manus-admin/sonum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SONUM v7 - Évolution v6 (éditeurs/blocs CRUD, tableau de bord stats) + vue liste alternance couleurs

Browse Source
This commit is contained in:
Manus Agent
2026-04-20 11:51:04 -04:00
commit 3bccb0a743
143 changed files with 30933 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
server/_core/context.ts Normal file
View File

@@ -0,0 +1,28 @@
import type { CreateExpressContextOptions } from "@trpc/server/adapters/express";
import type { User } from "../../drizzle/schema";
import { sdk } from "./sdk";
export type TrpcContext = {
req: CreateExpressContextOptions["req"];
res: CreateExpressContextOptions["res"];
user: User | null;
};
export async function createContext(
opts: CreateExpressContextOptions
): Promise<TrpcContext> {
let user: User | null = null;
try {
user = await sdk.authenticateRequest(opts.req);
} catch (error) {
// Authentication is optional for public procedures.
user = null;
}
return {
req: opts.req,
res: opts.res,
user,
};
}

48
server/_core/cookies.ts Normal file
View File

@@ -0,0 +1,48 @@
import type { CookieOptions, Request } from "express";
const LOCAL_HOSTS = new Set(["localhost", "127.0.0.1", "::1"]);
function isIpAddress(host: string) {
// Basic IPv4 check and IPv6 presence detection.
if (/^\d{1,3}(\.\d{1,3}){3}$/.test(host)) return true;
return host.includes(":");
}
function isSecureRequest(req: Request) {
if (req.protocol === "https") return true;
const forwardedProto = req.headers["x-forwarded-proto"];
if (!forwardedProto) return false;
const protoList = Array.isArray(forwardedProto)
? forwardedProto
: forwardedProto.split(",");
return protoList.some(proto => proto.trim().toLowerCase() === "https");
}
export function getSessionCookieOptions(
req: Request
): Pick<CookieOptions, "domain" | "httpOnly" | "path" | "sameSite" | "secure"> {
// const hostname = req.hostname;
// const shouldSetDomain =
// hostname &&
// !LOCAL_HOSTS.has(hostname) &&
// !isIpAddress(hostname) &&
// hostname !== "127.0.0.1" &&
// hostname !== "::1";
// const domain =
// shouldSetDomain && !hostname.startsWith(".")
// ? `.${hostname}`
// : shouldSetDomain
// ? hostname
// : undefined;
return {
httpOnly: true,
path: "/",
sameSite: "none",
secure: isSecureRequest(req),
};
}

64
server/_core/dataApi.ts Normal file
View File

@@ -0,0 +1,64 @@
/**
* Quick example (matches curl usage):
* await callDataApi("Youtube/search", {
* query: { gl: "US", hl: "en", q: "manus" },
* })
*/
import { ENV } from "./env";
export type DataApiCallOptions = {
query?: Record<string, unknown>;
body?: Record<string, unknown>;
pathParams?: Record<string, unknown>;
formData?: Record<string, unknown>;
};
export async function callDataApi(
apiId: string,
options: DataApiCallOptions = {}
): Promise<unknown> {
if (!ENV.forgeApiUrl) {
throw new Error("BUILT_IN_FORGE_API_URL is not configured");
}
if (!ENV.forgeApiKey) {
throw new Error("BUILT_IN_FORGE_API_KEY is not configured");
}
// Build the full URL by appending the service path to the base URL
const baseUrl = ENV.forgeApiUrl.endsWith("/") ? ENV.forgeApiUrl : `${ENV.forgeApiUrl}/`;
const fullUrl = new URL("webdevtoken.v1.WebDevService/CallApi", baseUrl).toString();
const response = await fetch(fullUrl, {
method: "POST",
headers: {
accept: "application/json",
"content-type": "application/json",
"connect-protocol-version": "1",
authorization: `Bearer ${ENV.forgeApiKey}`,
},
body: JSON.stringify({
apiId,
query: options.query,
body: options.body,
path_params: options.pathParams,
multipart_form_data: options.formData,
}),
});
if (!response.ok) {
const detail = await response.text().catch(() => "");
throw new Error(
`Data API request failed (${response.status} ${response.statusText})${detail ? `: ${detail}` : ""}`
);
}
const payload = await response.json().catch(() => ({}));
if (payload && typeof payload === "object" && "jsonData" in payload) {
try {
return JSON.parse((payload as Record<string, string>).jsonData ?? "{}");
} catch {
return (payload as Record<string, unknown>).jsonData;
}
}
return payload;
}

10
server/_core/env.ts Normal file
View File

@@ -0,0 +1,10 @@
export const ENV = {
appId: process.env.VITE_APP_ID ?? "",
cookieSecret: process.env.JWT_SECRET ?? "",
databaseUrl: process.env.DATABASE_URL ?? "",
oAuthServerUrl: process.env.OAUTH_SERVER_URL ?? "",
ownerOpenId: process.env.OWNER_OPEN_ID ?? "",
isProduction: process.env.NODE_ENV === "production",
forgeApiUrl: process.env.BUILT_IN_FORGE_API_URL ?? "",
forgeApiKey: process.env.BUILT_IN_FORGE_API_KEY ?? "",
};

92
server/_core/imageGeneration.ts Normal file
View File

@@ -0,0 +1,92 @@
/**
* Image generation helper using internal ImageService
*
* Example usage:
* const { url: imageUrl } = await generateImage({
* prompt: "A serene landscape with mountains"
* });
*
* For editing:
* const { url: imageUrl } = await generateImage({
* prompt: "Add a rainbow to this landscape",
* originalImages: [{
* url: "https://example.com/original.jpg",
* mimeType: "image/jpeg"
* }]
* });
*/
import { storagePut } from "server/storage";
import { ENV } from "./env";
export type GenerateImageOptions = {
prompt: string;
originalImages?: Array<{
url?: string;
b64Json?: string;
mimeType?: string;
}>;
};
export type GenerateImageResponse = {
url?: string;
};
export async function generateImage(
options: GenerateImageOptions
): Promise<GenerateImageResponse> {
if (!ENV.forgeApiUrl) {
throw new Error("BUILT_IN_FORGE_API_URL is not configured");
}
if (!ENV.forgeApiKey) {
throw new Error("BUILT_IN_FORGE_API_KEY is not configured");
}
// Build the full URL by appending the service path to the base URL
const baseUrl = ENV.forgeApiUrl.endsWith("/")
? ENV.forgeApiUrl
: `${ENV.forgeApiUrl}/`;
const fullUrl = new URL(
"images.v1.ImageService/GenerateImage",
baseUrl
).toString();
const response = await fetch(fullUrl, {
method: "POST",
headers: {
accept: "application/json",
"content-type": "application/json",
"connect-protocol-version": "1",
authorization: `Bearer ${ENV.forgeApiKey}`,
},
body: JSON.stringify({
prompt: options.prompt,
original_images: options.originalImages || [],
}),
});
if (!response.ok) {
const detail = await response.text().catch(() => "");
throw new Error(
`Image generation request failed (${response.status} ${response.statusText})${detail ? `: ${detail}` : ""}`
);
}
const result = (await response.json()) as {
image: {
b64Json: string;
mimeType: string;
};
};
const base64Data = result.image.b64Json;
const buffer = Buffer.from(base64Data, "base64");
// Save to S3
const { url } = await storagePut(
`generated/${Date.now()}.png`,
buffer,
result.image.mimeType
);
return {
url,
};
}

65
server/_core/index.ts Normal file
View File

@@ -0,0 +1,65 @@
import "dotenv/config";
import express from "express";
import { createServer } from "http";
import net from "net";
import { createExpressMiddleware } from "@trpc/server/adapters/express";
import { registerOAuthRoutes } from "./oauth";
import { appRouter } from "../routers";
import { createContext } from "./context";
import { serveStatic, setupVite } from "./vite";
function isPortAvailable(port: number): Promise<boolean> {
return new Promise(resolve => {
const server = net.createServer();
server.listen(port, () => {
server.close(() => resolve(true));
});
server.on("error", () => resolve(false));
});
}
async function findAvailablePort(startPort: number = 3000): Promise<number> {
for (let port = startPort; port < startPort + 20; port++) {
if (await isPortAvailable(port)) {
return port;
}
}
throw new Error(`No available port found starting from ${startPort}`);
}
async function startServer() {
const app = express();
const server = createServer(app);
// Configure body parser with larger size limit for file uploads
app.use(express.json({ limit: "50mb" }));
app.use(express.urlencoded({ limit: "50mb", extended: true }));
// OAuth callback under /api/oauth/callback
registerOAuthRoutes(app);
// tRPC API
app.use(
"/api/trpc",
createExpressMiddleware({
router: appRouter,
createContext,
})
);
// development mode uses Vite, production mode uses static files
if (process.env.NODE_ENV === "development") {
await setupVite(app, server);
} else {
serveStatic(app);
}
const preferredPort = parseInt(process.env.PORT || "3000");
const port = await findAvailablePort(preferredPort);
if (port !== preferredPort) {
console.log(`Port ${preferredPort} is busy, using port ${port} instead`);
}
server.listen(port, () => {
console.log(`Server running on http://localhost:${port}/`);
});
}
startServer().catch(console.error);

332
server/_core/llm.ts Normal file
View File

@@ -0,0 +1,332 @@
import { ENV } from "./env";
export type Role = "system" | "user" | "assistant" | "tool" | "function";
export type TextContent = {
type: "text";
text: string;
};
export type ImageContent = {
type: "image_url";
image_url: {
url: string;
detail?: "auto" | "low" | "high";
};
};
export type FileContent = {
type: "file_url";
file_url: {
url: string;
mime_type?: "audio/mpeg" | "audio/wav" | "application/pdf" | "audio/mp4" | "video/mp4" ;
};
};
export type MessageContent = string | TextContent | ImageContent | FileContent;
export type Message = {
role: Role;
content: MessageContent | MessageContent[];
name?: string;
tool_call_id?: string;
};
export type Tool = {
type: "function";
function: {
name: string;
description?: string;
parameters?: Record<string, unknown>;
};
};
export type ToolChoicePrimitive = "none" | "auto" | "required";
export type ToolChoiceByName = { name: string };
export type ToolChoiceExplicit = {
type: "function";
function: {
name: string;
};
};
export type ToolChoice =
| ToolChoicePrimitive
| ToolChoiceByName
| ToolChoiceExplicit;
export type InvokeParams = {
messages: Message[];
tools?: Tool[];
toolChoice?: ToolChoice;
tool_choice?: ToolChoice;
maxTokens?: number;
max_tokens?: number;
outputSchema?: OutputSchema;
output_schema?: OutputSchema;
responseFormat?: ResponseFormat;
response_format?: ResponseFormat;
};
export type ToolCall = {
id: string;
type: "function";
function: {
name: string;
arguments: string;
};
};
export type InvokeResult = {
id: string;
created: number;
model: string;
choices: Array<{
index: number;
message: {
role: Role;
content: string | Array<TextContent | ImageContent | FileContent>;
tool_calls?: ToolCall[];
};
finish_reason: string | null;
}>;
usage?: {
prompt_tokens: number;
completion_tokens: number;
total_tokens: number;
};
};
export type JsonSchema = {
name: string;
schema: Record<string, unknown>;
strict?: boolean;
};
export type OutputSchema = JsonSchema;
export type ResponseFormat =
| { type: "text" }
| { type: "json_object" }
| { type: "json_schema"; json_schema: JsonSchema };
const ensureArray = (
value: MessageContent | MessageContent[]
): MessageContent[] => (Array.isArray(value) ? value : [value]);
const normalizeContentPart = (
part: MessageContent
): TextContent | ImageContent | FileContent => {
if (typeof part === "string") {
return { type: "text", text: part };
}
if (part.type === "text") {
return part;
}
if (part.type === "image_url") {
return part;
}
if (part.type === "file_url") {
return part;
}
throw new Error("Unsupported message content part");
};
const normalizeMessage = (message: Message) => {
const { role, name, tool_call_id } = message;
if (role === "tool" || role === "function") {
const content = ensureArray(message.content)
.map(part => (typeof part === "string" ? part : JSON.stringify(part)))
.join("\n");
return {
role,
name,
tool_call_id,
content,
};
}
const contentParts = ensureArray(message.content).map(normalizeContentPart);
// If there's only text content, collapse to a single string for compatibility
if (contentParts.length === 1 && contentParts[0].type === "text") {
return {
role,
name,
content: contentParts[0].text,
};
}
return {
role,
name,
content: contentParts,
};
};
const normalizeToolChoice = (
toolChoice: ToolChoice | undefined,
tools: Tool[] | undefined
): "none" | "auto" | ToolChoiceExplicit | undefined => {
if (!toolChoice) return undefined;
if (toolChoice === "none" || toolChoice === "auto") {
return toolChoice;
}
if (toolChoice === "required") {
if (!tools || tools.length === 0) {
throw new Error(
"tool_choice 'required' was provided but no tools were configured"
);
}
if (tools.length > 1) {
throw new Error(
"tool_choice 'required' needs a single tool or specify the tool name explicitly"
);
}
return {
type: "function",
function: { name: tools[0].function.name },
};
}
if ("name" in toolChoice) {
return {
type: "function",
function: { name: toolChoice.name },
};
}
return toolChoice;
};
const resolveApiUrl = () =>
ENV.forgeApiUrl && ENV.forgeApiUrl.trim().length > 0
? `${ENV.forgeApiUrl.replace(/\/$/, "")}/v1/chat/completions`
: "https://forge.manus.im/v1/chat/completions";
const assertApiKey = () => {
if (!ENV.forgeApiKey) {
throw new Error("OPENAI_API_KEY is not configured");
}
};
const normalizeResponseFormat = ({
responseFormat,
response_format,
outputSchema,
output_schema,
}: {
responseFormat?: ResponseFormat;
response_format?: ResponseFormat;
outputSchema?: OutputSchema;
output_schema?: OutputSchema;
}):
| { type: "json_schema"; json_schema: JsonSchema }
| { type: "text" }
| { type: "json_object" }
| undefined => {
const explicitFormat = responseFormat || response_format;
if (explicitFormat) {
if (
explicitFormat.type === "json_schema" &&
!explicitFormat.json_schema?.schema
) {
throw new Error(
"responseFormat json_schema requires a defined schema object"
);
}
return explicitFormat;
}
const schema = outputSchema || output_schema;
if (!schema) return undefined;
if (!schema.name || !schema.schema) {
throw new Error("outputSchema requires both name and schema");
}
return {
type: "json_schema",
json_schema: {
name: schema.name,
schema: schema.schema,
...(typeof schema.strict === "boolean" ? { strict: schema.strict } : {}),
},
};
};
export async function invokeLLM(params: InvokeParams): Promise<InvokeResult> {
assertApiKey();
const {
messages,
tools,
toolChoice,
tool_choice,
outputSchema,
output_schema,
responseFormat,
response_format,
} = params;
const payload: Record<string, unknown> = {
model: "gemini-2.5-flash",
messages: messages.map(normalizeMessage),
};
if (tools && tools.length > 0) {
payload.tools = tools;
}
const normalizedToolChoice = normalizeToolChoice(
toolChoice || tool_choice,
tools
);
if (normalizedToolChoice) {
payload.tool_choice = normalizedToolChoice;
}
payload.max_tokens = 32768
payload.thinking = {
"budget_tokens": 128
}
const normalizedResponseFormat = normalizeResponseFormat({
responseFormat,
response_format,
outputSchema,
output_schema,
});
if (normalizedResponseFormat) {
payload.response_format = normalizedResponseFormat;
}
const response = await fetch(resolveApiUrl(), {
method: "POST",
headers: {
"content-type": "application/json",
authorization: `Bearer ${ENV.forgeApiKey}`,
},
body: JSON.stringify(payload),
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(
`LLM invoke failed: ${response.status} ${response.statusText} ${errorText}`
);
}
return (await response.json()) as InvokeResult;
}

319
server/_core/map.ts Normal file
View File

@@ -0,0 +1,319 @@
/**
* Google Maps API Integration for Manus WebDev Templates
*
* Main function: makeRequest<T>(endpoint, params) - Makes authenticated requests to Google Maps APIs
* All credentials are automatically injected. Array parameters use | as separator.
*
* See API examples below the type definitions for usage patterns.
*/
import { ENV } from "./env";
// ============================================================================
// Configuration
// ============================================================================
type MapsConfig = {
baseUrl: string;
apiKey: string;
};
function getMapsConfig(): MapsConfig {
const baseUrl = ENV.forgeApiUrl;
const apiKey = ENV.forgeApiKey;
if (!baseUrl || !apiKey) {
throw new Error(
"Google Maps proxy credentials missing: set BUILT_IN_FORGE_API_URL and BUILT_IN_FORGE_API_KEY"
);
}
return {
baseUrl: baseUrl.replace(/\/+$/, ""),
apiKey,
};
}
// ============================================================================
// Core Request Handler
// ============================================================================
interface RequestOptions {
method?: "GET" | "POST";
body?: Record<string, unknown>;
}
/**
* Make authenticated requests to Google Maps APIs
*
* @param endpoint - The API endpoint (e.g., "/maps/api/geocode/json")
* @param params - Query parameters for the request
* @param options - Additional request options
* @returns The API response
*/
export async function makeRequest<T = unknown>(
endpoint: string,
params: Record<string, unknown> = {},
options: RequestOptions = {}
): Promise<T> {
const { baseUrl, apiKey } = getMapsConfig();
// Construct full URL: baseUrl + /v1/maps/proxy + endpoint
const url = new URL(`${baseUrl}/v1/maps/proxy${endpoint}`);
// Add API key as query parameter (standard Google Maps API authentication)
url.searchParams.append("key", apiKey);
// Add other query parameters
Object.entries(params).forEach(([key, value]) => {
if (value !== undefined && value !== null) {
url.searchParams.append(key, String(value));
}
});
const response = await fetch(url.toString(), {
method: options.method || "GET",
headers: {
"Content-Type": "application/json",
},
body: options.body ? JSON.stringify(options.body) : undefined,
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(
`Google Maps API request failed (${response.status} ${response.statusText}): ${errorText}`
);
}
return (await response.json()) as T;
}
// ============================================================================
// Type Definitions
// ============================================================================
export type TravelMode = "driving" | "walking" | "bicycling" | "transit";
export type MapType = "roadmap" | "satellite" | "terrain" | "hybrid";
export type SpeedUnit = "KPH" | "MPH";
export type LatLng = {
lat: number;
lng: number;
};
export type DirectionsResult = {
routes: Array<{
legs: Array<{
distance: { text: string; value: number };
duration: { text: string; value: number };
start_address: string;
end_address: string;
start_location: LatLng;
end_location: LatLng;
steps: Array<{
distance: { text: string; value: number };
duration: { text: string; value: number };
html_instructions: string;
travel_mode: string;
start_location: LatLng;
end_location: LatLng;
}>;
}>;
overview_polyline: { points: string };
summary: string;
warnings: string[];
waypoint_order: number[];
}>;
status: string;
};
export type DistanceMatrixResult = {
rows: Array<{
elements: Array<{
distance: { text: string; value: number };
duration: { text: string; value: number };
status: string;
}>;
}>;
origin_addresses: string[];
destination_addresses: string[];
status: string;
};
export type GeocodingResult = {
results: Array<{
address_components: Array<{
long_name: string;
short_name: string;
types: string[];
}>;
formatted_address: string;
geometry: {
location: LatLng;
location_type: string;
viewport: {
northeast: LatLng;
southwest: LatLng;
};
};
place_id: string;
types: string[];
}>;
status: string;
};
export type PlacesSearchResult = {
results: Array<{
place_id: string;
name: string;
formatted_address: string;
geometry: {
location: LatLng;
};
rating?: number;
user_ratings_total?: number;
business_status?: string;
types: string[];
}>;
status: string;
};
export type PlaceDetailsResult = {
result: {
place_id: string;
name: string;
formatted_address: string;
formatted_phone_number?: string;
international_phone_number?: string;
website?: string;
rating?: number;
user_ratings_total?: number;
reviews?: Array<{
author_name: string;
rating: number;
text: string;
time: number;
}>;
opening_hours?: {
open_now: boolean;
weekday_text: string[];
};
geometry: {
location: LatLng;
};
};
status: string;
};
export type ElevationResult = {
results: Array<{
elevation: number;
location: LatLng;
resolution: number;
}>;
status: string;
};
export type TimeZoneResult = {
dstOffset: number;
rawOffset: number;
status: string;
timeZoneId: string;
timeZoneName: string;
};
export type RoadsResult = {
snappedPoints: Array<{
location: LatLng;
originalIndex?: number;
placeId: string;
}>;
};
// ============================================================================
// Google Maps API Reference
// ============================================================================
/**
* GEOCODING - Convert between addresses and coordinates
* Endpoint: /maps/api/geocode/json
* Input: { address: string } OR { latlng: string } // latlng: "37.42,-122.08"
* Output: GeocodingResult // results[0].geometry.location, results[0].formatted_address
*/
/**
* DIRECTIONS - Get navigation routes between locations
* Endpoint: /maps/api/directions/json
* Input: { origin: string, destination: string, mode?: TravelMode, waypoints?: string, alternatives?: boolean }
* Output: DirectionsResult // routes[0].legs[0].distance, duration, steps
*/
/**
* DISTANCE MATRIX - Calculate travel times/distances for multiple origin-destination pairs
* Endpoint: /maps/api/distancematrix/json
* Input: { origins: string, destinations: string, mode?: TravelMode, units?: "metric"|"imperial" } // origins: "NYC|Boston"
* Output: DistanceMatrixResult // rows[0].elements[1] = first origin to second destination
*/
/**
* PLACE SEARCH - Find businesses/POIs by text query
* Endpoint: /maps/api/place/textsearch/json
* Input: { query: string, location?: string, radius?: number, type?: string } // location: "40.7,-74.0"
* Output: PlacesSearchResult // results[].name, rating, geometry.location, place_id
*/
/**
* NEARBY SEARCH - Find places near a specific location
* Endpoint: /maps/api/place/nearbysearch/json
* Input: { location: string, radius: number, type?: string, keyword?: string } // location: "40.7,-74.0"
* Output: PlacesSearchResult
*/
/**
* PLACE DETAILS - Get comprehensive information about a specific place
* Endpoint: /maps/api/place/details/json
* Input: { place_id: string, fields?: string } // fields: "name,rating,opening_hours,website"
* Output: PlaceDetailsResult // result.name, rating, opening_hours, etc.
*/
/**
* ELEVATION - Get altitude data for geographic points
* Endpoint: /maps/api/elevation/json
* Input: { locations?: string, path?: string, samples?: number } // locations: "39.73,-104.98|36.45,-116.86"
* Output: ElevationResult // results[].elevation (meters)
*/
/**
* TIME ZONE - Get timezone information for a location
* Endpoint: /maps/api/timezone/json
* Input: { location: string, timestamp: number } // timestamp: Math.floor(Date.now()/1000)
* Output: TimeZoneResult // timeZoneId, timeZoneName
*/
/**
* ROADS - Snap GPS traces to roads, find nearest roads, get speed limits
* - /v1/snapToRoads: Input: { path: string, interpolate?: boolean } // path: "lat,lng|lat,lng"
* - /v1/nearestRoads: Input: { points: string } // points: "lat,lng|lat,lng"
* - /v1/speedLimits: Input: { path: string, units?: SpeedUnit }
* Output: RoadsResult
*/
/**
* PLACE AUTOCOMPLETE - Real-time place suggestions as user types
* Endpoint: /maps/api/place/autocomplete/json
* Input: { input: string, location?: string, radius?: number }
* Output: { predictions: Array<{ description: string, place_id: string }> }
*/
/**
* STATIC MAPS - Generate map images as URLs (for emails, reports, <img> tags)
* Endpoint: /maps/api/staticmap
* Input: URL params - center: string, zoom: number, size: string, markers?: string, maptype?: MapType
* Output: Image URL (not JSON) - use directly in <img src={url} />
* Note: Construct URL manually with getMapsConfig() for auth
*/

114
server/_core/notification.ts Normal file
View File

@@ -0,0 +1,114 @@
import { TRPCError } from "@trpc/server";
import { ENV } from "./env";
export type NotificationPayload = {
title: string;
content: string;
};
const TITLE_MAX_LENGTH = 1200;
const CONTENT_MAX_LENGTH = 20000;
const trimValue = (value: string): string => value.trim();
const isNonEmptyString = (value: unknown): value is string =>
typeof value === "string" && value.trim().length > 0;
const buildEndpointUrl = (baseUrl: string): string => {
const normalizedBase = baseUrl.endsWith("/")
? baseUrl
: `${baseUrl}/`;
return new URL(
"webdevtoken.v1.WebDevService/SendNotification",
normalizedBase
).toString();
};
const validatePayload = (input: NotificationPayload): NotificationPayload => {
if (!isNonEmptyString(input.title)) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Notification title is required.",
});
}
if (!isNonEmptyString(input.content)) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Notification content is required.",
});
}
const title = trimValue(input.title);
const content = trimValue(input.content);
if (title.length > TITLE_MAX_LENGTH) {
throw new TRPCError({
code: "BAD_REQUEST",
message: `Notification title must be at most ${TITLE_MAX_LENGTH} characters.`,
});
}
if (content.length > CONTENT_MAX_LENGTH) {
throw new TRPCError({
code: "BAD_REQUEST",
message: `Notification content must be at most ${CONTENT_MAX_LENGTH} characters.`,
});
}
return { title, content };
};
/**
* Dispatches a project-owner notification through the Manus Notification Service.
* Returns `true` if the request was accepted, `false` when the upstream service
* cannot be reached (callers can fall back to email/slack). Validation errors
* bubble up as TRPC errors so callers can fix the payload.
*/
export async function notifyOwner(
payload: NotificationPayload
): Promise<boolean> {
const { title, content } = validatePayload(payload);
if (!ENV.forgeApiUrl) {
throw new TRPCError({
code: "INTERNAL_SERVER_ERROR",
message: "Notification service URL is not configured.",
});
}
if (!ENV.forgeApiKey) {
throw new TRPCError({
code: "INTERNAL_SERVER_ERROR",
message: "Notification service API key is not configured.",
});
}
const endpoint = buildEndpointUrl(ENV.forgeApiUrl);
try {
const response = await fetch(endpoint, {
method: "POST",
headers: {
accept: "application/json",
authorization: `Bearer ${ENV.forgeApiKey}`,
"content-type": "application/json",
"connect-protocol-version": "1",
},
body: JSON.stringify({ title, content }),
});
if (!response.ok) {
const detail = await response.text().catch(() => "");
console.warn(
`[Notification] Failed to notify owner (${response.status} ${response.statusText})${
detail ? `: ${detail}` : ""
}`
);
return false;
}
return true;
} catch (error) {
console.warn("[Notification] Error calling notification service:", error);
return false;
}
}

53
server/_core/oauth.ts Normal file
View File

@@ -0,0 +1,53 @@
import { COOKIE_NAME, ONE_YEAR_MS } from "@shared/const";
import type { Express, Request, Response } from "express";
import * as db from "../db";
import { getSessionCookieOptions } from "./cookies";
import { sdk } from "./sdk";
function getQueryParam(req: Request, key: string): string | undefined {
const value = req.query[key];
return typeof value === "string" ? value : undefined;
}
export function registerOAuthRoutes(app: Express) {
app.get("/api/oauth/callback", async (req: Request, res: Response) => {
const code = getQueryParam(req, "code");
const state = getQueryParam(req, "state");
if (!code || !state) {
res.status(400).json({ error: "code and state are required" });
return;
}
try {
const tokenResponse = await sdk.exchangeCodeForToken(code, state);
const userInfo = await sdk.getUserInfo(tokenResponse.accessToken);
if (!userInfo.openId) {
res.status(400).json({ error: "openId missing from user info" });
return;
}
await db.upsertUser({
openId: userInfo.openId,
name: userInfo.name || null,
email: userInfo.email ?? null,
loginMethod: userInfo.loginMethod ?? userInfo.platform ?? null,
lastSignedIn: new Date(),
});
const sessionToken = await sdk.createSessionToken(userInfo.openId, {
name: userInfo.name || "",
expiresInMs: ONE_YEAR_MS,
});
const cookieOptions = getSessionCookieOptions(req);
res.cookie(COOKIE_NAME, sessionToken, { ...cookieOptions, maxAge: ONE_YEAR_MS });
res.redirect(302, "/");
} catch (error) {
console.error("[OAuth] Callback failed", error);
res.status(500).json({ error: "OAuth callback failed" });
}
});
}

304
server/_core/sdk.ts Normal file
View File

@@ -0,0 +1,304 @@
import { AXIOS_TIMEOUT_MS, COOKIE_NAME, ONE_YEAR_MS } from "@shared/const";
import { ForbiddenError } from "@shared/_core/errors";
import axios, { type AxiosInstance } from "axios";
import { parse as parseCookieHeader } from "cookie";
import type { Request } from "express";
import { SignJWT, jwtVerify } from "jose";
import type { User } from "../../drizzle/schema";
import * as db from "../db";
import { ENV } from "./env";
import type {
ExchangeTokenRequest,
ExchangeTokenResponse,
GetUserInfoResponse,
GetUserInfoWithJwtRequest,
GetUserInfoWithJwtResponse,
} from "./types/manusTypes";
// Utility function
const isNonEmptyString = (value: unknown): value is string =>
typeof value === "string" && value.length > 0;
export type SessionPayload = {
openId: string;
appId: string;
name: string;
};
const EXCHANGE_TOKEN_PATH = `/webdev.v1.WebDevAuthPublicService/ExchangeToken`;
const GET_USER_INFO_PATH = `/webdev.v1.WebDevAuthPublicService/GetUserInfo`;
const GET_USER_INFO_WITH_JWT_PATH = `/webdev.v1.WebDevAuthPublicService/GetUserInfoWithJwt`;
class OAuthService {
constructor(private client: ReturnType<typeof axios.create>) {
console.log("[OAuth] Initialized with baseURL:", ENV.oAuthServerUrl);
if (!ENV.oAuthServerUrl) {
console.error(
"[OAuth] ERROR: OAUTH_SERVER_URL is not configured! Set OAUTH_SERVER_URL environment variable."
);
}
}
private decodeState(state: string): string {
const redirectUri = atob(state);
return redirectUri;
}
async getTokenByCode(
code: string,
state: string
): Promise<ExchangeTokenResponse> {
const payload: ExchangeTokenRequest = {
clientId: ENV.appId,
grantType: "authorization_code",
code,
redirectUri: this.decodeState(state),
};
const { data } = await this.client.post<ExchangeTokenResponse>(
EXCHANGE_TOKEN_PATH,
payload
);
return data;
}
async getUserInfoByToken(
token: ExchangeTokenResponse
): Promise<GetUserInfoResponse> {
const { data } = await this.client.post<GetUserInfoResponse>(
GET_USER_INFO_PATH,
{
accessToken: token.accessToken,
}
);
return data;
}
}
const createOAuthHttpClient = (): AxiosInstance =>
axios.create({
baseURL: ENV.oAuthServerUrl,
timeout: AXIOS_TIMEOUT_MS,
});
class SDKServer {
private readonly client: AxiosInstance;
private readonly oauthService: OAuthService;
constructor(client: AxiosInstance = createOAuthHttpClient()) {
this.client = client;
this.oauthService = new OAuthService(this.client);
}
private deriveLoginMethod(
platforms: unknown,
fallback: string | null | undefined
): string | null {
if (fallback && fallback.length > 0) return fallback;
if (!Array.isArray(platforms) || platforms.length === 0) return null;
const set = new Set<string>(
platforms.filter((p): p is string => typeof p === "string")
);
if (set.has("REGISTERED_PLATFORM_EMAIL")) return "email";
if (set.has("REGISTERED_PLATFORM_GOOGLE")) return "google";
if (set.has("REGISTERED_PLATFORM_APPLE")) return "apple";
if (
set.has("REGISTERED_PLATFORM_MICROSOFT") ||
set.has("REGISTERED_PLATFORM_AZURE")
)
return "microsoft";
if (set.has("REGISTERED_PLATFORM_GITHUB")) return "github";
const first = Array.from(set)[0];
return first ? first.toLowerCase() : null;
}
/**
* Exchange OAuth authorization code for access token
* @example
* const tokenResponse = await sdk.exchangeCodeForToken(code, state);
*/
async exchangeCodeForToken(
code: string,
state: string
): Promise<ExchangeTokenResponse> {
return this.oauthService.getTokenByCode(code, state);
}
/**
* Get user information using access token
* @example
* const userInfo = await sdk.getUserInfo(tokenResponse.accessToken);
*/
async getUserInfo(accessToken: string): Promise<GetUserInfoResponse> {
const data = await this.oauthService.getUserInfoByToken({
accessToken,
} as ExchangeTokenResponse);
const loginMethod = this.deriveLoginMethod(
(data as any)?.platforms,
(data as any)?.platform ?? data.platform ?? null
);
return {
...(data as any),
platform: loginMethod,
loginMethod,
} as GetUserInfoResponse;
}
private parseCookies(cookieHeader: string | undefined) {
if (!cookieHeader) {
return new Map<string, string>();
}
const parsed = parseCookieHeader(cookieHeader);
return new Map(Object.entries(parsed));
}
private getSessionSecret() {
const secret = ENV.cookieSecret;
return new TextEncoder().encode(secret);
}
/**
* Create a session token for a Manus user openId
* @example
* const sessionToken = await sdk.createSessionToken(userInfo.openId);
*/
async createSessionToken(
openId: string,
options: { expiresInMs?: number; name?: string } = {}
): Promise<string> {
return this.signSession(
{
openId,
appId: ENV.appId,
name: options.name || "",
},
options
);
}
async signSession(
payload: SessionPayload,
options: { expiresInMs?: number } = {}
): Promise<string> {
const issuedAt = Date.now();
const expiresInMs = options.expiresInMs ?? ONE_YEAR_MS;
const expirationSeconds = Math.floor((issuedAt + expiresInMs) / 1000);
const secretKey = this.getSessionSecret();
return new SignJWT({
openId: payload.openId,
appId: payload.appId,
name: payload.name,
})
.setProtectedHeader({ alg: "HS256", typ: "JWT" })
.setExpirationTime(expirationSeconds)
.sign(secretKey);
}
async verifySession(
cookieValue: string | undefined | null
): Promise<{ openId: string; appId: string; name: string } | null> {
if (!cookieValue) {
console.warn("[Auth] Missing session cookie");
return null;
}
try {
const secretKey = this.getSessionSecret();
const { payload } = await jwtVerify(cookieValue, secretKey, {
algorithms: ["HS256"],
});
const { openId, appId, name } = payload as Record<string, unknown>;
if (
!isNonEmptyString(openId) ||
!isNonEmptyString(appId) ||
!isNonEmptyString(name)
) {
console.warn("[Auth] Session payload missing required fields");
return null;
}
return {
openId,
appId,
name,
};
} catch (error) {
console.warn("[Auth] Session verification failed", String(error));
return null;
}
}
async getUserInfoWithJwt(
jwtToken: string
): Promise<GetUserInfoWithJwtResponse> {
const payload: GetUserInfoWithJwtRequest = {
jwtToken,
projectId: ENV.appId,
};
const { data } = await this.client.post<GetUserInfoWithJwtResponse>(
GET_USER_INFO_WITH_JWT_PATH,
payload
);
const loginMethod = this.deriveLoginMethod(
(data as any)?.platforms,
(data as any)?.platform ?? data.platform ?? null
);
return {
...(data as any),
platform: loginMethod,
loginMethod,
} as GetUserInfoWithJwtResponse;
}
async authenticateRequest(req: Request): Promise<User> {
// Regular authentication flow
const cookies = this.parseCookies(req.headers.cookie);
const sessionCookie = cookies.get(COOKIE_NAME);
const session = await this.verifySession(sessionCookie);
if (!session) {
throw ForbiddenError("Invalid session cookie");
}
const sessionUserId = session.openId;
const signedInAt = new Date();
let user = await db.getUserByOpenId(sessionUserId);
// If user not in DB, sync from OAuth server automatically
if (!user) {
try {
const userInfo = await this.getUserInfoWithJwt(sessionCookie ?? "");
await db.upsertUser({
openId: userInfo.openId,
name: userInfo.name || null,
email: userInfo.email ?? null,
loginMethod: userInfo.loginMethod ?? userInfo.platform ?? null,
lastSignedIn: signedInAt,
});
user = await db.getUserByOpenId(userInfo.openId);
} catch (error) {
console.error("[Auth] Failed to sync user from OAuth:", error);
throw ForbiddenError("Failed to sync user info");
}
}
if (!user) {
throw ForbiddenError("User not found");
}
await db.upsertUser({
openId: user.openId,
lastSignedIn: signedInAt,
});
return user;
}
}
export const sdk = new SDKServer();

29
server/_core/systemRouter.ts Normal file
View File

@@ -0,0 +1,29 @@
import { z } from "zod";
import { notifyOwner } from "./notification";
import { adminProcedure, publicProcedure, router } from "./trpc";
export const systemRouter = router({
health: publicProcedure
.input(
z.object({
timestamp: z.number().min(0, "timestamp cannot be negative"),
})
)
.query(() => ({
ok: true,
})),
notifyOwner: adminProcedure
.input(
z.object({
title: z.string().min(1, "title is required"),
content: z.string().min(1, "content is required"),
})
)
.mutation(async ({ input }) => {
const delivered = await notifyOwner(input);
return {
success: delivered,
} as const;
}),
});

45
server/_core/trpc.ts Normal file
View File

@@ -0,0 +1,45 @@
import { NOT_ADMIN_ERR_MSG, UNAUTHED_ERR_MSG } from '@shared/const';
import { initTRPC, TRPCError } from "@trpc/server";
import superjson from "superjson";
import type { TrpcContext } from "./context";
const t = initTRPC.context<TrpcContext>().create({
transformer: superjson,
});
export const router = t.router;
export const publicProcedure = t.procedure;
const requireUser = t.middleware(async opts => {
const { ctx, next } = opts;
if (!ctx.user) {
throw new TRPCError({ code: "UNAUTHORIZED", message: UNAUTHED_ERR_MSG });
}
return next({
ctx: {
...ctx,
user: ctx.user,
},
});
});
export const protectedProcedure = t.procedure.use(requireUser);
export const adminProcedure = t.procedure.use(
t.middleware(async opts => {
const { ctx, next } = opts;
if (!ctx.user || ctx.user.role !== 'admin') {
throw new TRPCError({ code: "FORBIDDEN", message: NOT_ADMIN_ERR_MSG });
}
return next({
ctx: {
...ctx,
user: ctx.user,
},
});
}),
);

6
server/_core/types/cookie.d.ts vendored Normal file
View File

@@ -0,0 +1,6 @@
declare module "cookie" {
export function parse(
str: string,
options?: Record<string, unknown>
): Record<string, string>;
}

69
server/_core/types/manusTypes.ts Normal file
View File

@@ -0,0 +1,69 @@
// WebDev Auth TypeScript types
// Auto-generated from protobuf definitions
// Generated on: 2025-09-24T05:57:57.338Z
export interface AuthorizeRequest {
redirectUri: string;
projectId: string;
state: string;
responseType: string;
scope: string;
}
export interface AuthorizeResponse {
redirectUrl: string;
}
export interface ExchangeTokenRequest {
grantType: string;
code: string;
refreshToken?: string;
clientId: string;
clientSecret?: string;
redirectUri: string;
}
export interface ExchangeTokenResponse {
accessToken: string;
tokenType: string;
expiresIn: number;
refreshToken?: string;
scope: string;
idToken: string;
}
export interface GetUserInfoRequest {
accessToken: string;
}
export interface GetUserInfoResponse {
openId: string;
projectId: string;
name: string;
email?: string | null;
platform?: string | null;
loginMethod?: string | null;
}
export interface CanAccessRequest {
openId: string;
projectId: string;
}
export interface CanAccessResponse {
canAccess: boolean;
}
export interface GetUserInfoWithJwtRequest {
jwtToken: string;
projectId: string;
}
export interface GetUserInfoWithJwtResponse {
openId: string;
projectId: string;
name: string;
email?: string | null;
platform?: string | null;
loginMethod?: string | null;
}

67
server/_core/vite.ts Normal file
View File

@@ -0,0 +1,67 @@
import express, { type Express } from "express";
import fs from "fs";
import { type Server } from "http";
import { nanoid } from "nanoid";
import path from "path";
import { createServer as createViteServer } from "vite";
import viteConfig from "../../vite.config";
export async function setupVite(app: Express, server: Server) {
const serverOptions = {
middlewareMode: true,
hmr: { server },
allowedHosts: true as const,
};
const vite = await createViteServer({
...viteConfig,
configFile: false,
server: serverOptions,
appType: "custom",
});
app.use(vite.middlewares);
app.use("*", async (req, res, next) => {
const url = req.originalUrl;
try {
const clientTemplate = path.resolve(
import.meta.dirname,
"../..",
"client",
"index.html"
);
// always reload the index.html file from disk incase it changes
let template = await fs.promises.readFile(clientTemplate, "utf-8");
template = template.replace(
`src="/src/main.tsx"`,
`src="/src/main.tsx?v=${nanoid()}"`
);
const page = await vite.transformIndexHtml(url, template);
res.status(200).set({ "Content-Type": "text/html" }).end(page);
} catch (e) {
vite.ssrFixStacktrace(e as Error);
next(e);
}
});
}
export function serveStatic(app: Express) {
const distPath =
process.env.NODE_ENV === "development"
? path.resolve(import.meta.dirname, "../..", "dist", "public")
: path.resolve(import.meta.dirname, "public");
if (!fs.existsSync(distPath)) {
console.error(
`Could not find the build directory: ${distPath}, make sure to build the client first`
);
}
app.use(express.static(distPath));
// fall through to index.html if the file doesn't exist
app.use("*", (_req, res) => {
res.sendFile(path.resolve(distPath, "index.html"));
});
}

284
server/_core/voiceTranscription.ts Normal file
View File

@@ -0,0 +1,284 @@
/**
* Voice transcription helper using internal Speech-to-Text service
*
* Frontend implementation guide:
* 1. Capture audio using MediaRecorder API
* 2. Upload audio to storage (e.g., S3) to get URL
* 3. Call transcription with the URL
*
* Example usage:
* ```tsx
* // Frontend component
* const transcribeMutation = trpc.voice.transcribe.useMutation({
* onSuccess: (data) => {
* console.log(data.text); // Full transcription
* console.log(data.language); // Detected language
* console.log(data.segments); // Timestamped segments
* }
* });
*
* // After uploading audio to storage
* transcribeMutation.mutate({
* audioUrl: uploadedAudioUrl,
* language: 'en', // optional
* prompt: 'Transcribe the meeting' // optional
* });
* ```
*/
import { ENV } from "./env";
export type TranscribeOptions = {
audioUrl: string; // URL to the audio file (e.g., S3 URL)
language?: string; // Optional: specify language code (e.g., "en", "es", "zh")
prompt?: string; // Optional: custom prompt for the transcription
};
// Native Whisper API segment format
export type WhisperSegment = {
id: number;
seek: number;
start: number;
end: number;
text: string;
tokens: number[];
temperature: number;
avg_logprob: number;
compression_ratio: number;
no_speech_prob: number;
};
// Native Whisper API response format
export type WhisperResponse = {
task: "transcribe";
language: string;
duration: number;
text: string;
segments: WhisperSegment[];
};
export type TranscriptionResponse = WhisperResponse; // Return native Whisper API response directly
export type TranscriptionError = {
error: string;
code: "FILE_TOO_LARGE" | "INVALID_FORMAT" | "TRANSCRIPTION_FAILED" | "UPLOAD_FAILED" | "SERVICE_ERROR";
details?: string;
};
/**
* Transcribe audio to text using the internal Speech-to-Text service
*
* @param options - Audio data and metadata
* @returns Transcription result or error
*/
export async function transcribeAudio(
options: TranscribeOptions
): Promise<TranscriptionResponse | TranscriptionError> {
try {
// Step 1: Validate environment configuration
if (!ENV.forgeApiUrl) {
return {
error: "Voice transcription service is not configured",
code: "SERVICE_ERROR",
details: "BUILT_IN_FORGE_API_URL is not set"
};
}
if (!ENV.forgeApiKey) {
return {
error: "Voice transcription service authentication is missing",
code: "SERVICE_ERROR",
details: "BUILT_IN_FORGE_API_KEY is not set"
};
}
// Step 2: Download audio from URL
let audioBuffer: Buffer;
let mimeType: string;
try {
const response = await fetch(options.audioUrl);
if (!response.ok) {
return {
error: "Failed to download audio file",
code: "INVALID_FORMAT",
details: `HTTP ${response.status}: ${response.statusText}`
};
}
audioBuffer = Buffer.from(await response.arrayBuffer());
mimeType = response.headers.get('content-type') || 'audio/mpeg';
// Check file size (16MB limit)
const sizeMB = audioBuffer.length / (1024 * 1024);
if (sizeMB > 16) {
return {
error: "Audio file exceeds maximum size limit",
code: "FILE_TOO_LARGE",
details: `File size is ${sizeMB.toFixed(2)}MB, maximum allowed is 16MB`
};
}
} catch (error) {
return {
error: "Failed to fetch audio file",
code: "SERVICE_ERROR",
details: error instanceof Error ? error.message : "Unknown error"
};
}
// Step 3: Create FormData for multipart upload to Whisper API
const formData = new FormData();
// Create a Blob from the buffer and append to form
const filename = `audio.${getFileExtension(mimeType)}`;
const audioBlob = new Blob([new Uint8Array(audioBuffer)], { type: mimeType });
formData.append("file", audioBlob, filename);
formData.append("model", "whisper-1");
formData.append("response_format", "verbose_json");
// Add prompt - use custom prompt if provided, otherwise generate based on language
const prompt = options.prompt || (
options.language
? `Transcribe the user's voice to text, the user's working language is ${getLanguageName(options.language)}`
: "Transcribe the user's voice to text"
);
formData.append("prompt", prompt);
// Step 4: Call the transcription service
const baseUrl = ENV.forgeApiUrl.endsWith("/")
? ENV.forgeApiUrl
: `${ENV.forgeApiUrl}/`;
const fullUrl = new URL(
"v1/audio/transcriptions",
baseUrl
).toString();
const response = await fetch(fullUrl, {
method: "POST",
headers: {
authorization: `Bearer ${ENV.forgeApiKey}`,
"Accept-Encoding": "identity",
},
body: formData,
});
if (!response.ok) {
const errorText = await response.text().catch(() => "");
return {
error: "Transcription service request failed",
code: "TRANSCRIPTION_FAILED",
details: `${response.status} ${response.statusText}${errorText ? `: ${errorText}` : ""}`
};
}
// Step 5: Parse and return the transcription result
const whisperResponse = await response.json() as WhisperResponse;
// Validate response structure
if (!whisperResponse.text || typeof whisperResponse.text !== 'string') {
return {
error: "Invalid transcription response",
code: "SERVICE_ERROR",
details: "Transcription service returned an invalid response format"
};
}
return whisperResponse; // Return native Whisper API response directly
} catch (error) {
// Handle unexpected errors
return {
error: "Voice transcription failed",
code: "SERVICE_ERROR",
details: error instanceof Error ? error.message : "An unexpected error occurred"
};
}
}
/**
* Helper function to get file extension from MIME type
*/
function getFileExtension(mimeType: string): string {
const mimeToExt: Record<string, string> = {
'audio/webm': 'webm',
'audio/mp3': 'mp3',
'audio/mpeg': 'mp3',
'audio/wav': 'wav',
'audio/wave': 'wav',
'audio/ogg': 'ogg',
'audio/m4a': 'm4a',
'audio/mp4': 'm4a',
};
return mimeToExt[mimeType] || 'audio';
}
/**
* Helper function to get full language name from ISO code
*/
function getLanguageName(langCode: string): string {
const langMap: Record<string, string> = {
'en': 'English',
'es': 'Spanish',
'fr': 'French',
'de': 'German',
'it': 'Italian',
'pt': 'Portuguese',
'ru': 'Russian',
'ja': 'Japanese',
'ko': 'Korean',
'zh': 'Chinese',
'ar': 'Arabic',
'hi': 'Hindi',
'nl': 'Dutch',
'pl': 'Polish',
'tr': 'Turkish',
'sv': 'Swedish',
'da': 'Danish',
'no': 'Norwegian',
'fi': 'Finnish',
};
return langMap[langCode] || langCode;
}
/**
* Example tRPC procedure implementation:
*
* ```ts
* // In server/routers.ts
* import { transcribeAudio } from "./_core/voiceTranscription";
*
* export const voiceRouter = router({
* transcribe: protectedProcedure
* .input(z.object({
* audioUrl: z.string(),
* language: z.string().optional(),
* prompt: z.string().optional(),
* }))
* .mutation(async ({ input, ctx }) => {
* const result = await transcribeAudio(input);
*
* // Check if it's an error
* if ('error' in result) {
* throw new TRPCError({
* code: 'BAD_REQUEST',
* message: result.error,
* cause: result,
* });
* }
*
* // Optionally save transcription to database
* await db.insert(transcriptions).values({
* userId: ctx.user.id,
* text: result.text,
* duration: result.duration,
* language: result.language,
* audioUrl: input.audioUrl,
* createdAt: new Date(),
* });
*
* return result;
* }),
* });
* ```
*/

62
server/auth.logout.test.ts Normal file
View File

@@ -0,0 +1,62 @@
import { describe, expect, it } from "vitest";
import { appRouter } from "./routers";
import { COOKIE_NAME } from "../shared/const";
import type { TrpcContext } from "./_core/context";
type CookieCall = {
name: string;
options: Record<string, unknown>;
};
type AuthenticatedUser = NonNullable<TrpcContext["user"]>;
function createAuthContext(): { ctx: TrpcContext; clearedCookies: CookieCall[] } {
const clearedCookies: CookieCall[] = [];
const user: AuthenticatedUser = {
id: 1,
openId: "sample-user",
email: "sample@example.com",
name: "Sample User",
loginMethod: "manus",
role: "user",
createdAt: new Date(),
updatedAt: new Date(),
lastSignedIn: new Date(),
};
const ctx: TrpcContext = {
user,
req: {
protocol: "https",
headers: {},
} as TrpcContext["req"],
res: {
clearCookie: (name: string, options: Record<string, unknown>) => {
clearedCookies.push({ name, options });
},
} as TrpcContext["res"],
};
return { ctx, clearedCookies };
}
describe("auth.logout", () => {
it("clears the session cookie and reports success", async () => {
const { ctx, clearedCookies } = createAuthContext();
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.logout();
expect(result).toEqual({ success: true });
expect(clearedCookies).toHaveLength(1);
expect(clearedCookies[0]?.name).toBe(COOKIE_NAME);
expect(clearedCookies[0]?.options).toMatchObject({
maxAge: -1,
secure: true,
sameSite: "none",
httpOnly: true,
path: "/",
});
});
});

905
server/db.ts Normal file
View File

@@ -0,0 +1,905 @@
import { and, desc, eq, ilike, inArray, like, or, sql } from "drizzle-orm";
import { drizzle } from "drizzle-orm/mysql2";
import {
InsertUser,
blocsFonctionnels,
consultations,
demandesContact,
editeurs,
etablissements,
logicielsEtablissements,
solutions,
users,
} from "../drizzle/schema";
import { ENV } from "./_core/env";
let _db: ReturnType<typeof drizzle> | null = null;
export async function getDb() {
if (!_db && process.env.DATABASE_URL) {
try {
_db = drizzle(process.env.DATABASE_URL);
} catch (error) {
console.warn("[Database] Failed to connect:", error);
_db = null;
}
}
return _db;
}
// ─── Utilisateurs ─────────────────────────────────────────────────────────────
export async function upsertUser(user: InsertUser): Promise<void> {
if (!user.openId) throw new Error("User openId is required for upsert");
const db = await getDb();
if (!db) { console.warn("[Database] Cannot upsert user: database not available"); return; }
const values: InsertUser = { openId: user.openId };
const updateSet: Record<string, unknown> = {};
const textFields = ["name", "email", "loginMethod"] as const;
for (const field of textFields) {
const value = user[field];
if (value === undefined) continue;
const normalized = value ?? null;
values[field] = normalized;
updateSet[field] = normalized;
}
if (user.lastSignedIn !== undefined) { values.lastSignedIn = user.lastSignedIn; updateSet.lastSignedIn = user.lastSignedIn; }
if (user.role !== undefined) { values.role = user.role; updateSet.role = user.role; }
else if (user.openId === ENV.ownerOpenId) { values.role = "admin"; updateSet.role = "admin"; }
if (!values.lastSignedIn) values.lastSignedIn = new Date();
if (Object.keys(updateSet).length === 0) updateSet.lastSignedIn = new Date();
await db.insert(users).values(values).onDuplicateKeyUpdate({ set: updateSet });
}
export async function getUserByOpenId(openId: string) {
const db = await getDb();
if (!db) return undefined;
const result = await db.select().from(users).where(eq(users.openId, openId)).limit(1);
return result.length > 0 ? result[0] : undefined;
}
export async function updateUserCgu(userId: number) {
const db = await getDb();
if (!db) return;
await db.update(users).set({ cguAccepted: true, cguAcceptedAt: new Date() }).where(eq(users.id, userId));
}
export async function updateUserSonumRole(userId: number, sonumRole: "referent" | "gestionnaire" | "adherent") {
const db = await getDb();
if (!db) return;
await db.update(users).set({ sonumRole }).where(eq(users.id, userId));
}
export async function getAllUsers() {
const db = await getDb();
if (!db) return [];
return db.select().from(users).orderBy(desc(users.createdAt));
}
// ─── Référentiel ──────────────────────────────────────────────────────────────
export async function getEditeurs() {
const db = await getDb();
if (!db) return [];
return db.select().from(editeurs).where(eq(editeurs.estValide, true)).orderBy(editeurs.nom);
}
export async function createEditeur(nom: string, estValide = false) {
const db = await getDb();
if (!db) return null;
const result = await db.insert(editeurs).values({ nom, estValide });
return result[0];
}
export async function getBlocsFonctionnels() {
const db = await getDb();
if (!db) return [];
return db.select().from(blocsFonctionnels).orderBy(blocsFonctionnels.nom);
}
export async function createBlocFonctionnel(nom: string, estValide = false) {
const db = await getDb();
if (!db) return null;
const result = await db.insert(blocsFonctionnels).values({ nom, estValide });
return result[0];
}
export async function getSolutions(search?: string) {
const db = await getDb();
if (!db) return [];
const query = db
.select({
id: solutions.id,
nom: solutions.nom,
editeurId: solutions.editeurId,
editeurNom: editeurs.nom,
blocFonctionnelId: solutions.blocFonctionnelId,
blocFonctionnelNom: blocsFonctionnels.nom,
estValide: solutions.estValide,
})
.from(solutions)
.leftJoin(editeurs, eq(solutions.editeurId, editeurs.id))
.leftJoin(blocsFonctionnels, eq(solutions.blocFonctionnelId, blocsFonctionnels.id))
.where(
search
? and(eq(solutions.estValide, true), or(like(solutions.nom, `%${search}%`), like(editeurs.nom, `%${search}%`)))
: eq(solutions.estValide, true)
)
.orderBy(solutions.nom);
return query;
}
export async function createSolution(nom: string, editeurId: number, blocFonctionnelId?: number | null, estValide = false) {
const db = await getDb();
if (!db) return null;
const result = await db.insert(solutions).values({ nom, editeurId, blocFonctionnelId: blocFonctionnelId ?? null, estValide });
// result[0] est un ResultSetHeader MySQL, on retourne l'insertId directement
const insertId = (result[0] as any).insertId as number;
return insertId;
}
// ─── Établissements ───────────────────────────────────────────────────────────
export async function getEtablissementsByReferent(referentId: number) {
const db = await getDb();
if (!db) return [];
return db.select().from(etablissements).where(eq(etablissements.referentId, referentId)).orderBy(etablissements.nom);
}
export async function getAllEtablissements() {
const db = await getDb();
if (!db) return [];
return db.select().from(etablissements).orderBy(etablissements.nom);
}
export async function getEtablissementById(id: number) {
const db = await getDb();
if (!db) return null;
const result = await db.select().from(etablissements).where(eq(etablissements.id, id)).limit(1);
return result[0] ?? null;
}
export async function searchEtablissements(filters: {
solutionId?: number;
editeurId?: number;
blocFonctionnelId?: number;
region?: string;
typeActivite?: string;
tailleEffectifs?: string;
etatDeploiement?: string;
userId?: number;
sonumRole?: string;
}) {
const db = await getDb();
if (!db) return [];
const conditions: any[] = [];
// Visibilité : si pas gestionnaire, on ne montre que les fiches "tous"
if (filters.sonumRole !== "gestionnaire") {
conditions.push(eq(etablissements.visibilite, "tous"));
}
if (filters.region) conditions.push(eq(etablissements.region, filters.region));
if (filters.typeActivite) conditions.push(eq(etablissements.typeActivite, filters.typeActivite));
if (filters.tailleEffectifs) conditions.push(eq(etablissements.tailleEffectifs, filters.tailleEffectifs));
// Filtres sur les logiciels (nécessitent une jointure)
const needsJoin = filters.solutionId || filters.editeurId || filters.blocFonctionnelId || filters.etatDeploiement;
if (needsJoin) {
// Filtres sur la table logiciels_etablissements
const leConditions: any[] = [eq(logicielsEtablissements.etablissementId, etablissements.id)];
if (filters.solutionId) leConditions.push(eq(logicielsEtablissements.solutionId, filters.solutionId));
if (filters.etatDeploiement) leConditions.push(eq(logicielsEtablissements.etatDeploiement, filters.etatDeploiement as any));
// Filtres sur les solutions (editeurId, blocFonctionnelId)
const solConditions: any[] = [eq(solutions.id, logicielsEtablissements.solutionId)];
if (filters.editeurId) solConditions.push(eq(solutions.editeurId, filters.editeurId));
if (filters.blocFonctionnelId) solConditions.push(eq(solutions.blocFonctionnelId, filters.blocFonctionnelId));
const subquery = db
.select({ etablissementId: logicielsEtablissements.etablissementId })
.from(logicielsEtablissements)
.innerJoin(solutions, and(...solConditions))
.where(and(...leConditions));
conditions.push(inArray(etablissements.id, subquery));
}
const result = await db
.select({
id: etablissements.id,
finess: etablissements.finess,
nom: etablissements.nom,
region: etablissements.region,
departement: etablissements.departement,
typeActivite: etablissements.typeActivite,
tailleEffectifs: etablissements.tailleEffectifs,
referentId: etablissements.referentId,
visibilite: etablissements.visibilite,
accepteMiseEnRelation: etablissements.accepteMiseEnRelation,
})
.from(etablissements)
.where(conditions.length > 0 ? and(...conditions) : undefined)
.orderBy(etablissements.nom);
return result;
}
// ─── Logiciels par Établissement ─────────────────────────────────────────────
export async function getLogicielsByEtablissement(etablissementId: number) {
const db = await getDb();
if (!db) return [];
return db
.select({
id: logicielsEtablissements.id,
etablissementId: logicielsEtablissements.etablissementId,
solutionId: logicielsEtablissements.solutionId,
solutionNom: solutions.nom,
editeurNom: editeurs.nom,
blocFonctionnelNom: blocsFonctionnels.nom,
etatDeploiement: logicielsEtablissements.etatDeploiement,
modeHebergement: logicielsEtablissements.modeHebergement,
modeFacturation: logicielsEtablissements.modeFacturation,
interoperabilite: logicielsEtablissements.interoperabilite,
versionMajeure: logicielsEtablissements.versionMajeure,
commentaire: logicielsEtablissements.commentaire,
contactNom: logicielsEtablissements.contactNom,
contactFonction: logicielsEtablissements.contactFonction,
contactEmail: logicielsEtablissements.contactEmail,
createdAt: logicielsEtablissements.createdAt,
updatedAt: logicielsEtablissements.updatedAt,
})
.from(logicielsEtablissements)
.leftJoin(solutions, eq(logicielsEtablissements.solutionId, solutions.id))
.leftJoin(editeurs, eq(solutions.editeurId, editeurs.id))
.leftJoin(blocsFonctionnels, eq(solutions.blocFonctionnelId, blocsFonctionnels.id))
.where(eq(logicielsEtablissements.etablissementId, etablissementId))
.orderBy(logicielsEtablissements.createdAt);
}
export async function upsertLogicielEtablissement(data: {
id?: number;
etablissementId: number;
solutionId: number;
etatDeploiement: "demarrage" | "en_cours" | "operationnel" | "en_remplacement";
modeHebergement?: "hds" | "on_premise" | "hybride" | null;
modeFacturation?: "saas" | "achat_maintenance" | "location" | null;
interoperabilite?: "non" | "oui_interface" | "oui_eai" | null;
versionMajeure?: string | null;
commentaire?: string | null;
contactNom?: string | null;
contactFonction?: string | null;
contactEmail?: string | null;
saisiePar?: number;
}) {
const db = await getDb();
if (!db) return null;
if (data.id) {
await db.update(logicielsEtablissements).set({ ...data, updatedAt: new Date() }).where(eq(logicielsEtablissements.id, data.id));
return data.id;
}
const result = await db.insert(logicielsEtablissements).values(data);
return result[0];
}
export async function deleteLogicielEtablissement(id: number) {
const db = await getDb();
if (!db) return;
await db.delete(logicielsEtablissements).where(eq(logicielsEtablissements.id, id));
}
// ─── Traçabilité ──────────────────────────────────────────────────────────────
export async function recordConsultation(etablissementId: number, userId: number, userName: string) {
const db = await getDb();
if (!db) return;
await db.insert(consultations).values({ etablissementId, consultePar: userId, consultéParNom: userName });
}
export async function getConsultationCount(etablissementId: number) {
const db = await getDb();
if (!db) return 0;
const result = await db
.select({ count: sql<number>`count(*)` })
.from(consultations)
.where(eq(consultations.etablissementId, etablissementId));
return Number(result[0]?.count ?? 0);
}
export async function getConsultationsList(etablissementId: number) {
const db = await getDb();
if (!db) return [];
return db
.select()
.from(consultations)
.where(eq(consultations.etablissementId, etablissementId))
.orderBy(desc(consultations.createdAt))
.limit(50);
}
// ─── Demandes de Contact ──────────────────────────────────────────────────────
export async function createDemandeContact(data: {
etablissementCibleId: number;
demandeurId: number;
demandeurNom: string;
demandeurEmail: string;
message: string;
}) {
const db = await getDb();
if (!db) return null;
const result = await db.insert(demandesContact).values(data);
return result[0];
}
export async function getDemandesByDemandeur(demandeurId: number) {
const db = await getDb();
if (!db) return [];
return db
.select({
id: demandesContact.id,
etablissementNom: etablissements.nom,
message: demandesContact.message,
statut: demandesContact.statut,
reponse: demandesContact.reponse,
reponduAt: demandesContact.reponduAt,
createdAt: demandesContact.createdAt,
})
.from(demandesContact)
.leftJoin(etablissements, eq(demandesContact.etablissementCibleId, etablissements.id))
.where(eq(demandesContact.demandeurId, demandeurId))
.orderBy(desc(demandesContact.createdAt));
}
export async function getDemandesRecuesParEtablissement(referentId: number) {
const db = await getDb();
if (!db) return [];
return db
.select({
id: demandesContact.id,
etablissementNom: etablissements.nom,
demandeurNom: demandesContact.demandeurNom,
demandeurEmail: demandesContact.demandeurEmail,
message: demandesContact.message,
statut: demandesContact.statut,
reponse: demandesContact.reponse,
reponduAt: demandesContact.reponduAt,
createdAt: demandesContact.createdAt,
})
.from(demandesContact)
.leftJoin(etablissements, eq(demandesContact.etablissementCibleId, etablissements.id))
.where(eq(etablissements.referentId, referentId))
.orderBy(desc(demandesContact.createdAt));
}
export async function getAllDemandes() {
const db = await getDb();
if (!db) return [];
return db
.select({
id: demandesContact.id,
etablissementNom: etablissements.nom,
demandeurNom: demandesContact.demandeurNom,
demandeurEmail: demandesContact.demandeurEmail,
message: demandesContact.message,
statut: demandesContact.statut,
reponse: demandesContact.reponse,
reponduAt: demandesContact.reponduAt,
createdAt: demandesContact.createdAt,
})
.from(demandesContact)
.leftJoin(etablissements, eq(demandesContact.etablissementCibleId, etablissements.id))
.orderBy(desc(demandesContact.createdAt));
}
export async function repondreDemandeContact(id: number, reponse: string, reponsePar: number) {
const db = await getDb();
if (!db) return;
await db
.update(demandesContact)
.set({ reponse, reponsePar, statut: "repondu", reponduAt: new Date(), updatedAt: new Date() })
.where(eq(demandesContact.id, id));
}
export async function getDemandeById(id: number) {
const db = await getDb();
if (!db) return null;
const result = await db.select().from(demandesContact).where(eq(demandesContact.id, id)).limit(1);
return result[0] ?? null;
}
// ─── Auth locale ──────────────────────────────────────────────────────────────
import { localCredentials, userEtablissements } from "../drizzle/schema";
import bcrypt from "bcryptjs";
import { nanoid } from "nanoid";
/** Crée un utilisateur local (sans openId OAuth) avec un mot de passe hashé. */
export async function createLocalUser(data: {
name: string;
email: string;
sonumRole: "referent" | "gestionnaire" | "adherent";
password: string;
}) {
const db = await getDb();
if (!db) throw new Error("Database not available");
// Vérifier unicité email
const existing = await db.select().from(users).where(eq(users.email, data.email)).limit(1);
if (existing.length > 0) throw new Error("EMAIL_EXISTS");
// openId synthétique pour les comptes locaux
const syntheticOpenId = `local_${nanoid(16)}`;
const passwordHash = await bcrypt.hash(data.password, 12);
const insertResult = await db.insert(users).values({
openId: syntheticOpenId,
name: data.name,
email: data.email,
loginMethod: "local",
sonumRole: data.sonumRole,
cguAccepted: false,
lastSignedIn: new Date(),
});
const userId = Number((insertResult as any)[0]?.insertId ?? 0);
if (!userId) throw new Error("Failed to create user");
await db.insert(localCredentials).values({ userId, passwordHash });
return userId;
}
/** Authentifie un utilisateur par email + mot de passe. Retourne l'utilisateur ou null. */
export async function authenticateLocalUser(email: string, password: string) {
const db = await getDb();
if (!db) return null;
const result = await db
.select({
user: users,
passwordHash: localCredentials.passwordHash,
})
.from(users)
.innerJoin(localCredentials, eq(localCredentials.userId, users.id))
.where(eq(users.email, email))
.limit(1);
if (!result.length) return null;
const { user, passwordHash } = result[0];
const valid = await bcrypt.compare(password, passwordHash);
if (!valid) return null;
// Mettre à jour lastSignedIn
await db.update(users).set({ lastSignedIn: new Date() }).where(eq(users.id, user.id));
return user;
}
/** Vérifie si un utilisateur possède des credentials locaux. */
export async function hasLocalCredentials(userId: number) {
const db = await getDb();
if (!db) return false;
const result = await db.select().from(localCredentials).where(eq(localCredentials.userId, userId)).limit(1);
return result.length > 0;
}
/** Met à jour le mot de passe d'un utilisateur. */
export async function updateLocalPassword(userId: number, newPassword: string) {
const db = await getDb();
if (!db) return;
const passwordHash = await bcrypt.hash(newPassword, 12);
const existing = await db.select().from(localCredentials).where(eq(localCredentials.userId, userId)).limit(1);
if (existing.length > 0) {
await db.update(localCredentials).set({ passwordHash, updatedAt: new Date() }).where(eq(localCredentials.userId, userId));
} else {
await db.insert(localCredentials).values({ userId, passwordHash });
}
}
/** Met à jour les informations d'un utilisateur. */
export async function updateUser(userId: number, data: {
name?: string;
email?: string;
sonumRole?: "referent" | "gestionnaire" | "adherent";
}) {
const db = await getDb();
if (!db) return;
await db.update(users).set({ ...data, updatedAt: new Date() }).where(eq(users.id, userId));
}
/** Supprime un utilisateur et ses credentials locaux. */
export async function deleteUser(userId: number) {
const db = await getDb();
if (!db) return;
await db.delete(localCredentials).where(eq(localCredentials.userId, userId));
await db.delete(userEtablissements).where(eq(userEtablissements.userId, userId));
await db.delete(users).where(eq(users.id, userId));
}
// ─── Affectations Adhérents ↔ Établissements ─────────────────────────────────
/** Retourne les établissements affectés à un adhérent. */
export async function getEtablissementsByAdherent(userId: number) {
const db = await getDb();
if (!db) return [];
return db
.select({
id: etablissements.id,
finess: etablissements.finess,
nom: etablissements.nom,
region: etablissements.region,
departement: etablissements.departement,
typeActivite: etablissements.typeActivite,
tailleEffectifs: etablissements.tailleEffectifs,
referentId: etablissements.referentId,
visibilite: etablissements.visibilite,
accepteMiseEnRelation: etablissements.accepteMiseEnRelation,
})
.from(userEtablissements)
.innerJoin(etablissements, eq(userEtablissements.etablissementId, etablissements.id))
.where(eq(userEtablissements.userId, userId))
.orderBy(etablissements.nom);
}
/** Retourne les IDs des établissements affectés à un adhérent. */
export async function getAffectationsByUser(userId: number) {
const db = await getDb();
if (!db) return [];
const result = await db
.select({ etablissementId: userEtablissements.etablissementId })
.from(userEtablissements)
.where(eq(userEtablissements.userId, userId));
return result.map((r) => r.etablissementId);
}
/** Affecte un établissement à un adhérent (idempotent). */
export async function assignEtablissementToUser(userId: number, etablissementId: number) {
const db = await getDb();
if (!db) return;
const existing = await db
.select()
.from(userEtablissements)
.where(and(eq(userEtablissements.userId, userId), eq(userEtablissements.etablissementId, etablissementId)))
.limit(1);
if (existing.length === 0) {
await db.insert(userEtablissements).values({ userId, etablissementId });
}
}
/** Retire un établissement d'un adhérent. */
export async function removeEtablissementFromUser(userId: number, etablissementId: number) {
const db = await getDb();
if (!db) return;
await db
.delete(userEtablissements)
.where(and(eq(userEtablissements.userId, userId), eq(userEtablissements.etablissementId, etablissementId)));
}
/** Remplace toutes les affectations d'un adhérent par une nouvelle liste. */
export async function setAffectationsForUser(userId: number, etablissementIds: number[]) {
const db = await getDb();
if (!db) return;
await db.delete(userEtablissements).where(eq(userEtablissements.userId, userId));
if (etablissementIds.length > 0) {
await db.insert(userEtablissements).values(etablissementIds.map((eid) => ({ userId, etablissementId: eid })));
}
}
/** Retourne tous les utilisateurs avec leurs affectations. */
export async function getAllUsersWithAffectations() {
const db = await getDb();
if (!db) return [];
const allUsers = await db.select().from(users).orderBy(users.name);
const allAffectations = await db
.select({
userId: userEtablissements.userId,
etablissementId: userEtablissements.etablissementId,
etablissementNom: etablissements.nom,
})
.from(userEtablissements)
.innerJoin(etablissements, eq(userEtablissements.etablissementId, etablissements.id));
return allUsers.map((u) => ({
...u,
etablissements: allAffectations
.filter((a) => a.userId === u.id)
.map((a) => ({ id: a.etablissementId, nom: a.etablissementNom })),
hasLocalCredentials: false, // sera enrichi côté router si besoin
}));
}
// ─── Mes Solutions Numériques ─────────────────────────────────────────────────
/**
* Retourne toutes les solutions utilisées par les établissements dont l'utilisateur est référent/adhérent,
* groupées par solution avec la liste des établissements équipés.
*/
export async function getMesSolutionsGroupees(userId: number, sonumRole: string) {
const db = await getDb();
if (!db) return [];
// Récupérer les établissements accessibles selon le rôle
let etablissementIds: number[] = [];
if (sonumRole === "gestionnaire") {
const all = await db.select({ id: etablissements.id }).from(etablissements);
etablissementIds = all.map((e) => e.id);
} else if (sonumRole === "adherent") {
etablissementIds = await getAffectationsByUser(userId);
} else {
// référent : établissements dont il est référent
const refs = await db
.select({ id: etablissements.id })
.from(etablissements)
.where(eq(etablissements.referentId, userId));
etablissementIds = refs.map((e) => e.id);
}
if (etablissementIds.length === 0) return [];
const rows = await db
.select({
solutionId: solutions.id,
solutionNom: solutions.nom,
editeurNom: editeurs.nom,
blocFonctionnelNom: blocsFonctionnels.nom,
etablissementId: etablissements.id,
etablissementNom: etablissements.nom,
etablissementRegion: etablissements.region,
etatDeploiement: logicielsEtablissements.etatDeploiement,
})
.from(logicielsEtablissements)
.innerJoin(solutions, eq(logicielsEtablissements.solutionId, solutions.id))
.innerJoin(editeurs, eq(solutions.editeurId, editeurs.id))
.leftJoin(blocsFonctionnels, eq(solutions.blocFonctionnelId, blocsFonctionnels.id))
.innerJoin(etablissements, eq(logicielsEtablissements.etablissementId, etablissements.id))
.where(inArray(logicielsEtablissements.etablissementId, etablissementIds))
.orderBy(solutions.nom, etablissements.nom);
// Grouper par solution
const map = new Map<number, {
solutionId: number;
solutionNom: string;
editeurId: number | null;
editeurNom: string;
blocFonctionnelId: number | null;
blocFonctionnelNom: string | null;
nbEtablissements: number;
etablissements: { id: number; nom: string; region: string | null; etatDeploiement: string }[];
}>();
for (const row of rows) {
if (!map.has(row.solutionId)) {
map.set(row.solutionId, {
solutionId: row.solutionId,
solutionNom: row.solutionNom ?? "",
editeurId: null,
editeurNom: row.editeurNom ?? "",
blocFonctionnelId: null,
blocFonctionnelNom: row.blocFonctionnelNom ?? null,
nbEtablissements: 0,
etablissements: [],
});
}
const entry = map.get(row.solutionId)!;
if (row.etablissementId) {
entry.etablissements.push({
id: row.etablissementId,
nom: row.etablissementNom ?? "",
region: row.etablissementRegion ?? null,
etatDeploiement: row.etatDeploiement ?? "",
});
entry.nbEtablissements = entry.etablissements.length;
}
}
return Array.from(map.values());
}
/***
* Retourne toutes les solutions du référentiel avec les établissements équipés (vue globale).
* Accessible à tous les utilisateurs connectés.
*/
export async function getToutesLesSolutionsGroupees() {
const db = await getDb();
if (!db) return [];
const rows = await db
.select({
solutionId: solutions.id,
solutionNom: solutions.nom,
editeurId: solutions.editeurId,
editeurNom: editeurs.nom,
blocFonctionnelId: solutions.blocFonctionnelId,
blocFonctionnelNom: blocsFonctionnels.nom,
etablissementId: etablissements.id,
etablissementNom: etablissements.nom,
etablissementRegion: etablissements.region,
etatDeploiement: logicielsEtablissements.etatDeploiement,
})
.from(solutions)
.leftJoin(editeurs, eq(solutions.editeurId, editeurs.id))
.leftJoin(blocsFonctionnels, eq(solutions.blocFonctionnelId, blocsFonctionnels.id))
.leftJoin(logicielsEtablissements, eq(logicielsEtablissements.solutionId, solutions.id))
.leftJoin(etablissements, eq(logicielsEtablissements.etablissementId, etablissements.id))
.orderBy(solutions.nom, etablissements.nom);
const map = new Map<number, {
solutionId: number;
solutionNom: string;
editeurId: number | null;
editeurNom: string;
blocFonctionnelId: number | null;
blocFonctionnelNom: string | null;
nbEtablissements: number;
etablissements: { id: number; nom: string; region: string | null; etatDeploiement: string }[];
}>();
for (const row of rows) {
if (!map.has(row.solutionId)) {
map.set(row.solutionId, {
solutionId: row.solutionId,
solutionNom: row.solutionNom ?? "",
editeurId: row.editeurId ?? null,
editeurNom: row.editeurNom ?? "",
blocFonctionnelId: row.blocFonctionnelId ?? null,
blocFonctionnelNom: row.blocFonctionnelNom ?? null,
nbEtablissements: 0,
etablissements: [],
});
}
if (row.etablissementId) {
map.get(row.solutionId)!.etablissements.push({
id: row.etablissementId,
nom: row.etablissementNom ?? "",
region: row.etablissementRegion ?? null,
etatDeploiement: row.etatDeploiement ?? "",
});
map.get(row.solutionId)!.nbEtablissements++;
}
}
return Array.from(map.values());
}
export async function updateSolution(id: number, nom: string, editeurId: number, blocFonctionnelId: number | null) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.update(solutions).set({ nom, editeurId, blocFonctionnelId }).where(eq(solutions.id, id));
return { id };
}
export async function deleteSolution(id: number) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.delete(solutions).where(eq(solutions.id, id));
return { success: true };
}
// ─── CRUD Éditeurs ────────────────────────────────────────────────────────────
export async function updateEditeur(id: number, nom: string) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.update(editeurs).set({ nom }).where(eq(editeurs.id, id));
return { id };
}
export async function deleteEditeur(id: number) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.delete(editeurs).where(eq(editeurs.id, id));
return { id };
}
// ─── CRUD Blocs Fonctionnels ──────────────────────────────────────────────────
export async function updateBlocFonctionnel(id: number, nom: string) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.update(blocsFonctionnels).set({ nom }).where(eq(blocsFonctionnels.id, id));
return { id };
}
export async function deleteBlocFonctionnel(id: number) {
const db = await getDb();
if (!db) throw new Error("DB unavailable");
await db.delete(blocsFonctionnels).where(eq(blocsFonctionnels.id, id));
return { id };
}
// ─── Statistiques ─────────────────────────────────────────────────────────────
export async function getStatistiques() {
const db = await getDb();
if (!db) return null;
// Total établissements
const [{ total: totalEtablissements }] = await db
.select({ total: sql<number>`COUNT(*)` })
.from(etablissements);
// Total solutions distinctes utilisées
const [{ total: totalSolutions }] = await db
.select({ total: sql<number>`COUNT(DISTINCT solutionId)` })
.from(logicielsEtablissements);
// Total fiches logiciels (lignes logiciels_etablissements)
const [{ total: totalFiches }] = await db
.select({ total: sql<number>`COUNT(*)` })
.from(logicielsEtablissements);
// Établissements avec au moins un logiciel
const [{ total: etabAvecLogiciel }] = await db
.select({ total: sql<number>`COUNT(DISTINCT etablissementId)` })
.from(logicielsEtablissements);
// Répartition par bloc fonctionnel
const parBloc = await db
.select({
blocNom: blocsFonctionnels.nom,
count: sql<number>`COUNT(DISTINCT ${logicielsEtablissements.etablissementId})`,
})
.from(logicielsEtablissements)
.innerJoin(solutions, eq(logicielsEtablissements.solutionId, solutions.id))
.leftJoin(blocsFonctionnels, eq(solutions.blocFonctionnelId, blocsFonctionnels.id))
.groupBy(blocsFonctionnels.nom)
.orderBy(sql`COUNT(DISTINCT ${logicielsEtablissements.etablissementId}) DESC`);
// Répartition par région
const parRegion = await db
.select({
region: etablissements.region,
count: sql<number>`COUNT(DISTINCT ${etablissements.id})`,
})
.from(etablissements)
.groupBy(etablissements.region)
.orderBy(sql`COUNT(DISTINCT ${etablissements.id}) DESC`);
// Répartition par état de déploiement
const parEtat = await db
.select({
etat: logicielsEtablissements.etatDeploiement,
count: sql<number>`COUNT(*)`,
})
.from(logicielsEtablissements)
.groupBy(logicielsEtablissements.etatDeploiement)
.orderBy(sql`COUNT(*) DESC`);
// Top 10 solutions les plus utilisées
const topSolutions = await db
.select({
solutionNom: solutions.nom,
editeurNom: editeurs.nom,
count: sql<number>`COUNT(DISTINCT ${logicielsEtablissements.etablissementId})`,
})
.from(logicielsEtablissements)
.innerJoin(solutions, eq(logicielsEtablissements.solutionId, solutions.id))
.leftJoin(editeurs, eq(solutions.editeurId, editeurs.id))
.groupBy(solutions.id, solutions.nom, editeurs.nom)
.orderBy(sql`COUNT(DISTINCT ${logicielsEtablissements.etablissementId}) DESC`)
.limit(10);
// Taux de remplissage (% établissements avec au moins 1 logiciel)
const tauxRemplissage = totalEtablissements > 0
? Math.round((Number(etabAvecLogiciel) / Number(totalEtablissements)) * 100)
: 0;
return {
totalEtablissements: Number(totalEtablissements),
totalSolutions: Number(totalSolutions),
totalFiches: Number(totalFiches),
etabAvecLogiciel: Number(etabAvecLogiciel),
tauxRemplissage,
parBloc: parBloc.map((r) => ({ nom: r.blocNom ?? "Non renseigné", count: Number(r.count) })),
parRegion: parRegion.map((r) => ({ nom: r.region ?? "Non renseignée", count: Number(r.count) })),
parEtat: parEtat.map((r) => ({ nom: r.etat ?? "Inconnu", count: Number(r.count) })),
topSolutions: topSolutions.map((r) => ({
nom: r.solutionNom ?? "",
editeur: r.editeurNom ?? "",
count: Number(r.count),
})),
};
}

542
server/routers.ts Normal file
View File

@@ -0,0 +1,542 @@
import { TRPCError } from "@trpc/server";
import { z } from "zod";
import {
assignEtablissementToUser,
authenticateLocalUser,
createDemandeContact,
createBlocFonctionnel,
updateBlocFonctionnel,
deleteBlocFonctionnel,
createEditeur,
updateEditeur,
deleteEditeur,
createLocalUser,
createSolution,
updateSolution,
deleteSolution,
getStatistiques,
deleteLogicielEtablissement,
deleteUser,
getAllDemandes,
getAllEtablissements,
getAllUsersWithAffectations,
getAffectationsByUser,
getBlocsFonctionnels,
getConsultationCount,
getConsultationsList,
getDemandeById,
getDemandesByDemandeur,
getDemandesRecuesParEtablissement,
getEditeurs,
getEtablissementById,
getEtablissementsByAdherent,
getEtablissementsByReferent,
getLogicielsByEtablissement,
getMesSolutionsGroupees,
getToutesLesSolutionsGroupees,
getSolutions,
recordConsultation,
removeEtablissementFromUser,
repondreDemandeContact,
setAffectationsForUser,
updateLocalPassword,
updateUser,
updateUserCgu,
updateUserSonumRole,
upsertLogicielEtablissement,
upsertUser,
} from "./db";
import { COOKIE_NAME } from "@shared/const";
import { getSessionCookieOptions } from "./_core/cookies";
import { systemRouter } from "./_core/systemRouter";
import { protectedProcedure, publicProcedure, router } from "./_core/trpc";
import { notifyOwner } from "./_core/notification";
import { getDb } from "./db";
import { etablissements } from "../drizzle/schema";
import { eq } from "drizzle-orm";
import { sdk } from "./_core/sdk";
// ─── Middleware gestionnaire SONUM ────────────────────────────────────────────
const gestionnaireProcedure = protectedProcedure.use(({ ctx, next }) => {
if (ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
throw new TRPCError({ code: "FORBIDDEN", message: "Accès réservé aux gestionnaires SONUM" });
}
return next({ ctx });
});
// ─── Router principal ─────────────────────────────────────────────────────────
export const appRouter = router({
system: systemRouter,
// ─── Auth ──────────────────────────────────────────────────────────────────
auth: router({
me: publicProcedure.query((opts) => opts.ctx.user),
logout: publicProcedure.mutation(({ ctx }) => {
const cookieOptions = getSessionCookieOptions(ctx.req);
ctx.res.clearCookie(COOKIE_NAME, { ...cookieOptions, maxAge: -1 });
return { success: true } as const;
}),
/**
* Connexion locale par email + mot de passe.
* Crée un cookie de session identique à celui de l'OAuth.
*/
loginLocal: publicProcedure
.input(z.object({
email: z.string().email(),
password: z.string().min(1),
}))
.mutation(async ({ input, ctx }) => {
const user = await authenticateLocalUser(input.email, input.password);
if (!user) {
throw new TRPCError({ code: "UNAUTHORIZED", message: "Email ou mot de passe incorrect" });
}
// Créer un token de session avec l'openId de l'utilisateur local
const sessionToken = await sdk.createSessionToken(user.openId!, {
name: user.name ?? "",
});
const cookieOptions = getSessionCookieOptions(ctx.req);
ctx.res.cookie(COOKIE_NAME, sessionToken, {
...cookieOptions,
maxAge: 1000 * 60 * 60 * 24 * 365, // 1 an
});
return { success: true, user };
}),
}),
// ─── CGU ───────────────────────────────────────────────────────────────────
cgu: router({
accept: protectedProcedure.mutation(async ({ ctx }) => {
await updateUserCgu(ctx.user.id);
return { success: true };
}),
status: protectedProcedure.query(({ ctx }) => ({
// La CGU doit être acceptée à chaque session (pas seulement la première fois)
// On retourne toujours les données réelles mais le frontend gère la session
accepted: ctx.user.cguAccepted,
acceptedAt: ctx.user.cguAcceptedAt,
userId: ctx.user.id,
})),
}),
// ─── Référentiel ───────────────────────────────────────────────────────────
referentiel: router({
editeurs: publicProcedure.query(() => getEditeurs()),
blocsFonctionnels: publicProcedure.query(() => getBlocsFonctionnels()),
solutions: publicProcedure
.input(z.object({ search: z.string().optional() }))
.query(({ input }) => getSolutions(input.search)),
createEditeur: protectedProcedure
.input(z.object({ nom: z.string().min(1) }))
.mutation(async ({ input, ctx }) => {
const isGestionnaire = ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
return createEditeur(input.nom, isGestionnaire);
}),
createBlocFonctionnel: protectedProcedure
.input(z.object({ nom: z.string().min(1) }))
.mutation(async ({ input, ctx }) => {
const isGestionnaire = ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
return createBlocFonctionnel(input.nom, isGestionnaire);
}),
updateBlocFonctionnel: gestionnaireProcedure
.input(z.object({ id: z.number().int(), nom: z.string().min(1) }))
.mutation(({ input }) => updateBlocFonctionnel(input.id, input.nom)),
deleteBlocFonctionnel: gestionnaireProcedure
.input(z.object({ id: z.number().int() }))
.mutation(({ input }) => deleteBlocFonctionnel(input.id)),
updateEditeur: gestionnaireProcedure
.input(z.object({ id: z.number().int(), nom: z.string().min(1) }))
.mutation(({ input }) => updateEditeur(input.id, input.nom)),
deleteEditeur: gestionnaireProcedure
.input(z.object({ id: z.number().int() }))
.mutation(({ input }) => deleteEditeur(input.id)),
statistiques: gestionnaireProcedure.query(() => getStatistiques()),
createSolution: protectedProcedure
.input(z.object({
nom: z.string().min(1),
editeurId: z.number().int(),
blocFonctionnelId: z.number().int().optional().nullable(),
}))
.mutation(async ({ input, ctx }) => {
const isGestionnaire = ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
return createSolution(input.nom, input.editeurId, input.blocFonctionnelId, isGestionnaire);
}),
updateSolution: protectedProcedure
.input(z.object({
id: z.number().int(),
nom: z.string().min(1),
editeurId: z.number().int(),
blocFonctionnelId: z.number().int().optional().nullable(),
}))
.mutation(async ({ input, ctx }) => {
if (ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") throw new TRPCError({ code: "FORBIDDEN" });
return updateSolution(input.id, input.nom, input.editeurId, input.blocFonctionnelId ?? null);
}),
deleteSolution: protectedProcedure
.input(z.object({ id: z.number().int() }))
.mutation(async ({ input, ctx }) => {
if (ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") throw new TRPCError({ code: "FORBIDDEN" });
return deleteSolution(input.id);
}),
}),
// ─── Établissements ────────────────────────────────────────────────────────
etablissements: router({
/**
* Retourne les établissements selon le rôle :
* - référent : ses établissements
* - adhérent : ses établissements affectés
* - gestionnaire : tous
*/
mesEtablissements: protectedProcedure.query(({ ctx }) => {
if (ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin") {
return getAllEtablissements();
}
if (ctx.user.sonumRole === "adherent") {
return getEtablissementsByAdherent(ctx.user.id);
}
return getEtablissementsByReferent(ctx.user.id);
}),
all: gestionnaireProcedure.query(() => getAllEtablissements()),
byId: protectedProcedure
.input(z.object({ id: z.number().int() }))
.query(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.id);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
// Adhérent : vérifier qu'il a accès à cet établissement
if (ctx.user.sonumRole === "adherent") {
const affectations = await getAffectationsByUser(ctx.user.id);
if (!affectations.includes(input.id)) {
throw new TRPCError({ code: "FORBIDDEN" });
}
}
if (etab.visibilite === "gestionnaires" && ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
if (etab.referentId !== ctx.user.id) {
throw new TRPCError({ code: "FORBIDDEN" });
}
}
return etab;
}),
search: protectedProcedure
.input(z.object({
solutionId: z.number().int().optional(),
editeurId: z.number().int().optional(),
blocFonctionnelId: z.number().int().optional(),
region: z.string().optional(),
typeActivite: z.string().optional(),
tailleEffectifs: z.string().optional(),
etatDeploiement: z.string().optional(),
}))
.query(({ input, ctx }) => {
return import("./db").then(({ searchEtablissements }) =>
searchEtablissements({
...input,
userId: ctx.user.id,
sonumRole: ctx.user.sonumRole,
})
);
}),
create: gestionnaireProcedure
.input(z.object({
finess: z.string().optional(),
nom: z.string().min(1),
region: z.string().optional(),
departement: z.string().optional(),
typeActivite: z.string().optional(),
tailleEffectifs: z.string().optional(),
referentId: z.number().int().optional(),
}))
.mutation(async ({ input }) => {
const db = await getDb();
if (!db) throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
const result = await db.insert(etablissements).values(input);
return result[0];
}),
update: protectedProcedure
.input(z.object({
id: z.number().int(),
visibilite: z.enum(["tous", "gestionnaires"]).optional(),
accepteMiseEnRelation: z.boolean().optional(),
}))
.mutation(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.id);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
if (etab.referentId !== ctx.user.id && ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
throw new TRPCError({ code: "FORBIDDEN" });
}
const db = await getDb();
if (!db) throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
const { id, ...updateData } = input;
await db.update(etablissements).set(updateData).where(eq(etablissements.id, id));
return { success: true };
}),
}),
// ─── Logiciels ─────────────────────────────────────────────────────────────
logiciels: router({
byEtablissement: protectedProcedure
.input(z.object({ etablissementId: z.number().int() }))
.query(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
// Adhérent : vérifier affectation
if (ctx.user.sonumRole === "adherent") {
const affectations = await getAffectationsByUser(ctx.user.id);
if (!affectations.includes(input.etablissementId)) throw new TRPCError({ code: "FORBIDDEN" });
}
if (etab.visibilite === "gestionnaires" && ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
if (etab.referentId !== ctx.user.id) throw new TRPCError({ code: "FORBIDDEN" });
}
return getLogicielsByEtablissement(input.etablissementId);
}),
upsert: protectedProcedure
.input(z.object({
id: z.number().int().optional(),
etablissementId: z.number().int(),
solutionId: z.number().int(),
etatDeploiement: z.enum(["demarrage", "en_cours", "operationnel", "en_remplacement"]),
modeHebergement: z.enum(["hds", "on_premise", "hybride"]).optional().nullable(),
modeFacturation: z.enum(["saas", "achat_maintenance", "location"]).optional().nullable(),
interoperabilite: z.enum(["non", "oui_interface", "oui_eai"]).optional().nullable(),
versionMajeure: z.string().optional().nullable(),
commentaire: z.string().optional().nullable(),
contactNom: z.string().optional().nullable(),
contactFonction: z.string().optional().nullable(),
contactEmail: z.string().optional().nullable(),
}))
.mutation(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
if (etab.referentId !== ctx.user.id && ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
throw new TRPCError({ code: "FORBIDDEN" });
}
return upsertLogicielEtablissement({ ...input, saisiePar: ctx.user.id });
}),
delete: protectedProcedure
.input(z.object({ id: z.number().int(), etablissementId: z.number().int() }))
.mutation(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
if (etab.referentId !== ctx.user.id && ctx.user.sonumRole !== "gestionnaire" && ctx.user.role !== "admin") {
throw new TRPCError({ code: "FORBIDDEN" });
}
await deleteLogicielEtablissement(input.id);
return { success: true };
}),
mesSolutions: protectedProcedure
.query(({ ctx }) =>
getMesSolutionsGroupees(ctx.user.id, ctx.user.sonumRole ?? "referent")
),
toutesLesSolutions: protectedProcedure
.query(() => getToutesLesSolutionsGroupees()),
}),
// ─── Traçabilité ───────────────────────────────────────────────────────────
tracabilite: router({
enregistrerConsultation: protectedProcedure
.input(z.object({ etablissementId: z.number().int() }))
.mutation(async ({ input, ctx }) => {
await recordConsultation(input.etablissementId, ctx.user.id, ctx.user.name ?? "Inconnu");
return { success: true };
}),
compteur: protectedProcedure
.input(z.object({ etablissementId: z.number().int() }))
.query(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
const canSee = etab.referentId === ctx.user.id || ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
if (!canSee) throw new TRPCError({ code: "FORBIDDEN" });
return { count: await getConsultationCount(input.etablissementId) };
}),
liste: protectedProcedure
.input(z.object({ etablissementId: z.number().int() }))
.query(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
const canSee = etab.referentId === ctx.user.id || ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
if (!canSee) throw new TRPCError({ code: "FORBIDDEN" });
return getConsultationsList(input.etablissementId);
}),
}),
// ─── Demandes de Contact ───────────────────────────────────────────────────
contact: router({
envoyer: protectedProcedure
.input(z.object({
etablissementCibleId: z.number().int(),
message: z.string().min(1),
}))
.mutation(async ({ input, ctx }) => {
const etab = await getEtablissementById(input.etablissementCibleId);
if (!etab) throw new TRPCError({ code: "NOT_FOUND" });
await createDemandeContact({
etablissementCibleId: input.etablissementCibleId,
demandeurId: ctx.user.id,
demandeurNom: ctx.user.name ?? "Inconnu",
demandeurEmail: ctx.user.email ?? "",
message: input.message,
});
await notifyOwner({
title: `Nouvelle demande de contact — ${etab.nom}`,
content: `${ctx.user.name} souhaite contacter le référent de ${etab.nom}.\n\nMessage : ${input.message}`,
});
return { success: true };
}),
mesDemandes: protectedProcedure.query(({ ctx }) =>
getDemandesByDemandeur(ctx.user.id)
),
demandesRecues: protectedProcedure.query(({ ctx }) =>
getDemandesRecuesParEtablissement(ctx.user.id)
),
toutesLesDemandes: gestionnaireProcedure.query(() => getAllDemandes()),
repondre: protectedProcedure
.input(z.object({
id: z.number().int(),
reponse: z.string().min(1),
}))
.mutation(async ({ input, ctx }) => {
const demande = await getDemandeById(input.id);
if (!demande) throw new TRPCError({ code: "NOT_FOUND" });
const etab = await getEtablissementById(demande.etablissementCibleId);
const canReply = (etab?.referentId === ctx.user.id) || ctx.user.sonumRole === "gestionnaire" || ctx.user.role === "admin";
if (!canReply) throw new TRPCError({ code: "FORBIDDEN" });
await repondreDemandeContact(input.id, input.reponse, ctx.user.id);
return { success: true };
}),
}),
// ─── Administration ────────────────────────────────────────────────────────
admin: router({
/** Liste tous les utilisateurs avec leurs établissements affectés */
users: gestionnaireProcedure.query(() => getAllUsersWithAffectations()),
/** Crée un utilisateur manuellement avec un mot de passe local */
createUser: gestionnaireProcedure
.input(z.object({
name: z.string().min(1),
email: z.string().email(),
sonumRole: z.enum(["referent", "gestionnaire", "adherent"]),
password: z.string().min(8, "Le mot de passe doit contenir au moins 8 caractères"),
}))
.mutation(async ({ input }) => {
try {
const userId = await createLocalUser(input);
return { success: true, userId };
} catch (err: any) {
if (err.message === "EMAIL_EXISTS") {
throw new TRPCError({ code: "CONFLICT", message: "Un utilisateur avec cet email existe déjà" });
}
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR", message: err.message });
}
}),
/** Met à jour les informations d'un utilisateur */
updateUser: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
name: z.string().min(1).optional(),
email: z.string().email().optional(),
sonumRole: z.enum(["referent", "gestionnaire", "adherent"]).optional(),
}))
.mutation(async ({ input }) => {
const { userId, ...data } = input;
await updateUser(userId, data);
return { success: true };
}),
/** Réinitialise le mot de passe d'un utilisateur local */
resetPassword: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
newPassword: z.string().min(8),
}))
.mutation(async ({ input }) => {
await updateLocalPassword(input.userId, input.newPassword);
return { success: true };
}),
/** Supprime un utilisateur */
deleteUser: gestionnaireProcedure
.input(z.object({ userId: z.number().int() }))
.mutation(async ({ input }) => {
await deleteUser(input.userId);
return { success: true };
}),
/** Ancienne procédure de mise à jour du rôle (rétrocompatibilité) */
updateRole: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
sonumRole: z.enum(["referent", "gestionnaire", "adherent"]),
}))
.mutation(async ({ input }) => {
await updateUserSonumRole(input.userId, input.sonumRole);
return { success: true };
}),
/** Retourne les établissements affectés à un utilisateur */
affectations: gestionnaireProcedure
.input(z.object({ userId: z.number().int() }))
.query(({ input }) => getAffectationsByUser(input.userId)),
/** Remplace toutes les affectations d'un adhérent */
setAffectations: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
etablissementIds: z.array(z.number().int()),
}))
.mutation(async ({ input }) => {
await setAffectationsForUser(input.userId, input.etablissementIds);
return { success: true };
}),
/** Ajoute un établissement à un utilisateur */
assignEtablissement: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
etablissementId: z.number().int(),
}))
.mutation(async ({ input }) => {
await assignEtablissementToUser(input.userId, input.etablissementId);
return { success: true };
}),
/** Retire un établissement d'un utilisateur */
removeEtablissement: gestionnaireProcedure
.input(z.object({
userId: z.number().int(),
etablissementId: z.number().int(),
}))
.mutation(async ({ input }) => {
await removeEtablissementFromUser(input.userId, input.etablissementId);
return { success: true };
}),
}),
});
export type AppRouter = typeof appRouter;

249
server/sonum-v2.test.ts Normal file
View File

@@ -0,0 +1,249 @@
import { describe, expect, it, vi, beforeEach } from "vitest";
import { appRouter } from "./routers";
import { COOKIE_NAME } from "../shared/const";
import type { TrpcContext } from "./_core/context";
import type { User } from "../drizzle/schema";
// ─── Helpers ──────────────────────────────────────────────────────────────────
function makeUser(overrides: Partial<User> = {}): User {
return {
id: 1,
openId: "test-open-id",
name: "Test User",
email: "test@example.com",
loginMethod: "local",
role: "user",
sonumRole: "referent",
cguAccepted: true,
cguAcceptedAt: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
lastSignedIn: new Date(),
...overrides,
};
}
function makeCtx(user: User | null = null): TrpcContext {
const cookies: Record<string, string> = {};
return {
user,
req: {
protocol: "https",
headers: {},
} as TrpcContext["req"],
res: {
cookie: (name: string, value: string, _opts: unknown) => {
cookies[name] = value;
},
clearCookie: (_name: string, _opts: unknown) => {},
} as unknown as TrpcContext["res"],
};
}
// ─── Tests : auth.me ──────────────────────────────────────────────────────────
describe("auth.me", () => {
it("retourne null quand non authentifié", async () => {
const caller = appRouter.createCaller(makeCtx(null));
const result = await caller.auth.me();
expect(result).toBeNull();
});
it("retourne l'utilisateur quand authentifié", async () => {
const user = makeUser({ name: "Alice" });
const caller = appRouter.createCaller(makeCtx(user));
const result = await caller.auth.me();
expect(result?.name).toBe("Alice");
});
});
// ─── Tests : auth.logout ──────────────────────────────────────────────────────
describe("auth.logout", () => {
it("efface le cookie de session et retourne success", async () => {
const clearedCookies: string[] = [];
const ctx: TrpcContext = {
user: makeUser(),
req: { protocol: "https", headers: {} } as TrpcContext["req"],
res: {
clearCookie: (name: string) => clearedCookies.push(name),
} as unknown as TrpcContext["res"],
};
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.logout();
expect(result.success).toBe(true);
expect(clearedCookies).toContain(COOKIE_NAME);
});
});
// ─── Tests : auth.loginLocal ──────────────────────────────────────────────────
describe("auth.loginLocal", () => {
it("rejette un email invalide", async () => {
const caller = appRouter.createCaller(makeCtx(null));
await expect(
caller.auth.loginLocal({ email: "not-an-email", password: "password123" })
).rejects.toThrow();
});
it("rejette un mot de passe vide", async () => {
const caller = appRouter.createCaller(makeCtx(null));
await expect(
caller.auth.loginLocal({ email: "test@example.com", password: "" })
).rejects.toThrow();
});
});
// ─── Tests : cgu ─────────────────────────────────────────────────────────────
describe("cgu.status", () => {
it("retourne le statut CGU de l'utilisateur", async () => {
const user = makeUser({ cguAccepted: true });
const caller = appRouter.createCaller(makeCtx(user));
const result = await caller.cgu.status();
expect(result.accepted).toBe(true);
});
it("retourne false si CGU non acceptée", async () => {
const user = makeUser({ cguAccepted: false, cguAcceptedAt: null });
const caller = appRouter.createCaller(makeCtx(user));
const result = await caller.cgu.status();
expect(result.accepted).toBe(false);
});
it("lève UNAUTHORIZED si non authentifié", async () => {
const caller = appRouter.createCaller(makeCtx(null));
await expect(caller.cgu.status()).rejects.toMatchObject({
code: "UNAUTHORIZED",
});
});
});
// ─── Tests : gestion des rôles ────────────────────────────────────────────────
describe("admin.updateRole", () => {
it("lève FORBIDDEN pour un référent", async () => {
const user = makeUser({ sonumRole: "referent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.updateRole({ userId: 2, sonumRole: "gestionnaire" })
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
it("lève FORBIDDEN pour un adhérent", async () => {
const user = makeUser({ sonumRole: "adherent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.updateRole({ userId: 2, sonumRole: "referent" })
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
});
describe("admin.createUser", () => {
it("lève FORBIDDEN pour un référent", async () => {
const user = makeUser({ sonumRole: "referent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.createUser({
name: "Test",
email: "test@test.com",
sonumRole: "adherent",
password: "password123",
})
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
it("valide que le mot de passe fait au moins 8 caractères", async () => {
const user = makeUser({ sonumRole: "gestionnaire" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.createUser({
name: "Test",
email: "test@test.com",
sonumRole: "adherent",
password: "short",
})
).rejects.toThrow();
});
});
// ─── Tests : affectations ─────────────────────────────────────────────────────
describe("admin.setAffectations", () => {
it("lève FORBIDDEN pour un non-gestionnaire", async () => {
const user = makeUser({ sonumRole: "referent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.setAffectations({ userId: 2, etablissementIds: [1, 2] })
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
});
// ─── Tests : rôles des procédures admin ──────────────────────────────────────
describe("admin.deleteUser", () => {
it("lève FORBIDDEN pour un adhérent", async () => {
const user = makeUser({ sonumRole: "adherent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.deleteUser({ userId: 2 })
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
});
describe("admin.resetPassword", () => {
it("lève FORBIDDEN pour un référent", async () => {
const user = makeUser({ sonumRole: "referent" });
const caller = appRouter.createCaller(makeCtx(user));
await expect(
caller.admin.resetPassword({ userId: 2, newPassword: "newpassword123" })
).rejects.toMatchObject({ code: "FORBIDDEN" });
});
});
// ─── Tests : filtrage adhérent ────────────────────────────────────────────────────────────────────────────────
describe("etablissements.byId - contrôle accès adhérent", () => {
it("lève FORBIDDEN si l'adhérent tente d'accéder à un établissement non affecté", async () => {
// L'adhérent n'a aucun établissement affecté (DB vide en test)
const user = makeUser({ sonumRole: "adherent", id: 999 });
const caller = appRouter.createCaller(makeCtx(user));
// L'établissement id=1 n'est pas affecté à l'utilisateur id=999
// La procédure doit lever FORBIDDEN ou NOT_FOUND
await expect(
caller.etablissements.byId({ id: 1 })
).rejects.toThrow();
});
});
describe("admin.setAffectations - accès gestionnaire", () => {
it("accepte la requête d'un gestionnaire (ne lève pas FORBIDDEN)", async () => {
const user = makeUser({ sonumRole: "gestionnaire" });
const caller = appRouter.createCaller(makeCtx(user));
// setAffectations avec une liste vide est idempotent et ne doit pas lever FORBIDDEN
// (peut échouer sur DB indisponible mais pas sur les permissions)
try {
await caller.admin.setAffectations({ userId: 999, etablissementIds: [] });
} catch (err: any) {
// Seule une erreur de permission est inacceptable
expect(err?.code).not.toBe("FORBIDDEN");
}
});
});
describe("auth.loginLocal - validation", () => {
it("rejette un mot de passe trop court", async () => {
const caller = appRouter.createCaller(makeCtx(null));
await expect(
caller.auth.loginLocal({ email: "user@test.com", password: "" })
).rejects.toThrow();
});
it("retourne UNAUTHORIZED pour des credentials inexistants", async () => {
const caller = appRouter.createCaller(makeCtx(null));
await expect(
caller.auth.loginLocal({ email: "nonexistent@test.com", password: "password123" })
).rejects.toMatchObject({ code: "UNAUTHORIZED" });
});
});

154
server/sonum.test.ts Normal file
View File

@@ -0,0 +1,154 @@
import { describe, expect, it, vi, beforeEach } from "vitest";
import { appRouter } from "./routers";
import type { TrpcContext } from "./_core/context";
// ─── Helpers ──────────────────────────────────────────────────────────────────
function makeUser(overrides: Partial<TrpcContext["user"]> = {}): NonNullable<TrpcContext["user"]> {
return {
id: 1,
openId: "user-1",
name: "Référent Test",
email: "referent@test.fr",
loginMethod: "manus",
role: "user",
sonumRole: "referent",
cguAccepted: true,
cguAcceptedAt: new Date(),
createdAt: new Date(),
updatedAt: new Date(),
lastSignedIn: new Date(),
...overrides,
};
}
function makeGestionnaire(): NonNullable<TrpcContext["user"]> {
return makeUser({ id: 2, openId: "gestionnaire-1", sonumRole: "gestionnaire", name: "Gestionnaire SONUM" });
}
function makeCtx(user: NonNullable<TrpcContext["user"]> | null = null): TrpcContext {
return {
user,
req: { protocol: "https", headers: {} } as TrpcContext["req"],
res: {
clearCookie: vi.fn(),
} as unknown as TrpcContext["res"],
};
}
// ─── Tests Auth ───────────────────────────────────────────────────────────────
describe("auth.logout", () => {
it("clears the session cookie and returns success", async () => {
const ctx = makeCtx(makeUser());
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.logout();
expect(result).toEqual({ success: true });
});
it("works for unauthenticated users too (public procedure)", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.logout();
expect(result).toEqual({ success: true });
});
});
describe("auth.me", () => {
it("returns null for unauthenticated user", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.me();
expect(result).toBeNull();
});
it("returns user for authenticated user", async () => {
const user = makeUser();
const ctx = makeCtx(user);
const caller = appRouter.createCaller(ctx);
const result = await caller.auth.me();
expect(result?.id).toBe(1);
expect(result?.sonumRole).toBe("referent");
});
});
// ─── Tests CGU ────────────────────────────────────────────────────────────────
describe("cgu.status", () => {
it("throws UNAUTHORIZED for unauthenticated user", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
await expect(caller.cgu.status()).rejects.toThrow();
});
it("returns cgu status for authenticated user", async () => {
const user = makeUser({ cguAccepted: true });
const ctx = makeCtx(user);
const caller = appRouter.createCaller(ctx);
const result = await caller.cgu.status();
expect(result.accepted).toBe(true);
});
it("returns false when CGU not accepted", async () => {
const user = makeUser({ cguAccepted: false, cguAcceptedAt: undefined });
const ctx = makeCtx(user);
const caller = appRouter.createCaller(ctx);
const result = await caller.cgu.status();
expect(result.accepted).toBe(false);
});
});
// ─── Tests Gestion des rôles ──────────────────────────────────────────────────
describe("admin.users (gestionnaire only)", () => {
it("throws FORBIDDEN for a referent", async () => {
const ctx = makeCtx(makeUser());
const caller = appRouter.createCaller(ctx);
await expect(caller.admin.users()).rejects.toMatchObject({ code: "FORBIDDEN" });
});
it("throws UNAUTHORIZED for unauthenticated user", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
await expect(caller.admin.users()).rejects.toThrow();
});
});
describe("contact.toutesLesDemandes (gestionnaire only)", () => {
it("throws FORBIDDEN for a referent", async () => {
const ctx = makeCtx(makeUser());
const caller = appRouter.createCaller(ctx);
await expect(caller.contact.toutesLesDemandes()).rejects.toMatchObject({ code: "FORBIDDEN" });
});
});
// ─── Tests Référentiel ────────────────────────────────────────────────────────
describe("referentiel.editeurs", () => {
it("is accessible as a public procedure", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
// Should not throw (may return empty array if DB not available)
const result = await caller.referentiel.editeurs();
expect(Array.isArray(result)).toBe(true);
});
});
describe("referentiel.blocsFonctionnels", () => {
it("is accessible as a public procedure", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
const result = await caller.referentiel.blocsFonctionnels();
expect(Array.isArray(result)).toBe(true);
});
});
// ─── Tests Traçabilité ────────────────────────────────────────────────────────
describe("tracabilite.compteur", () => {
it("throws UNAUTHORIZED for unauthenticated user", async () => {
const ctx = makeCtx(null);
const caller = appRouter.createCaller(ctx);
await expect(caller.tracabilite.compteur({ etablissementId: 1 })).rejects.toThrow();
});
});

110
server/storage.ts Normal file
View File

@@ -0,0 +1,110 @@
// Preconfigured storage helpers for Manus WebDev templates
// Uses the Biz-provided storage proxy (Authorization: Bearer <token>)
import { ENV } from './_core/env';
type StorageConfig = { baseUrl: string; apiKey: string };
function getStorageConfig(): StorageConfig {
const baseUrl = ENV.forgeApiUrl;
const apiKey = ENV.forgeApiKey;
if (!baseUrl || !apiKey) {
throw new Error(
"Storage proxy credentials missing: set BUILT_IN_FORGE_API_URL and BUILT_IN_FORGE_API_KEY"
);
}
return { baseUrl: baseUrl.replace(/\/+$/, ""), apiKey };
}
function buildUploadUrl(baseUrl: string, relKey: string): URL {
const url = new URL("v1/storage/upload", ensureTrailingSlash(baseUrl));
url.searchParams.set("path", normalizeKey(relKey));
return url;
}
async function buildDownloadUrl(
baseUrl: string,
relKey: string,
apiKey: string
): Promise<string> {
const downloadApiUrl = new URL(
"v1/storage/downloadUrl",
ensureTrailingSlash(baseUrl)
);
downloadApiUrl.searchParams.set("path", normalizeKey(relKey));
const response = await fetch(downloadApiUrl, {
method: "GET",
headers: buildAuthHeaders(apiKey),
});
return (await response.json()).url;
}
function ensureTrailingSlash(value: string): string {
return value.endsWith("/") ? value : `${value}/`;
}
function normalizeKey(relKey: string): string {
return relKey.replace(/^\/+/, "");
}
function appendHashSuffix(relKey: string): string {
const hash = crypto.randomUUID().replace(/-/g, "").slice(0, 8);
const segmentStart = relKey.lastIndexOf("/");
const lastDot = relKey.lastIndexOf(".");
if (lastDot === -1 || lastDot <= segmentStart) return `${relKey}_${hash}`;
return `${relKey.slice(0, lastDot)}_${hash}${relKey.slice(lastDot)}`;
}
function toFormData(
data: Buffer | Uint8Array | string,
contentType: string,
fileName: string
): FormData {
const blob =
typeof data === "string"
? new Blob([data], { type: contentType })
: new Blob([data as any], { type: contentType });
const form = new FormData();
form.append("file", blob, fileName || "file");
return form;
}
function buildAuthHeaders(apiKey: string): HeadersInit {
return { Authorization: `Bearer ${apiKey}` };
}
export async function storagePut(
relKey: string,
data: Buffer | Uint8Array | string,
contentType = "application/octet-stream"
): Promise<{ key: string; url: string }> {
const { baseUrl, apiKey } = getStorageConfig();
const key = appendHashSuffix(normalizeKey(relKey));
const uploadUrl = buildUploadUrl(baseUrl, key);
const formData = toFormData(data, contentType, key.split("/").pop() ?? key);
const response = await fetch(uploadUrl, {
method: "POST",
headers: buildAuthHeaders(apiKey),
body: formData,
});
if (!response.ok) {
const message = await response.text().catch(() => response.statusText);
throw new Error(
`Storage upload failed (${response.status} ${response.statusText}): ${message}`
);
}
const url = (await response.json()).url;
return { key, url };
}
export async function storageGet(relKey: string): Promise<{ key: string; url: string; }> {
const { baseUrl, apiKey } = getStorageConfig();
const key = normalizeKey(relKey);
return {
key,
url: await buildDownloadUrl(baseUrl, key, apiKey),
};
}