Changes:
- Update attachment download link in UI to use shareId
- Add shareId validation to attachment download route
- Validate TTL before allowing attachment downloads
- Extract locationId from shareId using extractShareId helper
Security:
- Attachment downloads now validate checksum and TTL
- Prevents unauthorized access to bill attachment files
- Returns 404 for invalid/expired share links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Extract shareId (40 chars) and billID from combined URL parameter
- Validate shareId using validateShareAccess before fetching bill
- Pass shareId to ViewBillCard for secure uploads
- Show error message if share link is invalid or expired
URL format: /share/bill/{shareId}-{billID}
where shareId = locationId (24) + checksum (16) = 40 chars
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Secure uploadUtilBillsProofOfPayment with checksum validation
- Update ViewLocationCard to accept and use shareId prop
- Update ViewBillCard to accept shareId and use it for uploads
- Update ViewBillBadge to pass shareId to bill detail pages
- Add client-side validation check for shareId before upload
- Update back button links to use shareId
Security improvements:
- Both per-bill and combined uploads now validate checksum and TTL
- IP-based rate limiting applied to both upload types
- PDF magic bytes validation for both upload types
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add generateShareLink() for owners to create share URLs with checksums
- Add validateShareAccess() to validate checksum and TTL on tenant visits
- Implement automatic TTL reset (10 days → 1 hour after first visit)
- Include automatic cleanup of expired shares
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added cache revalidation to ensure ViewLocationCard reflects uploaded
proof of payment when navigating back from ViewBillCard:
- Server-side: Added revalidatePath() to upload actions in billActions
and locationActions to invalidate Next.js server cache
- Client-side: Added router.refresh() calls in ViewBillCard and
ViewLocationCard to refresh client router cache after successful upload
This maintains the current UX (no redirect on upload) while ensuring
fresh data is displayed on navigation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added read-only proof of payment display in bill edit form:
- Shows download link when proofOfPaymentType is "per-bill" and proof exists
- Uses TicketIcon with teal color for visual distinction
- Links to /share/proof-of-payment/per-bill/ download route
- Handles housekeeping case (no display if filename missing)
This allows users to view and download existing proof of payment
while editing a bill, improving transparency and user experience.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changed proof of payment download link from old route structure
/share/proof-of-payment/[id]/ to new structure
/share/proof-of-payment/combined/[id]/
This aligns with the reorganized route structure that separates
combined and per-bill proof of payment downloads.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed mixed inclusion/exclusion projection that caused error:
"Cannot do inclusion on field bills.proofOfPayment.uploadedAt in exclusion projection"
Changed projection to use exclusion-only:
- Exclude bills.attachment (not needed in upload context)
- Exclude bills.proofOfPayment.fileContentsBase64 (large file data)
- Include all other fields implicitly (including uploadedAt for existence check)
This reduces data transfer while maintaining MongoDB projection compatibility.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added two download routes for proof of payment files:
1. Combined route: /share/proof-of-payment/combined/[id]/
- Downloads location-level proof of payment for all utilities
- Queries utilBillsProofOfPayment from location
- Optimized projection for efficient data transfer
2. Per-bill route: /share/proof-of-payment/per-bill/[id]/
- Downloads proof of payment for individual bills
- Parses composite ID format: locationID-billID
- Finds specific bill in location's bills array
- Returns bill.proofOfPayment
Both routes:
- Return PDF files with proper Content-Type and headers
- Handle 404 for missing locations/bills/proofs
- Use Base64 to binary conversion for file delivery
- Include Last-Modified header for caching
- Use optimized database projections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated uploadProofOfPayment to expect 'proofOfPayment' field name
instead of 'utilBillsProofOfPayment' for semantic clarity
- Removed old not-found.tsx from deprecated route structure
- Added required environment variables for file upload validation:
- MAX_BILL_ATTACHMENT_UPLOAD_SIZE_KB=1024
- MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB=1024
- Updated package-lock.json with peer dependency metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Frontend changes:
- Added ViewBillCard proof of payment upload for per-bill mode
- Conditional rendering based on proofOfPaymentType
- File upload with PDF validation and loading states
- Download link to /share/proof-of-payment/per-bill/
- Updated LocationCard to use new utilBillsProofOfPayment field structure
Backend changes:
- Updated locationActions with improved file validation
- File size validation using MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB
- PDF type validation before database operations
- Enhanced serializeAttachment with FileAttachment type
- Updated database projections for optimized queries
- Updated monthActions to use consolidated field name
- Updated proof-of-payment download route with new field names
Data structure migration:
- Replaced utilBillsProofOfPaymentAttachment + utilBillsProofOfPaymentUploadedAt
with single utilBillsProofOfPayment object containing uploadedAt
- Consistent use of FileAttachment type across all upload functions
Translations:
- Added upload-proof-of-payment-legend and upload-proof-of-payment-label
to bill-edit-form section in both English and Croatian
This completes the proof of payment feature implementation for both
combined (location-level) and per-bill modes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Implemented uploadProofOfPayment function for per-bill proof of payment
- Validates file size using MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB env variable
- Validates PDF file type
- Prevents duplicate uploads with existence check
- Uses optimized database projection to minimize data transfer
- Updates specific bill using MongoDB array filters
- Refactored file validation in updateOrAddBill
- Moved validation before serialization for fail-fast behavior
- Added configurable file size limit from environment variable
- Added PDF type validation
- Improved error messages with specific validation failures
- Updated serializeAttachment function
- Changed return type from BillAttachment to FileAttachment
- Added uploadedAt timestamp to attachment object
- Removed unsafe type cast
- Code formatting improvements throughout
- Consistent spacing and indentation
- Better TypeScript typing
This completes the per-bill proof of payment feature implementation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Show upload section only when proofOfPaymentType is "combined"
- Updated field names to use new FileAttachment structure:
- utilBillsProofOfPaymentAttachment → utilBillsProofOfPayment
- utilBillsProofOfPaymentUploadedAt → utilBillsProofOfPayment.uploadedAt
- Updated FormData and input field names for consistency
- Improved code formatting and spacing throughout
This enables proper handling of the three proof of payment options:
- "none": No upload section shown
- "combined": Shows single proof upload for all utilities (this change)
- "per-bill": No upload section (handled per individual bill)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Renamed BillAttachment to FileAttachment for better generalization
- Added uploadedAt field to FileAttachment (consolidates timestamp)
- Renamed utilBillsProofOfPaymentAttachment to utilBillsProofOfPayment
- Removed separate utilBillsProofOfPaymentUploadedAt field (now in FileAttachment)
- Added rentProofOfPayment field to BillingLocation for rent-specific proof
- Added proofOfPayment field to Bill interface for per-bill attachments
- Removed unused imports (ObjectId, inter)
This refactoring enables both "combined" (location-level) and "per-bill"
proof of payment attachment strategies.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced the proof of payment attachment feature with the following improvements:
- Renamed field from `proofOfPaymentAttachmentType` to `proofOfPaymentType` for consistency
- Added "none" option allowing users to disable proof of payment attachments
- Changed default value from "combined" to "none" for better UX
- Repositioned section in form after payment instructions (more logical flow)
- Added conditional warning when "combined" is selected without payment method
- Updated translations with emojis and improved tooltips for all options
- Backend validation and database operations updated to support new field structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Instead of displaying sign-in buttons to already authenticated users,
the homepage now detects authentication status and shows a 'Go to App'
button that redirects to the home page.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Integrates Umami analytics with production-only tracking script and event tracking for user login and location creation actions.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add smooth animations to form sections that appear when toggles are enabled, improving user experience with visual feedback.
Changes:
- Add expandFadeIn keyframe animation to Tailwind config
- Apply expand-fade-in animation to UserSettingsForm payment sections
- Apply expand-fade-in animation to LocationEditForm conditional fields
- Update account page HomeIcon color from green to white for consistency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Update location tracking to record when tenant views a location rather than just whether they've seen it. This provides better audit trail and enables future features like viewing history.
Changes:
- Convert seenByTenant (boolean) to seenByTenantAt (Date) in database schema
- Update setSeenByTenantAt action to store timestamp instead of boolean flag
- Modify LocationCard UI to display when location was seen by tenant
- Update all references across locationActions, monthActions, and view components
- Remove unused imports from ViewLocationCard
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add ESLint disable comments for @next/next/no-img-element warnings where appropriate (barcode images with base64 data URIs don't benefit from Next.js Image optimization) and add missing alt attribute to PDF417 barcode component.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implements a slide-down fade-in animation when the InfoBox expands, improving the user experience with smooth visual transitions.
Changes:
- Add animateDown keyframe animation to Tailwind config
- Apply animation to InfoBox content div when opened
- Animation includes opacity fade, vertical slide, and max-height transition
- Update InfoBox width to use responsive sizing (17rem on mobile, 28rem on larger screens)
- Change icon color to green for better visual consistency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Enhances the account page navigation by adding a "Back to home" button and improving the overall user experience with better visual hierarchy and navigation flow.
Changes:
- Add home navigation button to account page with green icon
- Update logout button styling with red icon for visual emphasis
- Improve settings button label clarity
- Fix settings cancel button to navigate back to account page
- Increase account icon size in page header
- Update translation keys for consistency across EN/HR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace useSession with usePathname from next/navigation
- Show account link only when pathname includes '/home' (restricted pages)
- More efficient than checking session state
- Aligns with middleware logic that protects /home routes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add useSession hook from next-auth/react
- Conditionally render account icon link only when user is authenticated
- Anonymous users on public pages will not see the account button
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Convert PageHeader to client component to use useLocale hook
- Update home logo link to include locale: /${locale}/home
- Update account icon link to include locale: /${locale}/home/account/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update BillEditForm cancel button to redirect to /home
- Update LocationEditForm cancel button to redirect to /home
- Update UserSettingsForm cancel button to redirect to /home
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move authenticated home page from /[locale] to /[locale]/home
- Move login page from /[locale]/login to /[locale] (new landing page)
- Move all restricted pages (bill, location, year-month, print, account) under /[locale]/home
- Simplify middleware to protect all routes under /home instead of using publicPages array
- Update auth config: change signIn page from /login to /
- Update SignInButton callback URL to redirect to /home after login
- Update all internal links throughout the application to reflect new structure
- Update server action redirects in navigationActions.ts
- Public share routes (/share/*) remain unchanged
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Create LogoutButton client component using signOut from next-auth/react
- Update account page to use LogoutButton instead of static link
- Convert account page to async server component for proper i18n
- Add locale-aware routing for settings link
- Add logging-out-message translations (EN/HR)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Move user settings form to dedicated /account/settings route
- Update PageHeader icon from Settings to AccountCircle for clarity
- Update debug log labels in auth config for better readability
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Replace hardcoded text with next-intl placeholders for proper i18n support.
- Add translation keys for page title, settings button, and logout button
- Add translations for both Croatian (hr) and English (en) locales
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
