94263c6447
Le check-in remplace l'intégration banking V1 (cf. CLAUDE.md → Glossaire) :
avant que la 1re relance ne parte, on demande à l'user "as-tu été payé ?"
via email, et il clique sur l'un des 2 liens publics.
Service checkin_token.ts : génération + hash SHA-256. 32 bytes random base64url, plain dans le mail, hash en DB (CheckinTask.token_hash unique).
Service checkin_scheduler.ts :
- scheduleCheckinForInvoice(invoice) : crée 1 CheckinTask à dueDate (now+1min si dueDate dans le passé). Idempotent par invoice — cancel les scheduled précédents avant.
- cancelCheckinForInvoice(invoiceId) : appelé par mark-paid pour stopper.
Job send_checkin_job.ts : worker queue 'checkins', skip si invoice paid/cancelled (no-op), construit l'URL avec le plain token (passé dans le payload du job, pas relu DB), appelle sendCheckinEmail.
mail_dispatcher.ts : sendCheckinEmail() — texte brut, destinataire = user (pas client !), 2 URLs (paid / pending), TTL 24h annoncé.
Controller CheckinController :
- GET /api/v1/checkin/:token/paid : status=answered + answer=paid + mark invoice paid (mêmes effets que POST /invoices/:id/mark-paid : rubis +1, ActivityEvent invoice_paid avec label "via check-in", cancelFutureRelances). Idempotent : 2e click → redirect "already_answered".
- GET /api/v1/checkin/:token/pending : status=answered + answer=still_pending. Les relances suivent leur cours.
- Validation : lookup hash, expiry (sentAt + 24h), redirects propres pour invalid / expired / already_answered.
Routes : nouveau group public `checkin` (PAS de middleware.auth) à côté du group auth, sous /api/v1.
Triggers branchés :
- InvoicesController.store et ImportBatchesController.validateDraft → scheduleCheckinForInvoice après création
- InvoicesController.markPaid → cancelCheckinForInvoice dans la tx
start/queue.ts : registerWorker('checkins', sendCheckinJob).
env : nouveau WEB_URL (URL du SPA pour redirects), default localhost:5173 en dev.
Bruno : nouveau dossier 08-Checkin avec doc complète du flow + 2 requêtes (paid / pending). var d'env `checkinToken` à remplir manuellement après avoir reçu l'email dans Mailpit.
139 lines
4.4 KiB
TypeScript
139 lines
4.4 KiB
TypeScript
import CheckinTask from '#models/checkin_task'
|
|
import Invoice from '#models/invoice'
|
|
import { hashCheckinToken } from '#services/checkin_token'
|
|
import { recordActivity } from '#services/activity_recorder'
|
|
import { cancelFutureRelances } from '#services/relance_scheduler'
|
|
import db from '@adonisjs/lucid/services/db'
|
|
import env from '#start/env'
|
|
import { DateTime } from 'luxon'
|
|
import type { HttpContext } from '@adonisjs/core/http'
|
|
|
|
const CHECKIN_TTL_HOURS = 24
|
|
|
|
/**
|
|
* Construit l'URL de redirect SPA selon le résultat. Le SPA lit ces
|
|
* query params pour afficher un toast et router l'utilisateur.
|
|
*/
|
|
function spaRedirectUrl(
|
|
result: 'paid' | 'pending' | 'expired' | 'invalid' | 'already_answered',
|
|
invoiceNumero?: string
|
|
): string {
|
|
const base = env.get('WEB_URL', 'http://localhost:5173')
|
|
const params = new URLSearchParams({ checkin: result })
|
|
if (invoiceNumero) params.set('invoice', invoiceNumero)
|
|
return `${base}/?${params.toString()}`
|
|
}
|
|
|
|
type ResolvedTask =
|
|
| { task: CheckinTask; invoice: Invoice }
|
|
| { redirect: string }
|
|
|
|
/**
|
|
* Lookup + validation commune aux deux endpoints (paid / pending).
|
|
* Retourne soit la task validée soit une URL de redirect d'erreur.
|
|
*/
|
|
async function resolveCheckin(token: string): Promise<ResolvedTask> {
|
|
const hashed = hashCheckinToken(token)
|
|
const task = await CheckinTask.query().where('token_hash', hashed).first()
|
|
if (!task) {
|
|
return { redirect: spaRedirectUrl('invalid') }
|
|
}
|
|
|
|
if (task.status === 'answered') {
|
|
const inv = await Invoice.find(task.invoiceId)
|
|
return { redirect: spaRedirectUrl('already_answered', inv?.numero) }
|
|
}
|
|
|
|
// Expiration : 24h après l'envoi (sentAt). Tant qu'elle n'a pas été
|
|
// envoyée, le link n'est pas censé exister côté user — sécurité belt.
|
|
if (task.sentAt && task.sentAt.plus({ hours: CHECKIN_TTL_HOURS }) < DateTime.now()) {
|
|
task.status = 'expired'
|
|
await task.save()
|
|
return { redirect: spaRedirectUrl('expired') }
|
|
}
|
|
|
|
const invoice = await Invoice.query()
|
|
.where('id', task.invoiceId)
|
|
.preload('client')
|
|
.first()
|
|
if (!invoice) {
|
|
return { redirect: spaRedirectUrl('invalid') }
|
|
}
|
|
|
|
return { task, invoice }
|
|
}
|
|
|
|
export default class CheckinController {
|
|
/**
|
|
* GET /api/v1/checkin/:token/paid
|
|
*
|
|
* L'utilisateur clique "j'ai été payé". On marque la facture payée +
|
|
* cancel les relances futures + bonus rubis (idempotent avec mark-paid).
|
|
* Redirect SPA avec `?checkin=paid&invoice=<numero>`.
|
|
*
|
|
* Public : pas d'auth Bearer, c'est un lien dans un email.
|
|
*/
|
|
async respondPaid({ params, response }: HttpContext) {
|
|
const result = await resolveCheckin(params.token)
|
|
if ('redirect' in result) {
|
|
return response.redirect(result.redirect)
|
|
}
|
|
const { task, invoice } = result
|
|
|
|
await db.transaction(async (trx) => {
|
|
task.useTransaction(trx)
|
|
task.status = 'answered'
|
|
task.answer = 'paid'
|
|
task.answeredAt = DateTime.now()
|
|
await task.save()
|
|
|
|
// Mark paid (mêmes effets que POST /invoices/:id/mark-paid).
|
|
if (invoice.status !== 'paid') {
|
|
invoice.useTransaction(trx)
|
|
invoice.status = 'paid'
|
|
invoice.paidAt = DateTime.now()
|
|
invoice.rubisEarned = invoice.rubisEarned + 1
|
|
await invoice.save()
|
|
|
|
await trx
|
|
.from('organizations')
|
|
.where('id', invoice.organizationId)
|
|
.increment('rubis_count', 1)
|
|
|
|
await recordActivity({
|
|
organizationId: invoice.organizationId,
|
|
kind: 'invoice_paid',
|
|
label: `Facture <b>${invoice.numero}</b> marquée encaissée via check-in`,
|
|
meta: { invoiceId: invoice.id, clientId: invoice.clientId },
|
|
trx,
|
|
})
|
|
|
|
await cancelFutureRelances(invoice.id, trx)
|
|
}
|
|
})
|
|
|
|
return response.redirect(spaRedirectUrl('paid', invoice.numero))
|
|
}
|
|
|
|
/**
|
|
* GET /api/v1/checkin/:token/pending
|
|
*
|
|
* L'utilisateur clique "toujours en attente". On marque la task
|
|
* answered, les relances suivent leur cours.
|
|
*/
|
|
async respondPending({ params, response }: HttpContext) {
|
|
const result = await resolveCheckin(params.token)
|
|
if ('redirect' in result) {
|
|
return response.redirect(result.redirect)
|
|
}
|
|
const { task, invoice } = result
|
|
|
|
task.status = 'answered'
|
|
task.answer = 'still_pending'
|
|
task.answeredAt = DateTime.now()
|
|
await task.save()
|
|
|
|
return response.redirect(spaRedirectUrl('pending', invoice.numero))
|
|
}
|
|
}
|