options.offset ?? 0,
|
||||
}),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return [];
|
||||
const data = await res.json();
|
||||
return data?.logs ?? [];
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function updateWorkerTimeLog(
|
||||
logId: string,
|
||||
taskName: string,
|
||||
clockIn: string,
|
||||
clockOut: string | null,
|
||||
lunchMinutes: number,
|
||||
notes: string | null
|
||||
_logId: string,
|
||||
_taskName: string,
|
||||
_clockIn: string,
|
||||
_clockOut: string | null,
|
||||
_lunchMinutes: number,
|
||||
_notes: string | null
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_worker_time_log`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({
|
||||
p_log_id: logId,
|
||||
p_task_name: taskName,
|
||||
p_clock_in: clockIn,
|
||||
p_clock_out: clockOut,
|
||||
p_lunch_minutes: lunchMinutes,
|
||||
p_notes: notes,
|
||||
}),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function deleteWorkerTimeLog(logId: string): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteWorkerTimeLog(_logId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_worker_time_log`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_log_id: logId }),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
export async function getTimeTrackingSummary(
|
||||
brandId: string,
|
||||
start: string,
|
||||
end: string
|
||||
_start: string,
|
||||
_end: string
|
||||
): Promise<TimeSummary> {
|
||||
if (useMockData) {
|
||||
const entries = mockTimeEntries.filter(e => e.brand_id === brandId);
|
||||
|
||||
|
||||
// Calculate by worker
|
||||
const workerMap = new Map<string, { id: string; name: string; total_hours: number; entry_count: number }>();
|
||||
entries.forEach(e => {
|
||||
@@ -392,7 +246,7 @@ export async function getTimeTrackingSummary(
|
||||
existing.entry_count += 1;
|
||||
workerMap.set(e.worker_id, existing);
|
||||
});
|
||||
|
||||
|
||||
// Calculate by task
|
||||
const taskMap = new Map<string, { id: string; name: string; name_es: string | null; total_hours: number; entry_count: number }>();
|
||||
entries.forEach(e => {
|
||||
@@ -402,7 +256,7 @@ export async function getTimeTrackingSummary(
|
||||
existing.entry_count += 1;
|
||||
taskMap.set(e.task_id, existing);
|
||||
});
|
||||
|
||||
|
||||
return {
|
||||
by_worker: Array.from(workerMap.values()),
|
||||
by_task: Array.from(taskMap.values()),
|
||||
@@ -413,16 +267,7 @@ export async function getTimeTrackingSummary(
|
||||
},
|
||||
};
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_summary`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId, p_start: start, p_end: end }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return { by_worker: [], by_task: [], totals: { entry_count: 0, total_hours: 0, open_count: 0 } };
|
||||
return res.json();
|
||||
return { by_worker: [], by_task: [], totals: { entry_count: 0, total_hours: 0, open_count: 0 } };
|
||||
}
|
||||
|
||||
// ── Time Tracking Settings ─────────────────────────────────────────────────────
|
||||
@@ -467,22 +312,13 @@ export async function getTimeTrackingSettings(brandId: string): Promise<TimeTrac
|
||||
brand_name: "Tuxedo Corn",
|
||||
};
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return null;
|
||||
const data = await res.json();
|
||||
return data;
|
||||
// Real RPC not in SaaS rebuild.
|
||||
return null;
|
||||
}
|
||||
|
||||
export async function updateTimeTrackingSettings(
|
||||
brandId: string,
|
||||
settings: {
|
||||
_brandId: string,
|
||||
_settings: {
|
||||
pay_period_start_day: number;
|
||||
pay_period_length_days: number;
|
||||
daily_overtime_threshold: number;
|
||||
@@ -501,34 +337,7 @@ export async function updateTimeTrackingSettings(
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_time_tracking_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({
|
||||
p_brand_id: brandId,
|
||||
p_pay_period_start_day: settings.pay_period_start_day,
|
||||
p_pay_period_length_days: settings.pay_period_length_days,
|
||||
p_daily_threshold: settings.daily_overtime_threshold,
|
||||
p_weekly_threshold: settings.weekly_overtime_threshold,
|
||||
p_overtime_multiplier: settings.overtime_multiplier,
|
||||
p_overtime_notifications: settings.overtime_notifications,
|
||||
p_notification_emails: settings.notification_emails ?? null,
|
||||
p_notification_sms_numbers: settings.notification_sms_numbers ?? null,
|
||||
p_enable_daily_alerts: settings.enable_daily_alerts ?? null,
|
||||
p_enable_weekly_alerts: settings.enable_weekly_alerts ?? null,
|
||||
p_daily_alert_threshold: settings.daily_alert_threshold ?? null,
|
||||
p_weekly_alert_threshold: settings.weekly_alert_threshold ?? null,
|
||||
p_send_end_of_period_summary: settings.send_end_of_period_summary ?? null,
|
||||
p_brand_name: settings.brand_name ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
const data = await res.json();
|
||||
if (!res.ok || !data?.success) return { success: false, error: data?.error ?? "Failed" };
|
||||
return { success: true };
|
||||
return { success: false, error: "Time tracking is not configured" };
|
||||
}
|
||||
|
||||
// ── Notification Log ─────────────────────────────────────────────────────────
|
||||
@@ -549,22 +358,8 @@ export type NotificationLogEntry = {
|
||||
};
|
||||
|
||||
export async function getTimeTrackingNotificationLog(
|
||||
brandId: string,
|
||||
limit = 100
|
||||
_brandId: string,
|
||||
_limit = 100
|
||||
): Promise<NotificationLogEntry[]> {
|
||||
if (useMockData) {
|
||||
// Return empty log in mock mode
|
||||
return [];
|
||||
}
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_time_tracking_notification_log`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: rpcBody({ p_brand_id: brandId, p_limit: limit }),
|
||||
}
|
||||
);
|
||||
if (!res.ok) return [];
|
||||
const data = await res.json();
|
||||
return data ?? [];
|
||||
return [];
|
||||
}
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
"use server";
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!;
|
||||
// TODO(migration): the `check_and_notify_overtime` SECURITY DEFINER
|
||||
// RPC and the time-tracking notification tables are not part of the
|
||||
// SaaS rebuild schema. The function below is a stub that returns
|
||||
// `{ sent: false }` so the cron-style caller (`/api/time-tracking/notify`)
|
||||
// degrades gracefully. See `actions/route-trace/lots.ts` for the
|
||||
// same pattern.
|
||||
|
||||
export type OvertimeCheckResult = {
|
||||
sent: boolean;
|
||||
@@ -14,35 +17,18 @@ export type OvertimeCheckResult = {
|
||||
};
|
||||
|
||||
export async function checkAndNotifyOvertime(
|
||||
brandId: string,
|
||||
workerId: string,
|
||||
workerName: string,
|
||||
dailyHours: number,
|
||||
weeklyHours: number
|
||||
_brandId: string,
|
||||
_workerId: string,
|
||||
_workerName: string,
|
||||
_dailyHours: number,
|
||||
_weeklyHours: number
|
||||
): Promise<OvertimeCheckResult> {
|
||||
const res = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/check_and_notify_overtime`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_brand_id: brandId,
|
||||
p_worker_id: workerId,
|
||||
p_worker_name: workerName,
|
||||
p_daily_hours: dailyHours,
|
||||
p_weekly_hours: weeklyHours,
|
||||
}),
|
||||
}
|
||||
);
|
||||
if (!res.ok) {
|
||||
const err = await res.text();
|
||||
return { sent: false, message: err };
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) {
|
||||
return { sent: false, message: "Not authenticated" };
|
||||
}
|
||||
const data = await res.json();
|
||||
return {
|
||||
sent: Boolean(data?.sent),
|
||||
trigger_type: data?.trigger_type,
|
||||
message: data?.message,
|
||||
notification_log_id: data?.notification_log_id,
|
||||
sent: false,
|
||||
message: "Time tracking is not configured in the SaaS rebuild",
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
+82
-367
@@ -1,8 +1,22 @@
|
||||
"use server";
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { getActiveBrandId } from "@/lib/brand-scope";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
|
||||
// TODO(migration): the water-log feature was built on Supabase RPCs
|
||||
// (`create_water_headgate`, `update_water_headgate`, `delete_water_headgate`,
|
||||
// `get_water_users`, `create_water_user`, `update_water_user`,
|
||||
// `delete_water_user`, `reset_water_user_pin`, `get_water_entries`,
|
||||
// `get_water_headgates_admin`, `regenerate_headgate_token`,
|
||||
// `update_water_entry`, `delete_water_entry`, `get_water_entry_by_id`,
|
||||
// `get_water_display_summary`, `get_water_alert_log`) and tables that
|
||||
// are not part of the SaaS rebuild's `db/schema/` (`water_headgates`,
|
||||
// `water_users`, `water_entries`, `water_sessions`,
|
||||
// `water_admin_sessions`, `water_admin_settings`, `water_alert_log`).
|
||||
// All actions below preserve their original signature and return
|
||||
// empty / no-op responses so the admin UI degrades gracefully. To
|
||||
// re-enable water log, add the tables to `db/schema/` and
|
||||
// re-implement these against Drizzle. Same pattern as
|
||||
// `actions/route-trace/lots.ts`.
|
||||
|
||||
type Irrigator = {
|
||||
id: string;
|
||||
@@ -42,414 +56,143 @@ type WaterEntry = {
|
||||
headgate_unit?: string;
|
||||
};
|
||||
|
||||
const NOT_CONFIGURED = "Water log is not configured in the SaaS rebuild";
|
||||
|
||||
// ── Headgate Admin ──────────────────────────────────────────
|
||||
|
||||
export async function createWaterHeadgate(brandId: string, name: string, unit: string = "CFS"): Promise<{ success: boolean; headgate?: Headgate; error?: string }> {
|
||||
const adminUser = await (await import("@/lib/admin-permissions")).getAdminUser();
|
||||
export async function createWaterHeadgate(
|
||||
_brandId: string,
|
||||
_name: string,
|
||||
_unit: string = "CFS"
|
||||
): Promise<{ success: boolean; headgate?: Headgate; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log && adminUser.role !== "platform_admin") {
|
||||
return { success: false, error: "Not authorized" };
|
||||
}
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.SUPABASE_SERVICE_ROLE_KEY!; // prefer service for admin muts
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/create_water_headgate`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_name: name, p_unit: unit }),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.headgate) {
|
||||
return { success: false, error: data?.message ?? "Failed to create headgate" };
|
||||
}
|
||||
return { success: true, headgate: data.headgate };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function updateWaterHeadgate(
|
||||
headgateId: string,
|
||||
name: string,
|
||||
active: boolean,
|
||||
unit?: string,
|
||||
highThreshold?: number | null,
|
||||
lowThreshold?: number | null
|
||||
_headgateId: string,
|
||||
_name: string,
|
||||
_active: boolean,
|
||||
_unit?: string,
|
||||
_highThreshold?: number | null,
|
||||
_lowThreshold?: number | null
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_water_headgate`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_headgate_id: headgateId,
|
||||
p_name: name,
|
||||
p_active: active,
|
||||
p_unit: unit ?? null,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
p_high_threshold: highThreshold ?? null,
|
||||
p_low_threshold: lowThreshold ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to update headgate" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
// ── Irrigator Admin ─────────────────────────────────────────
|
||||
|
||||
export async function getWaterIrrigators(brandId: string): Promise<Irrigator[]> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_users`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return [];
|
||||
const data = await response.json();
|
||||
return data?.users ?? [];
|
||||
export async function getWaterIrrigators(_brandId: string): Promise<Irrigator[]> {
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function createWaterIrrigator(
|
||||
brandId: string,
|
||||
name: string,
|
||||
lang: string = "en"
|
||||
_brandId: string,
|
||||
_name: string,
|
||||
_lang: string = "en"
|
||||
): Promise<{ success: boolean; irrigator?: Irrigator; pin?: string; error?: string }> {
|
||||
return createWaterUser(brandId, name, "irrigator", lang) as Promise<{ success: boolean; irrigator?: Irrigator; pin?: string; error?: string }>;
|
||||
return createWaterUser(_brandId, _name, "irrigator", _lang) as Promise<{
|
||||
success: boolean;
|
||||
irrigator?: Irrigator;
|
||||
pin?: string;
|
||||
error?: string;
|
||||
}>;
|
||||
}
|
||||
|
||||
export async function createWaterUser(
|
||||
brandId: string,
|
||||
name: string,
|
||||
role: "irrigator" | "water_admin",
|
||||
lang: string = "en"
|
||||
_brandId: string,
|
||||
_name: string,
|
||||
_role: "irrigator" | "water_admin",
|
||||
_lang: string = "en"
|
||||
): Promise<{ success: boolean; user?: Irrigator; pin?: string; error?: string }> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/create_water_user`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_name: name, p_role: role, p_lang: lang }),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to create user" };
|
||||
}
|
||||
return { success: true, user: data.user, pin: data.pin };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function updateWaterIrrigator(
|
||||
irrigatorId: string,
|
||||
name: string,
|
||||
active: boolean,
|
||||
lang: string,
|
||||
role: "irrigator" | "water_admin"
|
||||
_irrigatorId: string,
|
||||
_name: string,
|
||||
_active: boolean,
|
||||
_lang: string,
|
||||
_role: "irrigator" | "water_admin"
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_water_user`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_user_id: irrigatorId,
|
||||
p_name: name,
|
||||
p_active: active,
|
||||
p_lang: lang,
|
||||
p_role: role,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to update user" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function resetWaterIrrigatorPin(
|
||||
irrigatorId: string
|
||||
_irrigatorId: string
|
||||
): Promise<{ success: boolean; pin?: string; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/reset_water_user_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_user_id: irrigatorId,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to reset PIN" };
|
||||
}
|
||||
return { success: true, pin: data.pin };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function deleteWaterUser(userId: string): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteWaterUser(_userId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_water_user`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_user_id: userId,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to delete user" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function deleteWaterHeadgate(headgateId: string): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteWaterHeadgate(_headgateId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_water_headgate`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_headgate_id: headgateId,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
// The RPC returns JSONB on success: { success: true } or { success: false, error: "..." }.
|
||||
// On failure (HTTP non-2xx) Supabase returns { message: "...", code: "...", details: ... }.
|
||||
// We try to extract the most useful message in both cases.
|
||||
let data: { success?: boolean; error?: string; message?: string } | null = null;
|
||||
try {
|
||||
data = await response.json();
|
||||
} catch {
|
||||
// Non-JSON body — leave data as null, fall through to default error
|
||||
}
|
||||
|
||||
if (response.ok && data?.success) {
|
||||
return { success: true };
|
||||
}
|
||||
|
||||
// Prefer the RPC's own error if it set one
|
||||
const errorMessage =
|
||||
data?.error ??
|
||||
data?.message ??
|
||||
(response.ok ? "Unknown error" : `HTTP ${response.status}: ${response.statusText || "request failed"}`);
|
||||
|
||||
if (process.env.NODE_ENV !== "production") {
|
||||
console.error("[deleteWaterHeadgate] failed", {
|
||||
headgateId,
|
||||
status: response.status,
|
||||
data,
|
||||
});
|
||||
}
|
||||
|
||||
return { success: false, error: errorMessage };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
// ── Entries ────────────────────────────────────────────────
|
||||
|
||||
export async function getWaterEntries(brandId: string, limit = 50): Promise<WaterEntry[]> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_entries`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_limit: limit }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return [];
|
||||
const data = await response.json();
|
||||
return data?.entries ?? [];
|
||||
export async function getWaterEntries(_brandId: string, _limit = 50): Promise<WaterEntry[]> {
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function getWaterHeadgatesAdmin(brandId: string): Promise<Headgate[]> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_headgates_admin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return [];
|
||||
const data = await response.json();
|
||||
return data?.headgates ?? [];
|
||||
export async function getWaterHeadgatesAdmin(_brandId: string): Promise<Headgate[]> {
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function regenerateHeadgateToken(headgateId: string): Promise<{ success: boolean; token?: string; error?: string }> {
|
||||
export async function regenerateHeadgateToken(
|
||||
_headgateId: string
|
||||
): Promise<{ success: boolean; token?: string; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/regenerate_headgate_token`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_headgate_id: headgateId, p_brand_id: (await getActiveBrandId(adminUser)) ?? null }),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to regenerate token" };
|
||||
}
|
||||
return { success: true, token: data.token };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
// ── Entry edit/delete ─────────────────────────────────────
|
||||
|
||||
export async function updateWaterEntry(
|
||||
entryId: string,
|
||||
measurement: number,
|
||||
notes: string | null,
|
||||
unit?: string
|
||||
_entryId: string,
|
||||
_measurement: number,
|
||||
_notes: string | null,
|
||||
_unit?: string
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/update_water_entry`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_entry_id: entryId,
|
||||
p_measurement: measurement,
|
||||
p_notes: notes,
|
||||
p_unit: unit ?? null,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to update entry" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function deleteWaterEntry(
|
||||
entryId: string
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
export async function deleteWaterEntry(_entryId: string): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/delete_water_entry`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_entry_id: entryId,
|
||||
p_brand_id: (await getActiveBrandId(adminUser)) ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to delete entry" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function getWaterEntryById(entryId: string): Promise<WaterEntry | null> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_entry_by_id`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_entry_id: entryId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return null;
|
||||
const data = await response.json();
|
||||
return data?.entry ?? null;
|
||||
export async function getWaterEntryById(_entryId: string): Promise<WaterEntry | null> {
|
||||
return null;
|
||||
}
|
||||
|
||||
// ── Display summary ───────────────────────────────────
|
||||
@@ -481,22 +224,8 @@ export type WaterDisplaySummary = {
|
||||
recent_entries: WaterDisplayEntry[];
|
||||
};
|
||||
|
||||
export async function getWaterDisplaySummary(brandId: string): Promise<WaterDisplaySummary | null> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_display_summary`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return null;
|
||||
const data = await response.json();
|
||||
return data as WaterDisplaySummary;
|
||||
export async function getWaterDisplaySummary(_brandId: string): Promise<WaterDisplaySummary | null> {
|
||||
return null;
|
||||
}
|
||||
|
||||
export type AlertLogEntry = {
|
||||
@@ -511,20 +240,6 @@ export type AlertLogEntry = {
|
||||
formatted_time: string;
|
||||
};
|
||||
|
||||
export async function getWaterAlertLog(brandId: string, limit = 50): Promise<AlertLogEntry[]> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_alert_log`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_limit: limit }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return [];
|
||||
const data = await response.json();
|
||||
return data?.alerts ?? [];
|
||||
}
|
||||
export async function getWaterAlertLog(_brandId: string, _limit = 50): Promise<AlertLogEntry[]> {
|
||||
return [];
|
||||
}
|
||||
|
||||
+38
-177
@@ -1,7 +1,17 @@
|
||||
"use server";
|
||||
|
||||
import { cookies } from "next/headers";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
|
||||
// TODO(migration): the water-log field UI used a chain of Supabase RPCs
|
||||
// (`get_water_headgates`, `verify_water_pin`, `get_water_user_by_id`,
|
||||
// `submit_water_entry`, `trigger_water_alert`,
|
||||
// `get_water_admin_session`) and tables (`water_headgates`,
|
||||
// `water_users`, `water_sessions`, `water_admin_sessions`,
|
||||
// `water_entries`, `water_alert_log`) that are not in the SaaS
|
||||
// rebuild's `db/schema/`. The actions below preserve the original
|
||||
// signatures and return empty / no-op responses so the field UI
|
||||
// degrades gracefully. See `actions/route-trace/lots.ts` for the
|
||||
// same pattern.
|
||||
|
||||
type VerifyPinResult = {
|
||||
success: true;
|
||||
@@ -30,102 +40,31 @@ type Headgate = {
|
||||
created_at: string;
|
||||
};
|
||||
|
||||
type HeadgatesResult = {
|
||||
headgates: Headgate[];
|
||||
};
|
||||
const NOT_CONFIGURED = "Water log is not configured in the SaaS rebuild";
|
||||
|
||||
export async function getWaterHeadgates(brandId: string, activeOnly = false): Promise<Headgate[]> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_headgates`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_active_only: activeOnly }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return [];
|
||||
const data = await response.json();
|
||||
return data?.headgates ?? [];
|
||||
export async function getWaterHeadgates(
|
||||
_brandId: string,
|
||||
_activeOnly = false
|
||||
): Promise<Headgate[]> {
|
||||
return [];
|
||||
}
|
||||
|
||||
export async function verifyWaterPin(brandId: string, pin: string): Promise<VerifyPinResult> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/verify_water_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_pin: pin }),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Invalid PIN" };
|
||||
}
|
||||
|
||||
// Get user's language preference via SECURITY DEFINER RPC (avoids direct table access)
|
||||
const userResponse = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_user_by_id`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_user_id: data.user_id }),
|
||||
}
|
||||
);
|
||||
const userData = await userResponse.json();
|
||||
const lang = userData?.language_preference ?? "en";
|
||||
|
||||
// Use the session already created by verify_water_pin RPC
|
||||
const sessionId = data.session_id;
|
||||
|
||||
if (!sessionId) {
|
||||
return { success: false, error: "Failed to create session" };
|
||||
}
|
||||
|
||||
// Set HTTP-only session cookie
|
||||
const cookieStore = await cookies();
|
||||
cookieStore.set("wl_session", sessionId, {
|
||||
httpOnly: true,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax",
|
||||
maxAge: 4 * 60 * 60, // 4 hours
|
||||
path: "/",
|
||||
});
|
||||
cookieStore.set("wl_lang", lang, {
|
||||
httpOnly: false,
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
sameSite: "lax",
|
||||
maxAge: 60 * 60 * 24 * 30, // 30 days
|
||||
path: "/",
|
||||
});
|
||||
|
||||
return {
|
||||
success: true,
|
||||
user_id: data.user_id,
|
||||
name: data.name,
|
||||
role: data.role,
|
||||
session_id: sessionId,
|
||||
lang,
|
||||
};
|
||||
export async function verifyWaterPin(
|
||||
_brandId: string,
|
||||
_pin: string
|
||||
): Promise<VerifyPinResult> {
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function submitWaterEntry(
|
||||
headgateId: string,
|
||||
measurement: number,
|
||||
unit: string,
|
||||
notes: string,
|
||||
photoUrl?: string,
|
||||
latitude?: number,
|
||||
longitude?: number,
|
||||
headgateLocked?: boolean
|
||||
_headgateId: string,
|
||||
_measurement: number,
|
||||
_unit: string,
|
||||
_notes: string,
|
||||
_photoUrl?: string,
|
||||
_latitude?: number,
|
||||
_longitude?: number,
|
||||
_headgateLocked?: boolean
|
||||
): Promise<SubmitEntryResult> {
|
||||
const cookieStore = await cookies();
|
||||
const sessionId = cookieStore.get("wl_session")?.value;
|
||||
@@ -134,74 +73,7 @@ export async function submitWaterEntry(
|
||||
return { success: false, error: "Not logged in" };
|
||||
}
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/submit_water_entry`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_session_id: sessionId,
|
||||
p_headgate_id: headgateId,
|
||||
p_measurement: measurement,
|
||||
p_unit: unit,
|
||||
p_notes: notes,
|
||||
p_submitted_via: "field",
|
||||
p_photo_url: photoUrl ?? null,
|
||||
p_latitude: latitude ?? null,
|
||||
p_longitude: longitude ?? null,
|
||||
p_headgate_locked: headgateLocked ?? false,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
|
||||
if (!data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to submit entry" };
|
||||
}
|
||||
|
||||
const entryId = data.entry_id as string;
|
||||
|
||||
// ── Alert check (fire-and-forget, non-blocking) ─────────────────
|
||||
try {
|
||||
const alertRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/trigger_water_alert`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_entry_id: entryId,
|
||||
p_alert_type: "high",
|
||||
p_threshold_value: measurement,
|
||||
p_reading_value: measurement,
|
||||
}),
|
||||
}
|
||||
);
|
||||
const highData = await alertRes.json();
|
||||
// If not triggered as high, try low
|
||||
if (!highData?.triggered) {
|
||||
await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/trigger_water_alert`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_entry_id: entryId,
|
||||
p_alert_type: "low",
|
||||
p_threshold_value: measurement,
|
||||
p_reading_value: measurement,
|
||||
}),
|
||||
}
|
||||
);
|
||||
}
|
||||
} catch {
|
||||
// Alert failures should not affect entry submission success
|
||||
}
|
||||
|
||||
return { success: true, entry_id: entryId };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function logoutWater(): Promise<void> {
|
||||
@@ -230,26 +102,15 @@ export async function setWaterLang(lang: string): Promise<void> {
|
||||
});
|
||||
}
|
||||
|
||||
export async function getWaterAdminSession(): Promise<{ user_id: string; name: string; role: string } | null> {
|
||||
export async function getWaterAdminSession(): Promise<{
|
||||
user_id: string;
|
||||
name: string;
|
||||
role: string;
|
||||
} | null> {
|
||||
const cookieStore = await cookies();
|
||||
const sessionId = cookieStore.get("wl_admin_session")?.value;
|
||||
|
||||
if (!sessionId) return null;
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
// Use get_water_admin_session RPC (SECURITY DEFINER) to avoid direct water_sessions + water_users JOIN
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_admin_session`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_session_id: sessionId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return null;
|
||||
const data = await response.json();
|
||||
return data;
|
||||
};
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,14 @@
|
||||
"use server";
|
||||
|
||||
import { getAdminUser } from "@/lib/admin-permissions";
|
||||
import { svcHeaders } from "@/lib/svc-headers";
|
||||
|
||||
// TODO(migration): the water-log settings RPCs (`get_water_admin_settings`,
|
||||
// `hash_water_admin_pin`, `save_water_admin_settings`,
|
||||
// `verify_water_admin_pin`) and the underlying
|
||||
// `water_admin_settings` table are not in the SaaS rebuild schema.
|
||||
// The functions below preserve the original signatures and return
|
||||
// empty / no-op responses. Same pattern as
|
||||
// `actions/route-trace/lots.ts`.
|
||||
|
||||
export type WaterAdminSettings = {
|
||||
enabled: boolean;
|
||||
@@ -13,110 +20,25 @@ export type WaterAdminSettings = {
|
||||
alerts_enabled?: boolean;
|
||||
};
|
||||
|
||||
export async function getWaterAdminSettings(brandId: string): Promise<WaterAdminSettings | null> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
const NOT_CONFIGURED = "Water log is not configured in the SaaS rebuild";
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_admin_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
|
||||
if (!response.ok) return null;
|
||||
const data = await response.json();
|
||||
return data as WaterAdminSettings;
|
||||
export async function getWaterAdminSettings(_brandId: string): Promise<WaterAdminSettings | null> {
|
||||
return null;
|
||||
}
|
||||
|
||||
export async function saveWaterAdminSettings(
|
||||
brandId: string,
|
||||
settings: Partial<WaterAdminSettings & { pin?: string }>
|
||||
_brandId: string,
|
||||
_settings: Partial<WaterAdminSettings & { pin?: string }>
|
||||
): Promise<{ success: boolean; error?: string }> {
|
||||
const adminUser = await getAdminUser();
|
||||
if (!adminUser) return { success: false, error: "Not authenticated" };
|
||||
if (!adminUser.can_manage_water_log) return { success: false, error: "Not authorized" };
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
let pinHash: string | null = null;
|
||||
if (settings.pin) {
|
||||
// Hash the PIN server-side using PostgreSQL
|
||||
const hashRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/hash_water_admin_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_pin: settings.pin }),
|
||||
}
|
||||
);
|
||||
const hashData = await hashRes.json();
|
||||
if (!hashData?.hash) return { success: false, error: "Failed to hash PIN" };
|
||||
pinHash = hashData.hash;
|
||||
}
|
||||
|
||||
const response = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/save_water_admin_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
p_brand_id: brandId,
|
||||
p_enabled: settings.enabled ?? null,
|
||||
p_pin_hash: pinHash,
|
||||
p_session_duration_hours: settings.session_duration_hours ?? null,
|
||||
p_can_edit_entries: settings.can_edit_entries ?? null,
|
||||
p_can_delete_entries: settings.can_delete_entries ?? null,
|
||||
p_can_export_csv: settings.can_export_csv ?? null,
|
||||
p_alert_phone: settings.alert_phone ?? null,
|
||||
p_alerts_enabled: settings.alerts_enabled ?? null,
|
||||
}),
|
||||
}
|
||||
);
|
||||
|
||||
const data = await response.json();
|
||||
if (!response.ok || !data?.success) {
|
||||
return { success: false, error: data?.error ?? "Failed to save settings" };
|
||||
}
|
||||
return { success: true };
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
export async function verifyWaterAdminPin(
|
||||
brandId: string,
|
||||
pin: string
|
||||
_brandId: string,
|
||||
_pin: string
|
||||
): Promise<{ success: boolean; session_id?: string; error?: string }> {
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const settingsRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/get_water_admin_settings`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId }),
|
||||
}
|
||||
);
|
||||
const settings = await settingsRes.json();
|
||||
if (!settingsRes.ok || !settings?.enabled) {
|
||||
return { success: false, error: "Admin portal not enabled" };
|
||||
}
|
||||
|
||||
// Verify PIN against stored hash
|
||||
const verifyRes = await fetch(
|
||||
`${supabaseUrl}/rest/v1/rpc/verify_water_admin_pin`,
|
||||
{
|
||||
method: "POST",
|
||||
headers: { ...svcHeaders(supabaseKey), "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ p_brand_id: brandId, p_pin: pin }),
|
||||
}
|
||||
);
|
||||
const verifyData = await verifyRes.json();
|
||||
if (!verifyRes.ok || !verifyData?.success) {
|
||||
return { success: false, error: "Invalid PIN" };
|
||||
}
|
||||
|
||||
return { success: true, session_id: verifyData.session_id };
|
||||
}
|
||||
return { success: false, error: NOT_CONFIGURED };
|
||||
}
|
||||
|
||||
+30
-115
@@ -1,128 +1,43 @@
|
||||
"use server";
|
||||
|
||||
/**
|
||||
* Wholesale customer authentication.
|
||||
*
|
||||
* TODO(migration): The original implementation used Supabase's
|
||||
* `auth.signInWithPassword` for email/password login of wholesale
|
||||
* customers. Now that Supabase is being removed, the wholesale
|
||||
* customer auth needs to be rebuilt on top of Auth.js v5 (or a
|
||||
* custom bcrypt + cookie session) before this module can be re-enabled.
|
||||
*
|
||||
* Until that lands, the actions below are stubbed: they preserve the
|
||||
* original signatures so the login form renders without runtime
|
||||
* errors, but always return a friendly "not available" error.
|
||||
*
|
||||
* Re-enable by:
|
||||
* 1. Adding a `wholesale_customers` table (or extending
|
||||
* `db/schema/customers.ts` with `password_hash` + `auth_user_id`).
|
||||
* 2. Wiring up the chosen auth provider in `src/lib/auth.ts`.
|
||||
* 3. Setting the `wholesale_session` cookie with the resolved
|
||||
* customer id.
|
||||
*/
|
||||
|
||||
import { cookies } from "next/headers";
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { pool } from "@/lib/db";
|
||||
|
||||
export type WholesaleLoginResult =
|
||||
| { success: true; token: string; userId: string; customerId: string }
|
||||
| { success: false; error: string };
|
||||
|
||||
export async function wholesaleLoginAction(formData: FormData): Promise<WholesaleLoginResult> {
|
||||
const email = formData.get("email") as string;
|
||||
const password = formData.get("password") as string;
|
||||
const NOT_AVAILABLE_ERROR =
|
||||
"Wholesale customer login is temporarily unavailable while we rebuild authentication. Please contact your account manager.";
|
||||
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const cookieStore = await cookies();
|
||||
const request = new NextRequest("http://localhost/wholesale/login", {
|
||||
headers: new Headers(),
|
||||
});
|
||||
const response = NextResponse.next({ request });
|
||||
|
||||
const { createServerClient } = await import("@supabase/ssr");
|
||||
const supabase = createServerClient(supabaseUrl, supabaseAnonKey, {
|
||||
cookies: {
|
||||
getAll() {
|
||||
return cookieStore.getAll();
|
||||
},
|
||||
setAll(cookiesToSet, headers) {
|
||||
cookiesToSet.forEach(({ name, value, options }) => {
|
||||
response.cookies.set(name, value, options);
|
||||
});
|
||||
Object.entries(headers).forEach(([key, value]) => {
|
||||
response.headers.set(key, value);
|
||||
});
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const { data, error } = await supabase.auth.signInWithPassword({
|
||||
email,
|
||||
password,
|
||||
});
|
||||
|
||||
if (error || !data.user) {
|
||||
return { success: false, error: error?.message ?? "Invalid credentials" };
|
||||
}
|
||||
|
||||
const { data: sessionData } = await supabase.auth.getSession();
|
||||
const token = sessionData?.session?.access_token;
|
||||
|
||||
if (!token) {
|
||||
return { success: false, error: "No session returned from auth" };
|
||||
}
|
||||
|
||||
// Find the wholesale customer record for this user (SECURITY DEFINER RPC).
|
||||
// The result is intentionally not consumed here — the portal page resolves
|
||||
// the actual customer on load using the cookie's access_token.
|
||||
try {
|
||||
await pool.query(
|
||||
"SELECT * FROM get_wholesale_customer_by_user($1, $2)",
|
||||
["00000000-0000-0000-0000-000000000000", data.user.id]
|
||||
);
|
||||
} catch {
|
||||
// Customer may not be linked yet; portal will resolve.
|
||||
}
|
||||
|
||||
// If no brand_id known, try all brands — just use first active one found
|
||||
// For now, set the cookie with user_id and a placeholder; portal will resolve proper customer
|
||||
response.cookies.set("wholesale_session", JSON.stringify({
|
||||
user_id: data.user.id,
|
||||
access_token: token,
|
||||
}), {
|
||||
path: "/",
|
||||
maxAge: 3600 * 24 * 7,
|
||||
sameSite: "lax",
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
httpOnly: false,
|
||||
});
|
||||
|
||||
// Also set the standard auth token for RPC calls
|
||||
response.cookies.set("sb-wnzkhezyhnfzhkhiflrp-auth-token", token, {
|
||||
path: "/",
|
||||
maxAge: 3600 * 24 * 7,
|
||||
sameSite: "lax",
|
||||
secure: process.env.NODE_ENV === "production",
|
||||
httpOnly: false,
|
||||
});
|
||||
|
||||
return {
|
||||
success: true,
|
||||
token,
|
||||
userId: data.user.id,
|
||||
customerId: "pending", // resolved by portal page on load
|
||||
};
|
||||
export async function wholesaleLoginAction(_formData: FormData): Promise<WholesaleLoginResult> {
|
||||
return { success: false, error: NOT_AVAILABLE_ERROR };
|
||||
}
|
||||
|
||||
export async function wholesaleLogoutAction() {
|
||||
export async function wholesaleLogoutAction(): Promise<{ success: true } | { success: false; error: string }> {
|
||||
const cookieStore = await cookies();
|
||||
const request = new NextRequest("http://localhost/wholesale/portal", {
|
||||
headers: new Headers(),
|
||||
});
|
||||
const response = NextResponse.next({ request });
|
||||
|
||||
response.cookies.delete("wholesale_session");
|
||||
|
||||
const { createServerClient } = await import("@supabase/ssr");
|
||||
const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
|
||||
const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;
|
||||
|
||||
const supabase = createServerClient(supabaseUrl, supabaseAnonKey, {
|
||||
cookies: {
|
||||
getAll() {
|
||||
return cookieStore.getAll();
|
||||
},
|
||||
setAll(cookiesToSet, headers) {
|
||||
cookiesToSet.forEach(({ name, value, options }) => {
|
||||
response.cookies.set(name, value, options);
|
||||
});
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
await supabase.auth.signOut();
|
||||
|
||||
// Best-effort cookie cleanup so a returning customer doesn't see stale state
|
||||
cookieStore.delete("wholesale_session");
|
||||
cookieStore.delete("sb-wnzkhezyhnfzhkhiflrp-auth-token");
|
||||
return { success: true };
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user