knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: convert repository to monorepo with npm workspaces

Browse Source 
Restructured the repository into a monorepo to better organize application code
and maintenance scripts.

## Workspace Structure
- web-app: Next.js application (all app code moved from root)
- housekeeping: Database backup and maintenance scripts

## Key Changes
- Moved all application code to web-app/ using git mv
- Moved database scripts to housekeeping/ workspace
- Updated Dockerfile for monorepo build process
- Updated docker-compose files (volume paths: ./web-app/etc/hosts/)
- Updated .gitignore for workspace-level node_modules
- Updated documentation (README.md, CLAUDE.md, CHANGELOG.md)

## Migration Impact
- Root package.json now manages workspaces
- Build commands delegate to web-app workspace
- All file history preserved via git mv
- Docker build process updated for workspace structure

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Knee Cola
2025-12-25 12:13:04 +01:00
parent 321267a848
commit 57dcebd640
170 changed files with 9027 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

620
web-app/app/lib/actions/billActions.ts Normal file
View File

@@ -0,0 +1,620 @@
'use server';
import { z } from 'zod';
import { getDbClient } from '../dbClient';
import { Bill, BilledTo, FileAttachment, BillingLocation } from '../db-types';
import { ObjectId } from 'mongodb';
import { withUser } from '@/app/lib/auth';
import { AuthenticatedUser } from '../types/next-auth';
import { gotoHomeWithMessage } from './navigationActions';
import { getTranslations, getLocale } from "next-intl/server";
import { IntlTemplateFn } from '@/app/i18n';
import { unstable_noStore, revalidatePath } from 'next/cache';
import { extractShareId, validateShareChecksum } from '../shareChecksum';
import { validatePdfFile } from '../validators/pdfValidator';
import { checkUploadRateLimit } from '../uploadRateLimiter';
export type State = {
errors?: {
billName?: string[];
billAttachment?: string[],
billNotes?: string[],
payedAmount?: string[],
};
message?: string | null;
}
/**
* Schema for validating bill form fields
* @description this is defined as factory function so that it can be used with the next-intl library
*/
const FormSchema = (t: IntlTemplateFn) => z.object({
_id: z.string(),
billName: z.coerce.string().min(1, t("bill-name-required")),
billNotes: z.string(),
addToSubsequentMonths: z.boolean().optional(),
payedAmount: z.string().nullable().transform((val, ctx) => {
if (!val || val === '') {
return null;
}
const parsed = parseFloat(val.replace(',', '.'));
if (isNaN(parsed)) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: t("not-a-number"),
});
// This is a special symbol you can use to
// return early from the transform function.
// It has type `never` so it does not affect the
// inferred return type.
return z.NEVER;
}
if (parsed < 0) {
ctx.addIssue({
code: z.ZodIssueCode.custom,
message: t("negative-number")
});
// This is a special symbol you can use to
// return early from the transform function.
// It has type `never` so it does not affect the
// inferred return type.
return z.NEVER;
}
return Math.floor(parsed * 100); // value is stored in cents
}),
});
/**
* converts the file to a format stored in the database
* @param billAttachment
* @returns
*/
const serializeAttachment = async (billAttachment: File | null): Promise<FileAttachment | null> => {
if (!billAttachment) {
return null;
}
const {
name: fileName,
size: fileSize,
type: fileType,
lastModified: fileLastModified,
} = billAttachment;
if (!fileName || fileName === 'undefined' || fileSize === 0) {
return null;
}
// convert the billAttachment file contents to format that can be stored in the database
const fileContents = await billAttachment.arrayBuffer();
const fileContentsBase64 = Buffer.from(fileContents).toString('base64');
// create an object to store the file in the database
return ({
fileName,
fileSize,
fileType,
fileLastModified,
fileContentsBase64,
uploadedAt: new Date()
});
}
/**
* Server-side action which adds or updates a bill
* @param locationId location of the bill
* @param billId ID of the bill
* @param prevState previous state of the form
* @param formData form data
* @returns
*/
export const updateOrAddBill = withUser(async (user: AuthenticatedUser, locationId: string, billId: string | undefined, billYear: number | undefined, billMonth: number | undefined, prevState: State, formData: FormData) => {
unstable_noStore();
const { id: userId } = user;
const t = await getTranslations("bill-edit-form.validation");
// FormSchema
const validatedFields = FormSchema(t)
.omit({ _id: true })
.safeParse({
billName: formData.get('billName'),
billNotes: formData.get('billNotes'),
addToSubsequentMonths: formData.get('addToSubsequentMonths') === 'on',
payedAmount: formData.get('payedAmount'),
});
// If form validation fails, return errors early. Otherwise, continue...
if (!validatedFields.success) {
console.log("updateBill.validation-error");
return ({
errors: validatedFields.error.flatten().fieldErrors,
message: t("form-error-message"),
});
}
const {
billName,
billNotes,
addToSubsequentMonths,
payedAmount,
} = validatedFields.data;
const billPaid = formData.get('billPaid') === 'on';
const billedTo = (formData.get('billedTo') as BilledTo) ?? BilledTo.Tenant;
const hub3aTextEncoded = formData.get('hub3aText')?.valueOf() as string;
const hub3aText = hub3aTextEncoded ? decodeURIComponent(hub3aTextEncoded) : undefined;
// update the bill in the mongodb
const dbClient = await getDbClient();
// First validate that the file is acceptable
const attachmentFile = formData.get('billAttachment') as File;
// validate max file size from env variable
const maxFileSizeKB = parseInt(process.env.MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB || '1024', 10);
const maxFileSizeBytes = maxFileSizeKB * 1024;
if (attachmentFile && attachmentFile.size > maxFileSizeBytes) {
return { success: false, error: `File size exceeds the maximum limit of ${maxFileSizeKB} KB` };
}
// Validate file type
if (attachmentFile && attachmentFile.size > 0 && attachmentFile.type !== 'application/pdf') {
return { success: false, error: 'Only PDF files are accepted' };
}
const billAttachment = await serializeAttachment(attachmentFile);
if (billId) {
// if there is an attachment, update the attachment field
// otherwise, do not update the attachment field
const mongoDbSet = billAttachment ? {
"bills.$[elem].name": billName,
"bills.$[elem].paid": billPaid,
"bills.$[elem].billedTo": billedTo,
"bills.$[elem].attachment": billAttachment,
"bills.$[elem].notes": billNotes,
"bills.$[elem].payedAmount": payedAmount,
"bills.$[elem].hub3aText": hub3aText,
} : {
"bills.$[elem].name": billName,
"bills.$[elem].paid": billPaid,
"bills.$[elem].billedTo": billedTo,
"bills.$[elem].notes": billNotes,
"bills.$[elem].payedAmount": payedAmount,
"bills.$[elem].hub3aText": hub3aText,
};
// update bill in given location with the given locationID
await dbClient.collection<BillingLocation>("lokacije").updateOne(
{
_id: locationId, // find a location with the given locationID
userId // make sure that the location belongs to the user
},
{
$set: mongoDbSet
}, {
arrayFilters: [
{ "elem._id": { $eq: billId } } // find a bill with the given billID
]
});
} else {
// Create new bill - add to current location first
const newBill = {
_id: (new ObjectId()).toHexString(),
name: billName,
paid: billPaid,
billedTo: billedTo,
attachment: billAttachment,
notes: billNotes,
payedAmount,
hub3aText,
};
// Add to current location
await dbClient.collection<BillingLocation>("lokacije").updateOne(
{
_id: locationId, // find a location with the given locationID
userId // make sure that the location belongs to the user
},
{
$push: {
bills: newBill
}
});
// If addToSubsequentMonths is enabled, add to subsequent months
if (addToSubsequentMonths && billYear && billMonth) {
// Get the current location to find its name
const currentLocation = await dbClient.collection<BillingLocation>("lokacije")
.findOne({ _id: locationId, userId }, { projection: { name: 1 } });
if (currentLocation) {
// Find all subsequent months that have the same location name
const subsequentLocations = await dbClient.collection<BillingLocation>("lokacije")
.find({
userId,
name: currentLocation.name,
$or: [
{ "yearMonth.year": { $gt: billYear } },
{
"yearMonth.year": billYear,
"yearMonth.month": { $gt: billMonth }
}
]
}, { projection: { _id: 1 } })
.toArray();
// For each subsequent location, check if bill with same name already exists
const updateOperations = [];
for (const location of subsequentLocations) {
const existingBill = await dbClient.collection<BillingLocation>("lokacije")
.findOne({
_id: location._id,
"bills.name": billName
}, {
// We only need to know if a matching bill exists; avoid conflicting projections
projection: { _id: 1 }
});
// Only add if bill with same name doesn't already exist
if (!existingBill) {
updateOperations.push({
updateOne: {
filter: { _id: location._id, userId },
update: {
$push: {
bills: {
_id: (new ObjectId()).toHexString(),
name: billName,
paid: false, // New bills in subsequent months are unpaid
billedTo: BilledTo.Tenant, // Default to tenant for subsequent months
attachment: null, // No attachment for subsequent months
notes: billNotes,
payedAmount: null,
hub3aText: undefined,
}
}
}
}
});
}
}
// Execute all update operations at once if any
if (updateOperations.length > 0) {
await dbClient.collection<BillingLocation>("lokacije").bulkWrite(updateOperations);
}
}
}
}
if (billYear && billMonth) {
const locale = await getLocale();
await gotoHomeWithMessage(locale, 'billSaved', { year: billYear, month: billMonth });
}
// This return is needed for TypeScript, but won't be reached due to redirect
return {
message: null,
errors: undefined,
};
})
/*
Funkcija zamijenjena sa `fetchBillByUserAndId`, koja brže radi i ne treba korisnika
export const fetchBillByUserAndId = withUser(async (user:AuthenticatedUser, locationID:string, billID:string, includeAttachmentBinary:boolean = false) => {
const { id: userId } = user;
const dbClient = await getDbClient();
// don't include the attachment binary data in the response
// if the attachment binary data is not needed
const projection = includeAttachmentBinary ? {} : {
"bills.attachment.fileContentsBase64": 0,
};
// find a location with the given locationID
const billLocation = await dbClient.collection<BillingLocation>("lokacije").findOne(
{
_id: locationID,
userId
},
{
projection
})
if(!billLocation) {
console.log(`Location ${locationID} not found`);
return(null);
}
// find a bill with the given billID
const bill = billLocation?.bills.find(({ _id }) => _id.toString() === billID);
if(!bill) {
console.log('Bill not found');
return(null);
}
return([billLocation, bill] as [BillingLocation, Bill]);
})
*/
export const fetchBillById = async (locationID: string, billID: string, includeAttachmentBinary: boolean = false) => {
unstable_noStore();
const dbClient = await getDbClient();
// don't include the attachment binary data in the response
// if the attachment binary data is not needed
const projection = includeAttachmentBinary ? {} : {
"bills.attachment.fileContentsBase64": 0,
};
// find a location with the given locationID
const billLocation = await dbClient.collection<BillingLocation>("lokacije").findOne(
{
_id: locationID,
},
{
projection
})
if (!billLocation) {
console.log(`Location ${locationID} not found`);
return (null);
}
// find a bill with the given billID
const bill = billLocation?.bills.find(({ _id }) => _id.toString() === billID);
if (!bill) {
console.log('Bill not found');
return (null);
}
return ([billLocation, bill] as [BillingLocation, Bill]);
};
export const deleteBillById = withUser(async (user: AuthenticatedUser, locationID: string, billID: string, year: number, month: number, _prevState: any, formData?: FormData) => {
unstable_noStore();
const { id: userId } = user;
const dbClient = await getDbClient();
const deleteInSubsequentMonths = formData?.get('deleteInSubsequentMonths') === 'on';
if (deleteInSubsequentMonths) {
// Get the current location and bill to find the bill name and location name
const location = await dbClient.collection<BillingLocation>("lokacije")
.findOne({ _id: locationID, userId }, {
projection: {
"name": 1,
"bills._id": 1,
"bills.name": 1
}
});
if (location) {
const bill = location.bills.find(b => b._id === billID);
if (bill) {
// Find all subsequent locations with the same name that have the same bill
const subsequentLocations = await dbClient.collection<BillingLocation>("lokacije")
.find({
userId,
name: location.name,
$or: [
{ "yearMonth.year": { $gt: year } },
{
"yearMonth.year": year,
"yearMonth.month": { $gt: month }
}
],
"bills.name": bill.name
}, { projection: { _id: 1 } })
.toArray();
// Delete the bill from all subsequent locations (by name)
const updateOperations = subsequentLocations.map(loc => ({
updateOne: {
filter: { _id: loc._id, userId },
update: {
$pull: {
bills: { name: bill.name } as Partial<Bill>
}
}
}
}));
// Also delete from current location (by ID for precision)
updateOperations.push({
updateOne: {
filter: { _id: locationID, userId },
update: {
$pull: {
bills: { _id: billID }
}
}
}
});
// Execute all delete operations
if (updateOperations.length > 0) {
await dbClient.collection<BillingLocation>("lokacije").bulkWrite(updateOperations);
}
}
}
} else {
// Delete only from current location (original behavior)
await dbClient.collection<BillingLocation>("lokacije").updateOne(
{
_id: locationID, // find a location with the given locationID
userId // make sure that the location belongs to the user
},
{
// remove the bill with the given billID
$pull: {
bills: {
_id: billID
}
}
});
}
const locale = await getLocale();
await gotoHomeWithMessage(locale, 'billDeleted');
// This return is needed for TypeScript, but won't be reached due to redirect
return {
message: null,
errors: undefined,
};
});
/**
* Uploads proof of payment for the given bill
* SECURITY: Validates checksum, TTL, PDF content, and rate limits by IP
*
* @param shareId - Combined location ID + checksum (40 chars)
* @param billID - The bill ID to attach proof of payment to
* @param formData - Form data containing the PDF file
* @param ipAddress - Optional IP address for rate limiting
*/
export const uploadProofOfPayment = async (
shareId: string,
billID: string,
formData: FormData,
ipAddress?: string
): Promise<{ success: boolean; error?: string }> => {
unstable_noStore();
try {
// 1. EXTRACT AND VALIDATE CHECKSUM (stateless, fast)
const extracted = extractShareId(shareId);
if (!extracted) {
return { success: false, error: 'Invalid share link' };
}
const { locationId: locationID, checksum } = extracted;
if (!validateShareChecksum(locationID, checksum)) {
return { success: false, error: 'Invalid share link' };
}
// 2. RATE LIMITING (per IP)
if (ipAddress) {
const rateLimit = checkUploadRateLimit(ipAddress);
if (!rateLimit.allowed) {
return {
success: false,
error: `Too many uploads. Try again in ${Math.ceil(rateLimit.resetIn / 60)} minutes.`
};
}
}
// 3. DATABASE VALIDATION
const dbClient = await getDbClient();
const location = await dbClient.collection<BillingLocation>("lokacije").findOne(
{ _id: locationID },
{ projection: { userId: 1, bills: 1, shareTTL: 1 } }
);
if (!location || !location.userId) {
return { success: false, error: 'Invalid request' };
}
// Check sharing is active and not expired
if (!location.shareTTL || new Date() > location.shareTTL) {
return { success: false, error: 'This content is no longer shared' };
}
// Verify bill exists in location
const bill = location.bills.find(b => b._id === billID);
if (!bill) {
return { success: false, error: 'Invalid request' };
}
// Check if proof of payment already uploaded
if (bill.proofOfPayment?.uploadedAt) {
return { success: false, error: 'Proof of payment already uploaded for this bill' };
}
// 4. FILE VALIDATION
const file = formData.get('proofOfPayment') as File;
if (!file || file.size === 0) {
return { success: false, error: 'No file provided' };
}
// Validate PDF content (magic bytes, not just MIME type)
const pdfValidation = await validatePdfFile(file);
if (!pdfValidation.valid) {
return { success: false, error: pdfValidation.error };
}
// 5. SERIALIZE & STORE FILE
const attachment = await serializeAttachment(file);
if (!attachment) {
return { success: false, error: 'Failed to process file' };
}
// 6. UPDATE DATABASE
await dbClient.collection<BillingLocation>("lokacije").updateOne(
{ _id: locationID },
{
$set: {
"bills.$[elem].proofOfPayment": attachment
}
},
{
arrayFilters: [{ "elem._id": { $eq: billID } }]
}
);
// 7. CLEANUP EXPIRED SHARES (integrated, no cron needed)
await cleanupExpiredShares(dbClient);
// 8. REVALIDATE CACHE
revalidatePath(`/share/location/${shareId}`, 'page');
return { success: true };
} catch (error: any) {
console.error('Upload error:', error);
return { success: false, error: 'Upload failed. Please try again.' };
}
};
/**
* Clean up expired shares during upload processing
* Removes shareTTL and shareFirstVisitedAt from expired locations
*/
async function cleanupExpiredShares(dbClient: any) {
const now = new Date();
await dbClient.collection("lokacije").updateMany(
{ shareTTL: { $lt: now } },
{ $unset: { shareTTL: "", shareFirstVisitedAt: "" } }
);
}