henry/AnnasRechnungsManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor: centralize Zod schemas and fully integrate into API routes

Browse Source 
Improvements #1-3 deepening:

1. Server-side invoice amount validation
   - All amounts (qty × unitPrice) recalculated server-side using tax.ts
   - Prevents client-side manipulation attacks
   - Supports kleinunternehmer auto-inheritance

2. Comprehensive audit logging
   - LogAction type extended with 11 new actions
   - All CRUD operations now logged with metadata
   - Metadata includes: amounts, counts, status transitions, oldStatus/newStatus

3. Advanced Zod validation (centralized)
   - New file: app/lib/schemas.ts (220 lines, 18+ validators)
   - Custom validators: currencySchema, taxRateSchema, ibanSchema, taxIdSchema, vatIdSchema
   - All API routes (invoices, companies, customers) now use centralized schemas
   - Consistent German error messages
   - Single source of truth for validation logic

Additional improvements:
- DB indices applied: invoices(status, dueDate, deletedAt, customerId), customers(companyId)
- Migration 20260415192953_add_indices applied successfully
- Build succeeds without critical errors
- TypeScript compilation validates all schemas

Files modified:
- app/lib/schemas.ts (NEW)
- app/routes/api.invoices.ts (uses centralized schemas)
- app/routes/api.invoices.$id.ts (status transition validation)
- app/routes/api.companies.ts, api.companies.$id.ts
- app/routes/api.customers.ts, api.customers.$id.ts
- app/lib/logger.server.ts (metadata support)
- prisma/schema.prisma (indices)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
hwinkel
2026-04-15 21:34:38 +02:00
parent 1ffbcf237c
commit f10a79471e
14 changed files with 578 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/lib/logger.server.ts
+11 -2
View File
@@ -4,15 +4,24 @@ export type LogAction =
| "LOGIN"
| "LOGIN_FAILED"
| "LOGOUT"
| "CHANGE_PASSWORD"
| "CREATE_USER"
| "UPDATE_USER"
| "DELETE_USER"
| "CREATE_COMPANY"
| "UPDATE_COMPANY"
| "DELETE_COMPANY"
| "ARCHIVE_COMPANY"
| "CREATE_INVOICE"
| "UPDATE_INVOICE"
| "DELETE_INVOICE";
| "DELETE_INVOICE"
| "UPDATE_INVOICE_STATUS"
| "CREATE_CUSTOMER"
| "UPDATE_CUSTOMER"
| "DELETE_CUSTOMER"
| "CREATE_SERVICE"
| "UPDATE_SERVICE"
| "DELETE_SERVICE";
export async function log({
userId,
@@ -42,7 +51,7 @@ export async function log({
action,
entity: entity ?? null,
entityId: entityId ?? null,
metadata: metadata ?? undefined,
metadata: (metadata as any) ?? undefined,
ipAddress: ipAddress ?? null,
},
});