From 5b1a8858f3bf65bf7b0c4dd0d01baa21180160de Mon Sep 17 00:00:00 2001 From: Scrubs McBarkley Date: Tue, 24 Mar 2026 22:26:10 +0000 Subject: [PATCH] feat: implement iCal calendar feed (GRO-107) - Add icalToken column to staff table - Add public calendar feed endpoint GET /api/calendar/:staffId.ics - Add token management routes POST/DELETE /api/staff/:id/ical-token - Hand-build iCal output (RFC 5545) - Update staff factory with icalToken field Co-Authored-By: Paperclip --- apps/api/src/routes/calendar.ts | 135 +++++++++++++++++++++ apps/api/src/routes/staff.ts | 57 ++++++++- packages/db/migrations/0016_ical_token.sql | 1 + packages/db/src/factories.ts | 1 + packages/db/src/schema.ts | 2 + 5 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 apps/api/src/routes/calendar.ts create mode 100644 packages/db/migrations/0016_ical_token.sql diff --git a/apps/api/src/routes/calendar.ts b/apps/api/src/routes/calendar.ts new file mode 100644 index 0000000..b9e985d --- /dev/null +++ b/apps/api/src/routes/calendar.ts @@ -0,0 +1,135 @@ +import { Hono } from "hono"; +import { randomBytes } from "node:crypto"; +import { + and, + eq, + gte, + getDb, + appointments, + clients, + pets, + services, + staff, +} from "@groombook/db"; + +export const calendarRouter = new Hono(); + +function formatIcalDate(date: Date): string { + return date.toISOString().replace(/[-:]/g, "").replace(/\.\d{3}/, ""); +} + +function escapeIcalText(text: string | null): string { + if (!text) return ""; + return text.replace(/\\/g, "\\\\").replace(/;/g, "\\;").replace(/,/g, "\\,").replace(/\n/g, "\\n"); +} + +function buildIcalFeed( + appointments: Array<{ + id: string; + startTime: Date; + endTime: Date; + status: string; + clientName: string | null; + petName: string | null; + serviceName: string | null; + }>, + staffName: string +): string { + const lines: string[] = [ + "BEGIN:VCALENDAR", + "VERSION:2.0", + "PRODID:-//GroomBook//EN", + "CALSCALE:GREGORIAN", + "METHOD:PUBLISH", + `X-WR-CALNAME:${escapeIcalText(staffName)} - GroomBook`, + ]; + + for (const appt of appointments) { + const status = appt.status === "cancelled" ? "CANCELLED" : "CONFIRMED"; + const summary = `${appt.petName ?? "Pet"} - ${appt.serviceName ?? "Appointment"}`; + const description = `Client: ${appt.clientName ?? "Unknown"}\nPet: ${appt.petName ?? "Unknown"}\nService: ${appt.serviceName ?? "Unknown"}`; + + lines.push( + "BEGIN:VEVENT", + `UID:${appt.id}@groombook`, + `DTSTAMP:${formatIcalDate(new Date())}`, + `DTSTART:${formatIcalDate(new Date(appt.startTime))}`, + `DTEND:${formatIcalDate(new Date(appt.endTime))}`, + `SUMMARY:${escapeIcalText(summary)}`, + `DESCRIPTION:${escapeIcalText(description)}`, + `STATUS:${status}`, + "END:VEVENT" + ); + } + + lines.push("END:VCALENDAR"); + return lines.join("\r\n"); +} + +calendarRouter.get("/:staffId.ics", async (c) => { + const db = getDb(); + const staffId = c.req.param("staffId") as string; + const token = c.req.query("token") as string; + + if (!token) { + return c.json({ error: "Missing token parameter" }, 401); + } + + const [staffMember] = await db + .select() + .from(staff) + .where(eq(staff.id, staffId)) + .limit(1); + + if (!staffMember || staffMember.icalToken !== token) { + return c.json({ error: "Invalid token" }, 401); + } + + const now = new Date(); + const rows = await db + .select() + .from(appointments) + .where( + and( + eq(appointments.staffId, staffId), + gte(appointments.startTime, now) + ) + ) + .orderBy(appointments.startTime); + + const enriched = await Promise.all( + rows.map(async (appt) => { + const [client] = await db + .select({ name: clients.name }) + .from(clients) + .where(eq(clients.id, appt.clientId)) + .limit(1); + const [pet] = await db + .select({ name: pets.name }) + .from(pets) + .where(eq(pets.id, appt.petId)) + .limit(1); + const [service] = await db + .select({ name: services.name }) + .from(services) + .where(eq(services.id, appt.serviceId)) + .limit(1); + return { + ...appt, + clientName: client?.name ?? null, + petName: pet?.name ?? null, + serviceName: service?.name ?? null, + }; + }) + ); + + const ical = buildIcalFeed(enriched, staffMember.name); + return c.text(ical, 200, { + "Content-Type": "text/calendar; charset=utf-8", + "Content-Disposition": `attachment; filename="${staffMember.name.replace(/\s+/g, "_")}_calendar.ics"`, + }); +}); + +export function generateIcalToken(): string { + return randomBytes(32).toString("hex"); +} diff --git a/apps/api/src/routes/staff.ts b/apps/api/src/routes/staff.ts index 60e31dc..0aa6b70 100644 --- a/apps/api/src/routes/staff.ts +++ b/apps/api/src/routes/staff.ts @@ -1,9 +1,11 @@ import { Hono } from "hono"; import { zValidator } from "@hono/zod-validator"; import { z } from "zod"; +import { randomBytes } from "node:crypto"; import { and, eq, getDb, ne, staff, appointments } from "@groombook/db"; +import type { AppEnv } from "../middleware/rbac.js"; -export const staffRouter = new Hono(); +export const staffRouter = new Hono(); const createStaffSchema = z.object({ name: z.string().min(1).max(200), @@ -86,3 +88,56 @@ staffRouter.delete("/:id", async (c) => { if (!row) return c.json({ error: "Not found" }, 404); return c.json({ ok: true }); }); + +staffRouter.post("/:id/ical-token", async (c) => { + const db = getDb(); + const id = c.req.param("id"); + const staffRow = c.get("staff"); + + if (staffRow.role !== "manager" && staffRow.id !== id) { + return c.json({ error: "Forbidden" }, 403); + } + + const [member] = await db + .select() + .from(staff) + .where(eq(staff.id, id)) + .limit(1); + + if (!member) return c.json({ error: "Not found" }, 404); + + const token = randomBytes(32).toString("hex"); + const [updated] = await db + .update(staff) + .set({ icalToken: token, updatedAt: new Date() }) + .where(eq(staff.id, id)) + .returning(); + + if (!updated) return c.json({ error: "Not found" }, 404); + return c.json({ icalToken: updated.icalToken }); +}); + +staffRouter.delete("/:id/ical-token", async (c) => { + const db = getDb(); + const id = c.req.param("id"); + const staffRow = c.get("staff"); + + if (staffRow.role !== "manager" && staffRow.id !== id) { + return c.json({ error: "Forbidden" }, 403); + } + + const [member] = await db + .select() + .from(staff) + .where(eq(staff.id, id)) + .limit(1); + + if (!member) return c.json({ error: "Not found" }, 404); + + await db + .update(staff) + .set({ icalToken: null, updatedAt: new Date() }) + .where(eq(staff.id, id)); + + return c.json({ ok: true }); +}); diff --git a/packages/db/migrations/0016_ical_token.sql b/packages/db/migrations/0016_ical_token.sql new file mode 100644 index 0000000..2b0bf79 --- /dev/null +++ b/packages/db/migrations/0016_ical_token.sql @@ -0,0 +1 @@ +ALTER TABLE staff ADD COLUMN ical_token TEXT UNIQUE; diff --git a/packages/db/src/factories.ts b/packages/db/src/factories.ts index 7e4d735..b2327e3 100644 --- a/packages/db/src/factories.ts +++ b/packages/db/src/factories.ts @@ -52,6 +52,7 @@ export function buildStaff(overrides: Partial = {}): StaffRow { oidcSub: `oidc-${id}`, role: "groomer", active: true, + icalToken: null, createdAt: new Date("2025-01-01T00:00:00Z"), updatedAt: new Date("2025-01-01T00:00:00Z"), ...overrides, diff --git a/packages/db/src/schema.ts b/packages/db/src/schema.ts index 676602b..ddcddc7 100644 --- a/packages/db/src/schema.ts +++ b/packages/db/src/schema.ts @@ -106,6 +106,8 @@ export const staff = pgTable("staff", { oidcSub: text("oidc_sub").unique(), role: staffRoleEnum("role").notNull().default("groomer"), active: boolean("active").notNull().default(true), + // Token for iCal calendar feed subscription (no auth required) + icalToken: text("ical_token").unique(), createdAt: timestamp("created_at").notNull().defaultNow(), updatedAt: timestamp("updated_at").notNull().defaultNow(), });