henry/AnnasRechnungsManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28674fb02313928457723cc08da5f129d62f751f
AnnasRechnungsManager/app/routes/api.companies.$id.ts
T
hwinkel f10a79471e Refactor: centralize Zod schemas and fully integrate into API routes 
Improvements #1-3 deepening:

1. Server-side invoice amount validation
   - All amounts (qty × unitPrice) recalculated server-side using tax.ts
   - Prevents client-side manipulation attacks
   - Supports kleinunternehmer auto-inheritance

2. Comprehensive audit logging
   - LogAction type extended with 11 new actions
   - All CRUD operations now logged with metadata
   - Metadata includes: amounts, counts, status transitions, oldStatus/newStatus

3. Advanced Zod validation (centralized)
   - New file: app/lib/schemas.ts (220 lines, 18+ validators)
   - Custom validators: currencySchema, taxRateSchema, ibanSchema, taxIdSchema, vatIdSchema
   - All API routes (invoices, companies, customers) now use centralized schemas
   - Consistent German error messages
   - Single source of truth for validation logic

Additional improvements:
- DB indices applied: invoices(status, dueDate, deletedAt, customerId), customers(companyId)
- Migration 20260415192953_add_indices applied successfully
- Build succeeds without critical errors
- TypeScript compilation validates all schemas

Files modified:
- app/lib/schemas.ts (NEW)
- app/routes/api.invoices.ts (uses centralized schemas)
- app/routes/api.invoices.$id.ts (status transition validation)
- app/routes/api.companies.ts, api.companies.$id.ts
- app/routes/api.customers.ts, api.customers.$id.ts
- app/lib/logger.server.ts (metadata support)
- prisma/schema.prisma (indices)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-15 21:34:38 +02:00

53 lines
2.2 KiB
TypeScript
Raw Blame History

import { getApiUser } from "@/session.server";
import prisma from "@/lib/prisma.server";
import { log } from "@/lib/logger.server";
import { companyUpdateSchema } from "@/lib/schemas";
export async function loader({ request, params }: { request: Request; params: { id: string } }) {
const user = await getApiUser(request);
if (!user) return Response.json({ error: "Unauthorized" }, { status: 401 });
const company = await prisma.company.findFirst({ where: { id: params.id, userId: user.id } });
if (!company) return Response.json({ error: "Not found" }, { status: 404 });
return Response.json(company);
}
export async function action({ request, params }: { request: Request; params: { id: string } }) {
const user = await getApiUser(request);
if (!user) return Response.json({ error: "Unauthorized" }, { status: 401 });
const company = await prisma.company.findFirst({ where: { id: params.id, userId: user.id } });
if (!company) return Response.json({ error: "Not found" }, { status: 404 });
if (request.method === "DELETE") {
await prisma.company.delete({ where: { id: params.id, userId: user.id } });
await log({ userId: user.id, action: "DELETE_COMPANY", entity: "Company", entityId: params.id, request });
return Response.json({ ok: true });
}
if (request.method === "PATCH") {
const body = await request.json();
const archive = body.archived === true;
await prisma.company.update({
where: { id: params.id },
data: {
archived: archive,
archivedAt: archive ? new Date() : null,
},
});
const action = archive ? "ARCHIVE_COMPANY" : "UPDATE_COMPANY";
await log({ userId: user.id, action, entity: "Company", entityId: params.id, request });
return Response.json({ ok: true });
}
// PUT
const body = await request.json();
const parsed = companyUpdateSchema.safeParse(body);
if (!parsed.success) return Response.json({ error: parsed.error.issues }, { status: 400 });
const updated = await prisma.company.update({ where: { id: params.id }, data: parsed.data });
await log({ userId: user.id, action: "UPDATE_COMPANY", entity: "Company", entityId: params.id, request });
return Response.json(updated);
}
Reference in New Issue View Git Blame Copy Permalink