init-source
This commit is contained in:
@@ -0,0 +1,107 @@
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { prisma } from './prisma'
|
||||
import { Role } from '@prisma/client'
|
||||
import bcrypt from 'bcryptjs'
|
||||
import { v4 as uuid } from 'uuid'
|
||||
|
||||
export const SESSION_COOKIE = 'qms_session'
|
||||
export const SESSION_EXPIRY_DAYS = 7
|
||||
|
||||
export async function hashPassword(password: string) {
|
||||
return bcrypt.hash(password, 12)
|
||||
}
|
||||
|
||||
export async function verifyPassword(password: string, hash: string) {
|
||||
return bcrypt.compare(password, hash)
|
||||
}
|
||||
|
||||
export async function createSession(userId: string) {
|
||||
const token = uuid()
|
||||
const expiresAt = new Date()
|
||||
expiresAt.setDate(expiresAt.getDate() + SESSION_EXPIRY_DAYS)
|
||||
|
||||
await prisma.session.create({
|
||||
data: { userId, token, expiresAt },
|
||||
})
|
||||
|
||||
return token
|
||||
}
|
||||
|
||||
export async function getSessionUser(req: NextApiRequest) {
|
||||
const token = req.cookies[SESSION_COOKIE]
|
||||
if (!token) return null
|
||||
|
||||
const session = await prisma.session.findUnique({
|
||||
where: { token },
|
||||
include: { user: true },
|
||||
})
|
||||
|
||||
if (!session || session.expiresAt < new Date()) {
|
||||
if (session) await prisma.session.delete({ where: { token } })
|
||||
return null
|
||||
}
|
||||
|
||||
return session.user
|
||||
}
|
||||
|
||||
export async function requireAuth(
|
||||
req: NextApiRequest,
|
||||
res: NextApiResponse,
|
||||
allowedRoles?: Role[]
|
||||
) {
|
||||
const user = await getSessionUser(req)
|
||||
|
||||
if (!user || !user.active) {
|
||||
res.status(401).json({ error: 'Unauthorised' })
|
||||
return null
|
||||
}
|
||||
|
||||
if (allowedRoles && !allowedRoles.includes(user.role)) {
|
||||
res.status(403).json({ error: 'Forbidden' })
|
||||
return null
|
||||
}
|
||||
|
||||
return user
|
||||
}
|
||||
|
||||
export async function logAction(
|
||||
userId: string,
|
||||
action: string,
|
||||
entity: string,
|
||||
entityId: string,
|
||||
before?: unknown,
|
||||
after?: unknown
|
||||
) {
|
||||
await prisma.auditLog.create({
|
||||
data: {
|
||||
userId,
|
||||
action,
|
||||
entity,
|
||||
entityId,
|
||||
before: before as any,
|
||||
after: after as any,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
export function generateRef(prefix: string, count: number) {
|
||||
return `${prefix}-${String(count + 1).padStart(3, '0')}`
|
||||
}
|
||||
|
||||
// Role permission helpers
|
||||
export const ROLE_PERMISSIONS = {
|
||||
ADMIN: ['*'],
|
||||
QC: ['capa', 'audits', 'ncr', 'resolutions', 'documents', 'risk', 'suppliers', 'standards', 'shipping-standard', 'dashboard', 'reports', 'export'],
|
||||
PRODUCTION: ['fill', 'my-submissions', 'report-issue'],
|
||||
PRODUCTION_LEAD: ['fill', 'my-submissions', 'report-issue', 'shipments', 'escapes', 'shipping-standard', 'ncr', 'dashboard'],
|
||||
LOGISTICS_LEAD: ['shipments', 'escapes', 'shipping-standard', 'ncr', 'dashboard'],
|
||||
MANAGEMENT: ['dashboard', 'reports', 'export'],
|
||||
} as const
|
||||
|
||||
// Only these roles may batch-email a client release package
|
||||
export const SHIPMENT_SEND_ROLES: Role[] = ['ADMIN', 'PRODUCTION_LEAD', 'LOGISTICS_LEAD']
|
||||
|
||||
export function canAccess(role: Role, module: string): boolean {
|
||||
const perms = ROLE_PERMISSIONS[role]
|
||||
return perms.includes('*') || perms.includes(module as any)
|
||||
}
|
||||
@@ -0,0 +1,92 @@
|
||||
import nodemailer from 'nodemailer'
|
||||
import { prisma } from './prisma'
|
||||
import { NotifType } from '@prisma/client'
|
||||
|
||||
const transporter = nodemailer.createTransport({
|
||||
host: process.env.SMTP_HOST,
|
||||
port: Number(process.env.SMTP_PORT) || 587,
|
||||
secure: false,
|
||||
auth: {
|
||||
user: process.env.SMTP_USER,
|
||||
pass: process.env.SMTP_PASS,
|
||||
},
|
||||
})
|
||||
|
||||
const FROM = process.env.EMAIL_FROM || 'qms@acmequality.com'
|
||||
const APP_URL = process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000'
|
||||
|
||||
export async function sendEmail(to: string, subject: string, html: string) {
|
||||
if (!process.env.SMTP_HOST) {
|
||||
console.log('[EMAIL SKIPPED - no SMTP config]', { to, subject })
|
||||
return
|
||||
}
|
||||
await transporter.sendMail({ from: FROM, to, subject, html })
|
||||
}
|
||||
|
||||
export async function createNotification(
|
||||
userId: string,
|
||||
type: NotifType,
|
||||
title: string,
|
||||
body: string,
|
||||
link?: string
|
||||
) {
|
||||
return prisma.notification.create({
|
||||
data: { userId, type, title, body, link },
|
||||
})
|
||||
}
|
||||
|
||||
export async function notifyCAPAOverdue(capaRef: string, capaTitle: string, ownerEmail: string, ownerId: string) {
|
||||
const link = `${APP_URL}/qc/capas`
|
||||
await createNotification(ownerId, 'CAPA_OVERDUE', `${capaRef} is overdue`, `${capaTitle} has passed its due date.`, link)
|
||||
await sendEmail(ownerEmail, `[V11 QMS] CAPA ${capaRef} overdue`, `
|
||||
<p>Hello,</p>
|
||||
<p>CAPA <strong>${capaRef}: ${capaTitle}</strong> has passed its due date and requires immediate attention.</p>
|
||||
<p><a href="${link}">View CAPA →</a></p>
|
||||
`)
|
||||
}
|
||||
|
||||
export async function notifyNCREscalated(ncrRef: string, ncrDesc: string, managerEmail: string, managerId: string) {
|
||||
const link = `${APP_URL}/qc/ncr`
|
||||
await createNotification(managerId, 'NCR_ESCALATED', `${ncrRef} escalated`, ncrDesc, link)
|
||||
await sendEmail(managerEmail, `[V11 QMS] NCR ${ncrRef} escalated`, `
|
||||
<p>NCR <strong>${ncrRef}</strong> has been escalated: ${ncrDesc}</p>
|
||||
<p><a href="${link}">View NCR →</a></p>
|
||||
`)
|
||||
}
|
||||
|
||||
export async function notifyFormReviewReady(formName: string, submissionCount: number, adminEmail: string, adminId: string) {
|
||||
const link = `${APP_URL}/admin/forms`
|
||||
await createNotification(adminId, 'FORM_REVIEW_READY', `${formName} ready for review`, `${submissionCount} submissions collected. QC review can begin.`, link)
|
||||
await sendEmail(adminEmail, `[V11 QMS] Form ready for QC review: ${formName}`, `
|
||||
<p><strong>${formName}</strong> has reached ${submissionCount} submissions and is ready for QC standard review.</p>
|
||||
<p><a href="${link}">Review now →</a></p>
|
||||
`)
|
||||
}
|
||||
|
||||
export async function notifySolutionConfirmed(ncrRef: string, ncrDesc: string, reporterEmail: string, reporterId: string) {
|
||||
const link = `${APP_URL}/qc/ncr`
|
||||
await createNotification(reporterId, 'SOLUTION_CONFIRMED', `Fix confirmed for ${ncrRef}`, `The issue you reported (${ncrDesc}) has been resolved. No action needed from you.`, link)
|
||||
await sendEmail(reporterEmail, `[V11 QMS] Fixed: ${ncrRef}`, `
|
||||
<p>Good news — the issue you reported has been resolved:</p>
|
||||
<p style="color:#666">${ncrDesc}</p>
|
||||
<p>No further action is needed from you.</p>
|
||||
`)
|
||||
}
|
||||
|
||||
export function emailTemplate(title: string, body: string) {
|
||||
return `
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head><meta charset="utf-8"><title>${title}</title></head>
|
||||
<body style="font-family:sans-serif;max-width:600px;margin:0 auto;padding:24px;color:#333">
|
||||
<div style="border-bottom:2px solid #534AB7;padding-bottom:12px;margin-bottom:20px">
|
||||
<span style="font-weight:600;font-size:16px;color:#534AB7">V11 QMS</span>
|
||||
</div>
|
||||
<h2 style="font-size:18px;font-weight:500;margin-bottom:12px">${title}</h2>
|
||||
${body}
|
||||
<div style="border-top:1px solid #eee;margin-top:32px;padding-top:12px;font-size:11px;color:#999">
|
||||
This is an automated message from V11 Enterprise QMS. Do not reply.
|
||||
</div>
|
||||
</body>
|
||||
</html>`
|
||||
}
|
||||
Reference in New Issue
Block a user