Changes:
- Update attachment download link in UI to use shareId
- Add shareId validation to attachment download route
- Validate TTL before allowing attachment downloads
- Extract locationId from shareId using extractShareId helper
Security:
- Attachment downloads now validate checksum and TTL
- Prevents unauthorized access to bill attachment files
- Returns 404 for invalid/expired share links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Extract shareId (40 chars) and billID from combined URL parameter
- Validate shareId using validateShareAccess before fetching bill
- Pass shareId to ViewBillCard for secure uploads
- Show error message if share link is invalid or expired
URL format: /share/bill/{shareId}-{billID}
where shareId = locationId (24) + checksum (16) = 40 chars
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added two download routes for proof of payment files:
1. Combined route: /share/proof-of-payment/combined/[id]/
- Downloads location-level proof of payment for all utilities
- Queries utilBillsProofOfPayment from location
- Optimized projection for efficient data transfer
2. Per-bill route: /share/proof-of-payment/per-bill/[id]/
- Downloads proof of payment for individual bills
- Parses composite ID format: locationID-billID
- Finds specific bill in location's bills array
- Returns bill.proofOfPayment
Both routes:
- Return PDF files with proper Content-Type and headers
- Handle 404 for missing locations/bills/proofs
- Use Base64 to binary conversion for file delivery
- Include Last-Modified header for caching
- Use optimized database projections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated uploadProofOfPayment to expect 'proofOfPayment' field name
instead of 'utilBillsProofOfPayment' for semantic clarity
- Removed old not-found.tsx from deprecated route structure
- Added required environment variables for file upload validation:
- MAX_BILL_ATTACHMENT_UPLOAD_SIZE_KB=1024
- MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB=1024
- Updated package-lock.json with peer dependency metadata
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Frontend changes:
- Added ViewBillCard proof of payment upload for per-bill mode
- Conditional rendering based on proofOfPaymentType
- File upload with PDF validation and loading states
- Download link to /share/proof-of-payment/per-bill/
- Updated LocationCard to use new utilBillsProofOfPayment field structure
Backend changes:
- Updated locationActions with improved file validation
- File size validation using MAX_PROOF_OF_PAYMENT_UPLOAD_SIZE_KB
- PDF type validation before database operations
- Enhanced serializeAttachment with FileAttachment type
- Updated database projections for optimized queries
- Updated monthActions to use consolidated field name
- Updated proof-of-payment download route with new field names
Data structure migration:
- Replaced utilBillsProofOfPaymentAttachment + utilBillsProofOfPaymentUploadedAt
with single utilBillsProofOfPayment object containing uploadedAt
- Consistent use of FileAttachment type across all upload functions
Translations:
- Added upload-proof-of-payment-legend and upload-proof-of-payment-label
to bill-edit-form section in both English and Croatian
This completes the proof of payment feature implementation for both
combined (location-level) and per-bill modes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Update location tracking to record when tenant views a location rather than just whether they've seen it. This provides better audit trail and enables future features like viewing history.
Changes:
- Convert seenByTenant (boolean) to seenByTenantAt (Date) in database schema
- Update setSeenByTenantAt action to store timestamp instead of boolean flag
- Modify LocationCard UI to display when location was seen by tenant
- Update all references across locationActions, monthActions, and view components
- Remove unused imports from ViewLocationCard
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Changes:
- Updated BillingLocation interface:
- Added utilBillsProofOfPaymentAttachment field (BillAttachment type)
- Added server action uploadUtilBillsProofOfPayment:
- Validates PDF file type
- Serializes file attachment to base64
- Stores attachment in BillingLocation document
- Returns success/error status
- Updated ViewLocationCard component:
- Added file upload input with PDF-only accept
- Implemented handleFileChange with immediate upload
- Added upload state management (isUploading, uploadError, attachment)
- Shows spinner while uploading
- Input disabled during upload
- Conditionally renders file input or download link
- Link displayed after successful upload
- Created route handler for serving proof of payment PDFs:
- GET /share/proof-of-payment/[id]/route.tsx
- Fetches attachment from database
- Converts base64 to binary
- Returns PDF with proper headers
- Added not-found page for proof of payment route
- Updated middleware to include proof-of-payment in public pages
- Added translations:
- en: "Upload proof of payment (PDF only)"
- hr: "Priložite potvrdu o uplati:"
File uploads immediately on selection without page reload.
Only PDF files accepted with client and server-side validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Updated ViewLocationCard to accept userSettings prop
- Replaced all hardcoded payment values with dynamic data:
* Amount calculated from monthly expenses
* Payer info from tenant fields (name, street, town)
* Recipient info from userSettings (name, street, town, IBAN)
* Reference number and description generated from location data
- Created getUserSettingsByUserId function for fetching owner settings on public pages
- Updated LocationViewPage to fetch and pass userSettings to ViewLocationCard
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add seenByTenant field to BillingLocation interface
- Implement setSeenByTenant function to mark locations as viewed by tenant
- Checks if flag is already set to avoid unnecessary DB updates
- Includes TypeDoc documentation
- Update LocationViewPage to call setSeenByTenant when non-owner visits
- Add seenByTenant to fetchAllLocations projection
- Update LocationCard to show "seen by tenant" status indicator
- Displays in "Monthly statement" fieldset with checkmark icon
- Shows alongside monthly expense total
- Add localization strings for monthly statement and seen status
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add /share/attachment/.* to public pages in middleware.ts
- Create new /share/attachment/[id] route handler for downloading attachments without authentication
- Add custom 404 page for missing shared attachments
- Update ViewBillCard component to use shared attachment route instead of authenticated route
This enables attachment downloads from shared bill pages without requiring user login.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
