groombook/web
13
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: groombook/web:dev
Branches Tags
groombook/web:main groombook/web:flea/uat-to-main-gro-2373-web groombook/web:gro-2381-agents-contributing groombook/web:uat groombook/web:flea/uat-to-main-gro-2359-web groombook/web:promote/GRO-2373-dev-to-uat groombook/web:dev groombook/web:feature/gro-2373-chrome-signout groombook/web:promote/GRO-2358-dev-to-uat groombook/web:release/main-GRO-2319-web groombook/web:promote/GRO-2319-web-to-uat groombook/web:feat/GRO-2319-live-statusbadge-palette groombook/web:flea/uat-to-main-gro-2160 groombook/web:promote/GRO-2160-dev-to-uat groombook/web:flea/uat-to-main-gro-2159 groombook/web:promote/GRO-2159-dev-to-uat groombook/web:feat/GRO-2159-route-drag-reorder groombook/web:flea/uat-to-main-gro-2158 groombook/web:flea/dev-to-uat-gro-2158 groombook/web:feat/GRO-2158-route-planner groombook/web:flea/dev-to-uat-gro-2236 groombook/web:flea/gro-2236-portal-service-cards groombook/web:flea/uat-to-main-gro-2234-web groombook/web:flea/promote-uat-gro-2234 groombook/web:flea-flicker/gro-2234-portal-waitlist-remint-on-401 groombook/web:fix/gro-2207-portal-pet-readview-fields groombook/web:flea/gro-2218-playbook-512e groombook/web:flea/gro-2213-portal-preferredtime groombook/web:flea/gro-2180-appointments-starttime-shape groombook/web:fix/gro-2094-react-blank-mount groombook/web:flea/gro-2099-fix-authed-portal-nav groombook/web:flea/gro-2089-fix-authentik-credential-source groombook/web:flea/gro-2012-portal-sessionid-fallback groombook/web:flea/gro-2011-login-blank groombook/web:gro-1867-portal-better-auth groombook/web:gro-1829-swpwa-fix groombook/web:ccfa5281-2076-40c2-87a9-bf2dbcf98d22/gro-1822-role-based-redirect groombook/web:fix/gro-1822-role-based-redirect groombook/web:feature/gro-1165e-booking-status-badge groombook/web:feature/gro-1165d-booking-analytics groombook/web:feature/gro-1165b-error-recovery groombook/web:flea-flicker/pet-profile-editor groombook/web:fix/gro-1757-uat-playbook groombook/web:fix/gro-1633-web-ci-buildx groombook/web:promote-uat-gro1592 groombook/web:fix/gro-1592-sso-session-cookie groombook/web:pr-13 groombook/web:fix/gro-1414-pet-size-enum groombook/web:pr-1 groombook/web:fix/ci-registry-auth groombook/web:fix/GRO-1289-uat-playbook-web groombook/web:add-renovate-config groombook/web:docs/GRO-1099-uat-playbook-web
..
compare: groombook/web:f5491019626db92f99247b080221f0f89a9c379f
Branches Tags
groombook/web:flea/uat-to-main-gro-2373-web groombook/web:main groombook/web:gro-2381-agents-contributing groombook/web:uat groombook/web:flea/uat-to-main-gro-2359-web groombook/web:promote/GRO-2373-dev-to-uat groombook/web:dev groombook/web:feature/gro-2373-chrome-signout groombook/web:promote/GRO-2358-dev-to-uat groombook/web:release/main-GRO-2319-web groombook/web:promote/GRO-2319-web-to-uat groombook/web:feat/GRO-2319-live-statusbadge-palette groombook/web:flea/uat-to-main-gro-2160 groombook/web:promote/GRO-2160-dev-to-uat groombook/web:flea/uat-to-main-gro-2159 groombook/web:promote/GRO-2159-dev-to-uat groombook/web:feat/GRO-2159-route-drag-reorder groombook/web:flea/uat-to-main-gro-2158 groombook/web:flea/dev-to-uat-gro-2158 groombook/web:feat/GRO-2158-route-planner groombook/web:flea/dev-to-uat-gro-2236 groombook/web:flea/gro-2236-portal-service-cards groombook/web:flea/uat-to-main-gro-2234-web groombook/web:flea/promote-uat-gro-2234 groombook/web:flea-flicker/gro-2234-portal-waitlist-remint-on-401 groombook/web:fix/gro-2207-portal-pet-readview-fields groombook/web:flea/gro-2218-playbook-512e groombook/web:flea/gro-2213-portal-preferredtime groombook/web:flea/gro-2180-appointments-starttime-shape groombook/web:fix/gro-2094-react-blank-mount groombook/web:flea/gro-2099-fix-authed-portal-nav groombook/web:flea/gro-2089-fix-authentik-credential-source groombook/web:flea/gro-2012-portal-sessionid-fallback groombook/web:flea/gro-2011-login-blank groombook/web:gro-1867-portal-better-auth groombook/web:gro-1829-swpwa-fix groombook/web:ccfa5281-2076-40c2-87a9-bf2dbcf98d22/gro-1822-role-based-redirect groombook/web:fix/gro-1822-role-based-redirect groombook/web:feature/gro-1165e-booking-status-badge groombook/web:feature/gro-1165d-booking-analytics groombook/web:feature/gro-1165b-error-recovery groombook/web:flea-flicker/pet-profile-editor groombook/web:fix/gro-1757-uat-playbook groombook/web:fix/gro-1633-web-ci-buildx groombook/web:promote-uat-gro1592 groombook/web:fix/gro-1592-sso-session-cookie groombook/web:pr-13 groombook/web:fix/gro-1414-pet-size-enum groombook/web:pr-1 groombook/web:fix/ci-registry-auth groombook/web:fix/GRO-1289-uat-playbook-web groombook/web:add-renovate-config groombook/web:docs/GRO-1099-uat-playbook-web

20 Commits
dev .. f549101962

Author SHA1 Message Date
The Dogfather f549101962 fix(GRO-2236): portal Book New service cards show price + duration (#57)
CI / Test (pull_request) Successful in 20s
Details
CI / Lint & Typecheck (pull_request) Successful in 28s
Details
CI / Build & Push Docker Image (pull_request) Successful in 14s
Details 
Co-authored-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>
Co-committed-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>
 2026-06-08 23:32:19 +00:00
Flea Flicker 62dc85b560 Promote dev → uat: GRO-2211/2218/2207 + GRO-2234 portal Book New (cumulative) (#56)
CI / Lint & Typecheck (push) Successful in 28s
Details
CI / Test (push) Successful in 28s
Details
CI / Build & Push Docker Image (push) Successful in 41s
Details
CI / Test (pull_request) Successful in 21s
Details
CI / Lint & Typecheck (pull_request) Successful in 27s
Details
CI / Build & Push Docker Image (pull_request) Successful in 47s
Details
2026-06-08 19:58:43 +00:00
Flea Flicker bc21d6de09 Promote dev → uat: GRO-2213 portal booking preferredTime HH:MM:SS fix (#52)
CI / Test (push) Successful in 21s
Details
CI / Test (pull_request) Successful in 22s
Details
CI / Lint & Typecheck (push) Successful in 26s
Details
CI / Lint & Typecheck (pull_request) Successful in 28s
Details
CI / Build & Push Docker Image (push) Successful in 25s
Details
CI / Build & Push Docker Image (pull_request) Successful in 20s
Details
2026-06-08 17:36:16 +00:00
Flea Flicker 32ef3bca4d Merge pull request 'Promote dev → uat: GRO-2180 portal Appointments ISO startTime fix' (#50) from dev into uat
CI / Lint & Typecheck (pull_request) Failing after 10m47s
Details
CI / Test (push) Failing after 10m51s
Details
CI / Lint & Typecheck (push) Failing after 10m52s
Details
CI / Build & Push Docker Image (push) Has been skipped
Details
CI / Test (pull_request) Failing after 15m38s
Details
CI / Build & Push Docker Image (pull_request) Has been skipped
Details 
Merge PR #50: fix(GRO-2180) portal Appointments ISO startTime (dev → uat)

QA-approved (gb_lint); PR CI green after transient runner re-run.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-08 10:28:50 +00:00
Flea Flicker 47c29ecbc2 Promote to UAT: GRO-2105 BookingFlow/RescheduleFlow availability fix (#47)
CI / Test (push) Successful in 17s
Details
CI / Lint & Typecheck (push) Successful in 23s
Details
CI / Build & Push Docker Image (push) Successful in 19s
Details
CI / Test (pull_request) Failing after 10m34s
Details
CI / Lint & Typecheck (pull_request) Failing after 10m34s
Details
CI / Build & Push Docker Image (pull_request) Has been skipped
Details
2026-06-02 19:17:03 +00:00
The Dogfather de7386e47a Promote to UAT: GRO-2094 React bootstrap error instrumentation (#45)
CI / Test (push) Successful in 23s
Details
CI / Lint & Typecheck (push) Successful in 30s
Details
CI / Build & Push Docker Image (push) Successful in 13s
Details 
Co-authored-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>
Co-committed-by: The Dogfather <20+gb_dogfather@noreply.git.farh.net>
 2026-06-02 18:42:25 +00:00
The Dogfather ec29f71974 Merge pull request 'Promote to UAT: GRO-2012 RescheduleFlow portalSessionId fallback' (#39) from dev into uat
CI / Test (push) Successful in 21s
Details
CI / Lint & Typecheck (push) Successful in 30s
Details
CI / Build & Push Docker Image (push) Successful in 10s
Details
CI / Test (pull_request) Successful in 21s
Details
CI / Lint & Typecheck (pull_request) Successful in 28s
Details
CI / Build & Push Docker Image (pull_request) Successful in 13s
Details
2026-06-01 17:46:35 +00:00
The Dogfather bd2a0d9516 Merge pull request 'Promote dev -> uat: GRO-2011 login-blank fix (+ GRO-1867)' (#37) from dev into uat
CI / Test (push) Successful in 19s
Details
CI / Lint & Typecheck (push) Successful in 23s
Details
CI / Build & Push Docker Image (push) Successful in 10s
Details
2026-06-01 16:38:14 +00:00
The Dogfather 0e5e9d1f16 Merge pull request 'chore: promote dev → uat (GRO-1829 SW fix)' (#32) from dev into uat
CI / Test (push) Successful in 13s
Details
CI / Lint & Typecheck (push) Successful in 23s
Details
CI / Build & Push Docker Image (push) Successful in 15s
Details 
Merge: promote dev → uat (GRO-1829 SW fix)
 2026-05-27 02:27:32 +00:00
The Dogfather 3b4d0f15f6 Merge pull request 'chore: promote dev → uat (GRO-1795 StatusBadge)' (#28) from dev into uat
CI / Lint & Typecheck (push) Successful in 17s
Details
CI / Test (push) Successful in 13s
Details
CI / Build & Push Docker Image (push) Successful in 34s
Details 
Merge PR #28: promote dev → uat (GRO-1795 StatusBadge)
 2026-05-26 13:23:52 +00:00
The Dogfather 87939e5413 Merge pull request 'chore: promote dev → uat (GRO-1794 booking analytics)' (#27) from dev into uat
CI / Test (push) Successful in 19s
Details
CI / Lint & Typecheck (push) Successful in 22s
Details
CI / Build & Push Docker Image (push) Successful in 12s
Details 
Merge dev → uat: GRO-1794 booking funnel analytics events
 2026-05-26 13:16:39 +00:00
The Dogfather 4e3a038bf3 Merge pull request 'Promote dev → uat (GRO-1793: dynamic time slots)' (#25) from dev into uat
CI / Test (push) Successful in 14s
Details
CI / Lint & Typecheck (push) Successful in 16s
Details
CI / Build & Push Docker Image (push) Failing after 6s
Details 
Promote dev → uat: GRO-1793 dynamic portal time slots (#25)
 2026-05-26 13:02:16 +00:00
Lint Roller 8349ea00de Merge pull request 'promote: dev → uat (GRO-1757 SSO auto-provision fix)' (#19) from dev into uat
CI / Test (push) Successful in 13s
Details
CI / Lint & Typecheck (push) Successful in 33s
Details
CI / Build & Push Docker Image (push) Successful in 14s
Details
CI / Test (pull_request) Successful in 19s
Details
CI / Lint & Typecheck (pull_request) Successful in 24s
Details
CI / Build & Push Docker Image (pull_request) Successful in 15s
Details 
promote: dev → uat (GRO-1757 SSO auto-provision fix)
 2026-05-25 23:48:10 +00:00
The Dogfather 0306c7fbd9 Merge pull request 'chore(GRO-1592): promote dev→uat SSO session cookie fix' (#16) from promote-uat-gro1592 into uat
CI / Test (push) Successful in 12s
Details
CI / Lint & Typecheck (push) Successful in 18s
Details
CI / Build & Push Docker Image (push) Failing after 39s
Details
2026-05-23 14:13:43 +00:00
Chris Farhood 93da2f1dd8 chore: promote dev→uat for GRO-1592 SSO session cookie fix
CI / Lint & Typecheck (pull_request) Successful in 17s
Details
CI / Test (pull_request) Successful in 18s
Details
CI / Build & Push Docker Image (pull_request) Failing after 41s
Details 
- Fixed frontend auth client baseURL fallback to use window.location.origin
- Added UAT test coverage (TC-AUTH-5.3.4)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 14:13:12 +00:00
The Dogfather 62cbfe4e43 Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14) from dev into uat
CI / Test (push) Successful in 14s
Details
CI / Lint & Typecheck (push) Successful in 19s
Details
CI / Build & Push Docker Image (push) Successful in 9s
Details 
promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14)

Merged-By: The Dogfather (CTO)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-21 19:46:41 +00:00
The Dogfather db6a2a1bbf Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11) from dev into uat 
promote: dev → uat (Renovate config, GRO-1081)

Merge PR #11: dev → uat promotion
Includes: chore: add Renovate config (GRO-1081)
 2026-05-20 12:42:04 +00:00
The Dogfather 032a3796ba Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10) from dev into uat 
chore: promote dev to uat (CI Docker registry fix) (#10)

Promotes GRO-1348 CI registry fix to UAT.
 2026-05-20 11:17:21 +00:00
the-dogfather-cto[bot] cac8fc947e chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md 
chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md
 2026-05-14 21:13:56 +00:00
the-dogfather-cto[bot] 592be1301c chore: promote dev to uat (#3) 
chore: promote dev to uat
 2026-05-11 13:19:33 +00:00
13 changed files with 45 additions and 2352 deletions
Expand all files Collapse all files
UAT_PLAYBOOK.md
+2 -75
View File
@@ -217,25 +217,6 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
| TC-WEB-5.12.16 | Badge status from data | Compare badge label to appointment.status field | Badge label matches the API appointment status exactly |
| TC-WEB-5.12.17 | Unknown status fallback | Render badge with unknown status value | Badge renders with the raw status string as label and fallback CSS class |
#### 5.12f Live StatusBadge palette — no-show / pending / waitlisted (GRO-2319)
These cases exercise the full StatusBadge palette as it is now produced live by
the seeded UAT customer (`uat-customer@groombook.dev`), not just unit-rendered.
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-WEB-5.12.26 | No-show badge (item 1) | Sign in as `uat-customer@groombook.dev`, open `Appointments`**Past** tab, find the seeded `no_show` appointment | A styled yellow **"No-show"** badge renders (`bg-yellow-100 text-yellow-700`) — **not** a raw gray `no_show` label. The DB `no_show` (underscore) status is normalized to the `no-show` palette key. |
| TC-WEB-5.12.27 | Pending derivation (item 2) | On the **Upcoming** tab, find the seeded upcoming appointment whose `confirmationStatus` is `pending` (groomer-unconfirmed) | The card's top-row badge reads amber **"Pending"** (derived from `confirmationStatus`), even though the raw appointment status is `scheduled`. |
| TC-WEB-5.12.28 | Confirmed not overridden | On the **Upcoming** tab, find the seeded confirmed appointment (`confirmationStatus = confirmed`) | Badge still reads green **"Confirmed"** — the pending derivation does not override a confirmed appointment. |
| TC-WEB-5.12.29 | Waitlisted card (item 2) | On the **Upcoming** tab, find the seeded waitlist entry for the customer | A card renders with a blue **"Waitlisted"** badge, a **dashed muted border**, and the subtext _"You're on the waitlist — we'll let you know if a spot opens."_ The Confirm / Reschedule / Cancel / Notes actions are **not** shown for this entry (it is not a booked appointment). |
> **GRO-2319 note:** the DB `appointment_status` enum cannot represent `pending`
> or `waitlisted`, so those badges are derived in the portal: `pending` from an
> upcoming appointment's `confirmationStatus`, and `waitlisted` from active
> `waitlist_entries` surfaced by `GET /api/portal/appointments` as synthetic
> cards. The `no_show` → `no-show` key normalization fixes the cosmetic badge
> mismatch (item 1).
#### 5.12d Appointment API Shape Normalization (GRO-2180)
| # | Scenario | Steps | Expected |
@@ -446,13 +427,8 @@ These cases cover the `CustomerPortal` initialisation path that bridges an Authe
| TC-WEB-5.25.2 | Bridge call sequence | Repeat TC-WEB-5.25.1 with DevTools → Network open and the **All** tab filtered to `/api/`. | In order: `GET /api/auth/get-session` → 200. `POST /api/portal/session-from-auth` → 201 with body `{ sessionId, clientId, clientName }`. |
| TC-WEB-5.25.3 | Subsequent portal calls use the bridged session ID | After TC-WEB-5.25.1 succeeds, navigate to **Appointments**, **My Pets**, **Billing**, **Settings**. Inspect any `/api/portal/*` request in DevTools → Network. | Each portal API call carries an `X-Impersonation-Session-Id` header whose value equals the `sessionId` returned by `session-from-auth` (not a URL-param value). Each call returns 200 (or 404 for genuinely empty collections), never 401. |
| TC-WEB-5.25.4 | No impersonation chrome for the customer's own session | After TC-WEB-5.25.1, scan the portal UI. | No amber border around the page. No "STAFF VIEW" watermark. No "End Impersonation" button in the sidebar. The customer is themselves; only impersonation sessions started via `?sessionId=` show the banner. |
| TC-WEB-5.25.5 | 404 from SSO bridge routes to OOBE (GRO-2359) | 1. Sign in via SSO with an Authentik account whose email is **not** present in `clients`. 2. Land on `/`. | `POST /api/portal/session-from-auth` returns 404. The post-auth handler mounts the **OOBE** (`src/portal/OOBE.tsx`) — a centred card titled **"Welcome — let's set up your portal"** with form fields for name (prefilled from the Better Auth session), phone, address, and notes. The legacy "Portal access not configured" card is **not** rendered on the new-user path. No redirect loop, no portal chrome. |
| TC-WEB-5.25.6 | OOBE form submission creates the portal (GRO-2359) | From TC-WEB-5.25.5, fill in the OOBE form and click **Create my portal**. | `POST /api/portal/clients-from-auth` is called with `{ name, phone, address, notes }`; the email is taken from the Better Auth session (the API binds the new client row to the SSO identity). The page reloads to `/`, the bridge re-runs, and the user lands in their portal dashboard. DevTools → Network shows `POST /api/portal/clients-from-auth` → 201 followed by `POST /api/portal/session-from-auth` → 201. |
| TC-WEB-5.25.6b | OOBE handles portal selection (409 from clients-from-auth) (GRO-2359) | 1. Sign in via SSO with an email that already exists in `clients` (e.g. a previously deleted-then-recreated account). 2. Land on OOBE. 3. Click **Create my portal**. | The API returns 409 "A customer record with this email already exists". The OOBE re-enables the submit button and shows the portal-selection message: "A customer record with this email already exists. Please contact your groomer to link your account." The shared signOut() button remains reachable so the user can exit if needed. |
| TC-WEB-5.25.6c | OOBE uses the shared signOut() handler (GRO-2358, GRO-2359) | From TC-WEB-5.25.5, click **Sign out** in the OOBE footer. | The same shared `signOut()` from `lib/auth-client` fires (same handler as `AdminLayout` and the no-access card); browser navigates to `/login`; the Authentik session cookie is cleared. The handler always navigates to `/login` — even if the network call to `/api/auth/sign-out` fails — so a transient auth-server hiccup never leaves the user trapped on an authenticated screen. |
| TC-WEB-5.25.6d | OOBE is mountable from a direct deep-link (GRO-2359) | 1. Sign in via SSO as any customer. 2. In a new tab, navigate to `https://uat.groombook.dev/onboarding`. | The OOBE form mounts (the App.tsx `/onboarding` route resolves before the CustomerPortal `!sessionId` guards). The submit, signOut, and field-validation behaviour are identical to the post-auth mount. |
| TC-WEB-5.25.6e | Deleted-portal deep-link still reaches the no-access card (GRO-2358, GRO-2359) | 1. Sign in via SSO as a customer whose `clients` row was disabled/deleted by the groomer. 2. Land on a portal sub-route with `?noAccess=deleted-portal` (e.g. visit `https://uat.groombook.dev/appointments?noAccess=deleted-portal` directly). | The no-access card renders (the deep-link deleted-portal case — the OOBE is reserved for first-time creation). The shared signOut() from GRO-2358 is wired identically. This proves the no-access card is still reachable for non-new-user failure modes and the CMPO "no-trap" invariant holds across the auth boundary. |
| TC-WEB-5.25.6f | In-portal chrome sidebar exposes a Sign out button (GRO-2373) | 1. Complete TC-WEB-5.25.1 (SSO sign-in as a customer). 2. From the portal chrome, look at the sidebar footer (the section below the navigation links, where "Customer Portal v1.0" sits). 3. Locate the **Sign out** button (a stone-grey button above the version label, with a LogOut icon). 4. Click it. | A **Sign out** button is present in the sidebar footer (not buried in the Settings page, not hidden in a dropdown — it's visible on every portal sub-route, including Home, Appointments, My Pets, Report Cards, Billing, Messages, Settings). Clicking it fires the same shared `signOut()` from `lib/auth-client` (same handler as the OOBE footer, the no-access card, and `AdminLayout`'s top-bar "Logout"); `POST /api/auth/sign-out` → 200 `{"success":true}`; the browser navigates to `/login`; the Better Auth / Authentik session cookie is cleared. Proves the CMPO "no-trap" invariant (originally established in GRO-2355) holds on the third authenticated surface — the in-portal chrome — which the GRO-2358 P1 fix did not cover. |
| TC-WEB-5.25.5 | 404 fallback for authenticated user with no client record | 1. Sign in via SSO with an Authentik account whose email is **not** present in `clients`. 2. Land on `/`. | `POST /api/portal/session-from-auth` returns 404. The portal renders a centred card titled **"Portal access not configured"** with the message about contacting the groomer and a **Sign out** button. No redirect loop, no portal chrome. |
| TC-WEB-5.25.6 | 404 fallback Sign-out escape hatch | From TC-WEB-5.25.5 click **Sign out**. | `POST /api/auth/sign-out` fires; browser navigates to `/login`; the Authentik session cookie is cleared. Reloading `/` no longer hits 404 (will show the login page). |
| TC-WEB-5.25.7 | Bridge precedence — impersonation URL wins | 1. Sign in via SSO as a customer. 2. Open a new tab to `https://uat.groombook.dev/?sessionId=<a-valid-staff-impersonation-session-id>`. | The impersonation path runs; the amber banner appears for the impersonated client. The Better Auth bridge is **not** called on this load (`session-from-auth` absent in Network). |
| TC-WEB-5.25.8 | Bridge precedence — dev user wins | In dev mode (e.g. local) with `localStorage["dev-user"]` set to a client persona, navigate to `/`. | The dev-session path runs (`POST /api/portal/dev-session`). The Better Auth bridge is **not** called (`session-from-auth` absent in Network). Staff dev users still redirect to `/admin`. |
| TC-WEB-5.25.9 | Staff Better Auth session does not run the customer bridge | Sign in via SSO with a staff identity. Navigate to `/`. | `App.tsx` routing redirects to `/admin`. `POST /api/portal/session-from-auth` is **not** called. |
@@ -495,55 +471,6 @@ These cases guard against the regression where an SSO-bridge customer (no `?sess
| TC-WEB-5.26.3 | Impersonation flow reschedule is unchanged (no regression) | 1. With an active impersonation session (`?sessionId=<active>`), load `/`. 2. Click **Reschedule** on an appointment. 3. Pick a date. | `GET /api/book/availability` includes `X-Impersonation-Session-Id` equal to the impersonation `sessionId` (not `portalSessionId`). Returns 200. Behaves identically to the pre-fix build. |
| TC-WEB-5.26.4 | No `X-Impersonation-Session-Id` is empty / null | From TC-WEB-5.26.1, inspect every `/api/portal/*` and `/api/book/*` request. | No request has an empty or `null` `X-Impersonation-Session-Id` header. |
### 5.28 Route Planner Page (GRO-2158)
The admin Route Planner lives at `/admin/routes`. It shows a groomer's geocoded appointment stops for a chosen date on a `react-leaflet` / OpenStreetMap map (numbered pins + a connecting polyline), a stop-list panel, a travel-time/distance summary, a route status badge, and an **Optimize** button wired to `POST /api/routes/optimize`. Leaflet is loaded via a dynamic import so it ships as a separate code-split chunk. Groomers are auto-filtered to their own route (no groomer selector); managers/receptionists pick a groomer.
**Pre-conditions:**
- Sign in to `/admin` as a manager (e.g. uat-manager) and, separately, as a groomer (uat-groomer).
- At least one groomer has appointments on the test date whose clients have geocoded addresses.
| # | Scenario | Steps | Expected |
|---|----------|-------|----------|
| TC-WEB-5.28.1 | Page loads and is reachable from nav | 1. Sign in as a manager. 2. Click **Routes** in the admin nav. | URL is `/admin/routes`. The "Route Planner" heading, a Date picker, a Groomer selector, and an **Optimize** button render. No console errors. |
| TC-WEB-5.28.2 | Leaflet map is code-split | 1. Open DevTools → Network (JS filter). 2. Load `/admin/reports` first, confirm no `RouteMap` chunk loads. 3. Navigate to `/admin/routes`. | A separate `RouteMap-*.js` chunk (and `RouteMap-*.css`) is fetched only when the Routes page renders, not on other admin pages. |
| TC-WEB-5.28.3 | Map shows numbered pins + polyline | Select a groomer + date that has a built route with ≥2 geocoded stops. | The OSM map renders with one numbered pin per stop (1, 2, 3…) and a polyline connecting them in order. Tile attribution to OpenStreetMap is visible. |
| TC-WEB-5.28.4 | Stop-list panel cards | Inspect the panel beside the map. | Each stop card shows the stop number, client name, appointment time, address, and travel time from the previous stop (stop 1 shows "Start of route"). |
| TC-WEB-5.28.5 | Summary + status badge | Inspect the summary bar and badge. | Stops count, total travel time, and total distance (km) are shown. A status badge reads one of Draft / Optimized / In progress / Completed matching the route's status. |
| TC-WEB-5.28.6 | Optimize button | Click **Optimize**. | A `POST /api/routes/optimize` with `{ staffId, date }` fires. On success the map, stop order, summary, and status badge refresh. Any skipped (non-geocoded) clients surface as a warning. |
| TC-WEB-5.28.7 | Groomer role auto-filter | Sign in as a groomer and open `/admin/routes`. | No groomer selector is shown. The page loads the signed-in groomer's own route for the selected date. The groomer cannot view another groomer's route. |
| TC-WEB-5.28.8 | Empty / no-route state | Select a date with no appointments. | The map area and stop panel show a friendly empty state ("No stops…"). No crash; **Optimize** is still clickable. |
### 5.29 Route Planner — Drag-to-Reorder & Re-optimize (GRO-2159)
The stop-list panel is drag-sortable (`@dnd-kit`). Each stop card has a grab handle (⠿). Dropping a stop in a new position calls `PATCH /api/routes/:routeId/reorder` with `{ stopOrder: [routeStopId…] }` (full first-to-last order); the UI updates optimistically and rolls back on error. The server recomputes per-leg travel, buffers, totals and tight-schedule conflict flags, and the panel/map/summary adopt the response. A "tight schedule" warning is shown on any stop whose gap is shorter than its travel + buffer. After a manual reorder a hint with a **Re-optimize** button appears (re-runs `POST /api/routes/optimize`). Drag works via mouse (desktop), press-and-hold touch (mobile groomers), and keyboard (focus handle → Space → arrows → Space).
| Test Case | Description | Steps | Expected Result |
|-----------|-------------|-------|-----------------|
| TC-WEB-5.29.1 | Drag handle present | Open `/admin/routes` for a route with ≥2 stops. | Each stop card shows a grab handle (⠿) with an accessible label "Drag to reorder <client>". |
| TC-WEB-5.29.2 | Reorder persists | Drag a stop to a new position and drop it. | A `PATCH /api/routes/:routeId/reorder` fires with the new `stopOrder` (every stop id once, new order). Stop numbers, the map polyline order, and travel-from-previous labels refresh to match. |
| TC-WEB-5.29.3 | Optimistic update + rollback | Simulate a failing reorder (e.g. server returns an error / offline). | The list shows the new order immediately, then reverts to the prior order when the PATCH fails, and an error message is shown. No stuck/partial order. |
| TC-WEB-5.29.4 | Tight-schedule warning re-evaluated | Reorder so two stops are too close together. | The affected stop card shows "⚠ Tight schedule — travel + buffer may exceed the gap" (red border) after the server recomputes; warnings clear on a roomier order. |
| TC-WEB-5.29.5 | Re-optimize button | After a manual drag reorder, locate the hint banner. | A "Stops reordered manually…" hint with a **Re-optimize** button appears. Clicking it fires `POST /api/routes/optimize` and the hint clears once the optimized route loads. The hint is absent before any manual reorder. |
| TC-WEB-5.29.6 | Touch / mobile drag | On a touch device (or mobile emulation), press-and-hold a stop's handle (~200ms) then drag. | The stop lifts and can be dropped in a new position; page scroll is not hijacked by a quick swipe. Reorder persists as in 5.29.2. |
| TC-WEB-5.29.7 | Groomer reorders own route | Sign in as a groomer, reorder stops on the own route. | Reorder succeeds (groomer is authorized for their own route). |
### 5.30 Route Planner — Navigation Export & Offline (GRO-2160)
When a route has stops, an export panel offers **Open in Google Maps** and **Open in Apple Maps** buttons. Each fetches `GET /api/routes/:routeId/export/google-maps` (or `/apple-maps`) and opens the returned deep-link URL in the device's maps app (Google Maps `https://www.google.com/maps/dir/?...`, Apple Maps `maps://...`). The page detects the device OS (iOS / Android / desktop) and renders the most relevant button prominently (filled) with the other as a secondary outline button; on iOS Apple Maps leads, otherwise Google Maps leads. Offline support: the existing Workbox `NetworkFirst` rule caches `/api/routes/*` responses (24h TTL) so a previously-loaded route still renders without network; a `CacheFirst` rule (`osm-tiles`, 7-day TTL, 400 entries) caches OpenStreetMap tiles. On every route load and after each optimize/reorder, the page pre-warms the OSM tiles covering the route's bounding box (zooms 1214, capped at 80 tiles) so the map is viewable offline. The layout is responsive: below 768px the map/stop-list stack to one column, the map shrinks, and the export buttons go full-width.
| Test Case | Description | Steps | Expected Result |
|-----------|-------------|-------|-----------------|
| TC-WEB-5.30.1 | Export buttons render | Open `/admin/routes` for a route with ≥1 stop. | An export panel shows both **Open in Google Maps** and **Open in Apple Maps** buttons. Buttons are absent when there are no stops. |
| TC-WEB-5.30.2 | Google Maps deep link | Click **Open in Google Maps**. | A `GET /api/routes/:routeId/export/google-maps` fires and the returned `https://www.google.com/maps/dir/?...` URL opens (new tab / Google Maps app) with origin, destination, and waypoints in route order. |
| TC-WEB-5.30.3 | Apple Maps deep link | On iOS (or emulation), click **Open in Apple Maps**. | A `GET /api/routes/:routeId/export/apple-maps` fires and the returned `maps://...` URL opens Apple Maps with the route chained `+to:`. |
| TC-WEB-5.30.4 | Platform-aware prominence | Open the page on an iPhone (or iOS UA emulation) vs Android/desktop. | On iOS the **Apple Maps** button is the prominent (filled) one and Google Maps is the secondary (outline); on Android/desktop **Google Maps** is prominent and Apple Maps secondary. Both buttons are always available. |
| TC-WEB-5.30.5 | Export error handling | Trigger an export that errors (e.g. route exceeds the platform waypoint cap). | The pre-opened tab is closed and an inline error message is shown; no silent failure. |
| TC-WEB-5.30.6 | Offline route data | Load a route online, then in DevTools → Network set **Offline** and reload `/admin/routes` for the same groomer/date. | The route data still loads from the `api-cache` (NetworkFirst fallback); stops, summary, and badge render without network. |
| TC-WEB-5.30.7 | Offline map tiles | After viewing/optimizing a route online, go **Offline** and view the same route. | The OSM map tiles for the route area render from the `osm-tiles` CacheFirst cache (pre-warmed); the map is not blank in the route's vicinity. |
| TC-WEB-5.30.8 | Responsive mobile layout | Open the page at a phone width (≤768px, e.g. 390px). | Map and stop-list stack into a single column, the map height shrinks, and the export buttons span full width. No horizontal scroll; controls remain usable with a thumb. |
## 6. Pass/Fail Criteria
**Pass:**
package.json
-6
View File
@@ -13,19 +13,14 @@
"test:e2e": "playwright test -c e2e/playwright.config.ts"
},
"dependencies": {
"@dnd-kit/core": "^6.3.1",
"@dnd-kit/sortable": "^10.0.0",
"@dnd-kit/utilities": "^3.2.2",
"@groombook/types": "workspace:*",
"@stripe/react-stripe-js": "^6.1.0",
"@stripe/stripe-js": "^9.1.0",
"@tailwindcss/vite": "^4.2.2",
"better-auth": "^1.5.6",
"leaflet": "^1.9.4",
"lucide-react": "^0.577.0",
"react": "^19.0.0",
"react-dom": "^19.0.0",
"react-leaflet": "^5.0.0",
"react-router-dom": "^7.1.2",
"recharts": "^3.8.0",
"tailwindcss": "^4.2.2"
@@ -35,7 +30,6 @@
"@testing-library/jest-dom": "^6.9.1",
"@testing-library/react": "^16.3.2",
"@testing-library/user-event": "^14.6.1",
"@types/leaflet": "^1.9.12",
"@types/node": "^25.6.0",
"@types/react": "^19.0.6",
"@types/react-dom": "^19.0.3",
pnpm-lock.yaml
Generated
+3 -138
View File
@@ -8,15 +8,6 @@ importers:
.:
dependencies:
'@dnd-kit/core':
specifier: ^6.3.1
version: 6.3.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
'@dnd-kit/sortable':
specifier: ^10.0.0
version: 10.0.0(@dnd-kit/core@6.3.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6))(react@19.2.6)
'@dnd-kit/utilities':
specifier: ^3.2.2
version: 3.2.2(react@19.2.6)
'@groombook/types':
specifier: workspace:*
version: link:packages/types
@@ -32,9 +23,6 @@ importers:
better-auth:
specifier: ^1.5.6
version: 1.6.10(react-dom@19.2.6(react@19.2.6))(react@19.2.6)(vitest@3.2.4(@types/node@25.6.2)(jiti@2.7.0)(jsdom@26.1.0)(lightningcss@1.32.0)(terser@5.47.1))
leaflet:
specifier: ^1.9.4
version: 1.9.4
lucide-react:
specifier: ^0.577.0
version: 0.577.0(react@19.2.6)
@@ -44,15 +32,12 @@ importers:
react-dom:
specifier: ^19.0.0
version: 19.2.6(react@19.2.6)
react-leaflet:
specifier: ^5.0.0
version: 5.0.0(leaflet@1.9.4)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
react-router-dom:
specifier: ^7.1.2
version: 7.15.0(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
recharts:
specifier: ^3.8.0
version: 3.8.1(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-is@17.0.2)(react@19.2.6)(redux@5.0.1)
version: 3.8.1(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-is@16.13.1)(react@19.2.6)(redux@5.0.1)
tailwindcss:
specifier: ^4.2.2
version: 4.3.0
@@ -69,9 +54,6 @@ importers:
'@testing-library/user-event':
specifier: ^14.6.1
version: 14.6.1(@testing-library/dom@10.4.1)
'@types/leaflet':
specifier: ^1.9.12
version: 1.9.21
'@types/node':
specifier: ^25.6.0
version: 25.6.2
@@ -757,28 +739,6 @@ packages:
resolution: {integrity: sha512-Vd/9EVDiu6PPJt9yAh6roZP6El1xHrdvIVGjyBsHR0RYwNHgL7FJPyIIW4fANJNG6FtyZfvlRPpFI4ZM/lubvw==}
engines: {node: '>=18'}
'@dnd-kit/accessibility@3.1.1':
resolution: {integrity: sha512-2P+YgaXF+gRsIihwwY1gCsQSYnu9Zyj2py8kY5fFvUM1qm2WA2u639R6YNVfU4GWr+ZM5mqEsfHZZLoRONbemw==}
peerDependencies:
react: '>=16.8.0'
'@dnd-kit/core@6.3.1':
resolution: {integrity: sha512-xkGBRQQab4RLwgXxoqETICr6S5JlogafbhNsidmrkVv2YRs5MLwpjoF2qpiGjQt8S9AoxtIV603s0GIUpY5eYQ==}
peerDependencies:
react: '>=16.8.0'
react-dom: '>=16.8.0'
'@dnd-kit/sortable@10.0.0':
resolution: {integrity: sha512-+xqhmIIzvAYMGfBYYnbKuNicfSsk4RksY2XdmJhT+HAC01nix6fHCztU68jooFiMUB01Ky3F0FyOvhG/BZrWkg==}
peerDependencies:
'@dnd-kit/core': ^6.3.0
react: '>=16.8.0'
'@dnd-kit/utilities@3.2.2':
resolution: {integrity: sha512-+MKAJEOfaBe5SmV6t34p80MMKhjvUz0vRrvVJbPT0WElzaOJ/1xs+D+KDv+tD/NE5ujfrChEcshd4fLn0wpiqg==}
peerDependencies:
react: '>=16.8.0'
'@esbuild/aix-ppc64@0.25.12':
resolution: {integrity: sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==}
engines: {node: '>=18'}
@@ -1045,13 +1005,6 @@ packages:
engines: {node: '>=18'}
hasBin: true
'@react-leaflet/core@3.0.0':
resolution: {integrity: sha512-3EWmekh4Nz+pGcr+xjf0KNyYfC3U2JjnkWsh0zcqaexYqmmB5ZhH37kz41JXGmKzpaMZCnPofBBm64i+YrEvGQ==}
peerDependencies:
leaflet: ^1.9.0
react: ^19.0.0
react-dom: ^19.0.0
'@reduxjs/toolkit@2.11.2':
resolution: {integrity: sha512-Kd6kAHTA6/nUpp8mySPqj3en3dm0tdMIgbttnQ1xFMVpufoj+ADi8pXLBsd4xzTRHQa7t/Jv8W5UnCuW4kuWMQ==}
peerDependencies:
@@ -1149,79 +1102,66 @@ packages:
resolution: {integrity: sha512-DV6fJoxEYWJOvaZIsok7KrYl0tPvga5OZ2yvKHNNYyk/2roMLqQAbGhr78EQ5YhHpnhLKJD3S1WFusAkmUuV5g==}
cpu: [arm]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-arm-musleabihf@4.60.3':
resolution: {integrity: sha512-mQKoJAzvuOs6F+TZybQO4GOTSMUu7v0WdxEk24krQ/uUxXoPTtHjuaUuPmFhtBcM4K0ons8nrE3JyhTuCFtT/w==}
cpu: [arm]
os: [linux]
libc: [musl]
'@rollup/rollup-linux-arm64-gnu@4.60.3':
resolution: {integrity: sha512-Whjj2qoiJ6+OOJMGptTYazaJvjOJm+iKHpXQM1P3LzGjt7Ff++Tp7nH4N8J/BUA7R9IHfDyx4DJIflifwnbmIA==}
cpu: [arm64]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-arm64-musl@4.60.3':
resolution: {integrity: sha512-4YTNHKqGng5+yiZt3mg77nmyuCfmNfX4fPmyUapBcIk+BdwSwmCWGXOUxhXbBEkFHtoN5boLj/5NON+u5QC9tg==}
cpu: [arm64]
os: [linux]
libc: [musl]
'@rollup/rollup-linux-loong64-gnu@4.60.3':
resolution: {integrity: sha512-SU3kNlhkpI4UqlUc2VXPGK9o886ZsSeGfMAX2ba2b8DKmMXq4AL7KUrkSWVbb7koVqx41Yczx6dx5PNargIrEA==}
cpu: [loong64]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-loong64-musl@4.60.3':
resolution: {integrity: sha512-6lDLl5h4TXpB1mTf2rQWnAk/LcXrx9vBfu/DT5TIPhvMhRWaZ5MxkIc8u4lJAmBo6klTe1ywXIUHFjylW505sg==}
cpu: [loong64]
os: [linux]
libc: [musl]
'@rollup/rollup-linux-ppc64-gnu@4.60.3':
resolution: {integrity: sha512-BMo8bOw8evlup/8G+cj5xWtPyp93xPdyoSN16Zy90Q2QZ0ZYRhCt6ZJSwbrRzG9HApFabjwj2p25TUPDWrhzqQ==}
cpu: [ppc64]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-ppc64-musl@4.60.3':
resolution: {integrity: sha512-E0L8X1dZN1/Rph+5VPF6Xj2G7JJvMACVXtamTJIDrVI44Y3K+G8gQaMEAavbqCGTa16InptiVrX6eM6pmJ+7qA==}
cpu: [ppc64]
os: [linux]
libc: [musl]
'@rollup/rollup-linux-riscv64-gnu@4.60.3':
resolution: {integrity: sha512-oZJ/WHaVfHUiRAtmTAeo3DcevNsVvH8mbvodjZy7D5QKvCefO371SiKRpxoDcCxB3PTRTLayWBkvmDQKTcX/sw==}
cpu: [riscv64]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-riscv64-musl@4.60.3':
resolution: {integrity: sha512-Dhbyh7j9FybM3YaTgaHmVALwA8AkUwTPccyCQ79TG9AJUsMQqgN1DDEZNr4+QUfwiWvLDumW5vdwzoeUF+TNxQ==}
cpu: [riscv64]
os: [linux]
libc: [musl]
'@rollup/rollup-linux-s390x-gnu@4.60.3':
resolution: {integrity: sha512-cJd1X5XhHHlltkaypz1UcWLA8AcoIi1aWhsvaWDskD1oz2eKCypnqvTQ8ykMNI0RSmm7NkTdSqSSD7zM0xa6Ig==}
cpu: [s390x]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-x64-gnu@4.60.3':
resolution: {integrity: sha512-DAZDBHQfG2oQuhY7mc6I3/qB4LU2fQCjRvxbDwd/Jdvb9fypP4IJ4qmtu6lNjes6B531AI8cg1aKC2di97bUxA==}
cpu: [x64]
os: [linux]
libc: [glibc]
'@rollup/rollup-linux-x64-musl@4.60.3':
resolution: {integrity: sha512-cRxsE8c13mZOh3vP+wLDxpQBRrOHDIGOWyDL93Sy0Ga8y515fBcC2pjUfFwUe5T7tqvTvWbCpg1URM/AXdWIXA==}
cpu: [x64]
os: [linux]
libc: [musl]
'@rollup/rollup-openbsd-x64@4.60.3':
resolution: {integrity: sha512-QaWcIgRxqEdQdhJqW4DJctsH6HCmo5vHxY0krHSX4jMtOqfzC+dqDGuHM87bu4H8JBeibWx7jFz+h6/4C8wA5Q==}
@@ -1308,28 +1248,24 @@ packages:
engines: {node: '>= 20'}
cpu: [arm64]
os: [linux]
libc: [glibc]
'@tailwindcss/oxide-linux-arm64-musl@4.3.0':
resolution: {integrity: sha512-Z6sukiQsngnWO+l39X4pPbiWT81IC+PLKF+PHxIlyZbGNb9MODfYlXEVlFvej5BOZInWX01kVyzeLvHsXhfczQ==}
engines: {node: '>= 20'}
cpu: [arm64]
os: [linux]
libc: [musl]
'@tailwindcss/oxide-linux-x64-gnu@4.3.0':
resolution: {integrity: sha512-DRNdQRpSGzRGfARVuVkxvM8Q12nh19l4BF/G7zGA1oe+9wcC6saFBHTISrpIcKzhiXtSrlSrluCfvMuledoCTQ==}
engines: {node: '>= 20'}
cpu: [x64]
os: [linux]
libc: [glibc]
'@tailwindcss/oxide-linux-x64-musl@4.3.0':
resolution: {integrity: sha512-Z0IADbDo8bh6I7h2IQMx601AdXBLfFpEdUotft86evd/8ZPflZe9COPO8Q1vw+pfLWIUo9zN/JGZvwuAJqduqg==}
engines: {node: '>= 20'}
cpu: [x64]
os: [linux]
libc: [musl]
'@tailwindcss/oxide-wasm32-wasi@4.3.0':
resolution: {integrity: sha512-HNZGOUxEmElksYR7S6sC5jTeNGpobAsy9u7Gu0AskJ8/20FR9GqebUyB+HBcU/ax6BHuiuJi+Oda4B+YX6H1yA==}
@@ -1451,15 +1387,9 @@ packages:
'@types/estree@1.0.9':
resolution: {integrity: sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==}
'@types/geojson@7946.0.16':
resolution: {integrity: sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==}
'@types/json-schema@7.0.15':
resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==}
'@types/leaflet@1.9.21':
resolution: {integrity: sha512-TbAd9DaPGSnzp6QvtYngntMZgcRk+igFELwR2N99XZn7RXUdKgsXMR+28bUO0rPsWp8MIu/f47luLIQuSLYv/w==}
'@types/node@25.6.2':
resolution: {integrity: sha512-sokuT28dxf9JT5Kady1fsXOvI4HVpjZa95NKT5y9PNTIrs2AsobR4GFAA90ZG8M+nxVRLysCXsVj6eGC7Vbrlw==}
@@ -2532,9 +2462,6 @@ packages:
resolution: {integrity: sha512-nbD8lB9EB3wNdMhOCdx5Li8DxnLbvKByylRLcJ1h+4SkrowVeECAyZlyiKMThF7xFdRz0jSQ2MoJr+wXux2y0Q==}
engines: {node: '>=20.0.0'}
leaflet@1.9.4:
resolution: {integrity: sha512-nxS1ynzJOmOlHp+iL3FyWqK89GtNL8U8rvlMOsQdTTssxZwCXh8N2NB3GDQOL+YR3XnWyZAxwQixURb+FA74PA==}
leven@3.1.0:
resolution: {integrity: sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==}
engines: {node: '>=6'}
@@ -2578,28 +2505,24 @@ packages:
engines: {node: '>= 12.0.0'}
cpu: [arm64]
os: [linux]
libc: [glibc]
lightningcss-linux-arm64-musl@1.32.0:
resolution: {integrity: sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==}
engines: {node: '>= 12.0.0'}
cpu: [arm64]
os: [linux]
libc: [musl]
lightningcss-linux-x64-gnu@1.32.0:
resolution: {integrity: sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==}
engines: {node: '>= 12.0.0'}
cpu: [x64]
os: [linux]
libc: [glibc]
lightningcss-linux-x64-musl@1.32.0:
resolution: {integrity: sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==}
engines: {node: '>= 12.0.0'}
cpu: [x64]
os: [linux]
libc: [musl]
lightningcss-win32-arm64-msvc@1.32.0:
resolution: {integrity: sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw==}
@@ -2841,13 +2764,6 @@ packages:
react-is@17.0.2:
resolution: {integrity: sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==}
react-leaflet@5.0.0:
resolution: {integrity: sha512-CWbTpr5vcHw5bt9i4zSlPEVQdTVcML390TjeDG0cK59z1ylexpqC6M1PJFjV8jD7CF+ACBFsLIDs6DRMoLEofw==}
peerDependencies:
leaflet: ^1.9.0
react: ^19.0.0
react-dom: ^19.0.0
react-redux@9.2.0:
resolution: {integrity: sha512-ROY9fvHhwOD9ySfrF0wmvu//bKCQ6AeZZq1nJNtbDC+kk5DuSuNX/n6YWYF/SYy7bSba4D4FSz8DJeKY/S/r+g==}
peerDependencies:
@@ -3207,9 +3123,6 @@ packages:
peerDependencies:
typescript: '>=4.8.4'
tslib@2.8.1:
resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==}
type-check@0.4.0:
resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==}
engines: {node: '>= 0.8.0'}
@@ -4295,31 +4208,6 @@ snapshots:
'@csstools/css-tokenizer@3.0.4': {}
'@dnd-kit/accessibility@3.1.1(react@19.2.6)':
dependencies:
react: 19.2.6
tslib: 2.8.1
'@dnd-kit/core@6.3.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6)':
dependencies:
'@dnd-kit/accessibility': 3.1.1(react@19.2.6)
'@dnd-kit/utilities': 3.2.2(react@19.2.6)
react: 19.2.6
react-dom: 19.2.6(react@19.2.6)
tslib: 2.8.1
'@dnd-kit/sortable@10.0.0(@dnd-kit/core@6.3.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6))(react@19.2.6)':
dependencies:
'@dnd-kit/core': 6.3.1(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
'@dnd-kit/utilities': 3.2.2(react@19.2.6)
react: 19.2.6
tslib: 2.8.1
'@dnd-kit/utilities@3.2.2(react@19.2.6)':
dependencies:
react: 19.2.6
tslib: 2.8.1
'@esbuild/aix-ppc64@0.25.12':
optional: true
@@ -4510,12 +4398,6 @@ snapshots:
dependencies:
playwright: 1.59.1
'@react-leaflet/core@3.0.0(leaflet@1.9.4)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)':
dependencies:
leaflet: 1.9.4
react: 19.2.6
react-dom: 19.2.6(react@19.2.6)
'@reduxjs/toolkit@2.11.2(react-redux@9.2.0(@types/react@19.2.14)(react@19.2.6)(redux@5.0.1))(react@19.2.6)':
dependencies:
'@standard-schema/spec': 1.1.0
@@ -4829,14 +4711,8 @@ snapshots:
'@types/estree@1.0.9': {}
'@types/geojson@7946.0.16': {}
'@types/json-schema@7.0.15': {}
'@types/leaflet@1.9.21':
dependencies:
'@types/geojson': 7946.0.16
'@types/node@25.6.2':
dependencies:
undici-types: 7.19.2
@@ -6008,8 +5884,6 @@ snapshots:
kysely@0.28.17: {}
leaflet@1.9.4: {}
leven@3.1.0: {}
levn@0.4.1:
@@ -6261,13 +6135,6 @@ snapshots:
react-is@17.0.2: {}
react-leaflet@5.0.0(leaflet@1.9.4)(react-dom@19.2.6(react@19.2.6))(react@19.2.6):
dependencies:
'@react-leaflet/core': 3.0.0(leaflet@1.9.4)(react-dom@19.2.6(react@19.2.6))(react@19.2.6)
leaflet: 1.9.4
react: 19.2.6
react-dom: 19.2.6(react@19.2.6)
react-redux@9.2.0(@types/react@19.2.14)(react@19.2.6)(redux@5.0.1):
dependencies:
'@types/use-sync-external-store': 0.0.6
@@ -6295,7 +6162,7 @@ snapshots:
react@19.2.6: {}
recharts@3.8.1(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-is@17.0.2)(react@19.2.6)(redux@5.0.1):
recharts@3.8.1(@types/react@19.2.14)(react-dom@19.2.6(react@19.2.6))(react-is@16.13.1)(react@19.2.6)(redux@5.0.1):
dependencies:
'@reduxjs/toolkit': 2.11.2(react-redux@9.2.0(@types/react@19.2.14)(react@19.2.6)(redux@5.0.1))(react@19.2.6)
clsx: 2.1.1
@@ -6305,7 +6172,7 @@ snapshots:
immer: 10.2.0
react: 19.2.6
react-dom: 19.2.6(react@19.2.6)
react-is: 17.0.2
react-is: 16.13.1
react-redux: 9.2.0(@types/react@19.2.14)(react@19.2.6)(redux@5.0.1)
reselect: 5.1.1
tiny-invariant: 1.3.3
@@ -6686,8 +6553,6 @@ snapshots:
dependencies:
typescript: 5.9.3
tslib@2.8.1: {}
type-check@0.4.0:
dependencies:
prelude-ls: 1.2.1
src/App.tsx
+1 -16
View File
@@ -8,7 +8,6 @@ import { StaffPage } from "./pages/Staff.js";
import { InvoicesPage } from "./pages/Invoices.js";
import { BookPage } from "./pages/Book.js";
import { ReportsPage } from "./pages/Reports.js";
import { RoutesPage } from "./pages/Routes.js";
import { GroupBookingPage } from "./pages/GroupBooking.js";
import { SettingsPage } from "./pages/Settings.js";
import { BookingConfirmedPage } from "./pages/BookingConfirmed.js";
@@ -16,7 +15,6 @@ import { BookingCancelledPage } from "./pages/BookingCancelled.js";
import { BookingErrorPage } from "./pages/BookingError.js";
import { SetupWizard } from "./pages/SetupWizard.tsx";
import { CustomerPortal } from "./portal/CustomerPortal.js";
import { OOBE } from "./portal/OOBE.js";
import { DevLoginSelector, getDevUser } from "./pages/DevLoginSelector.js";
import { DevSessionIndicator } from "./components/DevSessionIndicator.js";
import { BrandingProvider, useBranding } from "./BrandingContext.js";
@@ -177,7 +175,6 @@ const NAV_LINKS = [
{ to: "/admin/staff", label: "Staff" },
{ to: "/admin/invoices", label: "Invoices" },
{ to: "/admin/group-bookings", label: "Group Bookings" },
{ to: "/admin/routes", label: "Routes" },
{ to: "/admin/reports", label: "Reports" },
{ to: "/admin/settings", label: "Settings" },
{ to: "/", label: "Customer Portal" },
@@ -306,7 +303,6 @@ function AdminLayout() {
<Route path="/invoices" element={<InvoicesPage />} />
<Route path="/book" element={<BookPage />} />
<Route path="/group-bookings" element={<GroupBookingPage />} />
<Route path="/routes" element={<RoutesPage />} />
<Route path="/reports" element={<ReportsPage />} />
<Route path="/settings" element={<SettingsPage />} />
</Routes>
@@ -407,13 +403,7 @@ export function App() {
}
// Don't render portal chrome at /login — DevLoginSelector is shown instead
const showCustomerPortal = !location.pathname.startsWith("/admin") && location.pathname !== "/login" && location.pathname !== "/onboarding";
// GRO-2359: OOBE is mountable from a direct link (deep-link to /onboarding)
// and from the post-auth callback (CustomerPortal navigates here when the
// SSO bridge returns 404). Render the OOBE component standalone so it's
// outside the portal chrome (no `!sessionId` guards, no `!initComplete`
// loading states to fight — the OOBE handles its own auth resolution).
const showOOBE = location.pathname === "/onboarding";
const showCustomerPortal = !location.pathname.startsWith("/admin") && location.pathname !== "/login";
// At /login with a valid session, redirect to the portal root. Without this,
// the final render returns null at /login (showCustomerPortal is false) and
@@ -432,11 +422,6 @@ export function App() {
</Routes>
{authDisabled && <DevSessionIndicator />}
</>
) : showOOBE ? (
<>
<OOBE />
{authDisabled && <DevSessionIndicator />}
</>
) : showCustomerPortal ? (
<>
<CustomerPortal />
src/__tests__/Appointments.test.tsx
+1 -47
View File
@@ -1,6 +1,6 @@
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
import { render, screen, fireEvent, waitFor } from "@testing-library/react";
import { parseTimeTo24Hour, isUpcoming, normalizeAppointment, normalizeService, formatServicePrice, CustomerNotesSection, ConfirmationSection, StatusBadge, normalizeStatusKey, deriveDisplayStatus, formatSlotLabel, slotToTime, BookingFlow } from "../portal/sections/Appointments.tsx";
import { parseTimeTo24Hour, isUpcoming, normalizeAppointment, normalizeService, formatServicePrice, CustomerNotesSection, ConfirmationSection, StatusBadge, formatSlotLabel, slotToTime, BookingFlow } from "../portal/sections/Appointments.tsx";
const UPCOMING_APPT = {
id: "appt-1",
@@ -517,52 +517,6 @@ describe("StatusBadge", () => {
expect(badge?.className).toContain("bg-stone-100");
expect(badge?.className).toContain("text-stone-600");
});
// GRO-2319 item 1: DB stores `no_show` (underscore) but the palette key is
// `no-show` (hyphen) — without normalization it rendered raw gray text.
it("renders the styled No-show badge for DB `no_show` status", () => {
render(<StatusBadge status="no_show" />);
const badge = screen.getByText("No-show").closest('span');
expect(badge?.className).toContain("bg-yellow-100");
expect(badge?.className).toContain("text-yellow-700");
});
});
describe("normalizeStatusKey (GRO-2319 item 1)", () => {
it("maps underscore status keys to the hyphen palette key", () => {
expect(normalizeStatusKey("no_show")).toBe("no-show");
});
it("leaves already-hyphenated / single-word keys unchanged", () => {
expect(normalizeStatusKey("no-show")).toBe("no-show");
expect(normalizeStatusKey("confirmed")).toBe("confirmed");
});
});
describe("deriveDisplayStatus (GRO-2319 item 2)", () => {
it("derives Pending for an upcoming, unconfirmed appointment", () => {
expect(
deriveDisplayStatus({ ...UPCOMING_APPT, status: "scheduled", confirmationStatus: "pending" }),
).toBe("pending");
});
it("keeps the raw status when the appointment is confirmed", () => {
expect(
deriveDisplayStatus({ ...UPCOMING_APPT, status: "confirmed", confirmationStatus: "confirmed" }),
).toBe("confirmed");
});
it("does not derive Pending for a past appointment", () => {
expect(
deriveDisplayStatus({ ...PAST_APPT, status: "completed", confirmationStatus: "pending" }),
).toBe("completed");
});
it("always shows Waitlisted for a waitlist-backed entry", () => {
expect(
deriveDisplayStatus({ ...UPCOMING_APPT, status: "waitlisted", confirmationStatus: undefined }),
).toBe("waitlisted");
});
});
describe("RescheduleFlow dynamic time slots", () => {
src/__tests__/Routes.test.tsx
-211
View File
@@ -1,211 +0,0 @@
import { describe, it, expect, vi, beforeEach } from "vitest";
import { render, screen, waitFor, fireEvent } from "@testing-library/react";
import { RoutesPage } from "../pages/Routes.tsx";
// Leaflet does not render in jsdom — replace the lazily-loaded map with a stub
// that just reports the stop count so we can assert it received the route data.
vi.mock("../components/RouteMap.js", () => ({
default: ({ stops }: { stops: unknown[] }) => (
<div data-testid="route-map">map:{stops.length}</div>
),
}));
const MANAGER = { id: "m1", name: "Manager", role: "manager", active: true };
const GROOMER = { id: "g1", name: "Sam Groomer", role: "groomer", active: true };
const ROUTE_RESPONSE = {
route: {
id: "r1",
staffId: "g1",
routeDate: "2026-06-09",
status: "optimized",
totalTravelMins: 95,
totalDistanceKm: "42.50",
},
stops: [
{
id: "s1",
appointmentId: "a1",
stopOrder: 1,
latitude: 51.5,
longitude: -0.1,
travelMinsFromPrev: null,
travelDistanceKmFromPrev: null,
bufferMins: 15,
appointmentStartTime: "2026-06-09T09:00:00.000Z",
appointmentEndTime: "2026-06-09T10:00:00.000Z",
appointmentStatus: "confirmed",
clientId: "c1",
clientName: "Alice",
clientAddress: "1 High St",
conflict: { hasConflict: false },
},
{
id: "s2",
appointmentId: "a2",
stopOrder: 2,
latitude: 51.52,
longitude: -0.12,
travelMinsFromPrev: 20,
travelDistanceKmFromPrev: "8.00",
bufferMins: 15,
appointmentStartTime: "2026-06-09T11:00:00.000Z",
appointmentEndTime: "2026-06-09T12:00:00.000Z",
appointmentStatus: "confirmed",
clientId: "c2",
clientName: "Bob",
clientAddress: "2 Low St",
conflict: { hasConflict: true },
},
],
hasConflicts: true,
conflictCount: 1,
};
function mockFetch(meRole: "manager" | "groomer") {
return vi.fn((url: string, opts?: RequestInit) => {
if (url === "/api/staff/me") {
return Promise.resolve({
ok: true,
json: () => Promise.resolve(meRole === "manager" ? MANAGER : GROOMER),
} as Response);
}
if (url === "/api/staff") {
return Promise.resolve({ ok: true, json: () => Promise.resolve([MANAGER, GROOMER]) } as Response);
}
if (url.startsWith("/api/routes/daily")) {
return Promise.resolve({ ok: true, json: () => Promise.resolve(ROUTE_RESPONSE) } as Response);
}
if (url === "/api/routes/optimize" && opts?.method === "POST") {
return Promise.resolve({ ok: true, json: () => Promise.resolve(ROUTE_RESPONSE) } as Response);
}
if (/^\/api\/routes\/[^/]+\/reorder$/.test(url) && opts?.method === "PATCH") {
return Promise.resolve({ ok: true, json: () => Promise.resolve(ROUTE_RESPONSE) } as Response);
}
if (/^\/api\/routes\/[^/]+\/export\/google-maps$/.test(url)) {
return Promise.resolve({
ok: true,
json: () => Promise.resolve({ platform: "google-maps", url: "https://www.google.com/maps/dir/?api=1", stopCount: 2, waypointCount: 0 }),
} as Response);
}
if (/^\/api\/routes\/[^/]+\/export\/apple-maps$/.test(url)) {
return Promise.resolve({
ok: true,
json: () => Promise.resolve({ platform: "apple-maps", url: "maps://?saddr=51.5,-0.1&daddr=51.52,-0.12", stopCount: 2, waypointCount: 0 }),
} as Response);
}
return Promise.resolve({ ok: true, json: () => Promise.resolve({}) } as Response);
});
}
beforeEach(() => {
vi.restoreAllMocks();
});
describe("RoutesPage", () => {
it("renders stop cards, summary, status badge and map for a manager", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
expect(screen.getByText("Bob")).toBeInTheDocument();
expect(screen.getByText("1 High St")).toBeInTheDocument();
// Summary: travel time formatted, distance shown
expect(screen.getByText("1 h 35 min")).toBeInTheDocument();
expect(screen.getByText("42.50 km")).toBeInTheDocument();
// Status badge
expect(screen.getByText("Optimized")).toBeInTheDocument();
// First stop is start-of-route; second shows travel from previous
expect(screen.getByText("Start of route")).toBeInTheDocument();
expect(screen.getByText("20 min travel from previous")).toBeInTheDocument();
// Map received both stops (lazy chunk resolves asynchronously)
expect(await screen.findByTestId("route-map")).toHaveTextContent("map:2");
});
it("shows the groomer selector for managers", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Groomer")).toBeInTheDocument());
});
it("hides the groomer selector for groomer role (auto-filtered)", async () => {
global.fetch = mockFetch("groomer") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
expect(screen.queryByText("Groomer")).not.toBeInTheDocument();
});
it("renders a drag handle for each stop (drag-to-reorder enabled)", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
expect(screen.getByLabelText("Drag to reorder Alice")).toBeInTheDocument();
expect(screen.getByLabelText("Drag to reorder Bob")).toBeInTheDocument();
});
it("flags the tight-schedule conflict on the affected stop", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Bob")).toBeInTheDocument());
expect(
screen.getByText(/Tight schedule — travel \+ buffer may exceed the gap/)
).toBeInTheDocument();
});
it("does not show the re-optimize hint before any manual reorder", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
expect(screen.queryByText("Re-optimize")).not.toBeInTheDocument();
});
it("calls the optimize endpoint when Optimize is clicked", async () => {
const fetchMock = mockFetch("manager");
global.fetch = fetchMock as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
fireEvent.click(screen.getByText("Optimize"));
await waitFor(() =>
expect(fetchMock).toHaveBeenCalledWith(
"/api/routes/optimize",
expect.objectContaining({ method: "POST" })
)
);
});
it("renders both navigation export buttons when the route has stops", async () => {
global.fetch = mockFetch("manager") as unknown as typeof fetch;
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
expect(screen.getByRole("button", { name: "Open in Google Maps" })).toBeInTheDocument();
expect(screen.getByRole("button", { name: "Open in Apple Maps" })).toBeInTheDocument();
});
it("fetches the export deep link and opens it when Open in Google Maps is clicked", async () => {
const fetchMock = mockFetch("manager");
global.fetch = fetchMock as unknown as typeof fetch;
const openSpy = vi
.spyOn(window, "open")
.mockReturnValue({ location: { href: "" }, close: vi.fn() } as unknown as Window);
render(<RoutesPage />);
await waitFor(() => expect(screen.getByText("Alice")).toBeInTheDocument());
fireEvent.click(screen.getByRole("button", { name: "Open in Google Maps" }));
await waitFor(() =>
expect(fetchMock).toHaveBeenCalledWith("/api/routes/r1/export/google-maps")
);
expect(openSpy).toHaveBeenCalled();
});
});
src/__tests__/portal.test.tsx
+16 -532
View File
@@ -21,18 +21,6 @@ vi.mock("../portal/sections/Appointments.js", async () => {
};
});
// Spy on the canonical `signOut()` from the shared auth-client so we can
// assert the no-access screen's logout button uses the SAME handler as
// `AdminLayout`. We mock at the module boundary — the no-access screen is
// the one authenticated surface that renders without the portal chrome, so
// a regression here would trap the user. We do NOT use `importActual`
// because the real `createAuthClient()` requires a runtime `baseURL`
// (Better Auth) that the JSDOM test environment can't supply.
const signOutSpy = vi.hoisted(() => vi.fn(async () => undefined));
vi.mock("../lib/auth-client.js", () => ({
signOut: signOutSpy,
}));
const SESSION: ImpersonationSession = {
id: "sess-1",
staffId: "staff-1",
@@ -64,22 +52,6 @@ const AUDIT_LOGS: ImpersonationAuditLog[] = [
},
];
// ─── Shared test fixtures ───────────────────────────────────────────────────
// `brandingResponse` is the mock /api/branding payload used by every test
// in this file. Hoisted to module scope so the SSO bridge and the OOBE
// describe blocks can both reach it without redefining the same body.
const brandingResponse = {
ok: true,
json: async () => ({
businessName: "GroomBook",
primaryColor: "#4f8a6f",
accentColor: "#8b7355",
logoBase64: null,
logoMimeType: null,
}),
} as Response;
// ─── ImpersonationBanner ────────────────────────────────────────────────────
describe("ImpersonationBanner", () => {
@@ -364,10 +336,19 @@ describe("CustomerPortal SSO bridge", () => {
beforeEach(() => {
// Make sure no dev-user leaks across tests
window.localStorage.clear();
// Reset shared signOut() spy so per-test counts are deterministic
signOutSpy.mockClear();
});
const brandingResponse = {
ok: true,
json: async () => ({
businessName: "GroomBook",
primaryColor: "#4f8a6f",
accentColor: "#8b7355",
logoBase64: null,
logoMimeType: null,
}),
} as Response;
it("bridges Better Auth session via /api/portal/session-from-auth and uses returned sessionId", async () => {
global.fetch = vi.fn((input: RequestInfo, init?: RequestInit) => {
const url = typeof input === "string" ? input : input.toString();
@@ -413,21 +394,14 @@ describe("CustomerPortal SSO bridge", () => {
expect(screen.queryByRole("button", { name: /End Session/i })).not.toBeInTheDocument();
});
it("routes to /onboarding when session-from-auth returns 404 (GRO-2359)", async () => {
// GRO-2359 replaces the P1 no-access fallback for the new-user path.
// The post-auth handler must now navigate to /onboarding so the OOBE
// component can drive portal creation. The no-access card itself is
// reserved for the deep-link deleted-portal case (see the next two
// tests, which exercise ?noAccess=deleted-portal).
it("shows a friendly fallback when session-from-auth returns 404 (no client record)", async () => {
global.fetch = vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({
user: { email: "stranger@example.com", name: "Stranger", role: "customer" },
}),
json: async () => ({ user: { email: "stranger@example.com", role: "customer" } }),
} as Response);
}
if (url === "/api/portal/session-from-auth") {
@@ -440,9 +414,6 @@ describe("CustomerPortal SSO bridge", () => {
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
// MemoryRouter is required for the React Router context used by
// useNavigate inside CustomerPortal. We pass `initialEntries=["/"]`
// and let the post-auth handler navigate the router to /onboarding.
const { CustomerPortal } = await import("../portal/CustomerPortal.js");
render(
<MemoryRouter initialEntries={["/"]}>
@@ -450,156 +421,12 @@ describe("CustomerPortal SSO bridge", () => {
</MemoryRouter>
);
// The bridge 404 must NOT render the legacy no-access card. The OOBE
// form is the new-user surface.
await waitFor(() => {
expect(screen.getByText(/set up your portal/i)).toBeInTheDocument();
});
expect(screen.queryByText(/Portal access not configured/i)).not.toBeInTheDocument();
expect(screen.getByRole("button", { name: /Create my portal/i })).toBeInTheDocument();
});
it("calls the shared signOut() handler and navigates to /login from the no-access screen (GRO-2358)", async () => {
// Reset the spy so previous tests don't leak into this assertion.
signOutSpy.mockClear();
// JSDOM throws on window.location.href assignment by default; swap in a
// writable stub so the navigation is observable, then restore after.
const originalLocation = window.location;
Object.defineProperty(window, "location", {
value: { href: "" },
writable: true,
configurable: true,
});
// GRO-2359: the post-auth bridge 404 now routes to /onboarding (OOBE)
// on the new-user path. The no-access card itself is reserved for the
// deep-link deleted-portal case, which is signalled via
// ?noAccess=deleted-portal. A server-side "client disabled" check
// (future GRO) is the natural trigger.
global.fetch = vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({ user: { email: "stranger@example.com", role: "customer" } }),
} as Response);
}
// The bridge must NOT succeed (so portalSessionId stays null) and must
// NOT be 404 (which would route to /onboarding). A 500 models a
// server-side portal-disabled check; the no-access card is mounted
// because of the URL param, not because of the bridge.
if (url === "/api/portal/session-from-auth") {
return Promise.resolve({
ok: false,
status: 500,
json: async () => ({ error: "Portal disabled" }),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { CustomerPortal } = await import("../portal/CustomerPortal.js");
render(
<MemoryRouter initialEntries={["/?noAccess=deleted-portal"]}>
<CustomerPortal />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByText(/Portal access not configured/i)).toBeInTheDocument();
});
// Pre-condition: the shared signOut() must NOT have been called yet — the
// no-access screen is mounted because of the deleted-portal signal, not
// because the user clicked anything.
expect(signOutSpy).not.toHaveBeenCalled();
// Drive the click. The handler is the SAME `signOut()` exported from
// auth-client that AdminLayout uses, so verifying this call is enough to
// prove the no-access screen reaches the canonical sign-out surface.
const signOutButton = screen.getByRole("button", { name: /Sign out/i });
fireEvent.click(signOutButton);
await waitFor(() => {
expect(signOutSpy).toHaveBeenCalledTimes(1);
});
// The handler always navigates to /login — even if the network call to
// /api/auth/sign-out fails — so a transient auth-server hiccup never
// leaves the user trapped on an authenticated screen.
await waitFor(() => {
expect(window.location.href).toBe("/login");
});
Object.defineProperty(window, "location", { value: originalLocation, configurable: true });
});
it("reaches the same shared signOut() on a deep-link no-access screen (GRO-2358)", async () => {
// AC requires verifying the SAME logout handler is reachable from at
// least one other authenticated surface — here a deep link to a portal
// sub-route (e.g. /appointments) for a user with a Better Auth session
// whose portal was deleted. The no-access screen is the only
// authenticated surface without a route guard, so the handler must
// fire identically.
//
// GRO-2359: the bridge 404 now routes to /onboarding (OOBE) on the
// new-user path; ?noAccess=deleted-portal is the surviving trigger.
signOutSpy.mockClear();
const originalLocation = window.location;
Object.defineProperty(window, "location", {
value: { href: "" },
writable: true,
configurable: true,
});
global.fetch = vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({ user: { email: "stranger@example.com", role: "customer" } }),
} as Response);
}
// The bridge must NOT succeed (so portalSessionId stays null) and must
// NOT be 404 (which would route to /onboarding). A 500 models a
// server-side portal-disabled check; the no-access card is mounted
// because of the URL param, not because of the bridge.
if (url === "/api/portal/session-from-auth") {
return Promise.resolve({
ok: false,
status: 500,
json: async () => ({ error: "Portal disabled" }),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { CustomerPortal } = await import("../portal/CustomerPortal.js");
render(
<MemoryRouter initialEntries={["/appointments?noAccess=deleted-portal"]}>
<CustomerPortal />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByText(/Portal access not configured/i)).toBeInTheDocument();
});
const signOutButton = screen.getByRole("button", { name: /Sign out/i });
fireEvent.click(signOutButton);
await waitFor(() => {
expect(signOutSpy).toHaveBeenCalledTimes(1);
});
await waitFor(() => {
expect(window.location.href).toBe("/login");
});
Object.defineProperty(window, "location", { value: originalLocation, configurable: true });
expect(screen.getByText(/not linked to a customer record/i)).toBeInTheDocument();
// Sign-out escape hatch is present so the user is not stuck in a loop
expect(screen.getByRole("button", { name: /Sign out/i })).toBeInTheDocument();
});
it("does not call session-from-auth when there is no Better Auth session", async () => {
@@ -786,346 +613,3 @@ describe("CustomerPortal SSO bridge", () => {
});
});
});
describe("OOBE portal-creation flow (GRO-2359)", () => {
beforeEach(() => {
window.localStorage.clear();
});
// The OOBE is mounted both from the post-auth callback (CustomerPortal
// navigates to /onboarding on bridge 404) and from a direct deep-link.
// This set of tests exercises the direct-link mount, the form submit, and
// the shared signOut() handler. The post-auth routing is covered by the
// "routes to /onboarding when session-from-auth returns 404" test above.
function setupOOBEAuthMock(opts: { role?: string } = {}) {
const role = opts.role ?? "customer";
return vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({
user: { email: "new-sso@example.com", name: "New SSO", role },
}),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
}
it("renders the OOBE form when navigated to /onboarding directly (GRO-2359)", async () => {
global.fetch = setupOOBEAuthMock();
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByRole("heading", { name: /set up your portal/i })).toBeInTheDocument();
});
// All three primary form fields are present.
expect(screen.getByLabelText(/your name/i)).toBeInTheDocument();
expect(screen.getByLabelText(/phone/i)).toBeInTheDocument();
expect(screen.getByLabelText(/address/i)).toBeInTheDocument();
// Submit and shared signOut are both present.
expect(screen.getByRole("button", { name: /Create my portal/i })).toBeInTheDocument();
expect(screen.getByRole("button", { name: /Sign out/i })).toBeInTheDocument();
});
it("prefills the name field from the Better Auth session (GRO-2359)", async () => {
global.fetch = setupOOBEAuthMock();
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByLabelText(/your name/i)).toHaveValue("New SSO");
});
});
it("calls POST /api/portal/clients-from-auth and navigates to / on success (GRO-2359)", async () => {
const fetchMock = vi.fn((input: RequestInfo, init?: RequestInit) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({
user: { email: "new-sso@example.com", name: "New SSO", role: "customer" },
}),
} as Response);
}
if (url === "/api/portal/clients-from-auth" && init?.method === "POST") {
return Promise.resolve({
ok: true,
status: 201,
json: async () => ({
id: "new-client-id",
name: "New SSO",
email: "new-sso@example.com",
}),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
global.fetch = fetchMock;
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByLabelText(/your name/i)).toHaveValue("New SSO");
});
// Fill phone + address and submit.
fireEvent.change(screen.getByLabelText(/phone/i), {
target: { value: "555-1234" },
});
fireEvent.change(screen.getByLabelText(/address/i), {
target: { value: "1 Main St" },
});
fireEvent.click(screen.getByRole("button", { name: /Create my portal/i }));
// The endpoint must have been called with the form values, normalised
// (phone/address trimmed). We don't assert navigation here because the
// MemoryRouter would need a history prop to assert a URL change — the
// internal `navigate("/")` call is the contract.
await waitFor(() => {
const calls = vi.mocked(fetchMock).mock.calls;
const onboardCall = calls.find(([u]) =>
typeof u === "string" && (u as string).endsWith("/api/portal/clients-from-auth"),
);
expect(onboardCall).toBeDefined();
const body = JSON.parse(((onboardCall?.[1] as RequestInit | undefined)?.body as string) ?? "{}");
expect(body).toEqual({
name: "New SSO",
phone: "555-1234",
address: "1 Main St",
notes: null,
});
});
});
it("shows the portal-selection message when the API returns 409 (GRO-2359)", async () => {
global.fetch = vi.fn((input: RequestInfo, init?: RequestInit) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({
user: { email: "new-sso@example.com", name: "New SSO", role: "customer" },
}),
} as Response);
}
if (url === "/api/portal/clients-from-auth" && init?.method === "POST") {
return Promise.resolve({
ok: false,
status: 409,
json: async () => ({ error: "A customer record with this email already exists" }),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByLabelText(/your name/i)).toHaveValue("New SSO");
});
fireEvent.click(screen.getByRole("button", { name: /Create my portal/i }));
await waitFor(() => {
expect(screen.getByText(/already exists/i)).toBeInTheDocument();
});
// The submit button is re-enabled after the error so the user can retry.
expect(screen.getByRole("button", { name: /Create my portal/i })).not.toBeDisabled();
});
it("requires the name field before submitting (GRO-2359)", async () => {
// Use a session WITHOUT a name so the OOBE starts with an empty form.
global.fetch = vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({ user: { email: "noname@example.com", role: "customer" } }),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByLabelText(/your name/i)).toHaveValue("");
});
fireEvent.click(screen.getByRole("button", { name: /Create my portal/i }));
// The name-required error is shown; no API call was made.
await waitFor(() => {
expect(screen.getByText(/tell us your name/i)).toBeInTheDocument();
});
});
it("uses the shared signOut() handler on the OOBE Sign out button (GRO-2359)", async () => {
signOutSpy.mockClear();
const originalLocation = window.location;
Object.defineProperty(window, "location", {
value: { href: "" },
writable: true,
configurable: true,
});
global.fetch = setupOOBEAuthMock();
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(screen.getByRole("button", { name: /Sign out/i })).toBeInTheDocument();
});
fireEvent.click(screen.getByRole("button", { name: /Sign out/i }));
// Same canonical handler as AdminLayout and the no-access card, per
// GRO-2358 — never a raw fetch("/api/auth/sign-out").
await waitFor(() => {
expect(signOutSpy).toHaveBeenCalledTimes(1);
});
await waitFor(() => {
expect(window.location.href).toBe("/login");
});
Object.defineProperty(window, "location", { value: originalLocation, configurable: true });
});
it("redirects to /login when no Better Auth session is present (GRO-2359)", async () => {
const originalLocation = window.location;
Object.defineProperty(window, "location", {
value: { href: "" },
writable: true,
configurable: true,
});
global.fetch = vi.fn((input: RequestInfo) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({ ok: false, status: 401, json: async () => ({}) } as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { OOBE } = await import("../portal/OOBE.js");
render(
<MemoryRouter initialEntries={["/onboarding"]}>
<OOBE />
</MemoryRouter>
);
await waitFor(() => {
expect(window.location.href).toBe("/login");
});
Object.defineProperty(window, "location", { value: originalLocation, configurable: true });
});
it("reaches the shared signOut() handler from the in-portal chrome sidebar (GRO-2373)", async () => {
// Pre-GRO-2373, the customer portal chrome (Home, Appointments, My Pets,
// Report Cards, Billing, Messages, Settings) had no visible sign-out
// control — only the OOBE and the no-access card exposed one. This
// leaves users signed-in with no escape hatch. The fix lands a
// "Sign out" button in the sidebar footer that wires to the same
// canonical `signOut()` already used by OOBE / no-access / AdminLayout.
signOutSpy.mockClear();
const originalLocation = window.location;
Object.defineProperty(window, "location", {
value: { href: "" },
writable: true,
configurable: true,
});
global.fetch = vi.fn((input: RequestInfo, init?: RequestInit) => {
const url = typeof input === "string" ? input : input.toString();
if (url === "/api/branding") return Promise.resolve(brandingResponse);
if (url === "/api/auth/get-session") {
return Promise.resolve({
ok: true,
json: async () => ({ user: { email: "uat-customer@groombook.dev", role: "customer" } }),
} as Response);
}
if (url === "/api/portal/session-from-auth" && init?.method === "POST") {
return Promise.resolve({
ok: true,
status: 201,
json: async () => ({ sessionId: "chrome-sess-1", clientId: "client-1", clientName: "Jane Doe" }),
} as Response);
}
return Promise.resolve({ ok: true, json: async () => ({}) } as Response);
}) as unknown as typeof fetch;
const { CustomerPortal } = await import("../portal/CustomerPortal.js");
render(
<MemoryRouter initialEntries={["/"]}>
<CustomerPortal />
</MemoryRouter>
);
// Land on the chrome (proof: customer greeting is rendered, no
// no-access card, no OOBE).
await waitFor(() => {
expect(screen.getByText(/Hi, Jane/)).toBeInTheDocument();
});
expect(screen.queryByText(/Portal access not configured/i)).not.toBeInTheDocument();
expect(screen.queryByText(/set up your portal/i)).not.toBeInTheDocument();
// The new chrome sign-out is scoped by data-testid so it doesn't
// collide with other surfaces that may also render "Sign out" labels
// (e.g. the impersonation banner uses "End Session").
const signOutButton = screen.getByTestId("portal-chrome-signout");
expect(signOutButton).toHaveTextContent(/Sign out/i);
fireEvent.click(signOutButton);
// Same canonical handler as OOBE / no-access / AdminLayout — never
// a raw fetch("/api/auth/sign-out") and never a navigate() without
// signOut() (the OOBE/no-access surface uses window.location.href
// for a hard reload so cached state is reset).
await waitFor(() => {
expect(signOutSpy).toHaveBeenCalledTimes(1);
});
await waitFor(() => {
expect(window.location.href).toBe("/login");
});
Object.defineProperty(window, "location", { value: originalLocation, configurable: true });
});
});
src/components/RouteMap.tsx
-97
View File
@@ -1,97 +0,0 @@
import { useEffect } from "react";
import {
MapContainer,
TileLayer,
Marker,
Polyline,
Tooltip,
useMap,
} from "react-leaflet";
import L from "leaflet";
import "leaflet/dist/leaflet.css";
// This component is loaded via React.lazy from the route planner page so that
// Leaflet + react-leaflet land in a separate code-split chunk and never weigh
// down the main admin bundle.
export interface RouteMapStop {
id: string;
stopOrder: number;
latitude: number;
longitude: number;
clientName: string;
}
interface RouteMapProps {
stops: RouteMapStop[];
primaryColor: string;
}
/** A numbered teardrop pin rendered as an inline-SVG divIcon (no image assets). */
function numberedIcon(order: number, color: string): L.DivIcon {
return L.divIcon({
className: "route-stop-pin",
html: `<div style="position:relative;width:28px;height:40px">
<svg width="28" height="40" viewBox="0 0 28 40" xmlns="http://www.w3.org/2000/svg">
<path d="M14 0C6.27 0 0 6.27 0 14c0 9.5 14 26 14 26s14-16.5 14-26C28 6.27 21.73 0 14 0z" fill="${color}" stroke="#ffffff" stroke-width="1.5"/>
</svg>
<span style="position:absolute;top:5px;left:0;width:28px;text-align:center;color:#fff;font-size:13px;font-weight:700;font-family:system-ui,sans-serif">${order}</span>
</div>`,
iconSize: [28, 40],
iconAnchor: [14, 40],
tooltipAnchor: [0, -34],
});
}
/** Keeps the viewport framed around all stops whenever the route changes. */
function FitBounds({ stops }: { stops: RouteMapStop[] }) {
const map = useMap();
useEffect(() => {
if (stops.length === 0) return;
const latlngs = stops.map((s) => [s.latitude, s.longitude] as [number, number]);
if (latlngs.length === 1) {
map.setView(latlngs[0]!, 14);
} else {
map.fitBounds(L.latLngBounds(latlngs), { padding: [40, 40] });
}
}, [map, stops]);
return null;
}
export default function RouteMap({ stops, primaryColor }: RouteMapProps) {
// Fallback centre (London) only used briefly before FitBounds runs or when the
// route has no geocoded stops.
const center: [number, number] = stops[0]
? [stops[0].latitude, stops[0].longitude]
: [51.505, -0.09];
const line = stops.map((s) => [s.latitude, s.longitude] as [number, number]);
return (
<MapContainer
center={center}
zoom={12}
scrollWheelZoom
style={{ height: "100%", width: "100%", borderRadius: 8 }}
>
<TileLayer
attribution='&copy; <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a> contributors'
url="https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"
/>
{line.length >= 2 && (
<Polyline positions={line} color={primaryColor} weight={4} opacity={0.7} />
)}
{stops.map((s) => (
<Marker
key={s.id}
position={[s.latitude, s.longitude]}
icon={numberedIcon(s.stopOrder, primaryColor)}
>
<Tooltip>
{s.stopOrder}. {s.clientName}
</Tooltip>
</Marker>
))}
<FitBounds stops={stops} />
</MapContainer>
);
}
src/pages/Routes.tsx
-781
View File
@@ -1,781 +0,0 @@
import { Suspense, lazy, useCallback, useEffect, useMemo, useState } from "react";
import {
DndContext,
KeyboardSensor,
PointerSensor,
TouchSensor,
closestCenter,
useSensor,
useSensors,
type DragEndEvent,
} from "@dnd-kit/core";
import {
SortableContext,
arrayMove,
sortableKeyboardCoordinates,
useSortable,
verticalListSortingStrategy,
} from "@dnd-kit/sortable";
import { CSS } from "@dnd-kit/utilities";
import { useBranding } from "../BrandingContext.js";
import type { RouteMapStop } from "../components/RouteMap.js";
// Leaflet is heavy and only needed on this page — load it as a separate chunk.
const RouteMap = lazy(() => import("../components/RouteMap.js"));
// ─── Types (mirror groombook/api /api/routes responses) ─────────────────────────
type RouteStatus = "draft" | "optimized" | "in_progress" | "completed";
interface RouteRow {
id: string;
staffId: string;
routeDate: string;
status: RouteStatus;
totalTravelMins: number | null;
totalDistanceKm: string | null;
}
interface ConflictFlags {
hasConflict: boolean;
}
interface RouteStop {
id: string;
appointmentId: string;
stopOrder: number;
latitude: number;
longitude: number;
travelMinsFromPrev: number | null;
travelDistanceKmFromPrev: string | null;
bufferMins: number;
appointmentStartTime: string;
appointmentEndTime: string;
appointmentStatus: string;
clientId: string;
clientName: string;
clientAddress: string | null;
conflict: ConflictFlags;
}
interface RouteResponse {
route: RouteRow;
stops: RouteStop[];
hasConflicts: boolean;
conflictCount: number;
warnings?: string[];
skipped?: Array<{ appointmentId: string; clientName: string; reason: string }>;
}
interface StaffMember {
id: string;
name: string;
role: "groomer" | "receptionist" | "manager";
active: boolean;
}
// ─── Helpers ────────────────────────────────────────────────────────────────────
function todayIso(): string {
return new Date().toISOString().slice(0, 10);
}
function fmtDuration(mins: number | null | undefined): string {
if (mins == null) return "—";
if (mins < 60) return `${mins} min`;
const h = Math.floor(mins / 60);
const m = mins % 60;
return m === 0 ? `${h} h` : `${h} h ${m} min`;
}
function fmtTime(iso: string): string {
const d = new Date(iso);
if (Number.isNaN(d.getTime())) return iso;
return d.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" });
}
// ─── Navigation export ────────────────────────────────────────────────────────
/** Navigation target platforms supported by the API export endpoints. */
type NavigationPlatform = "google-maps" | "apple-maps";
type DevicePlatform = "ios" | "android" | "other";
/**
* Best-effort mobile-OS detection so we can surface the most useful navigation
* app first. Apple Maps deep links (`maps://`) only resolve on iOS; everywhere
* else Google Maps is the safe default. iPadOS 13+ reports a desktop UA, so we
* also treat a touch-capable "MacIntel" device as iOS.
*/
function detectPlatform(): DevicePlatform {
if (typeof navigator === "undefined") return "other";
const ua = navigator.userAgent || "";
if (/iphone|ipad|ipod/i.test(ua)) return "ios";
if (navigator.platform === "MacIntel" && navigator.maxTouchPoints > 1) return "ios";
if (/android/i.test(ua)) return "android";
return "other";
}
// ─── Offline map-tile pre-warming ────────────────────────────────────────────
/** OSM tile zoom levels pre-fetched around a route so the map renders offline. */
const PREWARM_ZOOM_LEVELS = [12, 13, 14] as const;
/** Hard cap on tiles fetched per pre-warm pass — keeps us friendly to OSM. */
const MAX_PREWARM_TILES = 80;
/** Subdomains Leaflet's default OSM TileLayer rotates through (`{s}`). */
const TILE_SUBDOMAINS = ["a", "b", "c"] as const;
/** Web-Mercator longitude → tile X index at the given zoom. */
function lonToTileX(lon: number, z: number): number {
return Math.floor(((lon + 180) / 360) * 2 ** z);
}
/** Web-Mercator latitude → tile Y index at the given zoom. */
function latToTileY(lat: number, z: number): number {
const rad = (lat * Math.PI) / 180;
return Math.floor(
((1 - Math.log(Math.tan(rad) + 1 / Math.cos(rad)) / Math.PI) / 2) * 2 ** z
);
}
/**
* Warm the browser/service-worker cache with the OSM tiles covering the route's
* bounding box (plus a one-tile margin) across a few zoom levels. Tiles are
* fetched via `new Image()` so they hit the same URLs Leaflet later requests and
* land in the CacheFirst tile cache, making the map viewable offline. Bounded by
* MAX_PREWARM_TILES so a sprawling route never floods the network.
*/
function prewarmRouteTiles(
stops: Array<{ latitude: number; longitude: number }>
): void {
if (typeof window === "undefined" || stops.length === 0) return;
const lats = stops.map((s) => s.latitude);
const lons = stops.map((s) => s.longitude);
const minLat = Math.min(...lats);
const maxLat = Math.max(...lats);
const minLon = Math.min(...lons);
const maxLon = Math.max(...lons);
const urls: string[] = [];
for (const z of PREWARM_ZOOM_LEVELS) {
const x0 = lonToTileX(minLon, z) - 1;
const x1 = lonToTileX(maxLon, z) + 1;
// Tile Y grows as latitude decreases, so maxLat → smaller Y.
const y0 = latToTileY(maxLat, z) - 1;
const y1 = latToTileY(minLat, z) + 1;
for (let x = x0; x <= x1; x++) {
for (let y = y0; y <= y1; y++) {
if (x < 0 || y < 0 || x >= 2 ** z || y >= 2 ** z) continue;
const s = TILE_SUBDOMAINS[(x + y) % TILE_SUBDOMAINS.length];
urls.push(`https://${s}.tile.openstreetmap.org/${z}/${x}/${y}.png`);
}
}
}
for (const url of urls.slice(0, MAX_PREWARM_TILES)) {
const img = new Image();
img.src = url;
}
}
// ─── Responsive layout ────────────────────────────────────────────────────────
/** Tracks a `max-width` media query so the page can adapt to phone widths. */
function useIsMobile(maxWidthPx = 768): boolean {
const query = `(max-width: ${maxWidthPx}px)`;
const [isMobile, setIsMobile] = useState(
() => typeof window !== "undefined" && typeof window.matchMedia === "function"
? window.matchMedia(query).matches
: false
);
useEffect(() => {
if (typeof window === "undefined" || typeof window.matchMedia !== "function") return;
const mq = window.matchMedia(query);
const onChange = (e: MediaQueryListEvent) => setIsMobile(e.matches);
setIsMobile(mq.matches);
mq.addEventListener("change", onChange);
return () => mq.removeEventListener("change", onChange);
}, [query]);
return isMobile;
}
const STATUS_STYLES: Record<RouteStatus, { bg: string; fg: string; label: string }> = {
draft: { bg: "#f1f5f9", fg: "#475569", label: "Draft" },
optimized: { bg: "#ecfdf5", fg: "#047857", label: "Optimized" },
in_progress: { bg: "#eff6ff", fg: "#1d4ed8", label: "In progress" },
completed: { bg: "#f5f3ff", fg: "#6d28d9", label: "Completed" },
};
function StatusBadge({ status }: { status: RouteStatus }) {
const s = STATUS_STYLES[status] ?? STATUS_STYLES.draft;
return (
<span
style={{
background: s.bg,
color: s.fg,
borderRadius: 999,
padding: "0.2rem 0.7rem",
fontSize: 12,
fontWeight: 600,
textTransform: "none",
}}
>
{s.label}
</span>
);
}
const inputStyle: React.CSSProperties = {
padding: "0.4rem 0.6rem",
borderRadius: 6,
border: "1px solid #cbd5e1",
fontSize: 14,
};
/**
* A single draggable stop card. The drag handle (⠿) carries the dnd-kit
* listeners so the rest of the card stays scrollable/selectable; the handle is
* sized for touch and works with pointer, touch and keyboard sensors.
*/
function SortableStop({
stop,
primaryColor,
disabled,
}: {
stop: RouteStop;
primaryColor: string;
disabled: boolean;
}) {
const { attributes, listeners, setNodeRef, transform, transition, isDragging } =
useSortable({ id: stop.id, disabled });
return (
<div
ref={setNodeRef}
style={{
background: "#fff",
border: `1px solid ${stop.conflict?.hasConflict ? "#fca5a5" : "#e2e8f0"}`,
borderRadius: 8,
padding: "0.7rem 0.85rem",
display: "flex",
gap: 10,
transform: CSS.Transform.toString(transform),
transition,
opacity: isDragging ? 0.6 : 1,
boxShadow: isDragging ? "0 6px 16px rgba(0,0,0,0.18)" : "none",
touchAction: "none",
}}
>
<button
type="button"
aria-label={`Drag to reorder ${stop.clientName}`}
disabled={disabled}
{...attributes}
{...listeners}
style={{
flexShrink: 0,
alignSelf: "stretch",
width: 28,
border: "none",
background: "transparent",
color: "#94a3b8",
fontSize: 18,
lineHeight: 1,
cursor: disabled ? "not-allowed" : "grab",
touchAction: "none",
padding: 0,
}}
>
</button>
<div
style={{
flexShrink: 0,
width: 26,
height: 26,
borderRadius: "50%",
background: primaryColor,
color: "#fff",
fontSize: 13,
fontWeight: 700,
display: "flex",
alignItems: "center",
justifyContent: "center",
}}
>
{stop.stopOrder}
</div>
<div style={{ minWidth: 0, flex: 1 }}>
<div style={{ display: "flex", justifyContent: "space-between", gap: 8 }}>
<strong style={{ fontSize: 14, color: "#1a202c" }}>{stop.clientName}</strong>
<span style={{ fontSize: 13, color: "#4b5563", whiteSpace: "nowrap" }}>{fmtTime(stop.appointmentStartTime)}</span>
</div>
<div style={{ fontSize: 12, color: "#6b7280", marginTop: 2 }}>{stop.clientAddress || "No address on file"}</div>
<div style={{ fontSize: 12, color: "#6b7280", marginTop: 4 }}>
{stop.stopOrder === 1 || stop.travelMinsFromPrev == null
? "Start of route"
: `${fmtDuration(stop.travelMinsFromPrev)} travel from previous`}
</div>
{stop.conflict?.hasConflict && (
<div style={{ fontSize: 12, color: "#b91c1c", marginTop: 4, fontWeight: 600 }}>
Tight schedule travel + buffer may exceed the gap
</div>
)}
</div>
</div>
);
}
/**
* Navigation export controls. Fetches a platform deep-link from the API and opens
* it. The button matching the detected device OS is shown prominently (filled);
* the other is offered as a secondary outline button. On desktop both are
* secondary and Google Maps leads.
*/
function NavExportButtons({
routeId,
primaryColor,
fullWidth,
}: {
routeId: string;
primaryColor: string;
fullWidth: boolean;
}) {
const [busy, setBusy] = useState<NavigationPlatform | null>(null);
const [error, setError] = useState<string | null>(null);
const platform = useMemo(detectPlatform, []);
const openIn = useCallback(
async (target: NavigationPlatform) => {
setBusy(target);
setError(null);
// Pre-open a tab synchronously: mobile Safari/Chrome block window.open()
// calls that happen after an await (no longer in the user-gesture turn).
const win = window.open("", "_blank");
try {
const r = await fetch(`/api/routes/${encodeURIComponent(routeId)}/export/${target}`);
if (!r.ok) {
const body = await r.json().catch(() => ({}));
throw new Error(body.error || `Export failed (${r.status})`);
}
const { url } = (await r.json()) as { url: string };
if (win) win.location.href = url;
else window.location.href = url;
} catch (e) {
win?.close();
setError(e instanceof Error ? e.message : "Export failed");
} finally {
setBusy(null);
}
},
[routeId]
);
const baseBtn: React.CSSProperties = {
padding: "0.55rem 1rem",
borderRadius: 6,
fontWeight: 600,
fontSize: 14,
cursor: busy ? "wait" : "pointer",
flex: fullWidth ? "1 1 0" : "0 0 auto",
};
const primaryBtn: React.CSSProperties = {
...baseBtn,
border: "none",
background: primaryColor,
color: "#fff",
};
const secondaryBtn: React.CSSProperties = {
...baseBtn,
border: `1px solid ${primaryColor}`,
background: "#fff",
color: primaryColor,
};
const label = (p: NavigationPlatform) =>
busy === p
? "Opening…"
: p === "google-maps"
? "Open in Google Maps"
: "Open in Apple Maps";
const google = (
<button
key="google"
type="button"
onClick={() => openIn("google-maps")}
disabled={busy !== null}
style={platform === "ios" ? secondaryBtn : primaryBtn}
>
{label("google-maps")}
</button>
);
const apple = (
<button
key="apple"
type="button"
onClick={() => openIn("apple-maps")}
disabled={busy !== null}
style={platform === "ios" ? primaryBtn : secondaryBtn}
>
{label("apple-maps")}
</button>
);
// Prominent (filled) button first; secondary second.
const ordered = platform === "ios" ? [apple, google] : [google, apple];
return (
<div style={{ display: "flex", flexDirection: "column", gap: 6 }}>
<div style={{ display: "flex", gap: 8, flexWrap: "wrap", alignItems: "center" }}>
<span style={{ fontSize: 12, color: "#4b5563", fontWeight: 600, marginRight: 4 }}>
Navigate
</span>
{ordered}
</div>
{error && <div style={{ fontSize: 12, color: "#991b1b" }}>{error}</div>}
</div>
);
}
// ─── Page ───────────────────────────────────────────────────────────────────────
export function RoutesPage() {
const { branding } = useBranding();
const primaryColor = branding.primaryColor || "#4f8a6f";
const [me, setMe] = useState<StaffMember | null>(null);
const [meLoaded, setMeLoaded] = useState(false);
const [groomers, setGroomers] = useState<StaffMember[]>([]);
const [staffId, setStaffId] = useState<string>("");
const [date, setDate] = useState<string>(todayIso());
const [data, setData] = useState<RouteResponse | null>(null);
const [loading, setLoading] = useState(false);
const [optimizing, setOptimizing] = useState(false);
const [reordering, setReordering] = useState(false);
const [manuallyReordered, setManuallyReordered] = useState(false);
const [error, setError] = useState<string | null>(null);
const isGroomer = me?.role === "groomer";
const isMobile = useIsMobile();
// Resolve the current staff member; groomers are pinned to their own route.
useEffect(() => {
fetch("/api/staff/me")
.then((r) => (r.ok ? r.json() : null))
.then((row: StaffMember | null) => {
setMe(row);
if (row?.role === "groomer") setStaffId(row.id);
})
.catch(() => setMe(null))
.finally(() => setMeLoaded(true));
}, []);
// Managers / receptionists pick a groomer; groomers never see the selector.
useEffect(() => {
if (!meLoaded || isGroomer) return;
fetch("/api/staff")
.then((r) => (r.ok ? r.json() : []))
.then((rows: StaffMember[]) => {
const gs = rows.filter((s) => s.active && s.role === "groomer");
setGroomers(gs);
setStaffId((cur) => cur || gs[0]?.id || "");
})
.catch(() => setGroomers([]));
}, [meLoaded, isGroomer]);
const loadRoute = useCallback(async () => {
if (!staffId || !date) return;
setLoading(true);
setError(null);
try {
const r = await fetch(
`/api/routes/daily?staffId=${encodeURIComponent(staffId)}&date=${encodeURIComponent(date)}`
);
if (!r.ok) {
const body = await r.json().catch(() => ({}));
throw new Error(body.error || `Failed to load route (${r.status})`);
}
setData(await r.json());
setManuallyReordered(false);
} catch (e) {
setData(null);
setError(e instanceof Error ? e.message : "Failed to load route");
} finally {
setLoading(false);
}
}, [staffId, date]);
useEffect(() => {
void loadRoute();
}, [loadRoute]);
const optimize = useCallback(async () => {
if (!staffId || !date) return;
setOptimizing(true);
setError(null);
try {
const r = await fetch("/api/routes/optimize", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ staffId, date }),
});
if (!r.ok) {
const body = await r.json().catch(() => ({}));
throw new Error(body.error || `Optimization failed (${r.status})`);
}
setData(await r.json());
setManuallyReordered(false);
} catch (e) {
setError(e instanceof Error ? e.message : "Optimization failed");
} finally {
setOptimizing(false);
}
}, [staffId, date]);
// Drag-to-reorder: pointer for desktop, touch (press-and-hold) for mobile
// groomers, keyboard for accessibility. Touch uses a short delay so vertical
// scrolling of the stop list still works without triggering a drag.
const sensors = useSensors(
useSensor(PointerSensor, { activationConstraint: { distance: 5 } }),
useSensor(TouchSensor, { activationConstraint: { delay: 200, tolerance: 8 } }),
useSensor(KeyboardSensor, { coordinateGetter: sortableKeyboardCoordinates })
);
// Persist a manually reordered stop list. Optimistic: the UI is updated
// immediately from the dropped order and rolled back if the PATCH fails.
const reorder = useCallback(
async (orderedIds: string[]) => {
const routeId = data?.route?.id;
if (!routeId) return;
const previous = data;
// Optimistic local update: renumber stopOrder to match the new order so
// the list and the map reflect the drop before the server responds.
const byId = new Map((data?.stops ?? []).map((s) => [s.id, s]));
const optimisticStops = orderedIds
.map((id, i) => {
const s = byId.get(id);
return s ? { ...s, stopOrder: i + 1 } : null;
})
.filter((s): s is RouteStop => s !== null);
setData((cur) => (cur ? { ...cur, stops: optimisticStops } : cur));
setManuallyReordered(true);
setReordering(true);
setError(null);
try {
const r = await fetch(`/api/routes/${encodeURIComponent(routeId)}/reorder`, {
method: "PATCH",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ stopOrder: orderedIds }),
});
if (!r.ok) {
const body = await r.json().catch(() => ({}));
throw new Error(body.error || `Reorder failed (${r.status})`);
}
// Server recomputes travel legs, buffers and conflict flags — adopt its
// authoritative response over the optimistic guess.
setData(await r.json());
} catch (e) {
setData(previous); // rollback
setError(e instanceof Error ? e.message : "Reorder failed");
} finally {
setReordering(false);
}
},
[data]
);
const handleDragEnd = useCallback(
(event: DragEndEvent) => {
const { active, over } = event;
if (!over || active.id === over.id) return;
const ids = (data?.stops ?? []).map((s) => s.id);
const from = ids.indexOf(String(active.id));
const to = ids.indexOf(String(over.id));
if (from === -1 || to === -1) return;
void reorder(arrayMove(ids, from, to));
},
[data, reorder]
);
const mapStops: RouteMapStop[] = useMemo(
() =>
(data?.stops ?? []).map((s) => ({
id: s.id,
stopOrder: s.stopOrder,
latitude: s.latitude,
longitude: s.longitude,
clientName: s.clientName,
})),
[data]
);
// Pre-warm OSM map tiles for the route area whenever a route (re)loads or is
// re-optimized, so the map stays viewable offline. Runs after today's route is
// fetched on page load and after every optimize/reorder that yields new stops.
useEffect(() => {
if (mapStops.length > 0) prewarmRouteTiles(mapStops);
}, [mapStops]);
const stops = data?.stops ?? [];
const route = data?.route ?? null;
return (
<div style={{ padding: "1.25rem", maxWidth: 1280, margin: "0 auto" }}>
<div style={{ display: "flex", alignItems: "center", gap: 12, flexWrap: "wrap", marginBottom: "1rem" }}>
<h1 style={{ fontSize: 22, fontWeight: 700, color: "#1a202c", margin: 0 }}>Route Planner</h1>
{route && <StatusBadge status={route.status} />}
</div>
{/* Controls */}
<div style={{ display: "flex", gap: 12, flexWrap: "wrap", alignItems: "flex-end", marginBottom: "1rem" }}>
<label style={{ display: "flex", flexDirection: "column", gap: 4, fontSize: 12, color: "#4b5563", fontWeight: 600 }}>
Date
<input type="date" value={date} onChange={(e) => setDate(e.target.value)} style={inputStyle} />
</label>
{!isGroomer && (
<label style={{ display: "flex", flexDirection: "column", gap: 4, fontSize: 12, color: "#4b5563", fontWeight: 600 }}>
Groomer
<select
value={staffId}
onChange={(e) => setStaffId(e.target.value)}
style={{ ...inputStyle, minWidth: 180 }}
>
{groomers.length === 0 && <option value="">No groomers</option>}
{groomers.map((g) => (
<option key={g.id} value={g.id}>
{g.name}
</option>
))}
</select>
</label>
)}
<button
onClick={optimize}
disabled={optimizing || !staffId}
style={{
padding: "0.5rem 1.1rem",
borderRadius: 6,
border: "none",
background: primaryColor,
color: "#fff",
fontWeight: 600,
fontSize: 14,
cursor: optimizing || !staffId ? "wait" : "pointer",
opacity: optimizing || !staffId ? 0.7 : 1,
}}
>
{optimizing ? "Optimizing…" : "Optimize"}
</button>
</div>
{error && (
<div style={{ background: "#fef2f2", border: "1px solid #fecaca", borderRadius: 6, padding: "0.6rem 0.8rem", color: "#991b1b", fontSize: 13, marginBottom: "1rem" }}>
{error}
</div>
)}
{data?.warnings && data.warnings.length > 0 && (
<div style={{ background: "#fffbeb", border: "1px solid #fde68a", borderRadius: 6, padding: "0.6rem 0.8rem", color: "#92400e", fontSize: 13, marginBottom: "1rem" }}>
{data.warnings.map((w, i) => (
<div key={i}>{w}</div>
))}
</div>
)}
{/* Summary */}
<div style={{ display: "flex", gap: 24, flexWrap: "wrap", marginBottom: "1rem", padding: "0.8rem 1rem", background: "#fff", borderRadius: 8, border: "1px solid #e2e8f0" }}>
<Summary label="Stops" value={String(stops.length)} />
<Summary label="Total travel time" value={fmtDuration(route?.totalTravelMins)} />
<Summary label="Total distance" value={route?.totalDistanceKm != null ? `${route.totalDistanceKm} km` : "—"} />
</div>
{/* Navigation export — open the route in the device's maps app */}
{route && stops.length > 0 && (
<div style={{ marginBottom: "1rem", padding: "0.8rem 1rem", background: "#fff", borderRadius: 8, border: "1px solid #e2e8f0" }}>
<NavExportButtons routeId={route.id} primaryColor={primaryColor} fullWidth={isMobile} />
</div>
)}
<div style={{ display: "grid", gridTemplateColumns: isMobile ? "1fr" : "minmax(0, 1.5fr) minmax(280px, 1fr)", gap: 16, alignItems: "stretch" }}>
{/* Map */}
<div style={{ height: isMobile ? 340 : 540, background: "#e5e7eb", borderRadius: 8, overflow: "hidden", border: "1px solid #e2e8f0" }}>
{mapStops.length > 0 ? (
<Suspense fallback={<Centered>Loading map</Centered>}>
<RouteMap stops={mapStops} primaryColor={primaryColor} />
</Suspense>
) : (
<Centered>{loading ? "Loading route…" : "No stops to display. Click Optimize to build the route."}</Centered>
)}
</div>
{/* Stop list panel — drag-to-reorder */}
<div style={{ display: "flex", flexDirection: "column", gap: 10, maxHeight: isMobile ? "none" : 540, overflowY: isMobile ? "visible" : "auto" }}>
{stops.length === 0 && !loading && (
<div style={{ color: "#6b7280", fontSize: 14, padding: "1rem" }}>No stops for this day.</div>
)}
{stops.length > 0 && (
<>
{manuallyReordered && (
<div style={{ display: "flex", alignItems: "center", justifyContent: "space-between", gap: 8, background: "#fffbeb", border: "1px solid #fde68a", borderRadius: 8, padding: "0.55rem 0.7rem" }}>
<span style={{ fontSize: 12, color: "#92400e" }}>
Stops reordered manually. Re-optimize to recompute the best route.
</span>
<button
type="button"
onClick={optimize}
disabled={optimizing || reordering || !staffId}
style={{
flexShrink: 0,
padding: "0.35rem 0.7rem",
borderRadius: 6,
border: "none",
background: primaryColor,
color: "#fff",
fontSize: 13,
fontWeight: 600,
cursor: optimizing || reordering || !staffId ? "not-allowed" : "pointer",
opacity: optimizing || reordering || !staffId ? 0.6 : 1,
}}
>
{optimizing ? "Optimizing…" : "Re-optimize"}
</button>
</div>
)}
<DndContext
sensors={sensors}
collisionDetection={closestCenter}
onDragEnd={handleDragEnd}
>
<SortableContext items={stops.map((s) => s.id)} strategy={verticalListSortingStrategy}>
{stops.map((s) => (
<SortableStop key={s.id} stop={s} primaryColor={primaryColor} disabled={reordering} />
))}
</SortableContext>
</DndContext>
</>
)}
</div>
</div>
</div>
);
}
function Summary({ label, value }: { label: string; value: string }) {
return (
<div>
<div style={{ fontSize: 12, color: "#6b7280", fontWeight: 600 }}>{label}</div>
<div style={{ fontSize: 18, color: "#1a202c", fontWeight: 700 }}>{value}</div>
</div>
);
}
function Centered({ children }: { children: React.ReactNode }) {
return (
<div style={{ height: "100%", display: "flex", alignItems: "center", justifyContent: "center", color: "#6b7280", fontSize: 14, textAlign: "center", padding: "1rem" }}>
{children}
</div>
);
}
src/portal/CustomerPortal.tsx
+14 -68
View File
@@ -13,10 +13,8 @@ import { Communication } from "./sections/Communication.js";
import { AccountSettings } from "./sections/AccountSettings.js";
import { ImpersonationBanner } from "./ImpersonationBanner.js";
import { AuditLogViewer } from "./AuditLogViewer.js";
import { OOBE } from "./OOBE.js";
import { useBranding } from "../BrandingContext.js";
import { getDevUser } from "../pages/DevLoginSelector.js";
import { signOut } from "../lib/auth-client.js";
import type { ImpersonationSession } from "@groombook/types";
import type { Appointment as PortalAppointment } from "./sections/Appointments.js";
@@ -54,13 +52,6 @@ export function CustomerPortal() {
// (e.g. authenticated user with no matching client row). Rendered in place
// of the portal chrome instead of bouncing back to /login.
const [authError, setAuthError] = useState<string | null>(null);
// GRO-2359 — the SSO bridge 404 (no client row for the user's email)
// routes the user into the OOBE. We mount the OOBE inline rather than
// navigating to /onboarding so the post-auth flow stays inside the
// CustomerPortal render tree (test-isolated, no App-level router needed
// for the integration to work). The /onboarding route in App.tsx is
// still the mount point for direct deep-links to the same component.
const [showOOBE, setShowOOBE] = useState(false);
const { branding } = useBranding();
const [searchParams, setSearchParams] = useSearchParams();
@@ -71,18 +62,6 @@ export function CustomerPortal() {
initDone.current = true;
const sessionId = searchParams.get("sessionId");
// GRO-2359: a deep-link to a portal sub-route with ?noAccess=deleted-portal
// is the only path that still shows the no-access card. The post-auth
// 404-from-bridge path now navigates to /onboarding (OOBE) so the new
// user can create a portal. The deleted-portal case is set explicitly
// (e.g. a groomer who disabled a client) and uses the same no-access
// UI with the shared signOut() — that was the GRO-2358 invariant.
const noAccess = searchParams.get("noAccess");
if (noAccess === "deleted-portal") {
setAuthError(
"Your portal access has been removed. Please contact your groomer if you think this is a mistake.",
);
}
if (sessionId) {
setIsImpersonating(true);
@@ -173,13 +152,11 @@ export function CustomerPortal() {
setPortalSessionId(data.sessionId);
setClientName(data.clientName);
} else if (bridgeResp.status === 404) {
// Authenticated but no matching client row — mount the OOBE
// (GRO-2359) so the user can create their portal record instead
// of landing on the no-access card. The no-access card itself is
// still reachable for the deleted-portal case (see GRO-2358) via
// the ?noAccess=deleted-portal deep-link, but is no longer in
// the new-user path.
setShowOOBE(true);
// Authenticated but no matching client row — show a friendly message
// instead of bouncing back to /login (which would loop indefinitely).
setAuthError(
"Your account is not linked to a customer record. Please contact your groomer to set up portal access."
);
}
// 401/other: fall through; App.tsx render guard will redirect to /login.
} catch {
@@ -216,19 +193,6 @@ export function CustomerPortal() {
}
}, [session]);
// Shared sign-out handler — wires the canonical Better Auth `signOut()` so
// every authenticated surface (no-access screen, portal chrome, etc.) uses
// the same implementation as `AdminLayout`. Failure to reach the server
// still leaves the SPA free to navigate to /login.
const handleSignOut = useCallback(async () => {
try {
await signOut();
} catch {
// Best-effort; navigate to /login regardless so the user is never trapped.
}
window.location.href = "/login";
}, []);
const logPageView = useCallback((page: string) => {
if (!session) return;
void fetch(`/api/impersonation/sessions/${session.id}/log`, {
@@ -302,15 +266,6 @@ export function CustomerPortal() {
// session state. Dev users are verified via localStorage and the dev-session flow.
// SSO customers are recognised by portalSessionId (set by the Better Auth bridge).
if (!session && !portalSessionId) {
// GRO-2359 — new-user path: mount the OOBE inline so the SSO bridge's
// 404 hands the user a portal-creation form instead of the no-access
// card. onCompleted triggers a full page reload to /, which re-runs
// the bridge (now with a matching client row) and lands the user in
// the portal. A full reload (not React Router navigate) is the
// safest reset of the bridge's cached state.
if (showOOBE) {
return <OOBE onCompleted={() => { window.location.href = "/"; }} />;
}
if (authError) {
// GRO-1867: graceful 404 fallback — authenticated user has no client row.
return (
@@ -326,7 +281,14 @@ export function CustomerPortal() {
<h1 className="text-lg font-semibold text-stone-800 mb-2">Portal access not configured</h1>
<p className="text-sm text-stone-600 mb-6">{authError}</p>
<button
onClick={() => { void handleSignOut(); }}
onClick={async () => {
try {
await fetch("/api/auth/sign-out", { method: "POST", credentials: "include" });
} catch {
// Best-effort sign-out; redirect to /login regardless.
}
window.location.href = "/login";
}}
className="inline-flex items-center justify-center gap-2 px-4 py-2 rounded-lg text-sm font-medium text-stone-700 bg-stone-100 hover:bg-stone-200 transition-colors"
>
<LogOut size={14} />
@@ -451,14 +413,7 @@ export function CustomerPortal() {
})}
</div>
{/* Session controls — Sign out is always reachable from the portal
chrome (GRO-2373). End Impersonation is staff-only and only
appears during an active impersonation session. Both share the
same LogOut icon for visual consistency, but route to distinct
handlers: handleSignOut calls the canonical Better Auth
`signOut()` (mirroring OOBE and the no-access card); handleEnd
tears down the staff impersonation session and returns to the
admin clients list. */}
{/* Session controls (only shown during active impersonation) */}
<div className="border-t border-stone-100 p-4 space-y-2">
{session?.status === "active" && (
<button
@@ -469,15 +424,6 @@ export function CustomerPortal() {
End Impersonation
</button>
)}
<button
type="button"
onClick={() => { void handleSignOut(); }}
className="w-full flex items-center gap-2 px-3 py-2 rounded-lg text-xs font-medium text-stone-700 bg-stone-50 hover:bg-stone-100 transition-colors"
data-testid="portal-chrome-signout"
>
<LogOut size={14} />
Sign out
</button>
<div className="flex items-center gap-2 px-3 py-2 text-xs text-stone-400">
<Shield size={12} />
Customer Portal v1.0
src/portal/OOBE.tsx
-312
View File
@@ -1,312 +0,0 @@
import { useCallback, useEffect, useState } from "react";
import { LogOut, Shield, Sparkles } from "lucide-react";
import { signOut } from "../lib/auth-client.js";
/**
* OOBE (Out-of-Box Experience) for a first-time Authentik SSO user whose
* email does not match any existing `clients` row.
*
* The post-auth handler in `CustomerPortal.tsx` redirects to this component
* when `POST /api/portal/session-from-auth` returns 404. From here the new
* user can either:
* (a) Create a fresh customer record bound to their SSO email, or
* (b) Sign out (the no-access screen is no longer in the new-user path).
*
* After successful creation, the OOBE navigates to `/` so the portal's
* existing SSO bridge re-runs and lands the user in their portal with a
* real `X-Impersonation-Session-Id` header. No new client state is
* required — the bridge re-resolves the session and the rest of the
* portal is unchanged.
*
* GRO-2359 — root-cause fix for "new SSO user lands on Portal access not
* configured" (companion to GRO-2358, which restored logout on that screen).
*/
type OOBEFormState = {
name: string;
phone: string;
address: string;
notes: string;
};
type OOBEStatus = "loading" | "ready" | "submitting" | "error";
const EMPTY_FORM: OOBEFormState = {
name: "",
phone: "",
address: "",
notes: "",
};
type OOBEProps = {
/**
* Override the post-success destination. Defaults to `/` so the SSO bridge
* re-runs. Test suites pass a custom destination to keep assertions
* deterministic without a real portal session.
*/
onCompleted?: () => void;
};
export function OOBE({ onCompleted }: OOBEProps = {}) {
const [status, setStatus] = useState<OOBEStatus>("loading");
const [form, setForm] = useState<OOBEFormState>(EMPTY_FORM);
const [error, setError] = useState<string | null>(null);
const [sessionEmail, setSessionEmail] = useState<string | null>(null);
// Resolve the Better Auth session on mount. The OOBE is gated to
// authenticated users — if no session exists the API will reject the
// creation request, so we redirect to /login early. We prefill `name`
// from the Better Auth `user.name` if the SSO provider returned one.
//
// We use a full `window.location.href` redirect (not `navigate`) so the
// OOBE works the same way whether it's mounted from the post-auth
// callback (inside CustomerPortal's render tree) or from a direct
// deep-link (mounted by App.tsx). A full reload also resets any
// cached state in the parent component.
useEffect(() => {
let cancelled = false;
(async () => {
try {
const r = await fetch("/api/auth/get-session", { credentials: "include" });
if (!r.ok) {
if (!cancelled) window.location.href = "/login";
return;
}
const data = (await r.json().catch(() => null)) as
| { user?: { email?: string; name?: string; role?: string | null } }
| null;
if (cancelled) return;
if (!data?.user) {
window.location.href = "/login";
return;
}
if (data.user.role === "staff") {
window.location.href = "/admin";
return;
}
setSessionEmail(data.user.email ?? null);
setForm((prev) => ({ ...prev, name: data.user?.name ?? prev.name }));
setStatus("ready");
} catch {
if (!cancelled) window.location.href = "/login";
}
})();
return () => {
cancelled = true;
};
}, []);
const handleChange = useCallback(
(field: keyof OOBEFormState) => (e: React.ChangeEvent<HTMLInputElement | HTMLTextAreaElement>) => {
const value = e.target.value;
setForm((prev) => ({ ...prev, [field]: value }));
},
[],
);
const handleSubmit = useCallback(
async (e: React.FormEvent) => {
e.preventDefault();
if (status === "submitting") return;
if (!form.name.trim()) {
setError("Please tell us your name so we can set up your portal.");
return;
}
setStatus("submitting");
setError(null);
try {
const r = await fetch("/api/portal/clients-from-auth", {
method: "POST",
credentials: "include",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
name: form.name.trim(),
phone: form.phone.trim() || null,
address: form.address.trim() || null,
notes: form.notes.trim() || null,
}),
});
if (r.ok) {
// Let the parent (or default) decide where to land. The default
// is the portal root, which re-runs the SSO bridge. A full
// `window.location.href` reload resets any cached state in the
// parent (the bridge reads from Better Auth cookies, so a fresh
// request picks up the new client row).
if (onCompleted) {
onCompleted();
} else {
window.location.href = "/";
}
return;
}
if (r.status === 409) {
setStatus("ready");
setError(
"A customer record with this email already exists. Please contact your groomer to link your account.",
);
return;
}
const body = (await r.json().catch(() => null)) as { error?: string } | null;
setStatus("ready");
setError(body?.error ?? "We couldn't set up your portal. Please try again.");
} catch {
setStatus("ready");
setError("Network error. Please check your connection and try again.");
}
},
[form, onCompleted, status],
);
const handleSignOut = useCallback(async () => {
try {
await signOut();
} catch {
// Best-effort; navigate to /login regardless so the user is never trapped.
}
window.location.href = "/login";
}, []);
if (status === "loading") {
return (
<div
className="min-h-screen flex items-center justify-center bg-[#faf8f5]"
role="status"
aria-live="polite"
>
<div className="text-stone-500 text-sm">Loading</div>
</div>
);
}
return (
<div
className="min-h-screen flex items-center justify-center bg-[#faf8f5] font-sans px-6 py-10"
role="main"
>
<div className="max-w-md w-full bg-white rounded-xl shadow-sm border border-stone-200 p-8">
<div className="w-12 h-12 rounded-full bg-emerald-100 text-emerald-700 flex items-center justify-center mx-auto mb-4">
<Sparkles size={22} />
</div>
<h1 className="text-lg font-semibold text-stone-800 text-center mb-1">
Welcome let's set up your portal
</h1>
<p className="text-sm text-stone-600 text-center mb-6">
You're signed in{sessionEmail ? ` as ${sessionEmail}` : ""}. We just need a few
details to create your customer record.
</p>
<form onSubmit={handleSubmit} className="space-y-4" noValidate>
<div>
<label
htmlFor="oobe-name"
className="block text-xs font-medium text-stone-700 mb-1"
>
Your name <span className="text-red-600">*</span>
</label>
<input
id="oobe-name"
name="name"
type="text"
required
autoComplete="name"
value={form.name}
onChange={handleChange("name")}
className="w-full px-3 py-2 rounded-lg border border-stone-300 text-sm text-stone-800 focus:outline-none focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500"
disabled={status === "submitting"}
/>
</div>
<div>
<label
htmlFor="oobe-phone"
className="block text-xs font-medium text-stone-700 mb-1"
>
Phone <span className="text-stone-400">(optional)</span>
</label>
<input
id="oobe-phone"
name="phone"
type="tel"
autoComplete="tel"
value={form.phone}
onChange={handleChange("phone")}
className="w-full px-3 py-2 rounded-lg border border-stone-300 text-sm text-stone-800 focus:outline-none focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500"
disabled={status === "submitting"}
/>
</div>
<div>
<label
htmlFor="oobe-address"
className="block text-xs font-medium text-stone-700 mb-1"
>
Address <span className="text-stone-400">(optional)</span>
</label>
<input
id="oobe-address"
name="address"
type="text"
autoComplete="street-address"
value={form.address}
onChange={handleChange("address")}
className="w-full px-3 py-2 rounded-lg border border-stone-300 text-sm text-stone-800 focus:outline-none focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500"
disabled={status === "submitting"}
/>
</div>
<div>
<label
htmlFor="oobe-notes"
className="block text-xs font-medium text-stone-700 mb-1"
>
Notes <span className="text-stone-400">(optional)</span>
</label>
<textarea
id="oobe-notes"
name="notes"
rows={2}
value={form.notes}
onChange={handleChange("notes")}
className="w-full px-3 py-2 rounded-lg border border-stone-300 text-sm text-stone-800 focus:outline-none focus:ring-2 focus:ring-emerald-500 focus:border-emerald-500"
disabled={status === "submitting"}
/>
</div>
{error && (
<div
role="alert"
aria-live="polite"
className="flex items-start gap-2 text-sm text-red-700 bg-red-50 border border-red-200 rounded-lg px-3 py-2"
>
<Shield size={14} className="mt-0.5 shrink-0" />
<span>{error}</span>
</div>
)}
<button
type="submit"
disabled={status === "submitting"}
className="w-full inline-flex items-center justify-center gap-2 px-4 py-2.5 rounded-lg text-sm font-medium text-white bg-emerald-600 hover:bg-emerald-700 disabled:opacity-60 disabled:cursor-not-allowed transition-colors"
>
{status === "submitting" ? "Setting up…" : "Create my portal"}
</button>
</form>
<div className="mt-6 pt-4 border-t border-stone-100 flex items-center justify-between">
<p className="text-xs text-stone-500">
Wrong account? Sign out and try a different one.
</p>
<button
type="button"
onClick={() => {
void handleSignOut();
}}
className="inline-flex items-center gap-1.5 text-xs font-medium text-stone-600 hover:text-stone-900"
>
<LogOut size={12} />
Sign out
</button>
</div>
</div>
</div>
);
}
export default OOBE;
src/portal/sections/Appointments.tsx
+8 -52
View File
@@ -315,19 +315,9 @@ const STATUS_LABELS: Record<string, string> = {
scheduled: 'Scheduled',
};
// The DB `appointment_status` enum stores `no_show` (underscore), but the badge
// palette is keyed on `no-show` (hyphen). Without normalization a no-show
// appointment renders as a raw gray `no_show` label instead of the styled
// "No-show" badge (GRO-2319 item 1). Map underscore status keys to the hyphen
// palette key so DB-sourced statuses resolve to their intended badge style.
export function normalizeStatusKey(status: string): string {
return status.replace(/_/g, '-');
}
export function StatusBadge({ status }: { status: string }) {
const key = normalizeStatusKey(status);
const label = STATUS_LABELS[key] ?? status;
const colorClass = STATUS_COLORS[key] ?? 'bg-stone-100 text-stone-600';
const label = STATUS_LABELS[status] ?? status;
const colorClass = STATUS_COLORS[status] ?? 'bg-stone-100 text-stone-600';
return (
<span className={`px-2 py-0.5 rounded-full text-xs font-medium ${colorClass}`}>
{label}
@@ -335,19 +325,6 @@ export function StatusBadge({ status }: { status: string }) {
);
}
// Derives the badge state shown on an Upcoming/Past card from the appointment's
// raw status plus its confirmationStatus (GRO-2319 item 2, CMPO-approved):
// - a synthetic waitlist entry (status `waitlisted`) always shows Waitlisted
// - an upcoming appointment the groomer has not yet confirmed
// (`confirmationStatus === 'pending'`) shows Pending — semantically honest
// and reduces anxiety-driven follow-up messages
// - otherwise the raw status drives the badge
export function deriveDisplayStatus(appt: Appointment): string {
if (appt.status === 'waitlisted') return 'waitlisted';
if (isUpcoming(appt) && appt.confirmationStatus === 'pending') return 'pending';
return appt.status;
}
const CONFIRMATION_STATUS_COLORS: Record<string, string> = {
confirmed: 'bg-green-100 text-green-700',
pending: 'bg-amber-100 text-amber-700',
@@ -531,24 +508,11 @@ function AppointmentCard({
sessionId: string | null;
onReschedule: (appt: Appointment) => void;
}) {
// A waitlist-backed entry (GRO-2319 item 2, CMPO UX spec GRO-2328) is not a
// confirmed appointment: it gets a muted, dashed-border card and a subtext
// line so the customer can tell it apart from booked appointments, and the
// appointment-only actions (confirm / notes / reschedule / cancel) are hidden.
const isWaitlist = appt.status === 'waitlisted';
return (
<div
className={
isWaitlist
? 'bg-stone-50/60 rounded-xl border border-dashed border-stone-300 shadow-sm overflow-hidden'
: 'bg-white rounded-xl border border-stone-200 shadow-sm overflow-hidden'
}
>
<div className="bg-white rounded-xl border border-stone-200 shadow-sm overflow-hidden">
<button
onClick={onToggle}
className={`w-full flex items-center gap-4 p-4 text-left ${
isWaitlist ? 'hover:bg-stone-100/60' : 'hover:bg-stone-50'
}`}
className="w-full flex items-center gap-4 p-4 text-left hover:bg-stone-50"
>
<div className="w-10 h-10 rounded-lg bg-blue-100 flex items-center justify-center text-lg shrink-0">
{appt.petName?.charAt(0) || 'P'}
@@ -568,13 +532,8 @@ function AppointmentCard({
</span>
<span>with {appt.groomerName || 'First Available'}</span>
</div>
{isWaitlist && (
<p className="text-xs text-stone-400 mt-1">
You're on the waitlist — we'll let you know if a spot opens.
</p>
)}
</div>
<StatusBadge status={deriveDisplayStatus(appt)} />
<StatusBadge status={appt.status} />
{expanded ? (
<ChevronDown size={16} className="text-stone-400" />
) : (
@@ -608,14 +567,11 @@ function AppointmentCard({
{appt.notes}
</p>
)}
{!isWaitlist && isUpcoming(appt) && !readOnly && (
{isUpcoming(appt) && !readOnly && (
<CustomerNotesSection appointment={appt} sessionId={sessionId} />
)}
{!isWaitlist && isUpcoming(appt) && (
<ConfirmationSection appointment={appt} sessionId={sessionId} />
)}
{!isWaitlist &&
appt.status !== 'completed' &&
{isUpcoming(appt) && <ConfirmationSection appointment={appt} sessionId={sessionId} />}
{appt.status !== 'completed' &&
appt.status !== 'cancelled' &&
!readOnly && (
<div className="flex gap-2 mt-3">
vite.config.ts
-17
View File
@@ -57,23 +57,6 @@ export default defineConfig({
},
},
},
{
// OpenStreetMap raster tiles for the Route Planner map. CacheFirst so
// tiles pre-warmed for a route render offline during the day. Capped
// entries + 7-day TTL keep the cache bounded.
urlPattern: /^https:\/\/[abc]\.tile\.openstreetmap\.org\/.*\.png$/i,
handler: "CacheFirst",
options: {
cacheName: "osm-tiles",
expiration: {
maxEntries: 400,
maxAgeSeconds: 60 * 60 * 24 * 7, // 7 days
},
cacheableResponse: {
statuses: [0, 200],
},
},
},
],
},
}),