feat(smartsheet): cycle 7 — workbook hub
Replaces two independent Smartsheet configs (water log + time tracking) with one brand-level workbook connection that owns the encrypted API token. Per-feature configs keep their sheet_id + column_mapping + frequency + sync_enabled. Schema (migration 0096): - NEW smartsheet_workspace: one row per brand. Holds encrypted_api_token + token_iv + token_auth_tag (AES-256-GCM, same key), default_sheet_id, connection_enabled (master switch), last_test_*, audit columns. RLS brand-scoped. - Backfill: water_smartsheet_config rows copy into workspace first; time_tracking_smartsheet_config fills in only brands with no workspace row yet. Idempotent (NOT EXISTS + ON CONFLICT DO NOTHING). - DROP encrypted_api_token + token_iv + token_auth_tag from both feature configs (destructive — bytes are copied to workspace first). - Drop unused bytea customType from both schemas (no longer needed). Actions: - NEW src/actions/smartsheet/workspace.ts: getSmartsheetWorkspace, saveSmartsheetWorkspace, testSmartsheetWorkspaceConnection, disableSmartsheetWorkspace. Permission: can_manage_settings + platform_admin. - NEW src/services/workspace-token.ts (server-only): resolveWorkspaceToken helper. Lives outside the 'use server' file so the plaintext token is not exposed as an RPC surface — only callable from server-side sync engines. - MODIFIED water-log + time-tracking smartsheet actions: refactored to read token via resolveWorkspaceToken; save* no longer accepts a token; test* falls through to the workspace token if no token given. - MODIFIED both sync services: load token from resolveWorkspaceToken instead of decrypting the per-feature config. 'connection_disabled' now skips cleanly (no retry, no failed log row) — pausing the workspace at the hub level no longer floods Recent Activity with 'disabled' failures. UI: - NEW src/components/admin/water-log/SmartsheetHub.tsx: top-level hub card. Owns the token + Test Connection + connection enabled toggle + default sheet ID + last-verified badge. Permission gated. - MODIFIED SmartsheetIntegrationCard.tsx (water): rewritten without token UI. Reads masked token from workspace. Sheet ID + column mapping + frequency + enabled + backfill + recent activity. - MODIFIED TimeTrackingSmartsheetCard.tsx: same treatment. - MODIFIED /admin/water-log/settings/page: collapses §05 + §06 into a single Smartsheet section with the hub on top + both feature cards as siblings underneath. Tuxedo-only throughout (TUXEDO_BRAND_ID hardcoded in the settings page; matches existing single-tenant /water convention). Security fixes from pr-reviewer: - resolveWorkspaceToken extracted from 'use server' file to a server-only service module — was reachable as an RPC, would have returned the plaintext token to any authenticated admin. - getSmartsheetWorkspace now actually checks the auth result instead of calling requireManageSettings() and discarding the return value. Diff: -1742 / +597 lines (net -1100 from the simpler per-feature card).
This commit is contained in:
@@ -0,0 +1,66 @@
|
||||
/**
|
||||
* Smartsheet workspace — per-brand workbook connection.
|
||||
*
|
||||
* Cycle 7 schema for migration 0096. Replaces two independent Smartsheet
|
||||
* configs (water + time tracking) with one brand-level workbook hub.
|
||||
*
|
||||
* The encrypted API token lives here. Per-feature configs
|
||||
* (`water_smartsheet_config`, `time_tracking_smartsheet_config`) keep
|
||||
* their sheet_id, column_mapping, sync_frequency, sync_enabled, and
|
||||
* last_sync_* state but read the token from this table via brand_id.
|
||||
*
|
||||
* RLS: brand-scoped, same pattern as existing smartsheet tables.
|
||||
*/
|
||||
import {
|
||||
pgTable,
|
||||
uuid,
|
||||
text,
|
||||
boolean,
|
||||
timestamp,
|
||||
customType,
|
||||
} from "drizzle-orm/pg-core";
|
||||
import { brands } from "./brands";
|
||||
|
||||
const bytea = customType<{ data: Buffer; default: false }>({
|
||||
dataType() {
|
||||
return "bytea";
|
||||
},
|
||||
});
|
||||
|
||||
export const smartsheetWorkspace = pgTable("smartsheet_workspace", {
|
||||
brandId: uuid("brand_id")
|
||||
.primaryKey()
|
||||
.references(() => brands.id, { onDelete: "cascade" }),
|
||||
|
||||
// AES-256-GCM encrypted API token. Same key as the old feature
|
||||
// configs (SMARTSHEET_TOKEN_ENC_KEY); bytes are portable.
|
||||
encryptedApiToken: bytea("encrypted_api_token").notNull(),
|
||||
tokenIv: bytea("token_iv").notNull(),
|
||||
tokenAuthTag: bytea("token_auth_tag").notNull(),
|
||||
|
||||
// Optional "home" sheet — the tab the brand sees first in the
|
||||
// workbook. NULL is fine; the UI falls back to the first per-
|
||||
// feature sheet mapping.
|
||||
defaultSheetId: text("default_sheet_id"),
|
||||
|
||||
// Master kill-switch. Per-feature sync_enabled still gates each
|
||||
// feature independently — toggling this off pauses all syncs.
|
||||
connectionEnabled: boolean("connection_enabled").notNull().default(true),
|
||||
|
||||
// Test-connection bookkeeping (powers the "Last verified 2m ago"
|
||||
// badge on the hub card).
|
||||
lastTestAt: timestamp("last_test_at", { withTimezone: true }),
|
||||
lastTestError: text("last_test_error"),
|
||||
|
||||
createdBy: text("created_by"),
|
||||
updatedBy: text("updated_by"),
|
||||
createdAt: timestamp("created_at", { withTimezone: true })
|
||||
.notNull()
|
||||
.defaultNow(),
|
||||
updatedAt: timestamp("updated_at", { withTimezone: true })
|
||||
.notNull()
|
||||
.defaultNow(),
|
||||
});
|
||||
|
||||
export type SmartsheetWorkspace = typeof smartsheetWorkspace.$inferSelect;
|
||||
export type SmartsheetWorkspaceInsert = typeof smartsheetWorkspace.$inferInsert;
|
||||
@@ -1,6 +1,10 @@
|
||||
/**
|
||||
* Time Tracking. Source: `db/migrations/0001_init.sql` and the
|
||||
* Cycle-5 Smartsheet scaffold (`db/migrations/0095_*.sql`).
|
||||
*
|
||||
* Cycle 7: the encrypted token columns on
|
||||
* `time_tracking_smartsheet_config` moved to `smartsheet_workspace`
|
||||
* (see `db/schema/smartsheet-workspace.ts`).
|
||||
*/
|
||||
import {
|
||||
pgTable,
|
||||
@@ -12,20 +16,9 @@ import {
|
||||
timestamp,
|
||||
index,
|
||||
jsonb,
|
||||
customType,
|
||||
} from "drizzle-orm/pg-core";
|
||||
import { brands } from "./brands";
|
||||
|
||||
// drizzle-orm/pg-core does not export a `bytea` shorthand the way
|
||||
// many typed helpers do; declare it once here so the schema can use
|
||||
// raw BYTEA columns for encrypted tokens. Mirrors the helper in
|
||||
// `db/schema/water-log.ts` for the water-log smartsheet config.
|
||||
const bytea = customType<{ data: Buffer; default: false }>({
|
||||
dataType() {
|
||||
return "bytea";
|
||||
},
|
||||
});
|
||||
|
||||
export const timeTrackingSettings = pgTable(
|
||||
"time_tracking_settings",
|
||||
{
|
||||
@@ -232,9 +225,8 @@ export const timeTrackingSmartsheetConfig = pgTable(
|
||||
.primaryKey()
|
||||
.references(() => brands.id, { onDelete: "cascade" }),
|
||||
sheetId: text("sheet_id").notNull(),
|
||||
encryptedApiToken: bytea("encrypted_api_token").notNull(),
|
||||
tokenIv: bytea("token_iv").notNull(),
|
||||
tokenAuthTag: bytea("token_auth_tag").notNull(),
|
||||
// Cycle 7: encrypted token columns moved to smartsheet_workspace.
|
||||
// See migration 0096_smartsheet_workbook_hub.sql.
|
||||
columnMapping: jsonb("column_mapping")
|
||||
.$type<TTSmartsheetColumnMapping>()
|
||||
.notNull(),
|
||||
|
||||
+6
-11
@@ -24,18 +24,14 @@ import {
|
||||
index,
|
||||
uniqueIndex,
|
||||
integer,
|
||||
customType,
|
||||
} from "drizzle-orm/pg-core";
|
||||
import { brands } from "./brands";
|
||||
import { adminUsers } from "./brands";
|
||||
|
||||
// Drizzle's stock `bytea` import is not exported in every version, so
|
||||
// register a small custom type that maps to the existing `bytea` PG type.
|
||||
const bytea = customType<{ data: Buffer; default: false }>({
|
||||
dataType() {
|
||||
return "bytea";
|
||||
},
|
||||
});
|
||||
// Cycle 7: the `bytea` customType used to live here for the
|
||||
// encrypted Smartsheet token columns. Those columns moved to
|
||||
// `smartsheet_workspace` (see `db/schema/smartsheet-workspace.ts`),
|
||||
// so the helper is no longer needed here.
|
||||
|
||||
export const waterHeadgates = pgTable(
|
||||
"water_headgates",
|
||||
@@ -323,9 +319,8 @@ export const waterSmartsheetConfig = pgTable("water_smartsheet_config", {
|
||||
.primaryKey()
|
||||
.references(() => brands.id, { onDelete: "cascade" }),
|
||||
sheetId: text("sheet_id").notNull(),
|
||||
encryptedApiToken: bytea("encrypted_api_token").notNull(),
|
||||
tokenIv: bytea("token_iv").notNull(),
|
||||
tokenAuthTag: bytea("token_auth_tag").notNull(),
|
||||
// Cycle 7: encrypted token columns moved to smartsheet_workspace.
|
||||
// See migration 0096_smartsheet_workbook_hub.sql.
|
||||
columnMapping: jsonb("column_mapping")
|
||||
.$type<SmartsheetColumnMapping>()
|
||||
.notNull(),
|
||||
|
||||
Reference in New Issue
Block a user