Session 2026-05-20: UI fixes, invoice filtering, file browser, request approvals, sub invoice task scope

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

api/backfill-request-files.js

@@ -0,0 +1,179 @@
+import { createClient } from '@supabase/supabase-js';
+
+const FB_SOURCE = 'files';
+
+function normalizePath(path) {
+  const raw = String(path || '/').trim();
+  const parts = raw.split('/').filter(Boolean);
+  const clean = [];
+  for (const part of parts) {
+    if (part === '.') continue;
+    if (part === '..') throw new Error('Invalid path');
+    clean.push(part);
+  }
+  return `/${clean.join('/')}`;
+}
+
+function joinPath(...parts) {
+  return normalizePath(parts.join('/'));
+}
+
+function safeName(value) {
+  return String(value || '')
+    .trim()
+    .replace(/[\\/:*?"<>|#%{}^~[\]`]+/g, '-')
+    .replace(/\s+/g, ' ')
+    .replace(/^-+|-+$/g, '');
+}
+
+function getConfig() {
+  const url = String(process.env.FILEBROWSER_URL || '').trim().replace(/\/+$/, '');
+  return {
+    url,
+    token: process.env.FILEBROWSER_TOKEN || '',
+    clientRoot: normalizePath(process.env.FILEBROWSER_CLIENT_ROOT || '/fourgebranding/Clients'),
+    configured: Boolean(url),
+  };
+}
+
+async function fbFetch(config, method, endpoint, { params = {}, headers = {}, body } = {}) {
+  const qs = new URLSearchParams({ source: FB_SOURCE, ...params }).toString();
+  const res = await fetch(`${config.url}${endpoint}?${qs}`, {
+    method,
+    headers: { Authorization: `Bearer ${config.token}`, ...headers },
+    body,
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(text || `FileBrowser ${res.status}`);
+  }
+  return res;
+}
+
+async function mkdir(config, path) {
+  await fbFetch(config, 'POST', '/api/resources', {
+    params: { path, isDir: 'true' },
+  }).catch(() => {});
+}
+
+function json(res, status, body) {
+  return res.status(status).json(body);
+}
+
+export default async function handler(req, res) {
+  if (req.method !== 'POST') return json(res, 405, { error: 'Method not allowed' });
+
+  const secret = process.env.SUPABASE_WEBHOOK_SECRET;
+  if (secret) {
+    const incoming = req.headers['x-webhook-secret'] || '';
+    if (incoming.trim() !== secret.trim()) return json(res, 401, { error: 'Unauthorized' });
+  }
+
+  const supabaseUrl = process.env.VITE_SUPABASE_URL || process.env.SUPABASE_URL;
+  const serviceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
+  if (!supabaseUrl || !serviceRoleKey) return json(res, 500, { error: 'Supabase env not configured' });
+
+  const admin = createClient(supabaseUrl, serviceRoleKey, {
+    auth: { persistSession: false, autoRefreshToken: false },
+  });
+
+  const config = getConfig();
+  if (!config.configured || !config.token) return json(res, 200, { ok: true, skipped: 'FileBrowser not configured' });
+
+  // Fetch all submission files with task/project/company context
+  const { data: rows, error } = await admin
+    .from('submission_files')
+    .select(`
+      id, name, storage_path, size,
+      submission:submissions!inner(
+        id, version_number,
+        task:tasks!inner(
+          id, title,
+          project:projects!inner(
+            id, name,
+            company:companies!inner(name)
+          )
+        )
+      )
+    `);
+
+  if (error) return json(res, 500, { error: error.message });
+
+  // Group by task + version_number, skip groups with no files
+  const groups = new Map();
+  for (const row of rows || []) {
+    const sub = row.submission;
+    const task = sub?.task;
+    const project = task?.project;
+    const company = project?.company;
+    if (!task || !project || !company) continue;
+
+    const key = `${task.id}::${sub.version_number}`;
+    if (!groups.has(key)) {
+      groups.set(key, {
+        companyName: company.name,
+        projectName: project.name,
+        taskTitle: task.title,
+        versionNumber: sub.version_number,
+        files: [],
+      });
+    }
+    groups.get(key).files.push({ name: row.name, storage_path: row.storage_path });
+  }
+
+  const results = { processed: 0, skipped: 0, errors: [] };
+
+  for (const group of groups.values()) {
+    if (group.files.length === 0) { results.skipped++; continue; }
+
+    const revFolder = `R${String(group.versionNumber).padStart(2, '0')}`;
+    const companyDir = joinPath(config.clientRoot, safeName(group.companyName));
+    const projectDir = joinPath(companyDir, 'Projects', safeName(group.projectName));
+    const taskDir = joinPath(projectDir, safeName(group.taskTitle));
+    const requestInfoDir = joinPath(taskDir, 'Request Info');
+    const revDir = joinPath(requestInfoDir, revFolder);
+
+    // Ensure all parent dirs exist
+    await mkdir(config, companyDir);
+    await mkdir(config, joinPath(companyDir, 'Projects'));
+    await mkdir(config, projectDir);
+    await mkdir(config, taskDir);
+    await mkdir(config, requestInfoDir);
+    await mkdir(config, revDir);
+
+    for (const file of group.files) {
+      try {
+        // Get signed URL from Supabase Storage
+        const { data: signed, error: signedError } = await admin.storage
+          .from('submissions')
+          .createSignedUrl(file.storage_path, 60);
+        if (signedError || !signed?.signedUrl) {
+          results.errors.push(`signed url failed: ${file.storage_path}`);
+          continue;
+        }
+
+        // Download file from Supabase Storage
+        const fileRes = await fetch(signed.signedUrl);
+        if (!fileRes.ok) {
+          results.errors.push(`download failed: ${file.name}`);
+          continue;
+        }
+        const fileBuffer = await fileRes.arrayBuffer();
+
+        // Upload to FileBrowser
+        const fbFilePath = joinPath(revDir, file.name);
+        await fbFetch(config, 'POST', '/api/resources', {
+          params: { path: fbFilePath, override: 'true' },
+          headers: { 'Content-Type': 'application/octet-stream' },
+          body: fileBuffer,
+        });
+
+        results.processed++;
+      } catch (err) {
+        results.errors.push(`${file.name}: ${err.message}`);
+      }
+    }
+  }
+
+  return json(res, 200, { ok: true, ...results });
+}