Merge origin/main to sync with iCal schema and test fixes

2026-03-27 12:49:41 +00:00
parent 5388b03f2d 8ab6319311
commit af5055021a
14 changed files with 585 additions and 3 deletions
@@ -0,0 +1,16 @@
+import { describe, it, expect } from "vitest";
+import { generateIcalToken } from "../routes/calendar.js";
+
+describe("generateIcalToken", () => {
+  it("generates a 64-character hex token", () => {
+    const token = generateIcalToken();
+    expect(token).toHaveLength(64);
+    expect(token).toMatch(/^[a-f0-9]+$/);
+  });
+
+  it("generates unique tokens", () => {
+    const token1 = generateIcalToken();
+    const token2 = generateIcalToken();
+    expect(token1).not.toBe(token2);
+  });
+});
@@ -11,6 +11,7 @@ const MANAGER: StaffRow = {
  name: "Manager McManager",
  email: "manager@example.com",
  active: true,
+  icalToken: null,
  createdAt: new Date(),
  updatedAt: new Date(),
 };
@@ -12,6 +12,7 @@ const MANAGER: StaffRow = {
  name: "Manager McManager",
  email: "manager@example.com",
  active: true,
+  icalToken: null,
  createdAt: new Date(),
  updatedAt: new Date(),
 };
@@ -17,6 +17,7 @@ import { groomingLogsRouter } from "./routes/groomingLogs.js";
 import { impersonationRouter } from "./routes/impersonation.js";
 import { settingsRouter } from "./routes/settings.js";
 import { searchRouter } from "./routes/search.js";
+import { calendarRouter } from "./routes/calendar.js";
 import { getDb, businessSettings } from "@groombook/db";
 import { authMiddleware } from "./middleware/auth.js";
 import { resolveStaffMiddleware, requireRole } from "./middleware/rbac.js";
@@ -62,6 +63,8 @@ app.get("/api/branding", async (c) => {
  });
 });

+// Public iCal calendar feed — token auth in URL, no auth middleware required
+app.route("/api/calendar", calendarRouter);
 // Protected API routes
 const api = app.basePath("/api");
 api.use("*", authMiddleware);
@@ -0,0 +1,126 @@
+import { Hono } from "hono";
+import { randomBytes } from "node:crypto";
+import {
+  and,
+  eq,
+  gte,
+  getDb,
+  appointments,
+  clients,
+  pets,
+  services,
+  staff,
+} from "@groombook/db";
+
+export const calendarRouter = new Hono();
+
+function formatIcalDate(date: Date): string {
+  return date.toISOString().replace(/[-:]/g, "").replace(/\.\d{3}/, "");
+}
+
+function escapeIcalText(text: string | null): string {
+  if (!text) return "";
+  return text.replace(/\\/g, "\\\\").replace(/;/g, "\\;").replace(/,/g, "\\,").replace(/\n/g, "\\n");
+}
+
+function buildIcalFeed(
+  appointments: Array<{
+    id: string;
+    startTime: Date;
+    endTime: Date;
+    status: string;
+    clientName: string | null;
+    petName: string | null;
+    serviceName: string | null;
+  }>,
+  staffName: string,
+  dtstamp: string
+): string {
+  const lines: string[] = [
+    "BEGIN:VCALENDAR",
+    "VERSION:2.0",
+    "PRODID:-//GroomBook//EN",
+    "CALSCALE:GREGORIAN",
+    "METHOD:PUBLISH",
+    `X-WR-CALNAME:${escapeIcalText(staffName)} - GroomBook`,
+  ];
+
+  for (const appt of appointments) {
+    const status = appt.status === "cancelled" ? "CANCELLED" : "CONFIRMED";
+    const sequence = appt.status === "cancelled" ? "1" : "0";
+    const summary = `${appt.petName ?? "Pet"} - ${appt.serviceName ?? "Appointment"}`;
+    const description = `Client: ${appt.clientName ?? "Unknown"}\nPet: ${appt.petName ?? "Unknown"}\nService: ${appt.serviceName ?? "Unknown"}`;
+
+    lines.push(
+      "BEGIN:VEVENT",
+      `UID:${appt.id}@groombook`,
+      `DTSTAMP:${dtstamp}`,
+      `DTSTART:${formatIcalDate(new Date(appt.startTime))}`,
+      `DTEND:${formatIcalDate(new Date(appt.endTime))}`,
+      `SUMMARY:${escapeIcalText(summary)}`,
+      `DESCRIPTION:${escapeIcalText(description)}`,
+      `STATUS:${status}`,
+      `SEQUENCE:${sequence}`,
+      "END:VEVENT"
+    );
+  }
+
+  lines.push("END:VCALENDAR");
+  return lines.join("\r\n");
+}
+
+calendarRouter.get("/:staffId.ics", async (c) => {
+  const db = getDb();
+  const staffId = c.req.param("staffId") as string;
+  const token = c.req.query("token") as string;
+
+  if (!token) {
+    return c.text("Unauthorized", 401);
+  }
+
+  const [staffMember] = await db
+    .select()
+    .from(staff)
+    .where(eq(staff.id, staffId))
+    .limit(1);
+
+  if (!staffMember || staffMember.icalToken !== token) {
+    return c.text("Unauthorized", 401);
+  }
+
+  const now = new Date();
+  const rows = await db
+    .select({
+      id: appointments.id,
+      startTime: appointments.startTime,
+      endTime: appointments.endTime,
+      status: appointments.status,
+      clientId: appointments.clientId,
+      petId: appointments.petId,
+      serviceId: appointments.serviceId,
+      clientName: clients.name,
+      petName: pets.name,
+      serviceName: services.name,
+    })
+    .from(appointments)
+    .innerJoin(clients, eq(appointments.clientId, clients.id))
+    .innerJoin(pets, eq(appointments.petId, pets.id))
+    .innerJoin(services, eq(appointments.serviceId, services.id))
+    .where(
+      and(
+        eq(appointments.staffId, staffId),
+        gte(appointments.startTime, now)
+      )
+    )
+    .orderBy(appointments.startTime);
+
+  const ical = buildIcalFeed(rows, staffMember.name, formatIcalDate(new Date()));
+  return c.text(ical, 200, {
+    "Content-Type": "text/calendar; charset=utf-8",
+    "Content-Disposition": `inline; filename="${encodeURIComponent(staffMember.name)}_calendar.ics"`,
+  });
+});
+
+export function generateIcalToken(): string {
+  return randomBytes(32).toString("hex");
+}
@@ -7,7 +7,8 @@ import type { AppEnv } from "../middleware/rbac.js";
 export const portalRouter = new Hono<AppEnv>();

 const customerNotesSchema = z.object({
-  customerNotes: z.string().max(500),
+  // .min(1) prevents empty strings — clearing notes is not a supported use case
+  customerNotes: z.string().min(1).max(500),
 });

 portalRouter.patch(
@@ -1,9 +1,11 @@
 import { Hono } from "hono";
 import { zValidator } from "@hono/zod-validator";
 import { z } from "zod";
+import { randomBytes } from "node:crypto";
 import { and, eq, getDb, ne, staff, appointments } from "@groombook/db";
+import type { AppEnv } from "../middleware/rbac.js";

-export const staffRouter = new Hono();
+export const staffRouter = new Hono<AppEnv>();

 const createStaffSchema = z.object({
  name: z.string().min(1).max(200),
@@ -86,3 +88,56 @@ staffRouter.delete("/:id", async (c) => {
  if (!row) return c.json({ error: "Not found" }, 404);
  return c.json({ ok: true });
 });
+
+staffRouter.post("/:id/ical-token", async (c) => {
+  const db = getDb();
+  const id = c.req.param("id");
+  const staffRow = c.get("staff");
+
+  if (staffRow.role !== "manager" && staffRow.id !== id) {
+    return c.json({ error: "Forbidden" }, 403);
+  }
+
+  const [member] = await db
+    .select()
+    .from(staff)
+    .where(eq(staff.id, id))
+    .limit(1);
+
+  if (!member) return c.json({ error: "Not found" }, 404);
+
+  const token = randomBytes(32).toString("hex");
+  const [updated] = await db
+    .update(staff)
+    .set({ icalToken: token, updatedAt: new Date() })
+    .where(eq(staff.id, id))
+    .returning();
+
+  if (!updated) return c.json({ error: "Not found" }, 404);
+  return c.json({ icalToken: updated.icalToken });
+});
+
+staffRouter.delete("/:id/ical-token", async (c) => {
+  const db = getDb();
+  const id = c.req.param("id");
+  const staffRow = c.get("staff");
+
+  if (staffRow.role !== "manager" && staffRow.id !== id) {
+    return c.json({ error: "Forbidden" }, 403);
+  }
+
+  const [member] = await db
+    .select()
+    .from(staff)
+    .where(eq(staff.id, id))
+    .limit(1);
+
+  if (!member) return c.json({ error: "Not found" }, 404);
+
+  await db
+    .update(staff)
+    .set({ icalToken: null, updatedAt: new Date() })
+    .where(eq(staff.id, id));
+
+  return c.json({ ok: true });
+});